this commit is really florian@'s, since he's the one who made removal

of our forked apache possible by his work on nginx and slowcgi, but he doesn't want it - so it is my pleasure to tedu it. I spent so much work on chroot in it 10 years ago - and am very happy to see it go now, nginx is a far better choice today. Bye bye, Apache, won't miss you.
author: henning <henning@openbsd.org> 2014-04-22 14:47:23 +0000
committer: henning <henning@openbsd.org> 2014-04-22 14:47:23 +0000
commit: d98f7e048a396e24ae64ddd378bc54773464aaaa (patch)
tree: f51a6e7ca8ee49dc43679c82497118fddcd7dff3
parent: Finally remove KERBEROS5? from the Makefile infrastructure. (diff)
download: wireguard-openbsd-d98f7e048a396e24ae64ddd378bc54773464aaaa.tar.xz
wireguard-openbsd-d98f7e048a396e24ae64ddd378bc54773464aaaa.zip
718 files changed, 0 insertions, 200382 deletions
diff --git a/usr.sbin/httpd/ABOUT_APACHE b/usr.sbin/httpd/ABOUT_APACHE
deleted file mode 100644
index 4a9ff02cb4e..00000000000
--- a/usr.sbin/httpd/ABOUT_APACHE
+++ /dev/null
@@ -1,275 +0,0 @@
-
-                     The Apache HTTP Server Project
-
-                        http://httpd.apache.org/
-
-                             February 2002
-
-The Apache Project is a collaborative software development effort aimed
-at creating a robust, commercial-grade, featureful, and freely-available
-source code implementation of an HTTP (Web) server.  The project is
-jointly managed by a group of volunteers located around the world, using
-the Internet and the Web to communicate, plan, and develop the server and
-its related documentation.  These volunteers are known as the Apache Group.
-In addition, hundreds of users have contributed ideas, code, and
-documentation to the project.  This file is intended to briefly describe
-the history of the Apache Group, recognize the many contributors, and
-explain how you can join the fun too.
-
-In February of 1995, the most popular server software on the Web was the
-public domain HTTP daemon developed by Rob McCool at the National Center
-for Supercomputing Applications, University of Illinois, Urbana-Champaign.
-However, development of that httpd had stalled after Rob left NCSA in
-mid-1994, and many webmasters had developed their own extensions and bug
-fixes that were in need of a common distribution.  A small group of these
-webmasters, contacted via private e-mail, gathered together for the purpose
-of coordinating their changes (in the form of "patches").  Brian Behlendorf
-and Cliff Skolnick put together a mailing list, shared information space,
-and logins for the core developers on a machine in the California Bay Area,
-with bandwidth and diskspace donated by HotWired and Organic Online.
-By the end of February, eight core contributors formed the foundation
-of the original Apache Group:
-
-   Brian Behlendorf        Roy T. Fielding          Rob Hartill
-   David Robinson          Cliff Skolnick           Randy Terbush
-   Robert S. Thau          Andrew Wilson
-
-with additional contributions from
-
-   Eric Hagberg            Frank Peters             Nicolas Pioch
-
-Using NCSA httpd 1.3 as a base, we added all of the published bug fixes
-and worthwhile enhancements we could find, tested the result on our own
-servers, and made the first official public release (0.6.2) of the Apache
-server in April 1995.  By coincidence, NCSA restarted their own development
-during the same period, and Brandon Long and Beth Frank of the NCSA Server
-Development Team joined the list in March as honorary members so that the
-two projects could share ideas and fixes.
-
-The early Apache server was a big hit, but we all knew that the codebase
-needed a general overhaul and redesign.  During May-June 1995, while
-Rob Hartill and the rest of the group focused on implementing new features
-for 0.7.x (like pre-forked child processes) and supporting the rapidly growing
-Apache user community, Robert Thau designed a new server architecture
-(code-named Shambhala) which included a modular structure and API for better
-extensibility, pool-based memory allocation, and an adaptive pre-forking
-process model.  The group switched to this new server base in July and added
-the features from 0.7.x, resulting in Apache 0.8.8 (and its brethren)
-in August.
-
-After extensive beta testing, many ports to obscure platforms, a new set
-of documentation (by David Robinson), and the addition of many features
-in the form of our standard modules, Apache 1.0 was released on
-December 1, 1995.
-
-Less than a year after the group was formed, the Apache server passed
-NCSA's httpd as the #1 server on the Internet.
-
-The survey by Netcraft (http://www.netcraft.com/survey/) shows that Apache
-is today more widely used than all other web servers combined.
-
- ============================================================================
-
-Current Apache Group in alphabetical order as of 18 December 2001:
-
-   Greg Ames              IBM Corporation, Research Triangle Park, NC, USA
-   Aaron Bannert          California
-   Brian Behlendorf       Collab.Net, California 
-   Ken Coar               IBM Corporation, Research Triangle Park, NC, USA
-   Mark J. Cox            Red Hat, UK
-   Lars Eilebrecht        Freelance Consultant, Munich, Germany 
-   Ralf S. Engelschall    Cable & Wireless Deutschland, Munich, Germany
-   Justin Erenkrantz      University of California, Irvine
-   Roy T. Fielding        Day Software, California 
-   Tony Finch             Covalent Technologies, California
-   Dean Gaudet            Transmeta Corporation, California 
-   Dirk-Willem van Gulik  Covalent Technologies, California 
-   Brian Havard           Australia
-   Ian Holsman            CNET, California
-   Ben Hyde               Gensym, Massachusetts
-   Jim Jagielski          jaguNET Access Services, Maryland 
-   Manoj Kasichainula     Collab.Net, California
-   Alexei Kosut           Stanford University, California 
-   Martin Kraemer         Munich, Germany
-   Ben Laurie             Freelance Consultant, UK 
-   Rasmus Lerdorf         Yahoo!, California
-   Daniel Lopez Ridruejo  Covalent Technologies, California
-   Doug MacEachern        Covalent Technologies, California
-   Aram W. Mirzadeh       CableVision, New York 
-   Chuck Murcko           The Topsail Group, Pennsylvania 
-   Sameer Parekh          California 
-   David Reid             UK
-   William A. Rowe, Jr.   Covalent, Illinois
-   Wilfredo Sanchez       Apple Computer, California
-   Cliff Skolnick         California
-   Marc Slemko            Canada 
-   Joshua Slive           Canada
-   Greg Stein             California
-   Bill Stoddard          IBM Corporation, Research Triangle Park, NC
-   Paul Sutton            Seattle
-   Randy Terbush          Covalent Technologies, California 
-   Jeff Trawick           IBM Corporation, Research Triangle Park, NC
-   Cliff Woolley          University of Virginia
-
-Apache Emeritus (old group members now off doing other things)
-
-   Ryan Bloom             California 
-   Rob Hartill            Internet Movie DB, UK 
-   David Robinson         Cambridge University, UK
-   Robert S. Thau         MIT, Massachusetts
-   Andrew Wilson          Freelance Consultant, UK 
-   
-Other major contributors
-
-   Howard Fear (mod_include), Florent Guillaume (language negotiation),
-   Koen Holtman (rewrite of mod_negotiation),
-   Kevin Hughes (creator of all those nifty icons),
-   Brandon Long and Beth Frank (NCSA Server Development Team, post-1.3),
-   Ambarish Malpani (Beginning of the NT port),
-   Rob McCool (original author of the NCSA httpd 1.3),
-   Paul Richards (convinced the group to use remote CVS after 1.0),
-   Garey Smiley (OS/2 port), Henry Spencer (author of the regex library).
-
-Many 3rd-party modules, frequently used and recommended, are also
-freely-available and linked from the related projects page:
-<http://modules.apache.org/>, and their authors frequently
-contribute ideas, patches, and testing.
-
-Hundreds of people have made individual contributions to the Apache
-project.  Patch contributors are listed in the src/CHANGES file.
-Frequent contributors have included Petr Lampa, Tom Tromey, James H.
-Cloos Jr., Ed Korthof, Nathan Neulinger, Jason S. Clary, Jason A. Dour,
-Michael Douglass, Tony Sanders, Brian Tao, Michael Smith, Adam Sussman,
-Nathan Schrenk, Matthew Gray, and John Heidemann.
-
- ============================================================================
-
-How to become involved in the Apache project
-
-There are several levels of contributing.  If you just want to send
-in an occasional suggestion/fix, then you can just use the bug reporting
-form at <http://httpd.apache.org/bug_report.html>.  You can also subscribe
-to the announcements mailing list (announce-subscribe@httpd.apache.org) which
-we use to broadcast information about new releases, bugfixes, and upcoming
-events.  There's a lot of information about the development process (much of
-it in serious need of updating) to be found at <http://httpd.apache.org/dev/>.
-
-If you'd like to become an active contributor to the Apache project (the
-group of volunteers who vote on changes to the distributed server), then
-you need to start by subscribing to the dev@httpd.apache.org mailing list.
-One warning though: traffic is high, 1000 to 1500 messages/month.
-To subscribe, send an email to dev-subscribe@httpd.apache.org.  We 
-recommend reading the list for a while before trying to jump in to 
-development.
-
-   NOTE: The developer mailing list (dev@httpd.apache.org) is not
-   a user support forum; it is for people actively working on development
-   of the server code and documentation, and for planning future
-   directions.  If you have user/configuration questions, send them
-   to users list <http://httpd.apache.org/userslist> or to the USENET
-   newsgroup "comp.infosystems.www.servers.unix".or for windows users,
-   the newsgroup "comp.infosystems.www.servers.ms-windows".
-
-There is a core group of contributors (informally called the "core")
-which was formed from the project founders and is augmented from time
-to time when core members nominate outstanding contributors and the
-rest of the core members agree.  The core group focus is more on
-"business" issues and limited-circulation things like security problems
-than on mainstream code development.  The term "The Apache Group"
-technically refers to this core of project contributors.
-
-The Apache project is a meritocracy -- the more work you have done, the more
-you are allowed to do.  The group founders set the original rules, but
-they can be changed by vote of the active members.  There is a group
-of people who have logins on our server (apache.org) and access to the
-CVS repository.  Everyone has access to the CVS snapshots.  Changes to
-the code are proposed on the mailing list and usually voted on by active
-members -- three +1 (yes votes) and no -1 (no votes, or vetoes) are needed
-to commit a code change during a release cycle; docs are usually committed
-first and then changed as needed, with conflicts resolved by majority vote.
-
-Our primary method of communication is our mailing list. Approximately 40
-messages a day flow over the list, and are typically very conversational in
-tone. We discuss new features to add, bug fixes, user problems, developments
-in the web server community, release dates, etc.  The actual code development
-takes place on the developers' local machines, with proposed changes
-communicated using a patch (output of a unified "diff -u oldfile newfile"
-command), and committed to the source repository by one of the core
-developers using remote CVS.  Anyone on the mailing list can vote on a
-particular issue, but we only count those made by active members or people
-who are known to be experts on that part of the server.  Vetoes must be
-accompanied by a convincing explanation.
-
-New members of the Apache Group are added when a frequent contributor is
-nominated by one member and unanimously approved by the voting members.
-In most cases, this "new" member has been actively contributing to the
-group's work for over six months, so it's usually an easy decision.
-
-The above describes our past and current (as of July 2000) guidelines,
-which will probably change over time as the membership of the group
-changes and our development/coordination tools improve.
-
- ============================================================================
-
-The Apache Software Foundation (www.apache.org)
-
-The Apache Software Foundation exists to provide organizational, legal,
-and financial support for the Apache open-source software projects.
-Founded in June 1999 by the Apache Group, the Foundation has been
-incorporated as a membership-based, not-for-profit corporation in order
-to ensure that the Apache projects continue to exist beyond the participation
-of individual volunteers, to enable contributions of intellectual property
-and funds on a sound basis, and to provide a vehicle for limiting legal
-exposure while participating in open-source software projects. 
-
-You are invited to participate in The Apache Software Foundation. We welcome
-contributions in many forms.  Our membership consists of those individuals
-who have demonstrated a commitment to collaborative open-source software
-development through sustained participation and contributions within the
-Foundation's projects.  Many people and companies have contributed towards
-the success of the Apache projects. 
-
- ============================================================================
-
-Why Apache Is Free
-
-Apache exists to provide a robust and commercial-grade reference
-implementation of the HTTP protocol.  It must remain a platform upon which
-individuals and institutions can build reliable systems, both for
-experimental purposes and for mission-critical purposes.  We believe the
-tools of online publishing should be in the hands of everyone, and
-software companies should make their money providing value-added services
-such as specialized modules and support, amongst other things.  We realize
-that it is often seen as an economic advantage for one company to "own" a
-market - in the software industry that means to control tightly a
-particular conduit such that all others must pay.  This is typically done
-by "owning" the protocols through which companies conduct business, at the
-expense of all those other companies.  To the extent that the protocols of
-the World Wide Web remain "unowned" by a single company, the Web will
-remain a level playing field for companies large and small. Thus,
-"ownership" of the protocol must be prevented, and the existence of a
-robust reference implementation of the protocol, available absolutely for
-free to all companies, is a tremendously good thing.  
-
-Furthermore, Apache is an organic entity; those who benefit from it
-by using it often contribute back to it by providing feature enhancements,
-bug fixes, and support for others in public newsgroups.  The amount of
-effort expended by any particular individual is usually fairly light, but
-the resulting product is made very strong.  This kind of community can
-only happen with freeware -- when someone pays for software, they usually
-aren't willing to fix its bugs.  One can argue, then, that Apache's
-strength comes from the fact that it's free, and if it were made "not
-free" it would suffer tremendously, even if that money were spent on a
-real development team.
-
-We want to see Apache used very widely -- by large companies, small
-companies, research institutions, schools, individuals, in the intranet
-environment, everywhere -- even though this may mean that companies who
-could afford commercial software, and would pay for it without blinking,
-might get a "free ride" by using Apache.  We would even be happy if some
-commercial software companies completely dropped their own HTTP server
-development plans and used Apache as a base, with the proper attributions
-as described in the LICENSE file.
-
-Thanks for using Apache!
-
diff --git a/usr.sbin/httpd/Announcement b/usr.sbin/httpd/Announcement
deleted file mode 100644
index 08a4435f588..00000000000
--- a/usr.sbin/httpd/Announcement
+++ /dev/null
@@ -1,108 +0,0 @@
-
-                   Apache HTTP Server 1.3.29 Released
-
-   The Apache Software Foundation and The Apache HTTP Server Project are
-   pleased to announce the release of version 1.3.29 of the Apache HTTP
-   Server ("Apache").  This Announcement notes the significant changes
-   in 1.3.29 as compared to 1.3.28.  The Announcement is also available
-   in German from http://www.apache.org/dist/httpd/Announcement.html.de.
-
-   This version of Apache is principally a bug and security fix release.
-   A partial summary of the bug fixes is given at the end of this document.
-   A full listing of changes can be found in the CHANGES file.  Of
-   particular note is that 1.3.29 addresses and fixes 1 potential
-   security issue:
-
-     o CAN-2003-0542 (cve.mitre.org)
-       Fix buffer overflows in mod_alias and mod_rewrite which occurred if
-       one configured a regular expression with more than 9 captures.
-
-   We consider Apache 1.3.29 to be the best version of Apache 1.3 available
-   and we strongly recommend that users of older versions, especially of
-   the 1.1.x and 1.2.x family, upgrade as soon as possible.  No further
-   releases will be made in the 1.2.x family.
-
-   Apache 1.3.29 is available for download from:
-   
-       http://httpd.apache.org/download.cgi
-
-   This service utilizes the network of mirrors listed at:
-
-       http://www.apache.org/mirrors/
-
-   Please consult the CHANGES_1.3 file for a full list of changes.
-
-   As of Apache 1.3.12 binary distributions contain all standard Apache
-   modules as shared objects (if supported by the platform) and include
-   full source code.  Installation is easily done by executing the
-   included install script.  See the README.bindist and INSTALL.bindist
-   files for a complete explanation.  Please note that the binary
-   distributions are only provided for your convenience and current
-   distributions for specific platforms are not always available.  Win32
-   binary distributions are based on the Microsoft Installer (.MSI)
-   technology.  While development continues to make this installation method
-   more robust, questions should be directed to the
-   news:comp.infosystems.www.servers.ms-windows newsgroup.
-
-   For an overview of new features introduced after 1.2 please see
-   
-   http://httpd.apache.org/docs/new_features_1_3.html
-
-   In general, Apache 1.3 offers several substantial improvements over
-   version 1.2, including better performance, reliability and a wider
-   range of supported platforms, including Windows NT and 2000 (which
-   fall under the "Win32" label), OS2, Netware, and TPF threaded
-   platforms.
-
-   Apache is the most popular web server in the known universe; over half
-   of the servers on the Internet are running Apache or one of its
-   variants.
-
-   IMPORTANT NOTE FOR APACHE USERS:   Apache 1.3 was designed for Unix OS
-   variants.  While the ports to non-Unix platforms (such as Win32, Netware
-   or OS2) are of an acceptable quality, Apache 1.3 is not optimized for
-   these platforms.  Security, stability, or performance issues on these
-   non-Unix ports do not generally apply to the Unix version, due to
-   software's Unix origin.
-
-   Apache 2.0 has been structured for multiple operating systems from its 
-   inception, by introducing the Apache Portability Library and MPM modules.
-   Users on non-Unix platforms are strongly encouraged to move up to 
-   Apache 2.0 for better performance, stability and security on their
-   platforms.
-
-                     Apache 1.3.29 Major changes
-
-  Security vulnerabilities
-
-     * CAN-2003-0542 (cve.mitre.org)
-       Fix buffer overflows in mod_alias and mod_rewrite which occurred if
-       one configured a regular expression with more than 9 captures.
-
-  New features
-
-   New features that relate to specific platforms:
-
-     * Enabled RFC1413 ident functionality for both Win32 and
-       NetWare platforms.  This also included an alternate thread safe
-       implementation of the socket timout functionality when querying
-       the identd daemon.
-
-  Bugs fixed
-
-   The following noteworthy bugs were found in Apache 1.3.28 (or earlier)
-   and have been fixed in Apache 1.3.29:
-
-     * Within ap_bclose(), ap_pclosesocket() is now called consistently
-       for sockets and ap_pclosef() for files.  Also, closesocket()
-       is used consistenly to close socket fd's.  The previous
-       confusion between socket and file fd's would cause problems
-       with some applications now that we proactively close fd's to
-       prevent leakage.  PR 22805.
- 
-     * Fixed mod_usertrack to not get false positive matches on the
-       user-tracking cookie's name.  PR 16661.
-
-     * Prevent creation of subprocess Zombies when using CGI wrappers
-       such as suEXEC and cgiwrap.  PR 21737. 
-
diff --git a/usr.sbin/httpd/CHANGES b/usr.sbin/httpd/CHANGES
deleted file mode 100644
index 4f36295a07b..00000000000
--- a/usr.sbin/httpd/CHANGES
+++ /dev/null
@@ -1,128 +0,0 @@
-                   OVERVIEW OF NEW FEATURES IN APACHE 1.2
-
-New features with this release, as extensions of the Apache functionality
-For more information, see the documentation included with this release
-(htdocs/manual/) or http://www.apache.org/docs/
-
-In addition to a number of bug fixes and internal performance
-enhancements, Apache 1.2 has the following specific new user
-features:
-
-
-  *) HTTP/1.1 Compliance
-       Aside from the optional proxy module (which operates as HTTP/1.0),
-       Apache is conditionally compliant with the HTTP/1.1 proposed standard,
-       as approved by the IESG and the IETF HTTP working group.
-       HTTP/1.1 provides a much-improved protocol, and should allow for
-       greater performance and efficiency when transferring files. Apache
-       does, however, still work great with HTTP/1.0 browsers.  We are very
-       close to being unconditionally compliant; if you note any deviance
-       from the proposed standard, please report it as a bug.
-
-  *) eXtended Server Side Includes (XSSI)
-       A new set of server-side include directives allows the user to
-       better create WWW pages. This includes number of powerful new
-       features, such as the ability to set variables and use conditional
-       HTML.
-
-  *) File-based and Regex-enabled Directive Sections
-       The new <Files> section allows directives to be enabled based on
-       full filename, not just directory and URL. In addition, <Files>
-       sections can appear in .htaccess files. <Files>, along with
-       <Directory> and <Location>, can also now be based on regular
-       expressions, not just simple prefix matching.
-
-  *) Browser-based Environment Variables
-       Environment variables can now be set based on the User-Agent
-       string of the browser. Combined with XSSI, this allows you to
-       write browser-based conditional HTML documents.
-
-  *) SetUID CGI Execution 
-       Apache now supports the execution of CGI scripts as users other
-       than the server user. A number of security checks are built in to
-       try and make this as safe as possible.
-
-  *) URL Rewriting Module
-       The optional mod_rewrite module is now included. This module can
-       provide powerful URL mapping, using regular expressions. There's
-       nothing this module can't do!
-
-  *) Enhanced, Configurable Logging
-       The optional mod_log_config included with earlier versions of
-       Apache is now standard, and has been enhanced to allow logging of
-       much more detail about the transaction, and can be used to open
-       more than one log at once (each of which can have a different log
-       format).
-
-  *) User Tracking (Cookies) Revisions
-       The mod_cookies included with previous versions of Apache has been
-       renamed mod_usertrack, to more accurately reflect its function
-       (some people inadvertently thought it enabled cookie support in
-       Apache, which is not true - Apache supports the use of cookies
-       directly). It is also now possible to disable the generation of
-       cookies, even when the cookie module is compiled in. Also, an
-       expiry time can be set on the cookies.
-
-  *) Multiple IPs in <VirtualHost>
-       The <VirtualHost> directive can now take more than one IP address
-       or hostname. This lets a single vhost handles requests for
-       multiple IPs or hostnames.
-
-  *) CGI Debugging Environment
-       ScriptLog allows you to now set up a log that records all input
-       and output to failed CGI scripts. This includes environment
-       variables, input headers, POST data, output, and more. This makes
-       CGI scripts much easier to debug.
-
-  *) Resource Limits for CGI Scripts
-       New directives allow the limiting of resources used by CGI scripts
-       (e.g. max CPU time). This is helpful in preventing 'runaway' CGI
-       processes.
-
-  *) Redirect Directive Can Return Alternate Status
-       The Redirect directive can return permanent or temporary redirects,
-       "Gone" or "See Other" HTTP status. For NCSA-compatibility,
-       RedirectTemp and RedirectPermanent are also implemented.
-
-  *) Graceful Restarts
-       Apache can re-read the config files and re-open log files without
-       terminating transactions in progress.
-
-  *) Simplified Compilation
-       The process of configuring Apache for compilation has been
-       simplified.
-
-  *) Add or Remove Options
-       The Options directive can now add or remove options from those
-       currently in force, rather than always replacing them.
-
-  *) Command-line Help
-       The -h command-line option now lists all the available directives.
-
-  *) Optional Headers Module to Set or Remove HTTP Headers
-       The optional mod_headers module can be used to set custom headers
-       in the HTTP response. It can append to existing headers, replace
-       them, or remove headers from the response.
-
-  *) Conditional Config Directives
-       A new <IfModule> section allows directives to be enabled only if a
-       given module is loaded into the server.
-
-  *) Authorization Directives Now Use NCSA-style Syntax
-       The AuthUserFile, AuthGroupFile and AuthDigestFile commands now
-       have a syntax compatible with the NCSA server.
-
-  *) Optional Proxy Module
-       An improved FTP, HTTP, and CONNECT mode SSL proxy is included with
-       Apache 1.2. Some of the changes visible to users:
-       
-              - Improved FTP proxy supporting PASV mode
-              - CONNECT mode ports are configurable from a list
-              - NoCache * directive for disabling proxy caching
-              - Numerous bug fixes
-
-  *) Optional Example Module
-       An example module that demonstrates many of the aspects of the
-       API is now included with Apache as of version 1.2.  It can be
-       used as a base for those who wish to write their own Apache
-       modules.
diff --git a/usr.sbin/httpd/INSTALL b/usr.sbin/httpd/INSTALL
deleted file mode 100644
index 767a0df3f07..00000000000
--- a/usr.sbin/httpd/INSTALL
+++ /dev/null
@@ -1,547 +0,0 @@
-
-  APACHE INSTALLATION
-
-  NOTE: Windows users please read the documents README-WIN.txt and
-        http://httpd.apache.org/docs/windows.html, (or the
-        htdocs/manual/windows.html file included with Apache). 
-        The following applies only to Unix users.
-
-  Introduction
-  ============
-
-  Like all good things, there are two ways to configure, compile, and install
-  Apache.  You can go for the 3-minute installation process using the APACI
-  process described below; or, you can opt for the same mechanism used in
-  previous versions of Apache, as described in the file 'src/INSTALL'.  Each
-  mechanism has its benefits and drawbacks - APACI is newer and a little more
-  raw, but it gets you up and running the least amount of time, whereas the
-  "Configuration.tmpl" mechanism may be more familiar and give you some more
-  flexibility to the power user.  We'd be very interested in your comments and
-  feedback regarding each approach.
-
-
-  Installing the Apache 1.3 HTTP server with APACI
-  ================================================
-
-  1. Overview for the impatient
-     --------------------------
-
-     $ ./configure --prefix=PREFIX
-     $ make
-     $ make install
-     $ PREFIX/bin/apachectl start
-
-     NOTE: PREFIX is not the string "PREFIX". Instead use the Unix
-           filesystem path under which Apache should be installed. For
-           instance use "/usr/local/apache" for PREFIX above.
-
-  2. Requirements
-     ------------
-
-     The following requirements exist for building Apache:
-
-     o  Disk Space: 
-
-        Make sure you have approximately 12 MB of temporary free disk space
-        available.  After installation Apache occupies approximately 3 MB of
-        disk space (the actual required disk space depends on the amount of
-        compiled in third party modules, etc).
-
-     o  ANSI-C Compiler: 
-
-        Make sure you have an ANSI-C compiler installed. The GNU C compiler
-        (GCC) from the Free Software Foundation (FSF) is recommended (version
-        2.7.2 is fine). If you don't have GCC then at least make sure your
-        vendors compiler is ANSI compliant. You can find the homepage of GNU
-        at http://www.gnu.org/ and the GCC distribution under
-        http://www.gnu.org/order/ftp.html .
-
-     o  Perl 5 Interpreter [OPTIONAL]:
-
-        For some of the support scripts like `apxs' or `dbmmanage' (which are
-        written in Perl) the Perl 5 interpreter is required (versions 5.003
-        and 5.004 are fine). If no such interpreter is found by APACI's
-        `configure' script this is no harm.  Of course, you still can build
-        and install Apache 1.3. Only those support scripts cannot be used. If
-        you have multiple Perl interpreters installed (perhaps a Perl 4 from
-        the vendor and a Perl 5 from your own), then it is recommended to use
-        the --with-perl option (see below) to make sure the correct one is
-        selected by APACI.
-
-     o  Dynamic Shared Object (DSO) support [OPTIONAL]:
-
-        To provide maximum flexibility Apache now is able to load modules
-        under runtime via the DSO mechanism by using the pragmatic
-        dlopen()/dlsym() system calls. These system calls are not available
-        under all operating systems therefore you cannot use the DSO mechanism
-        on all platforms. And Apache currently has only limited built-in
-        knowledge on how to compile shared objects because this is heavily
-        platform-dependent. The current state is this:
-
-        o Out-of-the-box supported platforms are:
-           - Linux     - SunOS         - UnixWare     - Darwin/Mac OS
-           - FreeBSD   - Solaris       - AIX          - OpenStep/Mach
-           - OpenBSD   - IRIX          - SCO          - DYNIX/ptx
-           - NetBSD    - HPUX          - ReliantUNIX
-           - BSDI      - Digital Unix  - DGUX
-
-        o Entirely unsupported platforms are:
-           - Ultrix
-
-        If your system is not on these lists but has the dlopen-style
-        interface, you either have to provide the appropriate compiler and
-        linker flags (see CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT
-        below) manually or at least make sure a Perl 5 interpreter is
-        installed from which Apache can guess the options.
-
-        For more in-depth information about DSO support in Apache 1.3 please
-        read the document htdocs/manual/dso.html carefully. Especially the
-        section entitled "Advantages & Disadvantages" because using the DSO
-        mechanism can have strange side-effects if you are not careful. BE
-        WARNED!
-
-  3. Configuring the source tree
-     ---------------------------
-
-     NOTE: Although we'll often advise you to read the src/Configuration.tmpl
-           file parts to better understand the various options in this
-           section, there is _AT NO TIME_ any need to _EDIT_ this file. The
-           _COMPLETE_ configuration takes place via command line arguments and
-           local shell variables for the ./configure script. The
-           src/Configuration.tmpl file is just a _READ-ONLY_ resource, here.
-
-     Introduction:
-
-     The next step is to configure the Apache source tree for your particular
-     platform and personal requirements. The most important setup here is the
-     location prefix where Apache is to be installed later, because Apache has
-     to be configured for this location to work correctly. But there are a lot
-     of other options available for your pleasure.
-
-     For a short impression of what possibilities you have, here is a typical
-     example which compiles Apache for the installation tree /sw/pkg/apache
-     with a particular compiler and flags plus the two additional modules
-     mod_rewrite and mod_proxy for later loading through the DSO mechanism: 
-
-     $ CC="pgcc" OPTIM="-O2" \
-       ./configure --prefix=/sw/pkg/apache \
-                   --enable-module=rewrite --enable-shared=rewrite \
-                   --enable-module=proxy   --enable-shared=proxy
-
-     The complete reference of all configuration possibilities follows. For
-     more real-life configuration examples please check out the file
-     README.configure.
-
-     Reference:
-
-     $ [CC=...]        [CFLAGS_SHLIB=...]           [TARGET=...]
-       [OPTIM=...]     [LD_SHLIB=...]
-       [CFLAGS=...]    [LDFLAGS_SHLIB=...]        
-       [INCLUDES=...]  [LDFLAGS_SHLIB_EXPORT=...] 
-       [LDFLAGS=...]   [RANLIB=...]  
-       [LIBS=...]      [DEPS=...]
-       ./configure
-           [--quiet]         [--prefix=DIR]            [--enable-rule=NAME]    
-           [--verbose]       [--exec-prefix=PREFIX]    [--disable-rule=NAME]   
-           [--shadow[=DIR]]  [--bindir=EPREFIX]        [--add-module=FILE]     
-           [--show-layout]   [--sbindir=DIR]           [--activate-module=FILE]
-           [--help]          [--libexecdir=DIR]        [--enable-module=NAME]  
-                             [--mandir=DIR]            [--disable-module=NAME] 
-                             [--sysconfdir=DIR]        [--enable-shared=NAME]  
-                             [--datadir=DIR]           [--disable-shared=NAME] 
-                             [--includedir=DIR]        [--permute-module=N1:N2]
-                             [--localstatedir=DIR]
-                             [--runtimedir=DIR]        [--enable-suexec]
-                             [--logfiledir=DIR]        [--suexec-caller=UID]
-                             [--proxycachedir=DIR]     [--suexec-docroot=DIR]
-                             [--with-layout=[FILE:]ID] [--suexec-logfile=FILE]
-                                                       [--suexec-userdir=DIR]
-                             [--with-perl=FILE]        [--suexec-uidmin=UID]
-                             [--without-support]       [--suexec-gidmin=GID]
-                             [--without-confadjust]    [--suexec-safepath=PATH]
-                             [--without-execstrip]
-			     [--server-uid=UID]
-			     [--server-gid=GID]
-
-     Use the CC, OPTIM, CFLAGS, INCLUDES, LDFLAGS, LIBS, CFLAGS_SHLIB,
-     LD_SHLIB, LDFLAGS_SHLIB, LDFLAGS_SHLIB_EXPORT, RANLIB, DEPS and TARGET
-     environment variables to override the corresponding default entries in
-     the src/Configuration.tmpl file (see there for more information about
-     their usage).
-
-         Note: The syntax ``KEY=VALUE ./configure ...'' (one single line!) is
-               the GNU Autoconf compatible way of specifying defines and can
-               be used with Bourne shell compatible shells only (sh, bash,
-               ksh). If you use a different type of shell either use ``env
-               KEY=VALUE ./configure ...'' when the `env' command is available
-               on your system or use ``setenv KEY VALUE; ./configure ...'' if
-               you use one of the C-shell variants (csh, tcsh).
-
-         Note: The above parameter names are the canonical ones used in
-               Autoconf-style interfaces. But because src/Configuration.tmpl
-               uses the prefix EXTRA_ for some variables (e.g. EXTRA_CFLAGS)
-               these variants are accepted for backward-compatibility reasons,
-               too. But please use the canonical Autoconf-style names and
-               don't rely on this.
-
-     Use the --prefix=PREFIX and --exec-prefix=EPREFIX options to configure
-     Apache to use a particular installation prefix. The default is
-     PREFIX=/usr/local/apache and EPREFIX=PREFIX.
-
-     Use the --bindir=DIR, --sbindir=DIR, --libexecdir=DIR, --mandir=DIR,
-     --sysconfdir=DIR, --datadir=DIR, --includedir=DIR, --localstatedir=DIR,
-     --runtimedir=DIR, --logfiledir=DIR and proxycachedir=DIR option to change
-     the paths for particular subdirectories of the installation tree.
-     Defaults are bindir=EPREFIX/bin, sbindir=EPREFIX/sbin,
-     libexecdir=EPREFIX/libexec, mandir=PREFIX/man, sysconfdir=PREFIX/etc,
-     datadir=PREFIX/share, includedir=PREFIX/include,
-     localstatedir=PREFIX/var, runtimedir=PREFIX/var/run,
-     logfiledir=PREFIX/var/log and proxycachedir=PREFIX/var/proxy.
-
-         Note: To reduce the pollution of shared installation locations
-               (like /usr/local/ or /etc) with Apache files to a minimum the
-               string ``/apache'' is automatically appended to 'libexecdir',
-               'sysconfdir', 'datadir', 'localstatedir' and 'includedir' if
-               (and only if) the following points apply for each path
-               individually:
-
-                   1. the path doesn't already contain the word ``apache''
-                   2. the path was not directly customized by the user
-
-               Keep in mind that per default these paths are derived from
-               'prefix' and 'exec-prefix', so usually its only a matter
-               whether these paths contain ``apache'' or not. Although the
-               defaults were defined with experience in mind you always should
-               make sure the paths fit your situation by checking the finally
-               chosen paths via the --show-layout option.
-
-     Use the --with-layout=[F:]ID option to select a particular installation
-     path base-layout. There are many layouts pre-defined in the file
-     config.layout. Except on MacOS(X) configure defaults to the `Apache'
-     classical path layout. You can get an overview of the existing layouts
-     by using the command:
-
-     grep "^<Layout" config.layout
-
-     When you want to use your own custom layout FOO, either add a
-     corresponding "<Layout FOO>...</Layout>" section to config.layout and
-     use --with-layout=FOO or place it into your own file, say config.mypaths,
-     and use --with-layout=config.mypaths:FOO.
- 
-     Use the --show-layout option to check the final installation path layout
-     while fiddling with the options above.
- 
-     Use the --enable-rule=NAME and --disable-rule=NAME options to enable or
-     disable a particular Rule from the Apache src/Configuration.tmpl file. The
-     defaults (yes=enabled, no=disabled) can either be seen when running
-     `./configure --help' or manually looked up in the src/Configuration.tmpl
-     file.
- 
-     Use the --add-module=FILE option to copy a module source file to the
-     Apache src/modules/extra/ directory and on-the-fly add an entry for it in
-     the configuration file. FILE has to be a valid path to a C source file
-     outside the Apache source tree, for instance /path/to/mod_foo.c, or a
-     path to an already existing C source code file in src/modules/extra/, such
-     as src/modules/extra/mod_foo.c, in which case no copying will be done.
-     The added module is automatically activated and enabled. Use this option
-     to automatically include a simple third-party module to the Apache build
-     process.
-
-     Use the --activate-module=FILE option to add an entry for an existing
-     module object or library file into the configuration file on-the-fly.
-     FILE has to be a valid path beginning with "src/modules/", and the
-     corresponding file has to have been copied to this location in the Apache
-     source tree before running configure.  The module is automatically
-     enabled. Use this option to automatically include a complex third-party
-     module to the Apache build process where, for instance a module like
-     mod_perl or mod_php3 consisting of more than one file which are created
-     by a third-party configuration scheme.
-
-     Use the --enable-module=NAME and --disable-module=NAME options to enable
-     or disable a particular already distributed module from the Apache
-     src/Configuration.tmpl file. The correct module names (no `mod_' prefix!)
-     and defaults (yes=enabled, no=disabled) can be seen when running
-     `./configure --help'.  There are two special NAME variants: `all' for
-     enabling or disabling all modules and `most' for enabling or disabling
-     only these modules which are useable on all platforms (currently this is
-     `all' minus the modules `auth_db', `log_agent', `log_referer', `example',
-     `so' and `mmap_static'). For a compact overview of available modules see
-     the following list (remove the `mod_' prefix to get the NAME).
-
-     _________________________________________________________________________
-     LIST OF AVAILABLE MODULES
-
-     Environment creation
-      (+) mod_env .......... Set environment variables for CGI/SSI scripts
-      (+) mod_setenvif ..... Set environment variables based on HTTP headers
-      (-) mod_unique_id .... Generate unique identifiers for request
-     Content type decisions
-      (+) mod_mime ......... Content type/encoding determination (configured)
-      (-) mod_mime_magic ... Content type/encoding determination (automatic)
-      (+) mod_negotiation .. Content selection based on the HTTP Accept* headers
-     URL mapping
-      (+) mod_alias ........ Simple   URL translation and redirection
-      (-) mod_rewrite ...... Advanced URL translation and redirection
-      (+) mod_userdir ...... Selection of resource directories by username
-      (-) mod_speling ...... Correction of misspelled URLs
-     Directory Handling
-      (+) mod_dir .......... Directory and directory default file handling
-      (+) mod_autoindex .... Automated directory index file generation
-     Access Control
-      (+) mod_access ....... Access Control (user, host, network)
-      (+) mod_auth ......... HTTP Basic Authentication (user, passwd)
-      (-) mod_auth_dbm ..... HTTP Basic Authentication via Unix NDBM files
-      (-) mod_auth_db ...... HTTP Basic Authentication via Berkeley-DB files
-      (-) mod_auth_anon .... HTTP Basic Authentication for Anonymous-style users
-      (-) mod_digest ....... HTTP Digest Authentication
-     HTTP response
-      (-) mod_headers ...... Arbitrary HTTP response headers (configured)
-      (-) mod_cern_meta .... Arbitrary HTTP response headers (CERN-style files)
-      (-) mod_expires ...... Expires HTTP responses 
-      (+) mod_asis ......... Raw HTTP responses 
-     Scripting
-      (+) mod_include ...... Server Side Includes (SSI) support
-      (+) mod_cgi .......... Common Gateway Interface (CGI) support
-      (+) mod_actions ...... Map CGI scripts to act as internal `handlers'
-     Internal Content Handlers
-      (+) mod_status ....... Content handler for server run-time status
-      (-) mod_info ......... Content handler for server configuration summary
-     Request Logging
-      (+) mod_log_config ... Customizable logging of requests
-      (-) mod_log_agent .... Specialized HTTP User-Agent logging (deprecated)
-      (-) mod_log_referer .. Specialized HTTP Referrer logging   (deprecated)
-      (-) mod_usertrack .... Logging of user click-trails via HTTP Cookies
-     Miscellaneous
-      (+) mod_imap ......... Server-side Image Map support
-      (-) mod_proxy ........ Caching Proxy Module (HTTP, HTTPS, FTP)
-      (-) mod_so ........... Dynamic Shared Object (DSO) bootstrapping
-     Experimental
-      (-) mod_mmap_static .. Caching of frequently served pages via mmap()
-     Development
-      (-) mod_example ...... Apache API demonstration (developers only)
-     _________________________________________________________________________
-                    (+) = enabled  per default [disable with --disable-module]
-                    (-) = disabled per default [enable  with --enable-module ]
-
-
-     Use the --enable-shared=NAME and --disable-shared=NAME options to enable
-     or disable the shared object support for a particular module from the
-     Apache src/Configuration.tmpl file. The defaults (yes=enabled,
-     no=disabled) can be seen when running `./configure --help'. There are two
-     special NAME variants: `max' for enabling or disabling DSO on all modules
-     except the bootstrapping `so' module and `remain' for enabling or
-     disabling DSO for only those modules which are still not enabled (which
-     this way implicitly enables them itself). 
-     
-         Note 1: The --enable-shared option DOES NOT AUTOMATICALLY enable the
-                 module because there are variants like `--enable-shared=max'
-                 which should not imply `--enable-module=all'.  
-
-         Note 2: Per default the DSO mechanism is globally disabled, i.e. no
-                 modules are build as shared objects.
-
-         Note 3: The usage of any --enable-shared option automatically implies
-                 a --enable-module=so option because the bootstrapping module
-                 mod_so is always needed for DSO support.
-
-         Note 4: When you later want to extend your Apache installation via
-                 third-party modules through the DSO+APXS mechanism make sure
-                 that you at least compile with mod_so included, even when no
-                 distributed modules are build as shared objects. This can be
-                 achieved by explicitly using --enable-module=so.
-
-         Note 5: Some platforms require --enable-rule=SHARED_CORE for
-                 the DSO mechanism to work, i.e. when you want to use
-                 --enable-shared for some modules on these platforms you also
-                 have to enable the SHARED_CORE rule. For more details please
-                 read the document `htdocs/manual/dso.html'.
-
-     Use the --permute-module=N1:N2 option to permutate the AddModule lines of
-     modules mod_N1 and mod_N2 in the Configuration file. This way one can
-     give modules different priorities.  Two special and important variants
-     are supported for the option argument: first BEGIN:N which permutes
-     module mod_N with the begin of the module list, i.e. it `moves' the
-     module to the begin of the list (gives it lowest priority).  And second
-     N:END which permutes mod_N with the end of the module list, i.e. it
-     `moves' the module to the end of the list (gives it highest priority).
-
-     Use the --with-perl=FILE option to select a particular Perl interpreter
-     executable to be used with Apache. Per default APACI tries to find it
-     automatically. But if multiple Perl instances exist on your system you
-     have to select the correct one manually.
- 
-     Use the --without-support option to explicitly disable the build and
-     installation of support tools from the src/support/ area. This can be
-     useful when you have compilation problems with one or more of these not
-     programs on your platform or if you just don't need them.
-
-     Use the --without-confadjust option to explicitly disable some built
-     user/situation dependent adjustments to the config files (Group, Port,
-     ServerAdmin, ServerName, etc.).  This is usually only interesting for
-     vendor package maintainers who wants to force the keeping of defaults.
-
-     Use the --without-execstrip option to disable the stripping of
-     executables on installation. This can be important on some platforms in
-     combination with --enable-rule=SHARED_CORE or when Apache was built with
-     debugging symbols which shouldn't be lost.
- 
-     Use the --enable-suexec option to enable the suEXEC feature by building
-     and installing the "suexec" support program. Use --suexec-caller=UID to
-     set the allowed caller user id, --suexec-userdir=DIR to set the user
-     subdirectory, --suexec-docroot=DIR to set the suexec root directory,
-     --suexec-uidmin=UID/--suexec-gidmin=GID to set the minimal allowed
-     UID/GID, --suexec-logfile=FILE to set the logfile and
-     --suexec-safepath=PATH to set the safe shell PATH for the suEXEC
-     feature. At least one --suexec-xxxxx option has to be provided together
-     with the --enable-suexec option to let APACI accept your request for
-     using the suEXEC feature.
-
-     CAUTION: FOR DETAILS ABOUT THE SUEXEC FEATURE WE HIGHLY RECOMMEND YOU TO
-              FIRST READ THE DOCUMENT htdocs/manual/suexec.html BEFORE USING
-              THE ABOVE OPTIONS.
-     
-              USING THE SUEXEC FEATURE PROPERLY CAN REDUCE CONSIDERABLY THE
-              SECURITY RISKS INVOLVED WITH ALLOWING USERS TO DEVELOP AND RUN
-              PRIVATE CGI OR SSI PROGRAMS. HOWEVER, IF SUEXEC IS IMPROPERLY
-              CONFIGURED, IT CAN CAUSE ANY NUMBER OF PROBLEMS AND POSSIBLY
-              CREATE NEW HOLES IN YOUR COMPUTER'S SECURITY.  IF YOU AREN'T
-              FAMILIAR WITH MANAGING SETUID ROOT PROGRAMS AND THE SECURITY
-              ISSUES THEY PRESENT, WE HIGHLY RECOMMEND THAT YOU NOT CONSIDER
-              USING SUEXEC AND KEEP AWAY FROM THESE OPTIONS!
-
-     Use the --shadow option to let APACI create a shadow source tree of the
-     sources for building. This is useful when you want to build for different
-     platforms in parallel (usually through a NFS, AFS or DFS mounted
-     filesystem).  You may specify a directory to the --shadow option into
-     which the shadow tree will be created.
- 
-     Use the --quiet option to disable all configuration verbose messages.
- 
-     Use the --verbose option to enable additional verbose messages.
-     
-     Use the --server-uid option to specify the user ID you want the server to run
-     as. If not specified the server will run as user nobody.  If the user ID
-     specified is different than the ID of the user starting the server, you need to
-     start the server as root.
-
-     Use the --server-gid option to specify the group ID you want the server user ID to
-     be a member of.  If not specified, the group ID will be #-1.
-
-  4. Building the package
-     --------------------
-     
-     Now you can build the various parts which form the Apache package by
-     simply running the command
- 
-        $ make 
- 
-     Please be patient here, this takes approximately 2 minutes to complete
-     under a Pentium-166/FreeBSD-2.2 system, dependend on the amount of
-     modules you have enabled. 
- 
-  5. Installing the package
-     ----------------------
-     
-     Now its time to install the package under the configured installation
-     PREFIX (see --prefix option above) by running:
- 
-        $ make install
- 
-     For the paranoid hackers under us: The above command really installs under
-     prefix _only_, i.e. no other stuff from your system is touched. Even if
-     you upgrade an existing installation your configuration files in
-     PREFIX/etc/ are preserved.
-
-     Note for package authors:
-
-     To simplify rolling a package tarball from the installed files APACI
-     provides a way to override the installation root for the install step.
-     Additionally you can get rid of the user message at the end of the
-     installation process by using the `install-quiet' target. Example:
-
-         $ make install-quiet root=/tmp/apache-root
-
-     Notes for specific platforms:
-
-     NOTE: Please note that for re-installing Apache on AIX you should use the
-           command `slibclean' before using `make install' to really unload
-           any old versions of the DSO's that might still be cached by the
-           dynamic loader.  
-
-  6. Testing the package
-     -------------------
- 
-     Now you can fire up your Apache HTTP server by immediately running
- 
-        $ PREFIX/bin/apachectl start
- 
-     and then you should be able to request your first document via URL
-     http://localhost/ (when you built and installed Apache as root or at
-     least used the --without-confadjust option) or http://localhost:8080/
-     (when you built and installed Apache as a regular user). Then stop the
-     server again by running: 
-
-        $ PREFIX/bin/apachectl stop
- 
-  7. Customizing the package
-     -----------------------
- 
-     Finally you can customize your Apache HTTP server by editing the
-     configuration files under PREFIX/etc/.
- 
-        $ vi PREFIX/etc/httpd.conf
-        $ vi PREFIX/etc/access.conf
-        $ vi PREFIX/etc/srm.conf
- 
-     Have a look at the Apache manual under htdocs/manual/ or
-     http://www.apache.org/docs/ for a complete reference of available
-     configuration directives.
-
-  8. Preparing the system
-     --------------------
-
-     Proper operation of a public HTTP server requires at least the following:
-
-     1. A correctly working TCP/IP layer, since HTTP is implemented on top of
-        TCP/IP. Although modern Unix platforms have good networking layers,
-        always make sure you have all official vendor patches referring to the
-        network layer applied.
-
-     2. Accurate time keeping, since elements of the HTTP protocol are
-        expressed as the time of day.  So, it's time to investigate setting
-        some time synchronization facility on your system. Usually the ntpdate
-        or xntpd programs are used for this purpose which are based on the
-        Network Time Protocol (NTP). See the Usenet newsgroup
-        comp.protocols.time.ntp and the NTP homepage at
-        http://www.eecis.udel.edu/~ntp/ for more details about NTP software
-        and public time servers.
-
-  9. Contacts
-     --------
-
-     o If you want to be informed about new code releases, bug fixes, 
-       security fixes, general news and information about the Apache server
-       subscribe to the announcements mailing list as described under
-       http://httpd.apache.org/lists.html#http-announce
-
-     o If you want freely available support for running Apache please join the
-       Apache user community by subscribing at least to the following USENET
-       newsgroup:
-       comp.infosystems.www.servers.unix
-
-     o If you want commercial support for running Apache please contact
-       one of the companies and contractors which are listed at
-       http://www.apache.org/info/support.cgi
-
-     o If you have a concrete bug report for Apache please go to the
-       Apache Group Bug Database and submit your report:
-       http://httpd.apache.org/bug_report.html
-
-     o If you want to participate in actively developing Apache please
-       subscribe to the `dev@httpd.apache.org' mailing list as described at
-       http://dev.apache.org/mailing-lists
-
-     Thanks for running Apache.
-                                          The Apache Group
-                                          http://www.apache.org/
-
diff --git a/usr.sbin/httpd/INSTALL.SSL b/usr.sbin/httpd/INSTALL.SSL
deleted file mode 100644
index 1b25cd23312..00000000000
--- a/usr.sbin/httpd/INSTALL.SSL
+++ /dev/null
@@ -1,561 +0,0 @@
-                       _             _ 
-   _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-  | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-  | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-  |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-                       |_____|         
-  _____________________________________________________________________________
-  
-                                         ``The world does not really need 
-                                           Apache-SSL easier to install.''
-                                            -- Ben Laurie, Apache-SSL author
-  INSTALLATION (Unix)
-
-  Introduction
-  ____________
-
-  Because mod_ssl is a complex package there are a lot of installation
-  variants and options. For this different documents exists which explain
-  special things: Read this document when you want to install Apache+mod_ssl
-  under Unix. Read the INSTALL.Win32 document when you want to install it
-  under the Win32 (Windows 95/98/NT) platform.
-
-  Prerequisites
-  _____________
-
-  To use mod_ssl you need the following packages:
-
-   o  Package:      Apache 
-      Version:      1.3.x
-      Description:  The Apache Group HTTP Server
-      Reason:       The webserver base package on which all is based
-      Homepage:     http://www.apache.org/
-      Distribution: http://www.apache.org/dist/
-      Tarball:      apache_1.3.x.tar.gz
-      Location:     SF, USA
-      Author(s):    The Apache Group <apache@apache.org>
-      Type:         MANDATORY
-
-   o  Package:      mod_ssl
-      Version:      2.8.x
-      Description:  The Apache Interface to OpenSSL
-      Reason:       The interface module for Apache
-      Homepage:     http://www.modssl.org/
-      Distribution: ftp://ftp.modssl.org/source/
-      Tarball:      mod_ssl-2.8.x-1.3.x.tar.gz
-      Location:     Zurich, Switzerland, Europe
-      Author(s):    Ralf S. Engelschall <rse@engelschall.com>
-      Type:         MANDATORY
-
-   o  Package:      OpenSSL
-      Version:      0.9.x
-      Description:  The Open Source Toolkit for SSL/TLS
-      Reason:       The library which implements SSL/TLS
-      Homepage:     http://www.openssl.org/
-      Distribution: ftp://ftp.openssl.org/source/
-      Tarball:      openssl-0.9.x.tar.gz
-      Location:     Zurich, Switzerland, Europe
-      Author(s):    The OpenSSL Project <openssl@openssl.org>
-      Type:         MANDATORY 
-
-   o  Package:      MM
-      Version:      1.1.x
-      Description:  Shared Memory Library
-      Reason:       The portable library for shared memory in Apache/EAPI
-      Homepage:     http://www.engelschall.com/sw/mm/
-      Distribution: http://www.engelschall.com/sw/mm/
-      Tarball:      mm-1.1.x.tar.gz
-      Location:     Zurich, Switzerland, Europe
-      Author(s):    Ralf S. Engelschall <rse@engelschall.com>
-      Type:         OPTIONAL
-
-   o  Package:      GZip
-      Version:      1.2.4
-      Description:  The compression utility
-      Reason:       To unpack the above tarballs
-      Homepage:     http://www.gnu.org/
-      Distribution: ftp://ftp.gnu.org/pub/gnu/
-      Tarball:      gzip-1.2.4.tar.Z
-      Location:     USA
-      Author(s):    Free Software Foundation (FSF)
-      Type:         MANDATORY
- 
-   o  Package:      Perl
-      Version:      5.6.0
-      Description:  The Practical Extraction and Reporting Language
-      Reason:       To configure OpenSSL and for APXS tool in Apache
-      Homepage:     http://www.perl.com/
-      Distribution: http://www.cpan.org/src/5.0/
-      Tarball:      perl-5.6.0.tar.gz
-      Location:     USA
-      Author(s):    Larry Wall
-      Type:         MANDATORY
-
-  Installation
-  ____________
-
-  The following is a step-by-step list on how to install an SSL-aware Apache.
-  The actual steps you have to perform depend on the location where _YOU_ and
-  your webserver stay.  So the commands are marked at the right-side with the
-  following tags:
-  
-  EU ........ Command has to be run by citizens of a European state ONLY
-  ALL ....... Command has to be run by ANYONE, independent of location
-  OPTIONAL .. Command is optional and not really needed
-
-  Now follow these steps:
-  (the syntax is for a Bourne-Shell style shell, when you're using a C-Shell
-  style shell you've to adjust the commands according to your shell's manual)
-
-  1. Make sure GZip and Perl are already installed and available through the
-     commands `gzip' and `perl'. They are needed for unpacking the tarballs
-     and for configuring OpenSSL. When you've these packages still not
-     installed, do this first.
-
-  2. Extract the required packages:
-
-     $ gzip -d -c apache_1.3.x.tar.gz | tar xvf -                          ALL
-     $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf -                   ALL
-     $ gzip -d -c openssl-0.9.x.tar.gz | tar xvf -                         ALL
-     $ gzip -d -c mm-1.1.x.tar.gz | tar xvf -                         OPTIONAL
-
-  3. Configure and build the OpenSSL library: 
-
-     $ cd openssl-0.9.x                                                    ALL
-     $ sh config \                                                         ALL
-            no-idea \                                                       EU
-            no-threads \                                              OPTIONAL
-            -fPIC                                                     OPTIONAL
-     $ make                                                                ALL
-     $ make test                                                      OPTIONAL
-     $ cd ..                                                               ALL
-
-     NOTE: OpenSSL understands a lot more options on the `config'
-           command line. For instance you can add some command line
-           options (like `-DSSL_FORBID_ENULL' for not allowing Null
-           encryptions, or adding `-DSSL_ALLOW_ADH' for allowing
-           Anonymous Diffie-Hellman ciphers, etc) to adjust the OpenSSL
-           internals (see OpenSSL's top-level Makefile for details).
-
-     NOTE: When your system already has OpenSSL installed (for instance some
-           Linux distributions ship with OpenSSL installed out-of-the-box) in
-           system locations you can ignore the OpenSSL steps above, too.  Then
-           use `SSL_BASE=SYSTEM' instead of `SSL_BASE=../openssl-0.9.x' below
-           and mod_ssl will search for OpenSSL's binary, header and library
-           files in $PATH and system locations.
-
-     NOTE: The -fPIC option builds OpenSSL with Position Independent Code
-           (PIC) which is only important when building mod_ssl as a
-           Dynamic Shared Object (DSO). Please notice, that you really
-           have to use -fPIC and not -fpic, as the latter will usually
-           cause the build to fail. See below for more details.
-
-     NOTE: The optional `no-threads' keyword above is to increase
-           performance inside OpenSSL, because Apache 1.3 does not
-           use threads anyway. However, OpenSSL, if built without
-           `no-threads', by default builds with multi-threading support.
-           This multi-threading support involves using locking around a
-           lot of internal object manipulation (esp. reference counts).
-           The fact that it is not possible in Apache 1.3 to have
-           threads racing on any kind of object internal to OpenSSL
-           means that any overhead (memory and/or time) relating to
-           these locking mechanisms is wasted by default.
-
-  4. Optionally you now can build the MM Shared Memory library when you want
-     shared memory support in Apache/EAPI. For instance this allows mod_ssl to
-     use a high-performance RAM-based session cache instead of a disk-based
-     one.
-
-     $ cd mm-1.1.x                                                    OPTIONAL
-     $ ./configure --disable-shared                                   OPTIONAL
-     $ make                                                           OPTIONAL
-     $ cd ..                                                          OPTIONAL
-
-     NOTE: When your system already has MM installed in system locations
-           you can ignore the steps above and then use `EAPI_MM=SYSTEM'
-           instead of `EAPI_MM=../mm-1.1.x' below.
-
-     NOTE: Do not forget the --disable-shared option above. Else you've
-           to establish an explicit LD_LIBRARY_PATH which includes the
-           /path/to/mm-1.1.x/.libs/ directory or the compilation of Apache
-           will fail because the shared library cannot be found.
-
-  5. Now apply the mod_ssl source extension and source patches to the Apache
-     source tree, configure the Apache sources and build Apache with mod_ssl
-     and OpenSSL. 
-     
-     Actually here you have three options: 
-     (dependent on your situation and personal skill ;-)
-
-     a) The All-In-One mod_ssl+APACI way [FOR JOE AVERAGE]:
-
-        You configure Apache semi-automatically from within mod_ssl's
-        `configure' script. You don't have to fiddle with the SSL_BASE
-        variable but get no intermediate chance to add more third-party
-        Apache modules (e.g. mod_perl, PHP3, etc).
-
-        $ cd mod_ssl-2.8.x-1.3.x                                           ALL
-        $ ./configure \                                                    ALL
-              --with-apache=../apache_1.3.x \                              ALL
-              --with-ssl=../openssl-0.9.x \                                ALL
-              --with-mm=../mm-1.1.x \                                 OPTIONAL
-              --with-crt=/path/to/your/server.crt \                   OPTIONAL
-              --with-key=/path/to/your/server.key \                   OPTIONAL
-              --prefix=/path/to/apache \                                   ALL
-             [--enable-shared=ssl] \                                  OPTIONAL
-             [--disable-rule=SSL_COMPAT] \                            OPTIONAL
-             [--enable-rule=SSL_EXPERIMENTAL] \                       OPTIONAL
-             [--enable-rule=SSL_VENDOR] \                             OPTIONAL
-             [...more APACI options...]                               OPTIONAL
-        $ cd ..                                                            ALL
-        $ cd apache_1.3.x                                                  ALL
-        $ make                                                             ALL
-        $ make certificate                                            OPTIONAL
-        $ make install                                                     ALL
-        $ cd ..                                                            ALL
-
-        NOTE: The --enable-shared=ssl option enables the building of mod_ssl
-              as a DSO `libssl.so'. Read the INSTALL and
-              htdocs/manual/dso.html documents in the Apache source tree for
-              more information about DSO support in Apache. We strongly advise
-              ISPs and package maintainers to use the DSO facility for maximum
-              flexibility with mod_ssl.  But notice that DSO is not supported
-              by Apache on all platforms.
-
-              Additionally OpenSSL has problems under DSO situations on some
-              platforms. For instance under smart ix86 platforms like Linux
-              and FreeBSD when you compile a the standard OpenSSL
-              libcrypto.a/libssl.a libraries and link those to a mod_ssl DSO
-              libssl.so all works fine.  While on other platforms like Solaris
-              2.6 on a SPARC OpenSSL's code will dump core under run-time.
-              When this is the case for you, then try to recompile OpenSSL
-              with Position Independent Code (PIC) by adding a `-fPIC' (for
-              GCC) or `-KPIC' (for SVR4-style compilers) to the platform
-              configuration line in OpenSSL's `Configure' script.  The
-              -fPIC option above when you build OpenSSL.
-
-        NOTE: The --disable-rule=SSL_COMPAT option disables the building of
-              SSL compatibility code for older mod_ssl versions and other
-              Apache SSL solutions like Apache-SSL, Sioux, Stronghold, etc.
-
-        NOTE: The --enable-rule=SSL_EXPERIMENTAL and --enable-rule=SSL_VENDOR
-              options enable various experimental and vendor extension code.
-              Please read the src/Configuration.tmpl file inside the Apache
-              source tree for more details.
-
-        NOTE: You either use `--with-crt'/`--with-key' or `make certificate'
-              above - but never both. The `--with-crt'/`--with-key' options is
-              used only when you already have a real server certificate and
-              private key at hand while `make certificate' is to create a test
-              server test certificate. Read the message box which occurs after
-              the `make' command when building Apache for details.
-
-     b) The flexible APACI-only way [FOR REAL HACKERS]:
-
-        You configure Apache manually and have the chance to configure
-        and add third-party Apache modules like mod_perl, mod_php,
-        mod_frontpage, mod_dav, etc. But you have to provide the
-        SSL_BASE and EAPI_MM variables manually and either copy your
-        existing certificate manually to conf/ssl.crt/server.crt or use
-        `make certificate':
-
-        $ cd mod_ssl-2.8.x-1.3.x                                           ALL
-        $ ./configure \                                                    ALL
-              --with-apache=../apache_1.3.x \                              ALL
-              --with-crt=/path/to/your/server.crt \                   OPTIONAL
-              --with-key=/path/to/your/server.key                     OPTIONAL
-        $ cd ..                                                            ALL
-
-        [...Now add more Apache modules to the Apache source tree...] OPTIONAL
-
-        $ cd apache_1.3.x                                                  ALL
-        $ SSL_BASE=../openssl-0.9.x \                                      ALL
-          EAPI_MM=../mm-1.1.x \                                       OPTIONAL
-          ./configure \                                                    ALL
-              --enable-module=ssl \                                        ALL
-              --prefix=/path/to/apache \                                   ALL
-             [--enable-shared=ssl] \                                  OPTIONAL
-             [--disable-rule=SSL_COMPAT] \                            OPTIONAL
-             [--enable-rule=SSL_EXPERIMENTAL] \                       OPTIONAL
-             [--enable-rule=SSL_VENDOR] \                             OPTIONAL
-             [...more APACI options...]                               OPTIONAL
-        $ make                                                             ALL
-        $ make certificate                                            OPTIONAL
-        $ make install                                                OPTIONAL
-        $ cd ..                                                            ALL
-
-        NOTE: The optional --enable-shared=ssl option enables the building
-              of mod_ssl as a DSO `libssl.so'. Read the INSTALL and
-              htdocs/manual/dso.html documents in the Apache source tree for
-              more information about DSO support in Apache. We strongly advise
-              ISPs and package maintainers to use the DSO facility for maximum
-              flexibility with mod_ssl.  But notice that DSO is not supported
-              by Apache on all platforms.
-
-              Additionally OpenSSL has problems under DSO situations on some
-              platforms. For instance under smart ix86 platforms like Linux
-              and FreeBSD when you compile a the standard OpenSSL
-              libcrypto.a/libssl.a libraries and link those to a mod_ssl DSO
-              libssl.so all works fine.  While on other platforms like Solaris
-              2.6 on a SPARC OpenSSL's code will dump core under run-time.
-              When this is the case for you, then try to recompile OpenSSL
-              with Position Independent Code (PIC) by adding a `-fPIC' (for
-              GCC) or `-KPIC' (for SVR4-style compilers) to the platform
-              configuration line in OpenSSL's `Configure' script.  The
-              -fPIC option above when you build OpenSSL.
-
-        NOTE: The --disable-rule=SSL_COMPAT option disables the building of
-              SSL compatibility code for older mod_ssl versions and other
-              Apache SSL solutions like Apache-SSL, Sioux, Stronghold, etc.
-
-        NOTE: The --enable-rule=SSL_EXPERIMENTAL and --enable-rule=SSL_VENDOR
-              options enable various experimental and vendor extension code.
-              Please read the src/Configuration.tmpl file inside the Apache
-              source tree for more details.
-
-     c) The poor mans way known from Apache 1.2 [FOR COMPATIBILITY]:
-
-        You configure Apache manually by editing the src/Configuration
-        file and running the deep-level src/Configure script. The
-        advantage here is that this directly follows the steps you might
-        be familiar with from Apache 1.2 and additionally you also have
-        a chance to add more third-party Apache modules like mod_perl or
-        mod_php because anything is done manually. But you have to edit
-        the SSL_BASE and EAPI_MM variables manually and more important:
-        you have to install the Apache package manually, too. But feel
-        free to be masochistic ;-)
-
-        $ cd mod_ssl-2.8.x-1.3.x                                           ALL
-        $ ./configure \                                                    ALL
-              --with-apache=../apache_1.3.x \                              ALL
-              --with-crt=/path/to/your/server.crt \                   OPTIONAL
-              --with-key=/path/to/your/server.key                     OPTIONAL
-        $ cd ..                                                            ALL
-
-        [...Add more Apache modules to the Apache source tree...]     OPTIONAL
-
-        $ cd apache_1.3.x/src                                              ALL
-        $ cp Configuration.tmpl Configuration                              ALL
-        $ vi Configuration                                                 ALL
-        [...edit the SSL_BASE variable...]                                 ALL
-        [...edit the EAPI_MM variable...]                             OPTIONAL
-        [...edit the `AddModule' line of libssl.a...]                      ALL
-        $ ./Configure                                                      ALL
-        $ make                                                             ALL
-        $ make certificate                                            OPTIONAL
-
-        Up to this point it can be acceptable, yeah? But now the friendly
-        world stops. The remaining installation steps have to be done manually
-        by coping the various files to /path/to/apache, including your
-        certificate, etc. That's the price for staying with the good old
-        days...
-
-  6. Try out Apache without SSL (only HTTP protocol possible):
-
-     $ /path/to/apache/bin/apachectl start                                 ALL
-     $ netscape http://<local-host-name>/                                  ALL
-     $ /path/to/apache/bin/apachectl stop                                  ALL
-
-  7. Try out Apache with SSL (both HTTP and HTTPS protocol possible):
-
-     $ /path/to/apache/bin/apachectl startssl                              ALL
-     $ netscape http://<local-host-name><http-port>/                       ALL
-     $ netscape https://<local-host-name><https-port>/                     ALL
-     $ /path/to/apache/bin/apachectl stop                                  ALL
-
-     NOTE: Replace the `<local-host-name>' with the official name of your
-           host. Do not enter `localhost' here, because this name has to match
-           the Common Name (CN) of the Subject's Distinguished Name (DN)
-           inside your server certificate.
-
-     NOTE: If you have built and installed under root (uid 0), 
-           leave out the the `<http-port>' and `<https-port>' strings above.
-           If you have built and installed under a different user than root,
-           replace `<http-port>' with `:8080' and `<https-port>' with `:8443'
-           above. The reason just is that Apache pre-configures the installed
-           configuration file for direct use (at least as long the APACI
-           option --without-confadjust is not used). For using the official
-           ports (80 for HTTP and 443 for HTTPS) root privileges are required
-           under run-time, so APACI assumes that it has to use alternate ports
-           (8080 for HTTP and 8443 for HTTPS) if the built and installation is
-           done under non-root users.
-
-     NOTE: When the above tests (steps 6 and 7) fail for some reasons
-           you are _STRONGLY ADVISED_ to look into the Apache error logfile
-           before you ask someone other for help. In the error logfile there
-           should be a hint where to find the reason for the failure.
-
-     NOTE: When you *re*install Apache many times, make sure you restart your
-           browsers between the tests if you created test or custom
-           certificates.  Else connections might fail because the browser
-           cached the certificate details of the previous installation.
-
-  8. Finally you're advised to do the following:
-
-     o Read the mod_ssl user manual very carefully to
-       understand the SSL-part of your Apache configuration:
-
-       $ netscape http://www.modssl.org/docs/2.8/                 (official)
-       $ netscape http://localhost/manual/mod/mod_ssl/            (local copy)
-       
-     o Adjust your Apache configuration to your personal requirements.
-       The configuration is already pre-configured for SSL, but usually it has
-       to be tweaked a little bit more to fit the local situation. When you
-       had already a httpd.conf file, this one is preserved. Then look inside
-       /path/to/apache/etc/httpd.conf.default for the pre-configured SSL
-       configuration and take it over manually into httpd.conf.
-
-       $ vi /path/to/apache/etc/httpd.conf
-
-     o Subscribe to the modssl-users@modssl.org support mailing list
-       with the provided web interface:
-       
-       $ netscape http://www.modssl.org/news/list.html
-
-  8. Bask in the glow ;-)
-
-  Upgrading with APXS (EXPERTS ONLY)
-  __________________________________
-
-  Once you've built and installed Apache with mod_ssl as a DSO (libssl.so) you
-  can easily upgrade this libssl.so file with a stand-alone built procedure as
-  long as the Extended API (EAPI) didn't change and you've OpenSSL installed
-  somewhere. For this you can use the following procedure:
-
-    $ cd mod_ssl-2.8.x-1.3.x                                               ALL
-    $ ./configure \                                                        ALL
-          --with-apxs[=/path/to/apache/bin/apxs] \                         ALL
-          --with-ssl=/path/to/openssl                                      ALL
-    $ make                                                                 ALL
-    $ make install                                                         ALL
-    $ make distclean                                                       ALL
-
-  This will build mod_ssl locally inside the pkg.modssl/ directory and then
-  upgrades your existing libssl.so file. This approach is also interesting for
-  package vendors. Because those can create an Apache+EAPI package (with the
-  use of --with-eapi-only) and a APXS-based mod_ssl package (with the use of
-  --with-apxs).
-
-  Examples
-  ________
-
-  As you noticed above there are a lot of possibilities, variants and options
-  for installing mod_ssl. So, in the following we provide some step-by-step
-  examples where you can see how to build mod_ssl with other third-party
-  modules to form your SSL-aware Apache. For simplification we assume some
-  prerequisites for each example. If these don't fit your situation you have
-  to adjust the steps with the help of the above detailed instructions, of
-  course.
-  
-  o Apache + mod_ssl/OpenSSL + mod_perl/Perl
-    ---------------------------------------
-
-    Prerequisites:
-
-    o Apache should be installed to /path/to/apache
-    o Perl is installed and `perl' is in $PATH
-    o OpenSSL is installed under /path/to/openssl
-
-    Steps:
-
-    #   extract the packages
-    $ gzip -d -c apache_1.3.x.tar.gz | tar xvf -
-    $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf -
-    $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf -
-
-    #   apply mod_ssl to Apache source tree
-    $ cd mod_ssl-2.8.x-1.3.x
-    $ ./configure \
-          --with-apache=../apache_1.3.x
-    $ cd ..
-
-    #   apply mod_perl to Apache source tree
-    #   and build/install the Perl-side of mod_perl
-    $ cd mod_perl-1.xx
-    $ perl Makefile.PL \
-          EVERYTHING=1 \
-          APACHE_SRC=../apache_1.3.x/src \
-          USE_APACI=1 \
-          PREP_HTTPD=1 \
-          DO_HTTPD=1
-    $ make
-    $ make install
-    $ cd ..
-
-    #   build/install Apache with mod_ssl and mod_perl
-    $ cd apache_1.3.x
-    $ SSL_BASE=/path/to/openssl \
-      ./configure \
-          --prefix=/path/to/apache \
-          --enable-module=ssl \
-          --activate-module=src/modules/perl/libperl.a \
-          --enable-module=perl
-    $ make 
-    $ make certificate
-    $ make install
-    $ cd ..
-
-    #   cleanup after work
-    $ rm -rf mod_perl-1.xx
-    $ rm -rf mod_ssl-2.8.x-1.3.x
-    $ rm -rf apache_1.3.x
-
-  o Apache + mod_ssl/OpenSSL + PHP3/MySQL
-    -------------------------------------
-
-    Prerequisites:
-
-    o Apache should be installed to /path/to/apache
-    o MySQL is installed under /path/to/mysql
-    o OpenSSL is installed under /path/to/openssl
-    o GNU Make is available as `gmake' in $PATH
-   
-    Steps:
-
-    #   extract the packages
-    $ gzip -d -c apache_1.3.x.tar.gz | tar xvf -
-    $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf -
-    $ gzip -d -c php-3.0.x.tar.gz | tar xvf -
-
-    #   apply mod_ssl to Apache source tree
-    $ cd /mod_ssl-2.8.x-1.3.x
-    $ ./configure \
-          --with-apache=../apache_1.3.x
-    $ cd ..
-
-    #   pre-configure Apache for PHP3's configure step
-    $ cd apache_1.3.x
-    $ ./configure \
-          --prefix=/path/to/apache
-    $ cd ..
-    
-    #   configure PHP3 and apply it to the Apache source tree
-    $ cd ../php-3.0.x
-    $ CFLAGS='-O2 -I/path/to/openssl/include' \
-      ./configure \
-          --with-apache=../apache_1.3.x \
-          --with-mysql=/path/to/mysql \
-          --enable-memory-limit=yes \
-          --enable-debug=no 
-    $ gmake 
-    $ gmake install
-    $ cd ..
-    
-    #   build/install Apache with mod_ssl and PHP3
-    $ cd apache_1.3.x
-    $ SSL_BASE=/path/to/openssl \
-      ./configure \
-          --prefix=/path/to/apache \
-          --enable-module=ssl \
-          --activate-module=src/modules/php3/libphp3.a \
-          --enable-module=php3
-    $ make
-    $ make certificate
-    $ make install
-    $ cd ..
-    
-    #   cleanup after work
-    $ rm -rf php-3.0.x
-    $ rm -rf mod_ssl-2.8.x-1.3.x
-    $ rm -rf apache_1.3.x
-
diff --git a/usr.sbin/httpd/LICENSE b/usr.sbin/httpd/LICENSE
deleted file mode 100644
index 886dacf5191..00000000000
--- a/usr.sbin/httpd/LICENSE
+++ /dev/null
@@ -1,58 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
diff --git a/usr.sbin/httpd/LICENSE.SSL b/usr.sbin/httpd/LICENSE.SSL
deleted file mode 100644
index cd0c991dce4..00000000000
--- a/usr.sbin/httpd/LICENSE.SSL
+++ /dev/null
@@ -1,69 +0,0 @@
-                       _             _ 
-   _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-  | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-  | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-  |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-                       |_____|         
-  _____________________________________________________________________________
-  
-                                        ``Ian Fleming was a UNIX fan! 
-                                          How do I know?  Well, James Bond 
-                                          had the (license to kill) number 007,
-                                          i.e. he could execute anyone.''
-                                                         -- Unknown 
-  LICENSE
-
-  The mod_ssl package falls under the Open-Source Software label
-  because it's distributed under a BSD-style license. The
-  detailed license information follows.
-
-  ====================================================================
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
- 
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
- 
-  1. Redistributions of source code must retain the above copyright
-     notice, this list of conditions and the following disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above copyright
-     notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The names "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission. For written permission, please contact
-     rse@engelschall.com.
- 
-  5. Products derived from this software may not be called "mod_ssl"
-     nor may "mod_ssl" appear in their names without prior
-     written permission of Ralf S. Engelschall.
- 
-  6. Redistributions of any form whatsoever must retain the following
-     acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
-  ====================================================================
- 
diff --git a/usr.sbin/httpd/Makefile.bsd-wrapper b/usr.sbin/httpd/Makefile.bsd-wrapper
deleted file mode 100644
index f14709266c7..00000000000
--- a/usr.sbin/httpd/Makefile.bsd-wrapper
+++ /dev/null
@@ -1,787 +0,0 @@
-# Build wrapper for Apache 
-# $OpenBSD: Makefile.bsd-wrapper,v 1.74 2014/04/15 20:55:42 miod Exp $
-
-# Our lndir is hacked; specify a full path to avoid potential conflicts
-# with the one installed with X11.
-LNDIR=	/usr/bin/lndir
-
-.include <bsd.own.mk>
-
-#    OpenBSD Layout
-#<Layout OpenBSD>
-#    prefix:        /var/www
-#    exec_prefix:   /usr
-#    bindir:        $exec_prefix/bin
-#    sbindir:       $exec_prefix/sbin
-#    libexecdir:    $exec_prefix/lib/apache/modules
-#    mandir:        $exec_prefix/share/man
-#    sysconfdir:    $prefix/conf
-#    datadir:       $prefix
-#    iconsdir:      $prefix/icons
-#    htdocsdir:     $prefix/htdocs
-#    manualdir:     $exec_prefix/share/doc/html/httpd
-#    cgidir:        $prefix/cgi-bin
-#    includedir:    $exec_prefix/lib/apache/include
-#    localstatedir: $prefix
-#    runtimedir:    $prefix/logs
-#    logfiledir:    $prefix/logs
-#    proxycachedir: $prefix/proxy
-#</Layout>
-
-HTTPD_PREFIX=		/var/www
-HTTPD_EXEC_PREFIX=	/usr
-HTTPD_BINDIR=		${HTTPD_EXEC_PREFIX}/bin
-HTTPD_SBINDIR=		${HTTPD_EXEC_PREFIX}/sbin
-HTTPD_LIBEXECDIR=	${HTTPD_EXEC_PREFIX}/lib/apache/modules
-HTTPD_SYSCONFDIR=	${HTTPD_PREFIX}/conf
-HTTPD_ICONSDIR=		${HTTPD_PREFIX}/icons
-HTTPD_HTDOCSDIR=	${HTTPD_PREFIX}/htdocs
-HTTPD_MANUALDIR=	${HTTPD_EXEC_PREFIX}/share/doc/html/httpd
-HTTPD_INCLUDEDIR=	${HTTPD_EXEC_PREFIX}/lib/apache/include
-HTTPD_RUNDIR=		${HTTPD_PREFIX}/logs
-HTTPD_LOGDIR=		${HTTPD_PREFIX}/logs
-
-CONFIG_ARGS=	--with-layout="OpenBSD" --enable-module="ssl" \
-	--enable-module="keynote" \
-	--enable-suexec --suexec-caller="www" \
-	--suexec-docroot="${HTTPD_HTDOCSDIR}" \
-	--suexec-logfile="/var/log/suexec_log" --suexec-userdir="public_html" \
-	--suexec-uidmin="1000" --suexec-gidmin="1000" \
-	--suexec-safepath="/usr/bin:/bin:/usr/local/bin" \
-	--disable-rule=EXPAT --server-uid="www" --server-gid="www"
-
-# This is stupid - to build a DSO module for Apache you not only need to
-# --enable-shared, you need to --enable-module or --enable-shared doesn't
-# do anything.
-
-DSO_MODULE_ARGS=  \
-	--enable-module=so \
-	--enable-module=auth_anon \
-	--enable-shared=auth_anon \
-	--enable-module=expires \
-	--enable-shared=expires \
-	--enable-module=headers \
-	--enable-shared=headers \
-	--enable-module=auth_db \
-	--enable-shared=auth_db \
-	--enable-module=auth_dbm \
-	--enable-shared=auth_dbm \
-	--enable-module=auth_digest \
-	--enable-shared=auth_digest \
-	--enable-module=cern_meta \
-	--enable-shared=cern_meta \
-	--enable-module=define \
-	--enable-shared=define \
-	--enable-module=digest \
-	--enable-shared=digest \
-	--enable-module=info \
-	--enable-shared=info \
-	--enable-module=log_agent \
-	--enable-shared=log_agent \
-	--enable-module=log_referer \
-	--enable-shared=log_referer \
-	--enable-module=mime_magic \
-	--enable-shared=mime_magic \
-	--enable-module=mmap_static \
-	--enable-shared=mmap_static \
-	--enable-module=proxy \
-	--enable-shared=proxy \
-	--enable-module=rewrite \
-	--enable-shared=rewrite \
-	--enable-module=speling \
-	--enable-shared=speling \
-	--enable-module=unique_id \
-	--enable-shared=unique_id \
-	--enable-module=usertrack \
-	--enable-shared=usertrack \
-	--enable-module=vhost_alias \
-	--enable-shared=vhost_alias \
-	--enable-rule=INET6
-
-INSTALL_MODULES=
-
-# If you support dynamic loading, enable the so module, and build all the
-# modules that come with Apache.
-
-.if !defined(NOPIC)
-CONFIG_ARGS+=  ${DSO_MODULE_ARGS}
-INSTALL_MODULES= \
-	src/modules/experimental/mod_mmap_static.so \
-	src/modules/experimental/mod_auth_digest.so \
-	src/modules/extra/mod_define.so \
-	src/modules/proxy/libproxy.so \
-	src/modules/standard/mod_vhost_alias.so \
-	src/modules/standard/mod_log_agent.so \
-	src/modules/standard/mod_info.so \
-	src/modules/standard/mod_log_referer.so \
-	src/modules/standard/mod_mime_magic.so \
-	src/modules/standard/mod_speling.so \
-	src/modules/standard/mod_rewrite.so \
-	src/modules/standard/mod_auth_dbm.so \
-	src/modules/standard/mod_auth_anon.so \
-	src/modules/standard/mod_auth_db.so \
-	src/modules/standard/mod_digest.so \
-	src/modules/standard/mod_cern_meta.so \
-	src/modules/standard/mod_usertrack.so \
-	src/modules/standard/mod_unique_id.so \
-	src/modules/standard/mod_expires.so \
-	src/modules/standard/mod_headers.so
-.endif
-
-PERLPATH=	/usr/bin/perl
-
-MUNGEDFILES =	${.OBJDIR}/src/ap/Makefile \
-		${.OBJDIR}/src/include/ap_config_auto.h.new \
-		${.OBJDIR}/src/lib/expat-lite/Makefile \
-		${.OBJDIR}/src/lib/Makefile \
-		${.OBJDIR}/src/main/Makefile \
-		${.OBJDIR}/src/modules/experimental/Makefile \
-		${.OBJDIR}/src/modules/extra/Makefile \
-		${.OBJDIR}/src/modules/proxy/Makefile \
-		${.OBJDIR}/src/modules/standard/Makefile \
-		${.OBJDIR}/src/modules/keynote/Makefile \
-		${.OBJDIR}/src/modules/ssl/Makefile \
-		${.OBJDIR}/src/modules/ssl/ssl_expr_parse.c \
-		${.OBJDIR}/src/modules/ssl/ssl_expr_parse.h \
-		${.OBJDIR}/src/modules/ssl/ssl_expr_scan.c \
-		${.OBJDIR}/src/modules/Makefile \
-		${.OBJDIR}/src/os/unix/Makefile \
-		${.OBJDIR}/src/regex/Makefile \
-		${.OBJDIR}/src/support/Makefile \
-		${.OBJDIR}/src/apaci \
-		${.OBJDIR}/src/Makefile \
-		${.OBJDIR}/src/Makefile.config \
-		${.OBJDIR}/src/modules.c \
-		${.OBJDIR}/src/Configuration.apaci \
-		${.OBJDIR}/Makefile \
-		${.OBJDIR}/config.status
-
-BINFILES= 	src/support/htdigest src/support/htpasswd
-
-SBINFILES= \
-	src/httpd \
-	src/support/logresolve src/support/rotatelogs src/support/suexec
-
-MAN+=	src/support/dbmmanage.1 src/support/htdigest.1 src/support/htpasswd.1 \
-	src/support/apachectl.8 src/support/logresolve.8 \
-	httpd.8 src/support/rotatelogs.8 src/support/apxs.8 \
-	src/support/suexec.8
-
-INCFILES= \
-	src/include/ap.h \
-	src/include/ap_alloc.h  \
-	src/include/ap_compat.h \
-	src/include/ap_config.h \
-	src/include/ap_config_auto.h \
-	src/include/ap_ctx.h \
-	src/include/ap_ctype.h \
-	src/include/ap_hook.h \
-	src/include/ap_md5.h \
-	src/include/ap_mm.h \
-	src/include/ap_mmn.h \
-	src/include/ap_sha1.h \
-	src/include/buff.h \
-	src/include/compat.h \
-	src/include/conf.h \
-	src/include/explain.h \
-	src/include/fnmatch.h \
-	src/include/fdcache.h \
-	src/include/http_conf_globals.h \
-	src/include/http_config.h \
-	src/include/http_core.h \
-	src/include/http_log.h \
-	src/include/http_main.h \
-	src/include/http_protocol.h \
-	src/include/http_request.h \
-	src/include/http_vhost.h \
-	src/include/httpd.h \
-	src/include/multithread.h \
-	src/include/rfc1413.h \
-	src/include/scoreboard.h \
-	src/include/util_date.h \
-	src/include/util_md5.h \
-	src/include/util_script.h \
-	src/include/util_uri.h \
-	src/os/unix/os-inline.c \
-	src/os/unix/os.h \
-	src/modules/ssl/mod_ssl.h \
-	src/modules/ssl/ssl_expr.h \
-	src/modules/ssl/ssl_util_ssl.h \
-	src/modules/ssl/ssl_util_table.h
-
-XMLFILES= \
-	src/lib/expat-lite/asciitab.h \
-	src/lib/expat-lite/hashtable.h \
-	src/lib/expat-lite/iasciitab.h \
-	src/lib/expat-lite/latin1tab.h \
-	src/lib/expat-lite/nametab.h \
-	src/lib/expat-lite/utf8tab.h \
-	src/lib/expat-lite/xmldef.h \
-	src/lib/expat-lite/xmlparse.h \
-	src/lib/expat-lite/xmlrole.h \
-	src/lib/expat-lite/xmltok.h \
-	src/lib/expat-lite/xmltok_impl.h
-
-MODCONFDIR= \
-	modules \
-	modules.sample
-
-CONFFILES= \
-	conf/httpd.conf conf/mime.types conf/magic
-
-HTDOCS= \
-	htdocs/apache_pb.gif htdocs/index.html htdocs/openbsdpower.gif \
-	htdocs/blowfish.jpg htdocs/bsd_small.gif htdocs/lock.gif \
-	htdocs/logo23.jpg htdocs/logo24.jpg htdocs/smalltitle.gif \
-	htdocs/openbsd_pb.gif htdocs/mod_ssl_sb.gif htdocs/openssl_ics.gif
-
-CGIFILES=	cgi-bin/printenv cgi-bin/test-cgi	
-
-MANUALFILES= \
-	manual/howto/auth.html \
-	manual/howto/htaccess.html \
-	manual/howto/cgi.html \
-	manual/howto/ssi.html \
-	manual/LICENSE \
-	manual/bind.html \
-	manual/configuring.html \
-	manual/content-negotiation.html \
-	manual/custom-error.html \
-	manual/dns-caveats.html \
-	manual/dso.html \
-	manual/env.html \
-	manual/handler.html \
-	manual/index.html \
-	manual/invoking.html \
-	manual/ipv6.html \
-	manual/keepalive.html \
-	manual/location.html \
-	manual/logs.html \
-	manual/images/apache_header.gif \
-	manual/images/apache_pb.gif \
-	manual/images/custom_errordocs.gif \
-	manual/images/feather.jpg \
-	manual/images/home.gif \
-	manual/images/index.gif \
-	manual/images/mod_rewrite_fig1.fig \
-	manual/images/mod_rewrite_fig1.gif \
-	manual/images/mod_rewrite_fig2.fig \
-	manual/images/mod_rewrite_fig2.gif \
-	manual/images/mod_ssl_sb.gif \
-	manual/images/openssl_ics.gif \
-	manual/images/pixel.gif \
-	manual/images/sub.gif \
-	manual/multilogs.html \
-	manual/process-model.html \
-	manual/misc/API.html \
-	manual/misc/FAQ.html \
-	manual/misc/custom_errordocs.html \
-	manual/misc/descriptors.html \
-	manual/misc/fin_wait_2.html \
-	manual/misc/howto.html \
-	manual/misc/index.html \
-	manual/misc/known_client_problems.html \
-	manual/misc/perf-bsd44.html \
-	manual/misc/perf-tuning.html \
-	manual/misc/perf.html \
-	manual/misc/rewriteguide.html \
-	manual/misc/security_tips.html \
-	manual/misc/tutorials.html \
-	manual/sections.html \
-	manual/server-wide.html \
-	manual/sitemap.html \
-	manual/stopping.html \
-	manual/suexec.html \
-	manual/mod/mod_ssl/index.html \
-	manual/mod/mod_ssl/ssl_compat.gfont000.gif \
-	manual/mod/mod_ssl/ssl_compat.html \
-	manual/mod/mod_ssl/ssl_cover_logo.jpg \
-	manual/mod/mod_ssl/ssl_cover_title.jpg \
-	manual/mod/mod_ssl/ssl_faq.gfont000.gif \
-	manual/mod/mod_ssl/ssl_faq.html \
-	manual/mod/mod_ssl/ssl_glossary.html \
-	manual/mod/mod_ssl/ssl_howto.gfont000.gif \
-	manual/mod/mod_ssl/ssl_howto.html \
-	manual/mod/mod_ssl/ssl_intro.gfont000.gif \
-	manual/mod/mod_ssl/ssl_intro.html \
-	manual/mod/mod_ssl/ssl_intro_fig1.gif \
-	manual/mod/mod_ssl/ssl_intro_fig2.gif \
-	manual/mod/mod_ssl/ssl_intro_fig3.gif \
-	manual/mod/mod_ssl/ssl_overview.gfont000.gif \
-	manual/mod/mod_ssl/ssl_overview.html \
-	manual/mod/mod_ssl/ssl_overview_fig1.gif \
-	manual/mod/mod_ssl/ssl_reference.gfont000.gif \
-	manual/mod/mod_ssl/ssl_reference.html \
-	manual/mod/mod_ssl/ssl_template.head-chapter.gif \
-	manual/mod/mod_ssl/ssl_template.head-num-1.gif \
-	manual/mod/mod_ssl/ssl_template.head-num-2.gif \
-	manual/mod/mod_ssl/ssl_template.head-num-3.gif \
-	manual/mod/mod_ssl/ssl_template.head-num-4.gif \
-	manual/mod/mod_ssl/ssl_template.head-num-5.gif \
-	manual/mod/mod_ssl/ssl_template.head-num-6.gif \
-	manual/mod/mod_ssl/ssl_template.head-num-7.gif \
-	manual/mod/mod_ssl/ssl_template.imgdot-1x1-000000.gif \
-	manual/mod/mod_ssl/ssl_template.imgdot-1x1-transp.gif \
-	manual/mod/mod_ssl/ssl_template.navbut-next-n.gif \
-	manual/mod/mod_ssl/ssl_template.navbut-next-s.gif \
-	manual/mod/mod_ssl/ssl_template.navbut-prev-n.gif \
-	manual/mod/mod_ssl/ssl_template.navbut-prev-s.gif \
-	manual/mod/mod_ssl/ssl_template.title-abstract.gif \
-	manual/mod/mod_ssl/ssl_template.title-compat.gif \
-	manual/mod/mod_ssl/ssl_template.title-faq.gif \
-	manual/mod/mod_ssl/ssl_template.title-gloss.gif \
-	manual/mod/mod_ssl/ssl_template.title-howto.gif \
-	manual/mod/mod_ssl/ssl_template.title-intro.gif \
-	manual/mod/mod_ssl/ssl_template.title-over.gif \
-	manual/mod/mod_ssl/ssl_template.title-preface.gif \
-	manual/mod/mod_ssl/ssl_template.title-ref.gif \
-	manual/mod/mod_ssl/ssl_template.title-toc.gif \
-	manual/mod/mod_ssl/ssl_template.title-tutor.gif \
-	manual/mod/core.html \
-	manual/mod/directive-dict.html \
-	manual/mod/directives.html \
-	manual/mod/index-bytype.html \
-	manual/mod/index.html \
-	manual/mod/mod_access.html \
-	manual/mod/mod_actions.html \
-	manual/mod/mod_alias.html \
-	manual/mod/mod_asis.html \
-	manual/mod/mod_auth.html \
-	manual/mod/mod_auth_anon.html \
-	manual/mod/mod_auth_db.html \
-	manual/mod/mod_auth_dbm.html \
-	manual/mod/mod_auth_digest.html \
-	manual/mod/mod_autoindex.html \
-	manual/mod/mod_cern_meta.html \
-	manual/mod/mod_cgi.html \
-	manual/mod/mod_define.html \
-	manual/mod/mod_digest.html \
-	manual/mod/mod_dir.html \
-	manual/mod/mod_env.html \
-	manual/mod/mod_expires.html \
-	manual/mod/mod_headers.html \
-	manual/mod/mod_imap.html \
-	manual/mod/mod_include.html \
-	manual/mod/mod_info.html \
-	manual/mod/mod_log_agent.html \
-	manual/mod/mod_log_common.html \
-	manual/mod/mod_log_config.html \
-	manual/mod/mod_log_referer.html \
-	manual/mod/mod_mime.html \
-	manual/mod/mod_mime_magic.html \
-	manual/mod/mod_mmap_static.html \
-	manual/mod/mod_negotiation.html \
-	manual/mod/mod_proxy.html \
-	manual/mod/mod_rewrite.html \
-	manual/mod/mod_setenvif.html \
-	manual/mod/mod_so.html \
-	manual/mod/mod_speling.html \
-	manual/mod/mod_status.html \
-	manual/mod/mod_unique_id.html \
-	manual/mod/mod_userdir.html \
-	manual/mod/mod_usertrack.html \
-	manual/mod/mod_vhost_alias.html \
-	manual/mod/module-dict.html \
-	manual/urlmapping.html \
-	manual/programs/ab.html \
-	manual/programs/apachectl.html \
-	manual/programs/apxs.html \
-	manual/programs/dbmmanage.html \
-	manual/programs/htdigest.html \
-	manual/programs/htpasswd.html \
-	manual/programs/httpd.html \
-	manual/programs/index.html \
-	manual/programs/logresolve.html \
-	manual/programs/other.html \
-	manual/programs/rotatelogs.html \
-	manual/programs/suexec.html \
-	manual/vhosts/details.html \
-	manual/vhosts/examples.html \
-	manual/vhosts/fd-limits.html \
-	manual/vhosts/host.html \
-	manual/vhosts/index.html \
-	manual/vhosts/ip-based.html \
-	manual/vhosts/mass.html \
-	manual/vhosts/name-based.html \
-	manual/vhosts/vhosts-in-depth.html \
-	manual/vhosts/virtual-host.html
-	
-ICONFILES= \
-	icons/back.gif \
-	icons/README \
-	icons/a.gif \
-	icons/a.png \
-	icons/small/README.txt \
-	icons/small/back.gif \
-	icons/small/back.png \
-	icons/small/binary.gif \
-	icons/small/binary.png \
-	icons/small/binhex.gif \
-	icons/small/binhex.png \
-	icons/small/blank.gif \
-	icons/small/blank.png \
-	icons/small/broken.gif \
-	icons/small/broken.png \
-	icons/small/burst.gif \
-	icons/small/burst.png \
-	icons/small/comp1.gif \
-	icons/small/comp1.png \
-	icons/small/comp2.gif \
-	icons/small/comp2.png \
-	icons/small/compressed.gif \
-	icons/small/compressed.png \
-	icons/small/continued.gif \
-	icons/small/continued.png \
-	icons/small/dir.gif \
-	icons/small/dir.png \
-	icons/small/dir2.gif \
-	icons/small/dir2.png \
-	icons/small/doc.gif \
-	icons/small/doc.png \
-	icons/small/forward.gif \
-	icons/small/forward.png \
-	icons/small/generic.gif \
-	icons/small/generic.png \
-	icons/small/generic2.gif \
-	icons/small/generic2.png \
-	icons/small/generic3.gif \
-	icons/small/generic3.png \
-	icons/small/image.gif \
-	icons/small/image.png \
-	icons/small/image2.gif \
-	icons/small/image2.png \
-	icons/small/index.gif \
-	icons/small/index.png \
-	icons/small/key.gif \
-	icons/small/key.png \
-	icons/small/movie.gif \
-	icons/small/movie.png \
-	icons/small/patch.gif \
-	icons/small/patch.png \
-	icons/small/ps.gif \
-	icons/small/ps.png \
-	icons/small/rainbow.gif \
-	icons/small/rainbow.png \
-	icons/small/sound.gif \
-	icons/small/sound.png \
-	icons/small/sound2.gif \
-	icons/small/sound2.png \
-	icons/small/tar.gif \
-	icons/small/tar.png \
-	icons/small/text.gif \
-	icons/small/text.png \
-	icons/small/transfer.gif \
-	icons/small/transfer.png \
-	icons/small/unknown.gif \
-	icons/small/unknown.png \
-	icons/small/uu.gif \
-	icons/small/uu.png \
-	icons/alert.black.gif \
-	icons/alert.black.png \
-	icons/alert.red.gif \
-	icons/alert.red.png \
-	icons/apache_pb.gif \
-	icons/apache_pb.png \
-	icons/back.png \
-	icons/ball.gray.gif \
-	icons/ball.gray.png \
-	icons/ball.red.gif \
-	icons/ball.red.png \
-	icons/binary.gif \
-	icons/binary.png \
-	icons/binhex.gif \
-	icons/binhex.png \
-	icons/blank.gif \
-	icons/blank.png \
-	icons/bomb.gif \
-	icons/bomb.png \
-	icons/box1.gif \
-	icons/box1.png \
-	icons/box2.gif \
-	icons/box2.png \
-	icons/broken.gif \
-	icons/broken.png \
-	icons/burst.gif \
-	icons/burst.png \
-	icons/c.gif \
-	icons/c.png \
-	icons/comp.blue.gif \
-	icons/comp.blue.png \
-	icons/comp.gray.gif \
-	icons/comp.gray.png \
-	icons/compressed.gif \
-	icons/compressed.png \
-	icons/continued.gif \
-	icons/continued.png \
-	icons/dir.gif \
-	icons/dir.png \
-	icons/diskimg.gif \
-	icons/diskimg.png \
-	icons/dvi.gif \
-	icons/down.gif \
-	icons/down.png \
-	icons/dvi.png \
-	icons/f.gif \
-	icons/f.png \
-	icons/folder.gif \
-	icons/folder.open.gif \
-	icons/folder.open.png \
-	icons/folder.png \
-	icons/folder.sec.gif \
-	icons/folder.sec.png \
-	icons/forward.gif \
-	icons/forward.png \
-	icons/generic.gif \
-	icons/generic.png \
-	icons/generic.red.gif \
-	icons/generic.red.png \
-	icons/generic.sec.gif \
-	icons/generic.sec.png \
-	icons/hand.right.gif \
-	icons/hand.right.png \
-	icons/hand.up.gif \
-	icons/hand.up.png \
-	icons/icon.sheet.gif \
-	icons/icon.sheet.png \
-	icons/image1.gif \
-	icons/image1.png \
-	icons/image2.gif \
-	icons/image2.png \
-	icons/image3.gif \
-	icons/image3.png \
-	icons/index.gif \
-	icons/index.png \
-	icons/layout.gif \
-	icons/layout.png \
-	icons/left.gif \
-	icons/left.png \
-	icons/link.gif \
-	icons/link.png \
-	icons/movie.gif \
-	icons/movie.png \
-	icons/p.gif \
-	icons/p.png \
-	icons/patch.gif \
-	icons/patch.png \
-	icons/pdf.gif \
-	icons/pdf.png \
-	icons/pie0.gif \
-	icons/pie0.png \
-	icons/pie1.gif \
-	icons/pie1.png \
-	icons/pie2.gif \
-	icons/pie2.png \
-	icons/pie3.gif \
-	icons/pie3.png \
-	icons/pie4.gif \
-	icons/pie4.png \
-	icons/pie5.gif \
-	icons/pie5.png \
-	icons/pie6.gif \
-	icons/pie6.png \
-	icons/pie7.gif \
-	icons/pie7.png \
-	icons/pie8.gif \
-	icons/pie8.png \
-	icons/portal.gif \
-	icons/portal.png \
-	icons/ps.gif \
-	icons/ps.png \
-	icons/quill.gif \
-	icons/quill.png \
-	icons/right.gif \
-	icons/right.png \
-	icons/screw1.gif \
-	icons/screw1.png \
-	icons/screw2.gif \
-	icons/screw2.png \
-	icons/script.gif \
-	icons/script.png \
-	icons/sound1.gif \
-	icons/sound1.png \
-	icons/sound2.gif \
-	icons/sound2.png \
-	icons/sphere1.gif \
-	icons/sphere1.png \
-	icons/sphere2.gif \
-	icons/sphere2.png \
-	icons/tar.gif \
-	icons/tar.png \
-	icons/tex.gif \
-	icons/tex.png \
-	icons/text.gif \
-	icons/text.png \
-	icons/transfer.gif \
-	icons/transfer.png \
-	icons/unknown.gif \
-	icons/unknown.png \
-	icons/up.gif \
-	icons/up.png \
-	icons/uu.gif \
-	icons/uu.png \
-	icons/uuencoded.gif \
-	icons/uuencoded.png \
-	icons/world1.gif \
-	icons/world1.png \
-	icons/world2.gif \
-	icons/world2.png
-
-.include <bsd.own.mk>
-
-all: 	${.OBJDIR}/config.status
-	@cd ${.OBJDIR} && ${MAKE}
-
-BEFOREMAN=${.OBJDIR}/config.status
-
-EXTRA_LDFLAGS=-lpthread
-
-${.OBJDIR}/config.status : ${.OBJDIR}/config.layout 
-	@cd ${.OBJDIR} && CC="${CC}" LD_SHLIB="${CC}" \
-		EXTRA_LDFLAGS="${EXTRA_LDFLAGS}" OPTIM="${CFLAGS} ${COPTS}" \
-		PATH="/sbin:/usr/sbin:/bin:/usr/bin" \
-			sh configure ${CONFIG_ARGS}
-	diff -u ${.CURDIR}/src/include/ap_config_auto.h ${.OBJDIR}/src/include/ap_config_auto.h.new
-
-.if !exists(${.OBJDIR}/config.layout)
-${.OBJDIR}/config.layout: ${.CURDIR}/config.layout
-	${LNDIR} -s -e obj -e obj.${MACHINE_ARCH} -e Makefile.bsd-wrapper ${.CURDIR}
-.endif
-
-
-includes:
-	@-for i in ${INCFILES}; do \
-		j=`basename $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_INCLUDEDIR}/$$j"; \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
-		    ${.CURDIR}/$$i ${DESTDIR}${HTTPD_INCLUDEDIR}; \
-	done
-	@-for i in ${XMLFILES}; do \
-		j=`basename $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_INCLUDEDIR}/xml/$$j"; \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
-		    ${.CURDIR}/$$i ${DESTDIR}${HTTPD_INCLUDEDIR}/xml; \
-	done
-
-install: maninstall htmlinstall
-	@-for i in ${BINFILES}; do \
-		j=`basename $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_BINDIR}/$$j"; \
-		${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP} -g ${BINGRP} \
-		    -m 555 ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_BINDIR}; \
-	done
-	@-for i in ${SBINFILES}; do \
-		j=`basename $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_SBINDIR}/$$j"; \
-		${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP} -g ${BINGRP} \
-		    -m 555 ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_SBINDIR}; \
-	done
-	@-for i in ${INSTALL_MODULES}; do \
-		j=`basename $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_LIBEXECDIR}/$$j"; \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
-		    ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_LIBEXECDIR}; \
-	done
-	@d=`mktemp -d /tmp/httpdXXXXXXXXXX`; \
-	echo "Installing ${DESTDIR}${HTTPD_SBINDIR}/apxs"; \
-	j="sed -e 's;^#!/.*;#!${PERLPATH};' \
-		-e 's;\@prefix\@;${HTTPD_PREFIX};' \
-		-e 's;\@sbindir\@;${HTTPD_SBINDIR};' \
-		-e 's;\@libexecdir\@;${HTTPD_LIBEXECDIR};' \
-		-e 's;\@includedir\@;${HTTPD_INCLUDEDIR};' \
-		-e 's;\@sysconfdir\@;${HTTPD_SYSCONFDIR};' \
-		< ${.OBJDIR}/src/support/apxs > $$d/apxs && \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 555 \
-		$$d/apxs ${DESTDIR}${HTTPD_SBINDIR}"; \
-		echo $$j; \
-		eval $$j; \
-	echo "Installing ${DESTDIR}${HTTPD_SBINDIR}/apachectl"; \
-	j="sed -e 's;PIDFILE=.*;PIDFILE=${HTTPD_RUNDIR}/httpd.pid;' \
-		-e 's;HTTPD=.*;HTTPD=${HTTPD_SBINDIR}/httpd;' \
-		< ${.OBJDIR}/src/support/apachectl > $$d/apachectl && \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 555 \
-		$$d/apachectl ${DESTDIR}${HTTPD_SBINDIR}"; \
-		echo $$j; \
-		eval $$j; \
-	echo "Installing ${DESTDIR}${HTTPD_BINDIR}/dbmmanage"; \
-	j="sed -e 's;^#!/.*;#!${PERLPATH};' \
-		< ${.OBJDIR}/src/support/dbmmanage > $$d/dbmmanage && \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 555 \
-		$$d/dbmmanage ${DESTDIR}${HTTPD_BINDIR}"; \
-		echo $$j; \
-		eval $$j; \
-	rm -rf $$d
-
-.if ${.OBJDIR} == ${.CURDIR}
-clean:
-	-@cd ${.OBJDIR} && rm -f ${MUNGEDFILES} && ${MAKE} clean
-.else
-clean:
-	@cd ${.OBJDIR} && find . \! -type d -print0 | xargs -0r rm
-.endif
-
-cleandir: clean
-
-prereq:
-# nothing left
-
-test:
-	# Nothing here so far...
-
-depend:
-	# Nothing here so far...
-
-lint:
-	# Nothing here so far...
-
-tags:
-	# Nothing here so far...
-
-.ifdef NOMAN
-maninstall:
-	@echo NOMAN is set
-.endif
-
-htmlinstall:
-	@-for i in ${MANUALFILES}; do \
-		j=`dirname $$i | sed 's;^manual/*;;'`; \
-		k=`basename $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_MANUALDIR}/$$j/$$k"; \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
-		    ${.OBJDIR}/htdocs/$$i ${DESTDIR}${HTTPD_MANUALDIR}/$$j/; \
-	done
-
-distribution:
-	@-for i in ${MODCONFDIR}; do \
-		echo "Installing ${DESTDIR}${HTTPD_SYSCONFDIR}/$$i"; \
-		${INSTALL} -d -m 755 ${DESTDIR}${HTTPD_SYSCONFDIR}/$$i; \
-	done
-	@-for i in ${CONFFILES}; do \
-		j=`dirname $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_PREFIX}/$$i"; \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
-		    ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_PREFIX}/$$j/; \
-	done
-	@-for i in ${HTDOCS}; do \
-		j=`dirname $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_PREFIX}/$$i"; \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
-		    ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_PREFIX}/$$j/; \
-	done
-	@-for i in ${CGIFILES}; do \
-		j=`dirname $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_PREFIX}/$$i"; \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 000 \
-		    ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_PREFIX}/$$j/; \
-	done
-	@-for i in ${ICONFILES}; do \
-		j=`dirname $$i`; \
-		echo "Installing ${DESTDIR}${HTTPD_PREFIX}/$$i"; \
-		${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \
-		    ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_PREFIX}/$$j/; \
-	done
-
-.include <bsd.obj.mk>
-.include <bsd.subdir.mk>
-.ifndef NOMAN
-.include <bsd.man.mk>
-.endif
diff --git a/usr.sbin/httpd/Makefile.tmpl b/usr.sbin/httpd/Makefile.tmpl
deleted file mode 100644
index dd8cbbb2b9c..00000000000
--- a/usr.sbin/httpd/Makefile.tmpl
+++ /dev/null
@@ -1,801 +0,0 @@
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-##
-
-##
-##  Makefile -- Apache Autoconf-style Interface (APACI)
-##              top-level control Makefile for out-of-the-box
-##              build and installation procedure.
-##
-##  Written by Ralf S. Engelschall <rse@apache.org>
-##
-
-## ==================================================================
-##                              Options
-## ==================================================================
-
-#   safe environment
-SHELL           = @SHELL@
-
-#   what platform are we on
-PLATFORM	= @PLATFORM@
-
-#   paths to the source tree parts
-TOP             = .
-SRC             = @SRC@
-MKF             = @MKF@
-AUX             = @AUX@
-
-#   build tools
-CP              = cp
-LN              = ln
-RM              = rm -f
-MKDIR           = $(SHELL) $(TOP)/$(AUX)/mkdir.sh
-INSTALL         = $(SHELL) $(TOP)/$(AUX)/install.sh -c
-IFLAGS_PROGRAM  = @IFLAGS_PROGRAM@
-IFLAGS_CORE     = @IFLAGS_CORE@
-IFLAGS_DSO      = @IFLAGS_DSO@
-IFLAGS_SCRIPT   = @IFLAGS_SCRIPT@
-IFLAGS_DATA     = @IFLAGS_DATA@
-INSTALL_PROGRAM = $(INSTALL) $(IFLAGS_PROGRAM)
-INSTALL_CORE    = $(INSTALL) $(IFLAGS_CORE)
-INSTALL_DSO     = $(INSTALL) $(IFLAGS_DSO)
-INSTALL_SCRIPT  = $(INSTALL) $(IFLAGS_SCRIPT)
-INSTALL_DATA    = $(INSTALL) $(IFLAGS_DATA)
-PERL            = @PERL@
-TAR		= @TAR@
-TAROPT		= @TAROPT@
-
-#   installation name of Apache webserver
-TARGET          = @TARGET@
-
-#   installation root 
-#   (overrideable by package maintainers for
-#   rolling packages without bristling the system)
-root            =
-
-#   installation paths
-prefix          = @prefix@
-exec_prefix     = @exec_prefix@
-bindir          = @bindir@
-sbindir         = @sbindir@
-libexecdir      = @libexecdir@
-mandir          = @mandir@
-sysconfdir      = @sysconfdir@
-datadir         = @datadir@
-iconsdir        = @iconsdir@
-htdocsdir       = @htdocsdir@
-manualdir       = @manualdir@
-cgidir          = @cgidir@
-includedir      = @includedir@
-localstatedir   = @localstatedir@
-runtimedir      = @runtimedir@
-logfiledir      = @logfiledir@
-proxycachedir   = @proxycachedir@
-
-libexecdir_relative   = @libexecdir_relative@
-
-#   suexec details (optional)
-suexec          = @suexec@
-suexec_caller   = @suexec_caller@
-suexec_docroot  = @suexec_docroot@
-suexec_logexec  = @suexec_logexec@
-suexec_userdir  = @suexec_userdir@
-suexec_uidmin   = @suexec_uidmin@
-suexec_gidmin   = @suexec_gidmin@
-suexec_safepath = @suexec_safepath@
-suexec_umask    = @suexec_umask@
-
-#  SSL (optional)
-ssl = @ssl@
-
-#   some substituted configuration parameters
-conf_user        = @conf_user@
-conf_group       = @conf_group@
-conf_port        = @conf_port@
-conf_port_ssl    = @conf_port_ssl@
-conf_serveradmin = @conf_serveradmin@
-conf_servername  = @conf_servername@
-
-#   usage of src/support stuff
-build-support     = @build_support@
-install-support   = @install_support@
-clean-support     = @clean_support@
-distclean-support = @distclean_support@
-
-#   `make certificate' parameters
-TYPE =
-ALGO =
-CRT  =
-KEY  =
-VIEW =
-
-#   forwarding arguments
-MFWD = root=$(root)
-
-## ==================================================================
-##                              Targets
-## ==================================================================
-
-#   default target
-all: build
-
-## ------------------------------------------------------------------
-##                           Build Target
-## ------------------------------------------------------------------
-
-#   build the package
-build:
-	@echo "===> $(SRC)"
-	@$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) build-std
-	@if [ "x$(build-support)" != "x" ]; then \
-	    $(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) $(build-support); \
-        fi
-	@$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) build-certificate
-	@touch $(TOP)/$(SRC)/.apaci.build.ok
-	@echo "<=== $(SRC)"
-
-#   the non-verbose variant for package maintainers
-build-quiet:
-	@$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) QUIET=1 build
-
-#   build the standard stuff
-build-std:
-	@case "x$(PLATFORM)" in \
-	  x*390*) _C89_STEPS="0xffffffff"; export _C89_STEPS;; \
-	esac; \
-	cd $(TOP)/$(SRC); $(MAKE) $(MFLAGS) SDP=$(SRC)/ all
-
-#   build the additional support stuff
-build-support:
-	@echo "===> $(SRC)/support"; \
-	case "x$(PLATFORM)" in \
-	  x*390*) _C89_STEPS="0xffffffff"; export _C89_STEPS;; \
-	esac; \
-	cd $(TOP)/$(SRC)/support; $(MAKE) $(MFLAGS) all || exit 1; \
-	if [ ".$(suexec)" = .1 ]; then \
-	    $(MAKE) $(MFLAGS) \
-		EXTRA_CFLAGS='\
-			$(suexec_umask) \
-			-DHTTPD_USER=\"$(suexec_caller)\" \
-			-DUID_MIN=$(suexec_uidmin) \
-			-DGID_MIN=$(suexec_gidmin) \
-			-DUSERDIR_SUFFIX=\"$(suexec_userdir)\" \
-			-DLOG_EXEC=\"$(suexec_logexec)\" \
-			-DDOC_ROOT=\"$(suexec_docroot)\" \
-			-DSAFE_PATH=\"$(suexec_safepath)\"' \
-		suexec; \
-	fi
-	@echo "<=== $(SRC)/support"
-
-#   SSL certificate generation
-build-certificate:
-	-@if [ ".$(ssl)" = .1 ]; then \
-		if [ ".`grep '(SKIPME)' $(TOP)/conf/ssl.crt/server.crt`" != . ]; then \
-			if [ ".$(QUIET)" != .1 ]; then \
-				echo "+---------------------------------------------------------------------+"; \
-				echo "| Before you install the package you now should prepare the SSL       |"; \
-				echo "| certificate system by running the 'make certificate' command.       |"; \
-				echo "| For different situations the following variants are provided:       |"; \
-				echo "|                                                                     |"; \
-				echo "| % make certificate TYPE=dummy    (dummy self-signed Snake Oil cert) |"; \
-				echo "| % make certificate TYPE=test     (test cert signed by Snake Oil CA) |"; \
-				echo "| % make certificate TYPE=custom   (custom cert signed by own CA)     |"; \
-				echo "| % make certificate TYPE=existing (existing cert)                    |"; \
-				echo "|        CRT=/path/to/your.crt [KEY=/path/to/your.key]                |"; \
-				echo "|                                                                     |"; \
-				echo "| Use TYPE=dummy    when you're a  vendor package maintainer,         |"; \
-				echo "| the TYPE=test     when you're an admin but want to do tests only,   |"; \
-				echo "| the TYPE=custom   when you're an admin willing to run a real server |"; \
-				echo "| and TYPE=existing when you're an admin who upgrades a server.       |"; \
-				echo "| (The default is TYPE=test)                                          |"; \
-				echo "|                                                                     |"; \
-				echo "| Additionally add ALGO=RSA (default) or ALGO=DSA to select           |"; \
-				echo "| the signature algorithm used for the generated certificate.         |"; \
-				echo "|                                                                     |"; \
-				echo "| Use 'make certificate VIEW=1' to display the generated data.        |"; \
-				echo "|                                                                     |"; \
-				echo "| Thanks for using Apache & mod_ssl.       Ralf S. Engelschall        |"; \
-				echo "|                                          rse@engelschall.com        |"; \
-				echo "|                                          www.engelschall.com        |"; \
-				echo "+---------------------------------------------------------------------+"; \
-			fi \
-		fi \
-	fi
-
-certificate:
-	@cd $(TOP)/$(SRC); $(MAKE) $(MFLAGS) certificate TYPE="$(TYPE)" ALGO="$(ALGO)" CRT="$(CRT)" KEY="$(KEY)" VIEW="$(VIEW)"
-
-## ------------------------------------------------------------------
-##                       Installation Targets
-## ------------------------------------------------------------------
-
-#   indirection step to avoid conflict with INSTALL document 
-#   on case-insenstive filesystems, for instance on OS/2
-install: install-all
-
-#   the install target for installing the complete Apache
-#   package. This is implemented by running subtargets for the
-#   separate parts of the installation process.
-install-all:
-	@if [ ! -f $(TOP)/$(SRC)/.apaci.build.ok ]; then \
-		$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) build; \
-	else \
-		:; \
-	fi
-	@$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) \
-		install-mktree install-programs $(install-support) \
-		install-include install-data install-config
-	-@$(RM) $(SRC)/.apaci.install.tmp
-	-@$(RM) $(SRC)/.apaci.install.conf
-	-@if [ ".$(QUIET)" != .1 ]; then \
-		if [ ".$(TARGET)" = .httpd ]; then \
-			apachectl='apachectl'; \
-		else \
-			apachectl="$(TARGET)ctl"; \
-		fi; \
-		echo "+--------------------------------------------------------+"; \
-		echo "| You now have successfully built and installed the      |"; \
-		echo "| Apache 1.3 HTTP server. To verify that Apache actually |"; \
-		echo "| works correctly you now should first check the         |"; \
-		echo "| (initially created or preserved) configuration files   |"; \
-		echo "|                                                        |"; \
-		echo "|   $(sysconfdir)/$(TARGET).conf"; \
-		echo "|                                                        |"; \
-		echo "| and then you should be able to immediately fire up     |"; \
-		echo "| Apache the first time by running:                      |"; \
-		echo "|                                                        |"; \
-		echo "|   $(sbindir)/$${apachectl} start"; \
-		echo "|                                                        |"; \
-		echo "| Or when you want to run it with SSL enabled use:       |"; \
-		echo "|                                                        |"; \
-		echo "|   $(sbindir)/$${apachectl} startssl"; \
-		echo "|                                                        |"; \
-		echo "| Thanks for using Apache.       The Apache Group        |"; \
-		echo "|                                http://www.apache.org/  |"; \
-		echo "+--------------------------------------------------------+"; \
-	fi
-
-#   the non-verbose variant for package maintainers
-install-quiet:
-	@$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) QUIET=1 install-all
-
-#   create the installation tree
-install-mktree:
-	@echo "===> [mktree: Creating Apache installation tree]"
-	$(MKDIR) $(root)$(bindir)
-	$(MKDIR) $(root)$(sbindir)
-	$(MKDIR) $(root)$(libexecdir)
-	$(MKDIR) $(root)$(mandir)/man1
-	$(MKDIR) $(root)$(mandir)/man8
-	$(MKDIR) $(root)$(sysconfdir)
-	$(MKDIR) $(root)$(sysconfdir)/ssl.crt
-	$(MKDIR) $(root)$(sysconfdir)/ssl.crl
-	$(MKDIR) $(root)$(sysconfdir)/ssl.csr
-	$(MKDIR) $(root)$(sysconfdir)/ssl.key
-	$(MKDIR) $(root)$(sysconfdir)/ssl.prm
-	$(MKDIR) $(root)$(htdocsdir)
-	$(MKDIR) $(root)$(manualdir)
-	$(MKDIR) $(root)$(iconsdir)
-	$(MKDIR) $(root)$(cgidir)
-	$(MKDIR) $(root)$(includedir)
-	$(MKDIR) $(root)$(includedir)/xml
-	$(MKDIR) $(root)$(runtimedir)
-	$(MKDIR) $(root)$(logfiledir)
-	$(MKDIR) $(root)$(proxycachedir)
-	-@if [ "x`$(SHELL) $(AUX)/getuid.sh`" = "x0" ]; then \
-		echo "chown $(conf_user) $(root)$(proxycachedir)"; \
-		chown $(conf_user) $(root)$(proxycachedir); \
-		echo "chgrp $(conf_group) $(root)$(proxycachedir)"; \
-		chgrp "$(conf_group)" $(root)$(proxycachedir); \
-	fi
-	@echo "<=== [mktree]"
-
-#   install the server program and optionally corresponding
-#   shared object files.
-install-programs:
-	@echo "===> [programs: Installing Apache $(TARGET) program and shared objects]"
-	-@if [ ".`grep '^[ 	]*AddModule.*mod_so\.o' $(TOP)/$(SRC)/Configuration.apaci`" != . ]; then \
-		echo "$(INSTALL_CORE) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET)"; \
-		$(INSTALL_CORE) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET); \
-		SHLIB_EXPORT_FILES="`grep '^SHLIB_EXPORT_FILES=' $(TOP)/$(SRC)/Makefile | sed -e 's:^.*=::'`"; \
-		if [ ".$${SHLIB_EXPORT_FILES}" != . ]; then \
-			$(CP) $(TOP)/$(SRC)/support/httpd.exp $(root)$(libexecdir)/; \
-			chmod 644 $(root)$(libexecdir)/httpd.exp; \
-		fi; \
-	else \
-		echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET)"; \
-		$(INSTALL_PROGRAM) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET); \
-	fi
-	-@if [ ".`grep 'SUBTARGET=target_shared' $(TOP)/$(SRC)/Makefile`" != . ]; then \
-		SHLIB_SUFFIX_NAME="`grep '^SHLIB_SUFFIX_NAME=' $(TOP)/$(SRC)/Makefile | sed -e 's:^.*=::'`"; \
-		SHLIB_SUFFIX_LIST="`grep '^SHLIB_SUFFIX_LIST=' $(TOP)/$(SRC)/Makefile | sed -e 's:^.*=::'`"; \
-		echo "$(INSTALL_CORE) $(TOP)/$(SRC)/lib$(TARGET).ep $(root)$(libexecdir)/lib$(TARGET).ep"; \
-		$(INSTALL_CORE) $(TOP)/$(SRC)/lib$(TARGET).ep $(root)$(libexecdir)/lib$(TARGET).ep; \
-		echo "$(INSTALL_DSO) $(TOP)/$(SRC)/lib$(TARGET).$${SHLIB_SUFFIX_NAME} $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}"; \
-		$(INSTALL_DSO) $(TOP)/$(SRC)/lib$(TARGET).$${SHLIB_SUFFIX_NAME} $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}; \
-		if [ ".$${SHLIB_SUFFIX_LIST}" != . ]; then \
-			echo "$(RM) $(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}.*"; \
-			$(RM) $(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}.*; \
-			for suffix in $${SHLIB_SUFFIX_LIST} ""; do \
-				[ ".$${suffix}" = . ] && continue; \
-				echo "$(LN) $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME} $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}.$${suffix}"; \
-				$(LN) $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME} $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}.$${suffix}; \
-			done; \
-		fi; \
-	fi
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/httpd.8 $(root)$(mandir)/man8/$(TARGET).8
-	-@$(RM) $(SRC)/.apaci.install.conf; touch $(SRC)/.apaci.install.conf
-	-@if [ ".`grep '^[ 	]*SharedModule' $(TOP)/$(SRC)/Configuration.apaci`" != . ]; then \
-		for mod in `egrep '^[ 	]*SharedModule' $(TOP)/$(SRC)/Configuration.apaci |\
-	                sed -e 's/^[ 	]*SharedModule[ 	]*//'`; do \
-			file=`echo $${mod} | sed -e 's;^.*/\([^/]*\);\1;'`; \
-			echo "$(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}"; \
-			$(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}; \
-			name=`$(SHELL) $(TOP)/$(AUX)/fmn.sh $(TOP)/$(SRC)/$${mod}`; \
-			if [ ".$$name" = .ssl_module ]; then \
-				echo "<IfDefine SSL>" >>$(SRC)/.apaci.install.conf; \
-			fi; \
-			echo dummy | awk '{ printf("LoadModule %-18s %s\n", modname, modpath); }' \
-			modname="$${name}" modpath="$(libexecdir_relative)$${file}" >>$(SRC)/.apaci.install.conf; \
-			if [ ".$$name" = .ssl_module ]; then \
-				echo "</IfDefine>" >>$(SRC)/.apaci.install.conf; \
-			fi; \
-		done; \
-		echo "" >>$(SRC)/.apaci.install.conf; \
-		echo "#  Reconstruction of the complete module list from all available modules" >>$(SRC)/.apaci.install.conf; \
-		echo "#  (static and shared ones) to achieve correct module execution order." >>$(SRC)/.apaci.install.conf; \
-		echo "#  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]" >>$(SRC)/.apaci.install.conf; \
-		echo "ClearModuleList" >>$(SRC)/.apaci.install.conf; \
-		for mod in `egrep "^[ 	]*(Add|Shared)Module" $(SRC)/Configuration.apaci |\
-		            sed	-e 's:[ 	]*SharedModule::' \
-		                -e 's:[ 	]*AddModule::' \
-		                -e 's:modules/[^/]*/::' \
-		                -e 's:[ 	]lib: mod_:' \
-		                -e 's:\.[soam]*$$:.c:'`; do \
-			if [ ".$$mod" = .mod_ssl.c ]; then \
-				echo "<IfDefine SSL>" >>$(SRC)/.apaci.install.conf; \
-			fi; \
-			echo "AddModule $$mod" >>$(SRC)/.apaci.install.conf; \
-			if [ ".$$mod" = .mod_ssl.c ]; then \
-				echo "</IfDefine>" >>$(SRC)/.apaci.install.conf; \
-			fi; \
-		done; \
-	fi
-	@echo "<=== [programs]"
-
-#   install the support programs and scripts
-install-support:
-	@echo "===> [support: Installing Apache support programs and scripts]"
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/ab $(root)$(sbindir)/ab
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/ab.8 $(root)$(mandir)/man8/ab.8
-	@if [ ".$(TARGET)" = .httpd ]; then \
-		apachectl='apachectl'; \
-	else \
-		apachectl="$(TARGET)ctl"; \
-	fi; \
-	echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apachectl[*] $(root)$(sbindir)/$${apachectl}"; \
-	sed -e 's;PIDFILE=.*;PIDFILE=$(runtimedir)/$(TARGET).pid;' \
-		-e 's;HTTPD=.*;HTTPD=$(sbindir)/$(TARGET);' \
-		< $(TOP)/$(SRC)/support/apachectl > $(TOP)/$(SRC)/.apaci.install.tmp && \
-		$(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sbindir)/$${apachectl}; \
-	echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.8 $(root)$(mandir)/man8/$${apachectl}.8"; \
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.8 $(root)$(mandir)/man8/$${apachectl}.8
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/checkgid $(root)$(bindir)/checkgid
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/htpasswd $(root)$(bindir)/htpasswd
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/htpasswd.1 $(root)$(mandir)/man1/htpasswd.1
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/htdigest $(root)$(bindir)/htdigest
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/htdigest.1 $(root)$(mandir)/man1/htdigest.1
-	@echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/dbmmanage[*] $(root)$(bindir)/dbmmanage"; \
-	sed -e 's;^#!/.*;#!$(PERL);' \
-		< $(TOP)/$(SRC)/support/dbmmanage > $(TOP)/$(SRC)/.apaci.install.tmp && \
-		$(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(bindir)/dbmmanage
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/dbmmanage.1 $(root)$(mandir)/man1/dbmmanage.1
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/logresolve $(root)$(sbindir)/logresolve
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/logresolve.8 $(root)$(mandir)/man8/logresolve.8
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/rotatelogs $(root)$(sbindir)/rotatelogs
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/rotatelogs.8 $(root)$(mandir)/man8/rotatelogs.8
-	@echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apxs[*] $(root)$(sbindir)/apxs"; \
-	sed -e 's;^#!/.*;#!$(PERL);' \
-		-e 's;\@prefix\@;$(prefix);' \
-		-e 's;\@sbindir\@;$(sbindir);' \
-		-e 's;\@libexecdir\@;$(libexecdir);' \
-		-e 's;\@includedir\@;$(includedir);' \
-		-e 's;\@sysconfdir\@;$(sysconfdir);' \
-		< $(TOP)/$(SRC)/support/apxs > $(TOP)/$(SRC)/.apaci.install.tmp && \
-		$(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sbindir)/apxs
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/apxs.8 $(root)$(mandir)/man8/apxs.8
-	-@if [ ".$(suexec)" = .1 ]; then \
-	    echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \
-	    $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \
-	    echo "chown root $(root)$(sbindir)/suexec"; \
-	    chown root $(root)$(sbindir)/suexec; \
-	    echo "chmod 4711 $(root)$(sbindir)/suexec"; \
-	    chmod 4711 $(root)$(sbindir)/suexec; \
-	    echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \
-	    $(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \
-	fi
-	@echo "<=== [support]"
-
-#   install the support programs and scripts for binary distribution
-install-binsupport:
-	@echo "===> [support: Installing Apache support programs and scripts for binary distribution]"
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/ab $(root)$(sbindir)/ab
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/ab.8 $(root)$(mandir)/man8/ab.8
-	@if [ ".$(TARGET)" = .httpd ]; then \
-		apachectl='apachectl'; \
-	else \
-		apachectl="$(TARGET)ctl"; \
-	fi; \
-	echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apachectl[*] $(root)$(sbindir)/$${apachectl}"; \
-	sed -e 's;PIDFILE=.*;PIDFILE=$(runtimedir)/$(TARGET).pid;' \
-		-e 's;HTTPD=.*;HTTPD=$(sbindir)/$(TARGET);' \
-		< $(TOP)/$(SRC)/support/apachectl > $(TOP)/$(SRC)/.apaci.install.tmp && \
-		$(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sbindir)/$${apachectl}; \
-	echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.8 $(root)$(mandir)/man8/$${apachectl}.8"; \
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.8 $(root)$(mandir)/man8/$${apachectl}.8
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/checkgid $(root)$(bindir)/checkgid
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/htpasswd $(root)$(bindir)/htpasswd
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/htpasswd.1 $(root)$(mandir)/man1/htpasswd.1
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/htdigest $(root)$(bindir)/htdigest
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/htdigest.1 $(root)$(mandir)/man1/htdigest.1
-	@echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/dbmmanage[*] $(root)$(bindir)/dbmmanage"; \
-	$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/dbmmanage $(root)$(bindir)/dbmmanage
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/dbmmanage.1 $(root)$(mandir)/man1/dbmmanage.1
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/logresolve $(root)$(sbindir)/logresolve
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/logresolve.8 $(root)$(mandir)/man8/logresolve.8
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/rotatelogs $(root)$(sbindir)/rotatelogs
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/rotatelogs.8 $(root)$(mandir)/man8/rotatelogs.8
-	@echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apxs[*] $(root)$(sbindir)/apxs"; \
-	$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apxs $(root)$(sbindir)/apxs
-	$(INSTALL_DATA) $(TOP)/$(SRC)/support/apxs.8 $(root)$(mandir)/man8/apxs.8
-	-@if [ ".$(suexec)" = .1 ]; then \
-	    echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \
-	    $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \
-	    echo "chown root $(root)$(sbindir)/suexec"; \
-	    chown root $(root)$(sbindir)/suexec; \
-	    echo "chmod 4711 $(root)$(sbindir)/suexec"; \
-	    chmod 4711 $(root)$(sbindir)/suexec; \
-	    echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \
-	    $(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \
-	fi
-	@echo "<=== [support]"
-
-#   install the Apache C header files
-install-include:
-	@echo "===> [include: Installing Apache C header files]"
-	$(CP) $(TOP)/$(SRC)/include/*.h $(root)$(includedir)/
-	$(CP) $(TOP)/$(SRC)/lib/expat-lite/*.h $(root)$(includedir)/xml/
-	@osdir=`grep '^OSDIR=' $(TOP)/$(SRC)/Makefile.config | sed -e 's:^OSDIR=.*/os/:os/:'`; \
-		echo "$(CP) $(TOP)/$(SRC)/$${osdir}/os.h $(root)$(includedir)/"; \
-		$(CP) $(TOP)/$(SRC)/$${osdir}/os.h $(root)$(includedir)/; \
-		echo "$(CP) $(TOP)/$(SRC)/$${osdir}/os-inline.c $(root)$(includedir)/"; \
-		$(CP) $(TOP)/$(SRC)/$${osdir}/os-inline.c $(root)$(includedir)/
-	chmod 644 $(root)$(includedir)/*.h $(root)$(includedir)/xml/*.h
-	@echo "<=== [include]"
-
-#   create an initial document root containing the Apache manual,
-#   icons and distributed CGI scripts.
-install-data:
-	@echo "===> [data: Installing initial data files]"
-	-@if [ -f $(root)$(htdocsdir)/index.html ] || [ -f $(root)$(htdocsdir)/index.html.en ]; then \
-		echo "[PRESERVING EXISTING DATA SUBDIR: $(root)$(htdocsdir)/]"; \
-	else \
-		echo "Copying tree $(TOP)/htdocs/ -> $(root)$(htdocsdir)/"; \
-		(cd $(TOP)/htdocs/ && $(TAR) $(TAROPT) - index* apache_pb.* ) |\
-		(cd $(root)$(htdocsdir)/ && $(TAR) -xf -); \
-		find $(root)$(htdocsdir)/ -type d -exec chmod a+rx {} \; ; \
-		find $(root)$(htdocsdir)/ -type f -print | xargs chmod a+r ; \
-	fi
-	-@if [ -d $(TOP)/htdocs/manual ]; then \
-		echo "Copying tree $(TOP)/htdocs/manual -> $(root)/$(manualdir)/"; \
-		(cd $(TOP)/htdocs/manual/ && $(TAR) $(TAROPT) - *) |\
-		(cd $(root)$(manualdir)/ && $(TAR) -xf -); \
-		find $(root)$(manualdir)/ -type d -exec chmod a+rx {} \; ; \
-		find $(root)$(manualdir)/ -type f -print | xargs chmod a+r ; \
-	fi
-	-@if [ -f $(root)$(cgidir)/printenv ]; then \
-		echo "[PRESERVING EXISTING CGI SUBDIR: $(root)$(cgidir)/]"; \
-	else \
-		for script in printenv test-cgi; do \
-			cat $(TOP)/cgi-bin/$${script} |\
-			sed -e 's;^#!/.*perl;#!$(PERL);' \
-			> $(TOP)/$(SRC)/.apaci.install.tmp; \
-			echo "$(INSTALL_DATA) $(TOP)/conf/$${script}[*] $(root)$(cgidir)/$${script}"; \
-			$(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(cgidir)/$${script}; \
-		done; \
-	fi
-	@echo "Copying tree $(TOP)/icons/ -> $(root)$(iconsdir)/"; \
-	(cd $(TOP)/icons/ && $(TAR) $(TAROPT) - *) |\
-	(cd $(root)$(iconsdir)/ && $(TAR) -xf -); \
-	find $(root)$(iconsdir)/ -type d -exec chmod a+rx {} \; ;\
-	find $(root)$(iconsdir)/ -type f -exec chmod a+r {} \;
-	@echo "<=== [data]"
-
-#   create the initial configuration by providing default files
-#   and initial config files while preserving existing ones.
-install-config:
-	@echo "===> [config: Installing Apache configuration files]"
-	-@for conf in httpd.conf access.conf srm.conf; do \
-		if [ .$$conf = .httpd.conf ]; then \
-			target_conf="$(TARGET).conf"; \
-		else \
-			target_conf="$$conf"; \
-		fi; \
-		if [ ".$(TARGET)" = .httpd ]; then \
-			target_prefix=""; \
-		else \
-			target_prefix="$(TARGET)_"; \
-		fi; \
-		(echo "##"; \
-		 echo "## $${target_conf} -- Apache HTTP server configuration file"; \
-		 echo "##"; \
-		 echo ""; \
-		 cat $(TOP)/conf/$${conf}-dist ) |\
-		 sed -e '/# LoadModule/r $(TOP)/$(SRC)/.apaci.install.conf' \
-			-e "s;logs/ssl_mutex;$(runtimedir)/$${target_prefix}ssl_mutex;" \
-			-e "s;logs/ssl_scache;$(runtimedir)/$${target_prefix}ssl_scache;" \
-			-e "s;logs/ssl_engine_log;$(logfiledir)/$${target_prefix}ssl_engine_log;" \
-			-e "s;logs/ssl_request_log;$(logfiledir)/$${target_prefix}ssl_request_log;" \
-			-e 's;@@ServerRoot@@/conf/ssl.crt;$(sysconfdir)/ssl.crt;' \
-			-e 's;@@ServerRoot@@/conf/ssl.crl;$(sysconfdir)/ssl.crl;' \
-			-e 's;@@ServerRoot@@/conf/ssl.csr;$(sysconfdir)/ssl.csr;' \
-			-e 's;@@ServerRoot@@/conf/ssl.key;$(sysconfdir)/ssl.key;' \
-			-e 's;@@ServerRoot@@/conf/ssl.prm;$(sysconfdir)/ssl.prm;' \
-			-e 's;@@ServerRoot@@/htdocs/manual;$(manualdir);' \
-			-e 's;@@ServerRoot@@/htdocs;$(htdocsdir);' \
-			-e 's;@@ServerRoot@@/icons;$(iconsdir);' \
-			-e 's;@@ServerRoot@@/cgi-bin;$(cgidir);' \
-			-e 's;@@ServerRoot@@/proxy;$(proxycachedir);' \
-			-e 's;@@ServerRoot@@;$(prefix);g' \
-			-e 's;httpd\.conf;$(TARGET).conf;' \
-			-e 's;logs/accept\.lock;$(runtimedir)/$(TARGET).lock;' \
-			-e 's;logs/apache_runtime_status;$(runtimedir)/$(TARGET).scoreboard;' \
-			-e 's;logs/httpd\.pid;$(runtimedir)/$(TARGET).pid;' \
-			-e "s;logs/access_log;$(logfiledir)/$${target_prefix}access_log;" \
-			-e "s;logs/error_log;$(logfiledir)/$${target_prefix}error_log;" \
-			-e "s;logs/referer_log;$(logfiledir)/$${target_prefix}referer_log;" \
-			-e "s;logs/agent_log;$(logfiledir)/$${target_prefix}agent_log;" \
-			-e 's;conf/magic;$(sysconfdir)/magic;' \
-			-e 's;conf/srm.conf;$(sysconfdir)/srm.conf;' \
-			-e 's;conf/access.conf;$(sysconfdir)/access.conf;' \
-			-e 's;conf/mime\.types;$(sysconfdir)/mime.types;' \
-			-e 's;User nobody;User $(conf_user);' \
-			-e 's;Group #-1;Group $(conf_group);' \
-			-e 's;^Group "#-1";Group $(conf_group);' \
-			-e 's;Port 80;Port $(conf_port);' \
-			-e 's;Listen 80;Listen $(conf_port);' \
-			-e 's;Listen 443;Listen $(conf_port_ssl);' \
-			-e 's;ServerAdmin you@your.address;ServerAdmin $(conf_serveradmin);' \
-			-e 's;ServerName new.host.name;ServerName $(conf_servername);' \
-			-e 's;VirtualHost _default_:443;VirtualHost _default_:$(conf_port_ssl);' \
-        	> $(TOP)/$(SRC)/.apaci.install.tmp && \
-		echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}.default"; \
-		$(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}.default; \
-		if [ ! -f "$(root)$(sysconfdir)/$${target_conf}" ]; then \
-			echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}"; \
-			$(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}; \
-		else \
-			echo "[PRESERVING EXISTING CONFIG FILE: $(root)$(sysconfdir)/$${target_conf}]"; \
-		fi; \
-	done
-	-@for conf in mime.types magic; do \
-		echo "$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}.default"; \
-		$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}.default; \
-		if [ ! -f "$(root)$(sysconfdir)/$${conf}" ]; then \
-			echo "$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}"; \
-			$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}; \
-		else \
-			echo "[PRESERVING EXISTING CONFIG FILE: $(root)$(sysconfdir)/$${conf}]"; \
-		fi; \
-	done
-	-@if [ ".$(ssl)" = .1 ]; then \
-		echo "chmod 755 $(root)$(sysconfdir)/ssl.crt"; \
-		chmod 755 $(root)$(sysconfdir)/ssl.crt; \
-		echo "chmod 755 $(root)$(sysconfdir)/ssl.crl"; \
-		chmod 755 $(root)$(sysconfdir)/ssl.crl; \
-		echo "chmod 755 $(root)$(sysconfdir)/ssl.csr"; \
-		chmod 755 $(root)$(sysconfdir)/ssl.csr; \
-		echo "chmod 700 $(root)$(sysconfdir)/ssl.key"; \
-		chmod 700 $(root)$(sysconfdir)/ssl.key; \
-		echo "chmod 755 $(root)$(sysconfdir)/ssl.prm"; \
-		chmod 755 $(root)$(sysconfdir)/ssl.prm; \
-		if [ ! -f "$(root)$(sysconfdir)/ssl.crt/README.CRT" ]; then \
-			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crt/README.CRT $(root)$(sysconfdir)/ssl.crt/README.CRT"; \
-			$(INSTALL) $(TOP)/conf/ssl.crt/README.CRT $(root)$(sysconfdir)/ssl.crt/README.CRT; \
-			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crt/Makefile $(root)$(sysconfdir)/ssl.crt/Makefile"; \
-			$(INSTALL) $(TOP)/conf/ssl.crt/Makefile $(root)$(sysconfdir)/ssl.crt/Makefile; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/ca-bundle.crt $(root)$(sysconfdir)/ssl.crt/ca-bundle.crt"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/ca-bundle.crt $(root)$(sysconfdir)/ssl.crt/ca-bundle.crt; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-rsa.crt"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-rsa.crt; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-dsa.crt"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-dsa.crt; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-rsa.crt"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-rsa.crt; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-dsa.crt"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-dsa.crt; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/server.crt $(root)$(sysconfdir)/ssl.crt/server.crt"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/server.crt $(root)$(sysconfdir)/ssl.crt/server.crt; \
-			if [ -f "$(TOP)/conf/ssl.crt/ca.crt" ]; then \
-				echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/ca.crt $(root)$(sysconfdir)/ssl.crt/ca.crt"; \
-				$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/ca.crt $(root)$(sysconfdir)/ssl.crt/ca.crt; \
-			fi; \
-		else \
-			echo "[PRESERVING EXISTING CERTIFICATE FILES: $(root)$(sysconfdir)/ssl.crt/*]"; \
-		fi; \
-		echo "Updating hash symlinks in $(root)$(sysconfdir)/ssl.crt/:"; \
-		SSL_PROGRAM="`grep '^SSL_PROGRAM=' $(TOP)/$(SRC)/Makefile.config | sed -e 's:^.*=::'`"; \
-		(cd $(root)$(sysconfdir)/ssl.crt/ && $(MAKE) $(MFLAGS) SSL_PROGRAM=$$SSL_PROGRAM); \
-		if [ ! -f "$(root)$(sysconfdir)/ssl.csr/README.CSR" ]; then \
-			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.csr/README.CSR $(root)$(sysconfdir)/ssl.csr/README.CSR"; \
-			$(INSTALL) $(TOP)/conf/ssl.csr/README.CSR $(root)$(sysconfdir)/ssl.csr/README.CSR; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.csr/server.csr $(root)$(sysconfdir)/ssl.csr/server.csr"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.csr/server.csr $(root)$(sysconfdir)/ssl.csr/server.csr; \
-		else \
-			echo "[PRESERVING EXISTING CSR FILES: $(root)$(sysconfdir)/ssl.csr/*]"; \
-		fi; \
-		if [ ! -f "$(root)$(sysconfdir)/ssl.crl/README.CRL" ]; then \
-			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crl/README.CRL $(root)$(sysconfdir)/ssl.crl/README.CRL"; \
-			$(INSTALL) $(TOP)/conf/ssl.crl/README.CRL $(root)$(sysconfdir)/ssl.crl/README.CRL; \
-			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crl/Makefile $(root)$(sysconfdir)/ssl.crl/Makefile"; \
-			$(INSTALL) $(TOP)/conf/ssl.crl/Makefile $(root)$(sysconfdir)/ssl.crl/Makefile; \
-		else \
-			echo "[PRESERVING EXISTING CRL FILES: $(root)$(sysconfdir)/ssl.crl/*]"; \
-		fi; \
-		if [ ! -f "$(root)$(sysconfdir)/ssl.key/README.KEY" ]; then \
-			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.key/README.KEY $(root)$(sysconfdir)/ssl.key/README.KEY"; \
-			$(INSTALL) $(TOP)/conf/ssl.key/README.KEY $(root)$(sysconfdir)/ssl.key/README.KEY; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-rsa.key"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-rsa.key; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-dsa.key"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-dsa.key; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-rsa.key"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-rsa.key; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-dsa.key"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-dsa.key; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/server.key $(root)$(sysconfdir)/ssl.key/server.key"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/server.key $(root)$(sysconfdir)/ssl.key/server.key; \
-			if [ -f "$(TOP)/conf/ssl.key/ca.key" ]; then \
-				echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/ca.key $(root)$(sysconfdir)/ssl.key/ca.key"; \
-				$(INSTALL) -m 400 $(TOP)/conf/ssl.key/ca.key $(root)$(sysconfdir)/ssl.key/ca.key; \
-			fi; \
-		else \
-			echo "[PRESERVING EXISTING KEY FILES: $(root)$(sysconfdir)/ssl.key/*]"; \
-		fi; \
-		if [ ! -f "$(root)$(sysconfdir)/ssl.prm/README.PRM" ]; then \
-			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.prm/README.PRM $(root)$(sysconfdir)/ssl.prm/README.PRM"; \
-			$(INSTALL) $(TOP)/conf/ssl.prm/README.PRM $(root)$(sysconfdir)/ssl.prm/README.PRM; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.prm/snakeoil-ca-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-ca-dsa.prm"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.prm/snakeoil-ca-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-ca-dsa.prm; \
-			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.prm/snakeoil-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-dsa.prm"; \
-			$(INSTALL) -m 400 $(TOP)/conf/ssl.prm/snakeoil-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-dsa.prm; \
-		else \
-			echo "[PRESERVING EXISTING PRM FILES: $(root)$(sysconfdir)/ssl.prm/*]"; \
-		fi; \
-	fi
-	@echo "<=== [config]"
-
-
-## ------------------------------------------------------------------
-##                       Cleanup Targets
-## ------------------------------------------------------------------
-
-#   cleanup the source tree by removing anything which was
-#   created by the build target
-clean:
-	@echo "===> $(SRC)"
-	@$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) clean-std $(clean-support)
-	@echo "<=== $(SRC)"
-	@$(RM) $(TOP)/$(SRC)/.apaci.build.ok
-
-#   clean the standard stuff
-clean-std:
-	@cd $(TOP)/$(SRC); $(MAKE) $(MFLAGS) SDP=$(SRC)/ clean
-
-#   clean additional support stuff
-clean-support:
-	@echo "===> $(SRC)/support"; \
-	cd $(TOP)/$(SRC)/support; $(MAKE) $(MFLAGS) clean; \
-	if [ ".$(suexec)" = .1 ]; then \
-		echo "$(RM) suexec"; \
-		$(RM) suexec; \
-	fi; \
-	echo "<=== $(SRC)/support"
-
-#   cleanup the source tree by removing anything which was
-#   created by the configure step and the build target.
-#   When --shadow is used we just remove the complete shadow tree.
-distclean:
-	@if [ ".$(SRC)" = .src ]; then \
-		$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) distclean-normal; \
-	else \
-		$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) distclean-shadow; \
-	fi
-
-distclean-normal:
-	@echo "===> $(SRC)"
-	@$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) distclean-std $(distclean-support)
-	@echo "<=== $(SRC)"
-	-$(RM) $(SRC)/Configuration.apaci
-	-$(RM) $(SRC)/apaci
-	@$(RM) $(SRC)/.apaci.build.ok
-	-$(RM) Makefile
-	-$(RM) config.status
-
-#   clean the standard stuff
-distclean-std:
-	@cd $(TOP)/$(SRC); $(MAKE) $(MFLAGS) SDP=$(SRC)/ distclean
-
-distclean-support:
-	@echo "===> $(SRC)/support"; \
-	cd $(TOP)/$(SRC)/support; $(MAKE) $(MFLAGS) distclean; \
-	if [ ".$(suexec)" = .1 ]; then \
-	    echo "$(RM) suexec"; \
-	    $(RM) suexec; \
-	fi; \
-	echo "<=== $(SRC)/support"
-
-distclean-shadow:
-	$(RM) -r $(SRC)
-	$(RM) $(TOP)/$(MKF)
-	-@if [ ".`ls $(TOP)/src.* 2>/dev/null`" = . ]; then \
-		echo "$(RM) Makefile"; \
-		$(RM) Makefile; \
-	fi
-
diff --git a/usr.sbin/httpd/README b/usr.sbin/httpd/README
deleted file mode 100644
index 26e7527e9ce..00000000000
--- a/usr.sbin/httpd/README
+++ /dev/null
@@ -1,64 +0,0 @@
-
-                                 Apache
-                             Version 1.3 (and up)
-
-  What is it?
-  -----------
-
-  Apache is an HTTP server designed as a plug-in replacement for
-  the NCSA server version 1.3 (or 1.4). It fixes numerous bugs in
-  the NCSA server and includes many frequently requested new
-  features, and has an API which allows it to be extended to meet
-  users' needs more easily.
-
-  The Latest Version
-  ------------------
-
-  Details of the latest version can be found on the Apache HTTP
-  server project page under http://httpd.apache.org/.
-
-  Documentation
-  -------------
-
-  The documentation available as of the date of this release is
-  also included, in HTML format, in the htdocs/manual/ directory.
-  For the most up-to-date documentation can be found on
-  http://httpd.apache.org/docs/.
-
-  Installation
-  ------------
-
-  From Apache version 1.3 and up you have two possibilities to
-  build and install the Apache package: The old commonly known
-  but manual way from Apache 1.2 and below and the new
-  out-of-the-box way through the new Apache Autoconf-style
-  Interface (APACI). For detailed instructions see the file
-  INSTALL in this directory.
-
-  Licensing
-  ---------
-
-  Please see the file called LICENSE.
-
-  Acknowledgments
-  ----------------
-
-  We wish to acknowledge the following copyrighted works that
-  make up portions of the Apache software:
-
-  Portions of this software were developed at the National Center
-  for Supercomputing Applications (NCSA) at the University of
-  Illinois at Urbana-Champaign.
-
-  This software contains code derived from the RSA Data Security
-  Inc. MD5 Message-Digest Algorithm, including various
-  modifications by Spyglass Inc., Carnegie Mellon University, and
-  Bell Communications Research, Inc (Bellcore).
-
-  This package contains a modified version of software written and
-  copyrighted by Henry Spencer.  Please see the file called 
-  src/regex/COPYRIGHT. 
-
-  The NT port was started with code provided to the Apache Group
-  by Ambarish Malpani of ValiCert, Inc. (http://www.valicert.com/).
-
diff --git a/usr.sbin/httpd/README.IPv6 b/usr.sbin/httpd/README.IPv6
deleted file mode 100644
index 449559e2eef..00000000000
--- a/usr.sbin/httpd/README.IPv6
+++ /dev/null
@@ -1,128 +0,0 @@
-$OpenBSD: README.IPv6,v 1.3 2008/12/03 15:43:17 sthen Exp $
-
-IPv6 support for the OpenBSD httpd(8)
-
-To support IPv6 the apache module API/ABI had to be changed, to avoid
-IPv4-dependent structure member variables (like use of u_long to hold
-an IPv4 address, or whatever).  Keep this in mind when writing new
-modules or adding modules to the ports collection.
-
-Basically you can write IPv6 address where IPv4 address fits.
-
-extra command-line argument:
-	-4	Assume IPv4 address on ambiguous directives (default)
-	-6	Assume IPv6 address on ambiguous directives
-	-U	Don't assume a specific address family on ambiguous
-		directives
-
-	The above options can be used, for example, to disambiguate
-	"BindAddress *".
-
-base commands:
-    Listen
-	Listen is expanded to take one or two arguments.
-		Listen port
-		Listen address:port
-		Listen address port
-	This is to let you specify "Listen :: 80", since "Listen :::80"
-	won't work.
-
-mod_access:
-    deny from
-    allow from
-	"deny from" and "allow from" supports IPv6 addresses, under the
-	following forms:
-		{deny,allow} from v6addr
-		{deny,allow} from v6addr/v6mask
-		{deny,allow} from v6addr/prefixlen
-	Also, wildcard ("*") and string hostname matches IPv6 hosts as well.
-
-mod_proxy:
-    ProxyRequests on
-	http/ftp proxying for both IPv4 and IPv6 is possible.
-	Access control functions (NoProxy) are not updated yet.
-
-	NOTE: for security reasons, we recommend you to filter out
-	outsider's access to your proxy, by directives like below:
-		<Directory proxy:*>
-		order deny,allow
-		deny from all
-		allow from 10.0.0.0/8
-		allow from 3ffe:9999:8888:7777::/64
-		</Directory>
-
-virtual host:
-	If you would like to this feature, you must describe 'Listen'
-	part on configuration file explicitly. like below:
-		Listen :: 80
-		Listen 0.0.0.0 80
-
-    NameVirtualHost
-	NameVirtualHost is expanded to take one more two arguments.
-		NameVirtualHost address
-		NameVirtualHost address:port
-		NameVirtualHost address port
-	This is to let you specify IPv6 address into address part.
-
-	Note that, if a colon is found in the specified address string,
-	the code will to resolve the address in the following way:
-	1. try to resolve as address:port (most of IPv6 address fails)
-	2. if (1) is failed, try to resolve as address only
-	If there's ambiguity, i.e. 3ffe:0501::1:2, the address may not be
-	parsed as you expect (3ffe:0501::1 with port 2, or 3ffe:0501::1:2
-	with default port).  To get the right effect you are encouraged
-	to specify it without ambiguity.  In IPv6 case "address port"
-	(specify address and port separated by a space) is the safest way.
-
-    <VirtualHost host:port [host:port ...]>
-	If you would like to specify IPv6 numeric address in host part,
-	use bracketed format like below:
-		<VirtualHost [::1]:80>
-	Note: Now we DO NOT handle old non-bracketed format, 
-		<VirtualHost 0:0:0:0:0:0:0:1:80>
-	      so configuration file must be updated.
-	Note: The following is bad example to specify host ::1 port 80.
-	      This will treated as host ::1:80.
-		<VirtualHost ::1:80>
-
-logresolve (src/support)
-	error statistics in nameserver cache code is omitted.
-
-mod_unique_id
-	Originally mod_unique_id used IPv4 address as a seed for UNIQUE_ID,
-	and took IPv4 address registered onto DNS for the hostname (UNIX
-	hostname taken by gethostname(3)).  Therefore, this does not work
-	for IPv6-only hosts as they do not have IPv4 address for them.
-
-	Now, UNIQUE_ID can be generated using IPv6 address.  IPv6 address can
-	be used as the seed for UNIQUE_ID.
-	Because of this, UNIQUE_ID will be longer than normal apache.  This
-	may cause problem with some of the CGI scripts.
-	The preference of the addresses is based on the order returned
-	by getaddrinfo().  If your getaddrinfo() returns IPv4 address, IPv4
-	adderss will be used as a seed.
-	Note that some of IPv6 addresses are "scoped"; If you happened to use
-	link-local or site-local address as a seed, the UNIQUE_ID may not be
-	worldwide unique.
-
-	If longer UNIQUE_ID causes a problem, define SHORT_UNIQUE_ID in
-	mod_unique_id.c.  In this case, length of UNIQUE_ID will be kept the
-	same.  However, for IPv6 addresses mod_unique_id.c will use the last
-	32bit (not the whole 128bit) as the seed.  Therefore, there can be
-	collision in UNIQUE_ID.
-
-	The behavior should be improved in the near future; we welcome your
-	inputs.
-
-configuration file
-	We do not support IPv4 mapped addresses (IPv6 address format like
-	::ffff:10.1.1.1) in configuration file. 
-
-Credit:
-
-This file is derived from the README.v6 file that accompanied the
-original patchkit for Apache 1.3.9 from the KAME project.  It was
-written by Jun-ichiro itojun Hagino.
-
-	 http://www.kame.net/
-	 mailto:core@kame.net
diff --git a/usr.sbin/httpd/README.SSL b/usr.sbin/httpd/README.SSL
deleted file mode 100644
index 1256b4ea734..00000000000
--- a/usr.sbin/httpd/README.SSL
+++ /dev/null
@@ -1,148 +0,0 @@
-                       _             _ 
-   _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-  | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-  | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-  |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-                       |_____|         
-  _____________________________________________________________________________
-
-                                              ``All the good things you want
-                                                to do in your life have to be
-                                                started in the next few hours,
-                                                days or weeks.''
-                                                       -- Tom DeMarco
-                           
-                                              ``The best SSL solution for 
-                                                Apache money can't buy.''
-  OVERVIEW
-
-  Description
-  ___________
-
-  This Apache module provides strong cryptography for the Apache 1.3 webserver
-  via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
-  v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL which
-  is based on SSLeay from Eric A. Young and Tim J. Hudson. 
- 
-  The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was
-  originally derived from software developed by Ben Laurie for use in the
-  Apache-SSL HTTP server project.  Additionally it uses a tool developed by
-  Larry Wall and David MacKenzie for use in the GNU project of the FSF.
-
-  Features
-  ________
-
-  The mod_ssl package provides the following features:
-
-   o  Open-Source software (BSD-style license)
-   o  Useable for both commercial and non-commercial use
-   o  Available for both Unix and Win32 (Windows 95/98/NT) platforms 
-   o  128-bit strong cryptography world-wide
-   o  Support for SSLv2, SSLv3 and TLSv1 protocols
-   o  Support for both RSA and Diffie-Hellman ciphers
-   o  Clean reviewable ANSI C source code 
-   o  Clean Apache module architecture
-   o  Integrates seamlessly into Apache through an Extended API (EAPI)
-   o  Full Dynamic Shared Object (DSO) support
-   o  Advanced pass-phrase handling for private keys
-   o  X.509 certificate based authentication for both client and server
-   o  X.509 certificate revocation list (CRL) support
-   o  Support for per-URL renegotiation of SSL handshake parameters
-   o  Support for explicit seeding of the PRNG from external sources
-   o  Additional boolean-expression based access control facility
-   o  Backward compatibility to other Apache SSL solutions
-   o  Inter-process SSL session cache (DBM or Shared Memory based)
-   o  Powerful dedicated SSL engine logging facility
-   o  Simple and robust application to Apache source trees
-   o  Fully integrated into the Apache 1.3 configuration mechanism
-   o  Additional integration into the Apache Autoconf-style Interface (APACI)
-   o  Assistance in X.509v3 certificate generation (both RSA and DSA)
-   o  Experimental support for external Crypto Devices (OpenSSL ENGINE)
-
-  Disclaimer
-  __________
-
-  But the price you have to pay for getting a free SSL implementation for
-  Apache is the following:
-
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY EXPRESSED
-  OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-  OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
-  NO EVENT SHALL RALF S. ENGELSCHALL OR THEIR CONTRIBUTORS BE LIABLE FOR ANY
-  DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-  Restrictions
-  ____________
-
-  Additionally you have to accept the following restriction:
-  
-  Please REMEMBER that export/import and/or use of cryptography software or
-  even just providing cryptography hooks is illegal in some parts of the
-  world.  When you re-distribute this package or even email
-  patches/suggestions to the authors or other people PLEASE PAY CLOSE
-  ATTENTION TO ANY APPLICABLE EXPORT/IMPORT LAWS. The author of mod_ssl is not
-  liable for any violations you make here. So be carefully yourself.
-
-  Security Concerns
-  _________________
-
-  You should be very sensible when using cryptography software, because just
-  running an SSL server _DOES NOT_ mean your system is then secure!  This is
-  for a number of reasons. The following questions illustrate some of the
-  problems.
-
-   o  SSL itself may not be secure. People think it is, do you?
-   o  Does this code implement SSL correctly?
-   o  Have the authors of the various components put in back doors?
-   o  Does the code take appropriate measures to keep private keys private? 
-      To what extent is your cooperation in this process required?
-   o  Is your system physically secure?
-   o  Is your system appropriately secured from intrusion over the network?
-   o  Whom do you trust? Do you understand the trust relationship involved 
-      in SSL certificates? Do your system administrators?
-   o  Are your keys, and keys you trust, generated careful enough to
-      avoid reverse engineering of the private keys?
-   o  How do you obtain certificates, keys, and the like, securely?
-   o  Can you trust your users to safeguard their private keys?
-   o  Can you trust your browser to safeguard its generated private key?
-  
-  If you can't answer these questions to your personal satisfaction, then you
-  usually have a problem. Even if you can, you may still _NOT_ be secure.
-  Don't blame the authors if it all goes horribly wrong. Use it at your own
-  risk!
-
-  Installation
-  ____________
-
-  For installing mod_ssl under Unix please read the document INSTALL,
-  for installing under Win32 read the document INSTALL.Win32.
-
-  Compatibility
-  _____________
-
-  This module was developed and tested with Netscape Communicator 4.x,
-  Lynx 2.x and cURL 7.x under FreeBSD 2.2.x, 3.x and 4.x as the clients
-  only. But it should work with other Navigator/Communicator variants,
-  too. Even Internet Explorer users should be able to use this software.
-
-  Resources
-  _________
-
-  For a large list of resources visit the web location
-  http://www.modssl.org/related/ There you can find a lot of hyperlinks to all
-  SSL-related things.
-
-  Credits
-  _______
-
-  Special thanks to The Apache Group and the NCSA for Apache, to the OpenSSL
-  project for the SSL/TLS toolkit and especially to Eric A.  Young and Tim J.
-  Hudson for SSLeay on which OpenSSL is based. And thanks also go to Ben
-  Laurie for the original Apache-SSL on which mod_ssl was originally based.
-  Without the effort of these people mod_ssl would not be possible.
-
diff --git a/usr.sbin/httpd/README.configure b/usr.sbin/httpd/README.configure
deleted file mode 100644
index 3b512554c78..00000000000
--- a/usr.sbin/httpd/README.configure
+++ /dev/null
@@ -1,288 +0,0 @@
-                              
-  APACHE CONFIGURATION
-
-  Apache 1.3 Autoconf-style Interface (APACI)
-  ===========================================
-
-  APACI is an Autoconf-style interface for the Unix side of the Apache 1.3
-  HTTP server source distribution. It is actually not GNU Autoconf-based, i.e.
-  the GNU Autoconf package itself is not used. Instead APACI just provides a
-  similar batch configuration interface and a corresponding out-of-the-box
-  build and installation procedure.
-
-  The basic goal is to provide the following commonly known and expected
-  procedure for out-of-the-box building and installing a package like Apache:
-
-    $ gunzip <apache_1.3.X.tar.gz | tar xvf -
-    $ ./configure --prefix=PREFIX [...]
-    $ make
-    $ make install
-  
-  NOTE: PREFIX is not the string "PREFIX". Instead use the Unix
-        filesystem path under which Apache should be installed. For
-        instance use "/usr/local/apache" for PREFIX above.
-
-  After these steps Apache 1.3 is completely installed under PREFIX and
-  already initially configured, so you can immediately fire it up the first
-  time via
-
-    $ PREFIX/sbin/apachectl start
-
-  to get your first success event with the Apache HTTP server without having
-  to fiddle around with various options for a long time. On the other hand
-  APACI provides a lot of options to adjust the build and installation process
-  for flexibly customizing your Apache installation. So, APACI provides both:
-  Out-of-the-box building and installation for the impatient and powerful
-  custom configuration for the experts.
-
-  Detailed Description
-  ====================
-
-  For a detailed description of all available APACI options please read the
-  file INSTALL or at least run the command
-
-     $ ./configure --help
-
-  for a compact one-page summary of the possibilities you have.
-  Alternatively, you can start from the following examples.
-
-  Examples
-  ========
-
-  In the following typical or even interesting variants of the available
-  configuration steps are shown to give you an impression what APACI is good
-  for and what APACI can do for you to be able to install Apache without much
-  pain.
-
-  Standard installation
-  ---------------------
-
-  The standard installation is done via
-
-    $ ./configure --prefix=/path/to/apache
-    $ make
-    $ make install
-
-  This builds Apache 1.3 with the standard set of enabled modules
-  (automatically determined from src/Configuration.tmpl) with an Apache 1.2
-  conforming subdirectory layout under /path/to/apache. For using the GNU
-  style subdirectory layout additionally use the --with-layout=GNU option:
-
-    $ ./configure --with-layout=GNU --prefix=/path/to/apache
-    $ make
-    $ make install
-
-  If you are not sure which directory layout you want, you can use the
-  --show-layout option. It displays the directory layout which would be used
-  but immediately exits without configuring anything. Examples:
-
-    $ ./configure --show-layout
-    $ ./configure --prefix=/path/to/apache --show-layout
-    $ ./configure --with-layout=GNU --prefix=/path/to/apache --show-layout
-
-  Additionally if some of the shown paths still don't fit for your particular
-  situation, you can use the --bindir, --sbindir, --libexecdir, --mandir,
-  --sysconfdir, --datadir, --localstatedir, --runtimedir, --logfiledir and
-  --proxycachedir options to adjust the layout as required. Always check with
-  --show-layout the resulting directory layout which would be used for
-  installation.
-
-  suEXEC support
-  --------------
-
-  The suEXEC feature of Apache provides a mechanism to run CGI and SSI
-  programs under the user and group id of the owner of the program. It is
-  neither installed nor configured per default for Apache 1.3, but APACI
-  supports it with additional options:
-
-     $ ./configure --prefix=/path/to/apache \
-                   --enable-suexec \
-                   --suexec-caller=www \
-                   --suexec-userdir=.www \
-                   --suexec-docroot=/path/to/root/dir \
-                   --suexec-logfile=/path/to/logdir/suexec_log \
-                   --suexec-uidmin=1000 \
-                   --suexec-gidmin=1000 \
-                   --suexec-safepath="/bin:/usr/bin"
-     $ make
-     $ make install
-
-  This automatically builds and installs Apache 1.3 with suEXEC support for
-  the caller uid "www" and the user's homedir subdirs ".www". The default
-  paths for --suexec-docroot is the value from the --datadir option with
-  the suffix "/htdocs" and the --logfiledir value with the suffix
-  "/suexec_log" for the --suexec-logfile option. The access paths for the
-  suexec program are automatically adjusted and the suexec program is
-  installed, so Apache can find it on startup.
-
-  Building multiple platforms in parallel
-  ---------------------------------------
-
-  When you want to compile Apache for multiple platforms in parallel it is
-  useful to share the source tree (usually via NFS, AFS or DFS) but build the
-  object files in separated subtrees. This can be accomplished by letting
-  APACI create a source shadow tree and build there:
-
-    $ ./configure --shadow --prefix=/path/to/apache
-    $ make
-    $ make install
-
-  Then APACI first determines the GNU platform triple, creates a shadow tree
-  in src.<gnu-triple> plus corresponding Makefile.<gnu-triple> and then
-  performs the complete build process inside this shadow tree.
-
-  Dynamic Shared Object (DSO) support
-  -----------------------------------
-
-  Apache 1.3 supports building modules as shared objects on all major Unix
-  platforms (see section "Supported Platforms" in document
-  htdocs/manual/dso.html for details).  APACI has a nice way of enabling the
-  building of DSO-based modules and automatically installing them:
-
-    $ ./configure --prefix=/path/to/apache \
-                  --enable-module=rewrite \
-                  --enable-shared=rewrite 
-    $ make
-    $ make install
-
-  This builds and installs Apache with the default configuration except that
-  it adds the mod_rewrite module and automatically builds and installs it as a
-  DSO, so it is optionally available for loading under runtime.  To make your
-  life even more easy APACI additionally inserts a corresponding `LoadModule'
-  line into the httpd.conf file in the installation phase.
-
-  APACI also supports a variant of the --enable-shared option:
-
-    $ ./configure --prefix=/path/to/apache \
-                  --enable-shared=max
-    $ make
-    $ make install
-
-  This enables shared object building for the maximum of modules, i.e. all
-  enabled modules (--enable-module or the default set) except for mod_so
-  itself (the bootstrapping module for DSO support). So, to build a
-  full-powered Apache with maximum flexibility by building and installing most
-  of the modules, you can use:
-
-    $ ./configure --prefix=/path/to/apache \
-                  --enable-module=most \
-                  --enable-shared=max
-    $ make
-    $ make install
-
-  This first enables most of the modules (all modules except some problematic
-  ones like mod_auth_db which needs third party libraries not available on
-  every platform or mod_log_agent and mod_log_referer which are deprecated)
-  and then enables DSO support for all of them. This way you get all these
-  modules installed and you then can decide under runtime (via the
-  `LoadModule') directives which ones are actually used. This is especially 
-  useful for vendor package maintainers to provide a flexible Apache package.
-
-  On-the-fly added additional/private module
-  ------------------------------------------
-
-  For Apache there are a lot of modules flying around on the net which solve
-  particular problems. For a good reference see the Apache Module Registory at
-  http://modules.apache.org/ and the Apache Group's contribution directory at
-  http://www.apache.org/dist/contrib/modules/. These modules usually come in a
-  file named mod_foo.c. APACI supports adding these sources on-the-fly to the
-  build process:
-
-    $ ./configure --prefix=/path/to/apache \
-                  --add-module=/path/to/mod_foo.c
-    $ make
-    $ make install
-
-  This automatically copies mod_foo.c to src/modules/extra/, activates it in
-  the configuration and builds Apache with it. A very useful way is to combine
-  this with the DSO support:
-
-    $ ./configure --prefix=/path/to/apache \
-                  --add-module=/path/to/mod_foo.c \
-                  --enable-shared=foo
-    $ make
-    $ make install
-
-  This builds and installs Apache with the default set of modules, but
-  additionally builds mod_foo as a DSO and adds a `LoadModule' line to the
-  httpd.conf file to activate it for loading under runtime.
-
-  Apache and mod_perl
-  -------------------
-
-  The Apache/Perl integration project (http://perl.apache.org/) from Doug
-  MacEachern <dougm@perl.apache.org> is a very powerful approach to integrate
-  a Perl 5 interpreter into the Apache HTTP server both for running Perl
-  programs and for programming Apache modules in Perl. The distribution
-  mod_perl-1.XX.tar.gz can be found on http://perl.apache.org/src/. Here is
-  how you can build and install Apache with mod_perl:
-
-    $ gunzip <apache_1.3.X.tar.gz | tar xvf -
-    $ gunzip <mod_perl-1.XX.tar.gz | tar xvf -
-    $ cd mod_perl-1.XX
-    $ perl Makefile.PL APACHE_SRC=../apache_1.3.X/src \
-                       DO_HTTPD=1 USE_APACI=1 \
-                       [EVERYTHING=1 ...]
-    $ make
-    $ make install
-
-    [optionally you now have the chance to prepare or add more 
-     third-party modules to the Apache source tree]
-
-    $ cd ../apache_1.3.X
-    $ ./configure --prefix=/path/to/apache \
-                  --activate-module=src/modules/perl/libperl.a \
-                  [--enable-shared=perl]
-    $ make 
-    $ make install
-
-  Apache and PHP
-  --------------
-
-  The PHP language (http://www.php.net) is an HTML-embedded scripting language 
-  which can be directly integrated into the Apache HTTP server for powerful HTML 
-  scripting.  The package can be found at http://www.php.net/downloads.php 
-
-  1. How you can install Apache with a statically linked PHP:
-
-    $ gunzip <apache_1.3.X.tar.gz | tar xvf -
-    $ gunzip <php-3.0.tar.gz | tar xvf -
-    $ cd apache_1.3.X
-    $ ./configure --prefix=/path/to/apache
-    $ cd ../php-3.0
-    $ ./configure --with-apache=../apache_1.3.X
-    $ make
-    $ make install
-
-    [optionally you now have the chance to prepare or add more 
-     third-party modules to the Apache source tree]
-
-    $ cd ../apache_1.3.X
-    $ ./configure --prefix=/path/to/apache \
-                  --activate-module=src/modules/php3/libphp3.a
-    $ make 
-    $ make install
-    
-  2. You can also use APXS:
-
-    $ cd apache-1.3.X
-    $ ./configure --prefix=/path/to/apache --enable-shared=max
-    $ make
-    $ make install
-
-    $ cd php-3.0.X
-    $ ./configure --with-apxs=/path/to/apache/bin/apxs \
-                  --with-config-file-path=/path/to/apache
-    $ make
-    $ make install
-
-  At this point don't forget to edit your conf/httpd.conf file and
-  make sure the file contains the line for PHP 3:
-
-    AddType application/x-httpd-php3 .php3
-
-  Or this line for PHP 4:
-
-    AddType application/x-httpd-php .php
-
-  Then restart your server.
diff --git a/usr.sbin/httpd/cgi-bin/printenv b/usr.sbin/httpd/cgi-bin/printenv
deleted file mode 100644
index bb91d2b394b..00000000000
--- a/usr.sbin/httpd/cgi-bin/printenv
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/perl
-##
-##  printenv -- demo CGI program which just prints its environment
-##
-
-print "Content-type: text/plain\n\n";
-foreach $var (sort(keys(%ENV))) {
-    $val = $ENV{$var};
-    $val =~ s|\n|\\n|g;
-    $val =~ s|"|\\"|g;
-    print "${var}=\"${val}\"\n";
-}
-
diff --git a/usr.sbin/httpd/cgi-bin/test-cgi b/usr.sbin/httpd/cgi-bin/test-cgi
deleted file mode 100644
index a85631e3aa2..00000000000
--- a/usr.sbin/httpd/cgi-bin/test-cgi
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-
-# disable filename globbing
-set -f
-
-echo Content-type: text/plain
-echo
-
-echo CGI/1.0 test script report:
-echo
-
-echo argc is $#. argv is "$*".
-echo
-
-echo SERVER_SOFTWARE = $SERVER_SOFTWARE
-echo SERVER_NAME = $SERVER_NAME
-echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE
-echo SERVER_PROTOCOL = $SERVER_PROTOCOL
-echo SERVER_PORT = $SERVER_PORT
-echo REQUEST_METHOD = $REQUEST_METHOD
-echo HTTP_ACCEPT = "$HTTP_ACCEPT"
-echo PATH_INFO = "$PATH_INFO"
-echo PATH_TRANSLATED = "$PATH_TRANSLATED"
-echo SCRIPT_NAME = "$SCRIPT_NAME"
-echo QUERY_STRING = "$QUERY_STRING"
-echo REMOTE_HOST = $REMOTE_HOST
-echo REMOTE_ADDR = $REMOTE_ADDR
-echo REMOTE_USER = $REMOTE_USER
-echo AUTH_TYPE = $AUTH_TYPE
-echo CONTENT_TYPE = $CONTENT_TYPE
-echo CONTENT_LENGTH = $CONTENT_LENGTH
diff --git a/usr.sbin/httpd/conf/httpd.conf b/usr.sbin/httpd/conf/httpd.conf
deleted file mode 100644
index 6fa0cbc6cbf..00000000000
--- a/usr.sbin/httpd/conf/httpd.conf
+++ /dev/null
@@ -1,1121 +0,0 @@
-#	$OpenBSD: httpd.conf,v 1.28 2013/07/16 13:02:16 jsing Exp $
-#
-# Based upon the NCSA server configuration files originally by Rob McCool.
-#
-# This is the main Apache server configuration file.  It contains the
-# configuration directives that give the server its instructions.
-# See <URL:http://www.apache.org/docs/> for detailed information about
-# the directives.
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do.  They're here only as hints or reminders.  If you are unsure
-# consult the online docs. You have been warned.  
-#
-# After this file is processed, the server will look for and process
-# /var/www/conf/srm.conf and then /var/www/conf/access.conf
-# unless you have overridden these with ResourceConfig and/or
-# AccessConfig directives here.
-#
-# The configuration directives are grouped into three basic sections:
-#  1. Directives that control the operation of the Apache server process as a
-#     whole (the 'global environment').
-#  2. Directives that define the parameters of the 'main' or 'default' server,
-#     which responds to requests that aren't handled by a virtual host.
-#     These directives also provide default values for the settings
-#     of all virtual hosts.
-#  3. Settings for virtual hosts, which allow Web requests to be sent to
-#     different IP addresses or hostnames and have them handled by the
-#     same Apache server process.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path.  If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
-# with ServerRoot set to "/usr/local/apache" will be interpreted by the
-# server as "/usr/local/apache/logs/foo.log".
-#
-
-### Section 1: Global Environment
-#
-# The directives in this section affect the overall operation of Apache,
-# such as the number of concurrent requests it can handle or where it
-# can find its configuration files.
-#
-
-#
-# ServerType is either inetd, or standalone.  Inetd mode is only supported on
-# Unix platforms.
-#
-ServerType standalone
-
-#
-# ServerTokens is either Full, OS, Minimal, or ProductOnly.
-# The values define what version information is returned in the
-# Server header in HTTP responses.
-#
-# ServerTokens ProductOnly
-
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# NOTE!  If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the LockFile documentation
-# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
-# you will save yourself a lot of trouble.
-#
-# Do NOT add a slash at the end of the directory path.
-#
-ServerRoot "/var/www"
-
-#
-# The LockFile directive sets the path to the lockfile used when Apache
-# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
-# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
-# its default value. The main reason for changing it is if the logs
-# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
-# DISK. The PID of the main server process is automatically appended to
-# the filename. 
-#
-#LockFile logs/accept.lock
-
-#
-# PidFile: The file in which the server should record its process
-# identification number when it starts.
-#
-PidFile logs/httpd.pid
-#
-# ScoreBoardFile: File used to store internal server process information.
-# Not all architectures require this.  But if yours does (you'll know because
-# this file will be  created when you run Apache) then you *must* ensure that
-# no two invocations of Apache share the same scoreboard file.
-#
-ScoreBoardFile logs/apache_runtime_status
-
-#
-# In the standard configuration, the server will process httpd.conf,
-# srm.conf, and access.conf in that order.  The latter two files are
-# now deprecated and not installed any more, as it is recommended that 
-# all directives be kept in a single file for simplicity.  
-#
-#ResourceConfig conf/srm.conf
-#AccessConfig conf/access.conf
-
-#
-# Timeout: The number of seconds before receives and sends time out.
-#
-Timeout 300
-
-#
-# KeepAlive: Whether or not to allow persistent connections (more than
-# one request per connection). Set to "Off" to deactivate.
-#
-KeepAlive On
-
-#
-# MaxKeepAliveRequests: The maximum number of requests to allow
-# during a persistent connection. Set to 0 to allow an unlimited amount.
-# We recommend you leave this number high, for maximum performance.
-#
-MaxKeepAliveRequests 100
-
-#
-# KeepAliveTimeout: Number of seconds to wait for the next request from the
-# same client on the same connection.
-#
-KeepAliveTimeout 15
-
-#
-# Server-pool size regulation.  Rather than making you guess how many
-# server processes you need, Apache dynamically adapts to the load it
-# sees --- that is, it tries to maintain enough server processes to
-# handle the current load, plus a few spare servers to handle transient
-# load spikes (e.g., multiple simultaneous requests from a single
-# Netscape browser).
-#
-# It does this by periodically checking how many servers are waiting
-# for a request.  If there are fewer than MinSpareServers, it creates
-# a new spare.  If there are more than MaxSpareServers, some of the
-# spares die off.  The default values in httpd.conf-dist are probably OK
-# for most sites.
-#
-MinSpareServers 5
-MaxSpareServers 10
-
-#
-# Number of servers to start initially --- should be a reasonable ballpark
-# figure.
-#
-StartServers 5
-
-#
-# Limit on total number of servers running, i.e., limit on the number
-# of clients who can simultaneously connect --- if this limit is ever
-# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
-# It is intended mainly as a brake to keep a runaway server from taking
-# the system with it as it spirals down...
-#
-MaxClients 150
-
-#
-# MaxRequestsPerChild: the number of requests each child process is
-# allowed to process before the child dies.  The child will exit so
-# as to avoid problems after prolonged use when Apache (and maybe the
-# libraries it uses) leak memory or other resources.  On most systems, this
-# isn't really needed, but a few (such as Solaris) do have notable leaks
-# in the libraries.
-#
-MaxRequestsPerChild 0
-
-#
-# MaxFOOPerChild: these directives set the current and hard rlimits for
-# the child processes. Attempts to exceed them will cause the OS to
-# take appropriate action. See the setrlimit(2) and signal(3).
-#
-MaxCPUPerChild 0
-MaxDATAPerChild 0
-MaxNOFILEPerChild 0
-MaxRSSPerChild 0
-MaxSTACKPerChild 0
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, in addition to the default. See also the <VirtualHost>
-# directive.
-#
-#Listen 3000
-#Listen 12.34.56.78:80
-
-#
-# BindAddress: You can support virtual hosts with this option. This directive
-# is used to tell the server which IP address to listen to. It can either
-# contain "*", an IP address, or a fully qualified Internet domain name.
-# See also the <VirtualHost> and Listen directives.
-#
-#BindAddress *
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Please read the file README.DSO in the Apache 1.3 distribution for more
-# details about the DSO mechanism and run `httpd -l' for the list of already
-# built-in (statically linked and thus always available) modules in your httpd
-# binary.
-#
-# Note: The order is which modules are loaded is important.  Don't change
-# the order below without expert advice.
-#
-# Example:
-# LoadModule foo_module libexec/mod_foo.so
-
-# "anonymous" user access to authenticated areas
-# LoadModule anon_auth_module	/usr/lib/apache/modules/mod_auth_anon.so
-
-# user authentication using Berkeley DB files
-# LoadModule db_auth_module	/usr/lib/apache/modules/mod_auth_db.so
-
-# user authentication using DBM files
-# LoadModule dbm_auth_module	/usr/lib/apache/modules/mod_auth_dbm.so
-
-# authentication using new-style MD5 Digest Authentication (experimental)
-# LoadModule digest_auth_module	/usr/lib/apache/modules/mod_auth_digest.so
-
-# CERN httpd metafile semantics
-# LoadModule cern_meta_module	/usr/lib/apache/modules/mod_cern_meta.so
-
-# configuration defines ($xxx)
-# LoadModule define_module	/usr/lib/apache/modules/mod_define.so
-
-# user authentication using old-style MD5 Digest Authentication
-# LoadModule digest_module	/usr/lib/apache/modules/mod_digest.so
-
-# generation of Expires HTTP headers according to user-specified criteria
-# LoadModule expires_module	/usr/lib/apache/modules/mod_expires.so
-
-# customization of HTTP response headers
-# LoadModule headers_module	/usr/lib/apache/modules/mod_headers.so
-
-# comprehensive overview of the server configuration
-# LoadModule info_module		/usr/lib/apache/modules/mod_info.so
-
-# logging of the client user agents (deprecated in favor of mod_log_config)
-# LoadModule agent_log_module	/usr/lib/apache/modules/mod_log_agent.so
-
-# logging of referers (deprecated in favor of mod_log_config)
-# LoadModule referer_log_module	/usr/lib/apache/modules/mod_log_referer.so
-
-# determining the MIME type of a file by looking at a few bytes of its contents
-# LoadModule mime_magic_module	/usr/lib/apache/modules/mod_mime_magic.so
-
-# mmap()ing of a statically configured list of frequently requested but 
-# not changed files (experimental)
-# LoadModule mmap_static_module	/usr/lib/apache/modules/mod_mmap_static.so
-
-# rule-based rewriting engine to rewrite requested URLs on the fly
-# LoadModule rewrite_module	/usr/lib/apache/modules/mod_rewrite.so
-
-# attempt to correct misspellings of URLs that users might have entered
-# LoadModule speling_module	/usr/lib/apache/modules/mod_speling.so
-
-# provides an environment variable with a unique identifier for each request
-# LoadModule unique_id_module	/usr/lib/apache/modules/mod_unique_id.so
-
-# uses cookies to provide for a clickstream log of user activity on a site
-# LoadModule usertrack_module	/usr/lib/apache/modules/mod_usertrack.so
-
-# dynamically configured mass virtual hosting
-# LoadModule vhost_alias_module	/usr/lib/apache/modules/mod_vhost_alias.so
-
-# caching proxy
-# LoadModule proxy_module	/usr/lib/apache/modules/libproxy.so
-
-#
-# Include extra module configuration files
-#
-Include /var/www/conf/modules/*.conf
-
-#
-# ExtendedStatus controls whether Apache will generate "full" status
-# information (ExtendedStatus On) or just basic information (ExtendedStatus
-# Off) when the "server-status" handler is called. The default is Off.
-#
-#ExtendedStatus On
-
-### Section 2: 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# <VirtualHost> definition.  These values also provide defaults for
-# any <VirtualHost> containers you may define later in the file.
-#
-# All of these directives may appear inside <VirtualHost> containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
-
-#
-# If your ServerType directive (set earlier in the 'Global Environment'
-# section) is set to "inetd", the next few directives don't have any
-# effect since their settings are defined by the inetd configuration.
-# Skip ahead to the ServerAdmin directive.
-#
-
-#
-# Port: The port to which the standalone server listens. For
-# ports < 1023, you will need httpd to be run as root initially.
-#
-Port 80
-
-##
-##  SSL Support
-##
-##  When we also provide SSL we have to listen to the 
-##  standard HTTP port (see above) and to the HTTPS port
-##
-<IfDefine SSL>
-Listen 80
-Listen 443
-</IfDefine>
-
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.  
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
-#  . On HPUX you may not be able to use shared memory as nobody, and the
-#    suggested workaround is to create a user www and use that user.
-#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
-#  when the value of (unsigned)Group is above 60000; 
-#  don't use Group #-1 on these systems!
-#  On OpenBSD, use user www, group www.
-#
-User www
-Group www
-
-#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed.  This address appears on some server-generated pages, such
-# as error documents.
-#
-ServerAdmin you@your.address
-
-#
-# ServerName allows you to set a host name which is sent back to clients for
-# your server if it's different than the one the program would get (i.e., use
-# "www" instead of the host's real name).
-#
-# Note: You cannot just invent host names and hope they work. The name you 
-# define here must be a valid DNS name for your host. If you don't understand
-# this, ask your network administrator.
-# If your host doesn't have a registered DNS name, enter its IP address here.
-# You will have to access it by its address (e.g., http://123.45.67.89/)
-# anyway, and this will make redirections work in a sensible way.
-#
-#ServerName new.host.name
-
-#
-# DocumentRoot: The directory out of which you will serve your
-# documents. By default, all requests are taken from this directory, but
-# symbolic links and aliases may be used to point to other locations.
-#
-DocumentRoot "/var/www/htdocs"
-
-#
-# Each directory to which Apache has access, can be configured with respect
-# to which services and features are allowed and/or disabled in that
-# directory (and its subdirectories). 
-#
-# First, we configure the "default" to be a very restrictive set of 
-# permissions.  
-#
-<Directory />
-    Options FollowSymLinks
-    AllowOverride None
-</Directory>
-
-#
-# Note that from this point forward you must specifically allow
-# particular features to be enabled - so if something's not working as
-# you might expect, make sure that you have specifically enabled it
-# below.
-#
-
-#
-# This should be changed to whatever you set DocumentRoot to.
-#
-<Directory "/var/www/htdocs">
-
-#
-# This may also be "None", "All", or any combination of "Indexes",
-# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
-#
-# Note that "MultiViews" must be named *explicitly* --- "Options All"
-# doesn't give it to you.
-#
-    Options Indexes FollowSymLinks
-
-#
-# This controls which options the .htaccess files in directories can
-# override. Can also be "All", or any combination of "Options", "FileInfo", 
-# "AuthConfig", and "Limit"
-#
-    AllowOverride None
-
-#
-# Controls who can get stuff from this server.
-#
-    Order allow,deny
-    Allow from all
-</Directory>
-
-#
-# UserDir: The directory which is prepended onto a users username, within 
-# which a users's web pages are looked for if a ~user request is received. 
-# Relative paths are relative to the user's home directory.
-#
-# "disabled" turns this feature off.
-#
-# Since httpd will chroot(2) to the ServerRoot path by default,
-# you should use
-#	UserDir /var/www/users
-# and create per user directories in /var/www/users/<username>
-#
-
-UserDir disabled
-
-#
-# Control access to UserDir directories.  The following is an example
-# for a site where these directories are restricted to read-only and
-# are located under /users/<username>
-# You will need to change this to match your site's home directories.
-#
-#<Directory /users/*>
-#    AllowOverride FileInfo AuthConfig Limit
-#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
-#    <Limit GET POST OPTIONS PROPFIND>
-#        Order allow,deny
-#        Allow from all
-#    </Limit>
-#    <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
-#        Order deny,allow
-#        Deny from all
-#    </Limit>
-#</Directory>
-
-#
-# DirectoryIndex: Name of the file or files to use as a pre-written HTML
-# directory index.  Separate multiple entries with spaces.
-#
-DirectoryIndex index.html
-
-#
-# AccessFileName: The name of the file to look for in each directory
-# for access control information.
-#
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess files from being viewed by
-# Web clients.  Since .htaccess files often contain authorization
-# information, access is disallowed for security reasons.  Comment
-# these lines out if you want Web visitors to see the contents of
-# .htaccess files.  If you change the AccessFileName directive above,
-# be sure to make the corresponding changes here.
-#
-<Files .htaccess>
-    Order allow,deny
-    Deny from all
-</Files>
-
-#
-# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
-# document that was negotiated on the basis of content. This asks proxy
-# servers not to cache the document. Uncommenting the following line disables
-# this behavior, and proxies will be allowed to cache the documents.
-#
-#CacheNegotiatedDocs
-
-#
-# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
-# Apache needs to construct a self-referencing URL (a URL that refers back
-# to the server the response is coming from) it will use ServerName and
-# Port to form a "canonical" name.  With this setting off, Apache will
-# use the hostname:port that the client supplied, when possible.  This
-# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
-#
-UseCanonicalName On
-
-#
-# TypesConfig describes where the mime.types file (or equivalent) is
-# to be found.
-#
-TypesConfig conf/mime.types
-
-#
-# DefaultType is the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value.  If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-DefaultType text/plain
-
-#
-# The mod_mime_magic module allows the server to use various hints from the
-# contents of the file itself to determine its type.  The MIMEMagicFile
-# directive tells the module where the hint definitions are located.
-# mod_mime_magic is not part of the default server (you have to add
-# it yourself with a LoadModule [see the DSO paragraph in the 'Global
-# Environment' section], or recompile the server and include mod_mime_magic
-# as part of the configuration), so it's enclosed in an <IfModule> container.
-# This means that the MIMEMagicFile directive will only be processed if the
-# module is part of the server.
-#
-<IfModule mod_mime_magic.c>
-    MIMEMagicFile conf/magic
-</IfModule>
-
-#
-# HostnameLookups: Log the names of clients or just their IP addresses
-# e.g., www.apache.org (on) or 204.62.129.132 (off).
-# The default is off because it'd be overall better for the net if people
-# had to knowingly turn this feature on, since enabling it means that
-# each client request will result in AT LEAST one lookup request to the
-# nameserver.
-#
-HostnameLookups Off
-
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a <VirtualHost>
-# container, error messages relating to that virtual host will be
-# logged here.  If you *do* define an error logfile for a <VirtualHost>
-# container, that host's errors will be logged there and not here.
-# Either a filename or the text "syslog:" followed by a facility
-# name may be specified here.
-#
-#ErrorLog syslog:daemon
-ErrorLog logs/error_log
-
-#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
-LogLevel warn
-
-#
-# The following directives define some format nicknames for use with
-# a CustomLog directive (see below).
-#
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-
-#
-# The location and format of the access logfile (Common Logfile Format).
-# If you do not define any access logfiles within a <VirtualHost>
-# container, they will be logged here.  Contrariwise, if you *do*
-# define per-<VirtualHost> access logfiles, transactions will be
-# logged therein and *not* in this file.
-#
-CustomLog logs/access_log common
-
-#
-# If you would like to have agent and referer logfiles, uncomment the
-# following directives.
-#
-#CustomLog logs/referer_log referer
-#CustomLog logs/agent_log agent
-
-#
-# If you prefer a single logfile with access, agent, and referer information
-# (Combined Logfile Format) you can use the following directive.
-#
-#CustomLog logs/access_log combined
-
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (error documents, FTP directory listings,
-# mod_status and mod_info output etc., but not CGI generated documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of:  On | Off | EMail
-#
-# ServerSignature Off
-
-#
-# Aliases: Add here as many aliases as you need (with no limit). The format is 
-# Alias fakename realname
-#
-# Note that if you include a trailing / on fakename then the server will
-# require it to be present in the URL.  So "/icons" isn't aliased in this
-# example, only "/icons/"..
-#
-Alias /icons/ "/var/www/icons/"
-
-<Directory "/var/www/icons">
-    Options Indexes MultiViews
-    AllowOverride None
-    Order allow,deny
-    Allow from all
-</Directory>
-
-#
-# ScriptAlias: This controls which directories contain server scripts.
-# ScriptAliases are essentially the same as Aliases, except that
-# documents in the realname directory are treated as applications and
-# run by the server when requested rather than as documents sent to the client.
-# The same rules about trailing "/" apply to ScriptAlias directives as to
-# Alias.
-#
-ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-
-#
-# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
-<Directory "/var/www/cgi-bin">
-    AllowOverride None
-    Options None
-    Order allow,deny
-    Allow from all
-</Directory>
-
-#
-# Redirect allows you to tell clients about documents which used to exist in
-# your server's namespace, but do not anymore. This allows you to tell the
-# clients where to look for the relocated document.
-# Format: Redirect old-URI new-URL
-#
-
-#
-# Directives controlling the display of server-generated directory listings.
-#
-
-#
-# FancyIndexing is whether you want fancy directory indexing or standard
-#
-IndexOptions FancyIndexing
-
-#
-# AddIcon* directives tell the server which icon to show for different
-# files or filename extensions.  These are only displayed for
-# FancyIndexed directories.
-#
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
-
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif core
-
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
-
-#
-# DefaultIcon is which icon to show for files which do not have an icon
-# explicitly set.
-#
-DefaultIcon /icons/unknown.gif
-
-#
-# AddDescription allows you to place a short description after a file in
-# server-generated indexes.  These are only displayed for FancyIndexed
-# directories.
-# Format: AddDescription "description" filename
-#
-#AddDescription "GZIP compressed document" .gz
-#AddDescription "tar archive" .tar
-#AddDescription "GZIP compressed tar archive" .tgz
-
-#
-# ReadmeName is the name of the README file the server will look for by
-# default, and append to directory listings.
-#
-# HeaderName is the name of a file which should be prepended to
-# directory indexes. 
-#
-# The server will first look for name.html and include it if found.
-# If name.html doesn't exist, the server will then look for name.txt
-# and include it as plaintext if found.
-#
-ReadmeName README
-HeaderName HEADER
-
-#
-# IndexIgnore is a set of filenames which directory indexing should ignore
-# and not include in the listing.  Shell-style wildcarding is permitted.
-#
-IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
-
-#
-# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
-# information on the fly. Note: Not all browsers support this.
-# Despite the name similarity, the following Add* directives have nothing
-# to do with the FancyIndexing customization directives above.
-#
-AddEncoding x-compress Z
-AddEncoding x-gzip gz
-
-#
-# AddLanguage allows you to specify the language of a document. You can
-# then use content negotiation to give a browser a file in a language
-# it can understand.  Note that the suffix does not have to be the same
-# as the language keyword --- those with documents in Polish (whose
-# net-standard language code is pl) may wish to use "AddLanguage pl .po" 
-# to avoid the ambiguity with the common suffix for perl scripts.
-#
-AddLanguage en .en
-AddLanguage fr .fr
-AddLanguage de .de
-AddLanguage da .da
-AddLanguage el .el
-AddLanguage it .it
-
-#
-# LanguagePriority allows you to give precedence to some languages
-# in case of a tie during content negotiation.
-# Just list the languages in decreasing order of preference.
-#
-LanguagePriority en fr de
-
-#
-# AddType allows you to tweak mime.types without actually editing it, or to
-# make certain files to be certain types.
-#
-# For example, the PHP module (not part of the Apache distribution)
-# will typically use:
-#
-#AddType application/x-httpd-php .php
-
-#
-# AddHandler allows you to map certain file extensions to "handlers",
-# actions unrelated to filetype. These can be either built into the server
-# or added with the Action command (see below)
-#
-# If you want to use server side includes, or CGI outside
-# ScriptAliased directories, uncomment the following lines.
-#
-# To use CGI scripts:
-#
-#AddHandler cgi-script .cgi
-
-#
-# To use server-parsed HTML files
-#
-#AddType text/html .shtml
-#AddHandler server-parsed .shtml
-
-#
-# Uncomment the following line to enable Apache's send-asis HTTP file
-# feature
-#
-#AddHandler send-as-is asis
-
-#
-# If you wish to use server-parsed imagemap files, use
-#
-#AddHandler imap-file map
-
-#
-# To enable type maps, you might want to use
-#
-#AddHandler type-map var
-
-#
-# Action lets you define media types that will execute a script whenever
-# a matching file is called. This eliminates the need for repeated URL
-# pathnames for oft-used CGI file processors.
-# Format: Action media/type /cgi-script/location
-# Format: Action handler-name /cgi-script/location
-#
-
-#
-# MetaDir: specifies the name of the directory in which Apache can find
-# meta information files. These files contain additional HTTP headers
-# to include when sending the document
-#
-#MetaDir .web
-
-#
-# MetaSuffix: specifies the file name suffix for the file containing the
-# meta information.
-#
-#MetaSuffix .meta
-
-#
-# Customizable error response (Apache style)
-#  these come in three flavors
-#
-#    1) plain text
-#ErrorDocument 500 "The server made a boo boo.
-#  n.b.  the (") marks it as text, it does not get output
-#
-#    2) local redirects
-#ErrorDocument 404 /missing.html
-#  to redirect to local URL /missing.html
-#ErrorDocument 404 /cgi-bin/missing_handler.pl
-#  N.B.: You can redirect to a script or a document using server-side-includes.
-#
-#    3) external redirects
-#ErrorDocument 402 http://some.other_server.com/subscription_info.html
-#  N.B.: Many of the environment variables associated with the original
-#  request will *not* be available to such a script.
-
-#
-# The following directives modify normal HTTP response behavior.
-# The first directive disables keepalive for Netscape 2.x and browsers that
-# spoof it. There are known problems with these browser implementations.
-# The second directive is for Microsoft Internet Explorer 4.0b2
-# which has a broken HTTP/1.1 implementation and does not properly
-# support keepalive when it is used on 301 or 302 (redirect) responses.
-#
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-
-#
-# The following directive disables HTTP/1.1 responses to browsers which
-# are in violation of the HTTP/1.0 spec by not being able to grok a
-# basic 1.1 response.
-#
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-
-#
-# Allow server status reports, with the URL of http://servername/server-status
-# Change the ".your_domain.com" to match your domain to enable. By default we
-# allow server-status requests from 127.0.0.1 to make apachectl's status and
-# fullstatus commands work.
-#
-<Location /server-status>
-    SetHandler server-status
-    Order deny,allow
-    Deny from all
-    Allow from 127.0.0.1
-#   Allow from .your_domain.com
-</Location>
-
-#
-# Allow remote server configuration reports, with the URL of
-#  http://servername/server-info (requires that mod_info.c be loaded).
-# Change the ".your_domain.com" to match your domain to enable.
-#
-#<Location /server-info>
-#    SetHandler server-info
-#    Order deny,allow
-#    Deny from all
-#    Allow from .your_domain.com
-#</Location>
-
-#
-# There have been reports of people trying to abuse an old bug from pre-1.1
-# days.  This bug involved a CGI script distributed as a part of Apache.
-# By uncommenting these lines you can redirect these attacks to a logging 
-# script on phf.apache.org.  Or, you can record them yourself, using the script
-# support/phf_abuse_log.cgi.
-#
-#<Location /cgi-bin/phf*>
-#    Deny from all
-#    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
-#</Location>
-
-#
-# Proxy Server directives. Uncomment the following lines to
-# enable the proxy server:
-#
-#<IfModule mod_proxy.c>
-#ProxyRequests On
-#
-#<Directory proxy:*>
-#    Order deny,allow
-#    Deny from all
-#    Allow from .your_domain.com
-#</Directory>
-
-#
-# Enable/disable the handling of HTTP/1.1 "Via:" headers.
-# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
-# Set to one of: Off | On | Full | Block
-#
-#ProxyVia On
-
-#
-# To enable the cache as well, edit and uncomment the following lines:
-# (no cacheing without CacheRoot)
-#
-#CacheRoot "/var/www/proxy"
-#CacheSize 5
-#CacheGcInterval 4
-#CacheMaxExpire 24
-#CacheLastModifiedFactor 0.1
-#CacheDefaultExpire 1
-#NoCache a_domain.com another_domain.edu joes.garage_sale.com
-
-#</IfModule>
-# End of proxy directives.
-
-### Section 3: Virtual Hosts
-#
-# VirtualHost: If you want to maintain multiple domains/hostnames on your
-# machine you can setup VirtualHost containers for them.
-# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
-# for further details before you try to setup virtual hosts.
-# You may use the command line option '-S' to verify your virtual host
-# configuration.
-
-#
-# If you want to use name-based virtual hosts you need to define at
-# least one IP address (and port number) for them.
-#
-#NameVirtualHost 12.34.56.78:80
-#NameVirtualHost 12.34.56.78
-
-#
-# VirtualHost example:
-# Almost any Apache directive may go into a VirtualHost container.
-#
-#<VirtualHost ip.address.of.host.some_domain.com>
-#    ServerAdmin webmaster@host.some_domain.com
-#    DocumentRoot /www/docs/host.some_domain.com
-#    ServerName host.some_domain.com
-#    ErrorLog logs/host.some_domain.com-error_log
-#    CustomLog logs/host.some_domain.com-access_log common
-#</VirtualHost>
-
-#<VirtualHost _default_:*>
-#</VirtualHost>
-
-
-##
-##  SSL Global Context
-##
-##  All SSL configuration in this context applies both to
-##  the main server and all SSL-enabled virtual hosts.
-##
-
-#
-#   Some MIME-types for downloading Certificates and CRLs
-#
-<IfDefine SSL>
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl    .crl
-</IfDefine>
-
-<IfModule mod_ssl.c>
-
-#   Pass Phrase Dialog:
-#   Configure the pass phrase gathering process.
-#   The filtering dialog program (`builtin' is a internal
-#   terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog  builtin
-
-#   Inter-Process Session Cache:
-#   Configure the SSL Session Cache: First either `none'
-#   or `dbm:/path/to/file' for the mechanism to use and
-#   second the expiring timeout (in seconds).
-SSLSessionCache         dbm:logs/ssl_scache
-SSLSessionCacheTimeout  300
-
-#   Semaphore:
-#   Configure the path to the mutual exclusion semaphore the
-#   SSL engine uses internally for inter-process synchronization. 
-SSLMutex  sem
-
-#   Pseudo Random Number Generator (PRNG):
-#   Configure one or more sources to seed the PRNG of the 
-#   SSL library. The seed data should be of good random quality.
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-#SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed startup file:/dev/urandom 512
-#SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
-SSLRandomSeed startup file:/dev/arandom  512
-
-#   Logging:
-#   The home of the dedicated SSL protocol logfile. Errors are
-#   additionally duplicated in the general error log file.  Put
-#   this somewhere where it cannot be used for symlink attacks on
-#   a real server (i.e. somewhere where only root can write).
-#   Log levels are (ascending order: higher ones include lower ones):
-#   none, error, warn, info, trace, debug.
-SSLLog      logs/ssl_engine_log
-SSLLogLevel info
-
-</IfModule>
-
-<IfDefine SSL>
-
-##
-## SSL Virtual Host Context
-##
-
-<VirtualHost _default_:443>
-
-#  General setup for the virtual host
-DocumentRoot /var/www/htdocs
-ServerName new.host.name
-ServerAdmin you@your.address
-ErrorLog logs/error_log
-TransferLog logs/access_log
-
-#   SSL Engine Switch:
-#   Enable/Disable SSL for this virtual host.
-SSLEngine on
-
-#   SSL Cipher Suite:
-#   List the ciphers that the client is permitted to negotiate.
-#   See the mod_ssl documentation for a complete list.
-#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
-
-#   SSL ECDH Curve:
-#   Named curve to use when generating ephemeral EC keys for an
-#   ECDHE-based cipher suite, or `none' to disable.
-SSLECDHCurve prime256v1
-
-#   SSL Honor Cipher Order:
-#   If on, use server's order of preference for ciphers.
-#SSLHonorCipherOrder on
-
-#   Server Certificate:
-#   Point SSLCertificateFile at a PEM encoded certificate.  If
-#   the certificate is encrypted, then you will be prompted for a
-#   pass phrase.  Note that a kill -HUP will prompt again. A test
-#   certificate can be generated with `make certificate' under
-#   built time.
-SSLCertificateFile    /etc/ssl/server.crt
-
-#   Server Private Key:
-#   If the key is not combined with the certificate, use this
-#   directive to point at the key file.
-SSLCertificateKeyFile /etc/ssl/private/server.key
-
-#   Certificate Authority (CA):
-#   Set the CA certificate verification path where to find CA
-#   certificates for client authentication or alternatively one
-#   huge file containing all of them (file must be PEM encoded)
-#   Note: Inside SSLCACertificatePath you need hash symlinks
-#         to point to the certificate files. Use the provided
-#         Makefile to update the hash symlinks after changes.
-#SSLCACertificatePath    /var/www/conf/ssl.crt
-#SSLCACertificateFile    /var/www/conf/ssl.crt/ca-bundle.crt
-
-#   Client Authentication (Type):
-#   Client certificate verification type and depth.  Types are
-#   none, optional, require and optional_no_ca.  Depth is a
-#   number which specifies how deeply to verify the certificate
-#   issuer chain before deciding the certificate is not valid.
-#SSLVerifyClient require
-#SSLVerifyDepth  10
-
-#   Access Control:
-#   With SSLRequire you can do per-directory access control based
-#   on arbitrary complex boolean expressions containing server
-#   variable checks and other lookup directives.  The syntax is a
-#   mixture between C and Perl.  See the mod_ssl documentation
-#   for more details.
-#<Location />
-#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
-#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
-#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-#</Location>
-
-#   SSL Engine Options:
-#   Set various options for the SSL engine.
-#   FakeBasicAuth:
-#     Translate the client X.509 into a Basic Authorisation.  This means that
-#     the standard Auth/DBMAuth methods can be used for access control.  The
-#     user name is the `one line' version of the client's X.509 certificate.
-#     Note that no password is obtained from the user. Every entry in the user
-#     file needs this password: `xxj31ZMTZzkVA'.
-#   ExportCertData:
-#     This exports two additional environment variables: SSL_CLIENT_CERT and
-#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-#     server (always existing) and the client (only existing when client
-#     authentication is used). This can be used to import the certificates
-#     into CGI scripts.
-#   CompatEnvVars:
-#     This exports obsolete environment variables for backward compatibility
-#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
-#     to provide compatibility to existing CGI scripts.
-#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
-
-#   Per-Server Logging:
-#   The home of a custom SSL log file. Use this when you want a
-#   compact non-error SSL logfile on a virtual host basis.
-CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-</VirtualHost>                                  
-
-</IfDefine>
diff --git a/usr.sbin/httpd/conf/httpd.conf-dist b/usr.sbin/httpd/conf/httpd.conf-dist
deleted file mode 100644
index b5a4c2e0aaa..00000000000
--- a/usr.sbin/httpd/conf/httpd.conf-dist
+++ /dev/null
@@ -1,1204 +0,0 @@
-#
-# Based upon the NCSA server configuration files originally by Rob McCool.
-#
-# This is the main Apache server configuration file.  It contains the
-# configuration directives that give the server its instructions.
-# See <URL:http://www.apache.org/docs/> for detailed information about
-# the directives.
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do.  They're here only as hints or reminders.  If you are unsure
-# consult the online docs. You have been warned.  
-#
-# After this file is processed, the server will look for and process
-# conf/srm.conf and then conf/access.conf
-# unless you have overridden these with ResourceConfig and/or
-# AccessConfig directives here.
-#
-# The configuration directives are grouped into three basic sections:
-#  1. Directives that control the operation of the Apache server process as a
-#     whole (the 'global environment').
-#  2. Directives that define the parameters of the 'main' or 'default' server,
-#     which responds to requests that aren't handled by a virtual host.
-#     These directives also provide default values for the settings
-#     of all virtual hosts.
-#  3. Settings for virtual hosts, which allow Web requests to be sent to
-#     different IP addresses or hostnames and have them handled by the
-#     same Apache server process.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path.  If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
-# with ServerRoot set to "/usr/local/apache" will be interpreted by the
-# server as "/usr/local/apache/logs/foo.log".
-#
-
-### Section 1: Global Environment
-#
-# The directives in this section affect the overall operation of Apache,
-# such as the number of concurrent requests it can handle or where it
-# can find its configuration files.
-#
-
-#
-# ServerType is either inetd, or standalone.  Inetd mode is only supported on
-# Unix platforms.
-#
-ServerType standalone
-
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# NOTE!  If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the LockFile documentation
-# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
-# you will save yourself a lot of trouble.
-#
-ServerRoot "@@ServerRoot@@"
-
-#
-# The LockFile directive sets the path to the lockfile used when Apache
-# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
-# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
-# its default value. The main reason for changing it is if the logs
-# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
-# DISK. The PID of the main server process is automatically appended to
-# the filename. 
-#
-#LockFile logs/accept.lock
-
-#
-# PidFile: The file in which the server should record its process
-# identification number when it starts.
-#
-PidFile logs/httpd.pid
-
-#
-# ScoreBoardFile: File used to store internal server process information.
-# Not all architectures require this.  But if yours does (you'll know because
-# this file will be  created when you run Apache) then you *must* ensure that
-# no two invocations of Apache share the same scoreboard file.
-#
-ScoreBoardFile logs/apache_runtime_status
-
-#
-# In the standard configuration, the server will process httpd.conf (this 
-# file, specified by the -f command line option), srm.conf, and access.conf 
-# in that order.  The latter two files are now distributed empty, as it is 
-# recommended that all directives be kept in a single file for simplicity.  
-# The commented-out values below are the built-in defaults.  You can have the 
-# server ignore these files altogether by using "/dev/null" (for Unix) or
-# "nul" (for Win32) for the arguments to the directives.
-#
-#ResourceConfig conf/srm.conf
-#AccessConfig conf/access.conf
-
-#
-# Timeout: The number of seconds before receives and sends time out.
-#
-Timeout 300
-
-#
-# KeepAlive: Whether or not to allow persistent connections (more than
-# one request per connection). Set to "Off" to deactivate.
-#
-KeepAlive On
-
-#
-# MaxKeepAliveRequests: The maximum number of requests to allow
-# during a persistent connection. Set to 0 to allow an unlimited amount.
-# We recommend you leave this number high, for maximum performance.
-#
-MaxKeepAliveRequests 100
-
-#
-# KeepAliveTimeout: Number of seconds to wait for the next request from the
-# same client on the same connection.
-#
-KeepAliveTimeout 15
-
-#
-# Server-pool size regulation.  Rather than making you guess how many
-# server processes you need, Apache dynamically adapts to the load it
-# sees --- that is, it tries to maintain enough server processes to
-# handle the current load, plus a few spare servers to handle transient
-# load spikes (e.g., multiple simultaneous requests from a single
-# Netscape browser).
-#
-# It does this by periodically checking how many servers are waiting
-# for a request.  If there are fewer than MinSpareServers, it creates
-# a new spare.  If there are more than MaxSpareServers, some of the
-# spares die off.  The default values are probably OK for most sites.
-#
-MinSpareServers 5
-MaxSpareServers 10
-
-#
-# Number of servers to start initially --- should be a reasonable ballpark
-# figure.
-#
-StartServers 5
-
-#
-# Limit on total number of servers running, i.e., limit on the number
-# of clients who can simultaneously connect --- if this limit is ever
-# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
-# It is intended mainly as a brake to keep a runaway server from taking
-# the system with it as it spirals down...
-#
-MaxClients 150
-
-#
-# MaxRequestsPerChild: the number of requests each child process is
-# allowed to process before the child dies.  The child will exit so
-# as to avoid problems after prolonged use when Apache (and maybe the
-# libraries it uses) leak memory or other resources.  On most systems, this
-# isn't really needed, but a few (such as Solaris) do have notable leaks
-# in the libraries. For these platforms, set to something like 10000
-# or so; a setting of 0 means unlimited.
-#
-# NOTE: This value does not include keepalive requests after the initial
-#       request per connection. For example, if a child process handles
-#       an initial request and 10 subsequent "keptalive" requests, it
-#       would only count as 1 request towards this limit.
-#
-MaxRequestsPerChild 0
-
-#
-# MaxFOOPerChild: these directives set the current and hard rlimits for
-# the child processes. Attempts to exceed them will cause the OS to
-# take appropriate action. See the setrlimit(2) and signal(3).
-#
-MaxCPUPerChild 0
-MaxDATAPerChild 0
-MaxNOFILEPerChild 0
-MaxRSSPerChild 0
-MaxSTACKPerChild 0
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, instead of the default. See also the <VirtualHost>
-# directive.
-#
-#Listen 3000
-#Listen 12.34.56.78:80
-
-# Listen can take two arguments.
-# (this is an extension for supporting IPv6 addresses)
-#Listen :: 80
-#Listen 0.0.0.0 80
-
-#
-# BindAddress: You can support virtual hosts with this option. This directive
-# is used to tell the server which IP address to listen to. It can either
-# contain "*", an IP address, or a fully qualified Internet domain name.
-# See also the <VirtualHost> and Listen directives.
-#
-#BindAddress *
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Please read the file http://httpd.apache.org/docs/dso.html for more
-# details about the DSO mechanism and run `httpd -l' for the list of already
-# built-in (statically linked and thus always available) modules in your httpd
-# binary.
-#
-# Note: The order in which modules are loaded is important.  Don't change
-# the order below without expert advice.
-#
-# Example:
-# LoadModule foo_module libexec/mod_foo.so
-
-#
-# ExtendedStatus controls whether Apache will generate "full" status
-# information (ExtendedStatus On) or just basic information (ExtendedStatus
-# Off) when the "server-status" handler is called. The default is Off.
-#
-#ExtendedStatus On
-
-### Section 2: 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# <VirtualHost> definition.  These values also provide defaults for
-# any <VirtualHost> containers you may define later in the file.
-#
-# All of these directives may appear inside <VirtualHost> containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
-
-#
-# If your ServerType directive (set earlier in the 'Global Environment'
-# section) is set to "inetd", the next few directives don't have any
-# effect since their settings are defined by the inetd configuration.
-# Skip ahead to the ServerAdmin directive.
-#
-
-#
-# Port: The port to which the standalone server listens. For
-# ports < 1023, you will need httpd to be run as root initially.
-#
-Port 80
-
-##
-##  SSL Support
-##
-##  When we also provide SSL we have to listen to the 
-##  standard HTTP port (see above) and to the HTTPS port
-##
-<IfDefine SSL>
-Listen 80
-Listen 443
-</IfDefine>
-
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.  
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
-#  . On HPUX you may not be able to use shared memory as nobody, and the
-#    suggested workaround is to create a user www and use that user.
-#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
-#  when the value of (unsigned)Group is above 60000; 
-#  don't use Group "#-1" on these systems!
-#
-User nobody
-Group "#-1"
-
-#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed.  This address appears on some server-generated pages, such
-# as error documents.
-#
-ServerAdmin you@your.address
-
-#
-# ServerName allows you to set a host name which is sent back to clients for
-# your server if it's different than the one the program would get (i.e., use
-# "www" instead of the host's real name).
-#
-# Note: You cannot just invent host names and hope they work. The name you 
-# define here must be a valid DNS name for your host. If you don't understand
-# this, ask your network administrator.
-# If your host doesn't have a registered DNS name, enter its IP address here.
-# You will have to access it by its address (e.g., http://123.45.67.89/)
-# anyway, and this will make redirections work in a sensible way.
-#
-# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your 
-# machine always knows itself by this address. If you use Apache strictly for 
-# local testing and development, you may use 127.0.0.1 as the server name.
-#
-#ServerName www.example.com
-
-#
-# DocumentRoot: The directory out of which you will serve your
-# documents. By default, all requests are taken from this directory, but
-# symbolic links and aliases may be used to point to other locations.
-#
-DocumentRoot "@@ServerRoot@@/htdocs"
-
-#
-# Each directory to which Apache has access, can be configured with respect
-# to which services and features are allowed and/or disabled in that
-# directory (and its subdirectories). 
-#
-# First, we configure the "default" to be a very restrictive set of 
-# permissions.  
-#
-<Directory />
-    Options FollowSymLinks
-    AllowOverride None
-</Directory>
-
-#
-# Note that from this point forward you must specifically allow
-# particular features to be enabled - so if something's not working as
-# you might expect, make sure that you have specifically enabled it
-# below.
-#
-
-#
-# This should be changed to whatever you set DocumentRoot to.
-#
-<Directory "@@ServerRoot@@/htdocs">
-
-#
-# This may also be "None", "All", or any combination of "Indexes",
-# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
-#
-# Note that "MultiViews" must be named *explicitly* --- "Options All"
-# doesn't give it to you.
-#
-    Options Indexes FollowSymLinks MultiViews
-
-#
-# This controls which options the .htaccess files in directories can
-# override. Can also be "All", or any combination of "Options", "FileInfo", 
-# "AuthConfig", and "Limit"
-#
-    AllowOverride None
-
-#
-# Controls who can get stuff from this server.
-#
-    Order allow,deny
-    Allow from all
-</Directory>
-
-#
-# UserDir: The name of the directory which is appended onto a user's home
-# directory if a ~user request is received.
-#
-<IfModule mod_userdir.c>
-    UserDir public_html
-</IfModule>
-
-#
-# Control access to UserDir directories.  The following is an example
-# for a site where these directories are restricted to read-only.
-#
-#<Directory /home/*/public_html>
-#    AllowOverride FileInfo AuthConfig Limit
-#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
-#    <Limit GET POST OPTIONS PROPFIND>
-#        Order allow,deny
-#        Allow from all
-#    </Limit>
-#    <LimitExcept GET POST OPTIONS PROPFIND>
-#        Order deny,allow
-#        Deny from all
-#    </LimitExcept>
-#</Directory>
-
-#
-# DirectoryIndex: Name of the file or files to use as a pre-written HTML
-# directory index.  Separate multiple entries with spaces.
-#
-<IfModule mod_dir.c>
-    DirectoryIndex index.html
-</IfModule>
-
-#
-# AccessFileName: The name of the file to look for in each directory
-# for access control information.
-#
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess files from being viewed by
-# Web clients.  Since .htaccess files often contain authorization
-# information, access is disallowed for security reasons.  Comment
-# these lines out if you want Web visitors to see the contents of
-# .htaccess files.  If you change the AccessFileName directive above,
-# be sure to make the corresponding changes here.
-#
-# Also, folks tend to use names such as .htpasswd for password
-# files, so this will protect those as well.
-#
-<Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
-    Satisfy All
-</Files>
-
-#
-# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
-# document that was negotiated on the basis of content. This asks proxy
-# servers not to cache the document. Uncommenting the following line disables
-# this behavior, and proxies will be allowed to cache the documents.
-#
-#CacheNegotiatedDocs
-
-#
-# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
-# Apache needs to construct a self-referencing URL (a URL that refers back
-# to the server the response is coming from) it will use ServerName and
-# Port to form a "canonical" name.  With this setting off, Apache will
-# use the hostname:port that the client supplied, when possible.  This
-# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
-#
-UseCanonicalName On
-
-#
-# TypesConfig describes where the mime.types file (or equivalent) is
-# to be found.
-#
-<IfModule mod_mime.c>
-    TypesConfig conf/mime.types
-</IfModule>
-
-#
-# DefaultType is the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value.  If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-DefaultType text/plain
-
-#
-# The mod_mime_magic module allows the server to use various hints from the
-# contents of the file itself to determine its type.  The MIMEMagicFile
-# directive tells the module where the hint definitions are located.
-# mod_mime_magic is not part of the default server (you have to add
-# it yourself with a LoadModule [see the DSO paragraph in the 'Global
-# Environment' section], or recompile the server and include mod_mime_magic
-# as part of the configuration), so it's enclosed in an <IfModule> container.
-# This means that the MIMEMagicFile directive will only be processed if the
-# module is part of the server.
-#
-<IfModule mod_mime_magic.c>
-    MIMEMagicFile conf/magic
-</IfModule>
-
-#
-# HostnameLookups: Log the names of clients or just their IP addresses
-# e.g., www.apache.org (on) or 204.62.129.132 (off).
-# The default is off because it'd be overall better for the net if people
-# had to knowingly turn this feature on, since enabling it means that
-# each client request will result in AT LEAST one lookup request to the
-# nameserver.
-#
-HostnameLookups Off
-
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a <VirtualHost>
-# container, error messages relating to that virtual host will be
-# logged here.  If you *do* define an error logfile for a <VirtualHost>
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog logs/error_log
-
-#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
-LogLevel warn
-
-#
-# The following directives define some format nicknames for use with
-# a CustomLog directive (see below).
-#
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-
-#
-# The location and format of the access logfile (Common Logfile Format).
-# If you do not define any access logfiles within a <VirtualHost>
-# container, they will be logged here.  Contrariwise, if you *do*
-# define per-<VirtualHost> access logfiles, transactions will be
-# logged therein and *not* in this file.
-#
-CustomLog logs/access_log common
-
-#
-# If you would like to have agent and referer logfiles, uncomment the
-# following directives.
-#
-#CustomLog logs/referer_log referer
-#CustomLog logs/agent_log agent
-
-#
-# If you prefer a single logfile with access, agent, and referer information
-# (Combined Logfile Format) you can use the following directive.
-#
-#CustomLog logs/access_log combined
-
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (error documents, FTP directory listings,
-# mod_status and mod_info output etc., but not CGI generated documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of:  On | Off | EMail
-#
-ServerSignature On
-
-# EBCDIC configuration:
-# (only for mainframes using the EBCDIC codeset, currently one of:
-# Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!!
-# The following default configuration assumes that "text files"
-# are stored in EBCDIC (so that you can operate on them using the
-# normal POSIX tools like grep and sort) while "binary files" are
-# stored with identical octets as on an ASCII machine.
-#
-# The directives are evaluated in configuration file order, with
-# the EBCDICConvert directives applied before EBCDICConvertByType.
-#
-# If you want to have ASCII HTML documents and EBCDIC HTML documents
-# at the same time, you can use the file extension to force
-# conversion off for the ASCII documents:
-# > AddType       text/html .ahtml
-# > EBCDICConvert Off=InOut .ahtml
-#
-# EBCDICConvertByType  On=InOut text/* message/* multipart/*
-# EBCDICConvertByType  On=In    application/x-www-form-urlencoded
-# EBCDICConvertByType  On=InOut application/postscript model/vrml
-# EBCDICConvertByType Off=InOut */*
-
-
-#
-# Aliases: Add here as many aliases as you need (with no limit). The format is 
-# Alias fakename realname
-#
-<IfModule mod_alias.c>
-
-    #
-    # Note that if you include a trailing / on fakename then the server will
-    # require it to be present in the URL.  So "/icons" isn't aliased in this
-    # example, only "/icons/".  If the fakename is slash-terminated, then the 
-    # realname must also be slash terminated, and if the fakename omits the 
-    # trailing slash, the realname must also omit it.
-    #
-    Alias /icons/ "@@ServerRoot@@/icons/"
-
-    <Directory "@@ServerRoot@@/icons">
-        Options Indexes MultiViews
-        AllowOverride None
-        Order allow,deny
-        Allow from all
-    </Directory>
-
-    #
-    # ScriptAlias: This controls which directories contain server scripts.
-    # ScriptAliases are essentially the same as Aliases, except that
-    # documents in the realname directory are treated as applications and
-    # run by the server when requested rather than as documents sent to the client.
-    # The same rules about trailing "/" apply to ScriptAlias directives as to
-    # Alias.
-    #
-    ScriptAlias /cgi-bin/ "@@ServerRoot@@/cgi-bin/"
-
-    #
-    # "@@ServerRoot@@/cgi-bin" should be changed to whatever your ScriptAliased
-    # CGI directory exists, if you have that configured.
-    #
-    <Directory "@@ServerRoot@@/cgi-bin">
-        AllowOverride None
-        Options None
-        Order allow,deny
-        Allow from all
-    </Directory>
-
-</IfModule>
-# End of aliases.
-
-#
-# Redirect allows you to tell clients about documents which used to exist in
-# your server's namespace, but do not anymore. This allows you to tell the
-# clients where to look for the relocated document.
-# Format: Redirect old-URI new-URL
-#
-
-#
-# Directives controlling the display of server-generated directory listings.
-#
-<IfModule mod_autoindex.c>
-
-    #
-    # FancyIndexing is whether you want fancy directory indexing or standard
-    #
-    IndexOptions FancyIndexing
-
-    #
-    # AddIcon* directives tell the server which icon to show for different
-    # files or filename extensions.  These are only displayed for
-    # FancyIndexed directories.
-    #
-    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-
-    AddIconByType (TXT,/icons/text.gif) text/*
-    AddIconByType (IMG,/icons/image2.gif) image/*
-    AddIconByType (SND,/icons/sound2.gif) audio/*
-    AddIconByType (VID,/icons/movie.gif) video/*
-
-    AddIcon /icons/binary.gif .bin .exe
-    AddIcon /icons/binhex.gif .hqx
-    AddIcon /icons/tar.gif .tar
-    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-    AddIcon /icons/a.gif .ps .ai .eps
-    AddIcon /icons/layout.gif .html .shtml .htm .pdf
-    AddIcon /icons/text.gif .txt
-    AddIcon /icons/c.gif .c
-    AddIcon /icons/p.gif .pl .py
-    AddIcon /icons/f.gif .for
-    AddIcon /icons/dvi.gif .dvi
-    AddIcon /icons/uuencoded.gif .uu
-    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-    AddIcon /icons/tex.gif .tex
-    AddIcon /icons/bomb.gif core
-
-    AddIcon /icons/back.gif ..
-    AddIcon /icons/hand.right.gif README
-    AddIcon /icons/folder.gif ^^DIRECTORY^^
-    AddIcon /icons/blank.gif ^^BLANKICON^^
-
-    #
-    # DefaultIcon is which icon to show for files which do not have an icon
-    # explicitly set.
-    #
-    DefaultIcon /icons/unknown.gif
-
-    #
-    # AddDescription allows you to place a short description after a file in
-    # server-generated indexes.  These are only displayed for FancyIndexed
-    # directories.
-    # Format: AddDescription "description" filename
-    #
-    #AddDescription "GZIP compressed document" .gz
-    #AddDescription "tar archive" .tar
-    #AddDescription "GZIP compressed tar archive" .tgz
-
-    #
-    # ReadmeName is the name of the README file the server will look for by
-    # default, and append to directory listings.
-    #
-    # HeaderName is the name of a file which should be prepended to
-    # directory indexes. 
-    #
-    ReadmeName README
-    HeaderName HEADER
-
-    #
-    # IndexIgnore is a set of filenames which directory indexing should ignore
-    # and not include in the listing.  Shell-style wildcarding is permitted.
-    #
-    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
-
-</IfModule>
-# End of indexing directives.
-
-#
-# Document types.
-#
-<IfModule mod_mime.c>
-
-    #
-    # AddLanguage allows you to specify the language of a document. You can
-    # then use content negotiation to give a browser a file in a language
-    # it can understand.  
-    #
-    # Note 1: The suffix does not have to be the same as the language 
-    # keyword --- those with documents in Polish (whose net-standard 
-    # language code is pl) may wish to use "AddLanguage pl .po" to 
-    # avoid the ambiguity with the common suffix for perl scripts.
-    #
-    # Note 2: The example entries below illustrate that in quite
-    # some cases the two character 'Language' abbreviation is not
-    # identical to the two character 'Country' code for its country,
-    # E.g. 'Danmark/dk' versus 'Danish/da'.
-    #
-    # Note 3: In the case of 'ltz' we violate the RFC by using a three char 
-    # specifier. But there is 'work in progress' to fix this and get 
-    # the reference data for rfc1766 cleaned up.
-    #
-    # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
-    # French (fr) - German (de) - Greek-Modern (el)
-    # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn)
-    # Portugese (pt) - Luxembourgeois* (ltz)
-    # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cs)
-    # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
-    # Russian (ru)
-    #
-    AddLanguage da .dk
-    AddLanguage nl .nl
-    AddLanguage en .en
-    AddLanguage et .ee
-    AddLanguage fr .fr
-    AddLanguage de .de
-    AddLanguage el .el
-    AddLanguage he .he
-    AddCharset ISO-8859-8 .iso8859-8
-    AddLanguage it .it
-    AddLanguage ja .ja
-    AddCharset ISO-2022-JP .jis
-    AddLanguage kr .kr
-    AddCharset ISO-2022-KR .iso-kr
-    AddLanguage nn .nn
-    AddLanguage no .no
-    AddLanguage pl .po
-    AddCharset ISO-8859-2 .iso-pl
-    AddLanguage pt .pt
-    AddLanguage pt-br .pt-br
-    AddLanguage ltz .lu
-    AddLanguage ca .ca
-    AddLanguage es .es
-    AddLanguage sv .sv
-    AddLanguage cs .cz .cs
-    AddLanguage ru .ru
-    AddLanguage zh-TW .zh-tw
-    AddCharset Big5         .Big5    .big5
-    AddCharset WINDOWS-1251 .cp-1251
-    AddCharset CP866        .cp866
-    AddCharset ISO-8859-5   .iso-ru
-    AddCharset KOI8-R       .koi8-r
-    AddCharset UCS-2        .ucs2
-    AddCharset UCS-4        .ucs4
-    AddCharset UTF-8        .utf8
-
-    # LanguagePriority allows you to give precedence to some languages
-    # in case of a tie during content negotiation.
-    #
-    # Just list the languages in decreasing order of preference. We have
-    # more or less alphabetized them here. You probably want to change this.
-    #
-    <IfModule mod_negotiation.c>
-        LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
-    </IfModule>
-
-    #
-    # AddType allows you to tweak mime.types without actually editing it, or to
-    # make certain files to be certain types.
-    #
-    AddType application/x-tar .tgz
-
-    #
-    # AddEncoding allows you to have certain browsers uncompress
-    # information on the fly. Note: Not all browsers support this.
-    # Despite the name similarity, the following Add* directives have nothing
-    # to do with the FancyIndexing customization directives above.
-    #
-    AddEncoding x-compress .Z
-    AddEncoding x-gzip .gz .tgz
-    #
-    # If the AddEncoding directives above are commented-out, then you
-    # probably should define those extensions to indicate media types:
-    #
-    #AddType application/x-compress .Z
-    #AddType application/x-gzip .gz .tgz
-
-    #
-    # AddHandler allows you to map certain file extensions to "handlers",
-    # actions unrelated to filetype. These can be either built into the server
-    # or added with the Action command (see below)
-    #
-    # If you want to use server side includes, or CGI outside
-    # ScriptAliased directories, uncomment the following lines.
-    #
-    # To use CGI scripts:
-    #
-    #AddHandler cgi-script .cgi
-
-    #
-    # To use server-parsed HTML files
-    #
-    #AddType text/html .shtml
-    #AddHandler server-parsed .shtml
-
-    #
-    # Uncomment the following line to enable Apache's send-asis HTTP file
-    # feature
-    #
-    #AddHandler send-as-is asis
-
-    #
-    # If you wish to use server-parsed imagemap files, use
-    #
-    #AddHandler imap-file map
-
-    #
-    # To enable type maps, you might want to use
-    #
-    #AddHandler type-map var
-
-</IfModule>
-# End of document types.
-
-#
-# Action lets you define media types that will execute a script whenever
-# a matching file is called. This eliminates the need for repeated URL
-# pathnames for oft-used CGI file processors.
-# Format: Action media/type /cgi-script/location
-# Format: Action handler-name /cgi-script/location
-#
-
-#
-# MetaDir: specifies the name of the directory in which Apache can find
-# meta information files. These files contain additional HTTP headers
-# to include when sending the document
-#
-#MetaDir .web
-
-#
-# MetaSuffix: specifies the file name suffix for the file containing the
-# meta information.
-#
-#MetaSuffix .meta
-
-#
-# Customizable error response (Apache style)
-#  these come in three flavors
-#
-#    1) plain text
-#ErrorDocument 500 "The server made a boo boo.
-#  n.b.  the single leading (") marks it as text, it does not get output
-#
-#    2) local redirects
-#ErrorDocument 404 /missing.html
-#  to redirect to local URL /missing.html
-#ErrorDocument 404 /cgi-bin/missing_handler.pl
-#  N.B.: You can redirect to a script or a document using server-side-includes.
-#
-#    3) external redirects
-#ErrorDocument 402 http://www.example.com/subscription_info.html
-#  N.B.: Many of the environment variables associated with the original
-#  request will *not* be available to such a script.
-
-#
-# Customize behaviour based on the browser
-#
-<IfModule mod_setenvif.c>
-
-    #
-    # The following directives modify normal HTTP response behavior.
-    # The first directive disables keepalive for Netscape 2.x and browsers that
-    # spoof it. There are known problems with these browser implementations.
-    # The second directive is for Microsoft Internet Explorer 4.0b2
-    # which has a broken HTTP/1.1 implementation and does not properly
-    # support keepalive when it is used on 301 or 302 (redirect) responses.
-    #
-    BrowserMatch "Mozilla/2" nokeepalive
-    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-
-    #
-    # The following directive disables HTTP/1.1 responses to browsers which
-    # are in violation of the HTTP/1.0 spec by not being able to grok a
-    # basic 1.1 response.
-    #
-    BrowserMatch "RealPlayer 4\.0" force-response-1.0
-    BrowserMatch "Java/1\.0" force-response-1.0
-    BrowserMatch "JDK/1\.0" force-response-1.0
-
-</IfModule>
-# End of browser customization directives
-
-#
-# Allow server status reports, with the URL of http://servername/server-status
-# Change the ".example.com" to match your domain to enable.
-#
-#<Location /server-status>
-#    SetHandler server-status
-#    Order deny,allow
-#    Deny from all
-#    Allow from .example.com
-#</Location>
-
-#
-# Allow remote server configuration reports, with the URL of
-# http://servername/server-info (requires that mod_info.c be loaded).
-# Change the ".example.com" to match your domain to enable.
-#
-#<Location /server-info>
-#    SetHandler server-info
-#    Order deny,allow
-#    Deny from all
-#    Allow from .example.com
-#</Location>
-
-#
-# There have been reports of people trying to abuse an old bug from pre-1.1
-# days.  This bug involved a CGI script distributed as a part of Apache.
-# By uncommenting these lines you can redirect these attacks to a logging 
-# script on phf.apache.org.  Or, you can record them yourself, using the script
-# support/phf_abuse_log.cgi.
-#
-#<Location /cgi-bin/phf*>
-#    Deny from all
-#    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
-#</Location>
-
-### Section 3: Virtual Hosts
-#
-# VirtualHost: If you want to maintain multiple domains/hostnames on your
-# machine you can setup VirtualHost containers for them. Most configurations
-# use only name-based virtual hosts so the server doesn't need to worry about
-# IP addresses. This is indicated by the asterisks in the directives below.
-#
-# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
-# for further details before you try to setup virtual hosts.
-#
-# You may use the command line option '-S' to verify your virtual host
-# configuration.
-
-#
-# Use name-based virtual hosting.
-#
-#NameVirtualHost 0.0.0.0:80
-
-#
-# VirtualHost example:
-# Almost any Apache directive may go into a VirtualHost container.
-# The first VirtualHost section is used for requests without a known
-# server name.
-#
-#<VirtualHost 0.0.0.0:80>
-#    ServerAdmin webmaster@dummy-host.example.com
-#    DocumentRoot /www/docs/dummy-host.example.com
-#    ServerName dummy-host.example.com
-#    ErrorLog logs/dummy-host.example.com-error_log
-#    CustomLog logs/dummy-host.example.com-access_log common
-#</VirtualHost>
-
-#<VirtualHost _default_:*>
-#</VirtualHost>
-
-##
-##  SSL Global Context
-##
-##  All SSL configuration in this context applies both to
-##  the main server and all SSL-enabled virtual hosts.
-##
-
-#
-#   Some MIME-types for downloading Certificates and CRLs
-#
-<IfDefine SSL>
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl    .crl
-</IfDefine>
-
-<IfModule mod_ssl.c>
-
-#   Pass Phrase Dialog:
-#   Configure the pass phrase gathering process.
-#   The filtering dialog program (`builtin' is a internal
-#   terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog  builtin
-
-#   Configure the SSL Session Cache: First the mechanism 
-#   to use and second the expiring timeout (in seconds).
-#SSLSessionCache        none
-#SSLSessionCache        shmht:logs/ssl_scache(512000)
-#SSLSessionCache        shmcb:logs/ssl_scache(512000)
-SSLSessionCache         dbm:logs/ssl_scache
-SSLSessionCacheTimeout  300
-
-#   Semaphore:
-#   Configure the path to the mutual exclusion semaphore the
-#   SSL engine uses internally for inter-process synchronization. 
-SSLMutex  file:logs/ssl_mutex
-
-#   Pseudo Random Number Generator (PRNG):
-#   Configure one or more sources to seed the PRNG of the 
-#   SSL library. The seed data should be of good random quality.
-#   WARNING! On some platforms /dev/random blocks if not enough entropy
-#   is available. This means you then cannot use the /dev/random device
-#   because it would lead to very long connection times (as long as
-#   it requires to make more entropy available). But usually those
-#   platforms additionally provide a /dev/urandom device which doesn't
-#   block. So, if available, use this one instead. Read the mod_ssl User
-#   Manual for more details.
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-#SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed startup file:/dev/urandom 512
-#SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
-
-#   Logging:
-#   The home of the dedicated SSL protocol logfile. Errors are
-#   additionally duplicated in the general error log file.  Put
-#   this somewhere where it cannot be used for symlink attacks on
-#   a real server (i.e. somewhere where only root can write).
-#   Log levels are (ascending order: higher ones include lower ones):
-#   none, error, warn, info, trace, debug.
-SSLLog      logs/ssl_engine_log
-SSLLogLevel info
-
-</IfModule>
-
-<IfDefine SSL>
-
-##
-## SSL Virtual Host Context
-##
-
-<VirtualHost _default_:443>
-
-#  General setup for the virtual host
-DocumentRoot "@@ServerRoot@@/htdocs"
-ServerName new.host.name
-ServerAdmin you@your.address
-ErrorLog logs/error_log
-TransferLog logs/access_log
-
-#   SSL Engine Switch:
-#   Enable/Disable SSL for this virtual host.
-SSLEngine on
-
-#   SSL Cipher Suite:
-#   List the ciphers that the client is permitted to negotiate.
-#   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-
-#   SSL ECDH Curve:
-#   Named curve to use when generating ephemeral EC keys for an
-#   ECDHE-based cipher suite, or `none' to disable.
-SSLECDHCurve prime256v1
-
-#   SSL Honor Cipher Order:
-#   If on, use server's order of preference for ciphers.
-#SSLHonorCipherOrder on
-
-#   Server Certificate:
-#   Point SSLCertificateFile at a PEM encoded certificate.  If
-#   the certificate is encrypted, then you will be prompted for a
-#   pass phrase.  Note that a kill -HUP will prompt again. A test
-#   certificate can be generated with `make certificate' under
-#   built time. Keep in mind that if you've both a RSA and a DSA
-#   certificate you can configure both in parallel (to also allow
-#   the use of DSA ciphers, etc.)
-SSLCertificateFile @@ServerRoot@@/conf/ssl.crt/server.crt
-#SSLCertificateFile @@ServerRoot@@/conf/ssl.crt/server-dsa.crt
-
-#   Server Private Key:
-#   If the key is not combined with the certificate, use this
-#   directive to point at the key file.  Keep in mind that if
-#   you've both a RSA and a DSA private key you can configure
-#   both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile @@ServerRoot@@/conf/ssl.key/server.key
-#SSLCertificateKeyFile @@ServerRoot@@/conf/ssl.key/server-dsa.key
-
-#   Server Certificate Chain:
-#   Point SSLCertificateChainFile at a file containing the
-#   concatenation of PEM encoded CA certificates which form the
-#   certificate chain for the server certificate. Alternatively
-#   the referenced file can be the same as SSLCertificateFile
-#   when the CA certificates are directly appended to the server
-#   certificate for convinience.
-#SSLCertificateChainFile @@ServerRoot@@/conf/ssl.crt/ca.crt
-
-#   Certificate Authority (CA):
-#   Set the CA certificate verification path where to find CA
-#   certificates for client authentication or alternatively one
-#   huge file containing all of them (file must be PEM encoded)
-#   Note: Inside SSLCACertificatePath you need hash symlinks
-#         to point to the certificate files. Use the provided
-#         Makefile to update the hash symlinks after changes.
-#SSLCACertificatePath @@ServerRoot@@/conf/ssl.crt
-#SSLCACertificateFile @@ServerRoot@@/conf/ssl.crt/ca-bundle.crt
-
-#   Certificate Revocation Lists (CRL):
-#   Set the CA revocation path where to find CA CRLs for client
-#   authentication or alternatively one huge file containing all
-#   of them (file must be PEM encoded)
-#   Note: Inside SSLCARevocationPath you need hash symlinks
-#         to point to the certificate files. Use the provided
-#         Makefile to update the hash symlinks after changes.
-#SSLCARevocationPath @@ServerRoot@@/conf/ssl.crl
-#SSLCARevocationFile @@ServerRoot@@/conf/ssl.crl/ca-bundle.crl
-
-#   Client Authentication (Type):
-#   Client certificate verification type and depth.  Types are
-#   none, optional, require and optional_no_ca.  Depth is a
-#   number which specifies how deeply to verify the certificate
-#   issuer chain before deciding the certificate is not valid.
-#SSLVerifyClient require
-#SSLVerifyDepth  10
-
-#   Access Control:
-#   With SSLRequire you can do per-directory access control based
-#   on arbitrary complex boolean expressions containing server
-#   variable checks and other lookup directives.  The syntax is a
-#   mixture between C and Perl.  See the mod_ssl documentation
-#   for more details.
-#<Location />
-#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
-#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
-#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-#</Location>
-
-#   SSL Engine Options:
-#   Set various options for the SSL engine.
-#   o FakeBasicAuth:
-#     Translate the client X.509 into a Basic Authorisation.  This means that
-#     the standard Auth/DBMAuth methods can be used for access control.  The
-#     user name is the `one line' version of the client's X.509 certificate.
-#     Note that no password is obtained from the user. Every entry in the user
-#     file needs this password: `xxj31ZMTZzkVA'.
-#   o ExportCertData:
-#     This exports two additional environment variables: SSL_CLIENT_CERT and
-#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-#     server (always existing) and the client (only existing when client
-#     authentication is used). This can be used to import the certificates
-#     into CGI scripts.
-#   o StdEnvVars:
-#     This exports the standard SSL/TLS related `SSL_*' environment variables.
-#     Per default this exportation is switched off for performance reasons,
-#     because the extraction step is an expensive operation and is usually
-#     useless for serving static content. So one usually enables the
-#     exportation for CGI and SSI requests only.
-#   o CompatEnvVars:
-#     This exports obsolete environment variables for backward compatibility
-#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
-#     to provide compatibility to existing CGI scripts.
-#   o StrictRequire:
-#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
-#     under a "Satisfy any" situation, i.e. when it applies access is denied
-#     and no other module can change it.
-#   o OptRenegotiate:
-#     This enables optimized SSL connection renegotiation handling when SSL
-#     directives are used in per-directory context. 
-#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
-<Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
-    SSLOptions +StdEnvVars
-</Files>
-<Directory "@@ServerRoot@@/cgi-bin">
-    SSLOptions +StdEnvVars
-</Directory>
-
-#   SSL Protocol Adjustments:
-#   The safe and default but still SSL/TLS standard compliant shutdown
-#   approach is that mod_ssl sends the close notify alert but doesn't wait for
-#   the close notify alert from client. When you need a different shutdown
-#   approach you can use one of the following variables:
-#   o ssl-unclean-shutdown:
-#     This forces an unclean shutdown when the connection is closed, i.e. no
-#     SSL close notify alert is send or allowed to received.  This violates
-#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
-#     this when you receive I/O errors because of the standard approach where
-#     mod_ssl sends the close notify alert.
-#   o ssl-accurate-shutdown:
-#     This forces an accurate shutdown when the connection is closed, i.e. a
-#     SSL close notify alert is send and mod_ssl waits for the close notify
-#     alert of the client. This is 100% SSL/TLS standard compliant, but in
-#     practice often causes hanging connections with brain-dead browsers. Use
-#     this only for browsers where you know that their SSL implementation
-#     works correctly. 
-#   Notice: Most problems of broken clients are also related to the HTTP
-#   keep-alive facility, so you usually additionally want to disable
-#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
-#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
-#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
-#   "force-response-1.0" for this.
-SetEnvIf User-Agent ".*MSIE.*" \
-         nokeepalive ssl-unclean-shutdown \
-         downgrade-1.0 force-response-1.0
-
-#   Per-Server Logging:
-#   The home of a custom SSL log file. Use this when you want a
-#   compact non-error SSL logfile on a virtual host basis.
-CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-</VirtualHost>                                  
-
-</IfDefine>
-
diff --git a/usr.sbin/httpd/conf/magic b/usr.sbin/httpd/conf/magic
deleted file mode 100644
index 809ce30ec1f..00000000000
--- a/usr.sbin/httpd/conf/magic
+++ /dev/null
@@ -1,382 +0,0 @@
-# Magic data for mod_mime_magic Apache module (originally for file(1) command)
-# The module is described in htdocs/manual/mod/mod_mime_magic.html
-#
-# The format is 4-5 columns:
-#    Column #1: byte number to begin checking from, ">" indicates continuation
-#    Column #2: type of data to match
-#    Column #3: contents of data to match
-#    Column #4: MIME type of result
-#    Column #5: MIME encoding of result (optional)
-
-#------------------------------------------------------------------------------
-# Localstuff:  file(1) magic for locally observed files
-# Add any locally observed files here.
-
-#------------------------------------------------------------------------------
-# end local stuff
-#------------------------------------------------------------------------------
-
-#------------------------------------------------------------------------------
-# Java
-
-0	short		0xcafe
->2	short		0xbabe		application/java
-
-#------------------------------------------------------------------------------
-# audio:  file(1) magic for sound formats
-#
-# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
-#
-
-# Sun/NeXT audio data
-0	string		.snd
->12	belong		1		audio/basic
->12	belong		2		audio/basic
->12	belong		3		audio/basic
->12	belong		4		audio/basic
->12	belong		5		audio/basic
->12	belong		6		audio/basic
->12	belong		7		audio/basic
-
->12	belong		23		audio/x-adpcm
-
-# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
-# that uses little-endian encoding and has a different magic number
-# (0x0064732E in little-endian encoding).
-0	lelong		0x0064732E	
->12	lelong		1		audio/x-dec-basic
->12	lelong		2		audio/x-dec-basic
->12	lelong		3		audio/x-dec-basic
->12	lelong		4		audio/x-dec-basic
->12	lelong		5		audio/x-dec-basic
->12	lelong		6		audio/x-dec-basic
->12	lelong		7		audio/x-dec-basic
-#                                       compressed (G.721 ADPCM)
->12	lelong		23		audio/x-dec-adpcm
-
-# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
-#					AIFF audio data
-8	string		AIFF		audio/x-aiff	
-#					AIFF-C audio data
-8	string		AIFC		audio/x-aiff	
-#					IFF/8SVX audio data
-8	string		8SVX		audio/x-aiff	
-
-# Creative Labs AUDIO stuff
-#					Standard MIDI data
-0	string	MThd			audio/unknown	
-#>9 	byte	>0			(format %d)
-#>11	byte	>1			using %d channels
-#					Creative Music (CMF) data
-0	string	CTMF			audio/unknown	
-#					SoundBlaster instrument data
-0	string	SBI			audio/unknown	
-#					Creative Labs voice data
-0	string	Creative\ Voice\ File	audio/unknown	
-## is this next line right?  it came this way...
-#>19	byte	0x1A
-#>23	byte	>0			- version %d
-#>22	byte	>0			\b.%d
-
-# [GRR 950115:  is this also Creative Labs?  Guessing that first line
-#  should be string instead of unknown-endian long...]
-#0	long		0x4e54524b	MultiTrack sound data
-#0	string		NTRK		MultiTrack sound data
-#>4	long		x		- version %ld
-
-# Microsoft WAVE format (*.wav)
-# [GRR 950115:  probably all of the shorts and longs should be leshort/lelong]
-#					Microsoft RIFF
-0	string		RIFF		audio/unknown
-#					- WAVE format
->8	string		WAVE		audio/x-wav
-# MPEG audio.
-0   beshort&0xfff0  0xfff0  audio/mpeg
-# C64 SID Music files, from Linus Walleij <triad@df.lth.se>
-0   string      PSID        audio/prs.sid
-
-#------------------------------------------------------------------------------
-# c-lang:  file(1) magic for C programs or various scripts
-#
-
-# XPM icons (Greg Roelofs, newt@uchicago.edu)
-# ideally should go into "images", but entries below would tag XPM as C source
-0	string		/*\ XPM		image/x-xbm	7bit
-
-# this first will upset you if you're a PL/1 shop... (are there any left?)
-# in which case rm it; ascmagic will catch real C programs
-#					C or REXX program text
-0	string		/*		text/plain
-#					C++ program text
-0	string		//		text/plain
-
-#------------------------------------------------------------------------------
-# compress:  file(1) magic for pure-compression formats (no archives)
-#
-# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
-#
-# Formats for various forms of compressed data
-# Formats for "compress" proper have been moved into "compress.c",
-# because it tries to uncompress it to figure out what's inside.
-
-# standard unix compress
-0	string		\037\235	application/octet-stream	x-compress
-
-# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
-0       string          \037\213        application/octet-stream	x-gzip
-
-# According to gzip.h, this is the correct byte order for packed data.
-0	string		\037\036	application/octet-stream
-#
-# This magic number is byte-order-independent.
-#
-0	short		017437		application/octet-stream
-
-# XXX - why *two* entries for "compacted data", one of which is
-# byte-order independent, and one of which is byte-order dependent?
-#
-# compacted data
-0	short		0x1fff		application/octet-stream
-0	string		\377\037	application/octet-stream
-# huf output
-0	short		0145405		application/octet-stream
-
-# Squeeze and Crunch...
-# These numbers were gleaned from the Unix versions of the programs to
-# handle these formats.  Note that I can only uncrunch, not crunch, and
-# I didn't have a crunched file handy, so the crunch number is untested.
-#				Keith Waclena <keith@cerberus.uchicago.edu>
-#0	leshort		0x76FF		squeezed data (CP/M, DOS)
-#0	leshort		0x76FE		crunched data (CP/M, DOS)
-
-# Freeze
-#0	string		\037\237	Frozen file 2.1
-#0	string		\037\236	Frozen file 1.0 (or gzip 0.5)
-
-# lzh?
-#0	string		\037\240	LZH compressed data
-
-#------------------------------------------------------------------------------
-# frame:  file(1) magic for FrameMaker files
-#
-# This stuff came on a FrameMaker demo tape, most of which is
-# copyright, but this file is "published" as witness the following:
-#
-0	string		\<MakerFile	application/x-frame
-0	string		\<MIFFile	application/x-frame
-0	string		\<MakerDictionary	application/x-frame
-0	string		\<MakerScreenFon	application/x-frame
-0	string		\<MML		application/x-frame
-0	string		\<Book		application/x-frame
-0	string		\<Maker		application/x-frame
-
-#------------------------------------------------------------------------------
-# html:  file(1) magic for HTML (HyperText Markup Language) docs
-#
-# from Daniel Quinlan <quinlan@yggdrasil.com>
-# and Anna Shergold <anna@inext.co.uk>
-#
-0   string      \<!DOCTYPE\ HTML    text/html
-0   string      \<!doctype\ html    text/html
-0   string      \<HEAD      text/html
-0   string      \<head      text/html
-0   string      \<TITLE     text/html
-0   string      \<title     text/html
-0   string      \<html      text/html
-0   string      \<HTML      text/html
-0   string      \<!--       text/html
-0   string      \<h1        text/html
-0   string      \<H1        text/html
-
-# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se>
-0   string      \<?xml      text/xml
-
-#------------------------------------------------------------------------------
-# images:  file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
-#
-# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
-# additions by janl@ifi.uio.no as well as others. Jan also suggested
-# merging several one- and two-line files into here.
-#
-# XXX - byte order for GIF and TIFF fields?
-# [GRR:  TIFF allows both byte orders; GIF is probably little-endian]
-#
-
-# [GRR:  what the hell is this doing in here?]
-#0	string		xbtoa		btoa'd file
-
-# PBMPLUS
-#					PBM file
-0	string		P1		image/x-portable-bitmap	7bit
-#					PGM file
-0	string		P2		image/x-portable-greymap	7bit
-#					PPM file
-0	string		P3		image/x-portable-pixmap	7bit
-#					PBM "rawbits" file
-0	string		P4		image/x-portable-bitmap
-#					PGM "rawbits" file
-0	string		P5		image/x-portable-greymap
-#					PPM "rawbits" file
-0	string		P6		image/x-portable-pixmap
-
-# NIFF (Navy Interchange File Format, a modification of TIFF)
-# [GRR:  this *must* go before TIFF]
-0	string		IIN1		image/x-niff
-
-# TIFF and friends
-#					TIFF file, big-endian
-0	string		MM		image/tiff
-#					TIFF file, little-endian
-0	string		II		image/tiff
-
-# possible GIF replacements; none yet released!
-# (Greg Roelofs, newt@uchicago.edu)
-#
-# GRR 950115:  this was mine ("Zip GIF"):
-#					ZIF image (GIF+deflate alpha)
-0	string		GIF94z		image/unknown
-#
-# GRR 950115:  this is Jeremy Wohl's Free Graphics Format (better):
-#					FGF image (GIF+deflate beta)
-0	string		FGF95a		image/unknown
-#
-# GRR 950115:  this is Thomas Boutell's Portable Bitmap Format proposal
-# (best; not yet implemented):
-#					PBF image (deflate compression)
-0	string		PBF		image/unknown
-
-# GIF
-0	string		GIF		image/gif
-
-# JPEG images
-0	beshort		0xffd8		image/jpeg
-
-# PC bitmaps (OS/2, Windoze BMP files)  (Greg Roelofs, newt@uchicago.edu)
-0	string		BM		image/bmp
-#>14	byte		12		(OS/2 1.x format)
-#>14	byte		64		(OS/2 2.x format)
-#>14	byte		40		(Windows 3.x format)
-#0	string		IC		icon
-#0	string		PI		pointer
-#0	string		CI		color icon
-#0	string		CP		color pointer
-#0	string		BA		bitmap array
-
-
-#------------------------------------------------------------------------------
-# lisp:  file(1) magic for lisp programs
-#
-# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
-0	string	;;			text/plain	8bit
-# Emacs 18 - this is always correct, but not very magical.
-0	string	\012(			application/x-elc
-# Emacs 19
-0	string	;ELC\023\000\000\000	application/x-elc
-
-#------------------------------------------------------------------------------
-# mail.news:  file(1) magic for mail and news
-#
-# There are tests to ascmagic.c to cope with mail and news.
-0	string		Relay-Version: 	message/rfc822	7bit
-0	string		#!\ rnews	message/rfc822	7bit
-0	string		N#!\ rnews	message/rfc822	7bit
-0	string		Forward\ to 	message/rfc822	7bit
-0	string		Pipe\ to 	message/rfc822	7bit
-0	string		Return-Path:	message/rfc822	7bit
-0	string		Path:		message/news	8bit
-0	string		Xref:		message/news	8bit
-0	string		From:		message/rfc822	7bit
-0	string		Article 	message/news	8bit
-#------------------------------------------------------------------------------
-# msword: file(1) magic for MS Word files
-#
-# Contributor claims:
-# Reversed-engineered MS Word magic numbers
-#
-
-0	string		\376\067\0\043			application/msword
-0	string		\333\245-\0\0\0			application/msword
-
-# disable this one because it applies also to other
-# Office/OLE documents for which msword is not correct. See PR#2608.
-#0	string		\320\317\021\340\241\261	application/msword
-
-
-
-#------------------------------------------------------------------------------
-# printer:  file(1) magic for printer-formatted files
-#
-
-# PostScript
-0	string		%!		application/postscript
-0	string		\004%!		application/postscript
-
-# Acrobat
-# (due to clamen@cs.cmu.edu)
-0	string		%PDF-		application/pdf
-
-#------------------------------------------------------------------------------
-# sc:  file(1) magic for "sc" spreadsheet
-#
-38	string		Spreadsheet	application/x-sc
-
-#------------------------------------------------------------------------------
-# tex:  file(1) magic for TeX files
-#
-# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
-#
-# From <conklin@talisman.kaleida.com>
-
-# Although we may know the offset of certain text fields in TeX DVI
-# and font files, we can't use them reliably because they are not
-# zero terminated. [but we do anyway, christos]
-0	string		\367\002	application/x-dvi
-#0	string		\367\203	TeX generic font data
-#0	string		\367\131	TeX packed font data
-#0	string		\367\312	TeX virtual font data
-#0	string		This\ is\ TeX,	TeX transcript text	
-#0	string		This\ is\ METAFONT,	METAFONT transcript text
-
-# There is no way to detect TeX Font Metric (*.tfm) files without
-# breaking them apart and reading the data.  The following patterns
-# match most *.tfm files generated by METAFONT or afm2tfm.
-#2	string		\000\021	TeX font metric data
-#2	string		\000\022	TeX font metric data
-#>34	string		>\0		(%s)
-
-# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
-#0	string		\\input\ texinfo	Texinfo source text
-#0	string		This\ is\ Info\ file	GNU Info text
-
-# correct TeX magic for Linux (and maybe more)
-# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
-#
-0	leshort		0x02f7		application/x-dvi
-
-# RTF - Rich Text Format
-0	string		{\\rtf		application/rtf
-
-#------------------------------------------------------------------------------
-# animation:  file(1) magic for animation/movie formats
-#
-# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
-#						MPEG file
-0	string		\000\000\001\263	video/mpeg
-#
-# The contributor claims:
-#   I couldn't find a real magic number for these, however, this
-#   -appears- to work.  Note that it might catch other files, too,
-#   so BE CAREFUL!
-#
-# Note that title and author appear in the two 20-byte chunks
-# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
-# 255 (hex FF)! DL format SUCKS BIG ROCKS.
-#
-#						DL file version 1 , medium format (160x100, 4 images/screen)
-0	byte		1			video/unknown
-0	byte		2			video/unknown
-# Quicktime video, from Linus Walleij <triad@df.lth.se>
-# from Apple quicktime file format documentation.
-4   string      moov        video/quicktime 
-4   string      mdat        video/quicktime
-
diff --git a/usr.sbin/httpd/conf/mime.types b/usr.sbin/httpd/conf/mime.types
deleted file mode 100644
index e5cd0235918..00000000000
--- a/usr.sbin/httpd/conf/mime.types
+++ /dev/null
@@ -1,616 +0,0 @@
-# This is a comment. I love comments.
-
-# This file controls what Internet media types are sent to the client for
-# given file extension(s).  Sending the correct media type to the client
-# is important so they know how to handle the content of the file.
-# Extra types can either be added here or by using an AddType directive
-# in your config files. For more information about Internet media types,
-# please read RFC 2045, 2046, 2047, 2048, and 2077.  The Internet media type
-# registry is at <http://www.iana.org/assignments/media-types/>.
-
-# MIME type			Extensions
-application/activemessage
-application/andrew-inset	ez
-application/applefile
-application/atomicmail
-application/atom+xml		atom
-application/batch-smtp
-application/beep+xml
-application/cals-1840
-application/cnrp+xml
-application/commonground
-application/cpl+xml
-application/cybercash
-application/dca-rft
-application/dec-dx
-application/dvcs
-application/edi-consent
-application/edifact
-application/edi-x12
-application/eshop
-application/font-tdpfr
-application/http
-application/hyperstudio
-application/iges
-application/index
-application/index.cmd
-application/index.obj
-application/index.response
-application/index.vnd
-application/iotp
-application/ipp
-application/isup
-application/mac-binhex40	hqx
-application/mac-compactpro	cpt
-application/macwriteii
-application/marc
-application/mathematica
-application/mathml+xml		mathml
-application/msword		doc
-application/news-message-id
-application/news-transmission
-application/ocsp-request
-application/ocsp-response
-application/octet-stream	bin dms lha lzh exe class so dll
-application/oda			oda
-application/ogg			ogx oggx
-application/parityfec
-application/pdf			pdf
-application/pgp-encrypted
-application/pgp-keys
-application/pgp-signature
-application/pkcs10
-application/pkcs7-mime
-application/pkcs7-signature
-application/pkix-cert
-application/pkix-crl
-application/pkixcmp
-application/postscript		ai eps ps
-application/prs.alvestrand.titrax-sheet
-application/prs.cww
-application/prs.nprend
-application/prs.plucker
-application/qsig
-application/rdf+xml		rdf
-application/reginfo+xml
-application/remote-printing
-application/riscos
-application/rss+xml		rss
-application/rtf
-application/sdp
-application/set-payment
-application/set-payment-initiation
-application/set-registration
-application/set-registration-initiation
-application/sgml
-application/sgml-open-catalog
-application/sieve
-application/slate
-application/smil		smi smil
-application/srgs		gram
-application/srgs+xml		grxml
-application/timestamp-query
-application/timestamp-reply
-application/tve-trigger
-application/vemmi
-application/vnd.3gpp.pic-bw-large
-application/vnd.3gpp.pic-bw-small
-application/vnd.3gpp.pic-bw-var
-application/vnd.3gpp.sms
-application/vnd.3m.post-it-notes
-application/vnd.accpac.simply.aso
-application/vnd.accpac.simply.imp
-application/vnd.acucobol
-application/vnd.acucorp
-application/vnd.adobe.xfdf
-application/vnd.aether.imp
-application/vnd.amiga.ami
-application/vnd.anser-web-certificate-issue-initiation
-application/vnd.anser-web-funds-transfer-initiation
-application/vnd.audiograph
-application/vnd.blueice.multipass
-application/vnd.bmi
-application/vnd.businessobjects
-application/vnd.canon-cpdl
-application/vnd.canon-lips
-application/vnd.cinderella
-application/vnd.claymore
-application/vnd.commerce-battelle
-application/vnd.commonspace
-application/vnd.contact.cmsg
-application/vnd.cosmocaller
-application/vnd.criticaltools.wbs+xml
-application/vnd.ctc-posml
-application/vnd.cups-postscript
-application/vnd.cups-raster
-application/vnd.cups-raw
-application/vnd.curl
-application/vnd.cybank
-application/vnd.data-vision.rdz
-application/vnd.dna
-application/vnd.dpgraph
-application/vnd.dreamfactory
-application/vnd.dxr
-application/vnd.ecdis-update
-application/vnd.ecowin.chart
-application/vnd.ecowin.filerequest
-application/vnd.ecowin.fileupdate
-application/vnd.ecowin.series
-application/vnd.ecowin.seriesrequest
-application/vnd.ecowin.seriesupdate
-application/vnd.enliven
-application/vnd.epson.esf
-application/vnd.epson.msf
-application/vnd.epson.quickanime
-application/vnd.epson.salt
-application/vnd.epson.ssf
-application/vnd.ericsson.quickcall
-application/vnd.eudora.data
-application/vnd.fdf
-application/vnd.ffsns
-application/vnd.fints
-application/vnd.flographit
-application/vnd.framemaker
-application/vnd.fsc.weblaunch
-application/vnd.fujitsu.oasys
-application/vnd.fujitsu.oasys2
-application/vnd.fujitsu.oasys3
-application/vnd.fujitsu.oasysgp
-application/vnd.fujitsu.oasysprs
-application/vnd.fujixerox.ddd
-application/vnd.fujixerox.docuworks
-application/vnd.fujixerox.docuworks.binder
-application/vnd.fut-misnet
-application/vnd.google-earth.kml+xml kml
-application/vnd.google-earth.kmz kmz
-application/vnd.grafeq
-application/vnd.groove-account
-application/vnd.groove-help
-application/vnd.groove-identity-message
-application/vnd.groove-injector
-application/vnd.groove-tool-message
-application/vnd.groove-tool-template
-application/vnd.groove-vcard
-application/vnd.hbci
-application/vnd.hhe.lesson-player
-application/vnd.hp-hpgl
-application/vnd.hp-hpid
-application/vnd.hp-hps
-application/vnd.hp-pcl
-application/vnd.hp-pclxl
-application/vnd.httphone
-application/vnd.hzn-3d-crossword
-application/vnd.ibm.afplinedata
-application/vnd.ibm.electronic-media
-application/vnd.ibm.minipay
-application/vnd.ibm.modcap
-application/vnd.ibm.rights-management
-application/vnd.ibm.secure-container
-application/vnd.informix-visionary
-application/vnd.intercon.formnet
-application/vnd.intertrust.digibox
-application/vnd.intertrust.nncp
-application/vnd.intu.qbo
-application/vnd.intu.qfx
-application/vnd.irepository.package+xml
-application/vnd.is-xpr
-application/vnd.japannet-directory-service
-application/vnd.japannet-jpnstore-wakeup
-application/vnd.japannet-payment-wakeup
-application/vnd.japannet-registration
-application/vnd.japannet-registration-wakeup
-application/vnd.japannet-setstore-wakeup
-application/vnd.japannet-verification
-application/vnd.japannet-verification-wakeup
-application/vnd.jisp
-application/vnd.kde.karbon
-application/vnd.kde.kchart
-application/vnd.kde.kformula
-application/vnd.kde.kivio
-application/vnd.kde.kontour
-application/vnd.kde.kpresenter
-application/vnd.kde.kspread
-application/vnd.kde.kword
-application/vnd.kenameaapp
-application/vnd.koan
-application/vnd.liberty-request+xml
-application/vnd.llamagraphics.life-balance.desktop
-application/vnd.llamagraphics.life-balance.exchange+xml
-application/vnd.lotus-1-2-3
-application/vnd.lotus-approach
-application/vnd.lotus-freelance
-application/vnd.lotus-notes
-application/vnd.lotus-organizer
-application/vnd.lotus-screencam
-application/vnd.lotus-wordpro
-application/vnd.mcd
-application/vnd.mediastation.cdkey
-application/vnd.meridian-slingshot
-application/vnd.micrografx.flo
-application/vnd.micrografx.igx
-application/vnd.mif		mif
-application/vnd.minisoft-hp3000-save
-application/vnd.mitsubishi.misty-guard.trustweb
-application/vnd.mobius.daf
-application/vnd.mobius.dis
-application/vnd.mobius.mbk
-application/vnd.mobius.mqy
-application/vnd.mobius.msl
-application/vnd.mobius.plc
-application/vnd.mobius.txf
-application/vnd.mophun.application
-application/vnd.mophun.certificate
-application/vnd.motorola.flexsuite
-application/vnd.motorola.flexsuite.adsi
-application/vnd.motorola.flexsuite.fis
-application/vnd.motorola.flexsuite.gotap
-application/vnd.motorola.flexsuite.kmr
-application/vnd.motorola.flexsuite.ttc
-application/vnd.motorola.flexsuite.wem
-application/vnd.mozilla.xul+xml	xul
-application/vnd.ms-artgalry
-application/vnd.ms-asf
-application/vnd.ms-excel	xls
-application/vnd.ms-lrm
-application/vnd.ms-powerpoint	ppt
-application/vnd.ms-project
-application/vnd.ms-tnef
-application/vnd.ms-works
-application/vnd.ms-wpl
-application/vnd.mseq
-application/vnd.msign
-application/vnd.music-niff
-application/vnd.musician
-application/vnd.netfpx
-application/vnd.noblenet-directory
-application/vnd.noblenet-sealer
-application/vnd.noblenet-web
-application/vnd.novadigm.edm
-application/vnd.novadigm.edx
-application/vnd.novadigm.ext
-application/vnd.oasis.opendocument.chart			odc
-application/vnd.oasis.opendocument.chart-template		otc
-application/vnd.oasis.opendocument.database			odb
-application/vnd.oasis.opendocument.formula			odf
-application/vnd.oasis.opendocument.formula-template		otf
-application/vnd.oasis.opendocument.graphics			odg
-application/vnd.oasis.opendocument.graphics-template		otg
-application/vnd.oasis.opendocument.image			odi
-application/vnd.oasis.opendocument.image-template		oti
-application/vnd.oasis.opendocument.presentation			odp
-application/vnd.oasis.opendocument.presentation-template	otp
-application/vnd.oasis.opendocument.spreadsheet			ods
-application/vnd.oasis.opendocument.spreadsheet-template		ots
-application/vnd.oasis.opendocument.text				odt
-application/vnd.oasis.opendocument.text-master			odm
-application/vnd.oasis.opendocument.text-template		ott
-application/vnd.oasis.opendocument.text-web			oth
-application/vnd.obn
-application/vnd.osa.netdeploy
-application/vnd.palm
-application/vnd.pg.format
-application/vnd.pg.osasli
-application/vnd.powerbuilder6
-application/vnd.powerbuilder6-s
-application/vnd.powerbuilder7
-application/vnd.powerbuilder7-s
-application/vnd.powerbuilder75
-application/vnd.powerbuilder75-s
-application/vnd.previewsystems.box
-application/vnd.publishare-delta-tree
-application/vnd.pvi.ptid1
-application/vnd.pwg-multiplexed
-application/vnd.pwg-xhtml-print+xml
-application/vnd.quark.quarkxpress
-application/vnd.rapid
-application/vnd.s3sms
-application/vnd.sealed.net
-application/vnd.seemail
-application/vnd.shana.informed.formdata
-application/vnd.shana.informed.formtemplate
-application/vnd.shana.informed.interchange
-application/vnd.shana.informed.package
-application/vnd.smaf
-application/vnd.sss-cod
-application/vnd.sss-dtf
-application/vnd.sss-ntf
-application/vnd.street-stream
-application/vnd.svd
-application/vnd.swiftview-ics
-application/vnd.triscape.mxs
-application/vnd.trueapp
-application/vnd.truedoc
-application/vnd.ufdl
-application/vnd.uplanet.alert
-application/vnd.uplanet.alert-wbxml
-application/vnd.uplanet.bearer-choice
-application/vnd.uplanet.bearer-choice-wbxml
-application/vnd.uplanet.cacheop
-application/vnd.uplanet.cacheop-wbxml
-application/vnd.uplanet.channel
-application/vnd.uplanet.channel-wbxml
-application/vnd.uplanet.list
-application/vnd.uplanet.list-wbxml
-application/vnd.uplanet.listcmd
-application/vnd.uplanet.listcmd-wbxml
-application/vnd.uplanet.signal
-application/vnd.vcx
-application/vnd.vectorworks
-application/vnd.vidsoft.vidconference
-application/vnd.visio
-application/vnd.visionary
-application/vnd.vividence.scriptfile
-application/vnd.vsf
-application/vnd.wap.sic
-application/vnd.wap.slc
-application/vnd.wap.wbxml	wbxml
-application/vnd.wap.wmlc	wmlc
-application/vnd.wap.wmlscriptc	wmlsc
-application/vnd.webturbo
-application/vnd.wrq-hp3000-labelled
-application/vnd.wt.stf
-application/vnd.wv.csp+wbxml
-application/vnd.xara
-application/vnd.xfdl
-application/vnd.yamaha.hv-dic
-application/vnd.yamaha.hv-script
-application/vnd.yamaha.hv-voice
-application/vnd.yellowriver-custom-menu
-application/voicexml+xml	vxml
-application/watcherinfo+xml
-application/whoispp-query
-application/whoispp-response
-application/wita
-application/wordperfect5.1
-application/x-bcpio		bcpio
-application/x-bittorrent	torrent
-application/x-cdlink		vcd
-application/x-chess-pgn		pgn
-application/x-compress
-application/x-cpio		cpio
-application/x-csh		csh
-application/x-director		dcr dir dxr
-application/x-dvi		dvi
-application/x-futuresplash	spl
-application/x-gtar		gtar
-application/x-gzip
-application/x-hdf		hdf
-application/x-javascript	js
-application/x-koan		skp skd skt skm
-application/x-latex		latex
-application/x-netcdf		nc cdf
-application/x-sh		sh
-application/x-shar		shar
-application/x-shockwave-flash	swf
-application/x-stuffit		sit
-application/x-sv4cpio		sv4cpio
-application/x-sv4crc		sv4crc
-application/x-tar		tar tgz
-application/x-tcl		tcl
-application/x-tex		tex
-application/x-texinfo		texinfo texi
-application/x-troff		t tr roff
-application/x-troff-man		man
-application/x-troff-me		me
-application/x-troff-ms		ms
-application/x-ustar		ustar
-application/x-wais-source	src
-application/x400-bp
-application/xhtml+xml		xhtml xht
-application/xslt+xml		xslt
-application/xml			xml xsl
-application/xml-dtd		dtd
-application/xml-external-parsed-entity
-application/zip			zip
-audio/32kadpcm
-audio/amr
-audio/amr-wb
-audio/basic			au snd
-audio/cn
-audio/dat12
-audio/dsr-es201108
-audio/dvi4
-audio/evrc
-audio/evrc0
-audio/g722
-audio/g.722.1
-audio/g723
-audio/g726-16
-audio/g726-24
-audio/g726-32
-audio/g726-40
-audio/g728
-audio/g729
-audio/g729D
-audio/g729E
-audio/gsm
-audio/gsm-efr
-audio/l8
-audio/l16
-audio/l20
-audio/l24
-audio/lpc
-audio/midi			mid midi kar
-audio/mpa
-audio/mpa-robust
-audio/mp4a-latm
-audio/mpeg			mpga mp2 mp3
-audio/ogg			oga ogga spx
-audio/parityfec
-audio/pcma
-audio/pcmu
-audio/prs.sid
-audio/qcelp
-audio/red
-audio/smv
-audio/smv0
-audio/telephone-event
-audio/tone
-audio/vdvi
-audio/vnd.3gpp.iufp
-audio/vnd.cisco.nse
-audio/vnd.cns.anp1
-audio/vnd.cns.inf1
-audio/vnd.digital-winds
-audio/vnd.everad.plj
-audio/vnd.lucent.voice
-audio/vnd.nortel.vbk
-audio/vnd.nuera.ecelp4800
-audio/vnd.nuera.ecelp7470
-audio/vnd.nuera.ecelp9600
-audio/vnd.octel.sbc
-audio/vnd.qcelp
-audio/vnd.rhetorex.32kadpcm
-audio/vnd.vmx.cvsd
-audio/x-aiff			aif aiff aifc
-audio/x-alaw-basic
-audio/x-mpegurl			m3u
-audio/x-pn-realaudio		ram rm
-audio/x-pn-realaudio-plugin	rpm
-audio/x-realaudio		ra
-audio/x-wav			wav
-audio/x-vorbis			ogg
-chemical/x-pdb			pdb
-chemical/x-xyz			xyz
-image/bmp			bmp
-image/cgm			cgm
-image/g3fax
-image/gif			gif
-image/ief			ief
-image/jpeg			jpeg jpg jpe
-image/naplps
-image/png			png
-image/prs.btif
-image/prs.pti
-image/svg+xml			svg
-image/t38
-image/tiff			tiff tif
-image/tiff-fx
-image/vnd.cns.inf2
-image/vnd.djvu			djvu djv
-image/vnd.dwg
-image/vnd.dxf
-image/vnd.fastbidsheet
-image/vnd.fpx
-image/vnd.fst
-image/vnd.fujixerox.edmics-mmr
-image/vnd.fujixerox.edmics-rlc
-image/vnd.globalgraphics.pgb
-image/vnd.mix
-image/vnd.ms-modi
-image/vnd.net-fpx
-image/vnd.svf
-image/vnd.wap.wbmp		wbmp
-image/vnd.xiff
-image/x-cmu-raster		ras
-image/x-icon			ico
-image/x-portable-anymap		pnm
-image/x-portable-bitmap		pbm
-image/x-portable-graymap	pgm
-image/x-portable-pixmap		ppm
-image/x-rgb			rgb
-image/x-xbitmap			xbm
-image/x-xpixmap			xpm
-image/x-xwindowdump		xwd
-message/delivery-status
-message/disposition-notification
-message/external-body
-message/http
-message/news
-message/partial
-message/rfc822
-message/s-http
-message/sip
-message/sipfrag
-model/iges			igs iges
-model/mesh			msh mesh silo
-model/vnd.dwf
-model/vnd.flatland.3dml
-model/vnd.gdl
-model/vnd.gs-gdl
-model/vnd.gtw
-model/vnd.mts
-model/vnd.parasolid.transmit.binary
-model/vnd.parasolid.transmit.text
-model/vnd.vtu
-model/vrml			wrl vrml
-multipart/alternative
-multipart/appledouble
-multipart/byteranges
-multipart/digest
-multipart/encrypted
-multipart/form-data
-multipart/header-set
-multipart/mixed
-multipart/parallel
-multipart/related
-multipart/report
-multipart/signed
-multipart/voice-message
-text/calendar			ics ifb
-text/css			css
-text/directory
-text/enriched
-text/html			html htm
-text/parityfec
-text/plain			asc txt
-text/prs.lines.tag
-text/rfc822-headers
-text/richtext			rtx
-text/rtf			rtf
-text/sgml			sgml sgm
-text/t140
-text/tab-separated-values	tsv
-text/uri-list
-text/vnd.abc
-text/vnd.curl
-text/vnd.dmclientscript
-text/vnd.fly
-text/vnd.fmi.flexstor
-text/vnd.in3d.3dml
-text/vnd.in3d.spot
-text/vnd.iptc.nitf
-text/vnd.iptc.newsml
-text/vnd.latex-z
-text/vnd.motorola.reflex
-text/vnd.ms-mediapackage
-text/vnd.net2phone.commcenter.command
-text/vnd.sun.j2me.app-descriptor
-text/vnd.wap.si
-text/vnd.wap.sl
-text/vnd.wap.wml		wml
-text/vnd.wap.wmlscript		wmls
-text/x-setext			etx
-text/xml
-text/xml-external-parsed-entity
-video/bmpeg
-video/bt656
-video/celb
-video/dv
-video/h261
-video/h263
-video/h263-1998
-video/h263-2000
-video/jpeg
-video/mp1s
-video/mp2p
-video/mp2t
-video/mp4v-es
-video/mpv
-video/mpeg			mpeg mpg mpe
-video/nv
-video/ogg			ogv oggv
-video/parityfec
-video/pointer
-video/quicktime			qt mov
-video/smpte292m
-video/vnd.fvt
-video/vnd.motorola.video
-video/vnd.motorola.videop
-video/vnd.mpegurl		mxu
-video/vnd.nokia.interleaved-multimedia
-video/vnd.objectvideo
-video/vnd.vivo
-video/x-msvideo			avi
-video/x-sgi-movie		movie
-x-conference/x-cooltalk		ice
diff --git a/usr.sbin/httpd/conf/ssl.crl/Makefile b/usr.sbin/httpd/conf/ssl.crl/Makefile
deleted file mode 100644
index 0f8f2a20a29..00000000000
--- a/usr.sbin/httpd/conf/ssl.crl/Makefile
+++ /dev/null
@@ -1,54 +0,0 @@
-##
-##  Makefile to keep the hash symlinks in SSLCARevocationPath up to date
-##  Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. 
-##
-
-SSL_PROGRAM=
-
-update: clean
-	-@ssl_program="$(SSL_PROGRAM)"; \
-	if [ ".$$ssl_program" = . ]; then \
-	    for dir in . `echo $$PATH | sed -e 's/:/ /g'`; do \
-	        for program in openssl ssleay; do \
-	            if [ -f "$$dir/$$program" ]; then \
-	                if [ -x "$$dir/$$program" ]; then \
-	                    ssl_program="$$dir/$$program"; \
-						break; \
-	                fi; \
-	            fi; \
-	        done; \
-	        if [ ".$$ssl_program" != . ]; then \
-				break; \
-	        fi; \
-	    done; \
-	fi; \
-	if [ ".$$ssl_program" = . ]; then \
-	    echo "Error: neither 'openssl' nor 'ssleay' program found" 1>&2; \
-	    exit 1; \
-	fi; \
-	for file in *.crl; do \
-	    [ "x$$file" = "x*.crl" ] && continue; \
-	    if [ ".`grep SKIPME $$file`" != . ]; then \
-	        echo dummy |\
-	        awk '{ printf("%-15s ... Skipped\n", file); }' \
-	        "file=$$file"; \
-	    else \
-	        n=0; \
-	        while [ 1 ]; do \
-	            hash="`$$ssl_program crl -noout -hash <$$file`"; \
-	            if [ -r "$$hash.r$$n" ]; then \
-	                n=`expr $$n + 1`; \
-	            else \
-	                echo dummy |\
-	                awk '{ printf("%-15s ... %s\n", file, hash); }' \
-	                "file=$$file" "hash=$$hash.r$$n"; \
-	                ln -s $$file $$hash.r$$n; \
-	                break; \
-	            fi; \
-	        done; \
-	    fi; \
-	done
-
-clean:
-	-@rm -f [0-9a-fA-F]*.r[0-9]*
-
diff --git a/usr.sbin/httpd/conf/ssl.crl/README.CRL b/usr.sbin/httpd/conf/ssl.crl/README.CRL
deleted file mode 100644
index d2d9aa646d9..00000000000
--- a/usr.sbin/httpd/conf/ssl.crl/README.CRL
+++ /dev/null
@@ -1,11 +0,0 @@
-
- This is the ssl.crl/ directory of Apache/mod_ssl where
- PEM-encoded X.509 Certificate Revocation Lists (CRL) for SSL are stored.
-
- Per default this directory contains no CRLs.
-
- You can view the ingredients of a particular CRL file in plain text
- by running the command:
-
-   $ openssl crl -noout -text -in <name>.crl
-
diff --git a/usr.sbin/httpd/conf/ssl.crt/Makefile b/usr.sbin/httpd/conf/ssl.crt/Makefile
deleted file mode 100644
index 333eff4d53d..00000000000
--- a/usr.sbin/httpd/conf/ssl.crt/Makefile
+++ /dev/null
@@ -1,53 +0,0 @@
-##
-##  Makefile to keep the hash symlinks in SSLCACertificatePath up to date
-##  Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. 
-##
-
-SSL_PROGRAM=
-
-update: clean
-	-@ssl_program="$(SSL_PROGRAM)"; \
-	if [ ".$$ssl_program" = . ]; then \
-	    for dir in . `echo $$PATH | sed -e 's/:/ /g'`; do \
-	        for program in openssl ssleay; do \
-	            if [ -f "$$dir/$$program" ]; then \
-	                if [ -x "$$dir/$$program" ]; then \
-	                    ssl_program="$$dir/$$program"; \
-						break; \
-	                fi; \
-	            fi; \
-	        done; \
-	        if [ ".$$ssl_program" != . ]; then \
-				break; \
-	        fi; \
-	    done; \
-	fi; \
-	if [ ".$$ssl_program" = . ]; then \
-	    echo "Error: neither 'openssl' nor 'ssleay' program found" 1>&2; \
-	    exit 1; \
-	fi; \
-	for file in *.crt; do \
-	    if [ ".`grep SKIPME $$file`" != . ]; then \
-	        echo dummy |\
-	        awk '{ printf("%-15s ... Skipped\n", file); }' \
-	        "file=$$file"; \
-	    else \
-	        n=0; \
-	        while [ 1 ]; do \
-	            hash="`$$ssl_program x509 -noout -hash <$$file`"; \
-	            if [ -r "$$hash.$$n" ]; then \
-	                n=`expr $$n + 1`; \
-	            else \
-	                echo dummy |\
-	                awk '{ printf("%-15s ... %s\n", file, hash); }' \
-	                "file=$$file" "hash=$$hash.$$n"; \
-	                ln -s $$file $$hash.$$n; \
-	                break; \
-	            fi; \
-	        done; \
-	    fi; \
-	done
-
-clean:
-	-@rm -f [0-9a-fA-F]*.[0-9]*
-
diff --git a/usr.sbin/httpd/conf/ssl.crt/README.CRT b/usr.sbin/httpd/conf/ssl.crt/README.CRT
deleted file mode 100644
index 9bf07a58a13..00000000000
--- a/usr.sbin/httpd/conf/ssl.crt/README.CRT
+++ /dev/null
@@ -1,33 +0,0 @@
-
- This is the ssl.crt/ directory of Apache/mod_ssl
- where PEM-encoded X.509 Certificates for SSL are stored.
-
- Per default the following two files are provided:
-
- o server.crt:
-   This is the server certificate for Apache/mod_ssl, configured with the
-   SSLCertificateFile directive.  Per default this is a dummy file, but may be
-   overwritten by the `make certificate' target under built-time.
-
- o snakeoil.crt:
-   This is the _DEMONSTRATION ONLY_ `Snake Oil' dummy server certificate.
-   NEVER USE THIS FOR REAL LIFE! INSTEAD USE A REAL CERTIFICATE!
-
- o snakeoil-ca.crt:
-   This is the certificate of the _DEMONSTRATION ONLY_ `Snake Oil' Certificate
-   Authority. This CA is used to sign the server.crt on `make certificate'
-   because self-signed server certificates are not accepted by all browsers.
-   NEVER USE THIS CA YOURSELF FOR REAL LIFE! INSTEAD EITHER USE A PUBLICALLY
-   KNOWN CA OR CREATE YOUR OWN CA!
-
- o ca-bundle.crt:
-   This is a bundle of CA root certificate for Apache/mod_ssl, configurable
-   with the SSLCACertificateFile directive. Per default it's disabled but can
-   be enabled for client authentication when the clients use certificates
-   signed by one of the commonly known public Certificate Authorities.
-
- You can view the ingredients of a particular certificate file in plain text
- by running the command:
-
-   $ openssl x509 -noout -text -in <name>.crt
-
diff --git a/usr.sbin/httpd/conf/ssl.crt/ca-bundle.crt b/usr.sbin/httpd/conf/ssl.crt/ca-bundle.crt
deleted file mode 100644
index 839857a4433..00000000000
--- a/usr.sbin/httpd/conf/ssl.crt/ca-bundle.crt
+++ /dev/null
@@ -1,4445 +0,0 @@
-##
-##  ca-bundle.crt -- Bundle of CA Root Certificates
-##  Last Modified: Thu Mar  2 09:32:46 CET 2000
-##
-##  This is a bundle of X.509 certificates of public
-##  Certificate Authorities (CA). These were automatically
-##  extracted from Netscape Communicator 4.72's certificate database
-##  (the file `cert7.db'). It contains the certificates in both
-##  plain text and PEM format and therefore can be directly used
-##  with an Apache+mod_ssl webserver for SSL client authentication.
-##  Just configure this file as the SSLCACertificateFile.
-##
-##  (SKIPME)
-##
-
-ABAecom (sub., Am. Bankers Assn.) Root CA
-=========================================
-MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92
-PEM Data:
------BEGIN CERTIFICATE-----
-MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw
-gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh
-a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy
-dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe
-Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN
-MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT
-D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ
-KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24
-4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp
-mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb
-QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5
-0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v
-xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB
-/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O
-BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP
-Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5
-m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS
-YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN
-u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD
-Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr
-wo3CbezcE9NGxXl8
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com
-        Validity
-            Not Before: Jul 14 16:14:18 1999 GMT
-            Not After : Jul 11 16:14:18 2009 GMT
-        Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c:
-                    8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97:
-                    61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3:
-                    ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c:
-                    d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2:
-                    29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5:
-                    6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25:
-                    7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e:
-                    db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18:
-                    a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6:
-                    1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c:
-                    db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0:
-                    42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28:
-                    bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8:
-                    e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b:
-                    0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6:
-                    ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c:
-                    ee:71
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
-
-            X509v3 Subject Key Identifier: 
-                08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
-    Signature Algorithm: sha1WithRSAEncryption
-        5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b:
-        9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec:
-        d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48:
-        b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c:
-        18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30:
-        82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94:
-        90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2:
-        52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60:
-        e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97:
-        16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22:
-        5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af:
-        60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed:
-        5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3:
-        9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3:
-        46:c5:79:7c
-
-ANX Network CA by DST
-=====================
-MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV
-UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL
-ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx
-NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
-ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G
-CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI
-IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce
-InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04
-JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr
-MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0
-dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL
-BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw
-OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz
-ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD
-AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB
-AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK
-UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY
-gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 913220207 (0x366ea26f)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA
-        Validity
-            Not Before: Dec  9 15:46:48 1998 GMT
-            Not After : Dec  9 16:16:48 2018 GMT
-        Subject: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b4:48:11:80:58:a0:d5:a5:99:0f:f6:37:2c:44:
-                    b6:6e:d1:7c:f3:2a:6b:9e:11:b6:88:23:04:5c:71:
-                    25:9e:6a:12:77:11:6e:bf:68:39:65:a8:f6:b2:f6:
-                    a2:18:b2:89:15:a0:67:b7:7a:8c:22:48:6b:f6:84:
-                    34:1f:b6:ca:f7:1b:72:cb:f2:5b:48:d3:87:1e:22:
-                    76:13:04:b4:ac:6c:96:7f:e7:0e:08:c9:32:51:30:
-                    2d:d5:80:e8:21:67:ba:f3:5e:08:24:2c:07:59:9d:
-                    90:1a:ee:46:c9:b5:a4:1e:96:b4:41:91:d4:7f:d2:
-                    8d:38:26:b0:6f:43:6e:09:7d
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Digital Signature Trust Co./OU=DST (ANX Network) CA/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Dec  9 15:46:48 1998 GMT, Not After: Dec  9 15:46:48 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36
-
-            X509v3 Subject Key Identifier: 
-                8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        49:25:c9:60:b1:0c:5f:a9:39:10:d3:c5:34:55:7d:cf:79:c3:
-        29:eb:de:f9:c2:40:f9:e8:56:c5:f0:2f:ec:f4:d9:ec:48:51:
-        b8:63:38:5e:93:6e:18:96:85:b9:ca:50:9c:a4:b8:ea:66:26:
-        68:93:85:6f:6f:4c:71:d0:be:7a:0b:3c:31:b9:f7:be:69:9e:
-        10:d7:d1:40:e8:ac:16:71:ab:ae:ab:38:e1:70:b1:ca:92:16:
-        e0:5d:85:a6:18:80:06:00:9c:e1:a6:18:42:51:a7:68:68:59:
-        ef:26:94:5f:ad:31:0c:fe:29:1e:17:01:84:37:5b:e8:12:32:
-        a3:5d
-
-American Express CA
-===================
-MD5 Fingerprint: 1C:D5:8E:82:BE:70:55:8E:39:61:DF:AD:51:DB:6B:A0
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICkDCCAfkCAgCNMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYDVQQGEwJVUzEnMCUG
-A1UEChMeQW1lcmljYW4gRXhwcmVzcyBDb21wYW55LCBJbmMuMSYwJAYDVQQLEx1B
-bWVyaWNhbiBFeHByZXNzIFRlY2hub2xvZ2llczEvMC0GA1UEAxMmQW1lcmljYW4g
-RXhwcmVzcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODE0MjIwMTAwWhcN
-MDYwODE0MjM1OTAwWjCBjzELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHkFtZXJpY2Fu
-IEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1lcmljYW4gRXhwcmVz
-cyBUZWNobm9sb2dpZXMxLzAtBgNVBAMTJkFtZXJpY2FuIEV4cHJlc3MgQ2VydGlm
-aWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ8kmS
-hcr9FSm1BrZE7PyIo/KGzv8UTyQckvnCI8HOQ99dNMi4FOzVKnCRSZXXVs2U8amT
-0Ggi3E19oApyKkfqJfCFAF82VGHPC/k3Wmed6R/pZD9wlWGn0DAC3iYopGYDBOkw
-+48zB/lvYYeictvzaHhjZlmpybdm4RWySDYs+QIDAQABMA0GCSqGSIb3DQEBBAUA
-A4GBAGgXYrhzi0xs60qlPqvlnS7SzYoHV/PGWZd2Fxf4Uo4nk9hY2Chs9KIEeorC
-diSxArTfKPL386infiNIYYj0EWiuJl32oUtTJWrYKhQCDuCHIG6eGVxzkAsj4jGX
-Iz/VIqLTBnvaN/XXtUFEF3pFAtmFRWbWjsfwegyZYiJpW+3S
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 141 (0x8d)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority
-        Validity
-            Not Before: Aug 14 22:01:00 1998 GMT
-            Not After : Aug 14 23:59:00 2006 GMT
-        Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c9:f2:49:92:85:ca:fd:15:29:b5:06:b6:44:ec:
-                    fc:88:a3:f2:86:ce:ff:14:4f:24:1c:92:f9:c2:23:
-                    c1:ce:43:df:5d:34:c8:b8:14:ec:d5:2a:70:91:49:
-                    95:d7:56:cd:94:f1:a9:93:d0:68:22:dc:4d:7d:a0:
-                    0a:72:2a:47:ea:25:f0:85:00:5f:36:54:61:cf:0b:
-                    f9:37:5a:67:9d:e9:1f:e9:64:3f:70:95:61:a7:d0:
-                    30:02:de:26:28:a4:66:03:04:e9:30:fb:8f:33:07:
-                    f9:6f:61:87:a2:72:db:f3:68:78:63:66:59:a9:c9:
-                    b7:66:e1:15:b2:48:36:2c:f9
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        68:17:62:b8:73:8b:4c:6c:eb:4a:a5:3e:ab:e5:9d:2e:d2:cd:
-        8a:07:57:f3:c6:59:97:76:17:17:f8:52:8e:27:93:d8:58:d8:
-        28:6c:f4:a2:04:7a:8a:c2:76:24:b1:02:b4:df:28:f2:f7:f3:
-        a8:a7:7e:23:48:61:88:f4:11:68:ae:26:5d:f6:a1:4b:53:25:
-        6a:d8:2a:14:02:0e:e0:87:20:6e:9e:19:5c:73:90:0b:23:e2:
-        31:97:23:3f:d5:22:a2:d3:06:7b:da:37:f5:d7:b5:41:44:17:
-        7a:45:02:d9:85:45:66:d6:8e:c7:f0:7a:0c:99:62:22:69:5b:
-        ed:d2
-
-American Express Global CA
-==========================
-MD5 Fingerprint: 63:1B:66:93:8C:F3:66:CB:3C:79:57:DC:05:49:EA:DB
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIEBDCCAuygAwIBAgICAIUwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVT
-MScwJQYDVQQKEx5BbWVyaWNhbiBFeHByZXNzIENvbXBhbnksIEluYy4xJjAkBgNV
-BAsTHUFtZXJpY2FuIEV4cHJlc3MgVGVjaG5vbG9naWVzMTYwNAYDVQQDEy1BbWVy
-aWNhbiBFeHByZXNzIEdsb2JhbCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgw
-ODE0MTkwNjAwWhcNMTMwODE0MjM1OTAwWjCBljELMAkGA1UEBhMCVVMxJzAlBgNV
-BAoTHkFtZXJpY2FuIEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1l
-cmljYW4gRXhwcmVzcyBUZWNobm9sb2dpZXMxNjA0BgNVBAMTLUFtZXJpY2FuIEV4
-cHJlc3MgR2xvYmFsIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAPAkJmYu++tKc3FTiUfLJjxTkpRMysKFtQ34w1e9
-Lyofahi3V68MABb6oLaQpvcaoS5mJsdoo4qTaWa1RlYtHYLqkAwKIsKJUI0F89Sr
-c0HwzxKsKLRvFJSWWUuekHWG3+JH6+HpT0N+h8onGGaetcFAZX38YW+tm3LPqV7Y
-8/nabpEQ+ky16n4g3qk5L/WI5IpvNcYgnCuGRjMK/DFVpWusFkDpzTVZbzIEw3u1
-D3t3cPNIuypSgs6vKW3xEW9t5gcAAe+a8yYNpnkTZ6/4qxx1rJG1a75AsN6cDLFp
-hRlxkRNFyt/R/eayypaDedvFuKpbepALeFY+xteflEgR9a0CAwEAAaNaMFgwEgYD
-VR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgoq
-hkiG+Q8KAQUBMBkGA1UdDgQSBBBXRzV7NicRqAj8L0Yl6yRpMA0GCSqGSIb3DQEB
-BQUAA4IBAQDHYUWoinG5vjTpIXshzVYTmNUwY+kYqkuSFb8LHbvskmnFLsNhi+gw
-RcsQRsFzOFyLGdIr80DrfHKzLh4n43WVihybLsSVBYZy0FX0oZJSeVzb9Pjc5dcS
-sUDHPIbkMWVKyjfG3nZXGWlMRmn8Kq0WN3qTrPchSy3766lQy8HRQAjaA2mHpzde
-VcHF7cTjjgwml5tcV0ty4/IDBdACOyYDQJCevgtbSQx48dVMVSng9v1MA6lUAjLR
-V1qFrEPtWzsWX6C/NdtLnnvo/+cNPDuom0lBRvVzTv+SZSGDE1Vx60k8f4gawhIo
-JaFGS0E3l3/sjvHUoZbCILZerakcHhGg
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 133 (0x85)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority
-        Validity
-            Not Before: Aug 14 19:06:00 1998 GMT
-            Not After : Aug 14 23:59:00 2013 GMT
-        Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:f0:24:26:66:2e:fb:eb:4a:73:71:53:89:47:cb:
-                    26:3c:53:92:94:4c:ca:c2:85:b5:0d:f8:c3:57:bd:
-                    2f:2a:1f:6a:18:b7:57:af:0c:00:16:fa:a0:b6:90:
-                    a6:f7:1a:a1:2e:66:26:c7:68:a3:8a:93:69:66:b5:
-                    46:56:2d:1d:82:ea:90:0c:0a:22:c2:89:50:8d:05:
-                    f3:d4:ab:73:41:f0:cf:12:ac:28:b4:6f:14:94:96:
-                    59:4b:9e:90:75:86:df:e2:47:eb:e1:e9:4f:43:7e:
-                    87:ca:27:18:66:9e:b5:c1:40:65:7d:fc:61:6f:ad:
-                    9b:72:cf:a9:5e:d8:f3:f9:da:6e:91:10:fa:4c:b5:
-                    ea:7e:20:de:a9:39:2f:f5:88:e4:8a:6f:35:c6:20:
-                    9c:2b:86:46:33:0a:fc:31:55:a5:6b:ac:16:40:e9:
-                    cd:35:59:6f:32:04:c3:7b:b5:0f:7b:77:70:f3:48:
-                    bb:2a:52:82:ce:af:29:6d:f1:11:6f:6d:e6:07:00:
-                    01:ef:9a:f3:26:0d:a6:79:13:67:af:f8:ab:1c:75:
-                    ac:91:b5:6b:be:40:b0:de:9c:0c:b1:69:85:19:71:
-                    91:13:45:ca:df:d1:fd:e6:b2:ca:96:83:79:db:c5:
-                    b8:aa:5b:7a:90:0b:78:56:3e:c6:d7:9f:94:48:11:
-                    f5:ad
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:5
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Certificate Policies: 
-                Policy: 1.2.840.113807.10.1.5.1
-
-            X509v3 Subject Key Identifier: 
-                57:47:35:7B:36:27:11:A8:08:FC:2F:46:25:EB:24:69
-    Signature Algorithm: sha1WithRSAEncryption
-        c7:61:45:a8:8a:71:b9:be:34:e9:21:7b:21:cd:56:13:98:d5:
-        30:63:e9:18:aa:4b:92:15:bf:0b:1d:bb:ec:92:69:c5:2e:c3:
-        61:8b:e8:30:45:cb:10:46:c1:73:38:5c:8b:19:d2:2b:f3:40:
-        eb:7c:72:b3:2e:1e:27:e3:75:95:8a:1c:9b:2e:c4:95:05:86:
-        72:d0:55:f4:a1:92:52:79:5c:db:f4:f8:dc:e5:d7:12:b1:40:
-        c7:3c:86:e4:31:65:4a:ca:37:c6:de:76:57:19:69:4c:46:69:
-        fc:2a:ad:16:37:7a:93:ac:f7:21:4b:2d:fb:eb:a9:50:cb:c1:
-        d1:40:08:da:03:69:87:a7:37:5e:55:c1:c5:ed:c4:e3:8e:0c:
-        26:97:9b:5c:57:4b:72:e3:f2:03:05:d0:02:3b:26:03:40:90:
-        9e:be:0b:5b:49:0c:78:f1:d5:4c:55:29:e0:f6:fd:4c:03:a9:
-        54:02:32:d1:57:5a:85:ac:43:ed:5b:3b:16:5f:a0:bf:35:db:
-        4b:9e:7b:e8:ff:e7:0d:3c:3b:a8:9b:49:41:46:f5:73:4e:ff:
-        92:65:21:83:13:55:71:eb:49:3c:7f:88:1a:c2:12:28:25:a1:
-        46:4b:41:37:97:7f:ec:8e:f1:d4:a1:96:c2:20:b6:5e:ad:a9:
-        1c:1e:11:a0
-
-BelSign Object Publishing CA
-============================
-MD5 Fingerprint: 8A:02:F8:DF:B8:E1:84:9F:5A:C2:60:24:65:D1:73:FB
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDAzCCAmygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBuzELMAkGA1UEBhMCQkUx
-ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQL
-Ey9CZWxTaWduIE9iamVjdCBQdWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0
-eTElMCMGA1UEAxMcQmVsU2lnbiBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqG
-SIb3DQEJARYUd2VibWFzdGVyQGJlbHNpZ24uYmUwHhcNOTcwOTE5MjIwMzAwWhcN
-MDcwOTE5MjIwMzAwWjCBuzELMAkGA1UEBhMCQkUxETAPBgNVBAcTCEJydXNzZWxz
-MRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQLEy9CZWxTaWduIE9iamVjdCBQ
-dWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGA1UEAxMcQmVsU2ln
-biBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVy
-QGJlbHNpZ24uYmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQuH7a/7oJA
-3fm3LkHVngWxWtAmfGJVA5v8y2HeS+/+6Jn+h7mIz5DaDwk8dt8Xl7bLPyVF/bS8
-WAC+sFq2FIeP7mdkrR2Ig7tnn2VhAFgIgFCfgMkx9iqQHC33SmwQ9iNDXTgJYIhX
-As0WbBj8zfuSKnfQnpOjXYhk0Mj4XVRRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE
-AwIABzANBgkqhkiG9w0BAQQFAAOBgQBjdhd8lvBTpV0BHFPOKcJ+daxMDaIIc7Rq
-Mf0CBhSZ3FQEpL/IloafMUMyJVf2hfYluze+oXkjyVcGJXFrRU/49AJAFoIir1Tq
-Mij2De6ZuksIUQ9uhiMhTC0liIHELg7xEyw4ipUCJMM6lWPkk45IuwhHcl+u5jpa
-R9Zxxp6aUg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be
-        Validity
-            Not Before: Sep 19 22:03:00 1997 GMT
-            Not After : Sep 19 22:03:00 2007 GMT
-        Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c4:2e:1f:b6:bf:ee:82:40:dd:f9:b7:2e:41:d5:
-                    9e:05:b1:5a:d0:26:7c:62:55:03:9b:fc:cb:61:de:
-                    4b:ef:fe:e8:99:fe:87:b9:88:cf:90:da:0f:09:3c:
-                    76:df:17:97:b6:cb:3f:25:45:fd:b4:bc:58:00:be:
-                    b0:5a:b6:14:87:8f:ee:67:64:ad:1d:88:83:bb:67:
-                    9f:65:61:00:58:08:80:50:9f:80:c9:31:f6:2a:90:
-                    1c:2d:f7:4a:6c:10:f6:23:43:5d:38:09:60:88:57:
-                    02:cd:16:6c:18:fc:cd:fb:92:2a:77:d0:9e:93:a3:
-                    5d:88:64:d0:c8:f8:5d:54:51
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        63:76:17:7c:96:f0:53:a5:5d:01:1c:53:ce:29:c2:7e:75:ac:
-        4c:0d:a2:08:73:b4:6a:31:fd:02:06:14:99:dc:54:04:a4:bf:
-        c8:96:86:9f:31:43:32:25:57:f6:85:f6:25:bb:37:be:a1:79:
-        23:c9:57:06:25:71:6b:45:4f:f8:f4:02:40:16:82:22:af:54:
-        ea:32:28:f6:0d:ee:99:ba:4b:08:51:0f:6e:86:23:21:4c:2d:
-        25:88:81:c4:2e:0e:f1:13:2c:38:8a:95:02:24:c3:3a:95:63:
-        e4:93:8e:48:bb:08:47:72:5f:ae:e6:3a:5a:47:d6:71:c6:9e:
-        9a:52
-
-BelSign Secure Server CA
-========================
-MD5 Fingerprint: 3D:5E:82:C6:D9:AD:D9:8B:93:6B:0C:10:B9:49:0A:B1
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIC8zCCAlygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBszELMAkGA1UEBhMCQkUx
-ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTQwMgYDVQQL
-EytCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEw
-HwYDVQQDExhCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ0ExIzAhBgkqhkiG9w0BCQEW
-FHdlYm1hc3RlckBiZWxzaWduLmJlMB4XDTk3MDcxNjIyMDA1NFoXDTA3MDcxNjIy
-MDA1NFowgbMxCzAJBgNVBAYTAkJFMREwDwYDVQQHEwhCcnVzc2VsczETMBEGA1UE
-ChMKQmVsU2lnbiBOVjE0MDIGA1UECxMrQmVsU2lnbiBTZWN1cmUgU2VydmVyIENl
-cnRpZmljYXRlIEF1dGhvcml0eTEhMB8GA1UEAxMYQmVsU2lnbiBTZWN1cmUgU2Vy
-dmVyIENBMSMwIQYJKoZIhvcNAQkBFhR3ZWJtYXN0ZXJAYmVsc2lnbi5iZTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gESeJL4BEJ/yccig/x8R3AwK0kLPjZA
-kCjaIXODU/LE0RZAwFP/rqbGJLMnbaWzPTl3XagG9ubpvGMRTgZlcAqdk/miQIt/
-SoQOjRax1swIZBIM4ChLyKWEkBf7EUYu1qeFGMsYrmOasFgG9ADP+MQJGjUMofnu
-Sv1t3v4mpTsCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgCgMA0GCSqGSIb3DQEB
-BAUAA4GBAGw9mcMF4h3K5S2qaIWLQDEgZhNo5lg6idCNdbLFYth9go/32TKBd/Y1
-W4UpzmeyubwrGXjP84f9RvGVdbIJVwMwwXrNckdxgMp9ncllPEcRIn36BwsoeKGT
-6AVFSOIyMko96FMcELfHc4wHUOH5yStTQfWDjeUJOUqOA2KqQGOL
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Secure Server Certificate Authority, CN=BelSign Secure Server CA/Email=webmaster@belsign.be
-        Validity
-            Not Before: Jul 16 22:00:54 1997 GMT
-            Not After : Jul 16 22:00:54 2007 GMT
-        Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Secure Server Certificate Authority, CN=BelSign Secure Server CA/Email=webmaster@belsign.be
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d6:01:12:78:92:f8:04:42:7f:c9:c7:22:83:fc:
-                    7c:47:70:30:2b:49:0b:3e:36:40:90:28:da:21:73:
-                    83:53:f2:c4:d1:16:40:c0:53:ff:ae:a6:c6:24:b3:
-                    27:6d:a5:b3:3d:39:77:5d:a8:06:f6:e6:e9:bc:63:
-                    11:4e:06:65:70:0a:9d:93:f9:a2:40:8b:7f:4a:84:
-                    0e:8d:16:b1:d6:cc:08:64:12:0c:e0:28:4b:c8:a5:
-                    84:90:17:fb:11:46:2e:d6:a7:85:18:cb:18:ae:63:
-                    9a:b0:58:06:f4:00:cf:f8:c4:09:1a:35:0c:a1:f9:
-                    ee:4a:fd:6d:de:fe:26:a5:3b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL Client, S/MIME
-    Signature Algorithm: md5WithRSAEncryption
-        6c:3d:99:c3:05:e2:1d:ca:e5:2d:aa:68:85:8b:40:31:20:66:
-        13:68:e6:58:3a:89:d0:8d:75:b2:c5:62:d8:7d:82:8f:f7:d9:
-        32:81:77:f6:35:5b:85:29:ce:67:b2:b9:bc:2b:19:78:cf:f3:
-        87:fd:46:f1:95:75:b2:09:57:03:30:c1:7a:cd:72:47:71:80:
-        ca:7d:9d:c9:65:3c:47:11:22:7d:fa:07:0b:28:78:a1:93:e8:
-        05:45:48:e2:32:32:4a:3d:e8:53:1c:10:b7:c7:73:8c:07:50:
-        e1:f9:c9:2b:53:41:f5:83:8d:e5:09:39:4a:8e:03:62:aa:40:
-        63:8b
-
-Deutsche Telekom AG Root CA
-===========================
-MD5 Fingerprint: 77:DE:04:94:77:D0:0C:5F:A7:B1:F4:30:18:87:FB:55
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICjjCCAfegAwIBAgIBBjANBgkqhkiG9w0BAQQFADBtMQswCQYDVQQGEwJERTEc
-MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEdMBsGA1UECxMUVGVsZVNlYyBU
-cnVzdCBDZW50ZXIxITAfBgNVBAMTGERldXRzY2hlIFRlbGVrb20gUm9vdCBDQTAe
-Fw05ODEyMDkwOTExMDBaFw0wNDEyMDkyMzU5MDBaMG0xCzAJBgNVBAYTAkRFMRww
-GgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR0wGwYDVQQLExRUZWxlU2VjIFRy
-dXN0IENlbnRlcjEhMB8GA1UEAxMYRGV1dHNjaGUgVGVsZWtvbSBSb290IENBMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdBSz5BbO5EtdpcffqVjAIVxRDe7sa
-nG0vV2HX4vVEa+42QZb2ZM7hwbK5pBQEmFDocPiONZp9ScFhHVmu2gYYlX2tzuyp
-vtEYD0CRdiqj5f3+iRX0V/fgVdp1rQD0LME1zLRDJlViRC4BJZyKW/DB0AA1eP41
-3pRAZHiDocw5iQIDAQABoz4wPDAPBgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQE
-AwIBBjAZBgNVHQ4EEgQQLIdZH4sTgLL5hp0+En5YljANBgkqhkiG9w0BAQQFAAOB
-gQAP/nO1B4hvoAuJ6spQH5TelCsLJ15P9RyVJtqMllStGZE3Q12ryYuzzW+YOT3t
-3TXjcbftE5OD6IblKTMTE7w1e/0oL3BZ1dO0jSgTWTvI1XT5RcIHYKq4GFT5pWj/
-1wXVj7YFMS5BSvQQH2BHGguLGU2SVyDS71AZ6M3QcLy8Ng==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 6 (0x6)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, O=Deutsche Telekom AG, OU=TeleSec Trust Center, CN=Deutsche Telekom Root CA
-        Validity
-            Not Before: Dec  9 09:11:00 1998 GMT
-            Not After : Dec  9 23:59:00 2004 GMT
-        Subject: C=DE, O=Deutsche Telekom AG, OU=TeleSec Trust Center, CN=Deutsche Telekom Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:dd:05:2c:f9:05:b3:b9:12:d7:69:71:f7:ea:56:
-                    30:08:57:14:43:7b:bb:1a:9c:6d:2f:57:61:d7:e2:
-                    f5:44:6b:ee:36:41:96:f6:64:ce:e1:c1:b2:b9:a4:
-                    14:04:98:50:e8:70:f8:8e:35:9a:7d:49:c1:61:1d:
-                    59:ae:da:06:18:95:7d:ad:ce:ec:a9:be:d1:18:0f:
-                    40:91:76:2a:a3:e5:fd:fe:89:15:f4:57:f7:e0:55:
-                    da:75:ad:00:f4:2c:c1:35:cc:b4:43:26:55:62:44:
-                    2e:01:25:9c:8a:5b:f0:c1:d0:00:35:78:fe:35:de:
-                    94:40:64:78:83:a1:cc:39:89
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:TRUE, pathlen:5
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                2C:87:59:1F:8B:13:80:B2:F9:86:9D:3E:12:7E:58:96
-    Signature Algorithm: md5WithRSAEncryption
-        0f:fe:73:b5:07:88:6f:a0:0b:89:ea:ca:50:1f:94:de:94:2b:
-        0b:27:5e:4f:f5:1c:95:26:da:8c:96:54:ad:19:91:37:43:5d:
-        ab:c9:8b:b3:cd:6f:98:39:3d:ed:dd:35:e3:71:b7:ed:13:93:
-        83:e8:86:e5:29:33:13:13:bc:35:7b:fd:28:2f:70:59:d5:d3:
-        b4:8d:28:13:59:3b:c8:d5:74:f9:45:c2:07:60:aa:b8:18:54:
-        f9:a5:68:ff:d7:05:d5:8f:b6:05:31:2e:41:4a:f4:10:1f:60:
-        47:1a:0b:8b:19:4d:92:57:20:d2:ef:50:19:e8:cd:d0:70:bc:
-        bc:36
-
-Digital Signature Trust Co. Global CA 1
-=======================================
-MD5 Fingerprint: 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
-UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
-EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
-BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
-ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
-bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
-j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
-Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
-SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
-JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
-RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
-MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
-fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
-+DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
-SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
-QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
-gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 913315222 (0x36701596)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
-        Validity
-            Not Before: Dec 10 18:10:23 1998 GMT
-            Not After : Dec 10 18:40:23 2018 GMT
-        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a0:6c:81:a9:cf:34:1e:24:dd:fe:86:28:cc:de:
-                    83:2f:f9:5e:d4:42:d2:e8:74:60:66:13:98:06:1c:
-                    a9:51:12:69:6f:31:55:b9:49:72:00:08:7e:d3:a5:
-                    62:44:37:24:99:8f:d9:83:48:8f:99:6d:95:13:bb:
-                    43:3b:2e:49:4e:88:37:c1:bb:58:7f:fe:e1:bd:f8:
-                    bb:61:cd:f3:47:c0:99:a6:f1:f3:91:e8:78:7c:00:
-                    cb:61:c9:44:27:71:69:55:4a:7e:49:4d:ed:a2:a3:
-                    be:02:4c:00:ca:02:a8:ee:01:02:31:64:0f:52:2d:
-                    13:74:76:36:b5:7a:b4:2d:71
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E1/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Dec 10 18:10:23 1998 GMT, Not After: Dec 10 18:10:23 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
-
-            X509v3 Subject Key Identifier: 
-                6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        22:12:d8:7a:1d:dc:81:06:b6:09:65:b2:87:c8:1f:5e:b4:2f:
-        e9:c4:1e:f2:3c:c1:bb:04:90:11:4a:83:4e:7e:93:b9:4d:42:
-        c7:92:26:a0:5c:34:9a:38:72:f8:fd:6b:16:3e:20:ee:82:8b:
-        31:2a:93:36:85:23:88:8a:3c:03:68:d3:c9:09:0f:4d:fc:6c:
-        a4:da:28:72:93:0e:89:80:b0:7d:fe:80:6f:65:6d:18:33:97:
-        8b:c2:6b:89:ee:60:3d:c8:9b:ef:7f:2b:32:62:73:93:cb:3c:
-        e3:7b:e2:76:78:45:bc:a1:93:04:bb:86:9f:3a:5b:43:7a:c3:
-        8a:65
-
-Digital Signature Trust Co. Global CA 2
-=======================================
-MD5 Fingerprint: 6C:C9:A7:6E:47:F1:0C:E3:53:3B:78:4C:4D:C2:6A:C5
-PEM Data:
------BEGIN CERTIFICATE-----
-MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw
-CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
-dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
-CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B
-CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx
-ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
-U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
-IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx
-ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf
-WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK
-xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE
-zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F
-5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv
-OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz
-ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME
-lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG
-Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q
-gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k
-Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            d0:1e:40:8b:00:00:02:7c:00:00:00:02:00:00:00:01
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/Email=ca@digsigtrust.com
-        Validity
-            Not Before: Dec  1 18:18:55 1998 GMT
-            Not After : Nov 28 18:18:55 2008 GMT
-        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/Email=ca@digsigtrust.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:d2:c6:26:b6:e7:a5:3d:c1:c4:68:d5:50:6f:53:
-                    c5:6f:49:13:09:b8:af:2c:48:8d:14:6a:a3:17:5f:
-                    5a:f9:d3:2e:75:2f:d8:28:62:d1:93:2f:fc:4d:d4:
-                    ab:87:e5:08:c7:99:e7:92:3f:75:bd:eb:25:b4:15:
-                    c1:9b:19:3d:d2:44:8d:d7:74:20:6d:37:02:8f:69:
-                    93:5b:8a:c4:19:9d:f4:b2:0e:fc:16:6c:b9:b1:05:
-                    92:83:d1:85:2c:60:94:3e:45:55:a0:d9:ab:08:21:
-                    e6:60:e8:3b:74:f2:99:50:51:68:d0:03:2d:b1:80:
-                    be:a3:d8:52:b0:44:cd:43:4a:70:8e:58:85:95:e1:
-                    4e:2c:d6:2d:41:6f:d6:84:e7:c8:98:44:ca:47:db:
-                    2c:24:a5:69:26:cf:6b:b8:27:62:c3:f4:c9:7a:92:
-                    23:ed:13:67:82:ae:45:2e:45:e5:7e:72:3f:85:9d:
-                    94:62:10:e6:3c:91:a1:ad:77:00:e0:15:ec:f3:84:
-                    80:72:7a:8e:6e:60:97:c7:24:59:10:34:83:5b:e1:
-                    a5:a4:69:b6:57:35:1c:78:59:c6:d3:2f:3a:73:67:
-                    ee:94:ca:04:13:05:62:06:70:23:b3:f4:7c:ee:45:
-                    d9:64:0b:5b:49:aa:a4:43:ce:26:c4:44:12:6c:b8:
-                    dd:79
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:37:b2:3f:69:fb:d7:86:79:54:49:31:95:33:2b:f3:d1:09:
-        14:49:62:60:86:a5:b0:11:e2:50:c2:1d:06:57:3e:2d:e8:33:
-        64:be:9b:aa:ad:5f:1b:4d:d4:99:95:a2:8b:9a:c9:62:72:b5:
-        69:ea:d9:58:ab:35:ed:15:a2:43:d6:b6:bc:07:79:65:64:73:
-        7d:d7:79:ca:7b:d5:5a:51:c6:e1:53:04:96:8d:38:cf:a3:17:
-        ac:39:71:6b:01:c3:8b:53:3c:63:e9:ee:79:c0:e4:be:92:32:
-        64:7a:b3:1f:97:94:62:bd:ea:b2:20:15:95:fb:97:f2:78:2f:
-        63:36:40:38:e3:46:0f:1d:dd:ac:95:ca:e7:4b:90:7b:b1:4b:
-        a9:d4:c5:eb:9a:da:aa:d5:a3:94:14:46:8d:2d:1f:f3:3a:d6:
-        93:3a:f6:3e:79:fc:e8:e6:b0:75:ed:ee:3d:c9:70:c7:5d:aa:
-        81:4b:46:25:1c:c7:6c:15:e3:95:4e:0f:aa:32:37:94:0a:17:
-        24:92:13:84:58:d2:63:6f:2b:f7:e6:5b:62:0b:13:17:b0:0d:
-        52:4c:fe:fe:6f:5c:e2:91:6e:1d:fd:a4:62:d7:68:fa:8e:7a:
-        4f:d2:08:da:93:dc:f0:92:11:7a:d0:dc:72:93:0c:73:93:62:
-        85:68:d0:f4
-
-Digital Signature Trust Co. Global CA 3
-=======================================
-MD5 Fingerprint: 93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
-UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
-EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
-BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
-ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
-k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
-LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
-TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
-SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
-JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
-RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
-MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
-TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
-WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
-SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
-xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
-B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 913232846 (0x366ed3ce)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
-        Validity
-            Not Before: Dec  9 19:17:26 1998 GMT
-            Not After : Dec  9 19:47:26 2018 GMT
-        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bf:93:8f:17:92:ef:33:13:18:eb:10:7f:4e:16:
-                    bf:ff:06:8f:2a:85:bc:5e:f9:24:a6:24:88:b6:03:
-                    b7:c1:c3:5f:03:5b:d1:6f:ae:7e:42:ea:66:23:b8:
-                    63:83:56:fb:28:2d:e1:38:8b:b4:ee:a8:01:e1:ce:
-                    1c:b6:88:2a:22:46:85:fb:9f:a7:70:a9:47:14:3f:
-                    ce:de:65:f0:a8:71:f7:4f:26:6c:8c:bc:c6:b5:ef:
-                    de:49:27:ff:48:2a:7d:e8:4d:03:cc:c7:b2:52:c6:
-                    17:31:13:3b:b5:4d:db:c8:c4:f6:c3:0f:24:2a:da:
-                    0c:9d:e7:91:5b:80:cd:94:9d
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E2/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Dec  9 19:17:26 1998 GMT, Not After: Dec  9 19:17:26 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
-
-            X509v3 Subject Key Identifier: 
-                1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        47:8d:83:ad:62:f2:db:b0:9e:45:22:05:b9:a2:d6:03:0e:38:
-        72:e7:9e:fc:7b:e6:93:b6:9a:a5:a2:94:c8:34:1d:91:d1:c5:
-        d7:f4:0a:25:0f:3d:78:81:9e:0f:b1:67:c4:90:4c:63:dd:5e:
-        a7:e2:ba:9f:f5:f7:4d:a5:31:7b:9c:29:2d:4c:fe:64:3e:ec:
-        b6:53:fe:ea:9b:ed:82:db:74:75:4b:07:79:6e:1e:d8:19:83:
-        73:de:f5:3e:d0:b5:de:e7:4b:68:7d:43:2e:2a:20:e1:7e:a0:
-        78:44:9e:08:f5:98:f9:c7:7f:1b:1b:d6:06:20:02:58:a1:c3:
-        a2:03
-
-Digital Signature Trust Co. Global CA 4
-=======================================
-MD5 Fingerprint: CD:3B:3D:62:5B:09:B8:09:36:87:9E:12:2F:71:64:BA
-PEM Data:
------BEGIN CERTIFICATE-----
-MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw
-CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
-dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
-CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B
-CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy
-MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
-U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
-IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx
-ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV
-p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw
-BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl
-5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi
-3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+
-QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ
-2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN
-I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL
-553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q
-10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN
-uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            d0:1e:40:8b:00:00:77:6d:00:00:00:01:00:00:00:04
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/Email=ca@digsigtrust.com
-        Validity
-            Not Before: Nov 30 22:46:16 1998 GMT
-            Not After : Nov 27 22:46:16 2008 GMT
-        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/Email=ca@digsigtrust.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:dc:75:f0:8c:c0:75:96:9a:c0:62:1f:26:f7:c4:
-                    e1:9a:ea:e0:56:73:5b:99:cd:01:44:a8:08:b6:d5:
-                    a7:da:1a:04:18:39:92:4a:78:a3:81:c2:f5:77:7a:
-                    50:b4:70:ff:9a:ab:c6:c7:ca:6e:83:4f:42:98:fb:
-                    26:0b:da:dc:6d:d6:a9:99:55:52:67:e9:28:03:92:
-                    dc:e5:b0:05:9a:0f:15:f9:6b:59:72:56:f2:fa:39:
-                    fc:aa:68:ee:0f:1f:10:83:2f:fc:9d:fa:17:96:dd:
-                    82:e3:e6:45:7d:c0:4b:80:44:1f:ed:2c:e0:84:fd:
-                    91:5c:92:54:69:25:e5:62:69:dc:e5:ee:00:52:bd:
-                    33:0b:ad:75:02:85:a7:64:50:2d:c5:19:19:30:c0:
-                    26:db:c9:d3:fd:2e:99:ad:59:b5:0b:4d:d4:41:ae:
-                    85:48:43:59:dc:b7:a8:e2:a2:de:c3:8f:d7:b8:a1:
-                    62:a6:68:50:52:e4:cf:31:a7:94:85:da:9f:46:32:
-                    17:56:e5:f2:eb:66:3d:12:ff:43:db:98:ef:77:cf:
-                    cb:81:8d:34:b1:c6:50:4a:26:d1:e4:3e:41:50:af:
-                    6c:ae:22:34:2e:d5:6b:6e:83:ba:79:b8:76:65:48:
-                    da:09:29:64:63:22:b9:fb:47:76:85:8c:86:44:cb:
-                    09:db
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        b5:36:0e:5d:e1:61:28:5a:11:65:c0:3f:83:03:79:4d:be:28:
-        a6:0b:07:02:52:85:cd:f8:91:d0:10:6c:b5:6a:20:5b:1c:90:
-        d9:30:3c:c6:48:9e:8a:5e:64:f9:a1:71:77:ef:04:27:1f:07:
-        eb:e4:26:f7:73:74:c9:44:18:1a:66:d3:e0:43:af:91:3b:d1:
-        cb:2c:d8:74:54:3a:1c:4d:ca:d4:68:cd:23:7c:1d:10:9e:45:
-        e9:f6:00:6e:a6:cd:19:ff:4f:2c:29:8f:57:4d:c4:77:92:be:
-        e0:4c:09:fb:5d:44:86:66:21:a8:b9:32:a2:56:d5:e9:8c:83:
-        7c:59:3f:c4:f1:0b:e7:9d:ec:9e:bd:9c:18:0e:3e:c2:39:79:
-        28:b7:03:0d:08:cb:c6:e7:d9:01:37:50:10:ec:cc:61:16:40:
-        d4:af:31:74:7b:fc:3f:31:a7:d0:47:73:33:39:1b:cc:4e:6a:
-        d7:49:83:11:06:fe:eb:82:58:33:32:4c:f0:56:ac:1e:9c:2f:
-        56:9a:7b:c1:4a:1c:a5:fd:55:36:ce:fc:96:4d:f4:b0:f0:ec:
-        b7:6c:82:ed:2f:31:99:42:4c:a9:b2:0d:b8:15:5d:f1:df:ba:
-        c9:b5:4a:d4:64:98:b3:26:a9:30:c8:fd:a6:ec:ab:96:21:ad:
-        7f:c2:78:b6
-
-Entrust Worldwide by DST
-========================
-MD5 Fingerprint: B4:65:22:0A:7C:AD:DF:41:B7:D5:44:D5:AD:FA:9A:75
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDRzCCArCgAwIBAgIENm3FGDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJV
-UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRswGQYDVQQL
-ExJEU1QtRW50cnVzdCBHVEkgQ0EwHhcNOTgxMjA5MDAwMjI0WhcNMTgxMjA5MDAz
-MjI0WjBQMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUg
-VHJ1c3QgQ28uMRswGQYDVQQLExJEU1QtRW50cnVzdCBHVEkgQ0EwgZ0wDQYJKoZI
-hvcNAQEBBQADgYsAMIGHAoGBALYd90uNDxPjEvUJ/gYyDq9MQfV91Ec9KgrfgwXe
-3n3mAxb2UTrLRxpKrX7E/R20vnSKeN0Lg460hBPE+/htKa6h4Q8PQ+O1XmBp+oOU
-/Hnm3Hbt0UQrjv0Su/4XdxcMie2n71F9xO04wzujevviTaBgtfL9E2XTxuw/vjWc
-PSLvAgEDo4IBLjCCASowEQYJYIZIAYb4QgEBBAQDAgAHMHIGA1UdHwRrMGkwZ6Bl
-oGOkYTBfMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUg
-VHJ1c3QgQ28uMRswGQYDVQQLExJEU1QtRW50cnVzdCBHVEkgQ0ExDTALBgNVBAMT
-BENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkwMDAyMjRagQ8yMDE4MTIwOTAwMDIy
-NFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFJOaRMrQeFOAKUkE38evMz+ZdV+u
-MB0GA1UdDgQWBBSTmkTK0HhTgClJBN/HrzM/mXVfrjAMBgNVHRMEBTADAQH/MBkG
-CSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GBAGSJzAOn
-3AryWCDn/RegKHLNh7DNmLUkR2MzMRAQsu+KV3KuTAPgZ5+sYEOEIsGpo+Wxp94J
-1M8NeEYjW49Je/4TIpeU6nJI4SwgeJbpZkUZywllY2E/0UmYsXYQVdVjSmZLpAdr
-3nt/ueaTWxoCW4AO3Y0Y1Iqjwmjxo+AY0U5M
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 913163544 (0x366dc518)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Digital Signature Trust Co., OU=DST-Entrust GTI CA
-        Validity
-            Not Before: Dec  9 00:02:24 1998 GMT
-            Not After : Dec  9 00:32:24 2018 GMT
-        Subject: C=US, O=Digital Signature Trust Co., OU=DST-Entrust GTI CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b6:1d:f7:4b:8d:0f:13:e3:12:f5:09:fe:06:32:
-                    0e:af:4c:41:f5:7d:d4:47:3d:2a:0a:df:83:05:de:
-                    de:7d:e6:03:16:f6:51:3a:cb:47:1a:4a:ad:7e:c4:
-                    fd:1d:b4:be:74:8a:78:dd:0b:83:8e:b4:84:13:c4:
-                    fb:f8:6d:29:ae:a1:e1:0f:0f:43:e3:b5:5e:60:69:
-                    fa:83:94:fc:79:e6:dc:76:ed:d1:44:2b:8e:fd:12:
-                    bb:fe:17:77:17:0c:89:ed:a7:ef:51:7d:c4:ed:38:
-                    c3:3b:a3:7a:fb:e2:4d:a0:60:b5:f2:fd:13:65:d3:
-                    c6:ec:3f:be:35:9c:3d:22:ef
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Digital Signature Trust Co./OU=DST-Entrust GTI CA/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Dec  9 00:02:24 1998 GMT, Not After: Dec  9 00:02:24 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:93:9A:44:CA:D0:78:53:80:29:49:04:DF:C7:AF:33:3F:99:75:5F:AE
-
-            X509v3 Subject Key Identifier: 
-                93:9A:44:CA:D0:78:53:80:29:49:04:DF:C7:AF:33:3F:99:75:5F:AE
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        64:89:cc:03:a7:dc:0a:f2:58:20:e7:fd:17:a0:28:72:cd:87:
-        b0:cd:98:b5:24:47:63:33:31:10:10:b2:ef:8a:57:72:ae:4c:
-        03:e0:67:9f:ac:60:43:84:22:c1:a9:a3:e5:b1:a7:de:09:d4:
-        cf:0d:78:46:23:5b:8f:49:7b:fe:13:22:97:94:ea:72:48:e1:
-        2c:20:78:96:e9:66:45:19:cb:09:65:63:61:3f:d1:49:98:b1:
-        76:10:55:d5:63:4a:66:4b:a4:07:6b:de:7b:7f:b9:e6:93:5b:
-        1a:02:5b:80:0e:dd:8d:18:d4:8a:a3:c2:68:f1:a3:e0:18:d1:
-        4e:4c
-
-Entrust.net Premium 2048 Secure Server CA
-=========================================
-MD5 Fingerprint: BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
-RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
-bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
-IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy
-MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
-LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
-YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
-A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
-K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
-sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
-MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
-XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
-HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
-4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA
-vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G
-CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA
-WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo
-oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ
-h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18
-f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN
-B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy
-vUxFnmG6v4SBkgPR0ml8xQ==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 946059622 (0x3863b966)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
-        Validity
-            Not Before: Dec 24 17:50:51 1999 GMT
-            Not After : Dec 24 18:20:51 2019 GMT
-        Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64:
-                    2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7:
-                    78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76:
-                    98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf:
-                    e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1:
-                    02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29:
-                    b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64:
-                    ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c:
-                    e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89:
-                    a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90:
-                    76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2:
-                    cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a:
-                    fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55:
-                    60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86:
-                    5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26:
-                    93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e:
-                    4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0:
-                    07:e1
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Authority Key Identifier: 
-                keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
-
-            X509v3 Subject Key Identifier: 
-                55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
-            1.2.840.113533.7.65.0: 
-                0...V5.0:4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        59:47:ac:21:84:8a:17:c9:9c:89:53:1e:ba:80:85:1a:c6:3c:
-        4e:3e:b1:9c:b6:7c:c6:92:5d:18:64:02:e3:d3:06:08:11:61:
-        7c:63:e3:2b:9d:31:03:70:76:d2:a3:28:a0:f4:bb:9a:63:73:
-        ed:6d:e5:2a:db:ed:14:a9:2b:c6:36:11:d0:2b:eb:07:8b:a5:
-        da:9e:5c:19:9d:56:12:f5:54:29:c8:05:ed:b2:12:2a:8d:f4:
-        03:1b:ff:e7:92:10:87:b0:3a:b5:c3:9d:05:37:12:a3:c7:f4:
-        15:b9:d5:a4:39:16:9b:53:3a:23:91:f1:a8:82:a2:6a:88:68:
-        c1:79:02:22:bc:aa:a6:d6:ae:df:b0:14:5f:b8:87:d0:dd:7c:
-        7f:7b:ff:af:1c:cf:e6:db:07:ad:5e:db:85:9d:d0:2b:0d:33:
-        db:04:d1:e6:49:40:13:2b:76:fb:3e:e9:9c:89:0f:15:ce:18:
-        b0:85:78:21:4f:6b:4f:0e:fa:36:67:cd:07:f2:ff:08:d0:e2:
-        de:d9:bf:2a:af:b8:87:86:21:3c:04:ca:b7:94:68:7f:cf:3c:
-        e9:98:d7:38:ff:ec:c0:d9:50:f0:2e:4b:58:ae:46:6f:d0:2e:
-        c3:60:da:72:55:72:bd:4c:45:9e:61:ba:bf:84:81:92:03:d1:
-        d2:69:7c:c5
-
-Entrust.net Secure Personal CA
-==============================
-MD5 Fingerprint: 0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u
-ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh
-Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
-BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
-Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU
-MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D
-bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl
-MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq
-RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G
-CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo
-6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux
-5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm
-AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC
-ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
-cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m
-by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp
-IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg
-Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg
-KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV
-HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E
-BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE
-FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA
-BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7
-pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz
-wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a
-EkP/TOYGJqibGapEPHayXOw=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 939758062 (0x380391ee)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
-        Validity
-            Not Before: Oct 12 19:24:30 1999 GMT
-            Not After : Oct 12 19:54:30 2019 GMT
-        Subject: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c8:3a:99:5e:31:17:df:ac:27:6f:90:7b:e4:19:
-                    ff:45:a3:34:c2:db:c1:a8:4f:f0:68:ea:84:fd:9f:
-                    75:79:cf:c1:8a:51:94:af:c7:57:03:47:64:9e:ad:
-                    82:1b:5a:da:7f:37:78:47:bb:37:98:12:96:ce:c6:
-                    13:7d:ef:d2:0c:30:51:a9:39:9e:55:f8:fb:b1:e7:
-                    30:de:83:b2:ba:3e:f1:d5:89:3b:3b:85:ba:aa:74:
-                    2c:fe:3f:31:6e:af:91:95:6e:06:d4:07:4d:4b:2c:
-                    56:47:18:04:52:da:0e:10:93:bf:63:90:9b:e1:df:
-                    8c:e6:02:a4:e6:4f:5e:f7:8b
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client Certification Authority/CN=CRL1
-                URI:http://www.entrust.net/CRL/Client1.crl
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Oct 12 19:24:30 1999 GMT, Not After: Oct 12 19:24:30 2019 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
-
-            X509v3 Subject Key Identifier: 
-                C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: md5WithRSAEncryption
-        3f:ae:8a:f1:d7:66:03:05:9e:3e:fa:ea:1c:46:bb:a4:5b:8f:
-        78:9a:12:48:99:f9:f4:35:de:0c:36:07:02:6b:10:3a:89:14:
-        81:9c:31:a6:7c:b2:41:b2:6a:e7:07:01:a1:4b:f9:9f:25:3b:
-        96:ca:99:c3:3e:a1:51:1c:f3:c3:2e:44:f7:b0:67:46:aa:92:
-        e5:3b:da:1c:19:14:38:30:d5:e2:a2:31:25:2e:f1:ec:45:38:
-        ed:f8:06:58:03:73:62:b0:10:31:8f:40:bf:64:e0:5c:3e:c5:
-        4f:1f:da:12:43:ff:4c:e6:06:26:a8:9b:19:aa:44:3c:76:b2:
-        5c:ec
-
-Entrust.net Secure Server CA
-============================
-MD5 Fingerprint: DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
-ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
-KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
-ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
-MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
-b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
-bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
-U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
-A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
-I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
-wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
-AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
-oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
-BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
-dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
-MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
-dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
-MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
-E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
-MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
-hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
-95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
-2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 927650371 (0x374ad243)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
-        Validity
-            Not Before: May 25 16:09:40 1999 GMT
-            Not After : May 25 16:39:40 2019 GMT
-        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
-                    af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
-                    0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
-                    26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
-                    d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
-                    da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
-                    92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
-                    ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
-                    b1:16:19:61:b9:54:b6:e6:43
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1
-                URI:http://www.entrust.net/CRL/net1.crl
-
-            X509v3 Private Key Usage Period: 
-                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
-
-            X509v3 Subject Key Identifier: 
-                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
-        47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
-        f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
-        c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
-        a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
-        0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
-        73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
-        f9:b2
-
-Equifax Premium CA
-==================
-MD5 Fingerprint: A9:E9:A8:9D:0E:73:E3:B1:2F:37:0D:E8:48:3F:86:ED
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDIzCCAoygAwIBAgIENeHvHjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJV
-UzEQMA4GA1UEChMHRXF1aWZheDEuMCwGA1UECxMlRXF1aWZheCBQcmVtaXVtIENl
-cnRpZmljYXRlIEF1dGhvcml0eTAeFw05ODA4MjQyMjU0MjNaFw0xODA4MjQyMjU0
-MjNaME8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS4wLAYDVQQLEyVF
-cXVpZmF4IFByZW1pdW0gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3
-DQEBAQUAA4GNADCBiQKBgQDOoQaOBswIC8GGqN4g1Q0O0Q3En+pq2bPCMkdAb4qI
-pAm9OCwd5svmpPM269rrvPxkswf2Lbyqzp8ZSGhK/PWiRX4JEPWPs0lcIwY56hOL
-uAvNkR12X9k3oUT7X5DyZ7PNGJlDH3YSawLylYM4Q8L2YjTKyXhdX9LYupr/vhBg
-WwIDAQABo4IBCjCCAQYwcQYDVR0fBGowaDBmoGSgYqRgMF4xCzAJBgNVBAYTAlVT
-MRAwDgYDVQQKEwdFcXVpZmF4MS4wLAYDVQQLEyVFcXVpZmF4IFByZW1pdW0gQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIw
-MTgwODI0MjI1NDIzWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUFe6yKFmrbuX4
-z4uB9CThrj91G5gwHQYDVR0OBBYEFBXusihZq27l+M+LgfQk4a4/dRuYMAwGA1Ud
-EwQFMAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEB
-BQUAA4GBAL0LnCepA9so3JipS9DRjqeoGlqR4Jzx9xh8LiKeNh/JqLXNRkpu+jUH
-G4YI65/iqPmdQS06rlxctl80BOv8KmCw+3TkhellOJbuFcfGd2MSvYpoH6tsfdrK
-XBPO6snrCVzFc+cSAdXZUwee4A+W8Iu0u0VIn4bFGVWgy5bFA/xI
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 903999262 (0x35e1ef1e)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Equifax, OU=Equifax Premium Certificate Authority
-        Validity
-            Not Before: Aug 24 22:54:23 1998 GMT
-            Not After : Aug 24 22:54:23 2018 GMT
-        Subject: C=US, O=Equifax, OU=Equifax Premium Certificate Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ce:a1:06:8e:06:cc:08:0b:c1:86:a8:de:20:d5:
-                    0d:0e:d1:0d:c4:9f:ea:6a:d9:b3:c2:32:47:40:6f:
-                    8a:88:a4:09:bd:38:2c:1d:e6:cb:e6:a4:f3:36:eb:
-                    da:eb:bc:fc:64:b3:07:f6:2d:bc:aa:ce:9f:19:48:
-                    68:4a:fc:f5:a2:45:7e:09:10:f5:8f:b3:49:5c:23:
-                    06:39:ea:13:8b:b8:0b:cd:91:1d:76:5f:d9:37:a1:
-                    44:fb:5f:90:f2:67:b3:cd:18:99:43:1f:76:12:6b:
-                    02:f2:95:83:38:43:c2:f6:62:34:ca:c9:78:5d:5f:
-                    d2:d8:ba:9a:ff:be:10:60:5b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Equifax/OU=Equifax Premium Certificate Authority/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not After: Aug 24 22:54:23 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:15:EE:B2:28:59:AB:6E:E5:F8:CF:8B:81:F4:24:E1:AE:3F:75:1B:98
-
-            X509v3 Subject Key Identifier: 
-                15:EE:B2:28:59:AB:6E:E5:F8:CF:8B:81:F4:24:E1:AE:3F:75:1B:98
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V3.0c....
-    Signature Algorithm: sha1WithRSAEncryption
-        bd:0b:9c:27:a9:03:db:28:dc:98:a9:4b:d0:d1:8e:a7:a8:1a:
-        5a:91:e0:9c:f1:f7:18:7c:2e:22:9e:36:1f:c9:a8:b5:cd:46:
-        4a:6e:fa:35:07:1b:86:08:eb:9f:e2:a8:f9:9d:41:2d:3a:ae:
-        5c:5c:b6:5f:34:04:eb:fc:2a:60:b0:fb:74:e4:85:e9:65:38:
-        96:ee:15:c7:c6:77:63:12:bd:8a:68:1f:ab:6c:7d:da:ca:5c:
-        13:ce:ea:c9:eb:09:5c:c5:73:e7:12:01:d5:d9:53:07:9e:e0:
-        0f:96:f0:8b:b4:bb:45:48:9f:86:c5:19:55:a0:cb:96:c5:03:
-        fc:48
-
-Equifax Secure CA
-=================
-MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
-UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
-MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
-dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
-BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
-cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
-AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
-MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
-aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
-ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
-IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
-MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
-A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
-7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
-1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 903804111 (0x35def4cf)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-        Validity
-            Not Before: Aug 22 16:41:51 1998 GMT
-            Not After : Aug 22 16:41:51 2018 GMT
-        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c1:5d:b1:58:67:08:62:ee:a0:9a:2d:1f:08:6d:
-                    91:14:68:98:0a:1e:fe:da:04:6f:13:84:62:21:c3:
-                    d1:7c:ce:9f:05:e0:b8:01:f0:4e:34:ec:e2:8a:95:
-                    04:64:ac:f1:6b:53:5f:05:b3:cb:67:80:bf:42:02:
-                    8e:fe:dd:01:09:ec:e1:00:14:4f:fc:fb:f0:0c:dd:
-                    43:ba:5b:2b:e1:1f:80:70:99:15:57:93:16:f1:0f:
-                    97:6a:b7:c2:68:23:1c:cc:4d:59:30:ac:51:1e:3b:
-                    af:2b:d6:ee:63:45:7b:c5:d9:5f:50:d2:e3:50:0f:
-                    3a:88:e7:bf:14:fd:e0:c7:b9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not After: Aug 22 16:41:51 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
-
-            X509v3 Subject Key Identifier: 
-                48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V3.0c....
-    Signature Algorithm: sha1WithRSAEncryption
-        58:ce:29:ea:fc:f7:de:b5:ce:02:b9:17:b5:85:d1:b9:e3:e0:
-        95:cc:25:31:0d:00:a6:92:6e:7f:b6:92:63:9e:50:95:d1:9a:
-        6f:e4:11:de:63:85:6e:98:ee:a8:ff:5a:c8:d3:55:b2:66:71:
-        57:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f:
-        a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14:
-        77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21:
-        65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07:
-        77:38
-
-GTE CyberTrust Global Root
-==========================
-MD5 Fingerprint: CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
-VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
-bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
-b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
-UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
-cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
-b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
-iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
-r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
-04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
-GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
-3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
-lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 421 (0x1a5)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
-        Validity
-            Not Before: Aug 13 00:29:00 1998 GMT
-            Not After : Aug 13 23:59:00 2018 GMT
-        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:95:0f:a0:b6:f0:50:9c:e8:7a:c7:88:cd:dd:17:
-                    0e:2e:b0:94:d0:1b:3d:0e:f6:94:c0:8a:94:c7:06:
-                    c8:90:97:c8:b8:64:1a:7a:7e:6c:3c:53:e1:37:28:
-                    73:60:7f:b2:97:53:07:9f:53:f9:6d:58:94:d2:af:
-                    8d:6d:88:67:80:e6:ed:b2:95:cf:72:31:ca:a5:1c:
-                    72:ba:5c:02:e7:64:42:e7:f9:a9:2c:d6:3a:0d:ac:
-                    8d:42:aa:24:01:39:e6:9c:3f:01:85:57:0d:58:87:
-                    45:f8:d3:85:aa:93:69:26:85:70:48:80:3f:12:15:
-                    c7:79:b4:1f:05:2f:3b:62:99
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        6d:eb:1b:09:e9:5e:d9:51:db:67:22:61:a4:2a:3c:48:77:e3:
-        a0:7c:a6:de:73:a2:14:03:85:3d:fb:ab:0e:30:c5:83:16:33:
-        81:13:08:9e:7b:34:4e:df:40:c8:74:d7:b9:7d:dc:f4:76:55:
-        7d:9b:63:54:18:e9:f0:ea:f3:5c:b1:d9:8b:42:1e:b9:c0:95:
-        4e:ba:fa:d5:e2:7c:f5:68:61:bf:8e:ec:05:97:5f:5b:b0:d7:
-        a3:85:34:c4:24:a7:0d:0f:95:93:ef:cb:94:d8:9e:1f:9d:5c:
-        85:6d:c7:aa:ae:4f:1f:22:b5:cd:95:ad:ba:a7:cc:f9:ab:0b:
-        7a:7f
-
-GTE CyberTrust Japan Root CA
-============================
-MD5 Fingerprint: DE:AB:FF:43:2A:65:37:06:9B:28:B5:7A:E8:84:D3:8E
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICETCCAXoCAU4wDQYJKoZIhvcNAQEEBQAwUTELMAkGA1UEBhMCSlAxHzAdBgNV
-BAoTFkN5YmVyVHJ1c3QgSmFwYW4sIEluYy4xITAfBgNVBAMTGEN5YmVyVHJ1c3Qg
-SkFQQU4gUm9vdCBDQTAeFw05ODA4MDQwNzU3MDBaFw0wMzA4MDQyMzU5MDBaMFEx
-CzAJBgNVBAYTAkpQMR8wHQYDVQQKExZDeWJlclRydXN0IEphcGFuLCBJbmMuMSEw
-HwYDVQQDExhDeWJlclRydXN0IEpBUEFOIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBALet/MpHEHaJ/Wes5HMGfIFLHda1fA5Hr+ymVHWoxP1lr+fI
-sbFsNDWN97lkVygLIVredP7ceC6GRhJMfxEf3JO9X75mmIa4t+xtSdOQ2eF5AFZo
-uq1sHyw7H8ksjEOwBELqgXOmzjN1RQ2KRXIvqldV5AfDQ+J1Og+8PNCEzrrvAgMB
-AAEwDQYJKoZIhvcNAQEEBQADgYEAt6ZkowyAPBzE2O5BO+WGpJ5gXdYBMqhqZC0g
-cEC6ck5m+gdlTgOOC/1W4K07IKcy+rISHoDfHuN6GMxX2+bJNGDvdesQFtCkLnDY
-JCO4pXdzQvkHOt0BbAiTBzUmECVgKf8J5WSfabkWSfNc3SRjRpMNsFM2dbxIILsZ
-to/QIv0=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 78 (0x4e)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Root CA
-        Validity
-            Not Before: Aug  4 07:57:00 1998 GMT
-            Not After : Aug  4 23:59:00 2003 GMT
-        Subject: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b7:ad:fc:ca:47:10:76:89:fd:67:ac:e4:73:06:
-                    7c:81:4b:1d:d6:b5:7c:0e:47:af:ec:a6:54:75:a8:
-                    c4:fd:65:af:e7:c8:b1:b1:6c:34:35:8d:f7:b9:64:
-                    57:28:0b:21:5a:de:74:fe:dc:78:2e:86:46:12:4c:
-                    7f:11:1f:dc:93:bd:5f:be:66:98:86:b8:b7:ec:6d:
-                    49:d3:90:d9:e1:79:00:56:68:ba:ad:6c:1f:2c:3b:
-                    1f:c9:2c:8c:43:b0:04:42:ea:81:73:a6:ce:33:75:
-                    45:0d:8a:45:72:2f:aa:57:55:e4:07:c3:43:e2:75:
-                    3a:0f:bc:3c:d0:84:ce:ba:ef
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        b7:a6:64:a3:0c:80:3c:1c:c4:d8:ee:41:3b:e5:86:a4:9e:60:
-        5d:d6:01:32:a8:6a:64:2d:20:70:40:ba:72:4e:66:fa:07:65:
-        4e:03:8e:0b:fd:56:e0:ad:3b:20:a7:32:fa:b2:12:1e:80:df:
-        1e:e3:7a:18:cc:57:db:e6:c9:34:60:ef:75:eb:10:16:d0:a4:
-        2e:70:d8:24:23:b8:a5:77:73:42:f9:07:3a:dd:01:6c:08:93:
-        07:35:26:10:25:60:29:ff:09:e5:64:9f:69:b9:16:49:f3:5c:
-        dd:24:63:46:93:0d:b0:53:36:75:bc:48:20:bb:19:b6:8f:d0:
-        22:fd
-
-GTE CyberTrust Japan Secure Server CA
-=====================================
-MD5 Fingerprint: DD:0D:0D:B4:78:4B:7D:CE:30:0A:A6:35:C6:AB:4C:88
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICIzCCAYwCAU8wDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCSlAxHzAdBgNV
-BAoTFkN5YmVyVHJ1c3QgSmFwYW4sIEluYy4xKjAoBgNVBAMTIUN5YmVyVHJ1c3Qg
-SkFQQU4gU2VjdXJlIFNlcnZlciBDQTAeFw05ODA4MDQwODA2MzJaFw0wMzA4MDQy
-MzU5MDBaMFoxCzAJBgNVBAYTAkpQMR8wHQYDVQQKExZDeWJlclRydXN0IEphcGFu
-LCBJbmMuMSowKAYDVQQDEyFDeWJlclRydXN0IEpBUEFOIFNlY3VyZSBTZXJ2ZXIg
-Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKwmo6G4b2rALBL52zEFkuf9
-+tSBtLjVKtWQ+vBDZfwSFcrs27lh3jNjN0+vADx/kjcbGHPlnzyI8RoTRP558sMm
-lQ8L8J4UByFsV8Jdw+JRsM2LX81fhjj4eZc57Oi/Ui6xXqqprozt7tfIty4xi7Q5
-kjt8gScHGgFEL0lzILbJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAaB17Eu5aeSkx
-ygGsi1CpJ5ksAPw4Ghz/wtXwE/4bpzn1gBTrUfrAjXuEG1musTVRbqE+1xvsoJ7f
-4KWCluOxP9io8ct5gI738ESZfhT1I6MR42hLBTZuiOOrhqo4UwNCO9O5+eC/BenT
-X8NKp7b9t12QSfiasq1mpoIAk65g/yA=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 79 (0x4f)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Secure Server CA
-        Validity
-            Not Before: Aug  4 08:06:32 1998 GMT
-            Not After : Aug  4 23:59:00 2003 GMT
-        Subject: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Secure Server CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ac:26:a3:a1:b8:6f:6a:c0:2c:12:f9:db:31:05:
-                    92:e7:fd:fa:d4:81:b4:b8:d5:2a:d5:90:fa:f0:43:
-                    65:fc:12:15:ca:ec:db:b9:61:de:33:63:37:4f:af:
-                    00:3c:7f:92:37:1b:18:73:e5:9f:3c:88:f1:1a:13:
-                    44:fe:79:f2:c3:26:95:0f:0b:f0:9e:14:07:21:6c:
-                    57:c2:5d:c3:e2:51:b0:cd:8b:5f:cd:5f:86:38:f8:
-                    79:97:39:ec:e8:bf:52:2e:b1:5e:aa:a9:ae:8c:ed:
-                    ee:d7:c8:b7:2e:31:8b:b4:39:92:3b:7c:81:27:07:
-                    1a:01:44:2f:49:73:20:b6:c9
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        68:1d:7b:12:ee:5a:79:29:31:ca:01:ac:8b:50:a9:27:99:2c:
-        00:fc:38:1a:1c:ff:c2:d5:f0:13:fe:1b:a7:39:f5:80:14:eb:
-        51:fa:c0:8d:7b:84:1b:59:ae:b1:35:51:6e:a1:3e:d7:1b:ec:
-        a0:9e:df:e0:a5:82:96:e3:b1:3f:d8:a8:f1:cb:79:80:8e:f7:
-        f0:44:99:7e:14:f5:23:a3:11:e3:68:4b:05:36:6e:88:e3:ab:
-        86:aa:38:53:03:42:3b:d3:b9:f9:e0:bf:05:e9:d3:5f:c3:4a:
-        a7:b6:fd:b7:5d:90:49:f8:9a:b2:ad:66:a6:82:00:93:ae:60:
-        ff:20
-
-GTE CyberTrust Root 2
-=====================
-MD5 Fingerprint: BA:ED:17:57:9A:4B:FF:7C:F9:C9:1F:A2:CD:1A:D6:87
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICUDCCAbkCAgGbMA0GCSqGSIb3DQEBBAUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
-VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
-bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCAyMB4X
-DTk4MDgxMTExMzUwN1oXDTA4MDgxMTExMjIxNlowcDELMAkGA1UEBhMCVVMxGDAW
-BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
-U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDIw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANksTE4vaRoj41a6886EwAnAefFE
-XzMfFZF/iogouCRFzI8YzR900bWPcUzWMfZzloSUQMWpg2Akfa9vNLdLTMIJgDtF
-BJ7EPMQndXsADKFkR7UUXYJLUTpYu0RMPdPlBjjoYVyYeLuAs5zacoJioN+cX+v5
-T3fCzGAYAGs0giWzAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAo2SRbxDt526iQkCU
-eM74FAjR+kOF60bNkhTQ7y4tNjkY2brJJ4gp6UgXb/jBqshhbS39QC11QzCXOfgU
-ZL1v72OoK0LfsloNJex7N9jOkSmCFvnoYqLhdsQCfd0li5jh9g1gjPZZkEBRRNHC
-+xkkHhc5a3QhFTPWVdeCHnAsJ6g=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 411 (0x19b)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 2
-        Validity
-            Not Before: Aug 11 11:35:07 1998 GMT
-            Not After : Aug 11 11:22:16 2008 GMT
-        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 2
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d9:2c:4c:4e:2f:69:1a:23:e3:56:ba:f3:ce:84:
-                    c0:09:c0:79:f1:44:5f:33:1f:15:91:7f:8a:88:28:
-                    b8:24:45:cc:8f:18:cd:1f:74:d1:b5:8f:71:4c:d6:
-                    31:f6:73:96:84:94:40:c5:a9:83:60:24:7d:af:6f:
-                    34:b7:4b:4c:c2:09:80:3b:45:04:9e:c4:3c:c4:27:
-                    75:7b:00:0c:a1:64:47:b5:14:5d:82:4b:51:3a:58:
-                    bb:44:4c:3d:d3:e5:06:38:e8:61:5c:98:78:bb:80:
-                    b3:9c:da:72:82:62:a0:df:9c:5f:eb:f9:4f:77:c2:
-                    cc:60:18:00:6b:34:82:25:b3
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        a3:64:91:6f:10:ed:e7:6e:a2:42:40:94:78:ce:f8:14:08:d1:
-        fa:43:85:eb:46:cd:92:14:d0:ef:2e:2d:36:39:18:d9:ba:c9:
-        27:88:29:e9:48:17:6f:f8:c1:aa:c8:61:6d:2d:fd:40:2d:75:
-        43:30:97:39:f8:14:64:bd:6f:ef:63:a8:2b:42:df:b2:5a:0d:
-        25:ec:7b:37:d8:ce:91:29:82:16:f9:e8:62:a2:e1:76:c4:02:
-        7d:dd:25:8b:98:e1:f6:0d:60:8c:f6:59:90:40:51:44:d1:c2:
-        fb:19:24:1e:17:39:6b:74:21:15:33:d6:55:d7:82:1e:70:2c:
-        27:a8
-
-GTE CyberTrust Root 3
-=====================
-MD5 Fingerprint: DB:81:96:57:AE:64:61:EF:77:A7:83:C4:51:24:3C:87
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICUDCCAbkCAgGXMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
-VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
-bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCAzMB4X
-DTk4MDgxMDE5NTkwOFoXDTA4MDgxMDE5MzYzOVowcDELMAkGA1UEBhMCVVMxGDAW
-BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
-U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHzsSsLztwU2TSXYlASVmOETFP6
-wIXP+sHdD955E39T+6oOYN3iYr/G7k6ZNKpoQzWZ+KP982O9AVRqnrI6lix7eCjG
-WrWNGhUY/eOMLqJQCVtx1g21GB8ZjgQpk5N4q18U53NC8gMMV6IbUDsLu1ngoDoD
-7icbWky5sAjKuRqJAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAheutlCAG6bKiazvy
-ZuvjS7gSJgXl9JGo3IfcmPSUwfRhvdWcbFFzlV7QvdfmRdw8z0aE1ee57ORnY24A
-KHdxXUoF6bl8hszCRLveKUja6t29F58dUQGo6BResVf3/9qPzpX+Le0yEnf/fGph
-la4xcgYI8PnzDY7i76hTXZEDg94=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 407 (0x197)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 3
-        Validity
-            Not Before: Aug 10 19:59:08 1998 GMT
-            Not After : Aug 10 19:36:39 2008 GMT
-        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e1:f3:b1:2b:0b:ce:dc:14:d9:34:97:62:50:12:
-                    56:63:84:4c:53:fa:c0:85:cf:fa:c1:dd:0f:de:79:
-                    13:7f:53:fb:aa:0e:60:dd:e2:62:bf:c6:ee:4e:99:
-                    34:aa:68:43:35:99:f8:a3:fd:f3:63:bd:01:54:6a:
-                    9e:b2:3a:96:2c:7b:78:28:c6:5a:b5:8d:1a:15:18:
-                    fd:e3:8c:2e:a2:50:09:5b:71:d6:0d:b5:18:1f:19:
-                    8e:04:29:93:93:78:ab:5f:14:e7:73:42:f2:03:0c:
-                    57:a2:1b:50:3b:0b:bb:59:e0:a0:3a:03:ee:27:1b:
-                    5a:4c:b9:b0:08:ca:b9:1a:89
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        85:eb:ad:94:20:06:e9:b2:a2:6b:3b:f2:66:eb:e3:4b:b8:12:
-        26:05:e5:f4:91:a8:dc:87:dc:98:f4:94:c1:f4:61:bd:d5:9c:
-        6c:51:73:95:5e:d0:bd:d7:e6:45:dc:3c:cf:46:84:d5:e7:b9:
-        ec:e4:67:63:6e:00:28:77:71:5d:4a:05:e9:b9:7c:86:cc:c2:
-        44:bb:de:29:48:da:ea:dd:bd:17:9f:1d:51:01:a8:e8:14:5e:
-        b1:57:f7:ff:da:8f:ce:95:fe:2d:ed:32:12:77:ff:7c:6a:61:
-        95:ae:31:72:06:08:f0:f9:f3:0d:8e:e2:ef:a8:53:5d:91:03:
-        83:de
-
-GTE CyberTrust Root 4
-=====================
-MD5 Fingerprint: 33:43:02:B1:B9:E0:73:B1:B1:20:CA:CB:C7:84:03:50
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDVTCCAj0CAgGoMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
-VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
-bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCA0MB4X
-DTk4MDgxMzEzNTEwMFoXDTEzMDgxMzIzNTkwMFowcDELMAkGA1UEBhMCVVMxGDAW
-BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
-U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6nSJuf9pmPDlCsaMqb9P3
-vK6sMVrXEZBHuZ0ZLvnzGyKgw+GnusT8XgqUS5haSybkH/Tc8/6OiNxsLXx3hyZQ
-wF5OqCih6hdpT03GAQ7amg0GViYVtqRdejWvje14Uob5OKuzAdPaBZaxtlCrwKGu
-F1P6QzkgcWUj223Etu2YRYPX0vbiqWv7+XXM78WrcZY16N+OkZuoEHUft84Tjmuz
-lneXGpEvxyxpmfAPKmgAmHZEG4wo0uuO9IO0f6QlXmw72cZo1WG41F4xB7VbkDVS
-V3sXIO0tuB6OiDk+Usvf8FyxZbulErSQY79xnTLB2r9QSpW+BjrEK+vNmHZETQvl
-AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEOvHIfJSbpliTRJPOoHO0eiedSgO5Bs
-3n+oVMPoTEAyvMjsHOXZrEC6/Iw/wnOc9GTq36ntTlvIAWDuOW1DJ/N/qgjS/k5v
-FDJNfeQ0gKU1xNZGULQ7oC1lH09lfjQoLcCndn0xyQ0zFvYgGSARULsDzHBtlrfv
-TKfaNhXPu03UltyITWyY7blz/ihXoO1k+AqBKXP29pcyhzm0ge/ZTRoHNPe6QjXe
-V9xc1vfF6wonDIGmwtBoTv2SW0iD9haKjzZb7TFsP0F6cfeSPzGkCkBM84biYcE8
-SYEtpbjvupcPvCsdm4ny0o4eTYbywqv2LZnAGyoNobZP+SxYTT19Nwo=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 424 (0x1a8)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 4
-        Validity
-            Not Before: Aug 13 13:51:00 1998 GMT
-            Not After : Aug 13 23:59:00 2013 GMT
-        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 4
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ba:9d:22:6e:7f:da:66:3c:39:42:b1:a3:2a:6f:
-                    d3:f7:bc:ae:ac:31:5a:d7:11:90:47:b9:9d:19:2e:
-                    f9:f3:1b:22:a0:c3:e1:a7:ba:c4:fc:5e:0a:94:4b:
-                    98:5a:4b:26:e4:1f:f4:dc:f3:fe:8e:88:dc:6c:2d:
-                    7c:77:87:26:50:c0:5e:4e:a8:28:a1:ea:17:69:4f:
-                    4d:c6:01:0e:da:9a:0d:06:56:26:15:b6:a4:5d:7a:
-                    35:af:8d:ed:78:52:86:f9:38:ab:b3:01:d3:da:05:
-                    96:b1:b6:50:ab:c0:a1:ae:17:53:fa:43:39:20:71:
-                    65:23:db:6d:c4:b6:ed:98:45:83:d7:d2:f6:e2:a9:
-                    6b:fb:f9:75:cc:ef:c5:ab:71:96:35:e8:df:8e:91:
-                    9b:a8:10:75:1f:b7:ce:13:8e:6b:b3:96:77:97:1a:
-                    91:2f:c7:2c:69:99:f0:0f:2a:68:00:98:76:44:1b:
-                    8c:28:d2:eb:8e:f4:83:b4:7f:a4:25:5e:6c:3b:d9:
-                    c6:68:d5:61:b8:d4:5e:31:07:b5:5b:90:35:52:57:
-                    7b:17:20:ed:2d:b8:1e:8e:88:39:3e:52:cb:df:f0:
-                    5c:b1:65:bb:a5:12:b4:90:63:bf:71:9d:32:c1:da:
-                    bf:50:4a:95:be:06:3a:c4:2b:eb:cd:98:76:44:4d:
-                    0b:e5
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        43:af:1c:87:c9:49:ba:65:89:34:49:3c:ea:07:3b:47:a2:79:
-        d4:a0:3b:90:6c:de:7f:a8:54:c3:e8:4c:40:32:bc:c8:ec:1c:
-        e5:d9:ac:40:ba:fc:8c:3f:c2:73:9c:f4:64:ea:df:a9:ed:4e:
-        5b:c8:01:60:ee:39:6d:43:27:f3:7f:aa:08:d2:fe:4e:6f:14:
-        32:4d:7d:e4:34:80:a5:35:c4:d6:46:50:b4:3b:a0:2d:65:1f:
-        4f:65:7e:34:28:2d:c0:a7:76:7d:31:c9:0d:33:16:f6:20:19:
-        20:11:50:bb:03:cc:70:6d:96:b7:ef:4c:a7:da:36:15:cf:bb:
-        4d:d4:96:dc:88:4d:6c:98:ed:b9:73:fe:28:57:a0:ed:64:f8:
-        0a:81:29:73:f6:f6:97:32:87:39:b4:81:ef:d9:4d:1a:07:34:
-        f7:ba:42:35:de:57:dc:5c:d6:f7:c5:eb:0a:27:0c:81:a6:c2:
-        d0:68:4e:fd:92:5b:48:83:f6:16:8a:8f:36:5b:ed:31:6c:3f:
-        41:7a:71:f7:92:3f:31:a4:0a:40:4c:f3:86:e2:61:c1:3c:49:
-        81:2d:a5:b8:ef:ba:97:0f:bc:2b:1d:9b:89:f2:d2:8e:1e:4d:
-        86:f2:c2:ab:f6:2d:99:c0:1b:2a:0d:a1:b6:4f:f9:2c:58:4d:
-        3d:7d:37:0a
-
-GTE CyberTrust Root 5
-=====================
-MD5 Fingerprint: 7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDtjCCAp6gAwIBAgICAbYwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UEBhMCVVMx
-GDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1
-c3QgU29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290
-IDUwHhcNOTgwODE0MTQ1MDAwWhcNMTMwODE0MjM1OTAwWjBwMQswCQYDVQQGEwJV
-UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
-cnVzdCBTb2x1dGlvbnMsIEluYy4xHjAcBgNVBAMTFUdURSBDeWJlclRydXN0IFJv
-b3QgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALwSbj+KfHqXAewe
-uzlaAvR4RKJIG457SVJ6uHtHs6+Um2+7lvoramVcuByUc76/iQoigO5X/IwFu3Cf
-lzkE2qOHXKjlyq/AM5rVN1xLrOSA0KYjYPv9ci6UncfOwgQy73hgXe2thw9FZR48
-mgqavl0dmezn8tHGehfZrZtUln/EfGC/haoVNR1A2hG87FQhKC0joajwzy3N3fx+
-D17hZQdWywe00lboXjHMGGPEhtIthc+Tkqtt/mg5+95zvYb45EZ66p8My/QZ/mO8
-0Sx7iDM29uThnAxTgWAc2i6rlqkWiBNQmbK9Vd8VMH7o5Zj7cH5stQf8/Ea30O03
-ln4y/iECAwEAAaNaMFgwEgYDVR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMC
-AQYwFwYDVR0gBBAwDjAMBgoqhkiG+GMBAgEDMBkGA1UdDgQSBBB2CkkhOEyf3vjE
-ScdxcZGdMA0GCSqGSIb3DQEBBQUAA4IBAQBBOtQYW9q43iEc4Y4J5fFoNP/elvQH
-9ac886xKsZv6kvqb7eYyIapKdsXcTzjl39WG5NXIdn2Y17HNj021kSNsi4rr6nzv
-FJTExvAfSi0ycWMrY5EmAgm2gB3t4sy4f9uHY8jh0GwmsTUdQGYQG82VVBgzYewT
-T9oT95mvPtDPjqZyorPDBZrJJ32SzH5SjbOrcG2eiZ9N6xp1wpiq1QIW1wyKvyXk
-6y28mOlYOBl8uTf+2+KZCHMGx5eDan0QAS8yuRcFSmXmL86+XlOmgumaUwqEdC2D
-ysiUFnZflGEo8IWnObvXi9moshMdVAk0JH0ggX1mfqKQdFwQxr3sqxvC
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 438 (0x1b6)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 5
-        Validity
-            Not Before: Aug 14 14:50:00 1998 GMT
-            Not After : Aug 14 23:59:00 2013 GMT
-        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 5
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:bc:12:6e:3f:8a:7c:7a:97:01:ec:1e:bb:39:5a:
-                    02:f4:78:44:a2:48:1b:8e:7b:49:52:7a:b8:7b:47:
-                    b3:af:94:9b:6f:bb:96:fa:2b:6a:65:5c:b8:1c:94:
-                    73:be:bf:89:0a:22:80:ee:57:fc:8c:05:bb:70:9f:
-                    97:39:04:da:a3:87:5c:a8:e5:ca:af:c0:33:9a:d5:
-                    37:5c:4b:ac:e4:80:d0:a6:23:60:fb:fd:72:2e:94:
-                    9d:c7:ce:c2:04:32:ef:78:60:5d:ed:ad:87:0f:45:
-                    65:1e:3c:9a:0a:9a:be:5d:1d:99:ec:e7:f2:d1:c6:
-                    7a:17:d9:ad:9b:54:96:7f:c4:7c:60:bf:85:aa:15:
-                    35:1d:40:da:11:bc:ec:54:21:28:2d:23:a1:a8:f0:
-                    cf:2d:cd:dd:fc:7e:0f:5e:e1:65:07:56:cb:07:b4:
-                    d2:56:e8:5e:31:cc:18:63:c4:86:d2:2d:85:cf:93:
-                    92:ab:6d:fe:68:39:fb:de:73:bd:86:f8:e4:46:7a:
-                    ea:9f:0c:cb:f4:19:fe:63:bc:d1:2c:7b:88:33:36:
-                    f6:e4:e1:9c:0c:53:81:60:1c:da:2e:ab:96:a9:16:
-                    88:13:50:99:b2:bd:55:df:15:30:7e:e8:e5:98:fb:
-                    70:7e:6c:b5:07:fc:fc:46:b7:d0:ed:37:96:7e:32:
-                    fe:21
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:5
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Certificate Policies: 
-                Policy: 1.2.840.113763.1.2.1.3
-
-            X509v3 Subject Key Identifier: 
-                76:0A:49:21:38:4C:9F:DE:F8:C4:49:C7:71:71:91:9D
-    Signature Algorithm: sha1WithRSAEncryption
-        41:3a:d4:18:5b:da:b8:de:21:1c:e1:8e:09:e5:f1:68:34:ff:
-        de:96:f4:07:f5:a7:3c:f3:ac:4a:b1:9b:fa:92:fa:9b:ed:e6:
-        32:21:aa:4a:76:c5:dc:4f:38:e5:df:d5:86:e4:d5:c8:76:7d:
-        98:d7:b1:cd:8f:4d:b5:91:23:6c:8b:8a:eb:ea:7c:ef:14:94:
-        c4:c6:f0:1f:4a:2d:32:71:63:2b:63:91:26:02:09:b6:80:1d:
-        ed:e2:cc:b8:7f:db:87:63:c8:e1:d0:6c:26:b1:35:1d:40:66:
-        10:1b:cd:95:54:18:33:61:ec:13:4f:da:13:f7:99:af:3e:d0:
-        cf:8e:a6:72:a2:b3:c3:05:9a:c9:27:7d:92:cc:7e:52:8d:b3:
-        ab:70:6d:9e:89:9f:4d:eb:1a:75:c2:98:aa:d5:02:16:d7:0c:
-        8a:bf:25:e4:eb:2d:bc:98:e9:58:38:19:7c:b9:37:fe:db:e2:
-        99:08:73:06:c7:97:83:6a:7d:10:01:2f:32:b9:17:05:4a:65:
-        e6:2f:ce:be:5e:53:a6:82:e9:9a:53:0a:84:74:2d:83:ca:c8:
-        94:16:76:5f:94:61:28:f0:85:a7:39:bb:d7:8b:d9:a8:b2:13:
-        1d:54:09:34:24:7d:20:81:7d:66:7e:a2:90:74:5c:10:c6:bd:
-        ec:ab:1b:c2
-
-GTE CyberTrust Root CA
-======================
-MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
-VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
-b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
-UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
-cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
-RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
-ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
-1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
-dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
-IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
-bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 419 (0x1a3)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
-        Validity
-            Not Before: Feb 23 23:01:00 1996 GMT
-            Not After : Feb 23 23:59:00 2006 GMT
-        Subject: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b8:e6:4f:ba:db:98:7c:71:7c:af:44:b7:d3:0f:
-                    46:d9:64:e5:93:c1:42:8e:c7:ba:49:8d:35:2d:7a:
-                    e7:8b:bd:e5:05:31:59:c6:b1:2f:0a:0c:fb:9f:a7:
-                    3f:a2:09:66:84:56:1e:37:29:1b:87:e9:7e:0c:ca:
-                    9a:9f:a5:7f:f5:15:94:a3:d5:a2:46:82:d8:68:4c:
-                    d1:37:15:06:68:af:bd:f8:b0:b3:f0:29:f5:95:5a:
-                    09:16:61:77:0a:22:25:d4:4f:45:aa:c7:bd:e5:96:
-                    df:f9:d4:a8:8e:42:cc:24:c0:1e:91:27:4a:b5:6d:
-                    06:80:63:39:c4:a2:5e:38:03
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        12:b3:75:c6:5f:1d:e1:61:55:80:00:d4:81:4b:7b:31:0f:23:
-        63:e7:3d:f3:03:f9:f4:36:a8:bb:d9:e3:a5:97:4d:ea:2b:29:
-        e0:d6:6a:73:81:e6:c0:89:a3:d3:f1:e0:a5:a5:22:37:9a:63:
-        c2:48:20:b4:db:72:e3:c8:f6:d9:7c:be:b1:af:53:da:14:b4:
-        21:b8:d6:d5:96:e3:fe:4e:0c:59:62:b6:9a:4a:f9:42:dd:8c:
-        6f:81:a9:71:ff:f4:0a:72:6d:6d:44:0e:9d:f3:74:74:a8:d5:
-        34:49:e9:5e:9e:e9:b4:7a:e1:e5:5a:1f:84:30:9c:d3:9f:a5:
-        25:d8
-
-GlobalSign Partners CA
-======================
-MD5 Fingerprint: 3C:75:CD:4C:BD:A9:D0:8A:79:4F:50:16:37:84:F4:2B
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDnjCCAoagAwIBAgILAgAAAAAA1ni50a8wDQYJKoZIhvcNAQEEBQAwVzELMAkG
-A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
-MDBaFw0wOTAxMjgxMjAwMDBaMF8xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
-YWxTaWduIG52LXNhMRQwEgYDVQQLEwtQYXJ0bmVycyBDQTEfMB0GA1UEAxMWR2xv
-YmFsU2lnbiBQYXJ0bmVycyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBANIs+DKsShJ6N8gpkaWujG4eDsA0M4jlM3EWHHiEaMMYNFAuFj6xlIJPsZqf
-APjGETXGaXuYAq0ABohs50wzKACIJ0Yfh7NxdWO8MruI3mYYDlAGk7T2vBQ3MD0i
-3z3/dX7ZChrFn7P80KyzCHqJ0wHoAFznSgs9TXsmordiBovaRt2TFz8/WwJLC7aI
-IBGSAK27xy7U40Wu9YlafI2krYVkMsAnjMbyioCShiRWWY10aKKDQrOePVBBhm8g
-bvb9ztMZ4zLMj+2aXm0fKPVSrG4YXvg90ZLlumwBiEsK8i3eZTMFQqBMqjF2vv2/
-gXj5cRxGXi0VlS0wWY5MQdFiqz0CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgAGMB0G
-A1UdDgQWBBRDJI1wFQhiVZxPDEAXXYZeD6JM+zAfBgNVHSMEGDAWgBRge2YaRQ2X
-yolQL30EzTSo//z9SzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IB
-AQBm7bSIaRGZgiGDrKFti5uErQ8tyB6Mynt+rarUjt4H1p5Fx6W4nAc5YCVVGsBP
-GeXPFylJiRg1ZuXrKEBOV8mvs+S4IAWjO5VQkUmUKX0s5YhBpUWIXp2CJ/fS71u1
-T5++/jVlLFVkn+FR2iJhd7pYTo/GeVlZbjCAok+QbiELrdBoOZAQm+0iZW8eETjm
-f4zS8zltR9Uh6Op1OkHRrfYWnV0LIb3zH2MGJR3BHzVxLOsgGdXBsOw95W/tAgc/
-E3tmktZEwZj3X1CLelvCb22w0fjldKBAN6MlD+Q9ymQxk5BcMHu5OTGaXkzNuUFP
-UOQ9OK7IZtnHO11RR6ybq/Kt
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            02:00:00:00:00:00:d6:78:b9:d1:af
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
-        Validity
-            Not Before: Jan 28 12:00:00 1999 GMT
-            Not After : Jan 28 12:00:00 2009 GMT
-        Subject: C=BE, O=GlobalSign nv-sa, OU=Partners CA, CN=GlobalSign Partners CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:d2:2c:f8:32:ac:4a:12:7a:37:c8:29:91:a5:ae:
-                    8c:6e:1e:0e:c0:34:33:88:e5:33:71:16:1c:78:84:
-                    68:c3:18:34:50:2e:16:3e:b1:94:82:4f:b1:9a:9f:
-                    00:f8:c6:11:35:c6:69:7b:98:02:ad:00:06:88:6c:
-                    e7:4c:33:28:00:88:27:46:1f:87:b3:71:75:63:bc:
-                    32:bb:88:de:66:18:0e:50:06:93:b4:f6:bc:14:37:
-                    30:3d:22:df:3d:ff:75:7e:d9:0a:1a:c5:9f:b3:fc:
-                    d0:ac:b3:08:7a:89:d3:01:e8:00:5c:e7:4a:0b:3d:
-                    4d:7b:26:a2:b7:62:06:8b:da:46:dd:93:17:3f:3f:
-                    5b:02:4b:0b:b6:88:20:11:92:00:ad:bb:c7:2e:d4:
-                    e3:45:ae:f5:89:5a:7c:8d:a4:ad:85:64:32:c0:27:
-                    8c:c6:f2:8a:80:92:86:24:56:59:8d:74:68:a2:83:
-                    42:b3:9e:3d:50:41:86:6f:20:6e:f6:fd:ce:d3:19:
-                    e3:32:cc:8f:ed:9a:5e:6d:1f:28:f5:52:ac:6e:18:
-                    5e:f8:3d:d1:92:e5:ba:6c:01:88:4b:0a:f2:2d:de:
-                    65:33:05:42:a0:4c:aa:31:76:be:fd:bf:81:78:f9:
-                    71:1c:46:5e:2d:15:95:2d:30:59:8e:4c:41:d1:62:
-                    ab:3d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                43:24:8D:70:15:08:62:55:9C:4F:0C:40:17:5D:86:5E:0F:A2:4C:FB
-            X509v3 Authority Key Identifier: 
-                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        66:ed:b4:88:69:11:99:82:21:83:ac:a1:6d:8b:9b:84:ad:0f:
-        2d:c8:1e:8c:ca:7b:7e:ad:aa:d4:8e:de:07:d6:9e:45:c7:a5:
-        b8:9c:07:39:60:25:55:1a:c0:4f:19:e5:cf:17:29:49:89:18:
-        35:66:e5:eb:28:40:4e:57:c9:af:b3:e4:b8:20:05:a3:3b:95:
-        50:91:49:94:29:7d:2c:e5:88:41:a5:45:88:5e:9d:82:27:f7:
-        d2:ef:5b:b5:4f:9f:be:fe:35:65:2c:55:64:9f:e1:51:da:22:
-        61:77:ba:58:4e:8f:c6:79:59:59:6e:30:80:a2:4f:90:6e:21:
-        0b:ad:d0:68:39:90:10:9b:ed:22:65:6f:1e:11:38:e6:7f:8c:
-        d2:f3:39:6d:47:d5:21:e8:ea:75:3a:41:d1:ad:f6:16:9d:5d:
-        0b:21:bd:f3:1f:63:06:25:1d:c1:1f:35:71:2c:eb:20:19:d5:
-        c1:b0:ec:3d:e5:6f:ed:02:07:3f:13:7b:66:92:d6:44:c1:98:
-        f7:5f:50:8b:7a:5b:c2:6f:6d:b0:d1:f8:e5:74:a0:40:37:a3:
-        25:0f:e4:3d:ca:64:31:93:90:5c:30:7b:b9:39:31:9a:5e:4c:
-        cd:b9:41:4f:50:e4:3d:38:ae:c8:66:d9:c7:3b:5d:51:47:ac:
-        9b:ab:f2:ad
-
-GlobalSign Primary Class 1 CA
-=============================
-MD5 Fingerprint: 5C:AC:59:01:A4:86:53:CB:10:66:B5:D6:D6:71:FF:01
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgILAgAAAAAA1ni4N88wDQYJKoZIhvcNAQEEBQAwVzELMAkG
-A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MTUxMjAw
-MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
-YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDEgQ0ExJjAkBgNV
-BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAxIENBMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAvSA1R9Eo1gijEjkjRw29cCFSDlcxlaY0V2vsfkN5
-wwZSSM28taGZvdgfMrzP125ybS53IpCCTkuPmgwBQprZcFm2nR/mY9EMrR1O+IWB
-+a7vn6ZSYUR5GnVF4GFWRW1CjD1yy6akErea9dZg0GBQs46mpuy09BLNf6jO77Ph
-hTD+csTm53eznlhB1lGDiAfGtmlPNt7RC0g/vdafIXRkbycGPkv9Dqabv6RIV4yQ
-7okYCwKBGL5n/lNgiCe6o3M0S1pWtN5zBe2Yll3sSudA/EsJYuvQ4zFPhdF6q1ln
-K/uID+uqg701/WEn7GYOQlf3acIM7/xqwm5J2o9BOK5IqQIDAQABo2MwYTAOBgNV
-HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFPzgZvZaNZnrQB7SuB5DvJiOH4rDMB8GA1Ud
-IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEEBQADggEBAJujCETO8pCdcfMyswVqterPKZjeVT6gFn0GekTWr9L6
-E1iM+BzHqx20G+9paJhcCDmP4Pf7SMwh57gz2wWqNCRsSuXpe2Deg7MfCr5BdfzM
-MEi3wSYdBDOqtnjtKsu6VpcybvcxlS5G8hTuJ8f3Yom5XFrTOIpk9Te08bM0ctXV
-IT1L13iT1zFmNR6j2EdJbxyt4YB/+JgkbHOsDsIadwKjJge3x2tdvILVKkgdY89Q
-Mqb7HBhHFQpbDFw4JJoEmKgISF98NIdjqy2NTAB3lBt2uvUWGKMVry+U9ikAdsEV
-F9PpN0121MtLKVkkrNpKoOpj3l9Usfrz0UXLxWS0cyE=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            02:00:00:00:00:00:d6:78:b8:37:cf
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
-        Validity
-            Not Before: Sep 15 12:00:00 1998 GMT
-            Not After : Jan 28 12:00:00 2009 GMT
-        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 1 CA, CN=GlobalSign Primary Class 1 CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:bd:20:35:47:d1:28:d6:08:a3:12:39:23:47:0d:
-                    bd:70:21:52:0e:57:31:95:a6:34:57:6b:ec:7e:43:
-                    79:c3:06:52:48:cd:bc:b5:a1:99:bd:d8:1f:32:bc:
-                    cf:d7:6e:72:6d:2e:77:22:90:82:4e:4b:8f:9a:0c:
-                    01:42:9a:d9:70:59:b6:9d:1f:e6:63:d1:0c:ad:1d:
-                    4e:f8:85:81:f9:ae:ef:9f:a6:52:61:44:79:1a:75:
-                    45:e0:61:56:45:6d:42:8c:3d:72:cb:a6:a4:12:b7:
-                    9a:f5:d6:60:d0:60:50:b3:8e:a6:a6:ec:b4:f4:12:
-                    cd:7f:a8:ce:ef:b3:e1:85:30:fe:72:c4:e6:e7:77:
-                    b3:9e:58:41:d6:51:83:88:07:c6:b6:69:4f:36:de:
-                    d1:0b:48:3f:bd:d6:9f:21:74:64:6f:27:06:3e:4b:
-                    fd:0e:a6:9b:bf:a4:48:57:8c:90:ee:89:18:0b:02:
-                    81:18:be:67:fe:53:60:88:27:ba:a3:73:34:4b:5a:
-                    56:b4:de:73:05:ed:98:96:5d:ec:4a:e7:40:fc:4b:
-                    09:62:eb:d0:e3:31:4f:85:d1:7a:ab:59:67:2b:fb:
-                    88:0f:eb:aa:83:bd:35:fd:61:27:ec:66:0e:42:57:
-                    f7:69:c2:0c:ef:fc:6a:c2:6e:49:da:8f:41:38:ae:
-                    48:a9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                FC:E0:66:F6:5A:35:99:EB:40:1E:D2:B8:1E:43:BC:98:8E:1F:8A:C3
-            X509v3 Authority Key Identifier: 
-                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        9b:a3:08:44:ce:f2:90:9d:71:f3:32:b3:05:6a:b5:ea:cf:29:
-        98:de:55:3e:a0:16:7d:06:7a:44:d6:af:d2:fa:13:58:8c:f8:
-        1c:c7:ab:1d:b4:1b:ef:69:68:98:5c:08:39:8f:e0:f7:fb:48:
-        cc:21:e7:b8:33:db:05:aa:34:24:6c:4a:e5:e9:7b:60:de:83:
-        b3:1f:0a:be:41:75:fc:cc:30:48:b7:c1:26:1d:04:33:aa:b6:
-        78:ed:2a:cb:ba:56:97:32:6e:f7:31:95:2e:46:f2:14:ee:27:
-        c7:f7:62:89:b9:5c:5a:d3:38:8a:64:f5:37:b4:f1:b3:34:72:
-        d5:d5:21:3d:4b:d7:78:93:d7:31:66:35:1e:a3:d8:47:49:6f:
-        1c:ad:e1:80:7f:f8:98:24:6c:73:ac:0e:c2:1a:77:02:a3:26:
-        07:b7:c7:6b:5d:bc:82:d5:2a:48:1d:63:cf:50:32:a6:fb:1c:
-        18:47:15:0a:5b:0c:5c:38:24:9a:04:98:a8:08:48:5f:7c:34:
-        87:63:ab:2d:8d:4c:00:77:94:1b:76:ba:f5:16:18:a3:15:af:
-        2f:94:f6:29:00:76:c1:15:17:d3:e9:37:4d:76:d4:cb:4b:29:
-        59:24:ac:da:4a:a0:ea:63:de:5f:54:b1:fa:f3:d1:45:cb:c5:
-        64:b4:73:21
-
-GlobalSign Primary Class 2 CA
-=============================
-MD5 Fingerprint: A9:A9:42:59:7E:BE:5A:94:E4:2C:C6:8B:1C:2A:44:B6
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgILAgAAAAAA1ni4jY0wDQYJKoZIhvcNAQEEBQAwVzELMAkG
-A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
-MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
-YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDIgQ0ExJjAkBgNV
-BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAyIENBMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAkoz+7/RFjhdBbvzYvyFvqwadUsEsAJ0/joW4f0qP
-vaBjKspJJ65agvR04lWS/8LRqnmitvrVnYIET8ayxl5jpzq62O7rim+ftrsoQcAi
-+05IGgaS17/Xz7nZvThPOw1EblVB/vwJ29i/844h8egStfYTpdPGTJMisAL/7h0M
-xKhrT3VoVujcKBJQ96gknS4kOfsJBd7lo2RJIdBofnEwkbFg4Dn0UPh6TZgAa3x5
-uk7OSuK6Nh23xTYVlZxkQupfxLr1QAW+4TpZvYSnGbjeTVNQzgfR0lHT7w2BbObn
-bctdfD98zOxPgycl/3BQ9oNZdYQGZlgs3omNAKZJ+aVDdwIDAQABo2MwYTAOBgNV
-HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFHznsrEs3rGna+l2DOGj/U5sx7n2MB8GA1Ud
-IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEEBQADggEBAGPdWc6KeaqYnU7FiWQ3foqTZy8Q6m8nw413bfJcVpQZ
-GmlgMEZdj/JtRTyONZd8L7hR4uiJvYjPJxwINFyIwWgk25GF5M/7+0ON6CUBG8QO
-9wBCSIYfJAhYWoyN8mtHLGiRsWlC/Q2NySbmkoamZG6Sxc4+PH1x4yOkq8fVqKnf
-gqc76IbVw08Y40TQ4NzzxWgu/qUvBYTIfkdCU2uHSv4y/14+cIy3qBXMF8L/RuzQ
-7C20bhIoqflA6evUZpdTqWlVwKmqsi7N0Wn0vvi7fGnuVKbbnvtapj7+mu+UUUt1
-7tjU4ZrxAlYTiQ6nQouWi4UMG4W+Jq6rppm8IvFz30I=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            02:00:00:00:00:00:d6:78:b8:8d:8d
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
-        Validity
-            Not Before: Jan 28 12:00:00 1999 GMT
-            Not After : Jan 28 12:00:00 2009 GMT
-        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 2 CA, CN=GlobalSign Primary Class 2 CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:92:8c:fe:ef:f4:45:8e:17:41:6e:fc:d8:bf:21:
-                    6f:ab:06:9d:52:c1:2c:00:9d:3f:8e:85:b8:7f:4a:
-                    8f:bd:a0:63:2a:ca:49:27:ae:5a:82:f4:74:e2:55:
-                    92:ff:c2:d1:aa:79:a2:b6:fa:d5:9d:82:04:4f:c6:
-                    b2:c6:5e:63:a7:3a:ba:d8:ee:eb:8a:6f:9f:b6:bb:
-                    28:41:c0:22:fb:4e:48:1a:06:92:d7:bf:d7:cf:b9:
-                    d9:bd:38:4f:3b:0d:44:6e:55:41:fe:fc:09:db:d8:
-                    bf:f3:8e:21:f1:e8:12:b5:f6:13:a5:d3:c6:4c:93:
-                    22:b0:02:ff:ee:1d:0c:c4:a8:6b:4f:75:68:56:e8:
-                    dc:28:12:50:f7:a8:24:9d:2e:24:39:fb:09:05:de:
-                    e5:a3:64:49:21:d0:68:7e:71:30:91:b1:60:e0:39:
-                    f4:50:f8:7a:4d:98:00:6b:7c:79:ba:4e:ce:4a:e2:
-                    ba:36:1d:b7:c5:36:15:95:9c:64:42:ea:5f:c4:ba:
-                    f5:40:05:be:e1:3a:59:bd:84:a7:19:b8:de:4d:53:
-                    50:ce:07:d1:d2:51:d3:ef:0d:81:6c:e6:e7:6d:cb:
-                    5d:7c:3f:7c:cc:ec:4f:83:27:25:ff:70:50:f6:83:
-                    59:75:84:06:66:58:2c:de:89:8d:00:a6:49:f9:a5:
-                    43:77
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                7C:E7:B2:B1:2C:DE:B1:A7:6B:E9:76:0C:E1:A3:FD:4E:6C:C7:B9:F6
-            X509v3 Authority Key Identifier: 
-                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        63:dd:59:ce:8a:79:aa:98:9d:4e:c5:89:64:37:7e:8a:93:67:
-        2f:10:ea:6f:27:c3:8d:77:6d:f2:5c:56:94:19:1a:69:60:30:
-        46:5d:8f:f2:6d:45:3c:8e:35:97:7c:2f:b8:51:e2:e8:89:bd:
-        88:cf:27:1c:08:34:5c:88:c1:68:24:db:91:85:e4:cf:fb:fb:
-        43:8d:e8:25:01:1b:c4:0e:f7:00:42:48:86:1f:24:08:58:5a:
-        8c:8d:f2:6b:47:2c:68:91:b1:69:42:fd:0d:8d:c9:26:e6:92:
-        86:a6:64:6e:92:c5:ce:3e:3c:7d:71:e3:23:a4:ab:c7:d5:a8:
-        a9:df:82:a7:3b:e8:86:d5:c3:4f:18:e3:44:d0:e0:dc:f3:c5:
-        68:2e:fe:a5:2f:05:84:c8:7e:47:42:53:6b:87:4a:fe:32:ff:
-        5e:3e:70:8c:b7:a8:15:cc:17:c2:ff:46:ec:d0:ec:2d:b4:6e:
-        12:28:a9:f9:40:e9:eb:d4:66:97:53:a9:69:55:c0:a9:aa:b2:
-        2e:cd:d1:69:f4:be:f8:bb:7c:69:ee:54:a6:db:9e:fb:5a:a6:
-        3e:fe:9a:ef:94:51:4b:75:ee:d8:d4:e1:9a:f1:02:56:13:89:
-        0e:a7:42:8b:96:8b:85:0c:1b:85:be:26:ae:ab:a6:99:bc:22:
-        f1:73:df:42
-
-GlobalSign Primary Class 3 CA
-=============================
-MD5 Fingerprint: 98:12:A3:4B:95:A9:96:64:94:E7:50:8C:3E:E1:83:5A
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgILAgAAAAAA1ni41sMwDQYJKoZIhvcNAQEEBQAwVzELMAkG
-A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
-MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
-YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDMgQ0ExJjAkBgNV
-BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAzIENBMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAkV5WZdbAwAScv0fEXHt6MQH5WJaZ4xyEL9xWj631
-WYHVQ2ZdWpOMdcqp5xHBURAUYMks1HuvxneGq3onrm+VuQvKtkb7fhr0DRRt0slO
-sq7wVPZcQEw2SHToVIxlZhCnvSu3II0FSa14fdIkI1Dj8LR5mwE5/6870y3u4UmN
-jS88akFFL5vjPeES5JF1ns+gPjySgW+KLhjc4PKMjP2H2Qf0QJTJTk9D32dWb70D
-UHyZZ6S5PJFsAm6E1vxG98xvGD4X8O8LZBZX5qyG8UiqQ8HJJ3hzREXihX26/7Ph
-+xsFpEs7mRIlAVAUaq9d6sgM7uTa7EuLXGgTldzDtTA61wIDAQABo2MwYTAOBgNV
-HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFMw2zBe0RZEv7c87MEh3+7UUmb7jMB8GA1Ud
-IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQEEBQADggEBAFeyVMy9lRdkYIm2U5EMRZLDPahsw8yyGPV4QXTYfaMn
-r3cNWT6UHWn6idMMvRoB9D/o4Hcagiha5mLXt+M2yQ6feuPC08xZiQzvFovwNnci
-yqS2t8FCZwFAY8znOGSHWxSWZnstFO69SW3/d9DiTlvTgMJND8q4nYGXpzRux+Oc
-SOW0qkX19mVMSPISwtKTjMIVJPMrUv/jCK64btYsEs85yxIq56l7X5g9o+HMpmOJ
-XH0xdfnV1l3y0NQ9355xqA7c5CCXeOZ/U6QNUU+OOwOuow1aTcN55zVYcELJXqFe
-tNkio0RTNaTQz3OAxc+fVph2+RRMd4eCydx+XTTVNnU=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            02:00:00:00:00:00:d6:78:b8:d6:c3
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
-        Validity
-            Not Before: Jan 28 12:00:00 1999 GMT
-            Not After : Jan 28 12:00:00 2009 GMT
-        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 3 CA, CN=GlobalSign Primary Class 3 CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:91:5e:56:65:d6:c0:c0:04:9c:bf:47:c4:5c:7b:
-                    7a:31:01:f9:58:96:99:e3:1c:84:2f:dc:56:8f:ad:
-                    f5:59:81:d5:43:66:5d:5a:93:8c:75:ca:a9:e7:11:
-                    c1:51:10:14:60:c9:2c:d4:7b:af:c6:77:86:ab:7a:
-                    27:ae:6f:95:b9:0b:ca:b6:46:fb:7e:1a:f4:0d:14:
-                    6d:d2:c9:4e:b2:ae:f0:54:f6:5c:40:4c:36:48:74:
-                    e8:54:8c:65:66:10:a7:bd:2b:b7:20:8d:05:49:ad:
-                    78:7d:d2:24:23:50:e3:f0:b4:79:9b:01:39:ff:af:
-                    3b:d3:2d:ee:e1:49:8d:8d:2f:3c:6a:41:45:2f:9b:
-                    e3:3d:e1:12:e4:91:75:9e:cf:a0:3e:3c:92:81:6f:
-                    8a:2e:18:dc:e0:f2:8c:8c:fd:87:d9:07:f4:40:94:
-                    c9:4e:4f:43:df:67:56:6f:bd:03:50:7c:99:67:a4:
-                    b9:3c:91:6c:02:6e:84:d6:fc:46:f7:cc:6f:18:3e:
-                    17:f0:ef:0b:64:16:57:e6:ac:86:f1:48:aa:43:c1:
-                    c9:27:78:73:44:45:e2:85:7d:ba:ff:b3:e1:fb:1b:
-                    05:a4:4b:3b:99:12:25:01:50:14:6a:af:5d:ea:c8:
-                    0c:ee:e4:da:ec:4b:8b:5c:68:13:95:dc:c3:b5:30:
-                    3a:d7
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                CC:36:CC:17:B4:45:91:2F:ED:CF:3B:30:48:77:FB:B5:14:99:BE:E3
-            X509v3 Authority Key Identifier: 
-                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        57:b2:54:cc:bd:95:17:64:60:89:b6:53:91:0c:45:92:c3:3d:
-        a8:6c:c3:cc:b2:18:f5:78:41:74:d8:7d:a3:27:af:77:0d:59:
-        3e:94:1d:69:fa:89:d3:0c:bd:1a:01:f4:3f:e8:e0:77:1a:82:
-        28:5a:e6:62:d7:b7:e3:36:c9:0e:9f:7a:e3:c2:d3:cc:59:89:
-        0c:ef:16:8b:f0:36:77:22:ca:a4:b6:b7:c1:42:67:01:40:63:
-        cc:e7:38:64:87:5b:14:96:66:7b:2d:14:ee:bd:49:6d:ff:77:
-        d0:e2:4e:5b:d3:80:c2:4d:0f:ca:b8:9d:81:97:a7:34:6e:c7:
-        e3:9c:48:e5:b4:aa:45:f5:f6:65:4c:48:f2:12:c2:d2:93:8c:
-        c2:15:24:f3:2b:52:ff:e3:08:ae:b8:6e:d6:2c:12:cf:39:cb:
-        12:2a:e7:a9:7b:5f:98:3d:a3:e1:cc:a6:63:89:5c:7d:31:75:
-        f9:d5:d6:5d:f2:d0:d4:3d:df:9e:71:a8:0e:dc:e4:20:97:78:
-        e6:7f:53:a4:0d:51:4f:8e:3b:03:ae:a3:0d:5a:4d:c3:79:e7:
-        35:58:70:42:c9:5e:a1:5e:b4:d9:22:a3:44:53:35:a4:d0:cf:
-        73:80:c5:cf:9f:56:98:76:f9:14:4c:77:87:82:c9:dc:7e:5d:
-        34:d5:36:75
-
-GlobalSign Root CA
-==================
-MD5 Fingerprint: AB:BF:EA:E3:6B:29:A6:CC:A6:78:35:99:EF:AD:2B:80
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
-A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
-MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
-YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
-aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
-jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
-xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
-1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
-snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
-U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
-9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
-YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
-5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
-gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
-rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
-ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
-Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            02:00:00:00:00:00:d6:78:b7:94:05
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
-        Validity
-            Not Before: Sep  1 12:00:00 1998 GMT
-            Not After : Jan 28 12:00:00 2014 GMT
-        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
-                    83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:
-                    63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:
-                    8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:
-                    70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:
-                    15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:
-                    6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:
-                    89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:
-                    54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:
-                    92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:
-                    75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:
-                    c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:
-                    bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:
-                    ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:
-                    63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:
-                    48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:
-                    07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:
-                    90:cf
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9:6c:4f:
-        6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e:e8:81:49:98:
-        7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51:ff:09:31:2a:1f:dd:
-        89:77:9e:0f:2e:6c:95:04:ed:86:cb:b4:00:3f:84:02:4d:80:
-        6a:2a:2d:78:0b:ae:6f:2b:a2:83:44:83:1f:cd:50:82:4c:24:
-        af:bd:f7:a5:b4:c8:5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a:
-        88:05:3a:d9:c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c:
-        77:fe:46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59:
-        2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5:a7:31:
-        3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9:43:34:f6:0f:
-        87:29:3b:9d:c2:56:58:98:77:c3:f7:1b:ac:f6:9d:f8:3e:aa:
-        a7:54:45:f0:f5:f9:d5:31:65:fe:6b:58:9c:71:b3:1e:d7:52:
-        ea:32:17:fc:40:60:1d:c9:79:24:b2:f6:6c:fd:a8:66:0e:82:
-        dd:98:cb:da:c2:44:4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46:
-        8a:78:a3:e3
-
-National Retail Federation by DST
-=================================
-MD5 Fingerprint: AD:8E:0F:9E:01:6B:A0:C5:74:D5:0C:D3:68:65:4F:1E
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIEAjCCAuoCEQDQHkCKAAACfAAAAAMAAAABMA0GCSqGSIb3DQEBBQUAMIG+MQsw
-CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
-dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEjMCEGA1UE
-CxMaTmF0aW9uYWwgUmV0YWlsIEZlZGVyYXRpb24xGTAXBgNVBAMTEERTVCAoTlJG
-KSBSb290Q0ExITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05
-ODEyMTExNjE0MTZaFw0wODEyMDgxNjE0MTZaMIG+MQswCQYDVQQGEwJ1czENMAsG
-A1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0Rp
-Z2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEjMCEGA1UECxMaTmF0aW9uYWwgUmV0
-YWlsIEZlZGVyYXRpb24xGTAXBgNVBAMTEERTVCAoTlJGKSBSb290Q0ExITAfBgkq
-hkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBANmsm3f6UNPM3LlArLlyagCHI/wPliHQJq/k4rVf+tOmfSEw
-LswXgo+YdPxnpKbfiJeiQin1p9sRk/teIzDCqrwi50Eb5e0l3sg/295XRXhARoOy
-1Ro93w9FbdVjAnXYL8Zuq5WRdDcNy00JXNHUWzra3Q7Ia5nY1TnM34VVxJJTAqPh
-94DJcKPa3DPEf6JHCBw1lh+hAxwwg/TEzP+Yw7BGRKLAv63b0oH2TJgsp14k84bK
-Y9W6ffCawErQG1ju7Klnz2kCbCLAYCws0cgg6sgt+92cu8tRTNznVwQ7VJsRpTJ0
-7HQB85AVWy98LJNluWZntIGINeWekRh/gahByMsCAwEAATANBgkqhkiG9w0BAQUF
-AAOCAQEAhF4LO+ygjRyb0DwdcWnkGn9kvoFlYcWMatd8AHTgemJV7SR84GHj8t0U
-5hFugw7h6qmegK2aIL/gV37V0LWEYy3ZGOS9GzUsXq5hdqpnhTs44TGBHzF/5tf4
-W9K7Y3mGxIzF3gqu19H8AXT/trYNYoFnHLsm+CSA4Fxe2KSKOo99y/+So/18qTJp
-B1hYYUKZUgOxOD3GcW9s8uh9BqrBfFPLGi2IT8mpp6xpb/ekH9h0gfVKv7FVt9N3
-OKdvwkrI4nOJ01dy4UMvcjz2H7f4BEpuwemUF+SXF/QOE4ZvjavoXy20/2zWorQf
-7LmUaqoSTxrd9Xe1JYzyigrx/FJbWA==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            d0:1e:40:8a:00:00:02:7c:00:00:00:03:00:00:00:01
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=National Retail Federation, CN=DST (NRF) RootCA/Email=ca@digsigtrust.com
-        Validity
-            Not Before: Dec 11 16:14:16 1998 GMT
-            Not After : Dec  8 16:14:16 2008 GMT
-        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=National Retail Federation, CN=DST (NRF) RootCA/Email=ca@digsigtrust.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:d9:ac:9b:77:fa:50:d3:cc:dc:b9:40:ac:b9:72:
-                    6a:00:87:23:fc:0f:96:21:d0:26:af:e4:e2:b5:5f:
-                    fa:d3:a6:7d:21:30:2e:cc:17:82:8f:98:74:fc:67:
-                    a4:a6:df:88:97:a2:42:29:f5:a7:db:11:93:fb:5e:
-                    23:30:c2:aa:bc:22:e7:41:1b:e5:ed:25:de:c8:3f:
-                    db:de:57:45:78:40:46:83:b2:d5:1a:3d:df:0f:45:
-                    6d:d5:63:02:75:d8:2f:c6:6e:ab:95:91:74:37:0d:
-                    cb:4d:09:5c:d1:d4:5b:3a:da:dd:0e:c8:6b:99:d8:
-                    d5:39:cc:df:85:55:c4:92:53:02:a3:e1:f7:80:c9:
-                    70:a3:da:dc:33:c4:7f:a2:47:08:1c:35:96:1f:a1:
-                    03:1c:30:83:f4:c4:cc:ff:98:c3:b0:46:44:a2:c0:
-                    bf:ad:db:d2:81:f6:4c:98:2c:a7:5e:24:f3:86:ca:
-                    63:d5:ba:7d:f0:9a:c0:4a:d0:1b:58:ee:ec:a9:67:
-                    cf:69:02:6c:22:c0:60:2c:2c:d1:c8:20:ea:c8:2d:
-                    fb:dd:9c:bb:cb:51:4c:dc:e7:57:04:3b:54:9b:11:
-                    a5:32:74:ec:74:01:f3:90:15:5b:2f:7c:2c:93:65:
-                    b9:66:67:b4:81:88:35:e5:9e:91:18:7f:81:a8:41:
-                    c8:cb
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        84:5e:0b:3b:ec:a0:8d:1c:9b:d0:3c:1d:71:69:e4:1a:7f:64:
-        be:81:65:61:c5:8c:6a:d7:7c:00:74:e0:7a:62:55:ed:24:7c:
-        e0:61:e3:f2:dd:14:e6:11:6e:83:0e:e1:ea:a9:9e:80:ad:9a:
-        20:bf:e0:57:7e:d5:d0:b5:84:63:2d:d9:18:e4:bd:1b:35:2c:
-        5e:ae:61:76:aa:67:85:3b:38:e1:31:81:1f:31:7f:e6:d7:f8:
-        5b:d2:bb:63:79:86:c4:8c:c5:de:0a:ae:d7:d1:fc:01:74:ff:
-        b6:b6:0d:62:81:67:1c:bb:26:f8:24:80:e0:5c:5e:d8:a4:8a:
-        3a:8f:7d:cb:ff:92:a3:fd:7c:a9:32:69:07:58:58:61:42:99:
-        52:03:b1:38:3d:c6:71:6f:6c:f2:e8:7d:06:aa:c1:7c:53:cb:
-        1a:2d:88:4f:c9:a9:a7:ac:69:6f:f7:a4:1f:d8:74:81:f5:4a:
-        bf:b1:55:b7:d3:77:38:a7:6f:c2:4a:c8:e2:73:89:d3:57:72:
-        e1:43:2f:72:3c:f6:1f:b7:f8:04:4a:6e:c1:e9:94:17:e4:97:
-        17:f4:0e:13:86:6f:8d:ab:e8:5f:2d:b4:ff:6c:d6:a2:b4:1f:
-        ec:b9:94:6a:aa:12:4f:1a:dd:f5:77:b5:25:8c:f2:8a:0a:f1:
-        fc:52:5b:58
-
-TC TrustCenter, Germany, Class 0 CA
-===================================
-MD5 Fingerprint: 35:85:49:8E:6E:57:FE:BD:97:F1:C9:46:23:3A:B6:7D
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDAgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTQ0OFoX
-DTA1MTIzMTEzNTQ0OFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyAwIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA333mvr/V
-8C9tTg7R4I0LfztU6IrisJ8oxYrGubMzJ/UnyhpMVBJrtLJGsx1Ls/QhC0sCLqHC
-NJyFoMR4EdvbaycrCSoYTkDMn3EZZ5l0onw/wdiLI8hjO4ohq1zeHvSN3LQYwwVz
-9Gq0ofoBCCsBD203W6o4hmc51+Vf+uR+zKMCAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAw
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQBNB39fCTAZ
-kqoFR3qUdVQqrs/82AxC4UU4KySVssqHynnEw5eQXmIYxsk4YUxoNdNMFBHrxM2h
-qdjFnmgnMgc1RQT4XyGgYB4cAEgEWNLFy65tMm49d5WMhcflrlCddUp7/wsneepN
-pFn/7FrqJqU5g6TReM6nqX683SvKEpMDSg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 0 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 13:54:48 1998 GMT
-            Not After : Dec 31 13:54:48 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 0 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:df:7d:e6:be:bf:d5:f0:2f:6d:4e:0e:d1:e0:8d:
-                    0b:7f:3b:54:e8:8a:e2:b0:9f:28:c5:8a:c6:b9:b3:
-                    33:27:f5:27:ca:1a:4c:54:12:6b:b4:b2:46:b3:1d:
-                    4b:b3:f4:21:0b:4b:02:2e:a1:c2:34:9c:85:a0:c4:
-                    78:11:db:db:6b:27:2b:09:2a:18:4e:40:cc:9f:71:
-                    19:67:99:74:a2:7c:3f:c1:d8:8b:23:c8:63:3b:8a:
-                    21:ab:5c:de:1e:f4:8d:dc:b4:18:c3:05:73:f4:6a:
-                    b4:a1:fa:01:08:2b:01:0f:6d:37:5b:aa:38:86:67:
-                    39:d7:e5:5f:fa:e4:7e:cc:a3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 0 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        4d:07:7f:5f:09:30:19:92:aa:05:47:7a:94:75:54:2a:ae:cf:
-        fc:d8:0c:42:e1:45:38:2b:24:95:b2:ca:87:ca:79:c4:c3:97:
-        90:5e:62:18:c6:c9:38:61:4c:68:35:d3:4c:14:11:eb:c4:cd:
-        a1:a9:d8:c5:9e:68:27:32:07:35:45:04:f8:5f:21:a0:60:1e:
-        1c:00:48:04:58:d2:c5:cb:ae:6d:32:6e:3d:77:95:8c:85:c7:
-        e5:ae:50:9d:75:4a:7b:ff:0b:27:79:ea:4d:a4:59:ff:ec:5a:
-        ea:26:a5:39:83:a4:d1:78:ce:a7:a9:7e:bc:dd:2b:ca:12:93:
-        03:4a
-
-TC TrustCenter, Germany, Class 1 CA
-===================================
-MD5 Fingerprint: 64:3F:F8:3E:52:14:4A:59:BA:93:56:04:0B:23:02:D1
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTYzM1oX
-DTA1MTIzMTEzNTYzM1owgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCnrtHaz
-rte2W7Re573jsZxJBFdboavZfxMb/bphq9jncd8tAJRdUUh9I+91YoSQPAofWRF0
-L46Apf0wAj0pUs1yGkkhnLzLUo5IoWOWyBCFMGlXdEXAWobG1T3gaFd9MWokjUWX
-PjF+aGYybiRt7DI2yUHK8DFEyKNhyhugNh8CAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAx
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQAFQlImpAwn
-AUSsXCUowkRCVAi5HcU+bFlmxLNOUKf4+JZ1oZZ16BY4oM1dbvp5pxt7HR7DALlm
-vlrWYg/n8nu470zgwD9Zrjm3hAmeq/GpLmtp4q3M8up4CQUgOEJxGH7Hspfm1QIF
-BlajX/GqwsRP/vfvFg+d7KqFzz0pJPEEzQ==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 13:56:33 1998 GMT
-            Not After : Dec 31 13:56:33 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b0:29:eb:b4:76:b3:ae:d7:b6:5b:b4:5e:e7:bd:
-                    e3:b1:9c:49:04:57:5b:a1:ab:d9:7f:13:1b:fd:ba:
-                    61:ab:d8:e7:71:df:2d:00:94:5d:51:48:7d:23:ef:
-                    75:62:84:90:3c:0a:1f:59:11:74:2f:8e:80:a5:fd:
-                    30:02:3d:29:52:cd:72:1a:49:21:9c:bc:cb:52:8e:
-                    48:a1:63:96:c8:10:85:30:69:57:74:45:c0:5a:86:
-                    c6:d5:3d:e0:68:57:7d:31:6a:24:8d:45:97:3e:31:
-                    7e:68:66:32:6e:24:6d:ec:32:36:c9:41:ca:f0:31:
-                    44:c8:a3:61:ca:1b:a0:36:1f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 1 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        05:42:52:26:a4:0c:27:01:44:ac:5c:25:28:c2:44:42:54:08:
-        b9:1d:c5:3e:6c:59:66:c4:b3:4e:50:a7:f8:f8:96:75:a1:96:
-        75:e8:16:38:a0:cd:5d:6e:fa:79:a7:1b:7b:1d:1e:c3:00:b9:
-        66:be:5a:d6:62:0f:e7:f2:7b:b8:ef:4c:e0:c0:3f:59:ae:39:
-        b7:84:09:9e:ab:f1:a9:2e:6b:69:e2:ad:cc:f2:ea:78:09:05:
-        20:38:42:71:18:7e:c7:b2:97:e6:d5:02:05:06:56:a3:5f:f1:
-        aa:c2:c4:4f:fe:f7:ef:16:0f:9d:ec:aa:85:cf:3d:29:24:f1:
-        04:cd
-
-TC TrustCenter, Germany, Class 2 CA
-===================================
-MD5 Fingerprint: E1:E9:96:53:77:E1:F0:38:A0:02:AB:94:C6:95:7B:FC
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTc0NFoX
-DTA1MTIzMTEzNTc0NFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2jjo7TIA
-KXGDAQ2/jAHc2satOaSpii/Vi1xoX1DGYvVmvcqRIuyqHVHXPbNRsoNOXctJsPBM
-VeVrLceFCzAckk6C1MoC7fdvvtzg4xS4BVPymvRWi1qehZPRtIJWrk27qEtXFrz+
-+Fie+CmNsHvNeMlPrItnDPGc+/xXm1dcTw0CAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAy
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCJG/Tv6Tji
-bAz2zW9JzinM+6YP+Y0+lUbW/EcyibLIBmF60ucNEwKUC9mLVkf0u+fFX3v0Y0yu
-fDTqDaKpsyyF8+P+J1QQkrCPksGYQhhwSNtOLOsNJGjk0fe+Cakph7vo2tw+o4hC
-MfXR43+u2I4AWnSYsE/G/yN7XHMAeMnbTg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 13:57:44 1998 GMT
-            Not After : Dec 31 13:57:44 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01:
-                    dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50:
-                    c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3:
-                    51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7:
-                    85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc:
-                    e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93:
-                    d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58:
-                    9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1:
-                    9c:fb:fc:57:9b:57:5c:4f:0d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 2 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        89:1b:f4:ef:e9:38:e2:6c:0c:f6:cd:6f:49:ce:29:cc:fb:a6:
-        0f:f9:8d:3e:95:46:d6:fc:47:32:89:b2:c8:06:61:7a:d2:e7:
-        0d:13:02:94:0b:d9:8b:56:47:f4:bb:e7:c5:5f:7b:f4:63:4c:
-        ae:7c:34:ea:0d:a2:a9:b3:2c:85:f3:e3:fe:27:54:10:92:b0:
-        8f:92:c1:98:42:18:70:48:db:4e:2c:eb:0d:24:68:e4:d1:f7:
-        be:09:a9:29:87:bb:e8:da:dc:3e:a3:88:42:31:f5:d1:e3:7f:
-        ae:d8:8e:00:5a:74:98:b0:4f:c6:ff:23:7b:5c:73:00:78:c9:
-        db:4e
-
-TC TrustCenter, Germany, Class 3 CA
-===================================
-MD5 Fingerprint: 62:AB:B6:15:4A:B4:B0:16:77:FF:AE:CF:16:16:2B:8C
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTg0OVoX
-DTA1MTIzMTEzNTg0OVowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtrTBNQUu
-DY3soEBqHA4nplCSa1AbB94u53bM4Nr8hKhejGNqK03ZTgJ2EcEL8o15ygC28bAO
-1/ukFz2vq2l6lie/rzOhmipZqsS1NwjyEqUxtkP1MpZxKCirjSiG37vu4wx9MNbD
-UquPXSeca8Cj5wVrV0lEs27qZM/SjnpQd3cCAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAz
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCEhlBieaAn
-4SW6CbE0DxMJ7S3Ko+aV+TCszRelzj2Xnex8jyZ/wGHKIveR3Tw2WZqbdfe85Mjt
-7AK2IqfzLPHIknhttu7FKOyAIE+5awjnL6eGHn2xCJ9UuQA3PKDYGsiWHPQyFJw5
-lbfu8ENJwl7oy3lvU7/7SYos2EvZVfIScA==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 13:58:49 1998 GMT
-            Not After : Dec 31 13:58:49 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b6:b4:c1:35:05:2e:0d:8d:ec:a0:40:6a:1c:0e:
-                    27:a6:50:92:6b:50:1b:07:de:2e:e7:76:cc:e0:da:
-                    fc:84:a8:5e:8c:63:6a:2b:4d:d9:4e:02:76:11:c1:
-                    0b:f2:8d:79:ca:00:b6:f1:b0:0e:d7:fb:a4:17:3d:
-                    af:ab:69:7a:96:27:bf:af:33:a1:9a:2a:59:aa:c4:
-                    b5:37:08:f2:12:a5:31:b6:43:f5:32:96:71:28:28:
-                    ab:8d:28:86:df:bb:ee:e3:0c:7d:30:d6:c3:52:ab:
-                    8f:5d:27:9c:6b:c0:a3:e7:05:6b:57:49:44:b3:6e:
-                    ea:64:cf:d2:8e:7a:50:77:77
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 3 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        84:86:50:62:79:a0:27:e1:25:ba:09:b1:34:0f:13:09:ed:2d:
-        ca:a3:e6:95:f9:30:ac:cd:17:a5:ce:3d:97:9d:ec:7c:8f:26:
-        7f:c0:61:ca:22:f7:91:dd:3c:36:59:9a:9b:75:f7:bc:e4:c8:
-        ed:ec:02:b6:22:a7:f3:2c:f1:c8:92:78:6d:b6:ee:c5:28:ec:
-        80:20:4f:b9:6b:08:e7:2f:a7:86:1e:7d:b1:08:9f:54:b9:00:
-        37:3c:a0:d8:1a:c8:96:1c:f4:32:14:9c:39:95:b7:ee:f0:43:
-        49:c2:5e:e8:cb:79:6f:53:bf:fb:49:8a:2c:d8:4b:d9:55:f2:
-        12:70
-
-TC TrustCenter, Germany, Class 4 CA
-===================================
-MD5 Fingerprint: BF:AF:EC:C4:DA:F9:30:F9:CA:35:CA:25:E4:3F:8D:89
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDQgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTE0MDAyMFoX
-DTA1MTIzMTE0MDAyMFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyA0IENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvy9j1jZ7
-sg3TVfVkbOYlXca0yBS6JTiD61ZipVWpZaP0I5nCS7nQzVRnpqOgo6kzK3bkva13
-su1cEnTDxbYPUppyk0OQYmYVD0Wl3eDduG9AblfBeXKjYKq6dh0SiVNa/AK+4QkT
-xUov3D2LGa3XiyRF+0z0zVw1HSlMUfPybFUCAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyA0
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCUaBQbJZ4p
-mbGyI9JEs5Wf0Z5VBN3jL4IzVZZ3GZ0rnmUc+orjx48l/LEeVUYPj/9PNy+kdlmm
-ZOvVFnC93ZUzDKQNJOtkULRDEfJDvg1xmCLsAa/s98dcccN1kVgZ6N2g9LTxvBBK
-85O0Bkm7H2bSvXRH4Zr569erbR+64R0s2g==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 5 (0x5)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 14:00:20 1998 GMT
-            Not After : Dec 31 14:00:20 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bf:2f:63:d6:36:7b:b2:0d:d3:55:f5:64:6c:e6:
-                    25:5d:c6:b4:c8:14:ba:25:38:83:eb:56:62:a5:55:
-                    a9:65:a3:f4:23:99:c2:4b:b9:d0:cd:54:67:a6:a3:
-                    a0:a3:a9:33:2b:76:e4:bd:ad:77:b2:ed:5c:12:74:
-                    c3:c5:b6:0f:52:9a:72:93:43:90:62:66:15:0f:45:
-                    a5:dd:e0:dd:b8:6f:40:6e:57:c1:79:72:a3:60:aa:
-                    ba:76:1d:12:89:53:5a:fc:02:be:e1:09:13:c5:4a:
-                    2f:dc:3d:8b:19:ad:d7:8b:24:45:fb:4c:f4:cd:5c:
-                    35:1d:29:4c:51:f3:f2:6c:55
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 4 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        94:68:14:1b:25:9e:29:99:b1:b2:23:d2:44:b3:95:9f:d1:9e:
-        55:04:dd:e3:2f:82:33:55:96:77:19:9d:2b:9e:65:1c:fa:8a:
-        e3:c7:8f:25:fc:b1:1e:55:46:0f:8f:ff:4f:37:2f:a4:76:59:
-        a6:64:eb:d5:16:70:bd:dd:95:33:0c:a4:0d:24:eb:64:50:b4:
-        43:11:f2:43:be:0d:71:98:22:ec:01:af:ec:f7:c7:5c:71:c3:
-        75:91:58:19:e8:dd:a0:f4:b4:f1:bc:10:4a:f3:93:b4:06:49:
-        bb:1f:66:d2:bd:74:47:e1:9a:f9:eb:d7:ab:6d:1f:ba:e1:1d:
-        2c:da
-
-Thawte Personal Basic CA
-========================
-MD5 Fingerprint: E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
-VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
-ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj
-IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X
-DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw
-EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
-ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD
-QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53
-dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK
-wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7
-G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF
-AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
-c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P
-9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/Email=personal-basic@thawte.com
-        Validity
-            Not Before: Jan  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/Email=personal-basic@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bc:bc:93:53:6d:c0:50:4f:82:15:e6:48:94:35:
-                    a6:5a:be:6f:42:fa:0f:47:ee:77:75:72:dd:8d:49:
-                    9b:96:57:a0:78:d4:ca:3f:51:b3:69:0b:91:76:17:
-                    22:07:97:6a:c4:51:93:4b:e0:8d:ef:37:95:a1:0c:
-                    4d:da:34:90:1d:17:89:97:e0:35:38:57:4a:c0:f4:
-                    08:70:e9:3c:44:7b:50:7e:61:9a:90:e3:23:d3:88:
-                    11:46:27:f5:0b:07:0e:bb:dd:d1:7f:20:0a:88:b9:
-                    56:0b:2e:1c:80:da:f1:e3:9e:29:ef:14:bd:0a:44:
-                    fb:1b:5b:18:d1:bf:23:93:21
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        2d:e2:99:6b:b0:3d:7a:89:d7:59:a2:94:01:1f:2b:dd:12:4b:
-        53:c2:ad:7f:aa:a7:00:5c:91:40:57:25:4a:38:aa:84:70:b9:
-        d9:80:0f:a5:7b:5c:fb:73:c6:bd:d7:8a:61:5c:03:e3:2d:27:
-        a8:17:e0:84:85:42:dc:5e:9b:c6:b7:b2:6d:bb:74:af:e4:3f:
-        cb:a7:b7:b0:e0:5d:be:78:83:25:94:d2:db:81:0f:79:07:6d:
-        4f:f4:39:15:5a:52:01:7b:de:32:d6:4d:38:f6:12:5c:06:50:
-        df:05:5b:bd:14:4b:a1:df:29:ba:3b:41:8d:f7:63:56:a1:df:
-        22:b1
-
-Thawte Personal Freemail CA
-===========================
-MD5 Fingerprint: 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
-VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
-ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
-YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
-Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT
-AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
-MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
-b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG
-cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh
-d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY
-DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E
-rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq
-uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
-MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa
-/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei
-gQ==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/Email=personal-freemail@thawte.com
-        Validity
-            Not Before: Jan  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/Email=personal-freemail@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d4:69:d7:d4:b0:94:64:5b:71:e9:47:d8:0c:51:
-                    b6:ea:72:91:b0:84:5e:7d:2d:0d:8f:7b:12:df:85:
-                    25:75:28:74:3a:42:2c:63:27:9f:95:7b:4b:ef:7e:
-                    19:87:1d:86:ea:a3:dd:b9:ce:96:64:1a:c2:14:6e:
-                    44:ac:7c:e6:8f:e8:4d:0f:71:1f:40:38:a6:00:a3:
-                    87:78:f6:f9:94:86:5e:ad:ea:c0:5e:76:eb:d9:14:
-                    a3:5d:6e:7a:7c:0c:a5:4b:55:7f:06:19:29:7f:9e:
-                    9a:26:d5:6a:bb:38:24:08:6a:98:c7:b1:da:a3:98:
-                    91:fd:79:db:e5:5a:c4:1c:b9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        c7:ec:92:7e:4e:f8:f5:96:a5:67:62:2a:a4:f0:4d:11:60:d0:
-        6f:8d:60:58:61:ac:26:bb:52:35:5c:08:cf:30:fb:a8:4a:96:
-        8a:1f:62:42:23:8c:17:0f:f4:ba:64:9c:17:ac:47:29:df:9d:
-        98:5e:d2:6c:60:71:5c:a2:ac:dc:79:e3:e7:6e:00:47:1f:b5:
-        0d:28:e8:02:9d:e4:9a:fd:13:f4:a6:d9:7c:b1:f8:dc:5f:23:
-        26:09:91:80:73:d0:14:1b:de:43:a9:83:25:f2:e6:9c:2f:15:
-        ca:fe:a6:ab:8a:07:75:8b:0c:dd:51:84:6b:e4:f8:d1:ce:77:
-        a2:81
-
-Thawte Personal Premium CA
-==========================
-MD5 Fingerprint: 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
-VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
-ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p
-dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv
-bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa
-QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY
-BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
-IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl
-bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu
-Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs
-Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI
-Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD
-ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
-SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH
-b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh
-KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/Email=personal-premium@thawte.com
-        Validity
-            Not Before: Jan  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/Email=personal-premium@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c9:66:d9:f8:07:44:cf:b9:8c:2e:f0:a1:ef:13:
-                    45:6c:05:df:de:27:16:51:36:41:11:6c:6c:3b:ed:
-                    fe:10:7d:12:9e:e5:9b:42:9a:fe:60:31:c3:66:b7:
-                    73:3a:48:ae:4e:d0:32:37:94:88:b5:0d:b6:d9:f3:
-                    f2:44:d9:d5:88:12:dd:76:4d:f2:1a:fc:6f:23:1e:
-                    7a:f1:d8:98:45:4e:07:10:ef:16:42:d0:43:75:6d:
-                    4a:de:e2:aa:c9:31:ff:1f:00:70:7c:66:cf:10:25:
-                    08:ba:fa:ee:00:e9:46:03:66:27:11:15:3b:aa:5b:
-                    f2:98:dd:36:42:b2:da:88:75
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        69:36:89:f7:34:2a:33:72:2f:6d:3b:d4:22:b2:b8:6f:9a:c5:
-        36:66:0e:1b:3c:a1:b1:75:5a:e6:fd:35:d3:f8:a8:f2:07:6f:
-        85:67:8e:de:2b:b9:e2:17:b0:3a:a0:f0:0e:a2:00:9a:df:f3:
-        14:15:6e:bb:c8:85:5a:98:80:f9:ff:be:74:1d:3d:f3:fe:30:
-        25:d1:37:34:67:fa:a5:71:79:30:61:29:72:c0:e0:2c:4c:fb:
-        56:e4:3a:a8:6f:e5:32:59:52:db:75:28:50:59:0c:f8:0b:19:
-        e4:ac:d9:af:96:8d:2f:50:db:07:c3:ea:1f:ab:33:e0:f5:2b:
-        31:89
-
-Thawte Premium Server CA
-========================
-MD5 Fingerprint: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
-dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
-MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
-MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
-A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
-b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
-cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
-VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
-ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
-uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
-hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
-pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server@thawte.com
-        Validity
-            Not Before: Aug  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:
-                    38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:
-                    48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:
-                    86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:
-                    21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:
-                    cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:
-                    6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:
-                    b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:
-                    8d:f4:42:4d:e7:40:9d:1c:37
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7:
-        c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5:
-        08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb:
-        c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59:
-        6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9:
-        a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92:
-        32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07:
-        14:42
-
-Thawte Server CA
-================
-MD5 Fingerprint: C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
-MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
-MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
-DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
-dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
-cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
-DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
-yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
-L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
-EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
-7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
-QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
-qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs@thawte.com
-        Validity
-            Not Before: Aug  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:
-                    68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:
-                    85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:
-                    6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:
-                    6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:
-                    29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:
-                    6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:
-                    5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:
-                    3a:c2:b5:66:22:12:d6:87:0d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9:
-        a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48:
-        3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88:
-        4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9:
-        8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5:
-        e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9:
-        b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e:
-        70:47
-
-Thawte Universal CA Root
-========================
-MD5 Fingerprint: 17:AF:71:16:52:7B:73:65:22:05:29:28:84:71:9D:13
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIRIjCCCQoCAQAwDQYJKoZIhvcNAQEFBQAwVzEPMA0GA1UEChMGVGhhd3RlMSEw
-HwYDVQQLExhUaGF3dGUgVW5pdmVyc2FsIENBIFJvb3QxITAfBgNVBAMTGFRoYXd0
-ZSBVbml2ZXJzYWwgQ0EgUm9vdDAeFw05OTEyMDUxMzU2MDVaFw0zNzA0MDMxMzU2
-MDVaMFcxDzANBgNVBAoTBlRoYXd0ZTEhMB8GA1UECxMYVGhhd3RlIFVuaXZlcnNh
-bCBDQSBSb290MSEwHwYDVQQDExhUaGF3dGUgVW5pdmVyc2FsIENBIFJvb3Qwgggi
-MA0GCSqGSIb3DQEBAQUAA4IIDwAwgggKAoIIAQDiiQVtw3+tpok6/7vHzZ03seHS
-IR6bYSoV53tXT1U80Lv52T0+przstK1TmhYC6wty/Yryj0QFxevT5b22RDnm+0e/
-ap4KlRjiaOLWltYhrYj99Rf109pCpZDtKZWWdTrah6HU9dOH3gVipuNmdJLPpby7
-32j/cXVWQVk16zNaZlHy0qMKwYzOc1wRby2MlYyRsf3P5a1WlcyFkoOQVUHJwnft
-+aN0QgpoCPPQ0WX9Zyw0/yR/53nIBzslV92kDJg9vuDMGWXb8lSir0LUneKuhCMl
-CTMStWoedsSL2UkAbF66H/Ib2mfKJ6qjRCMbg4LO8qsz7VSk3MmrWWXROA7BPhtn
-j9Z1AeBVIt12d+yO3fTPeSJtuVcD9ZkIpzw+NPvEF64jWM0k8yPKagIolAGBNLRs
-a66LGsOj0gk8FlT1Nl8k459KoeJkxhbDpoF6JDZHjsFeDvv5FXgE1g5Z2Z1YZmLS
-lCkyMsh4uWb2tVbhbMYUS5ZSWZECJGpVR9c/tiMaYHeXLuJAr54EV56tEcXJQ3Dv
-SLRerBxpLi6C1VuLvoK+GRRe5w0ix1Eb/x6b8TCPcTEGszQnj196ZoJPii0Tq0LP
-IVael45mNg+Wm+Ur9AKpKmqMLMTDuHAsLSkeP1B3Hm0qVORVCpE4ocW1ZqJ2Wu4P
-v7Rn4ShuD+E2oYLRv9R34cRnMpN4yOdUU/4jeeZozCaQ9hBjXSpvkS2kczJRIfK7
-Fd+qJAhIBt6hnia/uoO/fKTIoIy90v+8hGknEyQYxEUYIyZeGBTKLoiHYqNT5iG3
-uIV7moW7FSZy+Ln3anQPST+SvqkFt5knv78JF0uZTK0REHzfdDH2jyZfqoiuOFfI
-VS3T+9gbUZm+JRs6usB9G+3O0km5z/PFfYmQgdhpSCAQo/jvklEYMosRGMA/G4VW
-zlfJ8oJkxt8CCS5KES+xJ203UvDwFmHxZ43fh3Kvh9rP+1CUbtSUheuKLOoh9ZZK
-RNXgzmp0RE3QBdOHFe020KSLZlVwk+5HBsF+LqUYeWfzKIXxcPcOg6R+VJ5adjLL
-ZRu4zfvIKAPSVJHRp8WFQwgXdqXmL2cI2KGigi0M+MGvY9RQd21rRkpBhdWQX3kt
-xOzXEYdAiuFo4mT4VTL7b5Ms2nfZIcEX5TYsTn6Qf6yUKzJnvjhQdriuQbnXIcUJ
-TGDIo1HENJtXN9/LyTNXi+v7dp8ZTcVqHypFrivtL42npQDLBPolYi50SBvKKoy6
-27Z+9rsCfKnD21h4ob/w/hoQVRHO6GlOlmXGFwPWB2iMVIKuHCJVP/H0CZcowEb3
-TgslHfcH1wkdOhhXODvoMwbnj3hGHlv1BrbsuKYN8boTS9YYIN1pM0ozFa64yJiK
-JyyTvC377jO/ZuZNurabBlVgl0u8RM1+9KHYqi/AAighFmJ42whU8vz0NOPGjxxD
-V86QGkvcLjsokYk/eto1HY4s7kns9DOtyVOojJ8EUz4kHFLJEvliV6O87izrQHwg
-I3ArlflzF4rRwRxpprc4mmf3cB16WgxAz2IPhTzCAk5+tfbFKimEsx83KuGqckLE
-7Wsaj5IcXb7R8lvyq6qp0vW4pEErK5FuEkjKmNg3jcjtADC1tgROfpzahOzA+nvl
-HYikU0awlORcG6ElLA9IUneXCWzsWxgzgwLlgn7NhSEwEf0nT8/kHuw/pVds6Sow
-GSqI5cNpOKtvOXF/hOFBw+HMKokgUi6DD2w5P0stFqwt8CSsAHP0m7MGPwW4FIUf
-q55cPJ5inQ5tO4AJ/ALqopd0ysf541bhw8qlpprAkOAkElPSwovavu0CQ15n4YmY
-ee7LqsrDG9znpUalfGsWh7ZaKNfbJzxepb22Ud0fQ887Jsg6jSVhwUn0PBvJROqv
-HMIrlAEqDjDRW4srR+XD0QQDmw45LNYn1OZwWtl1zyrYyQAF5BOI7MM5+4dhMDZD
-A8ienKIGwi/F/PCAY7FUBKBMqS7G9XZ62NDk1JQR5RW1eAbcuICPmakgMz0QhUxl
-Cco+WF5gk5qqYl3AUQYcXWCgDZxLQ/anFiGkh6rywS7ukjC4nt/fEAGLhglw2Gyo
-t1AeFpa092f9NTohkCoyxwB7TQcQCbkvc9gYfmeZBE8G/FDHhZudQJ2zljf6pdyy
-ck7vTgks/ZH9Tfe7pqE+q3uiA0CmqVUn4vr5Gc6HdarxdTbz87iR+JHDi3UTjkxl
-mhY5auU06HqWWX81sAD9W2n8Qyb69Shu/ofZfiT7tKCCblSi/66/YrT0cgHCy5hH
-mOFMtReAgM6PpijuHkVq+9/xHfxaO9bq9GwdYklXO4qPhurwUwTOnBZo/7q5/IgP
-R/cCRHJAuMo7LVOd3DxWjFl7aBosjXG7bADHGs5vQJKxoy8P2UTyo3Aunu4OrjLQ
-Oz6LB+rmebNcKeJ9a6he+Vox6AiWoowDmEbxuH2QVCbtdmL+numabl7JScdcNFMp
-VNns5EbhgDt12d/7edWH8bqe6xnOTFJz5luHriVPOXnMxrj5EHvs8JtxpAWg0ynT
-Tn8f9C0oeMxVlXsekS/MVhhzi7LbvGkH5tDYT+2i/1iFo23gSlO3Z32NDFxbe3co
-AjVEegTTKEPIazAXXTK4KTW6dto7FEp2GFik+JI8nk0zb0ZrCNkxSGjd9PskVjSy
-z2lmvkjSimYizfJpzcJTE0UpQSLWXZgftqSyo8LuAi9RG9yDpOxwJajUCGEyb+Sh
-gS58Y3L6KWW8cETPXQIDAQABMA0GCSqGSIb3DQEBBQUAA4IIAQBVmjRqIgZpCUUz
-x66pXMcJTpuGvEGQ1JRS9s0jKZRLIs3ovf6dzVLyve2rh8mrq0YEtL2iPyIwR1DA
-S4x2DwP1ktKxLcR6NZzJc4frpp/eD3ON03+Z2LqPb8Tzvhqui6KUNpDi5euNBfT8
-Zd+V8cSUTRdW1588j1A853e/lYYmZPtq/8ba6YyuQrtp5TPG2OkNxlUhScEMtKP5
-m0tc3oNPQQPOKnloOH3wVEkg9bYQ/wjcM2aWm/8G3gCe185WQ5pR/HDN9vBRo7fN
-tFyFYs1xt8YrIyvdw25AQvo3/zcc9npXlIeFI9fUycdfwU0vyQ3XXOycJe6eMIKR
-lnK4dR34CWhXl7ItS+4l7HokKe5y1JwT26vcAwrYShTJCFdEXaG1U4A08hSXz1Le
-og6KEOkU79BgvmGh8SVd1RhzP5MQypbus0DS26NVz1dapQ5PdUff6veQmm31cC4d
-FBw3ZARZULDccoZvnDc9XSivc1Xv0u4kdHQT79zbMUn7P2P10wg+M6XnnQreUyxR
-jmfbm0FlQVC91KSWbIe8EuCUx9PA5MtzWACD4awnhdadU51cvQo+A0OcDJH1bXv4
-QHJ1qxF2kSvhxqofcGl2cBUJ/pPQ1i23FWqbZ1y0aZ8lpn2K+30iqXHyzk6MuCEt
-3v5BcQ3/nexzprsHT4gOWEcufqnCx3jdunqeTuAwTmNvhdQgQen6/kNF5/uverLO
-pAUdIppYht/kzkyp/tgWpW/72M5We/XWIO/kR81jJP+5vvFIo8EBcua9wK3tJg3K
-NJ/8Ai0gTwUgriE9DMIgPD/wBITcz4n9uSWRjtBD5rMgq1wt1UCeoEvY9LLMffFY
-Co6H7YisNpbkVqARivKa0LNXozS7Gas44XRrIsQxzgHVGzbjHjhMM5PfQONZV06s
-bnseWj3FHVusyBCCNQIisvx16BCRjcR9eJNHnhydrGtiAliM1hwj1q94woCcpKok
-VBS1FJjG+CsaJMtxMgrimw5pa91+jGTRLmPvDn+xPohMnVXlyW4XBLdB/72KQcsl
-MW9Edz9HsfyBiAeOBUkgtxHZaQMqA525M4Sa399640Zzo9iijFMZiFVMdLj2RIQr
-0RQtTjkukmj/afyFYhvrVU/vJYRiRZnW2E5vP1MIfR0GlYGAf09OdDaYteKHcJjc
-1/XcUhXmxtZ5ljl/j5XPq4BTrRsLRUAO1Bi9LN6Kd3b98kRHxiHQ5HTw2BgFyHww
-csff8bv8AjCp9EImWQ2TBYKhc+005ThdzVCQ/pT8E7y9/KiiiKdzxLKo0V2IxAKi
-evEEyf6MdMnvHWRBn6welmdkrKsoQced98CYG24HwmR9WoNmVig2nOf7HHcOKKDE
-92t5OQQghMdXk7wboOq860LlqBH+/KxlzP34KIj0pZrlc1HgqJsNA3dO5eCYs4ja
-febGnnwUZsEuU0qSBzegfuk9CeQVfM/9uEGl755mncReBx2H+EGt6ucv0kFjGDf5
-FONN0OX3Q/0V4/k2cwYm3wFPqcNO3iBGd5i0eiQrO3UrTliNm12kxxagvDKIP6GD
-8wDI+NhY6WNdTCu18HJB2Kt3N9ZydK62NpzIpoNJS+DJVgspvgAwy93WyEKKANns
-FdE0cfJbZIf2J9K364awkL8p2yGeNozjIC+VI1FsG8Kk1ebYAkNnoP6bUANEf7vk
-ctXR5NqPkhRk+10UEBJKlQbJZQgpyiGjJjgRySffcGcE/cpIMn9jskV0MVBPh9kg
-cNIhcLHWEJ0zXXiDkW1Vguza5GJjx4FG1xllcipDGZC41yNNTBzgRKlmZ6zucXkn
-Jnhtcg71XUsjtXx8ZekXxjoLDd1eHlHDhrjsf8cnSqVG6GotGcGHo8uZk4dkolUU
-TLdDpZPX59JOeUDKZZlGPT96gHqIaswe5WszRvRQwNUfCbjNii6hJ+tdc6foawrl
-V4IqsPziVFJW8KupEsYjlgcknOC8RqW0IATaCZNj5dQuwn7FMe21FXSGF7mz8yaK
-HQJq2ho/6LrxBG2UUVTiWrRZgx1g0C1zzAe1Joz518aIke+Az10PoWDLRdRCItGx
-cB390LcwkDrGSG1n5TLaj9vjqOMdICWiHOFMuaT2xj9cWA27xrJ3ARaRnxcGDbdA
-PsyPjpxL4J1+mx4Fq4gi+tMoG1cUZEo+JCw4TSFpAHMu0FUtdPIV6JRDPkAqxsa5
-alveoswYUFRdTiqFbPaSiykZfufqSuAiKyW892bPd5pBdPI8FA10afVQg83NLyHb
-IkaK0PdRGpVX8gWLGhntO0XoNsJufvtXIgAfBlOprpPGj3EqMUWS545t5pkiwIP8
-79xXZndPojYx+6ETjeXKo5V9AQxkcDtTQmiAx7udqAA1aZgMqGfYQ+Wqz5XgUZWk
-Fz9CnbgEztN5ecjTihYykuDXou7XN0wvrLh7vkX28RgznHs3piTZvECrAOnDN4ur
-2LbzXoFOsBRrBz4f7ML2RCKVu7Pmb9b5cGW6CoNlqg4TL4MTI1OLQBb6zi/8TQT4
-69isxTbCFVdIOOxVs7Qeuq3SQgYXDXPIV6a+lk2p8sD7eiEc9clwqYKQtfEM1HkQ
-voGm6VxhnHd5mqTDNyZXN8lSLPoI/9BfxmHA9Ha+/N5Oz6tRmXHH33701s8GVhkT
-UwttdFlIGZtTBS2dMlTT5SxTi2Q+1GR744AJFMz+FkZja3Fp+PnLJ/aIVLxFs84C
-yJTuQFv5QgLC/7DYLOsof17JJgGZpw==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: O=Thawte, OU=Thawte Universal CA Root, CN=Thawte Universal CA Root
-        Validity
-            Not Before: Dec  5 13:56:05 1999 GMT
-            Not After : Apr  3 13:56:05 2037 GMT
-        Subject: O=Thawte, OU=Thawte Universal CA Root, CN=Thawte Universal CA Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (16384 bit)
-                Modulus (16384 bit):
-                    00:e2:89:05:6d:c3:7f:ad:a6:89:3a:ff:bb:c7:cd:
-                    9d:37:b1:e1:d2:21:1e:9b:61:2a:15:e7:7b:57:4f:
-                    55:3c:d0:bb:f9:d9:3d:3e:a6:bc:ec:b4:ad:53:9a:
-                    16:02:eb:0b:72:fd:8a:f2:8f:44:05:c5:eb:d3:e5:
-                    bd:b6:44:39:e6:fb:47:bf:6a:9e:0a:95:18:e2:68:
-                    e2:d6:96:d6:21:ad:88:fd:f5:17:f5:d3:da:42:a5:
-                    90:ed:29:95:96:75:3a:da:87:a1:d4:f5:d3:87:de:
-                    05:62:a6:e3:66:74:92:cf:a5:bc:bb:df:68:ff:71:
-                    75:56:41:59:35:eb:33:5a:66:51:f2:d2:a3:0a:c1:
-                    8c:ce:73:5c:11:6f:2d:8c:95:8c:91:b1:fd:cf:e5:
-                    ad:56:95:cc:85:92:83:90:55:41:c9:c2:77:ed:f9:
-                    a3:74:42:0a:68:08:f3:d0:d1:65:fd:67:2c:34:ff:
-                    24:7f:e7:79:c8:07:3b:25:57:dd:a4:0c:98:3d:be:
-                    e0:cc:19:65:db:f2:54:a2:af:42:d4:9d:e2:ae:84:
-                    23:25:09:33:12:b5:6a:1e:76:c4:8b:d9:49:00:6c:
-                    5e:ba:1f:f2:1b:da:67:ca:27:aa:a3:44:23:1b:83:
-                    82:ce:f2:ab:33:ed:54:a4:dc:c9:ab:59:65:d1:38:
-                    0e:c1:3e:1b:67:8f:d6:75:01:e0:55:22:dd:76:77:
-                    ec:8e:dd:f4:cf:79:22:6d:b9:57:03:f5:99:08:a7:
-                    3c:3e:34:fb:c4:17:ae:23:58:cd:24:f3:23:ca:6a:
-                    02:28:94:01:81:34:b4:6c:6b:ae:8b:1a:c3:a3:d2:
-                    09:3c:16:54:f5:36:5f:24:e3:9f:4a:a1:e2:64:c6:
-                    16:c3:a6:81:7a:24:36:47:8e:c1:5e:0e:fb:f9:15:
-                    78:04:d6:0e:59:d9:9d:58:66:62:d2:94:29:32:32:
-                    c8:78:b9:66:f6:b5:56:e1:6c:c6:14:4b:96:52:59:
-                    91:02:24:6a:55:47:d7:3f:b6:23:1a:60:77:97:2e:
-                    e2:40:af:9e:04:57:9e:ad:11:c5:c9:43:70:ef:48:
-                    b4:5e:ac:1c:69:2e:2e:82:d5:5b:8b:be:82:be:19:
-                    14:5e:e7:0d:22:c7:51:1b:ff:1e:9b:f1:30:8f:71:
-                    31:06:b3:34:27:8f:5f:7a:66:82:4f:8a:2d:13:ab:
-                    42:cf:21:56:9e:97:8e:66:36:0f:96:9b:e5:2b:f4:
-                    02:a9:2a:6a:8c:2c:c4:c3:b8:70:2c:2d:29:1e:3f:
-                    50:77:1e:6d:2a:54:e4:55:0a:91:38:a1:c5:b5:66:
-                    a2:76:5a:ee:0f:bf:b4:67:e1:28:6e:0f:e1:36:a1:
-                    82:d1:bf:d4:77:e1:c4:67:32:93:78:c8:e7:54:53:
-                    fe:23:79:e6:68:cc:26:90:f6:10:63:5d:2a:6f:91:
-                    2d:a4:73:32:51:21:f2:bb:15:df:aa:24:08:48:06:
-                    de:a1:9e:26:bf:ba:83:bf:7c:a4:c8:a0:8c:bd:d2:
-                    ff:bc:84:69:27:13:24:18:c4:45:18:23:26:5e:18:
-                    14:ca:2e:88:87:62:a3:53:e6:21:b7:b8:85:7b:9a:
-                    85:bb:15:26:72:f8:b9:f7:6a:74:0f:49:3f:92:be:
-                    a9:05:b7:99:27:bf:bf:09:17:4b:99:4c:ad:11:10:
-                    7c:df:74:31:f6:8f:26:5f:aa:88:ae:38:57:c8:55:
-                    2d:d3:fb:d8:1b:51:99:be:25:1b:3a:ba:c0:7d:1b:
-                    ed:ce:d2:49:b9:cf:f3:c5:7d:89:90:81:d8:69:48:
-                    20:10:a3:f8:ef:92:51:18:32:8b:11:18:c0:3f:1b:
-                    85:56:ce:57:c9:f2:82:64:c6:df:02:09:2e:4a:11:
-                    2f:b1:27:6d:37:52:f0:f0:16:61:f1:67:8d:df:87:
-                    72:af:87:da:cf:fb:50:94:6e:d4:94:85:eb:8a:2c:
-                    ea:21:f5:96:4a:44:d5:e0:ce:6a:74:44:4d:d0:05:
-                    d3:87:15:ed:36:d0:a4:8b:66:55:70:93:ee:47:06:
-                    c1:7e:2e:a5:18:79:67:f3:28:85:f1:70:f7:0e:83:
-                    a4:7e:54:9e:5a:76:32:cb:65:1b:b8:cd:fb:c8:28:
-                    03:d2:54:91:d1:a7:c5:85:43:08:17:76:a5:e6:2f:
-                    67:08:d8:a1:a2:82:2d:0c:f8:c1:af:63:d4:50:77:
-                    6d:6b:46:4a:41:85:d5:90:5f:79:2d:c4:ec:d7:11:
-                    87:40:8a:e1:68:e2:64:f8:55:32:fb:6f:93:2c:da:
-                    77:d9:21:c1:17:e5:36:2c:4e:7e:90:7f:ac:94:2b:
-                    32:67:be:38:50:76:b8:ae:41:b9:d7:21:c5:09:4c:
-                    60:c8:a3:51:c4:34:9b:57:37:df:cb:c9:33:57:8b:
-                    eb:fb:76:9f:19:4d:c5:6a:1f:2a:45:ae:2b:ed:2f:
-                    8d:a7:a5:00:cb:04:fa:25:62:2e:74:48:1b:ca:2a:
-                    8c:ba:db:b6:7e:f6:bb:02:7c:a9:c3:db:58:78:a1:
-                    bf:f0:fe:1a:10:55:11:ce:e8:69:4e:96:65:c6:17:
-                    03:d6:07:68:8c:54:82:ae:1c:22:55:3f:f1:f4:09:
-                    97:28:c0:46:f7:4e:0b:25:1d:f7:07:d7:09:1d:3a:
-                    18:57:38:3b:e8:33:06:e7:8f:78:46:1e:5b:f5:06:
-                    b6:ec:b8:a6:0d:f1:ba:13:4b:d6:18:20:dd:69:33:
-                    4a:33:15:ae:b8:c8:98:8a:27:2c:93:bc:2d:fb:ee:
-                    33:bf:66:e6:4d:ba:b6:9b:06:55:60:97:4b:bc:44:
-                    cd:7e:f4:a1:d8:aa:2f:c0:02:28:21:16:62:78:db:
-                    08:54:f2:fc:f4:34:e3:c6:8f:1c:43:57:ce:90:1a:
-                    4b:dc:2e:3b:28:91:89:3f:7a:da:35:1d:8e:2c:ee:
-                    49:ec:f4:33:ad:c9:53:a8:8c:9f:04:53:3e:24:1c:
-                    52:c9:12:f9:62:57:a3:bc:ee:2c:eb:40:7c:20:23:
-                    70:2b:95:f9:73:17:8a:d1:c1:1c:69:a6:b7:38:9a:
-                    67:f7:70:1d:7a:5a:0c:40:cf:62:0f:85:3c:c2:02:
-                    4e:7e:b5:f6:c5:2a:29:84:b3:1f:37:2a:e1:aa:72:
-                    42:c4:ed:6b:1a:8f:92:1c:5d:be:d1:f2:5b:f2:ab:
-                    aa:a9:d2:f5:b8:a4:41:2b:2b:91:6e:12:48:ca:98:
-                    d8:37:8d:c8:ed:00:30:b5:b6:04:4e:7e:9c:da:84:
-                    ec:c0:fa:7b:e5:1d:88:a4:53:46:b0:94:e4:5c:1b:
-                    a1:25:2c:0f:48:52:77:97:09:6c:ec:5b:18:33:83:
-                    02:e5:82:7e:cd:85:21:30:11:fd:27:4f:cf:e4:1e:
-                    ec:3f:a5:57:6c:e9:2a:30:19:2a:88:e5:c3:69:38:
-                    ab:6f:39:71:7f:84:e1:41:c3:e1:cc:2a:89:20:52:
-                    2e:83:0f:6c:39:3f:4b:2d:16:ac:2d:f0:24:ac:00:
-                    73:f4:9b:b3:06:3f:05:b8:14:85:1f:ab:9e:5c:3c:
-                    9e:62:9d:0e:6d:3b:80:09:fc:02:ea:a2:97:74:ca:
-                    c7:f9:e3:56:e1:c3:ca:a5:a6:9a:c0:90:e0:24:12:
-                    53:d2:c2:8b:da:be:ed:02:43:5e:67:e1:89:98:79:
-                    ee:cb:aa:ca:c3:1b:dc:e7:a5:46:a5:7c:6b:16:87:
-                    b6:5a:28:d7:db:27:3c:5e:a5:bd:b6:51:dd:1f:43:
-                    cf:3b:26:c8:3a:8d:25:61:c1:49:f4:3c:1b:c9:44:
-                    ea:af:1c:c2:2b:94:01:2a:0e:30:d1:5b:8b:2b:47:
-                    e5:c3:d1:04:03:9b:0e:39:2c:d6:27:d4:e6:70:5a:
-                    d9:75:cf:2a:d8:c9:00:05:e4:13:88:ec:c3:39:fb:
-                    87:61:30:36:43:03:c8:9e:9c:a2:06:c2:2f:c5:fc:
-                    f0:80:63:b1:54:04:a0:4c:a9:2e:c6:f5:76:7a:d8:
-                    d0:e4:d4:94:11:e5:15:b5:78:06:dc:b8:80:8f:99:
-                    a9:20:33:3d:10:85:4c:65:09:ca:3e:58:5e:60:93:
-                    9a:aa:62:5d:c0:51:06:1c:5d:60:a0:0d:9c:4b:43:
-                    f6:a7:16:21:a4:87:aa:f2:c1:2e:ee:92:30:b8:9e:
-                    df:df:10:01:8b:86:09:70:d8:6c:a8:b7:50:1e:16:
-                    96:b4:f7:67:fd:35:3a:21:90:2a:32:c7:00:7b:4d:
-                    07:10:09:b9:2f:73:d8:18:7e:67:99:04:4f:06:fc:
-                    50:c7:85:9b:9d:40:9d:b3:96:37:fa:a5:dc:b2:72:
-                    4e:ef:4e:09:2c:fd:91:fd:4d:f7:bb:a6:a1:3e:ab:
-                    7b:a2:03:40:a6:a9:55:27:e2:fa:f9:19:ce:87:75:
-                    aa:f1:75:36:f3:f3:b8:91:f8:91:c3:8b:75:13:8e:
-                    4c:65:9a:16:39:6a:e5:34:e8:7a:96:59:7f:35:b0:
-                    00:fd:5b:69:fc:43:26:fa:f5:28:6e:fe:87:d9:7e:
-                    24:fb:b4:a0:82:6e:54:a2:ff:ae:bf:62:b4:f4:72:
-                    01:c2:cb:98:47:98:e1:4c:b5:17:80:80:ce:8f:a6:
-                    28:ee:1e:45:6a:fb:df:f1:1d:fc:5a:3b:d6:ea:f4:
-                    6c:1d:62:49:57:3b:8a:8f:86:ea:f0:53:04:ce:9c:
-                    16:68:ff:ba:b9:fc:88:0f:47:f7:02:44:72:40:b8:
-                    ca:3b:2d:53:9d:dc:3c:56:8c:59:7b:68:1a:2c:8d:
-                    71:bb:6c:00:c7:1a:ce:6f:40:92:b1:a3:2f:0f:d9:
-                    44:f2:a3:70:2e:9e:ee:0e:ae:32:d0:3b:3e:8b:07:
-                    ea:e6:79:b3:5c:29:e2:7d:6b:a8:5e:f9:5a:31:e8:
-                    08:96:a2:8c:03:98:46:f1:b8:7d:90:54:26:ed:76:
-                    62:fe:9e:e9:9a:6e:5e:c9:49:c7:5c:34:53:29:54:
-                    d9:ec:e4:46:e1:80:3b:75:d9:df:fb:79:d5:87:f1:
-                    ba:9e:eb:19:ce:4c:52:73:e6:5b:87:ae:25:4f:39:
-                    79:cc:c6:b8:f9:10:7b:ec:f0:9b:71:a4:05:a0:d3:
-                    29:d3:4e:7f:1f:f4:2d:28:78:cc:55:95:7b:1e:91:
-                    2f:cc:56:18:73:8b:b2:db:bc:69:07:e6:d0:d8:4f:
-                    ed:a2:ff:58:85:a3:6d:e0:4a:53:b7:67:7d:8d:0c:
-                    5c:5b:7b:77:28:02:35:44:7a:04:d3:28:43:c8:6b:
-                    30:17:5d:32:b8:29:35:ba:76:da:3b:14:4a:76:18:
-                    58:a4:f8:92:3c:9e:4d:33:6f:46:6b:08:d9:31:48:
-                    68:dd:f4:fb:24:56:34:b2:cf:69:66:be:48:d2:8a:
-                    66:22:cd:f2:69:cd:c2:53:13:45:29:41:22:d6:5d:
-                    98:1f:b6:a4:b2:a3:c2:ee:02:2f:51:1b:dc:83:a4:
-                    ec:70:25:a8:d4:08:61:32:6f:e4:a1:81:2e:7c:63:
-                    72:fa:29:65:bc:70:44:cf:5d
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        55:9a:34:6a:22:06:69:09:45:33:c7:ae:a9:5c:c7:09:4e:9b:
-        86:bc:41:90:d4:94:52:f6:cd:23:29:94:4b:22:cd:e8:bd:fe:
-        9d:cd:52:f2:bd:ed:ab:87:c9:ab:ab:46:04:b4:bd:a2:3f:22:
-        30:47:50:c0:4b:8c:76:0f:03:f5:92:d2:b1:2d:c4:7a:35:9c:
-        c9:73:87:eb:a6:9f:de:0f:73:8d:d3:7f:99:d8:ba:8f:6f:c4:
-        f3:be:1a:ae:8b:a2:94:36:90:e2:e5:eb:8d:05:f4:fc:65:df:
-        95:f1:c4:94:4d:17:56:d7:9f:3c:8f:50:3c:e7:77:bf:95:86:
-        26:64:fb:6a:ff:c6:da:e9:8c:ae:42:bb:69:e5:33:c6:d8:e9:
-        0d:c6:55:21:49:c1:0c:b4:a3:f9:9b:4b:5c:de:83:4f:41:03:
-        ce:2a:79:68:38:7d:f0:54:49:20:f5:b6:10:ff:08:dc:33:66:
-        96:9b:ff:06:de:00:9e:d7:ce:56:43:9a:51:fc:70:cd:f6:f0:
-        51:a3:b7:cd:b4:5c:85:62:cd:71:b7:c6:2b:23:2b:dd:c3:6e:
-        40:42:fa:37:ff:37:1c:f6:7a:57:94:87:85:23:d7:d4:c9:c7:
-        5f:c1:4d:2f:c9:0d:d7:5c:ec:9c:25:ee:9e:30:82:91:96:72:
-        b8:75:1d:f8:09:68:57:97:b2:2d:4b:ee:25:ec:7a:24:29:ee:
-        72:d4:9c:13:db:ab:dc:03:0a:d8:4a:14:c9:08:57:44:5d:a1:
-        b5:53:80:34:f2:14:97:cf:52:de:a2:0e:8a:10:e9:14:ef:d0:
-        60:be:61:a1:f1:25:5d:d5:18:73:3f:93:10:ca:96:ee:b3:40:
-        d2:db:a3:55:cf:57:5a:a5:0e:4f:75:47:df:ea:f7:90:9a:6d:
-        f5:70:2e:1d:14:1c:37:64:04:59:50:b0:dc:72:86:6f:9c:37:
-        3d:5d:28:af:73:55:ef:d2:ee:24:74:74:13:ef:dc:db:31:49:
-        fb:3f:63:f5:d3:08:3e:33:a5:e7:9d:0a:de:53:2c:51:8e:67:
-        db:9b:41:65:41:50:bd:d4:a4:96:6c:87:bc:12:e0:94:c7:d3:
-        c0:e4:cb:73:58:00:83:e1:ac:27:85:d6:9d:53:9d:5c:bd:0a:
-        3e:03:43:9c:0c:91:f5:6d:7b:f8:40:72:75:ab:11:76:91:2b:
-        e1:c6:aa:1f:70:69:76:70:15:09:fe:93:d0:d6:2d:b7:15:6a:
-        9b:67:5c:b4:69:9f:25:a6:7d:8a:fb:7d:22:a9:71:f2:ce:4e:
-        8c:b8:21:2d:de:fe:41:71:0d:ff:9d:ec:73:a6:bb:07:4f:88:
-        0e:58:47:2e:7e:a9:c2:c7:78:dd:ba:7a:9e:4e:e0:30:4e:63:
-        6f:85:d4:20:41:e9:fa:fe:43:45:e7:fb:af:7a:b2:ce:a4:05:
-        1d:22:9a:58:86:df:e4:ce:4c:a9:fe:d8:16:a5:6f:fb:d8:ce:
-        56:7b:f5:d6:20:ef:e4:47:cd:63:24:ff:b9:be:f1:48:a3:c1:
-        01:72:e6:bd:c0:ad:ed:26:0d:ca:34:9f:fc:02:2d:20:4f:05:
-        20:ae:21:3d:0c:c2:20:3c:3f:f0:04:84:dc:cf:89:fd:b9:25:
-        91:8e:d0:43:e6:b3:20:ab:5c:2d:d5:40:9e:a0:4b:d8:f4:b2:
-        cc:7d:f1:58:0a:8e:87:ed:88:ac:36:96:e4:56:a0:11:8a:f2:
-        9a:d0:b3:57:a3:34:bb:19:ab:38:e1:74:6b:22:c4:31:ce:01:
-        d5:1b:36:e3:1e:38:4c:33:93:df:40:e3:59:57:4e:ac:6e:7b:
-        1e:5a:3d:c5:1d:5b:ac:c8:10:82:35:02:22:b2:fc:75:e8:10:
-        91:8d:c4:7d:78:93:47:9e:1c:9d:ac:6b:62:02:58:8c:d6:1c:
-        23:d6:af:78:c2:80:9c:a4:aa:24:54:14:b5:14:98:c6:f8:2b:
-        1a:24:cb:71:32:0a:e2:9b:0e:69:6b:dd:7e:8c:64:d1:2e:63:
-        ef:0e:7f:b1:3e:88:4c:9d:55:e5:c9:6e:17:04:b7:41:ff:bd:
-        8a:41:cb:25:31:6f:44:77:3f:47:b1:fc:81:88:07:8e:05:49:
-        20:b7:11:d9:69:03:2a:03:9d:b9:33:84:9a:df:df:7a:e3:46:
-        73:a3:d8:a2:8c:53:19:88:55:4c:74:b8:f6:44:84:2b:d1:14:
-        2d:4e:39:2e:92:68:ff:69:fc:85:62:1b:eb:55:4f:ef:25:84:
-        62:45:99:d6:d8:4e:6f:3f:53:08:7d:1d:06:95:81:80:7f:4f:
-        4e:74:36:98:b5:e2:87:70:98:dc:d7:f5:dc:52:15:e6:c6:d6:
-        79:96:39:7f:8f:95:cf:ab:80:53:ad:1b:0b:45:40:0e:d4:18:
-        bd:2c:de:8a:77:76:fd:f2:44:47:c6:21:d0:e4:74:f0:d8:18:
-        05:c8:7c:30:72:c7:df:f1:bb:fc:02:30:a9:f4:42:26:59:0d:
-        93:05:82:a1:73:ed:34:e5:38:5d:cd:50:90:fe:94:fc:13:bc:
-        bd:fc:a8:a2:88:a7:73:c4:b2:a8:d1:5d:88:c4:02:a2:7a:f1:
-        04:c9:fe:8c:74:c9:ef:1d:64:41:9f:ac:1e:96:67:64:ac:ab:
-        28:41:c7:9d:f7:c0:98:1b:6e:07:c2:64:7d:5a:83:66:56:28:
-        36:9c:e7:fb:1c:77:0e:28:a0:c4:f7:6b:79:39:04:20:84:c7:
-        57:93:bc:1b:a0:ea:bc:eb:42:e5:a8:11:fe:fc:ac:65:cc:fd:
-        f8:28:88:f4:a5:9a:e5:73:51:e0:a8:9b:0d:03:77:4e:e5:e0:
-        98:b3:88:da:7d:e6:c6:9e:7c:14:66:c1:2e:53:4a:92:07:37:
-        a0:7e:e9:3d:09:e4:15:7c:cf:fd:b8:41:a5:ef:9e:66:9d:c4:
-        5e:07:1d:87:f8:41:ad:ea:e7:2f:d2:41:63:18:37:f9:14:e3:
-        4d:d0:e5:f7:43:fd:15:e3:f9:36:73:06:26:df:01:4f:a9:c3:
-        4e:de:20:46:77:98:b4:7a:24:2b:3b:75:2b:4e:58:8d:9b:5d:
-        a4:c7:16:a0:bc:32:88:3f:a1:83:f3:00:c8:f8:d8:58:e9:63:
-        5d:4c:2b:b5:f0:72:41:d8:ab:77:37:d6:72:74:ae:b6:36:9c:
-        c8:a6:83:49:4b:e0:c9:56:0b:29:be:00:30:cb:dd:d6:c8:42:
-        8a:00:d9:ec:15:d1:34:71:f2:5b:64:87:f6:27:d2:b7:eb:86:
-        b0:90:bf:29:db:21:9e:36:8c:e3:20:2f:95:23:51:6c:1b:c2:
-        a4:d5:e6:d8:02:43:67:a0:fe:9b:50:03:44:7f:bb:e4:72:d5:
-        d1:e4:da:8f:92:14:64:fb:5d:14:10:12:4a:95:06:c9:65:08:
-        29:ca:21:a3:26:38:11:c9:27:df:70:67:04:fd:ca:48:32:7f:
-        63:b2:45:74:31:50:4f:87:d9:20:70:d2:21:70:b1:d6:10:9d:
-        33:5d:78:83:91:6d:55:82:ec:da:e4:62:63:c7:81:46:d7:19:
-        65:72:2a:43:19:90:b8:d7:23:4d:4c:1c:e0:44:a9:66:67:ac:
-        ee:71:79:27:26:78:6d:72:0e:f5:5d:4b:23:b5:7c:7c:65:e9:
-        17:c6:3a:0b:0d:dd:5e:1e:51:c3:86:b8:ec:7f:c7:27:4a:a5:
-        46:e8:6a:2d:19:c1:87:a3:cb:99:93:87:64:a2:55:14:4c:b7:
-        43:a5:93:d7:e7:d2:4e:79:40:ca:65:99:46:3d:3f:7a:80:7a:
-        88:6a:cc:1e:e5:6b:33:46:f4:50:c0:d5:1f:09:b8:cd:8a:2e:
-        a1:27:eb:5d:73:a7:e8:6b:0a:e5:57:82:2a:b0:fc:e2:54:52:
-        56:f0:ab:a9:12:c6:23:96:07:24:9c:e0:bc:46:a5:b4:20:04:
-        da:09:93:63:e5:d4:2e:c2:7e:c5:31:ed:b5:15:74:86:17:b9:
-        b3:f3:26:8a:1d:02:6a:da:1a:3f:e8:ba:f1:04:6d:94:51:54:
-        e2:5a:b4:59:83:1d:60:d0:2d:73:cc:07:b5:26:8c:f9:d7:c6:
-        88:91:ef:80:cf:5d:0f:a1:60:cb:45:d4:42:22:d1:b1:70:1d:
-        fd:d0:b7:30:90:3a:c6:48:6d:67:e5:32:da:8f:db:e3:a8:e3:
-        1d:20:25:a2:1c:e1:4c:b9:a4:f6:c6:3f:5c:58:0d:bb:c6:b2:
-        77:01:16:91:9f:17:06:0d:b7:40:3e:cc:8f:8e:9c:4b:e0:9d:
-        7e:9b:1e:05:ab:88:22:fa:d3:28:1b:57:14:64:4a:3e:24:2c:
-        38:4d:21:69:00:73:2e:d0:55:2d:74:f2:15:e8:94:43:3e:40:
-        2a:c6:c6:b9:6a:5b:de:a2:cc:18:50:54:5d:4e:2a:85:6c:f6:
-        92:8b:29:19:7e:e7:ea:4a:e0:22:2b:25:bc:f7:66:cf:77:9a:
-        41:74:f2:3c:14:0d:74:69:f5:50:83:cd:cd:2f:21:db:22:46:
-        8a:d0:f7:51:1a:95:57:f2:05:8b:1a:19:ed:3b:45:e8:36:c2:
-        6e:7e:fb:57:22:00:1f:06:53:a9:ae:93:c6:8f:71:2a:31:45:
-        92:e7:8e:6d:e6:99:22:c0:83:fc:ef:dc:57:66:77:4f:a2:36:
-        31:fb:a1:13:8d:e5:ca:a3:95:7d:01:0c:64:70:3b:53:42:68:
-        80:c7:bb:9d:a8:00:35:69:98:0c:a8:67:d8:43:e5:aa:cf:95:
-        e0:51:95:a4:17:3f:42:9d:b8:04:ce:d3:79:79:c8:d3:8a:16:
-        32:92:e0:d7:a2:ee:d7:37:4c:2f:ac:b8:7b:be:45:f6:f1:18:
-        33:9c:7b:37:a6:24:d9:bc:40:ab:00:e9:c3:37:8b:ab:d8:b6:
-        f3:5e:81:4e:b0:14:6b:07:3e:1f:ec:c2:f6:44:22:95:bb:b3:
-        e6:6f:d6:f9:70:65:ba:0a:83:65:aa:0e:13:2f:83:13:23:53:
-        8b:40:16:fa:ce:2f:fc:4d:04:f8:eb:d8:ac:c5:36:c2:15:57:
-        48:38:ec:55:b3:b4:1e:ba:ad:d2:42:06:17:0d:73:c8:57:a6:
-        be:96:4d:a9:f2:c0:fb:7a:21:1c:f5:c9:70:a9:82:90:b5:f1:
-        0c:d4:79:10:be:81:a6:e9:5c:61:9c:77:79:9a:a4:c3:37:26:
-        57:37:c9:52:2c:fa:08:ff:d0:5f:c6:61:c0:f4:76:be:fc:de:
-        4e:cf:ab:51:99:71:c7:df:7e:f4:d6:cf:06:56:19:13:53:0b:
-        6d:74:59:48:19:9b:53:05:2d:9d:32:54:d3:e5:2c:53:8b:64:
-        3e:d4:64:7b:e3:80:09:14:cc:fe:16:46:63:6b:71:69:f8:f9:
-        cb:27:f6:88:54:bc:45:b3:ce:02:c8:94:ee:40:5b:f9:42:02:
-        c2:ff:b0:d8:2c:eb:28:7f:5e:c9:26:01:99:a7
-
-UPS Document Exchange by DST
-============================
-MD5 Fingerprint: 78:A5:FB:10:4B:E4:63:2E:D2:6B:FB:F2:B6:C2:4B:8E
-PEM Data:
------BEGIN CERTIFICATE-----
-MIID+DCCAuACEQDQHkCLAAACfAAAAAcAAAABMA0GCSqGSIb3DQEBBQUAMIG5MQsw
-CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
-dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEeMBwGA1UE
-CxMVVW5pdGVkIFBhcmNlbCBTZXJ2aWNlMRkwFwYDVQQDExBEU1QgKFVQUykgUm9v
-dENBMSEwHwYJKoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wHhcNOTgxMjEw
-MDAyNTQ2WhcNMDgxMjA3MDAyNTQ2WjCBuTELMAkGA1UEBhMCdXMxDTALBgNVBAgT
-BFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MSQwIgYDVQQKExtEaWdpdGFs
-IFNpZ25hdHVyZSBUcnVzdCBDby4xHjAcBgNVBAsTFVVuaXRlZCBQYXJjZWwgU2Vy
-dmljZTEZMBcGA1UEAxMQRFNUIChVUFMpIFJvb3RDQTEhMB8GCSqGSIb3DQEJARYS
-Y2FAZGlnc2lndHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEA7xfsrynm2SsnwNt7JJ9m9ASjwq0KyrDNhCuqN/OAoWDvQo/lXXdfV0JU3Svb
-YbJxXpN7b1/rJCvnpPLr8XOzC431Wdcy36yQjk4xuiVNtgym8eWvDOHlb1IDFcHf
-vn5KpqYYRnA/76dNqNz1dNlhekA8oZQo6sKUiMs3FQUZPJViuhwt+yiM0ciekjxb
-EVQ7eNlHO5stSuY+e2vf9PYFzyj2upg2AJ48N4UKnN63pIXFY/23YhRtFx7MioCF
-QjIRsCHinXfJgBZBnuvlFIl/t8O8T8Gfh5uW7GP2+ZBWDpWjIwqMZNqbuxx3sExd
-5sjo9X15LVckP8zjPSyYzxKfFwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQC7OI4E
-IiZYDiFEVsy9WXwpaMtcD8iGVD+BeKetj8xG9xxUuHktW3IFaugh0OwdHf6kNFG+
-7u3OzJwWaOJddXMIQzGRahArEMJLafjJrZio/bjv9qvwXyHvy4VrCe0vSGa1YHLA
-6KDHmNsO9xtzjTQICnvFd2KqMCObsB6LgJhU3AWHs6liWfyLtxWarETszzUa9w8u
-XZJLAch77qA37eQdgg2ZQUMXrdTVyuP5fReiAdAwD0C53LkEgmmDtvkP+gaS96j0
-1hcc8F5/xCnI5uHi/zZoIVGu/6m6hJKtinsz2JDSwXltMzM5dKwbOHGfLAeQ6h3g
-04lfy+8UjSdUpb1G
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            d0:1e:40:8b:00:00:02:7c:00:00:00:07:00:00:00:01
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=United Parcel Service, CN=DST (UPS) RootCA/Email=ca@digsigtrust.com
-        Validity
-            Not Before: Dec 10 00:25:46 1998 GMT
-            Not After : Dec  7 00:25:46 2008 GMT
-        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=United Parcel Service, CN=DST (UPS) RootCA/Email=ca@digsigtrust.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ef:17:ec:af:29:e6:d9:2b:27:c0:db:7b:24:9f:
-                    66:f4:04:a3:c2:ad:0a:ca:b0:cd:84:2b:aa:37:f3:
-                    80:a1:60:ef:42:8f:e5:5d:77:5f:57:42:54:dd:2b:
-                    db:61:b2:71:5e:93:7b:6f:5f:eb:24:2b:e7:a4:f2:
-                    eb:f1:73:b3:0b:8d:f5:59:d7:32:df:ac:90:8e:4e:
-                    31:ba:25:4d:b6:0c:a6:f1:e5:af:0c:e1:e5:6f:52:
-                    03:15:c1:df:be:7e:4a:a6:a6:18:46:70:3f:ef:a7:
-                    4d:a8:dc:f5:74:d9:61:7a:40:3c:a1:94:28:ea:c2:
-                    94:88:cb:37:15:05:19:3c:95:62:ba:1c:2d:fb:28:
-                    8c:d1:c8:9e:92:3c:5b:11:54:3b:78:d9:47:3b:9b:
-                    2d:4a:e6:3e:7b:6b:df:f4:f6:05:cf:28:f6:ba:98:
-                    36:00:9e:3c:37:85:0a:9c:de:b7:a4:85:c5:63:fd:
-                    b7:62:14:6d:17:1e:cc:8a:80:85:42:32:11:b0:21:
-                    e2:9d:77:c9:80:16:41:9e:eb:e5:14:89:7f:b7:c3:
-                    bc:4f:c1:9f:87:9b:96:ec:63:f6:f9:90:56:0e:95:
-                    a3:23:0a:8c:64:da:9b:bb:1c:77:b0:4c:5d:e6:c8:
-                    e8:f5:7d:79:2d:57:24:3f:cc:e3:3d:2c:98:cf:12:
-                    9f:17
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        bb:38:8e:04:22:26:58:0e:21:44:56:cc:bd:59:7c:29:68:cb:
-        5c:0f:c8:86:54:3f:81:78:a7:ad:8f:cc:46:f7:1c:54:b8:79:
-        2d:5b:72:05:6a:e8:21:d0:ec:1d:1d:fe:a4:34:51:be:ee:ed:
-        ce:cc:9c:16:68:e2:5d:75:73:08:43:31:91:6a:10:2b:10:c2:
-        4b:69:f8:c9:ad:98:a8:fd:b8:ef:f6:ab:f0:5f:21:ef:cb:85:
-        6b:09:ed:2f:48:66:b5:60:72:c0:e8:a0:c7:98:db:0e:f7:1b:
-        73:8d:34:08:0a:7b:c5:77:62:aa:30:23:9b:b0:1e:8b:80:98:
-        54:dc:05:87:b3:a9:62:59:fc:8b:b7:15:9a:ac:44:ec:cf:35:
-        1a:f7:0f:2e:5d:92:4b:01:c8:7b:ee:a0:37:ed:e4:1d:82:0d:
-        99:41:43:17:ad:d4:d5:ca:e3:f9:7d:17:a2:01:d0:30:0f:40:
-        b9:dc:b9:04:82:69:83:b6:f9:0f:fa:06:92:f7:a8:f4:d6:17:
-        1c:f0:5e:7f:c4:29:c8:e6:e1:e2:ff:36:68:21:51:ae:ff:a9:
-        ba:84:92:ad:8a:7b:33:d8:90:d2:c1:79:6d:33:33:39:74:ac:
-        1b:38:71:9f:2c:07:90:ea:1d:e0:d3:89:5f:cb:ef:14:8d:27:
-        54:a5:bd:46
-
-ValiCert Class 1 VA
-===================
-MD5 Fingerprint: 65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
-BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
-aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
-9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
-NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
-azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
-YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
-Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
-cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
-LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
-TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
-TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
-LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
-I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
-nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
-        Validity
-            Not Before: Jun 25 22:23:48 1999 GMT
-            Not After : Jun 25 22:23:48 2019 GMT
-        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d8:59:82:7a:89:b8:96:ba:a6:2f:68:6f:58:2e:
-                    a7:54:1c:06:6e:f4:ea:8d:48:bc:31:94:17:f0:f3:
-                    4e:bc:b2:b8:35:92:76:b0:d0:a5:a5:01:d7:00:03:
-                    12:22:19:08:f8:ff:11:23:9b:ce:07:f5:bf:69:1a:
-                    26:fe:4e:e9:d1:7f:9d:2c:40:1d:59:68:6e:a6:f8:
-                    58:b0:9d:1a:8f:d3:3f:f1:dc:19:06:81:a8:0e:e0:
-                    3a:dd:c8:53:45:09:06:e6:0f:70:c3:fa:40:a6:0e:
-                    e2:56:05:0f:18:4d:fc:20:82:d1:73:55:74:8d:76:
-                    72:a0:1d:9d:1d:c0:dd:3f:71
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        50:68:3d:49:f4:2c:1c:06:94:df:95:60:7f:96:7b:17:fe:4f:
-        71:ad:64:c8:dd:77:d2:ef:59:55:e8:3f:e8:8e:05:2a:21:f2:
-        07:d2:b5:a7:52:fe:9c:b1:b6:e2:5b:77:17:40:ea:72:d6:23:
-        cb:28:81:32:c3:00:79:18:ec:59:17:89:c9:c6:6a:1e:71:c9:
-        fd:b7:74:a5:25:45:69:c5:48:ab:19:e1:45:8a:25:6b:19:ee:
-        e5:bb:12:f5:7f:f7:a6:8d:51:c3:f0:9d:74:b7:a9:3e:a0:a5:
-        ff:b6:49:03:13:da:22:cc:ed:71:82:2b:99:cf:3a:b7:f5:2d:
-        72:c8
-
-ValiCert Class 2 VA
-===================
-MD5 Fingerprint: A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
-BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
-aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
-9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
-NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
-azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
-YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
-Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
-cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
-dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
-WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
-v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
-UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
-IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
-W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
-        Validity
-            Not Before: Jun 26 00:19:54 1999 GMT
-            Not After : Jun 26 00:19:54 2019 GMT
-        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ce:3a:71:ca:e5:ab:c8:59:92:55:d7:ab:d8:74:
-                    0e:f9:ee:d9:f6:55:47:59:65:47:0e:05:55:dc:eb:
-                    98:36:3c:5c:53:5d:d3:30:cf:38:ec:bd:41:89:ed:
-                    25:42:09:24:6b:0a:5e:b3:7c:dd:52:2d:4c:e6:d4:
-                    d6:7d:5a:59:a9:65:d4:49:13:2d:24:4d:1c:50:6f:
-                    b5:c1:85:54:3b:fe:71:e4:d3:5c:42:f9:80:e0:91:
-                    1a:0a:5b:39:36:67:f3:3f:55:7c:1b:3f:b4:5f:64:
-                    73:34:e3:b4:12:bf:87:64:f8:da:12:ff:37:27:c1:
-                    b3:43:bb:ef:7b:6e:2e:69:f7
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        3b:7f:50:6f:6f:50:94:99:49:62:38:38:1f:4b:f8:a5:c8:3e:
-        a7:82:81:f6:2b:c7:e8:c5:ce:e8:3a:10:82:cb:18:00:8e:4d:
-        bd:a8:58:7f:a1:79:00:b5:bb:e9:8d:af:41:d9:0f:34:ee:21:
-        81:19:a0:32:49:28:f4:c4:8e:56:d5:52:33:fd:50:d5:7e:99:
-        6c:03:e4:c9:4c:fc:cb:6c:ab:66:b3:4a:21:8c:e5:b5:0c:32:
-        3e:10:b2:cc:6c:a1:dc:9a:98:4c:02:5b:f3:ce:b9:9e:a5:72:
-        0e:4a:b7:3f:3c:e6:16:68:f8:be:ed:74:4c:bc:5b:d5:62:1f:
-        43:dd
-
-ValiCert Class 3 VA
-===================
-MD5 Fingerprint: A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
-BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
-aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
-9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
-NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
-azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
-YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
-Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
-cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
-cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
-2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
-JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
-Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
-n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
-PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
-        Validity
-            Not Before: Jun 26 00:22:33 1999 GMT
-            Not After : Jun 26 00:22:33 2019 GMT
-        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e3:98:51:96:1c:e8:d5:b1:06:81:6a:57:c3:72:
-                    75:93:ab:cf:9e:a6:fc:f3:16:52:d6:2d:4d:9f:35:
-                    44:a8:2e:04:4d:07:49:8a:38:29:f5:77:37:e7:b7:
-                    ab:5d:df:36:71:14:99:8f:dc:c2:92:f1:e7:60:92:
-                    97:ec:d8:48:dc:bf:c1:02:20:c6:24:a4:28:4c:30:
-                    5a:76:6d:b1:5c:f3:dd:de:9e:10:71:a1:88:c7:5b:
-                    9b:41:6d:ca:b0:b8:8e:15:ee:ad:33:2b:cf:47:04:
-                    5c:75:71:0a:98:24:98:29:a7:49:59:a5:dd:f8:b7:
-                    43:62:61:f3:d3:e2:d0:55:3f
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        56:bb:02:58:84:67:08:2c:df:1f:db:7b:49:33:f5:d3:67:9d:
-        f4:b4:0a:10:b3:c9:c5:2c:e2:92:6a:71:78:27:f2:70:83:42:
-        d3:3e:cf:a9:54:f4:f1:d8:92:16:8c:d1:04:cb:4b:ab:c9:9f:
-        45:ae:3c:8a:a9:b0:71:33:5d:c8:c5:57:df:af:a8:35:b3:7f:
-        89:87:e9:e8:25:92:b8:7f:85:7a:ae:d6:bc:1e:37:58:2a:67:
-        c9:91:cf:2a:81:3e:ed:c6:39:df:c0:3e:19:9c:19:cc:13:4d:
-        82:41:b5:8c:de:e0:3d:60:08:20:0f:45:7e:6b:a2:7f:a3:8c:
-        15:ee
-
-VeriSign Class 4 Primary CA
-===========================
-MD5 Fingerprint: 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            02:a6:00:00:01
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
-        Validity
-            Not Before: Jan 29 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 1999 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d0:b2:75:f6:78:d0:ae:5a:50:f4:e9:50:a9:9f:
-                    8c:d7:ef:91:94:70:e8:d2:24:90:76:89:85:d6:df:
-                    ac:e6:01:17:32:80:f0:9d:93:47:bc:9a:65:9d:1f:
-                    97:ae:bf:e9:86:75:63:20:89:bd:80:58:9d:04:0c:
-                    9d:a8:c1:24:e9:0b:e5:31:78:bd:fc:2d:0c:37:6a:
-                    9e:78:80:e9:46:75:f9:ed:a3:fb:13:7b:c8:c1:4c:
-                    d2:a3:ef:f5:3c:b0:62:8f:4a:5d:3b:dd:95:67:8f:
-                    13:b9:c1:3c:d6:a7:26:9b:ec:c3:3b:7a:d9:4d:bc:
-                    6d:9b:e8:15:01:e3:f0:47:a9
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        53:dd:d3:f0:9c:24:7e:40:aa:e2:fc:00:1a:d7:da:0c:fc:32:
-        61:b8:15:0d:96:f3:fa:57:1b:7f:33:7c:af:e9:98:9a:61:c8:
-        7a:b3:b7:ff:b1:dc:99:83:dc:ac:12:fc:70:c9:1f:38:42:ed:
-        44:f6:80:2e:5b:6b:33:69:ac:9c:d3:5c:e7:5f:5a:18:c7:b1:
-        2d:79:04:96:41:91:99:41:b1:3c:0d:ba:84:39:c6:3b:97:f0:
-        26:c9:8e:ee:bd:cc:42:95:ff:1e:c7:02:3f:54:0c:78:f5:bc:
-        aa:60:7c:02:69:e8:dc:ac:e2:02:76:61:c4:3e:03:ea:d2:8a:
-        24:d1
-
-Verisign Class 1 Public Primary Certification Authority
-=======================================================
-MD5 Fingerprint: 97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N
-H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR
-4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo
-EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5
-FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx
-lA==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
-        Validity
-            Not Before: Jan 29 00:00:00 1996 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e5:19:bf:6d:a3:56:61:2d:99:48:71:f6:67:de:
-                    b9:8d:eb:b7:9e:86:80:0a:91:0e:fa:38:25:af:46:
-                    88:82:e5:73:a8:a0:9b:24:5d:0d:1f:cc:65:6e:0c:
-                    b0:d0:56:84:18:87:9a:06:9b:10:a1:73:df:b4:58:
-                    39:6b:6e:c1:f6:15:d5:a8:a8:3f:aa:12:06:8d:31:
-                    ac:7f:b0:34:d7:8f:34:67:88:09:cd:14:11:e2:4e:
-                    45:56:69:1f:78:02:80:da:dc:47:91:29:bb:36:c9:
-                    63:5c:c5:e0:d7:2d:87:7b:a1:b7:32:b0:7b:30:ba:
-                    2a:2f:31:aa:ee:a3:67:da:db
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        4c:3f:b8:8b:c6:68:df:ee:43:33:0e:5d:e9:a6:cb:07:84:4d:
-        7a:33:ff:92:1b:f4:36:ad:d8:95:22:36:68:11:6c:7c:42:cc:
-        f3:9c:2e:c4:07:3f:14:b0:0f:4f:ff:90:92:76:f9:e2:bc:4a:
-        e9:8f:cd:a0:80:0a:f7:c5:29:f1:82:22:5d:b8:b1:dd:81:23:
-        a3:7b:25:15:46:30:79:16:f8:ea:05:4b:94:7f:1d:c2:1c:c8:
-        e3:b7:f4:10:40:3c:13:c3:5f:1f:53:e8:48:e4:86:b4:7b:a1:
-        35:b0:7b:25:ba:b8:d3:8e:ab:3f:38:9d:00:34:00:98:f3:d1:
-        71:94
-
-Verisign Class 1 Public Primary Certification Authority - G2
-============================================================
-MD5 Fingerprint: F2:7D:E9:54:E4:A3:22:0D:76:9F:E7:0B:BB:B3:24:2B
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEDnKVIn+UCIy/jLZ2/sbhBkwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
-MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
-DTk4MDUxODAwMDAwMFoXDTE4MDUxODIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
-YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK
-VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm
-Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID
-AQABMA0GCSqGSIb3DQEBBQUAA4GBAIv3GhDOdlwHq4OZ3BeAbzQ5XZg+a3Is4cei
-e0ApuXiIukzFo2penm574/ICQQxmvq37rqIUzpLzojSLtLK2JPLl1eDI5WJthHvL
-vrsDi3xXyvA3qZCviu4Dvh0onNkmdqDNxJ1O8K4HFtW+r1cIatCgQkJCHvQgzKV4
-gpUmOIpH
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            39:ca:54:89:fe:50:22:32:fe:32:d9:db:fb:1b:84:19
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : May 18 23:59:59 2018 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:aa:d0:ba:be:16:2d:b8:83:d4:ca:d2:0f:bc:76:
-                    31:ca:94:d8:1d:93:8c:56:02:bc:d9:6f:1a:6f:52:
-                    36:6e:75:56:0a:55:d3:df:43:87:21:11:65:8a:7e:
-                    8f:bd:21:de:6b:32:3f:1b:84:34:95:05:9d:41:35:
-                    eb:92:eb:96:dd:aa:59:3f:01:53:6d:99:4f:ed:e5:
-                    e2:2a:5a:90:c1:b9:c4:a6:15:cf:c8:45:eb:a6:5d:
-                    8e:9c:3e:f0:64:24:76:a5:cd:ab:1a:6f:b6:d8:7b:
-                    51:61:6e:a6:7f:87:c8:e2:b7:e5:34:dc:41:88:ea:
-                    09:40:be:73:92:3d:6b:e7:75
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:f7:1a:10:ce:76:5c:07:ab:83:99:dc:17:80:6f:34:39:5d:
-        98:3e:6b:72:2c:e1:c7:a2:7b:40:29:b9:78:88:ba:4c:c5:a3:
-        6a:5e:9e:6e:7b:e3:f2:02:41:0c:66:be:ad:fb:ae:a2:14:ce:
-        92:f3:a2:34:8b:b4:b2:b6:24:f2:e5:d5:e0:c8:e5:62:6d:84:
-        7b:cb:be:bb:03:8b:7c:57:ca:f0:37:a9:90:af:8a:ee:03:be:
-        1d:28:9c:d9:26:76:a0:cd:c4:9d:4e:f0:ae:07:16:d5:be:af:
-        57:08:6a:d0:a0:42:42:42:1e:f4:20:cc:a5:78:82:95:26:38:
-        8a:47
-
-Verisign Class 1 Public Primary Certification Authority - G3
-============================================================
-MD5 Fingerprint: B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
-cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
-LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
-aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
-aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
-bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
-IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
-LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4
-nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO
-8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV
-ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb
-PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
-6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr
-n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a
-qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4
-wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3
-ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs
-pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4
-E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
-        Validity
-            Not Before: Oct  1 00:00:00 1999 GMT
-            Not After : Jul 16 23:59:59 2036 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:dd:84:d4:b9:b4:f9:a7:d8:f3:04:78:9c:de:3d:
-                    dc:6c:13:16:d9:7a:dd:24:51:66:c0:c7:26:59:0d:
-                    ac:06:08:c2:94:d1:33:1f:f0:83:35:1f:6e:1b:c8:
-                    de:aa:6e:15:4e:54:27:ef:c4:6d:1a:ec:0b:e3:0e:
-                    f0:44:a5:57:c7:40:58:1e:a3:47:1f:71:ec:60:f6:
-                    6d:94:c8:18:39:ed:fe:42:18:56:df:e4:4c:49:10:
-                    78:4e:01:76:35:63:12:36:dd:66:bc:01:04:36:a3:
-                    55:68:d5:a2:36:09:ac:ab:21:26:54:06:ad:3f:ca:
-                    14:e0:ac:ca:ad:06:1d:95:e2:f8:9d:f1:e0:60:ff:
-                    c2:7f:75:2b:4c:cc:da:fe:87:99:21:ea:ba:fe:3e:
-                    54:d7:d2:59:78:db:3c:6e:cf:a0:13:00:1a:b8:27:
-                    a1:e4:be:67:96:ca:a0:c5:b3:9c:dd:c9:75:9e:eb:
-                    30:9a:5f:a3:cd:d9:ae:78:19:3f:23:e9:5c:db:29:
-                    bd:ad:55:c8:1b:54:8c:63:f6:e8:a6:ea:c7:37:12:
-                    5c:a3:29:1e:02:d9:db:1f:3b:b4:d7:0f:56:47:81:
-                    15:04:4a:af:83:27:d1:c5:58:88:c1:dd:f6:aa:a7:
-                    a3:18:da:68:aa:6d:11:51:e1:bf:65:6b:9f:96:76:
-                    d1:3d
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        ab:66:8d:d7:b3:ba:c7:9a:b6:e6:55:d0:05:f1:9f:31:8d:5a:
-        aa:d9:aa:46:26:0f:71:ed:a5:ad:53:56:62:01:47:2a:44:e9:
-        fe:3f:74:0b:13:9b:b9:f4:4d:1b:b2:d1:5f:b2:b6:d2:88:5c:
-        b3:9f:cd:cb:d4:a7:d9:60:95:84:3a:f8:c1:37:1d:61:ca:e7:
-        b0:c5:e5:91:da:54:a6:ac:31:81:ae:97:de:cd:08:ac:b8:c0:
-        97:80:7f:6e:72:a4:e7:69:13:95:65:1f:c4:93:3c:fd:79:8f:
-        04:d4:3e:4f:ea:f7:9e:ce:cd:67:7c:4f:65:02:ff:91:85:54:
-        73:c7:ff:36:f7:86:2d:ec:d0:5e:4f:ff:11:9f:72:06:d6:b8:
-        1a:f1:4c:0d:26:65:e2:44:80:1e:c7:9f:e3:dd:e8:0a:da:ec:
-        a5:20:80:69:68:a1:4f:7e:e1:6b:cf:07:41:fa:83:8e:bc:38:
-        dd:b0:2e:11:b1:6b:b2:42:cc:9a:bc:f9:48:22:79:4a:19:0f:
-        b2:1c:3e:20:74:d9:6a:c3:be:f2:28:78:13:56:79:4f:6d:50:
-        ea:1b:b0:b5:57:b1:37:66:58:23:f3:dc:0f:df:0a:87:c4:ef:
-        86:05:d5:38:14:60:99:a3:4b:de:06:96:71:2c:f2:db:b6:1f:
-        a4:ef:3f:ee
-
-Verisign Class 2 Public Primary Certification Authority
-=======================================================
-MD5 Fingerprint: B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh
-YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7
-FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg
-J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc
-r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
-        Validity
-            Not Before: Jan 29 00:00:00 1996 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b6:5a:8b:a3:0d:6a:23:83:80:6b:cf:39:87:f4:
-                    21:13:33:06:4c:25:a2:ed:55:12:97:c5:a7:80:b9:
-                    fa:83:c1:20:a0:fa:2f:15:0d:7c:a1:60:6b:7e:79:
-                    2c:fa:06:0f:3a:ae:f6:1b:6f:b1:d2:ff:2f:28:52:
-                    5f:83:7d:4b:c4:7a:b7:f8:66:1f:80:54:fc:b7:c2:
-                    8e:59:4a:14:57:46:d1:9a:93:be:41:91:03:bb:15:
-                    80:93:5c:eb:e7:cc:08:6c:3f:3e:b3:4a:fc:ff:4b:
-                    6c:23:d5:50:82:26:44:19:8e:23:c3:71:ea:19:24:
-                    47:04:9e:75:bf:c8:a6:00:1f
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        8a:1b:2b:fa:39:c1:74:d7:5e:d8:19:64:a2:58:4a:2d:37:e0:
-        33:47:0f:ac:ed:f7:aa:db:1e:e4:8b:06:5c:60:27:ca:45:52:
-        ce:16:ef:3f:06:64:e7:94:68:7c:60:33:15:11:69:af:9d:62:
-        8d:a3:03:54:6b:a6:be:e5:ee:05:18:60:04:bf:42:80:fd:d0:
-        a8:a8:1e:01:3b:f7:a3:5c:af:a3:dc:e6:26:80:23:3c:b8:44:
-        74:f7:0a:ae:49:8b:61:78:cc:24:bf:88:8a:a7:0e:ea:73:19:
-        41:fd:4d:03:f0:88:d1:e5:78:8d:a5:2a:4f:f6:97:0d:17:77:
-        ca:d8
-
-Verisign Class 2 Public Primary Certification Authority - G2
-============================================================
-MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns
-YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
-MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y
-aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe
-Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX
-MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj
-IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx
-KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
-eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM
-HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw
-DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC
-AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji
-nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
-rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn
-jBJ7xUS0rg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a7:88:01:21:74:2c:e7:1a:03:f0:98:e1:97:3c:
-                    0f:21:08:f1:9c:db:97:e9:9a:fc:c2:04:06:13:be:
-                    5f:52:c8:cc:1e:2c:12:56:2c:b8:01:69:2c:cc:99:
-                    1f:ad:b0:96:ae:79:04:f2:13:39:c1:7b:98:ba:08:
-                    2c:e8:c2:84:13:2c:aa:69:e9:09:f4:c7:a9:02:a4:
-                    42:c2:23:4f:4a:d8:f0:0e:a2:fb:31:6c:c9:e6:6f:
-                    99:27:07:f5:e6:f4:4c:78:9e:6d:eb:46:86:fa:b9:
-                    86:c9:54:f2:b2:c4:af:d4:46:1c:5a:c9:15:30:ff:
-                    0d:6c:f5:2d:0e:6d:ce:7f:77
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        72:2e:f9:7f:d1:f1:71:fb:c4:9e:f6:c5:5e:51:8a:40:98:b8:
-        68:f8:9b:1c:83:d8:e2:9d:bd:ff:ed:a1:e6:66:ea:2f:09:f4:
-        ca:d7:ea:a5:2b:95:f6:24:60:86:4d:44:2e:83:a5:c4:2d:a0:
-        d3:ae:78:69:6f:72:da:6c:ae:08:f0:63:92:37:e6:bb:c4:30:
-        17:ad:77:cc:49:35:aa:cf:d8:8f:d1:be:b7:18:96:47:73:6a:
-        54:22:34:64:2d:b6:16:9b:59:5b:b4:51:59:3a:b3:0b:14:f4:
-        12:df:67:a0:f4:ad:32:64:5e:b1:46:72:27:8c:12:7b:c5:44:
-        b4:ae
-
-Verisign Class 2 Public Primary Certification Authority - G3
-============================================================
-MD5 Fingerprint: F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
-aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s
-IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
-Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV
-BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
-Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g
-Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
-IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU
-J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO
-JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY
-wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o
-koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
-qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E
-Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe
-xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u
-7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU
-sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI
-sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP
-cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
-        Validity
-            Not Before: Oct  1 00:00:00 1999 GMT
-            Not After : Jul 16 23:59:59 2036 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:af:0a:0d:c2:d5:2c:db:67:b9:2d:e5:94:27:dd:
-                    a5:be:e0:b0:4d:8f:b3:61:56:3c:d6:7c:c3:f4:cd:
-                    3e:86:cb:a2:88:e2:e1:d8:a4:69:c5:b5:e2:bf:c1:
-                    a6:47:50:5e:46:39:8b:d5:96:ba:b5:6f:14:bf:10:
-                    ce:27:13:9e:05:47:9b:31:7a:13:d8:1f:d9:d3:02:
-                    37:8b:ad:2c:47:f0:8e:81:06:a7:0d:30:0c:eb:f7:
-                    3c:0f:20:1d:dc:72:46:ee:a5:02:c8:5b:c3:c9:56:
-                    69:4c:c5:18:c1:91:7b:0b:d5:13:00:9b:bc:ef:c3:
-                    48:3e:46:60:20:85:2a:d5:90:b6:cd:8b:a0:cc:32:
-                    dd:b7:fd:40:55:b2:50:1c:56:ae:cc:8d:77:4d:c7:
-                    20:4d:a7:31:76:ef:68:92:8a:90:1e:08:81:56:b2:
-                    ad:69:a3:52:d0:cb:1c:c4:23:3d:1f:99:fe:4c:e8:
-                    16:63:8e:c6:08:8e:f6:31:f6:d2:fa:e5:76:dd:b5:
-                    1c:92:a3:49:cd:cd:01:cd:68:cd:a9:69:ba:a3:eb:
-                    1d:0d:9c:a4:20:a6:c1:a0:c5:d1:46:4c:17:6d:d2:
-                    ac:66:3f:96:8c:e0:84:d4:36:ff:22:59:c5:f9:11:
-                    60:a8:5f:04:7d:f2:1a:f6:25:42:61:0f:c4:4a:b8:
-                    3e:89
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        34:26:15:3c:c0:8d:4d:43:49:1d:bd:e9:21:92:d7:66:9c:b7:
-        de:c5:b8:d0:e4:5d:5f:76:22:c0:26:f9:84:3a:3a:f9:8c:b5:
-        fb:ec:60:f1:e8:ce:04:b0:c8:dd:a7:03:8f:30:f3:98:df:a4:
-        e6:a4:31:df:d3:1c:0b:46:dc:72:20:3f:ae:ee:05:3c:a4:33:
-        3f:0b:39:ac:70:78:73:4b:99:2b:df:30:c2:54:b0:a8:3b:55:
-        a1:fe:16:28:cd:42:bd:74:6e:80:db:27:44:a7:ce:44:5d:d4:
-        1b:90:98:0d:1e:42:94:b1:00:2c:04:d0:74:a3:02:05:22:63:
-        63:cd:83:b5:fb:c1:6d:62:6b:69:75:fd:5d:70:41:b9:f5:bf:
-        7c:df:be:c1:32:73:22:21:8b:58:81:7b:15:91:7a:ba:e3:64:
-        48:b0:7f:fb:36:25:da:95:d0:f1:24:14:17:dd:18:80:6b:46:
-        23:39:54:f5:8e:62:09:04:1d:94:90:a6:9b:e6:25:e2:42:45:
-        aa:b8:90:ad:be:08:8f:a9:0b:42:18:94:cf:72:39:e1:b1:43:
-        e0:28:cf:b7:e7:5a:6c:13:6b:49:b3:ff:e3:18:7c:89:8b:33:
-        5d:ac:33:d7:a7:f9:da:3a:55:c9:58:10:f9:aa:ef:5a:b6:cf:
-        4b:4b:df:2a
-
-Verisign Class 3 Public Primary Certification Authority
-=======================================================
-MD5 Fingerprint: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
-lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
-AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-        Validity
-            Not Before: Jan 29 00:00:00 1996 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:
-                    db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:
-                    11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:
-                    1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2:
-                    63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f:
-                    42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23:
-                    5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85:
-                    e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2:
-                    71:64:4c:65:2e:81:68:45:a7
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        bb:4c:12:2b:cf:2c:26:00:4f:14:13:dd:a6:fb:fc:0a:11:84:
-        8c:f3:28:1c:67:92:2f:7c:b6:c5:fa:df:f0:e8:95:bc:1d:8f:
-        6c:2c:a8:51:cc:73:d8:a4:c0:53:f0:4e:d6:26:c0:76:01:57:
-        81:92:5e:21:f1:d1:b1:ff:e7:d0:21:58:cd:69:17:e3:44:1c:
-        9c:19:44:39:89:5c:dc:9c:00:0f:56:8d:02:99:ed:a2:90:45:
-        4c:e4:bb:10:a4:3d:f0:32:03:0e:f1:ce:f8:e8:c9:51:8c:e6:
-        62:9f:e6:9f:c0:7d:b7:72:9c:c9:36:3a:6b:9f:4e:a8:ff:64:
-        0d:64
-
-Verisign Class 3 Public Primary Certification Authority - G2
-============================================================
-MD5 Fingerprint: A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
-MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
-DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
-YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
-pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
-13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
-AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
-U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
-F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
-oJ2daZH9
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99:
-                    1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20:
-                    84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9:
-                    25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b:
-                    33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8:
-                    6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43:
-                    91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97:
-                    37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69:
-                    61:f8:9b:1d:1c:89:4f:5c:67
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67:
-        70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b:
-        64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27:
-        3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01:
-        ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69:
-        92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59:
-        57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69:
-        91:fd
-
-Verisign Class 3 Public Primary Certification Authority - G3
-============================================================
-MD5 Fingerprint: CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
-cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
-LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
-aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
-aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
-bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
-IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
-LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
-N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
-KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
-kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
-CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
-Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
-imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
-2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
-DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
-/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
-F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
-TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
-        Validity
-            Not Before: Oct  1 00:00:00 1999 GMT
-            Not After : Jul 16 23:59:59 2036 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:cb:ba:9c:52:fc:78:1f:1a:1e:6f:1b:37:73:bd:
-                    f8:c9:6b:94:12:30:4f:f0:36:47:f5:d0:91:0a:f5:
-                    17:c8:a5:61:c1:16:40:4d:fb:8a:61:90:e5:76:20:
-                    c1:11:06:7d:ab:2c:6e:a6:f5:11:41:8e:fa:2d:ad:
-                    2a:61:59:a4:67:26:4c:d0:e8:bc:52:5b:70:20:04:
-                    58:d1:7a:c9:a4:69:bc:83:17:64:ad:05:8b:bc:d0:
-                    58:ce:8d:8c:f5:eb:f0:42:49:0b:9d:97:27:67:32:
-                    6e:e1:ae:93:15:1c:70:bc:20:4d:2f:18:de:92:88:
-                    e8:6c:85:57:11:1a:e9:7e:e3:26:11:54:a2:45:96:
-                    55:83:ca:30:89:e8:dc:d8:a3:ed:2a:80:3f:7f:79:
-                    65:57:3e:15:20:66:08:2f:95:93:bf:aa:47:2f:a8:
-                    46:97:f0:12:e2:fe:c2:0a:2b:51:e6:76:e6:b7:46:
-                    b7:e2:0d:a6:cc:a8:c3:4c:59:55:89:e6:e8:53:5c:
-                    1c:ea:9d:f0:62:16:0b:a7:c9:5f:0c:f0:de:c2:76:
-                    ce:af:f7:6a:f2:fa:41:a6:a2:33:14:c9:e5:7a:63:
-                    d3:9e:62:37:d5:85:65:9e:0e:e6:53:24:74:1b:5e:
-                    1d:12:53:5b:c7:2c:e7:83:49:3b:15:ae:8a:68:b9:
-                    57:97
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        11:14:96:c1:ab:92:08:f7:3f:2f:c9:b2:fe:e4:5a:9f:64:de:
-        db:21:4f:86:99:34:76:36:57:dd:d0:15:2f:c5:ad:7f:15:1f:
-        37:62:73:3e:d4:e7:5f:ce:17:03:db:35:fa:2b:db:ae:60:09:
-        5f:1e:5f:8f:6e:bb:0b:3d:ea:5a:13:1e:0c:60:6f:b5:c0:b5:
-        23:22:2e:07:0b:cb:a9:74:cb:47:bb:1d:c1:d7:a5:6b:cc:2f:
-        d2:42:fd:49:dd:a7:89:cf:53:ba:da:00:5a:28:bf:82:df:f8:
-        ba:13:1d:50:86:82:fd:8e:30:8f:29:46:b0:1e:3d:35:da:38:
-        62:16:18:4a:ad:e6:b6:51:6c:de:af:62:eb:01:d0:1e:24:fe:
-        7a:8f:12:1a:12:68:b8:fb:66:99:14:14:45:5c:ae:e7:ae:69:
-        17:81:2b:5a:37:c9:5e:2a:f4:c6:e2:a1:5c:54:9b:a6:54:00:
-        cf:f0:f1:c1:c7:98:30:1a:3b:36:16:db:a3:6e:ea:fd:ad:b2:
-        c2:da:ef:02:47:13:8a:c0:f1:b3:31:ad:4f:1c:e1:4f:9c:af:
-        0f:0c:9d:f7:78:0d:d8:f4:35:56:80:da:b7:6d:17:8f:9d:1e:
-        81:64:e1:fe:c5:45:ba:ad:6b:b9:0a:7a:4e:4f:4b:84:ee:4b:
-        f1:7d:dd:11
-
-Verisign Class 4 Public Primary Certification Authority - G2
-============================================================
-MD5 Fingerprint: 26:6D:2C:19:98:B6:70:68:38:50:54:19:EC:90:34:60
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
-MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
-DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
-YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM
-HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK
-qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID
-AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj
-cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
-cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP
-T8qAkbYp
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ba:f0:e4:cf:f9:c4:ae:85:54:b9:07:57:f9:8f:
-                    c5:7f:68:11:f8:c4:17:b0:44:dc:e3:30:73:d5:2a:
-                    62:2a:b8:d0:cc:1c:ed:28:5b:7e:bd:6a:dc:b3:91:
-                    24:ca:41:62:3c:fc:02:01:bf:1c:16:31:94:05:97:
-                    76:6e:a2:ad:bd:61:17:6c:4e:30:86:f0:51:37:2a:
-                    50:c7:a8:62:81:dc:5b:4a:aa:c1:a0:b4:6e:eb:2f:
-                    e5:57:c5:b1:2b:40:70:db:5a:4d:a1:8e:1f:bd:03:
-                    1f:d8:03:d4:8f:4c:99:71:bc:e2:82:cc:58:e8:98:
-                    3a:86:d3:86:38:f3:00:29:1f
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        85:8c:12:c1:a7:b9:50:15:7a:cb:3e:ac:b8:43:8a:dc:aa:dd:
-        14:ba:89:81:7e:01:3c:23:71:21:88:2f:82:dc:63:fa:02:45:
-        ac:45:59:d7:2a:58:44:5b:b7:9f:81:3b:92:68:3d:e2:37:24:
-        f5:7b:6c:8f:76:35:96:09:a8:59:9d:b9:ce:23:ab:74:d6:83:
-        fd:32:73:27:d8:69:3e:43:74:f6:ae:c5:89:9a:e7:53:7c:e9:
-        7b:f6:4b:f3:c1:65:83:de:8d:8a:9c:3c:88:8d:39:59:fc:aa:
-        3f:22:8d:a1:c1:66:50:81:72:4c:ed:22:64:4f:4f:ca:80:91:
-        b6:29
-
-Verisign Class 4 Public Primary Certification Authority - G3
-============================================================
-MD5 Fingerprint: DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
-cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
-LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
-aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
-aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
-bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
-IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
-LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
-GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
-+mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
-U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
-NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
-ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
-ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
-CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
-g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
-fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
-2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
-bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
-        Validity
-            Not Before: Oct  1 00:00:00 1999 GMT
-            Not After : Jul 16 23:59:59 2036 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ad:cb:a5:11:69:c6:59:ab:f1:8f:b5:19:0f:56:
-                    ce:cc:b5:1f:20:e4:9e:26:25:4b:e0:73:65:89:59:
-                    de:d0:83:e4:f5:0f:b5:bb:ad:f1:7c:e8:21:fc:e4:
-                    e8:0c:ee:7c:45:22:19:76:92:b4:13:b7:20:5b:09:
-                    fa:61:ae:a8:f2:a5:8d:85:c2:2a:d6:de:66:36:d2:
-                    9b:02:f4:a8:92:60:7c:9c:69:b4:8f:24:1e:d0:86:
-                    52:f6:32:9c:41:58:1e:22:bd:cd:45:62:95:08:6e:
-                    d0:66:dd:53:a2:cc:f0:10:dc:54:73:8b:04:a1:46:
-                    33:33:5c:17:40:b9:9e:4d:d3:f3:be:55:83:e8:b1:
-                    89:8e:5a:7c:9a:96:22:90:3b:88:25:f2:d2:53:88:
-                    02:0c:0b:78:f2:e6:37:17:4b:30:46:07:e4:80:6d:
-                    a6:d8:96:2e:e8:2c:f8:11:b3:38:0d:66:a6:9b:ea:
-                    c9:23:5b:db:8e:e2:f3:13:8e:1a:59:2d:aa:02:f0:
-                    ec:a4:87:66:dc:c1:3f:f5:d8:b9:f4:ec:82:c6:d2:
-                    3d:95:1d:e5:c0:4f:84:c9:d9:a3:44:28:06:6a:d7:
-                    45:ac:f0:6b:6a:ef:4e:5f:f8:11:82:1e:38:63:34:
-                    66:50:d4:3e:93:73:fa:30:c3:66:ad:ff:93:2d:97:
-                    ef:03
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        8f:fa:25:6b:4f:5b:e4:a4:4e:27:55:ab:22:15:59:3c:ca:b5:
-        0a:d4:4a:db:ab:dd:a1:5f:53:c5:a0:57:39:c2:ce:47:2b:be:
-        3a:c8:56:bf:c2:d9:27:10:3a:b1:05:3c:c0:77:31:bb:3a:d3:
-        05:7b:6d:9a:1c:30:8c:80:cb:93:93:2a:83:ab:05:51:82:02:
-        00:11:67:6b:f3:88:61:47:5f:03:93:d5:5b:0d:e0:f1:d4:a1:
-        32:35:85:b2:3a:db:b0:82:ab:d1:cb:0a:bc:4f:8c:5b:c5:4b:
-        00:3b:1f:2a:82:a6:7e:36:85:dc:7e:3c:67:00:b5:e4:3b:52:
-        e0:a8:eb:5d:15:f9:c6:6d:f0:ad:1d:0e:85:b7:a9:9a:73:14:
-        5a:5b:8f:41:28:c0:d5:e8:2d:4d:a4:5e:cd:aa:d9:ed:ce:dc:
-        d8:d5:3c:42:1d:17:c1:12:5d:45:38:c3:38:f3:fc:85:2e:83:
-        46:48:b2:d7:20:5f:92:36:8f:e7:79:0f:98:5e:99:e8:f0:d0:
-        a4:bb:f5:53:bd:2a:ce:59:b0:af:6e:7f:6c:bb:d2:1e:00:b0:
-        21:ed:f8:41:62:82:b9:d8:b2:c4:bb:46:50:f3:31:c5:8f:01:
-        a8:74:eb:f5:78:27:da:e7:f7:66:43:f3:9e:83:3e:20:aa:c3:
-        35:60:91:ce
-
-Verisign/RSA Commercial CA
-==========================
-MD5 Fingerprint: 5A:0B:DD:42:9E:B2:B4:62:97:32:7F:7F:0A:AA:9A:39
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            02:41:00:00:16
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority
-        Validity
-            Not Before: Nov  4 18:58:34 1994 GMT
-            Not After : Nov  3 18:58:34 1999 GMT
-        Subject: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1000 bit)
-                Modulus (1000 bit):
-                    00:a4:fb:81:62:7b:ce:10:27:dd:e8:f7:be:6c:6e:
-                    c6:70:99:db:b8:d5:05:03:69:28:82:9c:72:7f:96:
-                    3f:8e:ec:ac:29:92:3f:8a:14:f8:42:76:be:bd:5d:
-                    03:b9:90:d4:d0:bc:06:b2:51:33:5f:c4:c2:bf:b6:
-                    8b:8f:99:b6:62:22:60:dd:db:df:20:82:b4:ca:a2:
-                    2f:2d:50:ed:94:32:de:e0:55:8d:d4:68:e2:e0:4c:
-                    d2:cd:05:16:2e:95:66:5c:61:52:38:1e:51:a8:82:
-                    a1:c4:ef:25:e9:0a:e6:8b:2b:8e:31:66:d9:f8:d9:
-                    fd:bd:3b:69:d9:eb
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        76:b5:b6:10:fe:23:f7:f7:59:62:4b:b0:5f:9c:c1:68:bc:49:
-        bb:b3:49:6f:21:47:5d:2b:9d:54:c4:00:28:3f:98:b9:f2:8a:
-        83:9b:60:7f:eb:50:c7:ab:05:10:2d:3d:ed:38:02:c1:a5:48:
-        d2:fe:65:a0:c0:bc:ea:a6:23:16:66:6c:1b:24:a9:f3:ec:79:
-        35:18:4f:26:c8:e3:af:50:4a:c7:a7:31:6b:d0:7c:18:9d:50:
-        bf:a9:26:fa:26:2b:46:9c:14:a9:bb:5b:30:98:42:28:b5:4b:
-        53:bb:43:09:92:40:ba:a8:aa:5a:a4:c6:b6:8b:57:4d:c5
-
-Verisign/RSA Secure Server CA
-=============================
-MD5 Fingerprint: 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
-PEM Data:
------BEGIN CERTIFICATE-----
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: Nov  9 00:00:00 1994 GMT
-            Not After : Jan  7 23:59:59 2010 GMT
-        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1000 bit)
-                Modulus (1000 bit):
-                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
-                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
-                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
-                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
-                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
-                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
-                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
-                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
-                    dd:2d:d6:c8:1e:7b
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
-        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
-        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
-        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
-        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
-        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
-        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
diff --git a/usr.sbin/httpd/conf/ssl.crt/server.crt b/usr.sbin/httpd/conf/ssl.crt/server.crt
deleted file mode 100644
index d50516d82ff..00000000000
--- a/usr.sbin/httpd/conf/ssl.crt/server.crt
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBqzCCARQCAQAwDQYJKoZIhvcNAQEEBQAwHjELMAkGA1UEBhMCQ0ExDzANBgNV
-BAgTBkNhbmFkYTAeFw0wMjAyMTExOTM5MzVaFw0wMzAyMTExOTM5MzVaMB4xCzAJ
-BgNVBAYTAkNBMQ8wDQYDVQQIEwZDYW5hZGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAPOttmU7QXSzgW3wgS8TE1srfBWrodZSW3BQ0qj4QhFVkxwfnc2Nvj6E
-zczBW3sei4I+dkW5iFOny2x2KxCIwZNuJHRp3eP5iULizL6oCdFVD8Q0LxM7gaBU
-0AezcOVpu/Olvcjz6r7lxA4t2zTtlcvldsYNepmNbxF/oTacnBNbAgMBAAEwDQYJ
-KoZIhvcNAQEEBQADgYEAblihB4VcdozNq22Gi9NpSnKSD0YVE+cJsCHEcL+mbVf+
-bintXEsm6VMh/XXHsF+liBGiqrXOqmKhfsCo3TIovc7I199v7SUwRBL9cQUrA/ns
-8t0MOcvZoWWf7srN6Qoet5a0BSfg6kfGH3k0SvAM8MaPqAeM5bFy76aORvQXTLE=
------END CERTIFICATE-----
diff --git a/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt b/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt
deleted file mode 100644
index 4f4aaf63084..00000000000
--- a/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEEzCCA8+gAwIBAgIBADALBgcqhkjOOAQDBQAwga8xCzAJBgNVBAYTAlhZMRUw
-EwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcTClNuYWtlIFRvd24xFzAVBgNV
-BAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtDZXJ0aWZpY2F0ZSBBdXRob3Jp
-dHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBDQTEeMBwGCSqGSIb3DQEJARYP
-Y2FAc25ha2VvaWwuZG9tMB4XDTk5MTAyMTE4MjkzN1oXDTAxMTAyMDE4MjkzN1ow
-ga8xCzAJBgNVBAYTAlhZMRUwEwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcT
-ClNuYWtlIFRvd24xFzAVBgNVBAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtD
-ZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBD
-QTEeMBwGCSqGSIb3DQEJARYPY2FAc25ha2VvaWwuZG9tMIIBtjCCASsGByqGSM44
-BAEwggEeAoGBAIufVdfx9oweG3NK2n3BjoFVM+4RT1ukyaGtvq+Bo1nLh1N7pVLz
-invAZ6mrkJCN84vgeN1r6DXbHO2jy7EGQIM73xeD2rzoJjjkdmT6robIY4tlI4Px
-xAfCHWhQ/rmzlPPTXw4UHOkjdsfF87pph6VZjOIOIUqnUGtR25r6krhJAhUA8sdJ
-X0VLPxnsgc6DVmvkfzahA6UCgYBZI9bJ9Vc8AXyHYYNv5x/3uTjhWQdn5HGl7waC
-GV8Gf0vcRJZRk04kx8MuWfLt1K1hT3xVNU16SJ1i5oGy/ISQWufLs0JSaK5pKdfh
-SO0UOQ2Ff2PlhsJEYuaxzzrkBPngpG7fU7b90ocujo2AU+KuKMfL30cngtFj1n0e
-RdXOzAOBhAACgYAsjVZYJl5pyLiRK+FfLF6dMI1BCRzyz3/EK4CLh1XjZ5IZCi6b
-dua9YTVwum4w8buOE86P2zC/9Z9tpEpn1Joqf68jgjmzPKNpaO2AiQQC5UkzGzpx
-EVagyIzL0FP+WIM0ABLodiyoDkmPydPpllQjnG/O9na5o4gkrgxsqNKQLKN6MHgw
-GgYDVR0RBBMwEYEPY2FAc25ha2VvaWwuZG9tMA8GA1UdEwQIMAYBAf8CAQAwNgYJ
-YIZIAYb4QgENBCkWJ21vZF9zc2wgZ2VuZXJhdGVkIGN1c3RvbSBDQSBjZXJ0aWZp
-Y2F0ZTARBglghkgBhvhCAQEEBAMCAgQwCwYHKoZIzjgEAwUAAzEAMC4CFQC/d4P2
-0mWRROo+DKuNJDnnjQ9NmQIVAKs5D8EhoYBwBm4IwOsuvd3YWoVa
------END CERTIFICATE-----
diff --git a/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt b/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt
deleted file mode 100644
index cc473b3fc9e..00000000000
--- a/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDRDCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
-FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
-A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
-cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
-bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTQ2WhcNMDExMDIwMTgyMTQ2WjCBqTEL
-MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
-a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRp
-ZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZI
-hvcNAQkBFg9jYUBzbmFrZW9pbC5kb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBANiTGAmWoiB2Qx3SbwFXwjbqU9ZwnfBE5Er1h1kNh487D782I8mcT/CzxmsH
-evK3heBKTEno+jB0y5p4+QShxryaMUUbRoOGfrlrVwc/dbwJQz7UNyqDlWnvnW4p
-TfdVd+8JlCpYFB23Z7bmpUV1Xy6VFKBahzIhzITaux1vvEPLAgMBAAGjejB4MBoG
-A1UdEQQTMBGBD2NhQHNuYWtlb2lsLmRvbTAPBgNVHRMECDAGAQH/AgEAMDYGCWCG
-SAGG+EIBDQQpFidtb2Rfc3NsIGdlbmVyYXRlZCBjdXN0b20gQ0EgY2VydGlmaWNh
-dGUwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBBAUAA4GBAImhzPY4PBRt
-PQbAQBAmHIBRcb69iTbFC+dghnVJQ3F549rZapY420kQDKQ6aCybPFmxJ/Rf27gY
-FuAuo+B8EEVX0lU8VUSEhYQedODnQ3skwcT02g4b33GkzH7ED2N9kaa6U65UUrcE
-KXJgz7tmAQHnTc9K1g2qIApIjnr3FrrJ
------END CERTIFICATE-----
diff --git a/usr.sbin/httpd/conf/ssl.crt/snakeoil-dsa.crt b/usr.sbin/httpd/conf/ssl.crt/snakeoil-dsa.crt
deleted file mode 100644
index 4b7b90ef0e7..00000000000
--- a/usr.sbin/httpd/conf/ssl.crt/snakeoil-dsa.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEAzCCA8GgAwIBAgIBATALBgcqhkjOOAQDBQAwga8xCzAJBgNVBAYTAlhZMRUw
-EwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcTClNuYWtlIFRvd24xFzAVBgNV
-BAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtDZXJ0aWZpY2F0ZSBBdXRob3Jp
-dHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBDQTEeMBwGCSqGSIb3DQEJARYP
-Y2FAc25ha2VvaWwuZG9tMB4XDTk5MTAyMTE4Mjk1MFoXDTAxMTAyMDE4Mjk1MFow
-ga0xCzAJBgNVBAYTAlhZMRUwEwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcT
-ClNuYWtlIFRvd24xFzAVBgNVBAoTDlNuYWtlIE9pbCwgTHRkMR0wGwYDVQQLExRX
-ZWJzZXJ2ZXIgVGVhbSAoRFNBKTEZMBcGA1UEAxMQd3d3LnNuYWtlb2lsLmRvbTEf
-MB0GCSqGSIb3DQEJARYQd3d3QHNuYWtlb2lsLmRvbTCCAbYwggErBgcqhkjOOAQB
-MIIBHgKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS84p7
-wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD8cQH
-wh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLHSV9F
-Sz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8Gghlf
-Bn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX4Ujt
-FDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9HkXV
-zswDgYQAAoGAcARR9kHyvPAuiSlt2ofunB0OA3qIpbcYutu1jeR3EC8JDxp/lrWE
-mYxubcOLaqqIJifiD9hf+RuhSNg0D+0A7yjXgFPI13Loo7lqNu0trG4ULV4GUU2b
-zoxp/PQQtJiB4B0DJCO789+ZsdUpJN1Tat3ocIRgryZb6Hor9ifF9iGjbjBsMBsG
-A1UdEQQUMBKBEHd3d0BzbmFrZW9pbC5kb20wOgYJYIZIAYb4QgENBC0WK21vZF9z
-c2wgZ2VuZXJhdGVkIGN1c3RvbSBzZXJ2ZXIgY2VydGlmaWNhdGUwEQYJYIZIAYb4
-QgEBBAQDAgZAMAsGByqGSM44BAMFAAMvADAsAhRXQ6Pm1pLo0Du/A7Lg1ILzncj5
-3gIUBHvNEBKuqJERC8Zt7LECsjmrVMM=
------END CERTIFICATE-----
diff --git a/usr.sbin/httpd/conf/ssl.crt/snakeoil-rsa.crt b/usr.sbin/httpd/conf/ssl.crt/snakeoil-rsa.crt
deleted file mode 100644
index 18747b9732a..00000000000
--- a/usr.sbin/httpd/conf/ssl.crt/snakeoil-rsa.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDNjCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
-FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
-A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
-cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
-bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTUxWhcNMDExMDIwMTgyMTUxWjCBpzEL
-MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
-a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl
-cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN
-AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92Vaat6CpIEEGue
-yG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9ziYon8jWsbK2aE
-+L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQABo24wbDAbBgNV
-HREEFDASgRB3d3dAc25ha2VvaWwuZG9tMDoGCWCGSAGG+EIBDQQtFittb2Rfc3Ns
-IGdlbmVyYXRlZCBjdXN0b20gc2VydmVyIGNlcnRpZmljYXRlMBEGCWCGSAGG+EIB
-AQQEAwIGQDANBgkqhkiG9w0BAQQFAAOBgQB6MRsYGTXUR53/nTkRDQlBdgCcnhy3
-hErfmPNl/Or5jWOmuufeIXqCvM6dK7kW/KBboui4pffIKUVafLUMdARVV6BpIGMI
-5LmVFK3sgwuJ01v/90hCt4kTWoT8YHbBLtQh7PzWgJoBAY7MJmjSguYCRt91sU4K
-s0dfWsdItkw4uQ==
------END CERTIFICATE-----
diff --git a/usr.sbin/httpd/conf/ssl.csr/README.CSR b/usr.sbin/httpd/conf/ssl.csr/README.CSR
deleted file mode 100644
index f04815f71da..00000000000
--- a/usr.sbin/httpd/conf/ssl.csr/README.CSR
+++ /dev/null
@@ -1,23 +0,0 @@
-
- This is the ssl.csr/ directory of Apache/mod_ssl
- where PEM-encoded X.509 Certificate Signing Requests for SSL are stored.
-
- Per default the following file is provided:
-
- o server.csr:
-   This is the server certificate signing request for Apache/mod_ssl
-   corresponding to the ../ssl.crt/server.crt file.  Per default this is a
-   dummy file, but may be overwritten by the `make certificate' target under
-   built-time.  Then it contains the CSR which you can send to a public
-   Certification Authority (CA) for requesting a real signed certificate
-   (which then can replace the ../ssl.crt/server.crt file).
-
- You can also use this directory for temporarily storing CSRs from within your
- (CGI-) scripts when you want to perform client authentication with your own
- CA instance.
-
- You can view the ingredients of a particular CSR file in plain text
- by running the command:
-
-   $ openssl req -noout -text -in <name>.csr
-
diff --git a/usr.sbin/httpd/conf/ssl.csr/server.csr b/usr.sbin/httpd/conf/ssl.csr/server.csr
deleted file mode 100644
index 756b9c0e1cd..00000000000
--- a/usr.sbin/httpd/conf/ssl.csr/server.csr
+++ /dev/null
@@ -1 +0,0 @@
-THIS FILE HAS TO BE REPLACED BY A REAL SERVER CERTIFICATE SIGNING REQUEST! (SKIPME)
diff --git a/usr.sbin/httpd/conf/ssl.key/README.KEY b/usr.sbin/httpd/conf/ssl.key/README.KEY
deleted file mode 100644
index 58d657e2680..00000000000
--- a/usr.sbin/httpd/conf/ssl.key/README.KEY
+++ /dev/null
@@ -1,28 +0,0 @@
-
- This is the ssl.key/ directory of Apache/mod_ssl
- where PEM-encoded RSA Private Keys for SSL are stored.
-
- Per default the following files are provided:
-
- o server.key:
-   This is the server private key for Apache/mod_ssl, configured with the
-   SSLCertificateKeyFile directive. Per default this is a dummy file, but may
-   be overwritten by the `make certificate' target under built-time.
-
- o snakeoil.key:
-   This is the private key of the _DEMONSTRATION ONLY_ `Snake Oil' Server.  It
-   corresponds to the dummy server certificate ../ssl.crt/snakeoil.crt.  NEVER
-   USE THIS PRIVATE KEY YOURSELF FOR REAL LIFE! INSTEAD USE A REAL SERVER KEY!
-
- o snakeoil-ca.key:
-   This is the private key of the _DEMONSTRATION ONLY_ `Snake Oil' Certificate
-   Authority. It is used to sign the ../ssl.crt/server.crt on `make
-   certificate' because self-signed server certificates are not accepted by
-   all browsers. NEVER USE THIS PRIVATE KEY YOURSELF FOR REAL LIFE! INSTEAD
-   EITHER USE A PUBLICALLY KNOWN CA OR CREATE YOUR OWN CA!
-
- You can view the ingredients of a particular private key file in plain text
- by running the command (a pass phrase may be queried):
-
-   $ openssl rsa -noout -text -in <name>.key
-
diff --git a/usr.sbin/httpd/conf/ssl.key/server.key b/usr.sbin/httpd/conf/ssl.key/server.key
deleted file mode 100644
index e4578c8530d..00000000000
--- a/usr.sbin/httpd/conf/ssl.key/server.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDzrbZlO0F0s4Ft8IEvExNbK3wVq6HWUltwUNKo+EIRVZMcH53N
-jb4+hM3MwVt7HouCPnZFuYhTp8tsdisQiMGTbiR0ad3j+YlC4sy+qAnRVQ/ENC8T
-O4GgVNAHs3Dlabvzpb3I8+q+5cQOLds07ZXL5XbGDXqZjW8Rf6E2nJwTWwIDAQAB
-AoGBANMgOR3wfz/rn0Jv1J3Cu0yMmo/0Ct40sQDZJgw8PJHkQPdm9UR5gNGOIvk6
-tlYwGtOX5sV2gIVqpjetEpbaxkuTnnqAwO+b1Evql9hw4p7HxiWV8jszd9WzSSBE
-JsOSPhfzPcYv14lL+6KFVDU/+p43lm3M58UH6ciNe0t7p4OBAkEA+qbeIaK4JIpl
-+ARxjX7RT/ZcF+8vX7T20xUGDYVn2r86bUXmdx1Sa3T51iWiloLpFZuwMxD5irND
-mgkGvsBsewJBAPjgwTu6J7nRpOZdfagYXDUVTo5QkPVLca/UlJwIXSyWOiE5T0mk
-PPzaHAL95ycTwn6JwVvA6MmwUtiQ0NeBbqECQBY5g4qx9efviZkTM8pbC04uxv2s
-TKQM1LHktFOwl4PS3uhfgU7gf7VdeuWdEqyL0QUEd/wfLjE5Me5PjJSPVU8CQQCl
-BmMa95Tf4eM13Ug07fI2QKqWM1XrUNtRe+QOkn0102c4IIgyjHTkNLveP/3GK5QL
-08wiyweQtRo5/8x7GZgBAkBv2kMIsCUb8ggr+/DsilxEfNty5RyNeNnviRXbLG8B
-qFrgJwBemLrvpbAguYLvaZHgrXQN/aptKV0VgGSniYXb
------END RSA PRIVATE KEY-----
diff --git a/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-dsa.key b/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-dsa.key
deleted file mode 100644
index 89169da7ba7..00000000000
--- a/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-dsa.key
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS
-84p7wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD
-8cQHwh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLH
-SV9FSz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8G
-ghlfBn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX
-4UjtFDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9
-HkXVzswCgYAsjVZYJl5pyLiRK+FfLF6dMI1BCRzyz3/EK4CLh1XjZ5IZCi6bdua9
-YTVwum4w8buOE86P2zC/9Z9tpEpn1Joqf68jgjmzPKNpaO2AiQQC5UkzGzpxEVag
-yIzL0FP+WIM0ABLodiyoDkmPydPpllQjnG/O9na5o4gkrgxsqNKQLAIVANDb2WME
-cYQBeW7FgeCXtSBf75d/
------END DSA PRIVATE KEY-----
diff --git a/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-rsa.key b/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-rsa.key
deleted file mode 100644
index e224be4ebe4..00000000000
--- a/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-rsa.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDYkxgJlqIgdkMd0m8BV8I26lPWcJ3wRORK9YdZDYePOw+/NiPJ
-nE/ws8ZrB3ryt4XgSkxJ6PowdMuaePkEoca8mjFFG0aDhn65a1cHP3W8CUM+1Dcq
-g5Vp751uKU33VXfvCZQqWBQdt2e25qVFdV8ulRSgWocyIcyE2rsdb7xDywIDAQAB
-AoGAEIvUZ08h3dcLM6kTIAgjZ2ypsRVzi5rH0k5F4/DbrX62qkYpn8qYdOxXOXAd
-3ZNV4BftEiyBiNgzgf7CD6+IblZUqkc1dUc96AJH16CUXM/favAHhIoSdyhrnAH8
-O9UN1KxlzUpvLDOelbOdL4/4sQ0XXqd9DJcZkeKc4zCi35kCQQD43SlsTDBeO7ae
-Ig5qnJ/g2V2V4bPh1xTH7LjxthsksOqPUEt3DgRmRVq+qeDyyxN49V9uFYf8oXDl
-1FchPranAkEA3sjny2sxBNIBGtPVLGFl+aukBRkNOdmssVcBudsnigOEL0lbd4Wu
-07ok0zeCuAu+yHRYJKY4eqWVGQJ/DtUSPQJBAIqxVuCQJXSe+stuV3J7D28UNN/P
-BZ0bbO1utDOhNcdhAZgVO7mCClmk1UnlCwTEwHls5l5HiZ31qyGrEVPpy4kCQDfR
-VmIdBTcT9rrmAC8SaB5Z5spwMGQiKaZ1CjWqtwlZQDEozAXyNI9PwBI7gkDikHZg
-0AS+sL/p5KVTfsoUkHECQQDWCSgpZ8k7EajS1RWIGH/GcFT/GaKX8yiMIP2S3Atc
-nl7yMj8yw+1N503FF0aRwimryXQt/VHVYjtYsSAgNU/i
------END RSA PRIVATE KEY-----
diff --git a/usr.sbin/httpd/conf/ssl.key/snakeoil-dsa.key b/usr.sbin/httpd/conf/ssl.key/snakeoil-dsa.key
deleted file mode 100644
index 0f78bd0fd57..00000000000
--- a/usr.sbin/httpd/conf/ssl.key/snakeoil-dsa.key
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS
-84p7wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD
-8cQHwh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLH
-SV9FSz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8G
-ghlfBn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX
-4UjtFDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9
-HkXVzswCgYBwBFH2QfK88C6JKW3ah+6cHQ4Deoiltxi627WN5HcQLwkPGn+WtYSZ
-jG5tw4tqqogmJ+IP2F/5G6FI2DQP7QDvKNeAU8jXcuijuWo27S2sbhQtXgZRTZvO
-jGn89BC0mIHgHQMkI7vz35mx1Skk3VNq3ehwhGCvJlvoeiv2J8X2IQIVAOTRp7zp
-En7QlXnXw1s7xXbbuKP0
------END DSA PRIVATE KEY-----
diff --git a/usr.sbin/httpd/conf/ssl.key/snakeoil-rsa.key b/usr.sbin/httpd/conf/ssl.key/snakeoil-rsa.key
deleted file mode 100644
index 6e3cbd90485..00000000000
--- a/usr.sbin/httpd/conf/ssl.key/snakeoil-rsa.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92V
-aat6CpIEEGueyG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9zi
-Yon8jWsbK2aE+L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQAB
-AoGBAKTvnFGKSkUJnNQGe66I0wunGgCA3W7kbarAzEF2qKYhGlZhJQnn68RmVnAW
-pXUFvB+vmtu/+4J9OmWBJsGHFvC9xH32a0PWNr7APjAKrjAD8GWS7Z6BjuxN8QhD
-WlFMmpYhYIjT1jt7RNfs2gJGS2Ryu3zutUQGwtUB9Pou03dJAkEA6yttwVINFqQP
-utgUZ1JUHrN/rE73FzYsF/CwJp5d3rLHenZzLT0iW+kNDLUw/VpzYxK7bF2Qrt/3
-QIUWwm2InQJBAMpe+jhNMJeLDLc3tG3zeithT0mFkuzWWmT2PJgQ0V78UWhw/fSn
-Qqnq7KBY/DNjlfhezrozLDD73/ccmha0Ax8CQQCBaBlyOtNm9QqO116K6HvPlRiZ
-Wa6QQEgNOG3GInknFZu9ILcKWsywZNLAfmgh0gcSqnkmDWqTQD0PbOz0Ok/lAkEA
-g24JrfUbwOASww9PhDUju/a36rTwhhZ0oKt3EP+jKsBOErmHhZP3bKlhQoZoTOu5
-Y5QXSMChS7LZcwDFZkdE2wJATRgMbhErif+ZRwt9XJRdCo5Sx6ewyGyxjc5gvUyK
-KegHcgru/ZC3pGlujRD2LqxgJNAn5QTdW4LK8xVPFySTYg==
------END RSA PRIVATE KEY-----
diff --git a/usr.sbin/httpd/conf/ssl.prm/README.PRM b/usr.sbin/httpd/conf/ssl.prm/README.PRM
deleted file mode 100644
index af88235122e..00000000000
--- a/usr.sbin/httpd/conf/ssl.prm/README.PRM
+++ /dev/null
@@ -1,18 +0,0 @@
-
- This is the ssl.prm/ directory of Apache/mod_ssl
- where public DSA Parameter Files for SSL are stored.
-
- Per default the following files are provided:
-
- o snakeoil-ca-dsa.prm:
-   This is the DSA parameter file of the _DEMONSTRATION ONLY_ `Snake Oil' CA.
-
- o snakeoil-dsa.prm:
-   This is the DSA parameter file of the _DEMONSTRATION ONLY_ `Snake Oil'
-   server.
-
- You can view the ingredients of a particular parameter file in plain text
- by running the command:
-
-   $ openssl dsaparam -noout -text -in <name>.prm
-
diff --git a/usr.sbin/httpd/conf/ssl.prm/snakeoil-ca-dsa.prm b/usr.sbin/httpd/conf/ssl.prm/snakeoil-ca-dsa.prm
deleted file mode 100644
index b498b16a0c7..00000000000
--- a/usr.sbin/httpd/conf/ssl.prm/snakeoil-ca-dsa.prm
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIIBHgKBgQDqP04Jh4QoUWqPJZftxsgLdO54hGmvEYr2o2nqMjO/DbVuujr8QDnV
-WNRveEuVdrx6AftCchgIvdJS4LTqfvgOmIwsGYylADmycIRlBVHd5q1ocGldkeEB
-iY+cS5yv8ro1x4DRCd0axmhBvTu2BRbippaK7PNALw5xs8eQch0KLQIVAJ8rT8F7
-NqIRASUjy1Bwx701zSIfAoGAT5RMEmjJ4HXOJ0GyIKAesFQhOy3gXXUfV4zXTpSM
-z8cQWfTqxLgVjkvZCt6SYcNmpaRnJyrmUdGD2uSwBcMkXj3G/NI/7n1C6ZuBTt1x
-6TCQA72nYh0xQaj/kbmhT2wNyONMx/sZO/WPUr0qvu/012FS2YlKtq3wRM4+XHz7
-jY0=
------END DSA PARAMETERS-----
diff --git a/usr.sbin/httpd/conf/ssl.prm/snakeoil-dsa.prm b/usr.sbin/httpd/conf/ssl.prm/snakeoil-dsa.prm
deleted file mode 100644
index b498b16a0c7..00000000000
--- a/usr.sbin/httpd/conf/ssl.prm/snakeoil-dsa.prm
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIIBHgKBgQDqP04Jh4QoUWqPJZftxsgLdO54hGmvEYr2o2nqMjO/DbVuujr8QDnV
-WNRveEuVdrx6AftCchgIvdJS4LTqfvgOmIwsGYylADmycIRlBVHd5q1ocGldkeEB
-iY+cS5yv8ro1x4DRCd0axmhBvTu2BRbippaK7PNALw5xs8eQch0KLQIVAJ8rT8F7
-NqIRASUjy1Bwx701zSIfAoGAT5RMEmjJ4HXOJ0GyIKAesFQhOy3gXXUfV4zXTpSM
-z8cQWfTqxLgVjkvZCt6SYcNmpaRnJyrmUdGD2uSwBcMkXj3G/NI/7n1C6ZuBTt1x
-6TCQA72nYh0xQaj/kbmhT2wNyONMx/sZO/WPUr0qvu/012FS2YlKtq3wRM4+XHz7
-jY0=
------END DSA PARAMETERS-----
diff --git a/usr.sbin/httpd/config.layout b/usr.sbin/httpd/config.layout
deleted file mode 100644
index f2b037fdfea..00000000000
--- a/usr.sbin/httpd/config.layout
+++ /dev/null
@@ -1,306 +0,0 @@
-##
-##  config.layout -- APACI Pre-defined Installation Path Layouts
-##
-##  Hints:
-##  - layouts can be loaded with APACI's --with-layout=ID option
-##  - when no --with-layout option is given, the default layout is `Apache'
-##  - a trailing plus character (`+') on paths is replaced with a 
-##    `/<target>' suffix where <target> is the the argument from 
-##    option --target (defaults to `httpd').
-##
-
-#   Classical Apache path layout.
-<Layout Apache>
-    prefix:        /usr/local/apache
-    exec_prefix:   $prefix
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/bin
-    libexecdir:    $exec_prefix/libexec
-    mandir:        $prefix/man
-    sysconfdir:    $prefix/conf
-    datadir:       $prefix
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $prefix/include
-    localstatedir: $prefix
-    runtimedir:    $localstatedir/logs
-    logfiledir:    $localstatedir/logs
-    proxycachedir: $localstatedir/proxy
-</Layout>
-
-#   GNU standards conforming path layout.
-#   See FSF's GNU project `make-stds' document for details.
-<Layout GNU>
-    prefix:        /usr/local
-    exec_prefix:   $prefix
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/sbin
-    libexecdir:    $exec_prefix/libexec
-    mandir:        $prefix/man
-    sysconfdir:    $prefix/etc+
-    datadir:       $prefix/share+
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $prefix/include+
-    localstatedir: $prefix/var+
-    runtimedir:    $localstatedir/run
-    logfiledir:    $localstatedir/log
-    proxycachedir: $localstatedir/proxy
-</Layout>
-
-#   Apache binary distribution path layout
-<Layout BinaryDistribution>
-    prefix:        /usr/local/apache
-    exec_prefix:
-    bindir:        bin
-    sbindir:       bin
-    libexecdir:    libexec
-    mandir:        man
-    sysconfdir:    conf
-    datadir:
-    iconsdir:      icons
-    htdocsdir:     htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        cgi-bin
-    includedir:    include
-    localstatedir:
-    runtimedir:    logs
-    logfiledir:    logs
-    proxycachedir: proxy
-</Layout>
-
-#   Mac OS X Server (Rhapsody)
-<Layout Mac OS X Server>
-    prefix:        /Local/Library/WebServer
-    exec_prefix:   /usr
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/sbin
-    libexecdir:    /System/Library/Apache/Modules
-    mandir:        $exec_prefix/share/man
-    sysconfdir:    $prefix/Configuration
-    datadir:       $prefix
-    iconsdir:      /System/Library/Apache/Icons
-    htdocsdir:     $datadir/Documents
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/CGI-Executables
-    includedir:    /System/Library/Frameworks/Apache.framework/Versions/1.3/Headers
-    localstatedir: /var
-    runtimedir:    $prefix/Logs
-    logfiledir:    $prefix/Logs
-    proxycachedir: $prefix/ProxyCache
-</Layout>
-
-#   Darwin/Mac OS Layout
-<Layout Darwin>
-    prefix:        /usr
-    exec_prefix:   $prefix
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/sbin
-    libexecdir:    $exec_prefix/libexec+
-    mandir:        $prefix/share/man
-    datadir:       /Library/WebServer
-    sysconfdir:    /etc+
-    iconsdir:      $prefix/share/httpd/icons
-    htdocsdir:     $datadir/Documents
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/CGI-Executables
-    includedir:    $prefix/include+
-    localstatedir: /var
-    runtimedir:    $localstatedir/run
-    logfiledir:    $localstatedir/log+
-    proxycachedir: $runtimedir/proxy
-</Layout>
-
-#   Red Hat Linux 7.x layout
-<Layout RedHat>
-    prefix:        /usr
-    exec_prefix:   $prefix
-    bindir:        $prefix/bin
-    sbindir:       $prefix/sbin
-    libexecdir:    $prefix/lib/apache
-    mandir:        $prefix/man
-    sysconfdir:    /etc/httpd/conf
-    datadir:       /var/www
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/html
-    manualdir:     $datadir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $prefix/include/apache
-    localstatedir: /var
-    runtimedir:    $localstatedir/run
-    logfiledir:    $localstatedir/log/httpd
-    proxycachedir: $localstatedir/cache/httpd
-</Layout>     
-
-#   According to the /opt filesystem conventions
-<Layout opt>
-    prefix:        /opt/apache
-    exec_prefix:   $prefix
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/sbin
-    libexecdir:    $exec_prefix/libexec
-    mandir:        $prefix/man
-    sysconfdir:    /etc$prefix
-    datadir:       $prefix/share
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $prefix/include
-    localstatedir: /var$prefix
-    runtimedir:    $localstatedir/run
-    logfiledir:    $localstatedir/logs
-    proxycachedir: $localstatedir/proxy
-</Layout>
-
-#  BeOS layout...
-<Layout beos>
-    prefix:        /boot/home/apache
-    exec_prefix:   $prefix
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/bin
-    libexecdir:    $exec_prefix/libexec
-    mandir:        $prefix/man
-    sysconfdir:    $prefix/conf
-    datadir:       $prefix
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $prefix/include
-    localstatedir: $prefix
-    runtimedir:    $localstatedir/logs
-    logfiledir:    $localstatedir/logs
-    proxycachedir: $localstatedir/proxy
-</Layout>
-
-#   SuSE 6.x layout
-<Layout SuSE>
-    prefix:        /usr
-    exec_prefix:   $prefix
-    bindir:        $prefix/bin
-    sbindir:       $prefix/sbin
-    libexecdir:    $prefix/lib/apache
-    mandir:        $prefix/man
-    sysconfdir:    /etc/httpd
-    datadir:       /usr/local/httpd
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $prefix/include/apache
-    localstatedir: /var
-    runtimedir:    $localstatedir/run
-    logfiledir:    $localstatedir/log/httpd
-    proxycachedir: $localstatedir/cache/httpd
-</Layout>
-
-#   BSD/OS layout
-<Layout BSDI>
-    prefix:        /var/www
-    exec_prefix:   /usr/contrib
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/bin
-    libexecdir:    $exec_prefix/libexec/apache
-    mandir:        $exec_prefix/man
-    sysconfdir:    $prefix/conf
-    datadir:       $prefix
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $exec_prefix/include/apache
-    localstatedir: /var
-    runtimedir:    $localstatedir/run
-    logfiledir:    $localstatedir/log/httpd
-    proxycachedir: $localstatedir/proxy
-</Layout>
-
-#   Solaris 8 Layout
-<Layout Solaris>
-    prefix:        /usr/apache
-    exec_prefix:   $prefix
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/bin
-    libexecdir:    $exec_prefix/libexec
-    mandir:        $exec_prefix/man
-    sysconfdir:    /etc/apache
-    datadir:       /var/apache
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $exec_prefix/include
-    localstatedir: $prefix
-    runtimedir:    /var/run
-    logfiledir:    $datadir/logs
-    proxycachedir: $datadir/proxy
-</Layout>
-
-#   FreeBSD layout...
-<Layout FreeBSD>
-    prefix:        /usr/local
-    exec_prefix:   $prefix
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/sbin
-    libexecdir:    $exec_prefix/libexec/apache
-    mandir:        $prefix/man
-    sysconfdir:    $prefix/etc/apache
-    datadir:       $prefix/www
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/data
-    manualdir:     $prefix/share/doc/apache
-    cgidir:        $datadir/cgi-bin
-    includedir:    $prefix/include/apache
-    localstatedir: /var
-    runtimedir:    $localstatedir/run
-    logfiledir:    $localstatedir/log
-    proxycachedir: $datadir/proxy
-</Layout>
-
-#   OpenBSD Layout
-<Layout OpenBSD>
-    prefix:        /var/www
-    exec_prefix:   /usr
-    bindir:        $exec_prefix/bin
-    sbindir:       $exec_prefix/sbin
-    libexecdir:    $exec_prefix/lib/apache/modules
-    mandir:        $exec_prefix/share/man
-    sysconfdir:    $prefix/conf
-    datadir:       $prefix
-    iconsdir:      $prefix/icons
-    htdocsdir:     $prefix/htdocs
-    manualdir:     $exec_prefix/share/doc/html/httpd
-    cgidir:        $prefix/cgi-bin
-    includedir:    $exec_prefix/lib/apache/include
-    localstatedir: $prefix
-    runtimedir:    $prefix/logs
-    logfiledir:    $prefix/logs
-    proxycachedir: $prefix/proxy
-</Layout>
-
-#   Cygwin 1.x layout
-<Layout Cygwin>
-    prefix:        /usr
-    exec_prefix:   $prefix
-    bindir:        $prefix/bin
-    sbindir:       $prefix/sbin
-    libexecdir:    $prefix/lib/apache
-    mandir:        $prefix/man
-    sysconfdir:    /etc/apache
-    datadir:       /var/www
-    iconsdir:      $datadir/icons
-    htdocsdir:     $datadir/htdocs
-    manualdir:     $htdocsdir/manual
-    cgidir:        $datadir/cgi-bin
-    includedir:    $prefix/include/apache
-    localstatedir: /var
-    runtimedir:    $localstatedir/run
-    logfiledir:    $localstatedir/log/apache
-    proxycachedir: $localstatedir/cache/apache
-</Layout>
-
diff --git a/usr.sbin/httpd/configure b/usr.sbin/httpd/configure
deleted file mode 100644
index 07d97301293..00000000000
--- a/usr.sbin/httpd/configure
+++ /dev/null
@@ -1,1637 +0,0 @@
-#!/bin/sh
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-
-##
-##  configure -- Apache Autoconf-style Interface (APACI) 
-##
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##
-
-## Force SSL_BASE=SYSTEM
-SSL_BASE=SYSTEM
-export SSL_BASE
-
-#   default input separator chars: <space><tab><cr>
-DIFS=' 	
-'
-
-##
-##  avoid brain dead shells on Ultrix and friends
-##
-if [ -f /bin/sh5 ]; then
-    if [ ".$APACI_SH5_UPGRADE_STEP" != .done ]; then
-         APACI_SH5_UPGRADE_STEP=done
-         export APACI_SH5_UPGRADE_STEP
-         exec /bin/sh5 $0 "$@"
-    fi
-fi
-
-##
-##  the paths to the Apache source tree
-##
-top=.
-mkf=Makefile
-src=src
-aux=src/helpers
-sedsubst=src/.apaci.sedsubst
-addconf=src/.apaci.addconf
-tplconf=src/.apaci.tplconf
-pldconf=src/.apaci.pldconf
-configlayout=config.layout
-configstatus=config.status
-shadow=''
-
-##
-##  pre-determine runtime modes
-##
-help=no
-quiet=no
-verbose=no
-case "$*" in
-    --help|*--help|*--help* ) 
-        help=yes; quiet=yes
-        echo "[hang on a moment, generating help]"
-        echo ""
-        ;;
-    --quiet|*--quiet|*--quiet* ) 
-        quiet=yes
-        ;;
-    --verbose|*--verbose|*--verbose*|-v|*-v|*-v* ) 
-        verbose=yes
-        ;;
-    * ) 
-        ;;
-esac
-
-##
-##  determine platform id
-##
-PLATFORM="`sh $aux/GuessOS`"
-
-##
-##  display version information
-##
-if [ "x$quiet" = "xno" ]; then
-    APV=`cat $src/include/httpd.h |\
-         grep "#define SERVER_BASEREVISION" |\
-         sed -e 's/^[^"]*"//' -e 's/".*$//' -e 's/^\///'`
-    echo "Configuring for Apache, Version $APV"
-fi
-
-##
-##  important hint for the first-time users
-##
-if [ $# -eq 0 ]; then
-    echo " + Warning: Configuring Apache with default settings."
-    echo " + This is probably not what you really want."
-    echo " + Please read the README.configure and INSTALL files"
-    echo " + first or at least run '$0 --help' for"
-    echo " + a compact summary of available options."
-fi
-
-##
-##
-##  determine path to (optional) Perl interpreter
-##
-PERL=no-perl-on-this-system
-perlpath="`sh $aux/PrintPath perl5 perl miniperl`"
-if [ "x$perlpath" != "x" ]; then
-    PERL="$perlpath"
-fi
-
-##
-##  look for deadly broken echo commands which interpret escape
-##  sequences `\XX' *per default*. For those we first try the -E option
-##  and if it then is still broken we give a warning message.
-##  If it works set the `Safe Echo Option' (SEO) variable.
-##
-SEO='' # CHANGE THIS VARIABLE HERE IF YOU HAVE PROBLEMS WITH ECHO!
-bytes=`echo $SEO '\1' | wc -c | awk '{ printf("%s", $1); }'`
-if [ "x$bytes" != "x3" ]; then
-    bytes=`echo -E '\1' | wc -c | awk '{ printf("%s", $1); }'`
-    if [ "x$bytes" != "x3" ]; then
-        echo " + Warning: Your 'echo' command is slightly broken."
-        echo " + It interprets escape sequences per default. We already"
-        echo " + tried 'echo -E' but had no real success. If errors occur"
-        echo " + please set the SEO variable in 'configure' manually to"
-        echo " + the required 'echo' options, i.e. those which force your"
-        echo " + 'echo' to not interpret escape sequences per default."
-    else
-        SEO='-E'
-    fi
-fi
-
-##
-##  look for the best Awk we can find because some
-##  standard Awks are really braindead and cause 
-##  problems for our scripts under some platforms.
-##
-AWK=awk
-awkpath="`sh $aux/PrintPath nawk gawk awk`"
-if [ "x$awkpath" != "x" ]; then
-    AWK="$awkpath"
-fi
-
-##
-## Look for a good Tar. If we don't find 'GNU tar' then make
-## sure ours can handle the '-h' (don't copy symlink, copy
-## the actual data) option.
-##
-TAR=tar
-tarpath="`sh $aux/PrintPath gtar gnutar tar`"
-if [ "x$tarpath" != "x" ]; then
-    TAR="$tarpath"
-fi
-case "`$TAR -tf /dev/null --version 2>/dev/null`" in
-    *GNU*) TAROPT="-hcf" ;;
-    *) if $TAR -hcf - Makefile.tmpl > /dev/null 2>&1
-       then
-           TAROPT="-hcf"
-       else
-           TAROPT="-cf"
-       fi
-       ;;
-esac
-
-##
-## Request USTAR format for tar files on OS/390
-## Request that prelink step be used for 390
-##
-case $PLATFORM in
-    *-IBM-OS390*)
-       TAROPT="${TAROPT}U"
-       ;;
-esac
-
-##
-##  determine path to sh, it's not /bin/sh on ALL systems
-##
-SHELL=/bin/sh
-if [ ! -f "$SHELL" ]; then
-    SHELL="`sh $aux/PrintPath sh`"
-    if [ "x$SHELL" = "x" ]; then
-        echo "configure:Error: Cannot determine path to Bourne-Shell" 1>&2
-        exit 1
-    fi
-fi
-
-##
-##  determine default parameters
-##
-
-#   default paths
-prefix=UNSET
-
-#   layout configuration
-with_layout=0
-show_layout=0
-
-#   suexec defaults
-suexec=0
-suexec_ok=0
-suexec_docroot='$datadir/htdocs'
-suexec_logexec='$logfiledir/suexec_log'
-suexec_caller=www
-suexec_userdir=public_html
-suexec_uidmin=100
-suexec_gidmin=100
-suexec_safepath="/usr/local/bin:/usr/bin:/bin"
-# if the umask is undefined, we don't change it
-#suexec_umask=0755
-
-#   the installation flags
-iflags_program="-m 755 -s"
-iflags_core="-m 755"
-iflags_dso="-m 755"
-iflags_script="-m 755"
-iflags_data="-m 644"
-
-#   ssl defaults
-ssl=0
-
-#   various other flags
-support=1
-confadjust=1
-permute=''
-
-#   determine rules
-rules=''
-rulelist=''
-OIFS="$IFS"
-IFS='
-'
-for rule in `grep '^Rule' $src/Configuration.tmpl`; do
-    rule=`echo "$rule" | sed -e 's/^Rule[ 	]*//'`
-    name=`echo "$rule" | sed -e 's/=.*$//'`
-    namelow=`echo "$name" | tr '[A-Z]' '[a-z]'`
-    arg=`echo "$rule" | sed -e 's/^.*=//'`
-    eval "rule_$namelow=$arg"
-    rules="$rules:$namelow"
-    rulelist="$rulelist:$name=$arg"
-done
-IFS="$OIFS"
-rules=`echo $rules | sed -e 's/^://'`
-
-#   determine modules
-modules=''
-modulelist=''
-OIFS="$IFS"
-IFS='
-'
-for module in `egrep '^[# 	]*(Add|Shared)Module' $src/Configuration.tmpl`; do
-    add=yes
-    share=no
-    if [ "x`echo $module | grep '^#'`" != "x" ]; then
-        add=no
-    fi
-    if [ "x`echo $module | grep 'SharedModule'`" != "x" ]; then
-        share=yes
-    fi
-    module=`echo "$module" |\
-            sed -e 's%^.*/\(.*\)$%\1%' \
-                -e 's/\.[oa]$//' \
-                -e 's/\.module$//' \
-                -e 's/^mod_//' \
-                -e 's/^lib//'`
-    eval "module_$module=$add"
-    eval "shared_$module=$share"
-    modules="${modules}:$module"
-    modulelist="${modulelist}:$module=$add"
-    if [ "x$share" = "xyes" ]; then
-        modulelist="${modulelist}*"
-    fi
-done
-IFS="$OIFS"
-modules=`echo $modules | sed -e 's/^://'`
-
-#   backward compatibility for old src/Configuration.tmpl
-#   parameter names to the canonical Autoconf-style shell
-#   variable names.
-OIFS="$IFS"
-IFS="$DIFS"
-for var in CFLAGS LDFLAGS LIBS INCLUDES DEPS; do
-    eval "val=\$EXTRA_$var"
-    if [ "x$val" != "x" ]; then
-        eval "$var=\$val"
-        eval "EXTRA_$var=\"\"; export EXTRA_$var"
-        echo " + Hint: please use $var instead of EXTRA_$var next time"
-    fi
-done
-IFS="$OIFS"
-
-##
-## Platform-specific defaults
-##
-case $PLATFORM in
-    *-apple-rhapsody*)
-	default_layout="Mac OS X Server"
-	iflags_core="${iflags_core} -S \"-S\""
-	iflags_dso="${iflags_dso} -S \"-S\""
-	;;
-    *-apple-darwin*)
-	default_layout="Darwin"
-	iflags_core="${iflags_core} -S \"-S\"" 
-	iflags_dso="${iflags_dso} -S \"-S\""
-	;;
-    *OS/2* ) 
-        default_layout="Apache"
-        iflags_program="${iflags_program} -e .exe" 
-        iflags_core="${iflags_core} -e .exe" 
-        ;;
-    *MPE/iX* )
-	default_layout="Apache"
-	iflags_program="-m 755"
-	;;
-    *)
-	default_layout="Apache"
-	;;
-esac
-
-##
-##  support for the default layout
-##
-case "$*" in
-    *--with-layout=* ) 
-        ;;
-    * ) 
-        if [ "x$*" = "x" ]; then
-            set -- --with-layout="$default_layout"
-        else
-            set -- --with-layout="$default_layout" "$@"
-        fi
-        ;;
-esac
-
-##
-##  Initialize server user ID and group ID variables
-##
-conf_user=""
-conf_group=""
-
-##
-##  Iterate over the command line options the first time.
-##
-##  This time we pre-process options which need high priority 
-##  on the command line independent of their position, so they 
-##  can be overridden by others.
-##
-apc_prev=''
-OIFS1="$IFS"
-IFS="$DIFS"
-for apc_option
-do
-    #   if previous option needs an argument, assign it.
-    if [ "x$apc_prev" != "x" ]; then
-        eval "$apc_prev=\$apc_option"
-        apc_prev=""
-        continue
-    fi
-    #   split out arguments
-    case "$apc_option" in
-        -*=*) apc_optarg=`echo "$apc_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-           *) apc_optarg= ;;
-    esac
-    #  pre-process only a few options now
-    case "$apc_option" in
-        --help | -h | -help )
-            echo "Usage: configure [options]"
-            echo "Options: [defaults in brackets after descriptions]"
-            echo "General options:"
-            echo " --quiet, --silent      do not print messages"
-            echo " --verbose, -v          print even more messages"
-            echo " --shadow[=DIR]         switch to a shadow tree (under DIR) for building"
-            echo ""
-            echo "Stand-alone options:"
-            echo " --help, -h             print this message"
-            echo " --show-layout          print installation path layout (check and debug)"
-            echo ""
-            echo "Installation layout options:"
-            echo " --with-layout=[F:]ID   use installation path layout ID (from file F)"
-            echo " --target=TARGET        install name-associated files using basename TARGET"
-            echo " --prefix=PREFIX        install architecture-independent files in PREFIX"
-            echo " --exec-prefix=EPREFIX  install architecture-dependent files in EPREFIX"
-            echo " --bindir=DIR           install user     executables in DIR"
-            echo " --sbindir=DIR          install sysadmin executables in DIR"
-            echo " --libexecdir=DIR       install program  executables in DIR"
-            echo " --mandir=DIR           install manual pages in DIR"
-            echo " --sysconfdir=DIR       install configuration files in DIR"
-            echo " --datadir=DIR          install read-only data files in DIR"
-            echo " --iconsdir=DIR         install read-only icon files in DIR"
-            echo " --htdocsdir=DIR        install read-only welcome pages in DIR"
-            echo " --manualdir=DIR        install read-only on-line documentation in DIR"
-            echo " --cgidir=DIR           install read-only cgi files in DIR"
-            echo " --includedir=DIR       install includes files in DIR"
-            echo " --localstatedir=DIR    install modifiable data files in DIR"
-            echo " --runtimedir=DIR       install runtime data in DIR"
-            echo " --logfiledir=DIR       install logfile data in DIR"
-            echo " --proxycachedir=DIR    install proxy cache data in DIR"
-            echo ""
-            echo "Configuration options:"
-            echo " --enable-rule=NAME     enable  a particular Rule named 'NAME'"
-            echo " --disable-rule=NAME    disable a particular Rule named 'NAME'"
-            $aux/ppl.sh $rulelist
-            echo " --add-module=FILE      on-the-fly copy & activate a 3rd-party Module"
-            echo " --activate-module=FILE on-the-fly activate existing 3rd-party Module"
-            echo " --permute-module=N1:N2 on-the-fly permute module 'N1' with module 'N2'"
-            echo " --enable-module=NAME   enable  a particular Module named 'NAME'"
-            echo " --disable-module=NAME  disable a particular Module named 'NAME'"
-            $aux/ppl.sh $modulelist
-            echo " --enable-shared=NAME   enable  build of Module named 'NAME' as a DSO"
-            echo " --disable-shared=NAME  disable build of Module named 'NAME' as a DSO"
-            echo " --with-perl=FILE       path to the optional Perl interpreter"
-            echo " --with-port=PORT       set the port number for httpd.conf"
-            echo " --without-support      disable the build and installation of support tools"
-            echo " --without-confadjust   disable the user/situation adjustments in config"
-            echo " --without-execstrip    disable the stripping of executables on installation"
-            echo " --server-uid=UID       set the user ID the web server should run as [nobody]"
-            echo " --server-gid=GID       set the group ID the web server UID is a memeber of [#-1]"
-            echo ""
-            echo "suEXEC options:"
-            echo " --enable-suexec        enable the suEXEC feature"
-            echo " --suexec-caller=NAME   set the suEXEC username of the allowed caller [$suexec_caller]"
-            echo " --suexec-docroot=DIR   set the suEXEC root directory [PREFIX/share/htdocs]"
-            echo " --suexec-logfile=FILE  set the suEXEC logfile [PREFIX/var/log/suexec_log]"
-            echo " --suexec-userdir=DIR   set the suEXEC user subdirectory [$suexec_userdir]"
-            echo " --suexec-uidmin=UID    set the suEXEC minimal allowed UID [$suexec_uidmin]"
-            echo " --suexec-gidmin=GID    set the suEXEC minimal allowed GID [$suexec_gidmin]"
-            echo " --suexec-safepath=PATH set the suEXEC safe PATH [$suexec_safepath]"
-            echo " --suexec-umask=UMASK   set the umask for the suEXEC'd script [server's umask]"
-            echo ""
-            echo "Deprecated options:"
-            echo " --layout               backward compat only: use --show-layout"
-            echo " --compat               backward compat only: use --with-layout=Apache"
-            exit 0
-            ;;
-        --with-layout=*|--compat)
-            if [ "x$apc_option" = "x--compat" ]; then
-                apc_optarg="Apache"
-            fi
-            case $apc_optarg in
-                *:* ) 
-                    file=`echo $apc_optarg | sed -e 's/:.*//'`
-                    name=`echo $apc_optarg | sed -e 's/.*://'`
-                    ;;
-                * ) 
-                    name=$apc_optarg
-                    file=$configlayout
-                    ;;
-            esac
-            if [ ! -f "$file" ]; then
-                echo "configure:Error: Path layout definition file $file not found" 1>&2
-                exit 1
-            fi
-            (echo ''; cat $file; echo '') |\
-            sed -e "1,/[ 	]*<[Ll]ayout[ 	]*$name[ 	]*>[ 	]*/d" \
-                -e '/[ 	]*<\/Layout>[ 	]*/,$d' \
-                -e "s/^[ 	]*//g" \
-                -e "s/:[ 	]*/=\'/g" \
-                -e "s/[ 	]*$/'/g" \
-                >$pldconf
-            . $pldconf
-            OOIFS="$IFS"  # most likely not needed: jmj
-            IFS="$DIFS"   # ditto
-            for var in prefix exec_prefix bindir sbindir libexecdir mandir \
-                       sysconfdir datadir iconsdir htdocsdir manualdir cgidir \
-                       includedir localstatedir runtimedir logfiledir \
-                       proxycachedir; do
-                eval "val=\"\$$var\""
-                case $val in
-                    *+ )
-                        val=`echo $val | sed -e 's;\+$;;'`
-                        eval "$var=\"\$val\""
-                        eval "autosuffix_$var=yes"
-                        ;;
-                    * )
-                        eval "autosuffix_$var=no"
-                        ;;
-                esac
-            done
-            IFS="$OOIFS"
-            rm -f $pldconf 2>/dev/null
-            if [ "x$prefix" = "xUNSET" ]; then
-                echo "configure:Error: Path layout definition not found or incorrect" 1>&2
-                exit 1
-            fi
-            if [ "x$quiet" = "xno" ]; then
-                echo " + using installation path layout: $name ($file)"
-            fi
-            name_layout=$name
-            with_layout=1
-            ;;
-        *)
-            ;;
-    esac
-done
-
-##
-##  Iterate over the command line options the second time.
-##
-##  This time we parse the standard options.
-##
-addconf_created=0
-apc_prev=''
-for apc_option
-do
-    #   if previous option needs an argument, assign it.
-    if [ "x$apc_prev" != "x" ]; then
-        eval "$apc_prev=\$apc_option"
-        apc_prev=""
-        continue
-    fi
-    #   split out arguments
-    case "$apc_option" in
-        -*=*) apc_optarg=`echo "$apc_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
-           *) apc_optarg= ;;
-    esac
-    #  accept only the most important GNU Autoconf-style options
-    case "$apc_option" in
-        --help|-h|-help|--with-layout=*|-compat)
-            #   just ignore already parsed options
-            ;;
-        --quiet | --silent) 
-            quiet=yes
-            ;;
-        --verbose | -v)
-            verbose=yes
-            ;;
-        --shadow*)
-            #   if we use an external shadow tree, first shadow all of ourself
-            #   to this tree and switch over to to it for internal (=platform)
-            #   shadowing...
-            case "$apc_option" in
-                --shadow=*)
-                    shadow="$apc_optarg"
-                    if [ "x$quiet" = "xno" ]; then
-                        echo " + creating external package shadow tree ($shadow)"
-                    fi
-                    rm -rf $shadow 2>/dev/null
-                    $aux/mkshadow.sh . $shadow
-                    for file in $mkf $sedsubst $addconf $tplconf $pldconf $configstatus; do
-                        rm -f $shadow/$file 2>/dev/null
-                    done
-                    if [ "x$quiet" = "xno" ]; then
-                        echo " + switching to external package shadow tree ($shadow)"
-                    fi
-                    cd $shadow
-                    ;;
-            esac
-            #   determine GNU platform triple
-            gnutriple=`echo "$PLATFORM" | sed -e 's:/:-:g' | $AWK '{ printf("%s",$1); }'`
-            #   create Makefile wrapper (the first time only)
-            if [ "x`ls $top/src.* 2>/dev/null`" = "x" ]; then
-                if [ "x$quiet" = "xno" ]; then
-                    echo " + creating Makefile (shadow wrapper)"
-                fi
-                echo "##" > Makefile
-                echo "##  Apache Makefile (shadow wrapper)" >> Makefile
-                echo "##" >> Makefile
-                echo "" >> Makefile
-                if [ "x$shadow" != "x" ]; then
-                    echo "SHADOW=$shadow" >> Makefile
-                else
-                    echo "SHADOW=." >> Makefile
-                fi
-                #   (the use of `awk' and not `$AWK' here is correct, because this
-                #   Makefile is for platform bootstrapping, so don't hardcode paths)
-                echo "GNUTRIPLE=\`$aux/GuessOS | sed -e 's:/:-:g' | awk '{ printf(\"%s\",\$\$1); }'\`" >> Makefile
-                echo "" >> Makefile
-                echo "all build install install-quiet clean distclean:" >> Makefile
-                echo "	@cd \$(SHADOW); \$(MAKE) -f Makefile.\$(GNUTRIPLE) \$(MFLAGS) \$@" >> Makefile
-                echo "" >> Makefile
-            fi
-            #   set shadow paths
-            shadowmkf="Makefile.$gnutriple"
-            shadowsrc="src.$gnutriple"
-            shadowaux="src.$gnutriple/helpers"
-            shadowsedsubst="src.$gnutriple/.apaci.sedsubst"
-            shadowaddconf="src.$gnutriple/.apaci.addconf"
-            shadowtplconf="src.$gnutriple/.apaci.tplconf"
-            #   (re)create shadow tree
-            if [ "x$quiet" = "xno" ]; then
-                echo " + creating internal platform shadow tree ($shadowsrc)"
-            fi
-            rm -rf $shadowsrc
-            $aux/mkshadow.sh $src $shadowsrc
-            #   delegate us to the shadow paths
-            mkf=$shadowmkf
-            src=$shadowsrc
-            aux=$shadowaux
-            sedsubst=$shadowsedsubst
-            addconf=$shadowaddconf
-            tplconf=$shadowtplconf
-            ;;
-        --show-layout|--layout)
-            show_layout=1
-            ;;
-        --target=*)
-            TARGET="$apc_optarg"
-            ;;
-        --prefix=*)
-            prefix="$apc_optarg"
-            autosuffix_prefix=no
-            ;;
-        --exec-prefix=*)
-            exec_prefix="$apc_optarg"
-            autosuffix_exec_prefix=no
-            ;;
-        --bindir=*)       
-            bindir="$apc_optarg"
-            autosuffix_bindir=no
-            ;;
-        --sbindir=*)       
-            sbindir="$apc_optarg"
-            autosuffix_sbindir=no
-            ;;
-        --libexecdir=*)
-            libexecdir="$apc_optarg"    
-            autosuffix_libexecdir=no
-            ;;
-        --mandir=*)        
-            mandir="$apc_optarg"        
-            autosuffix_mandir=no
-            ;;
-        --sysconfdir=*)    
-            sysconfdir="$apc_optarg"    
-            autosuffix_sysconfdir=no
-            ;;
-        --datadir=*)       
-            datadir="$apc_optarg"       
-            autosuffix_datadir=no
-            ;;
-        --iconsdir=*) 
-            iconsdir="$apc_optarg" 
-            autosuffix_iconsdir=no
-            ;;
-        --htdocsdir=*) 
-            htdocsdir="$apc_optarg" 
-            autosuffix_htdocsdir=no
-            ;;
-        --manualdir=*) 
-            manualdir="$apc_optarg" 
-            autosuffix_manualdir=no
-            ;;
-        --cgidir=*) 
-            cgidir="$apc_optarg" 
-            autosuffix_cgidir=no
-            ;;
-        --includedir=*)       
-            includedir="$apc_optarg"       
-            autosuffix_includedir=no
-            ;;
-        --localstatedir=*) 
-            localstatedir="$apc_optarg" 
-            autosuffix_localstatedir=no
-            ;;
-        --runtimedir=*) 
-            runtimedir="$apc_optarg" 
-            autosuffix_runtimedir=no
-            ;;
-        --logfiledir=*) 
-            logfiledir="$apc_optarg" 
-            autosuffix_logfiledir=no
-            ;;
-        --proxycachedir=*) 
-            proxycachedir="$apc_optarg" 
-            autosuffix_proxycachedir=no
-            ;;
-        --add-module=*) 
-            file="$apc_optarg"
-            if [ "x`echo $file | egrep '/?mod_[a-zA-Z0-9][a-zA-Z0-9_]*\.c$'`" = "x" ]; then
-                echo "configure:Error: Module filename doesn't match '/?mod_[a-zA-Z0-9][a-zA-Z0-9_]*\.c'" 1>&2
-                exit 1
-            fi
-            if [ ! -f $file ]; then
-                echo "configure:Error: Module source $file not found" 1>&2
-                exit 1
-            fi
-            modfilec=`echo $file | sed -e 's;^.*/;;'`
-            modfileo=`echo $file | sed -e 's;^.*/;;' -e 's;\.c$;.o;'`
-            if [ "x$file" != "x$src/modules/extra/$modfilec" ]; then
-                cp $file $src/modules/extra/$modfilec
-            fi
-            if [ "x$addconf_created" = "x0" ]; then
-                addconf_created=1
-                rm -f $addconf 2>/dev/null
-                touch $addconf 2>/dev/null
-            fi
-            echo "" >>$addconf
-            echo "## On-the-fly added module" >>$addconf
-            echo "## (configure --add-module=$file)" >>$addconf
-            echo "AddModule modules/extra/$modfileo" >>$addconf
-            module=`echo "$modfileo" |\
-                    sed -e 's%^.*/\(.*\)$%\1%' \
-                        -e 's/\.[^.]*$//' \
-                        -e 's/^mod_//' \
-                        -e 's/^lib//'`
-            eval "module_$module=yes"
-            eval "shared_$module=no"
-            modules="${modules}:$module"
-            modulelist="${modulelist}:$module=yes"
-            if [ "x$quiet" = "xno" ]; then
-                echo " + on-the-fly added and activated $module module (modules/extra/$modfileo)"
-            fi
-            ;;
-        --activate-module=*) 
-            file="$apc_optarg"
-            case $file in
-                src/modules/* ) ;;
-                *)  echo "configure:Error: Module source already has to be below src/modules/ to be activated" 1>&2
-                    exit 1
-                    ;;
-            esac
-            modfile=`echo $file | sed -e 's;^src/;;'`
-            if [ "x$addconf_created" = "x0" ]; then
-                addconf_created=1
-                rm -f $addconf 2>/dev/null
-                touch $addconf 2>/dev/null
-            fi
-            echo "" >>$addconf
-            echo "## On-the-fly activated module" >>$addconf
-            echo "## (configure --activate-module=$file)" >>$addconf
-            echo "AddModule $modfile" >>$addconf
-            module=`echo "$modfile" |\
-                    sed -e 's%^.*/\(.*\)$%\1%' \
-                        -e 's/\.[^.]*$//' \
-                        -e 's/^mod_//' \
-                        -e 's/^lib//'`
-            eval "module_$module=yes"
-            eval "shared_$module=no"
-            modules="${modules}:$module"
-            modulelist="${modulelist}:$module=yes"
-            if [ "x$quiet" = "xno" ]; then
-                echo " + activated $module module ($modfile)"
-            fi
-            ;;
-        --enable-*)
-            apc_feature=`echo $apc_option | sed -e 's/-*enable-//' -e 's/=.*//'`
-            apc_feature=`echo $apc_feature | sed 's/-/_/g'`
-            case "$apc_option" in
-                *=*) ;;
-                  *) apc_optarg=yes ;;
-            esac
-            case "$apc_feature" in
-                rule   )
-                    apc_optarg=`echo "$apc_optarg" | tr '[A-Z]' '[a-z]'`
-                    apc_optarg_real=`echo "$apc_optarg" | tr '[a-z]' '[A-Z]'`
-                    eval "exists=\$rule_${apc_optarg}" 
-                    if [ "x$exists" = "x" ]; then
-                        echo "configure:Error: No such rule named '${apc_optarg_real}'" 1>&2
-                        exit 1
-                    fi
-                    eval "rule_${apc_optarg}=yes"
-                    ;;
-                module ) 
-                    case $apc_optarg in
-                       all ) 
-                           OOIFS="$IFS"
-                           IFS=':'
-                           for module in $modules; do
-                               eval "module_${module}=yes" 
-                           done
-                           IFS="$OOIFS"
-                           module_auth_digest=no # conflict with mod_digest
-                           ;;
-                       most ) 
-                           OOIFS="$IFS"
-                           IFS=':'
-                           for module in $modules; do
-                               eval "module_${module}=yes" 
-                           done
-                           IFS="$OOIFS"
-                           module_auth_db=no     # not all platforms have -ldb
-                           module_mmap_static=no # not all platforms have mmap()
-                           module_so=no          # not all platforms have dlopen()
-                           module_example=no     # only for developers
-                           module_auth_digest=no # conflict with mod_digest
-                           module_log_agent=no   # deprecated
-                           module_log_referer=no # deprecated
-                           ;;
-                       * ) 
-                           eval "exists=\$module_${apc_optarg}" 
-                           if [ "x$exists" = "x" ]; then
-                               echo "configure:Error: No such module named '${apc_optarg}'" 1>&2
-                               exit 1
-                           fi
-                           eval "module_${apc_optarg}=yes" 
-                           ;;
-                    esac
-                    ;;
-                shared ) 
-                    case $apc_optarg in
-                       max ) 
-                           OOIFS="$IFS"
-                           IFS=':'
-                           for module in $modules; do
-                               eval "shared_${module}=yes" 
-                           done
-                           IFS="$OOIFS"
-                           shared_so=no        # because of bootstrapping
-                           ;;
-                       remain ) 
-                           OOIFS="$IFS"
-                           IFS=':'
-                           for module in $modules; do
-                               eval "add=\$module_${module}" 
-                               if [ "x$add" = "xno" ]; then
-                                   eval "module_${module}=yes" 
-                                   eval "shared_${module}=yes" 
-                               fi
-                           done
-                           IFS="$OOIFS"
-                           shared_so=no
-                           ;;
-                       * ) 
-                           eval "exists=\$module_${apc_optarg}" 
-                           if [ "x$exists" = "x" ]; then
-                               echo "configure:Error: No such module named '${apc_optarg}'" 1>&2
-                               exit 1
-                           fi
-                           eval "shared_${apc_optarg}=yes" 
-                           ;;
-                    esac
-                    ;;
-                suexec ) 
-                    suexec=1
-                    ;;
-                * ) 
-                    echo "configure:Error: invalid option '$apc_option'" 1>&2
-                    exit 1
-                    ;;
-            esac
-            ;;
-        --disable-*)
-            apc_feature=`echo $apc_option | sed -e 's/-*disable-//' -e 's/=.*//'`
-            apc_feature=`echo $apc_feature| sed 's/-/_/g'`
-            case "$apc_option" in
-                *=*) ;;
-                  *) apc_optarg=yes ;;
-            esac
-            case "$apc_feature" in
-                rule   ) 
-                    apc_optarg=`echo "$apc_optarg" | tr '[A-Z]' '[a-z]'`
-                    apc_optarg_real=`echo "$apc_optarg" | tr '[a-z]' '[A-Z]'`
-                    eval "exists=\$rule_${apc_optarg}" 
-                    if [ "x$exists" = "x" ]; then
-                        echo "configure:Error: No such rule named '${apc_optarg_real}'" 1>&2
-                        exit 1
-                    fi
-                    eval "rule_${apc_optarg}=no"
-                    ;;
-                module )
-                    case $apc_optarg in
-                       all ) 
-                           OOIFS="$IFS"
-                           IFS=':'
-                           for module in $modules; do
-                               eval "module_${module}=no" 
-                           done
-                           IFS="$OOIFS"
-                           ;;
-                       * ) 
-                           eval "exists=\$module_${apc_optarg}" 
-                           if [ "x$exists" = "x" ]; then
-                               echo "configure:Error: No such module named '${apc_optarg}'" 1>&2
-                               exit 1
-                           fi
-                           eval "module_${apc_optarg}=no" 
-                           ;;
-                    esac
-                    ;;
-                shared )
-                    case $apc_optarg in
-                       all ) 
-                           OOIFS="$IFS"
-                           IFS=':'
-                           for module in $modules; do
-                               eval "shared_${module}=no" 
-                           done
-                           IFS="$OOIFS"
-                           ;;
-                       * ) 
-                           eval "exists=\$module_${apc_optarg}" 
-                           if [ "x$exists" = "x" ]; then
-                               echo "configure:Error: No such module named '${apc_optarg}'" 1>&2
-                               exit 1
-                           fi
-                           eval "shared_${apc_optarg}=no" 
-                           ;;
-                    esac
-                    ;;
-                * ) 
-                    echo "configure:Error: invalid option '$apc_option'" 1>&2
-                    exit 1
-                    ;;
-            esac
-            ;;
-        --permute-module=*:*)
-            mod1=`echo $apc_optarg | sed -e 's/:.*//'`
-            mod2=`echo $apc_optarg | sed -e 's/.*://'`
-            for mod in $mod1 $mod2; do
-                case $mod in
-                    BEGIN|END)
-                        ;;
-                    *)  eval "exists=\$module_${mod}" 
-                        if [ "x$exists" = "x" ]; then
-                            echo "configure:Error: No such module named '${mod}'" 1>&2
-                            exit 1
-                        fi
-                        ;;
-                esac
-            done
-            case $mod1:$mod2 in
-                BEGIN:END|*:BEGIN|END:*)
-                    echo "configure:Error: Invalid combination of pseudo module identifiers" 1>&2
-                    exit 1
-                    ;;
-            esac
-            permute="${permute},${mod1}:${mod2}"
-            ;;
-        --with-perl=*)
-            PERL="$apc_optarg"
-            ;;
-        --with-port=*)
-            port="$apc_optarg"
-            ;;
-        --without-support)
-            support=0
-            ;;
-        --without-confadjust)
-            confadjust=0
-            ;;
-        --without-execstrip)
-            iflags_program=`echo "$iflags_program" | sed -e 's/-s//'`
-            ;;
-        --suexec-caller=*)
-            suexec_caller="$apc_optarg"
-            suexec_ok=1
-            ;;
-        --suexec-docroot=*)
-            suexec_docroot="$apc_optarg"
-            suexec_ok=1
-            ;;
-        --suexec-logfile=*)
-            suexec_logexec="$apc_optarg"
-            suexec_ok=1
-            ;;
-        --suexec-userdir=*)
-            suexec_userdir="$apc_optarg"
-            suexec_ok=1
-            ;;
-        --suexec-uidmin=*)
-            suexec_uidmin="$apc_optarg"
-            suexec_ok=1
-            ;;
-        --suexec-gidmin=*)
-            suexec_gidmin="$apc_optarg"
-            suexec_ok=1
-            ;;
-        --suexec-safepath=*)
-            suexec_safepath="$apc_optarg"
-            suexec_ok=1
-            ;;
-        --suexec-umask=*)
-            suexec_umask_val="$apc_optarg"
-            suexec_umask="-DSUEXEC_UMASK=0$apc_optarg"
-            suexec_ok=1
-            ;;
-        --server-uid=*)
-            conf_user="$apc_optarg"
-	    # protect the '#' against interpretation as comment
-	    case x"${conf_user}" in
-              "#"*)  conf_user="\\\\${conf_user}";;
-              "\\#"*)conf_user="\\${conf_user}";;
-            esac
-            ;;
-        --server-gid=*)
-            conf_group="$apc_optarg"
-	    # protect the '#' against interpretation as comment
-	    case x"${conf_group}" in
-              "#"*)  conf_group="\\\\${conf_group}";;
-              "\\#"*)conf_group="\\${conf_group}";;
-            esac
-            ;;
-        * )
-            echo "configure:Error: invalid option '$apc_option'" 1>&2
-            exit 1
-            ;;
-    esac
-done
-IFS="$OIFS1"
-if [ "x$apc_prev" != "x" ]; then
-    echo "configure:Error: missing argument to --`echo $apc_prev | sed 's/_/-/g'`" 1>&2
-    exit 1
-fi
-if [ "x$addconf_created" = "x0" ]; then
-    rm -f $addconf 2>/dev/null
-    touch $addconf 2>/dev/null
-fi
-
-##
-##   create a config status script for restoring
-##   the configuration via a simple shell script
-##
-rm -f $configstatus 2>/dev/null
-echo "#!/bin/sh" >$configstatus
-echo "##" >>$configstatus
-echo "##  $configstatus -- APACI auto-generated configuration restore script" >>$configstatus
-echo "##" >>$configstatus
-echo "##  Use this shell script to re-run the APACI configure script for" >>$configstatus
-echo "##  restoring your configuration. Additional parameters can be supplied." >>$configstatus
-echo "##" >>$configstatus
-echo "" >>$configstatus
-for var in CC CPP OPTIM CFLAGS CFLAGS_SHLIB LDFLAGS LD_SHLIB LDFLAGS_SHLIB \
-           LDFLAGS_SHLIB_EXPORT LIBS INCLUDES RANLIB DEPS TARGET EAPI_MM SSL_BASE; do
-    eval "val=\"\$$var\""
-    if [ "x$val" != "x" ]; then
-        echo "$var=$val" |\
-        sed -e 's:\(["$\\]\):\\\1:g' \
-            -e 's:\([A-Z]*=\):\1":' \
-            -e 's:$:" \\:' >>$configstatus
-    fi
-done
-echo $SEO "${SHELL} ./configure \\" >>$configstatus
-for arg
-do
-    echo "$arg" |\
-    sed -e 's:\(["$\\]\):\\\1:g' \
-        -e 's:^:":' \
-        -e 's:$:" \\:' >>$configstatus
-done
-echo '"$@"' >>$configstatus
-echo '' >>$configstatus
-chmod a+x $configstatus
-
-##
-##  a few errors and warnings
-##
-if [ "x$suexec" = "x1" ]; then
-    if [ "x$suexec_ok" = "x0" ]; then
-        echo "configure:Error: You enabled the suEXEC feature via --enable-suexec but"
-        echo "                 without explicitly configuring it via at least one"
-        echo "                 --suexec-xxxxx option. Seems like you are still not"
-        echo "                 familiar with the suEXEC risks. Please read the INSTALL"
-        echo "                 and htdocs/manual/suexec.html documents first."
-        exit 1
-    fi
-    if [ "x`${SHELL} $aux/getuid.sh`" != "x0" ]; then
-        echo " + Warning: You have enabled the suEXEC feature. Be aware that you need" 1>&2
-        echo " + root privileges to complete the final installation step." 1>&2
-    fi
-fi
-if [ "x$PERL" = "xno-perl-on-this-system" ]; then
-    if [ "x$quiet" = "xno" ]; then
-        echo " + Warning: no Perl interpreter detected for support scripts."
-        echo " + Perhaps you need to specify one with --with-perl=FILE."
-    fi
-fi
-
-##
-##  SSL support
-##
-if [ ".$module_ssl" = .yes ]; then
-    ssl=1
-fi
-
-##
-##  target name
-##
-if [ "x$TARGET" != "x" ]; then
-    thetarget="$TARGET"
-else
-    thetarget=httpd
-fi
-
-##
-##  expand path variables and make sure
-##  they do not end in a backslash
-##
-OIFS="$IFS"
-IFS="$DIFS"
-for var in prefix exec_prefix bindir sbindir libexecdir mandir \
-           sysconfdir datadir iconsdir htdocsdir manualdir cgidir \
-           includedir localstatedir runtimedir logfiledir \
-           proxycachedir suexec_docroot suexec_logexec ; do
-    eval "val=\"\$$var\"";
-    val=`echo $val | sed -e 's:\(.\)/*$:\1:'`
-    eval "$var=\"$val\""
-    #   expand value
-    eval "val=\$$var"
-    #   automatically add target suffix to path when it's
-    #   requested (path has a trailing plus in config.layout) and
-    #   looks reasonable (i.e. when "apache" or target-name
-    #   still not part of path)
-    eval "autosuffix=\$autosuffix_$var"
-    if [ "x$autosuffix" = "xyes" ]; then
-        addtarget=no
-        if [ "x`echo $val | grep apache`" = "x" ]; then
-            if [ "x`echo $val | grep $thetarget`" = "x" ]; then
-                addtarget=yes
-            fi
-        fi
-        if [ "x$addtarget" = "xyes" ]; then
-            eval "$var=\"\$$var/$thetarget\""
-        fi
-    fi
-done
-IFS="$OIFS"
-
-##
-##  determine special configurable Makefile targets
-##
-if [ "x$support" = "x1" ]; then
-    build_support='build-support'
-    if [ "x$name_layout" = "xBinaryDistribution" ]; then
-        install_support='install-binsupport'
-    else
-        install_support='install-support'
-    fi
-    clean_support='clean-support'
-    distclean_support='distclean-support'
-else
-    build_support=''
-    install_support=''
-    clean_support=''
-    distclean_support=''
-fi
-
-##
-##  determine special configuration parameters
-## 
-##  The checks via /etc/passwd and /etc/group will obviously fail
-##  on platforms using NIS. But then you propably do not want a
-##  UID/GID as production oriented as a web server in NIS anyway.
-##
-if [ "x$port" != "x" ]; then
-    conf_port=$port
-else
-    conf_port="80"
-fi
-conf_port_ssl="443"
-conf_serveradmin="you@your.address"
-conf_servername="new.host.name"
-if [ "x$confadjust" = "x1" ]; then
-    if [ -f /etc/passwd ]; then
-        if [ "x$conf_user" = "x" ]; then
-        for uid in nobody www daemon demon http httpd; do 
-            if [ "x`egrep \^${uid}: /etc/passwd`" != "x" ]; then
-                conf_user="$uid"
-                break
-            fi
-        done
-        fi
-        if [ "x$conf_group" = "x" ]; then
-        for gid in nobody nogroup www daemon demon http httpd; do 
-            if [ "x`egrep \^${gid}: /etc/group`" != "x" ]; then
-                conf_group="$gid"
-                break
-            fi
-        done
-    fi
-    fi
-    if [ "x`${SHELL} $aux/getuid.sh`" != "x0" -a "x$port" = "x" ]; then
-        conf_port="8080"
-        conf_port_ssl="8443"
-    fi
-    conf_serveradmin="`${SHELL} $aux/buildinfo.sh -n %u@%h%d`"
-    conf_servername="`${SHELL} $aux/buildinfo.sh -n %h%d`"
-fi
- 
-##
-## Default server user id and group id if not specified on configure invocation and none
-## of the ids in /etc/passwd or /etc/group worked.
-##
-if [ "x$conf_user" = "x" ]; then
-    conf_user="nobody"
-fi
-if [ "x$conf_group" = "x" ]; then
-    conf_group="\\\\#-1"
-fi
-
-##
-##  determine prefix-relative paths for directories
-##  because Apache supports them for the -d and -f 
-##  options, the LoadModule directive, etc.
-##
-##  [we have to make sure that it ends with a slash
-##   or we cannot support the case where the relative
-##   path is just the emtpy one, i.e. ""]
-##
-runtimedir_relative=`echo $runtimedir | sed -e "s:^$prefix/*::" -e 's:\(.\)$:\1/:'`
-logfiledir_relative=`echo $logfiledir | sed -e "s:^$prefix/*::" -e 's:\(.\)$:\1/:'`
-sysconfdir_relative=`echo $sysconfdir | sed -e "s:^$prefix/*::" -e 's:\(.\)$:\1/:'`
-libexecdir_relative=`echo $libexecdir | sed -e "s:^$prefix/*::" -e 's:\(.\)$:\1/:'`
-
-##
-##  check and debug
-##
-if [ "x$show_layout" = "x1" ]; then
-    echo ""
-    echo "Installation paths:"
-    echo "               prefix: $prefix"
-    echo "          exec_prefix: $exec_prefix" 
-    echo "               bindir: $bindir" 
-    echo "              sbindir: $sbindir" 
-    echo "           libexecdir: $libexecdir" 
-    echo "               mandir: $mandir" 
-    echo "           sysconfdir: $sysconfdir" 
-    echo "              datadir: $datadir" 
-    echo "             iconsdir: $iconsdir" 
-    echo "            htdocsdir: $htdocsdir" 
-    echo "            manualdir: $manualdir" 
-    echo "               cgidir: $cgidir" 
-    echo "           includedir: $includedir" 
-    echo "        localstatedir: $localstatedir" 
-    echo "           runtimedir: $runtimedir" 
-    echo "           logfiledir: $logfiledir" 
-    echo "        proxycachedir: $proxycachedir" 
-    echo ""
-    echo "Compilation paths:"
-    echo "           HTTPD_ROOT: $prefix"
-    echo "      SHARED_CORE_DIR: $libexecdir"
-    echo "       DEFAULT_PIDLOG: ${runtimedir_relative}${thetarget}.pid"
-    echo "   DEFAULT_SCOREBOARD: ${runtimedir_relative}${thetarget}.scoreboard"
-    echo "     DEFAULT_LOCKFILE: ${runtimedir_relative}${thetarget}.lock"
-    echo "     DEFAULT_ERRORLOG: ${logfiledir_relative}error_log"
-    echo "    TYPES_CONFIG_FILE: ${sysconfdir_relative}mime.types"
-    echo "   SERVER_CONFIG_FILE: ${sysconfdir_relative}${thetarget}.conf"
-    echo "   ACCESS_CONFIG_FILE: ${sysconfdir_relative}access.conf"
-    echo " RESOURCE_CONFIG_FILE: ${sysconfdir_relative}srm.conf"
-    echo " SSL_CERTIFICATE_FILE: ${sysconfdir_relative}ssl.crt/server.crt"
-    echo ""
-    if [ "x$suexec" = "x1" ]; then
-        echo "suEXEC setup:"
-        echo "        suexec binary: $sbindir/suexec"
-        echo "        document root: $suexec_docroot"
-        echo "       userdir suffix: $suexec_userdir"
-        echo "              logfile: $suexec_logexec"
-        echo "            safe path: $suexec_safepath"
-        echo "            caller ID: $suexec_caller"
-        echo "      minimum user ID: $suexec_uidmin"
-        echo "     minimum group ID: $suexec_gidmin"
-        if [ "x$suexec_umask" != "x" ]; then
-            echo "                umask: $suexec_umask_val"
-	else
-            echo "                umask: running server's"
-        fi
-        echo ""
-    fi
-    exit 0
-fi
-
-##
-##  create Makefile from Makefile.tmpl
-##
-if [ "x$quiet" = "xno" ]; then
-    echo "Creating $mkf"
-fi
-sed <Makefile.tmpl >$mkf \
--e "s%@PLATFORM@%$PLATFORM%g" \
--e "s%@PERL@%$PERL%g" \
--e "s%@TAR@%$TAR%g" \
--e "s%@TAROPT@%$TAROPT%g" \
--e "s%@SRC@%$src%g" \
--e "s%@MKF@%$mkf%g" \
--e "s%@AUX@%$aux%g" \
--e "s%@TARGET@%$thetarget%g" \
--e "s%@IFLAGS_PROGRAM@%$iflags_program%g" \
--e "s%@IFLAGS_CORE@%$iflags_core%g" \
--e "s%@IFLAGS_DSO@%$iflags_dso%g" \
--e "s%@IFLAGS_SCRIPT@%$iflags_script%g" \
--e "s%@IFLAGS_DATA@%$iflags_data%g" \
--e "s%@prefix@%$prefix%g" \
--e "s%@exec_prefix@%$exec_prefix%g" \
--e "s%@bindir@%$bindir%g" \
--e "s%@sbindir@%$sbindir%g" \
--e "s%@libexecdir@%$libexecdir%g" \
--e "s%@libexecdir_relative@%$libexecdir_relative%g" \
--e "s%@mandir@%$mandir%g" \
--e "s%@sysconfdir@%$sysconfdir%g" \
--e "s%@datadir@%$datadir%g" \
--e "s%@iconsdir@%$iconsdir%g" \
--e "s%@htdocsdir@%$htdocsdir%g" \
--e "s%@manualdir@%$manualdir%g" \
--e "s%@cgidir@%$cgidir%g" \
--e "s%@localstatedir@%$localstatedir%g" \
--e "s%@includedir@%$includedir%g" \
--e "s%@runtimedir@%$runtimedir%g" \
--e "s%@logfiledir@%$logfiledir%g" \
--e "s%@proxycachedir@%$proxycachedir%g" \
--e "s%@suexec@%$suexec%g" \
--e "s%@suexec_caller@%$suexec_caller%g" \
--e "s%@suexec_docroot@%$suexec_docroot%g" \
--e "s%@suexec_logexec@%$suexec_logexec%g" \
--e "s%@suexec_userdir@%$suexec_userdir%g" \
--e "s%@suexec_uidmin@%$suexec_uidmin%g" \
--e "s%@suexec_gidmin@%$suexec_gidmin%g" \
--e "s%@suexec_safepath@%$suexec_safepath%g" \
--e "s%@suexec_umask@%$suexec_umask%g" \
--e "s%@ssl@%$ssl%g" \
--e "s%@conf_user@%$conf_user%g" \
--e "s%@conf_group@%$conf_group%g" \
--e "s%@conf_port@%$conf_port%g" \
--e "s%@conf_port_ssl@%$conf_port_ssl%g" \
--e "s%@conf_serveradmin@%$conf_serveradmin%g" \
--e "s%@conf_servername@%$conf_servername%g" \
--e "s%@build_support@%$build_support%g" \
--e "s%@install_support@%$install_support%g" \
--e "s%@clean_support@%$clean_support%g" \
--e "s%@distclean_support@%$distclean_support%g" \
--e "s%@SHELL@%$SHELL%g"
-
-##
-##  override default paths in $src/include/httpd.h
-##  via command line arguments for the compiler
-##  supplied by a little shell script named $src/apaci
-##
-echo "#!/bin/sh" >$src/apaci
-echo "## USED AS A COMMAND LINE EXPANDER TO OVERRIDE PATHS" >>$src/apaci
-echo "## WITHOUT DISTURBING THE KNOWN MAKE BUILD PROCESS DISPLAY" >>$src/apaci
-echo "echo '-DHTTPD_ROOT=\"$prefix\"'" >>$src/apaci
-echo "echo '-DSUEXEC_BIN=\"$sbindir/suexec\"'" >>$src/apaci
-echo "echo '-DSHARED_CORE_DIR=\"$libexecdir\"'" >>$src/apaci
-echo "echo '-DDEFAULT_PIDLOG=\"${runtimedir_relative}${thetarget}.pid\"'" >>$src/apaci
-echo "echo '-DDEFAULT_SCOREBOARD=\"${runtimedir_relative}${thetarget}.scoreboard\"'" >>$src/apaci
-echo "echo '-DDEFAULT_LOCKFILE=\"${runtimedir_relative}${thetarget}.lock\"'" >>$src/apaci
-echo "echo '-DDEFAULT_ERRORLOG=\"${logfiledir_relative}error_log\"'" >>$src/apaci
-echo "echo '-DTYPES_CONFIG_FILE=\"${sysconfdir_relative}mime.types\"'" >>$src/apaci
-echo "echo '-DSERVER_CONFIG_FILE=\"${sysconfdir_relative}${thetarget}.conf\"'" >>$src/apaci
-echo "echo '-DACCESS_CONFIG_FILE=\"${sysconfdir_relative}access.conf\"'" >>$src/apaci
-echo "echo '-DRESOURCE_CONFIG_FILE=\"${sysconfdir_relative}srm.conf\"'" >>$src/apaci
-echo "echo '-DSSL_CERTIFICATE_FILE=\"${sysconfdir_relative}ssl.crt/server.crt\"'" >>$src/apaci
-echo "echo '-DEAPI_MM_CORE_PATH=\"${runtimedir_relative}${thetarget}.mm\"'" >>$src/apaci
-chmod a+x $src/apaci
-CFLAGS="$CFLAGS \\\`\$(SRCDIR)/apaci\\\`"
-
-##
-##  create $src/Configuration.apaci file
-##
-if [ "x$quiet" = "xno" ]; then
-    echo "Creating Configuration.apaci in $src"
-fi
-rm -f $sedsubst 2>/dev/null
-touch $sedsubst
-
-#   generate settings from imported environment variables
-OIFS="$IFS"
-IFS="$DIFS"
-for var in CC CPP OPTIM CFLAGS CFLAGS_SHLIB LDFLAGS LD_SHLIB LDFLAGS_SHLIB \
-           LDFLAGS_SHLIB_EXPORT LIBS INCLUDES RANLIB DEPS TARGET EAPI_MM SSL_BASE; do
-    eval "val=\"\$$var\"";
-    if [ "x$val" != "x" ]; then
-        case $var in 
-            CFLAGS|LDFLAGS|LIBS|INCLUDES|DEPS) 
-                echo $SEO "s%^#*\\(EXTRA_$var=\\).*%\\1$val%g" >>$sedsubst
-                ;;
-            *)
-                echo $SEO "s%^#*\\($var=\\).*%\\1$val%g" >>$sedsubst
-                ;;
-        esac
-        eval "$var=\"\"; export $var"
-    fi
-done
-IFS="$OIFS"
-
-#   generate rule directives 
-OIFS="$IFS"
-IFS=':'
-for rule in $rules; do
-    name="`echo $rule | tr '[a-z]' '[A-Z]'`"
-    eval "val=\$rule_$rule"
-    echo $SEO "s%^\\(Rule $name=\\).*%\\1$val%g" >>$sedsubst
-    if [ "x$verbose" = "xyes" ]; then
-        echo " + Rule $name=$val"
-    fi
-done
-IFS="$OIFS"
-
-#   consistency checks for shared object support
-some_shares=0
-OIFS="$IFS"
-IFS=':'
-for module in $modules; do
-    eval "share=\$shared_$module"
-    if [ "x$share" = "xyes" ]; then
-        some_shares=1
-    fi
-done
-IFS="$OIFS"
-if [ "x$some_shares" = "x1" ]; then
-    if [ "x$module_so" = "xno" ]; then
-        module_so=yes
-        if [ "x$quiet" = "xno" ]; then
-            echo " + enabling mod_so for DSO support"
-        fi
-    fi
-fi
-if [ "x$shared_so" = "xyes" ]; then
-    shared_so=no
-    echo "configure:Error: Module mod_so cannot be made a DSO itself" 1>&2
-    exit 1
-fi
-
-#   module permutation support
-if [ "x$permute" != "x" ]; then
-    sed -e '/## mod_mmap_static/,$d' <src/Configuration.tmpl >$tplconf
-    OIFS="$IFS"
-    IFS='
-'
-    for line in `cat src/Configuration.tmpl $addconf | egrep '^[# ]*(Add|Shared)Module'`; do
-        name=`echo "$line" |\
-              sed -e 's%^.*/\(.*\)$%\1%' \
-                  -e 's/\.[oa]$//' \
-                  -e 's/\.module$//' \
-                  -e 's/^mod_//' \
-                  -e 's/^lib//'`
-        echo "${name}:${line}"
-    done |\
-    $AWK -F: '
-        BEGIN { 
-            n = 0; 
-        }
-        { 
-            module_pos[$1]  = n; 
-            module_list[n]  = $1; 
-            module_line[$1] = $2;
-            n++; 
-        }
-        END {
-            pn = split(permute, perm, ",");
-            for (p = 1; p <= pn; p++) {
-                split(perm[p], m, ":")
-                m1 = m[1];
-                m2 = m[2];
-                if (m1 == "BEGIN") {
-                    for (i = module_pos[m2]-1; i >= 0; i--) {
-                        n1 = module_list[i];
-                        n2 = module_list[i+1];
-                        module_list[i]   = n2;
-                        module_list[i+1] = n1;
-                        module_pos[n1]   = i+1;
-                        module_pos[n2]   = i;
-                    }
-                }
-                else if (m2 == "END") {
-                    for (i = module_pos[m1]; i < n-1; i++) {
-                        n1 = module_list[i];
-                        n2 = module_list[i+1];
-                        module_list[i]   = n2;
-                        module_list[i+1] = n1;
-                        module_pos[n1]   = i+1;
-                        module_pos[n2]   = i;
-                    }
-                }
-                else {
-                    p1 = module_pos[m1];
-                    p2 = module_pos[m2];
-                    n1 = module_list[p1];
-                    n2 = module_list[p2];
-                    module_list[p1] = n2;
-                    module_list[p2] = n1;
-                    module_pos[m1] = p2;
-                    module_pos[m2] = p1;
-                }
-            }
-            for (i = 0; i < n; i++) {
-                name = module_list[i];
-                printf("%s\n", module_line[name]);
-            }
-        }
-    ' "permute=$permute" >>$tplconf
-    IFS="$OIFS"
-else
-    cat $src/Configuration.tmpl $addconf >$tplconf
-fi
-
-#   generate module directives
-#   (paths are modules/foo/mod_bar.ext and modules/foo/libbar.ext)
-OIFS="$IFS"
-IFS=':'
-for module in $modules; do
-    eval "add=\$module_$module"
-    if [ "x$add" = "xyes" ]; then
-        echo $SEO "s%^.*\\(AddModule.*mod_$module\\..*\\)%\\1%g" >>$sedsubst
-        echo $SEO "s%^.*\\(AddModule.*lib$module\\..*\\)%\\1%g" >>$sedsubst
-        echo $SEO "s%^.*\\(SharedModule.*mod_$module\\..*\\)%\\1%g" >>$sedsubst
-        echo $SEO "s%^.*\\(SharedModule.*lib$module\\..*\\)%\\1%g" >>$sedsubst
-        m="yes"
-    else
-        echo $SEO "s%^.*\\(AddModule.*mod_$module\\..*\\)%# \\1%g" >>$sedsubst
-        echo $SEO "s%^.*\\(AddModule.*lib$module\\..*\\)%# \\1%g" >>$sedsubst
-        echo $SEO "s%^.*\\(SharedModule.*mod_$module\\..*\\)%# \\1%g" >>$sedsubst
-        echo $SEO "s%^.*\\(SharedModule.*lib$module\\..*\\)%# \\1%g" >>$sedsubst
-        m=no
-    fi
-    eval "share=\$shared_$module"
-    if [ "x$share" = "xyes" ]; then
-        echo $SEO "s%^\\(.*\\)AddModule\\(.*mod_$module\\.\\)[oam].*\\(.*\\)%\\1SharedModule\\2so\\3%g" >>$sedsubst
-        echo $SEO "s%^\\(.*\\)AddModule\\(.*lib$module\\.\\)[oam].*\\(.*\\)%\\1SharedModule\\2so\\3%g" >>$sedsubst
-        m="$m [shared]"
-    fi
-    if [ "x$verbose" = "xyes" ]; then
-        echo " + Module $module: $m"
-    fi
-done
-IFS="$OIFS"
-
-# translate module names to dll names for OS/2 so that they are no more
-# than 8 characters long and have an extension of "dll" instead of "so"
-case $PLATFORM in
-    *OS/2* ) 
-        echo $SEO "s%/mod_\\(.\\{1,8\\}\\).*\\.so%/\\1\\.dll%" >>$sedsubst
-        echo $SEO "s%/\\(lib.*\\)\\.so$%/\\1.dll%" >>$sedsubst
-        ;;
-    *cygwin* ) 
-        echo $SEO "s%/\\(mod_.*\\)\\.so$%/\\1.dll%" >>$sedsubst
-        echo $SEO "s%/\\(lib.*\\)\\.so$%/\\1.dll%" >>$sedsubst
-        ;;
-esac
-
-#   split sedsubst into chunks of 50 commands
-#   to workaround limits in braindead seds
-files=`$AWK <$sedsubst '
-    BEGIN { line=0; cnt=0; }
-    {
-        if (line % 50 == 0) {
-            file = sedsubst "." cnt;
-            printf("%s\n", file);
-            cnt++;
-        }
-        line++;
-        print $0 >file;
-    }
-' "sedsubst=$sedsubst"`
-OIFS="$IFS"
-IFS="$DIFS"
-substcmd=""
-for file in $files; do
-    substcmd="${substcmd} sed -f $file |"
-done
-substcmd="${substcmd} cat"
-IFS="$OIFS"
-
-#   and finally translate the config template 
-#   according to our defined configuration
-eval "cat $tplconf | $substcmd >$src/Configuration.apaci"
-
-#   cleanup
-rm -f $sedsubst $sedsubst.[0-9] 2>/dev/null
-rm -f $addconf 2>/dev/null
-rm -f $tplconf 2>/dev/null
-
-##
-##  create all other Makefiles by running the proprietary 
-##  $src/Configure script with our custom Configuration.apaci file
-##
-if [ "x$verbose" = "xyes" ]; then
-    vflag="-v";
-fi
-exec 4>&1
-rc=`if [ "x$quiet" = "xyes" ]; then
-    (cd $src; ${SHELL} ./Configure ${vflag} -file Configuration.apaci >/dev/null; echo $? >&3; );
-else
-    (cd $src; (${SHELL} ./Configure ${vflag} -file Configuration.apaci; echo $? >&3; ) |\
-     sed -e '/^Using config file:.*/d' \
-         -e "s:Makefile in :Makefile in $src\\/:" \
-         -e "s:Makefile\$:Makefile in $src:" >&4 )
-fi 3>&1`
-
-## Ugly. So far, we've only used -eq, so just in case, use this
-## stupid code unless we're *sure* that -ne is also available
-if [ $rc -eq 0 ]; then
-    :
-else
-    exit 1
-fi
-
-##
-##  final hints
-##
-if [ "x$quiet" = "xno" ]; then
-    if [ "x$shadow" != "x" ]; then
-        echo "Hint: You now have to build inside $shadow."
-        echo "This can be done either by running the canonical commands"
-        echo "  \$ cd $shadow"
-        echo "  \$ make"
-        echo "  \$ make install"
-        echo "or by running this alternative commands"
-        echo "  \$ make -f $shadow/Makefile"
-        echo "  \$ make -f $shadow/Makefile install"
-    fi
-fi
-
diff --git a/usr.sbin/httpd/htdocs/apache_pb.gif b/usr.sbin/httpd/htdocs/apache_pb.gif
deleted file mode 100644
index 3a1c139fc42..00000000000
--- a/usr.sbin/httpd/htdocs/apache_pb.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/blowfish.jpg b/usr.sbin/httpd/htdocs/blowfish.jpg
deleted file mode 100644
index 8904acfeb25..00000000000
--- a/usr.sbin/httpd/htdocs/blowfish.jpg
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/bsd_small.gif b/usr.sbin/httpd/htdocs/bsd_small.gif
deleted file mode 100644
index 07d48f7d282..00000000000
--- a/usr.sbin/httpd/htdocs/bsd_small.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/index.html b/usr.sbin/httpd/htdocs/index.html
deleted file mode 100644
index 74502aab3d2..00000000000
--- a/usr.sbin/httpd/htdocs/index.html
+++ /dev/null
@@ -1,66 +0,0 @@
-<!doctype html public "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-<title>Test Page for Apache Installation</title>
-</head>
-<body bgcolor="#ffffff">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
-<tr>
-    <td bgcolor="99ffff">
-<a href="http://www.openbsd.org/"><img alt="[OpenBSD]" border="0" height=30 width=141 SRC="smalltitle.gif"></a><br>
-<b><font color="#ee0000" size="18">&nbsp;Apache</font></b>
-    </td>
-</tr>
-<tr>
-    <td bgcolor="0000cc">&nbsp;</td>
-</tr>
-</table>
-
-<h1 align="center">It Worked!</h1>
-<p>
-    If you can see this page, then the people who own this host have just
-    activated the <a href="http://httpd.apache.org/">Apache Web server</a>
-    software included with their <a href="http://www.openbsd.org/">
-    OpenBSD System</a>. They now have to add content to this directory
-    and replace this placeholder page, or else point the server at their real
-    content.
-</p>
-
-<h1 align="center">Documentation</h1>
-
-<p>
-    The Apache manual is available with distribution as part of the 
-    <a href="http://www.openbsd.org/faq/faq4.html#FilesNeeded">man</a> file set,
-    and installed in /usr/share/doc/html/httpd.<br>
-    Especially read the SSL documentation carefully within the manual, in addition to 
-    the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&format=html&sektion=8">ssl(8)</a> and
-    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&format=html">httpd(8)</a> manual pages.
-</p>
-<h1 align="center">Graphics</h1>
-<p>
-    You are free to use the image below on an Apache-powered web
-    server.
-</p>
-<p align="center">
-    <img src="apache_pb.gif" alt="[Powered by Apache]">
-</p>
-<p>
-    You can also use the image below on an
-    <a href="http://www.openbsd.org/">OpenBSD</a>-powered web server.
-    Many other <a href="http://www.openbsd.org/art1.html">OpenBSD images</a> are also
-    available.
-</p>
-<p align="center">
-    <img src="openbsd_pb.gif" alt="[Powered by OpenBSD]">
-</p>
-<p>
-    These images are also appropriate for a webserver using
-    <a href="http://www.modssl.org/">mod_ssl</a> with
-    <a href="http://www.openssl.org/">OpenSSL</a> cryptography.
-</p>
-<p align="center">
-    <img src="mod_ssl_sb.gif">
-    <img src="openssl_ics.gif">
-</p>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/lock.gif b/usr.sbin/httpd/htdocs/lock.gif
deleted file mode 100644
index f2ddb92506a..00000000000
--- a/usr.sbin/httpd/htdocs/lock.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/logo23.jpg b/usr.sbin/httpd/htdocs/logo23.jpg
deleted file mode 100644
index a37b41ac89b..00000000000
--- a/usr.sbin/httpd/htdocs/logo23.jpg
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/logo24.jpg b/usr.sbin/httpd/htdocs/logo24.jpg
deleted file mode 100644
index 7872e70ba9d..00000000000
--- a/usr.sbin/httpd/htdocs/logo24.jpg
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/LICENSE b/usr.sbin/httpd/htdocs/manual/LICENSE
deleted file mode 100644
index 886dacf5191..00000000000
--- a/usr.sbin/httpd/htdocs/manual/LICENSE
+++ /dev/null
@@ -1,58 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
diff --git a/usr.sbin/httpd/htdocs/manual/TODO b/usr.sbin/httpd/htdocs/manual/TODO
deleted file mode 100644
index 975ac8e68ea..00000000000
--- a/usr.sbin/httpd/htdocs/manual/TODO
+++ /dev/null
@@ -1,4 +0,0 @@
-Documentation changes/enhancements needed:
-
-- Documentation for mod_expires
-- Documentation for Satisfy
diff --git a/usr.sbin/httpd/htdocs/manual/bind.html b/usr.sbin/httpd/htdocs/manual/bind.html
deleted file mode 100644
index cb607b7ebc0..00000000000
--- a/usr.sbin/httpd/htdocs/manual/bind.html
+++ /dev/null
@@ -1,144 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Setting which addresses and ports Apache uses</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Setting which addresses and ports Apache
-    uses</h1>
-    <hr />
-    When Apache starts, it connects to some port and address on the
-    local machine and waits for incoming requests. By default, it
-    listens to all addresses on the machine, and to the port as
-    specified by the <tt>Port</tt> directive in the server
-    configuration. However, it can be told to listen to more the
-    one port, or to listen to only selected addresses, or a
-    combination. This is often combined with the Virtual Host
-    feature which determines how Apache responds to different IP
-    addresses, hostnames and ports. 
-
-    <p>There are two directives used to restrict or specify which
-    addresses and ports Apache listens to.</p>
-
-    <ul>
-      <li><a href="#bindaddress">BindAddress</a> is used to
-      restrict the server to listening to a single address, and can
-      be used to permit multiple Apache servers on the same machine
-      listening to different IP addresses.</li>
-
-      <li><a href="#listen">Listen</a> can be used to make a single
-      Apache server listen to more than one address and/or
-      port.</li>
-    </ul>
-
-    <h3><a id="bindaddress" name="bindaddress">BindAddress</a></h3>
-    <a href="mod/directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> BindAddress <em>[ * |
-    IP-address | hostname ]</em><br />
-     <a href="mod/directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>BindAddress
-    *</code><br />
-     <a href="mod/directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="mod/directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core 
-
-    <p>Makes the server bind to just the specified address. If the
-    argument is * (an asterisk), the server binds to all interfaces
-    currently marked as up on the server. The port bound to is set
-    with the <tt>Port</tt> directive. Only one BindAddress should
-    be used.</p>
-
-    <h3><a id="listen" name="listen">Listen</a></h3>
-    <a href="mod/directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Listen <em>[ port |
-    IP-address:port ]</em><br />
-     <a href="mod/directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>none</code><br />
-     <a href="mod/directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="mod/directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core 
-
-    <p><tt>Listen</tt> can be used instead of <tt>BindAddress</tt>
-    and <tt>Port</tt>. It tells the server to accept incoming
-    requests (to listen) on the specified port or address-and-port
-    combination. If the first format is used, with a port number
-    only, the server listens on the given port on all interfaces
-    marked as up, instead of the port given by the <tt>Port</tt>
-    directive. If an IP address is given as well as a port, the
-    server will listen on the given port and interface.</p>
-
-    <p>Multiple Listen directives may be used to specify a number
-    of addresses and ports to listen to. The server will respond to
-    requests from any of the listed addresses and ports.</p>
-
-    <p>For example, to make the server accept connections on both
-    port 80 and port 8000, use:</p>
-<pre>
-   Listen 80
-   Listen 8000
-</pre>
-    To make the server accept connections on two specified
-    interfaces and port numbers, use 
-<pre>
-   Listen 192.170.2.1:80
-   Listen 192.170.2.5:8000
-</pre>
-
-    <h2>How this works with Virtual Hosts</h2>
-    <tt>BindAddress</tt> and <tt>Listen</tt> do not implement
-    Virtual Hosts. They tell the main Apache daemon process what
-    addresses and ports to bind and listen on. If no
-    &lt;VirtualHost&gt; directives are used, the server will behave
-    the same for all accepted requests. However,
-    &lt;VirtualHost&gt; can be used to specify a different behavior
-    for one or more of the addresses and ports. To implement a
-    VirtualHost, the server must: 
-
-    <ul>
-      <li>Be told to <tt>Listen</tt> to the desired address and
-      port</li>
-
-      <li>Have a &lt;VirtualHost&gt; section created for the
-      specified address and port to set the behavior of this
-      virtual host</li>
-    </ul>
-    Note that if the &lt;VirtualHost&gt; is set for an address and
-    port that the server is not listening to, it cannot be
-    accessed. 
-
-    <h2>See also</h2>
-    See also the documentation on <a href="vhosts/">Virtual
-    Hosts</a>, <a href="mod/core.html#bindaddress">BindAddress
-    directive</a>, <a href="mod/core.html#port">Port directive</a>,
-    <a href="dns-caveats.html">DNS Issues</a> and <a
-    href="mod/core.html#virtualhost">&lt;VirtualHost&gt;
-    section</a>.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/configuring.html b/usr.sbin/httpd/htdocs/manual/configuring.html
deleted file mode 100644
index f0c65648fcc..00000000000
--- a/usr.sbin/httpd/htdocs/manual/configuring.html
+++ /dev/null
@@ -1,265 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Configuration Files</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Configuration Files</h1>
-
-    <ul>
-      <li><a href="#main">Main Configuration Files</a></li>
-
-      <li><a href="#syntax">Syntax of the Configuration
-      Files</a></li>
-
-      <li><a href="#modules">Modules</a></li>
-
-      <li><a href="#scope">Scope of Directives</a></li>
-
-      <li><a href="#htaccess">.htaccess Files</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="main" name="main">Main Configuration Files</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="mod/mod_mime.html">mod_mime</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="mod/core.html#accessconfig">AccessConfig</a><br />
-         <a
-        href="mod/core.html#ifdefine">&lt;IfDefine&gt;</a><br />
-         <a href="mod/core.html#include">Include</a><br />
-         <a
-        href="mod/core.html#resourceconfig">ResourceConfig</a><br />
-         <a
-        href="mod/mod_mime.html#typesconfig">TypesConfig</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>Apache is configured by placing <a
-    href="mod/directives.html">directives</a> in plain text
-    configuration files. The main configuration file is usually
-    called <code>httpd.conf</code>. The location of this file is
-    set at compile-time, but may be overridden with the
-    <code>-f</code> command line flag. Some sites also have
-    <code>srm.conf</code> and <code>access.conf</code> files for <a
-    href="http://httpd.apache.org/info/three-config-files.html">historical
-    reasons</a>. In addition, other configuration files may be
-    added using the <code><a
-    href="mod/core.html#include">Include</a></code> directive. Any
-    directive may be placed in any of these configuration files.
-    Changes to the main configuration files are only recognized by
-    Apache when it is started or restarted.</p>
-
-    <p>New with Apache 1.3.13 is a feature where if any
-    configuration file is actually a directory, Apache will enter
-    that directory and parse any files (and subdirectories) found
-    there as configuration files. One possible use for this would
-    be to add VirtualHosts by creating small configuration files
-    for each host, and placing them in such a configuration
-    directory. Thus, you can add or remove VirtualHosts without
-    editing any files at all, simply adding or deleting them. This
-    makes automating such processes much easier.</p>
-
-    <p>The server also reads a file containing mime document types;
-    the filename is set by the <a
-    href="mod/mod_mime.html#typesconfig">TypesConfig</a> directive,
-    and is <code>mime.types</code> by default.</p>
-    <hr />
-
-    <h2><a id="syntax" name="syntax">Syntax of the Configuration
-    Files</a></h2>
-
-    <p>Apache configuration files contain one directive per line.
-    The back-slash "\" may be used as the last character on a line
-    to indicate that the directive continues onto the next line.
-    There must be no other characters or white space between the
-    back-slash and the end of the line.</p>
-
-    <p>Directives in the configuration files are case-insensitive,
-    but arguments to directives are often case sensitive. Lines
-    which begin with the hash character "#" are considered
-    comments, and are ignored. Comments may <strong>not</strong> be
-    included on a line after a configuration directive. Blank lines
-    and white space occurring before a directive are ignored, so
-    you may indent directives for clarity.</p>
-
-    <p>You can check your configuration files for syntax errors
-    without starting the server by using <code>apachectl
-    configtest</code> or the <code>-t</code> command line
-    option.</p>
-    <hr />
-
-    <h2><a id="modules" name="modules">Modules</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="mod/mod_so.html">mod_so</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="mod/core.html#addmodule">AddModule</a><br />
-         <a
-        href="mod/core.html#clearmodulelist">ClearModuleList</a><br />
-         <a
-        href="mod/core.html#ifmodule">&lt;IfModule&gt;</a><br />
-         <a href="mod/mod_so.html#loadmodule">LoadModule</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>Apache is a modular server. This implies that only the most
-    basic functionality is included in the core server. Extended
-    features are available through <a
-    href="mod/index-bytype.html">modules</a> which can be loaded
-    into Apache. By default, a <a
-    href="mod/module-dict.html#Status">base</a> set of modules is
-    included in the server at compile-time. If the server is
-    compiled to use <a href="dso.html">dynamically loaded</a>
-    modules, then modules can be compiled separately and added at
-    any time using the <a
-    href="mod/mod_so.html#loadmodule">LoadModule</a> directive.
-    Otherwise, Apache must be recompiled to add or remove modules.
-    Configuration directives may be included conditional on a
-    presence of a particular module by enclosing them in an <a
-    href="mod/core.html#ifmodule">&lt;IfModule&gt;</a> block.</p>
-
-    <p>To see which modules are currently compiled into the server,
-    you can use the <code>-l</code> command line option.</p>
-    <hr />
-
-    <h2><a id="scope" name="scope">Scope of Directives</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="mod/core.html#directory">&lt;Directory&gt;</a><br />
-         <a
-        href="mod/core.html#directorymatch">&lt;DirectoryMatch&gt;</a><br />
-         <a href="mod/core.html#files">&lt;Files&gt;</a><br />
-         <a
-        href="mod/core.html#filesmatch">&lt;FilesMatch&gt;</a><br />
-         <a
-        href="mod/core.html#location">&lt;Location&gt;</a><br />
-         <a
-        href="mod/core.html#locationmatch">&lt;LocationMatch&gt;</a><br />
-         <a
-        href="mod/core.html#virtualhost">&lt;VirtualHost&gt;</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>Directives placed in the main configuration files apply to
-    the entire server. If you wish to change the configuration for
-    only a part of the server, you can scope your directives by
-    placing them in <code><a
-    href="mod/core.html#directory">&lt;Directory&gt;</a>, <a
-    href="mod/core.html#directorymatch">&lt;DirectoryMatch&gt;</a>,
-    <a href="mod/core.html#files">&lt;Files&gt;</a>, <a
-    href="mod/core.html#filesmatch">&lt;FilesMatch&gt;</a>, <a
-    href="mod/core.html#location">&lt;Location&gt;</a>,</code> and
-    <code><a
-    href="mod/core.html#locationmatch">&lt;LocationMatch&gt;</a></code>
-    sections. These sections limit the application of the
-    directives which they enclose to particular filesystem
-    locations or URLs. They can also be nested, allowing for very
-    fine grained configuration.</p>
-
-    <p>Apache has the capability to serve many different websites
-    simultaneously. This is called <a href="vhosts/">Virtual
-    Hosting</a>. Directives can also be scoped by placing them
-    inside <code><a
-    href="mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>
-    sections, so that they will only apply to requests for a
-    particular website.</p>
-
-    <p>Although most directives can be placed in any of these
-    sections, some directives do not make sense in some contexts.
-    For example, directives controlling process creation can only
-    be placed in the main server context. To find which directives
-    can be placed in which sections, check the <a
-    href="mod/directive-dict.html#Context">Context</a> of the
-    directive. For further information, we provide details on <a
-    href="sections.html">How Directory, Location and Files sections
-    work</a>.</p>
-    <hr />
-
-    <h2><a id="htaccess" name="htaccess">.htaccess Files</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="mod/core.html#accessfilename">AccessFileName</a><br />
-         <a
-        href="mod/core.html#allowoverride">AllowOverride</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>Apache allows for decentralized management of configuration
-    via special files placed inside the web tree. The special files
-    are usually called <code>.htaccess</code>, but any name can be
-    specified in the <a
-    href="mod/core.html#accessfilename"><code>AccessFileName</code></a>
-    directive. Directives placed in <code>.htaccess</code> files
-    apply to the directory where you place the file, and all
-    sub-directories. The <code>.htaccess</code> files follow the
-    same syntax as the main configuration files. Since
-    <code>.htaccess</code> files are read on every request, changes
-    made in these files take immediate effect.</p>
-
-    <p>To find which directives can be placed in
-    <code>.htaccess</code> files, check the <a
-    href="mod/directive-dict.html#Context">Context</a> of the
-    directive. The server administrator further controls what
-    directives may be placed in <code>.htaccess</code> files by
-    configuring the <a
-    href="mod/core.html#allowoverride"><code>AllowOverride</code></a>
-    directive in the main configuration files.</p>
-
-    <p>For more information on <code>.htaccess</code> files, see
-    Ken Coar's tutorial on <a
-    href="http://apache-server.com/tutorials/ATusing-htaccess.html">
-    Using .htaccess Files with Apache</a>.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/content-negotiation.html b/usr.sbin/httpd/htdocs/manual/content-negotiation.html
deleted file mode 100644
index ea541120ab0..00000000000
--- a/usr.sbin/httpd/htdocs/manual/content-negotiation.html
+++ /dev/null
@@ -1,678 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Content Negotiation</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Content Negotiation</h1>
-
-    <p>Apache's support for content negotiation has been updated to
-    meet the HTTP/1.1 specification. It can choose the best
-    representation of a resource based on the browser-supplied
-    preferences for media type, languages, character set and
-    encoding. It is also implements a couple of features to give
-    more intelligent handling of requests from browsers which send
-    incomplete negotiation information.</p>
-
-    <p>Content negotiation is provided by the <a
-    href="mod/mod_negotiation.html">mod_negotiation</a> module,
-    which is compiled in by default.</p>
-    <hr />
-
-    <h2>About Content Negotiation</h2>
-
-    <p>A resource may be available in several different
-    representations. For example, it might be available in
-    different languages or different media types, or a combination.
-    One way of selecting the most appropriate choice is to give the
-    user an index page, and let them select. However it is often
-    possible for the server to choose automatically. This works
-    because browsers can send as part of each request information
-    about what representations they prefer. For example, a browser
-    could indicate that it would like to see information in French,
-    if possible, else English will do. Browsers indicate their
-    preferences by headers in the request. To request only French
-    representations, the browser would send</p>
-<pre>
-  Accept-Language: fr
-</pre>
-
-    <p>Note that this preference will only be applied when there is
-    a choice of representations and they vary by language.</p>
-
-    <p>As an example of a more complex request, this browser has
-    been configured to accept French and English, but prefer
-    French, and to accept various media types, preferring HTML over
-    plain text or other text types, and preferring GIF or JPEG over
-    other media types, but also allowing any other media type as a
-    last resort:</p>
-<pre>
-  Accept-Language: fr; q=1.0, en; q=0.5
-  Accept: text/html; q=1.0, text/*; q=0.8, image/gif; q=0.6,
-        image/jpeg; q=0.6, image/*; q=0.5, */*; q=0.1
-</pre>
-    Apache 1.2 supports 'server driven' content negotiation, as
-    defined in the HTTP/1.1 specification. It fully supports the
-    Accept, Accept-Language, Accept-Charset and Accept-Encoding
-    request headers. Apache 1.3.4 also supports 'transparent'
-    content negotiation, which is an experimental negotiation
-    protocol defined in RFC 2295 and RFC 2296. It does not offer
-    support for 'feature negotiation' as defined in these RFCs. 
-
-    <p>A <strong>resource</strong> is a conceptual entity
-    identified by a URI (RFC 2396). An HTTP server like Apache
-    provides access to <strong>representations</strong> of the
-    resource(s) within its namespace, with each representation in
-    the form of a sequence of bytes with a defined media type,
-    character set, encoding, etc. Each resource may be associated
-    with zero, one, or more than one representation at any given
-    time. If multiple representations are available, the resource
-    is referred to as <strong>negotiable</strong> and each of its
-    representations is termed a <strong>variant</strong>. The ways
-    in which the variants for a negotiable resource vary are called
-    the <strong>dimensions</strong> of negotiation.</p>
-
-    <h2>Negotiation in Apache</h2>
-
-    <p>In order to negotiate a resource, the server needs to be
-    given information about each of the variants. This is done in
-    one of two ways:</p>
-
-    <ul>
-      <li>Using a type map (<em>i.e.</em>, a <code>*.var</code>
-      file) which names the files containing the variants
-      explicitly, or</li>
-
-      <li>Using a 'MultiViews' search, where the server does an
-      implicit filename pattern match and chooses from among the
-      results.</li>
-    </ul>
-
-    <h3>Using a type-map file</h3>
-
-    <p>A type map is a document which is associated with the
-    handler named <code>type-map</code> (or, for
-    backwards-compatibility with older Apache configurations, the
-    mime type <code>application/x-type-map</code>). Note that to
-    use this feature, you must have a handler set in the
-    configuration that defines a file suffix as
-    <code>type-map</code>; this is best done with a</p>
-<pre>
-  AddHandler type-map .var
-</pre>
-    in the server configuration file. See the comments in the
-    sample config file for more details. 
-
-    <p>Type map files have an entry for each available variant;
-    these entries consist of contiguous HTTP-format header lines.
-    Entries for different variants are separated by blank lines.
-    Blank lines are illegal within an entry. It is conventional to
-    begin a map file with an entry for the combined entity as a
-    whole (although this is not required, and if present will be
-    ignored). An example map file is:</p>
-<pre>
-  URI: foo
-
-  URI: foo.en.html
-  Content-type: text/html
-  Content-language: en
-
-  URI: foo.fr.de.html
-  Content-type: text/html;charset=iso-8859-2
-  Content-language: fr, de
-</pre>
-    If the variants have different source qualities, that may be
-    indicated by the "qs" parameter to the media type, as in this
-    picture (available as jpeg, gif, or ASCII-art): 
-<pre>
-  URI: foo
-
-  URI: foo.jpeg
-  Content-type: image/jpeg; qs=0.8
-
-  URI: foo.gif
-  Content-type: image/gif; qs=0.5
-
-  URI: foo.txt
-  Content-type: text/plain; qs=0.01
-</pre>
-
-    <p>qs values can vary in the range 0.000 to 1.000. Note that
-    any variant with a qs value of 0.000 will never be chosen.
-    Variants with no 'qs' parameter value are given a qs factor of
-    1.0. The qs parameter indicates the relative 'quality' of this
-    variant compared to the other available variants, independent
-    of the client's capabilities. For example, a jpeg file is
-    usually of higher source quality than an ascii file if it is
-    attempting to represent a photograph. However, if the resource
-    being represented is an original ascii art, then an ascii
-    representation would have a higher source quality than a jpeg
-    representation. A qs value is therefore specific to a given
-    variant depending on the nature of the resource it
-    represents.</p>
-
-    <p>The full list of headers recognized is:</p>
-
-    <dl>
-      <dt><code>URI:</code></dt>
-
-      <dd>uri of the file containing the variant (of the given
-      media type, encoded with the given content encoding). These
-      are interpreted as URLs relative to the map file; they must
-      be on the same server (!), and they must refer to files to
-      which the client would be granted access if they were to be
-      requested directly.</dd>
-
-      <dt><code>Content-Type:</code></dt>
-
-      <dd>media type --- charset, level and "qs" parameters may be
-      given. These are often referred to as MIME types; typical
-      media types are <code>image/gif</code>,
-      <code>text/plain</code>, or
-      <code>text/html;&nbsp;level=3</code>.</dd>
-
-      <dt><code>Content-Language:</code></dt>
-
-      <dd>The languages of the variant, specified as an Internet
-      standard language tag from RFC 1766 (<em>e.g.</em>,
-      <code>en</code> for English, <code>kr</code> for Korean,
-      <em>etc.</em>).</dd>
-
-      <dt><code>Content-Encoding:</code></dt>
-
-      <dd>If the file is compressed, or otherwise encoded, rather
-      than containing the actual raw data, this says how that was
-      done. Apache only recognizes encodings that are defined by an
-      <a href="mod/mod_mime.html#addencoding">AddEncoding</a>
-      directive. This normally includes the encodings
-      <code>x-compress</code> for compress'd files, and
-      <code>x-gzip</code> for gzip'd files. The <code>x-</code>
-      prefix is ignored for encoding comparisons.</dd>
-
-      <dt><code>Content-Length:</code></dt>
-
-      <dd>The size of the file. Specifying content lengths in the
-      type-map allows the server to compare file sizes without
-      checking the actual files.</dd>
-
-      <dt><code>Description:</code></dt>
-
-      <dd>A human-readable textual description of the variant. If
-      Apache cannot find any appropriate variant to return, it will
-      return an error response which lists all available variants
-      instead. Such a variant list will include the human-readable
-      variant descriptions.</dd>
-    </dl>
-
-    <h3>Multiviews</h3>
-
-    <p><code>MultiViews</code> is a per-directory option, meaning
-    it can be set with an <code>Options</code> directive within a
-    <code>&lt;Directory&gt;</code>, <code>&lt;Location&gt;</code>
-    or <code>&lt;Files&gt;</code> section in
-    <code>access.conf</code>, or (if <code>AllowOverride</code> is
-    properly set) in <code>.htaccess</code> files. Note that
-    <code>Options All</code> does not set <code>MultiViews</code>;
-    you have to ask for it by name.</p>
-
-    <p>The effect of <code>MultiViews</code> is as follows: if the
-    server receives a request for <code>/some/dir/foo</code>, if
-    <code>/some/dir</code> has <code>MultiViews</code> enabled, and
-    <code>/some/dir/foo</code> does <em>not</em> exist, then the
-    server reads the directory looking for files named foo.*, and
-    effectively fakes up a type map which names all those files,
-    assigning them the same media types and content-encodings it
-    would have if the client had asked for one of them by name. It
-    then chooses the best match to the client's requirements.</p>
-
-    <p><code>MultiViews</code> may also apply to searches for the
-    file named by the <code>DirectoryIndex</code> directive, if the
-    server is trying to index a directory. If the configuration
-    files specify</p>
-<pre>
-  DirectoryIndex index
-</pre>
-    then the server will arbitrate between <code>index.html</code>
-    and <code>index.html3</code> if both are present. If neither
-    are present, and <code>index.cgi</code> is there, the server
-    will run it. 
-
-    <p>If one of the files found when reading the directive is a
-    CGI script, it's not obvious what should happen. The code gives
-    that case special treatment --- if the request was a POST, or a
-    GET with QUERY_ARGS or PATH_INFO, the script is given an
-    extremely high quality rating, and generally invoked; otherwise
-    it is given an extremely low quality rating, which generally
-    causes one of the other views (if any) to be retrieved.</p>
-
-    <h2>The Negotiation Methods</h2>
-    After Apache has obtained a list of the variants for a given
-    resource, either from a type-map file or from the filenames in
-    the directory, it invokes one of two methods to decide on the
-    'best' variant to return, if any. It is not necessary to know
-    any of the details of how negotiation actually takes place in
-    order to use Apache's content negotiation features. However the
-    rest of this document explains the methods used for those
-    interested. 
-
-    <p>There are two negotiation methods:</p>
-
-    <ol>
-      <li><strong>Server driven negotiation with the Apache
-      algorithm</strong> is used in the normal case. The Apache
-      algorithm is explained in more detail below. When this
-      algorithm is used, Apache can sometimes 'fiddle' the quality
-      factor of a particular dimension to achieve a better result.
-      The ways Apache can fiddle quality factors is explained in
-      more detail below.</li>
-
-      <li><strong>Transparent content negotiation</strong> is used
-      when the browser specifically requests this through the
-      mechanism defined in RFC 2295. This negotiation method gives
-      the browser full control over deciding on the 'best' variant,
-      the result is therefore dependent on the specific algorithms
-      used by the browser. As part of the transparent negotiation
-      process, the browser can ask Apache to run the 'remote
-      variant selection algorithm' defined in RFC 2296.</li>
-    </ol>
-
-    <h3>Dimensions of Negotiation</h3>
-
-    <table>
-      <tr valign="top">
-        <th>Dimension</th>
-
-        <th>Notes</th>
-      </tr>
-
-      <tr valign="top">
-        <td>Media Type</td>
-
-        <td>Browser indicates preferences with the Accept header
-        field. Each item can have an associated quality factor.
-        Variant description can also have a quality factor (the
-        "qs" parameter).</td>
-      </tr>
-
-      <tr valign="top">
-        <td>Language</td>
-
-        <td>Browser indicates preferences with the Accept-Language
-        header field. Each item can have a quality factor. Variants
-        can be associated with none, one or more than one
-        language.</td>
-      </tr>
-
-      <tr valign="top">
-        <td>Encoding</td>
-
-        <td>Browser indicates preference with the Accept-Encoding
-        header field. Each item can have a quality factor.</td>
-      </tr>
-
-      <tr valign="top">
-        <td>Charset</td>
-
-        <td>Browser indicates preference with the Accept-Charset
-        header field. Each item can have a quality factor. Variants
-        can indicate a charset as a parameter of the media
-        type.</td>
-      </tr>
-    </table>
-
-    <h3>Apache Negotiation Algorithm</h3>
-
-    <p>Apache can use the following algorithm to select the 'best'
-    variant (if any) to return to the browser. This algorithm is
-    not further configurable. It operates as follows:</p>
-
-    <ol>
-      <li>First, for each dimension of the negotiation, check the
-      appropriate <em>Accept*</em> header field and assign a
-      quality to each variant. If the <em>Accept*</em> header for
-      any dimension implies that this variant is not acceptable,
-      eliminate it. If no variants remain, go to step 4.</li>
-
-      <li>
-        Select the 'best' variant by a process of elimination. Each
-        of the following tests is applied in order. Any variants
-        not selected at each test are eliminated. After each test,
-        if only one variant remains, select it as the best match
-        and proceed to step 3. If more than one variant remains,
-        move on to the next test. 
-
-        <ol>
-          <li>Multiply the quality factor from the Accept header
-          with the quality-of-source factor for this variant's
-          media type, and select the variants with the highest
-          value.</li>
-
-          <li>Select the variants with the highest language quality
-          factor.</li>
-
-          <li>Select the variants with the best language match,
-          using either the order of languages in the
-          Accept-Language header (if present), or else the order of
-          languages in the <code>LanguagePriority</code> directive
-          (if present).</li>
-
-          <li>Select the variants with the highest 'level' media
-          parameter (used to give the version of text/html media
-          types).</li>
-
-          <li>Select variants with the best charset media
-          parameters, as given on the Accept-Charset header line.
-          Charset ISO-8859-1 is acceptable unless explicitly
-          excluded. Variants with a <code>text/*</code> media type
-          but not explicitly associated with a particular charset
-          are assumed to be in ISO-8859-1.</li>
-
-          <li>Select those variants which have associated charset
-          media parameters that are <em>not</em> ISO-8859-1. If
-          there are no such variants, select all variants
-          instead.</li>
-
-          <li>Select the variants with the best encoding. If there
-          are variants with an encoding that is acceptable to the
-          user-agent, select only these variants. Otherwise if
-          there is a mix of encoded and non-encoded variants,
-          select only the unencoded variants. If either all
-          variants are encoded or all variants are not encoded,
-          select all variants.</li>
-
-          <li>Select the variants with the smallest content
-          length.</li>
-
-          <li>Select the first variant of those remaining. This
-          will be either the first listed in the type-map file, or
-          when variants are read from the directory, the one whose
-          file name comes first when sorted using ASCII code
-          order.</li>
-        </ol>
-      </li>
-
-      <li>The algorithm has now selected one 'best' variant, so
-      return it as the response. The HTTP response header Vary is
-      set to indicate the dimensions of negotiation (browsers and
-      caches can use this information when caching the resource).
-      End.</li>
-
-      <li><p>To get here means no variant was selected (because none
-      are acceptable to the browser). Return a 406 status (meaning
-      "No acceptable representation") with a response body
-      consisting of an HTML document listing the available
-      variants. Also set the HTTP Vary header to indicate the
-      dimensions of variance.</p>
-
-      <p>You should be aware that the error message returned by Apache is
-      necessarily rather terse and might confuse some users (even though it
-      lists the available alternatives). If you want to avoid users seeing this
-      error page, you should organize your documents such that a document in a
-      default language (or with a default encoding etc.) is always returned if a
-      document is not available in any of the languages, encodings etc. the
-      browser asked for.</p>
-
-      <p>In particular, if you want a document in a default language to
-      be returned if a document is not available in any of the languages
-      a browser asked for, you should create a document with no language
-      attribute set.  See <a href="#nolanguage">Variants with no
-      Language</a> below for details.</p></li>
-    </ol>
-
-    <h2><a id="better" name="better">Fiddling with Quality
-    Values</a></h2>
-
-    <p>Apache sometimes changes the quality values from what would
-    be expected by a strict interpretation of the Apache
-    negotiation algorithm above. This is to get a better result
-    from the algorithm for browsers which do not send full or
-    accurate information. Some of the most popular browsers send
-    Accept header information which would otherwise result in the
-    selection of the wrong variant in many cases. If a browser
-    sends full and correct information these fiddles will not be
-    applied.</p>
-
-    <h3>Media Types and Wildcards</h3>
-
-    <p>The Accept: request header indicates preferences for media
-    types. It can also include 'wildcard' media types, such as
-    "image/*" or "*/*" where the * matches any string. So a request
-    including:</p>
-<pre>
-  Accept: image/*, */*
-</pre>
-    would indicate that any type starting "image/" is acceptable,
-    as is any other type (so the first "image/*" is redundant).
-    Some browsers routinely send wildcards in addition to explicit
-    types they can handle. For example: 
-<pre>
-  Accept: text/html, text/plain, image/gif, image/jpeg, */*
-</pre>
-    The intention of this is to indicate that the explicitly listed
-    types are preferred, but if a different representation is
-    available, that is ok too. However under the basic algorithm,
-    as given above, the */* wildcard has exactly equal preference
-    to all the other types, so they are not being preferred. The
-    browser should really have sent a request with a lower quality
-    (preference) value for *.*, such as: 
-<pre>
-  Accept: text/html, text/plain, image/gif, image/jpeg, */*; q=0.01
-</pre>
-    The explicit types have no quality factor, so they default to a
-    preference of 1.0 (the highest). The wildcard */* is given a
-    low preference of 0.01, so other types will only be returned if
-    no variant matches an explicitly listed type. 
-
-    <p>If the Accept: header contains <em>no</em> q factors at all,
-    Apache sets the q value of "*/*", if present, to 0.01 to
-    emulate the desired behaviour. It also sets the q value of
-    wildcards of the format "type/*" to 0.02 (so these are
-    preferred over matches against "*/*". If any media type on the
-    Accept: header contains a q factor, these special values are
-    <em>not</em> applied, so requests from browsers which send the
-    correct information to start with work as expected.</p>
-
-    <h3><a id="nolanguage" name="nolanguage">Variants with no Language</a></h3>
-
-    <p>If some of the variants for a particular resource have a
-    language attribute, and some do not, those variants with no
-    language are given a very low language quality factor of
-    0.001.</p>
-
-    <p>The reason for setting this language quality factor for variant
-    with no language to a very low value is to allow for a default
-    variant which can be supplied if none of the other variants match
-    the browser's language preferences. This allows you to avoid users
-    seeing a "406" error page if their browser is set to only accept
-    languages which you do not offer for the resource that was
-    requested.</p>
-
-    <p>For example, consider the situation with Multiviews enabled and
-    three variants:</p>
-
-    <ul>
-      <li>foo.en.html, language en</li>
-
-      <li>foo.fr.html, language en</li>
-
-      <li>foo.html, no language</li>
-    </ul>
-
-    <p>The meaning of a variant with no language is that it is always
-    acceptable to the browser. If the request is for <code>foo</code>
-    and the Accept-Language header includes either en or fr (or both)
-    one of foo.en.html or foo.fr.html will be returned. If the browser
-    does not list either en or fr as acceptable, foo.html will be
-    returned instead.  If the client requests <code>foo.html</code>
-    instead, then no negotiation will occur since the exact match
-    will be returned.  To avoid this problem, it is sometimes helpful
-    to name the "no language" variant <code>foo.html.html</code> to assure
-    that Multiviews and language negotiation will come into play.</p>
-
-    <h2>Extensions to Transparent Content Negotiation</h2>
-    Apache extends the transparent content negotiation protocol
-    (RFC 2295) as follows. A new <code>{encoding ..}</code> element
-    is used in variant lists to label variants which are available
-    with a specific content-encoding only. The implementation of
-    the RVSA/1.0 algorithm (RFC 2296) is extended to recognize
-    encoded variants in the list, and to use them as candidate
-    variants whenever their encodings are acceptable according to
-    the Accept-Encoding request header. The RVSA/1.0 implementation
-    does not round computed quality factors to 5 decimal places
-    before choosing the best variant. 
-
-    <h2>Note on hyperlinks and naming conventions</h2>
-
-    <p>If you are using language negotiation you can choose between
-    different naming conventions, because files can have more than
-    one extension, and the order of the extensions is normally
-    irrelevant (see <a href="mod/mod_mime.html">mod_mime</a>
-    documentation for details).</p>
-
-    <p>A typical file has a MIME-type extension (<em>e.g.</em>,
-    <samp>html</samp>), maybe an encoding extension (<em>e.g.</em>,
-    <samp>gz</samp>), and of course a language extension
-    (<em>e.g.</em>, <samp>en</samp>) when we have different
-    language variants of this file.</p>
-
-    <p>Examples:</p>
-
-    <ul>
-      <li>foo.en.html</li>
-
-      <li>foo.html.en</li>
-
-      <li>foo.en.html.gz</li>
-    </ul>
-
-    <p>Here some more examples of filenames together with valid and
-    invalid hyperlinks:</p>
-
-    <table border="1" cellpadding="8" cellspacing="0">
-      <tr>
-        <th>Filename</th>
-
-        <th>Valid hyperlink</th>
-
-        <th>Invalid hyperlink</th>
-      </tr>
-
-      <tr>
-        <td><em>foo.html.en</em></td>
-
-        <td>foo<br />
-         foo.html</td>
-
-        <td>-</td>
-      </tr>
-
-      <tr>
-        <td><em>foo.en.html</em></td>
-
-        <td>foo</td>
-
-        <td>foo.html</td>
-      </tr>
-
-      <tr>
-        <td><em>foo.html.en.gz</em></td>
-
-        <td>foo<br />
-         foo.html</td>
-
-        <td>foo.gz<br />
-         foo.html.gz</td>
-      </tr>
-
-      <tr>
-        <td><em>foo.en.html.gz</em></td>
-
-        <td>foo</td>
-
-        <td>foo.html<br />
-         foo.html.gz<br />
-         foo.gz</td>
-      </tr>
-
-      <tr>
-        <td><em>foo.gz.html.en</em></td>
-
-        <td>foo<br />
-         foo.gz<br />
-         foo.gz.html</td>
-
-        <td>foo.html</td>
-      </tr>
-
-      <tr>
-        <td><em>foo.html.gz.en</em></td>
-
-        <td>foo<br />
-         foo.html<br />
-         foo.html.gz</td>
-
-        <td>foo.gz</td>
-      </tr>
-    </table>
-
-    <p>Looking at the table above you will notice that it is always
-    possible to use the name without any extensions in a hyperlink
-    (<em>e.g.</em>, <samp>foo</samp>). The advantage is that you
-    can hide the actual type of a document rsp. file and can change
-    it later, <em>e.g.</em>, from <samp>html</samp> to
-    <samp>shtml</samp> or <samp>cgi</samp> without changing any
-    hyperlink references.</p>
-
-    <p>If you want to continue to use a MIME-type in your
-    hyperlinks (<em>e.g.</em> <samp>foo.html</samp>) the language
-    extension (including an encoding extension if there is one)
-    must be on the right hand side of the MIME-type extension
-    (<em>e.g.</em>, <samp>foo.html.en</samp>).</p>
-
-    <h2>Note on Caching</h2>
-
-    <p>When a cache stores a representation, it associates it with
-    the request URL. The next time that URL is requested, the cache
-    can use the stored representation. But, if the resource is
-    negotiable at the server, this might result in only the first
-    requested variant being cached and subsequent cache hits might
-    return the wrong response. To prevent this, Apache normally
-    marks all responses that are returned after content negotiation
-    as non-cacheable by HTTP/1.0 clients. Apache also supports the
-    HTTP/1.1 protocol features to allow caching of negotiated
-    responses.</p>
-
-    <p>For requests which come from a HTTP/1.0 compliant client
-    (either a browser or a cache), the directive
-    <tt>CacheNegotiatedDocs</tt> can be used to allow caching of
-    responses which were subject to negotiation. This directive can
-    be given in the server config or virtual host, and takes no
-    arguments. It has no effect on requests from HTTP/1.1 clients. 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/custom-error.html b/usr.sbin/httpd/htdocs/manual/custom-error.html
deleted file mode 100644
index bccb11a9a20..00000000000
--- a/usr.sbin/httpd/htdocs/manual/custom-error.html
+++ /dev/null
@@ -1,196 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Custom error responses</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Custom error responses</h1>
-
-    <dl>
-      <dt>Purpose</dt>
-
-      <dd>
-        Additional functionality. Allows webmasters to configure
-        the response of Apache to some error or problem. 
-
-        <p>Customizable responses can be defined to be activated in
-        the event of a server detected error or problem.</p>
-
-        <p>e.g. if a script crashes and produces a "500 Server
-        Error" response, then this response can be replaced with
-        either some friendlier text or by a redirection to another
-        URL (local or external).</p>
-      </dd>
-
-      <dt>Old behavior</dt>
-
-      <dd>NCSA httpd 1.3 would return some boring old error/problem
-      message which would often be meaningless to the user, and
-      would provide no means of logging the symptoms which caused
-      it.<br />
-      </dd>
-
-      <dt>New behavior</dt>
-
-      <dd>
-        The server can be asked to; 
-
-        <ol>
-          <li>Display some other text, instead of the NCSA hard
-          coded messages, or</li>
-
-          <li>redirect to a local URL, or</li>
-
-          <li>redirect to an external URL.</li>
-        </ol>
-
-        <p>Redirecting to another URL can be useful, but only if
-        some information can be passed which can then be used to
-        explain and/or log the error/problem more clearly.</p>
-
-        <p>To achieve this, Apache will define new CGI-like
-        environment variables, <em>e.g.</em></p>
-
-        <blockquote>
-          <code>REDIRECT_HTTP_ACCEPT=*/*, image/gif,
-          image/x-xbitmap, image/jpeg<br />
-           REDIRECT_HTTP_USER_AGENT=Mozilla/1.1b2 (X11; I; HP-UX
-          A.09.05 9000/712)<br />
-           REDIRECT_PATH=.:/bin:/usr/local/bin:/etc<br />
-           REDIRECT_QUERY_STRING=<br />
-           REDIRECT_REMOTE_ADDR=121.345.78.123<br />
-           REDIRECT_REMOTE_HOST=ooh.ahhh.com<br />
-           REDIRECT_SERVER_NAME=crash.bang.edu<br />
-           REDIRECT_SERVER_PORT=80<br />
-           REDIRECT_SERVER_SOFTWARE=Apache/0.8.15<br />
-           REDIRECT_URL=/cgi-bin/buggy.pl<br />
-          </code>
-        </blockquote>
-
-        <p>note the <code>REDIRECT_</code> prefix.</p>
-
-        <p>At least <code>REDIRECT_URL</code> and
-        <code>REDIRECT_QUERY_STRING</code> will be passed to the
-        new URL (assuming it's a cgi-script or a cgi-include). The
-        other variables will exist only if they existed prior to
-        the error/problem. <strong>None</strong> of these will be
-        set if your ErrorDocument is an <em>external</em> redirect
-        (<em>i.e.</em>, anything starting with a scheme name like
-        <code>http:</code>, even if it refers to the same host as
-        the server).</p>
-      </dd>
-
-      <dt>Configuration</dt>
-
-      <dd>
-        Use of "ErrorDocument" is enabled for .htaccess files when
-        the <a href="mod/core.html#allowoverride">"FileInfo"
-        override</a> is allowed. 
-
-        <p>Here are some examples...</p>
-
-        <blockquote>
-          <code>ErrorDocument 500 /cgi-bin/crash-recover<br />
-           ErrorDocument 500 "Sorry, our script crashed. Oh
-          dear<br />
-           ErrorDocument 500 http://xxx/<br />
-           ErrorDocument 404 /Lame_excuses/not_found.html<br />
-           ErrorDocument 401
-          /Subscription/how_to_subscribe.html</code>
-        </blockquote>
-
-        <p>The syntax is,</p>
-
-        <p><code><a
-        href="mod/core.html#errordocument">ErrorDocument</a></code>
-        &lt;3-digit-code&gt; action</p>
-
-        <p>where the action can be,</p>
-
-        <ol>
-          <li>Text to be displayed. Prefix the text with a quote
-          ("). Whatever follows the quote is displayed. <em>Note:
-          the (") prefix isn't displayed.</em></li>
-
-          <li>An external URL to redirect to.</li>
-
-          <li>A local URL to redirect to.</li>
-        </ol>
-      </dd>
-    </dl>
-    <hr />
-
-    <h2>Custom error responses and redirects</h2>
-
-    <dl>
-      <dt>Purpose</dt>
-
-      <dd>Apache's behavior to redirected URLs has been modified so
-      that additional environment variables are available to a
-      script/server-include.</dd>
-
-      <dt>Old behavior</dt>
-
-      <dd>Standard CGI vars were made available to a script which
-      has been redirected to. No indication of where the
-      redirection came from was provided.</dd>
-
-      <dt>New behavior</dt>
-
-      <dd>A new batch of environment variables will be initialized
-      for use by a script which has been redirected to. Each new
-      variable will have the prefix <code>REDIRECT_</code>.
-      <code>REDIRECT_</code> environment variables are created from
-      the CGI environment variables which existed prior to the
-      redirect, they are renamed with a <code>REDIRECT_</code>
-      prefix, <em>i.e.</em>, <code>HTTP_USER_AGENT</code> becomes
-      <code>REDIRECT_HTTP_USER_AGENT</code>. In addition to these
-      new variables, Apache will define <code>REDIRECT_URL</code>
-      and <code>REDIRECT_STATUS</code> to help the script trace its
-      origin. Both the original URL and the URL being redirected to
-      can be logged in the access log.</dd>
-    </dl>
-
-    <p>If the ErrorDocument specifies a local redirect to a CGI
-    script, the script should include a "<samp>Status:</samp>"
-    header field in its output in order to ensure the propagation
-    all the way back to the client of the error condition that
-    caused it to be invoked. For instance, a Perl ErrorDocument
-    script might include the following:</p>
-<pre>
-      :
-    print  "Content-type: text/html\n";
-    printf "Status: %s Condition Intercepted\n", $ENV{"REDIRECT_STATUS"};
-      :
-</pre>
-
-    <p>If the script is dedicated to handling a particular error
-    condition, such as <samp>404&nbsp;Not&nbsp;Found</samp>, it can
-    use the specific code and error text instead.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/dns-caveats.html b/usr.sbin/httpd/htdocs/manual/dns-caveats.html
deleted file mode 100644
index 0d47f605fe0..00000000000
--- a/usr.sbin/httpd/htdocs/manual/dns-caveats.html
+++ /dev/null
@@ -1,231 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Issues Regarding DNS and Apache</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Issues Regarding DNS and Apache</h1>
-
-    <p>This page could be summarized with the statement: <em>don't
-    require Apache to use DNS for any parsing of the configuration
-    files</em>. If Apache has to use DNS to parse the configuration
-    files then your server may be subject to reliability problems
-    (it might not boot), or denial and theft of service attacks
-    (including users able to steal hits from other users).</p>
-
-    <h3>A Simple Example</h3>
-    Consider this configuration snippet: 
-
-    <blockquote>
-<pre>
-    &lt;VirtualHost www.abc.dom&gt;
-    ServerAdmin webgirl@abc.dom
-    DocumentRoot /www/abc
-    &lt;/VirtualHost&gt;
-</pre>
-    </blockquote>
-
-    <p>In order for Apache to function properly it absolutely needs
-    to have two pieces of information about each virtual host: the
-    <a href="mod/core.html#servername"><code>ServerName</code></a>
-    and at least one IP address that the server responds to. This
-    example does not include the IP address, so Apache must use DNS
-    to find the address of <code>www.abc.dom</code>. If for some
-    reason DNS is not available at the time your server is parsing
-    its config file, then this virtual host <strong>will not be
-    configured</strong>. It won't be able to respond to any hits to
-    this virtual host (prior to Apache version 1.2 the server would
-    not even boot).</p>
-
-    <p>Suppose that <code>www.abc.dom</code> has address 10.0.0.1.
-    Then consider this configuration snippet:</p>
-
-    <blockquote>
-<pre>
-    &lt;VirtualHost 10.0.0.1&gt;
-    ServerAdmin webgirl@abc.dom
-    DocumentRoot /www/abc
-    &lt;/VirtualHost&gt;
-</pre>
-    </blockquote>
-
-    <p>Now Apache needs to use reverse DNS to find the
-    <code>ServerName</code> for this virtualhost. If that reverse
-    lookup fails then it will partially disable the virtualhost
-    (prior to Apache version 1.2 the server would not even boot).
-    If the virtual host is name-based then it will effectively be
-    totally disabled, but if it is IP-based then it will mostly
-    work. However if Apache should ever have to generate a full URL
-    for the server which includes the server name then it will fail
-    to generate a valid URL.</p>
-
-    <p>Here is a snippet that avoids both of these problems.</p>
-
-    <blockquote>
-<pre>
-    &lt;VirtualHost 10.0.0.1&gt;
-    ServerName www.abc.dom
-    ServerAdmin webgirl@abc.dom
-    DocumentRoot /www/abc
-    &lt;/VirtualHost&gt;
-</pre>
-    </blockquote>
-
-    <h3>Denial of Service</h3>
-
-    <p>There are (at least) two forms that denial of service can
-    come in. If you are running a version of Apache prior to
-    version 1.2 then your server will not even boot if one of the
-    two DNS lookups mentioned above fails for any of your virtual
-    hosts. In some cases this DNS lookup may not even be under your
-    control. For example, if <code>abc.dom</code> is one of your
-    customers and they control their own DNS then they can force
-    your (pre-1.2) server to fail while booting simply by deleting
-    the <code>www.abc.dom</code> record.</p>
-
-    <p>Another form is far more insidious. Consider this
-    configuration snippet:</p>
-
-    <blockquote>
-<pre>
-    &lt;VirtualHost www.abc.dom&gt;
-    ServerAdmin webgirl@abc.dom
-    DocumentRoot /www/abc
-    &lt;/VirtualHost&gt;
-</pre>
-    </blockquote>
-
-    <blockquote>
-<pre>
-    &lt;VirtualHost www.def.dom&gt;
-    ServerAdmin webguy@def.dom
-    DocumentRoot /www/def
-    &lt;/VirtualHost&gt;
-</pre>
-    </blockquote>
-
-    <p>Suppose that you've assigned 10.0.0.1 to
-    <code>www.abc.dom</code> and 10.0.0.2 to
-    <code>www.def.dom</code>. Furthermore, suppose that
-    <code>def.com</code> has control of their own DNS. With this
-    config you have put <code>def.com</code> into a position where
-    they can steal all traffic destined to <code>abc.com</code>. To
-    do so, all they have to do is set <code>www.def.dom</code> to
-    10.0.0.1. Since they control their own DNS you can't stop them
-    from pointing the <code>www.def.com</code> record wherever they
-    wish.</p>
-
-    <p>Requests coming in to 10.0.0.1 (including all those where
-    users typed in URLs of the form
-    <code>http://www.abc.dom/whatever</code>) will all be served by
-    the <code>def.com</code> virtual host. To better understand why
-    this happens requires a more in-depth discussion of how Apache
-    matches up incoming requests with the virtual host that will
-    serve it. A rough document describing this <a
-    href="vhosts/details.html">is available</a>.</p>
-
-    <h3>The "main server" Address</h3>
-
-    <p>The addition of <a href="vhosts/name-based.html">name-based
-    virtual host support</a> in Apache 1.1 requires Apache to know
-    the IP address(es) of the host that httpd is running on. To get
-    this address it uses either the global <code>ServerName</code>
-    (if present) or calls the C function <code>gethostname</code>
-    (which should return the same as typing "hostname" at the
-    command prompt). Then it performs a DNS lookup on this address.
-    At present there is no way to avoid this lookup.</p>
-
-    <p>If you fear that this lookup might fail because your DNS
-    server is down then you can insert the hostname in
-    <code>/etc/hosts</code> (where you probably already have it so
-    that the machine can boot properly). Then ensure that your
-    machine is configured to use <code>/etc/hosts</code> in the
-    event that DNS fails. Depending on what OS you are using this
-    might be accomplished by editing <code>/etc/resolv.conf</code>,
-    or maybe <code>/etc/nsswitch.conf</code>.</p>
-
-    <p>If your server doesn't have to perform DNS for any other
-    reason then you might be able to get away with running Apache
-    with the <code>HOSTRESORDER</code> environment variable set to
-    "local". This all depends on what OS and resolver libraries you
-    are using. It also affects CGIs unless you use <a
-    href="mod/mod_env.html"><code>mod_env</code></a> to control the
-    environment. It's best to consult the man pages or FAQs for
-    your OS.</p>
-
-    <h3><a id="tips" name="tips">Tips to Avoid these
-    problems</a></h3>
-
-    <ul>
-      <li>use IP addresses in <code>&lt;VirtualHost&gt;</code></li>
-
-      <li>use IP addresses in <code>Listen</code></li>
-
-      <li>use IP addresses in <code>BindAddress</code></li>
-
-      <li>ensure all virtual hosts have an explicit
-      <code>ServerName</code></li>
-
-      <li>create a <code>&lt;VirtualHost _default_:*&gt;</code>
-      server that has no pages to serve</li>
-    </ul>
-
-    <h3>Appendix: Future Directions</h3>
-
-    <p>The situation regarding DNS is highly undesirable. For
-    Apache 1.2 we've attempted to make the server at least continue
-    booting in the event of failed DNS, but it might not be the
-    best we can do. In any event requiring the use of explicit IP
-    addresses in configuration files is highly undesirable in
-    today's Internet where renumbering is a necessity.</p>
-
-    <p>A possible work around to the theft of service attack
-    described above would be to perform a reverse DNS lookup on the
-    IP address returned by the forward lookup and compare the two
-    names. In the event of a mismatch the virtualhost would be
-    disabled. This would require reverse DNS to be configured
-    properly (which is something that most admins are familiar with
-    because of the common use of "double-reverse" DNS lookups by
-    FTP servers and TCP wrappers).</p>
-
-    <p>In any event it doesn't seem possible to reliably boot a
-    virtual-hosted web server when DNS has failed unless IP
-    addresses are used. Partial solutions such as disabling
-    portions of the configuration might be worse than not booting
-    at all depending on what the webserver is supposed to
-    accomplish.</p>
-
-    <p>As HTTP/1.1 is deployed and browsers and proxies start
-    issuing the <code>Host</code> header it will become possible to
-    avoid the use of IP-based virtual hosts entirely. In this event
-    a webserver has no requirement to do DNS lookups during
-    configuration. But as of March 1997 these features have not
-    been deployed widely enough to be put into use on critical
-    webservers.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/dso.html b/usr.sbin/httpd/htdocs/manual/dso.html
deleted file mode 100644
index 9245d498e93..00000000000
--- a/usr.sbin/httpd/htdocs/manual/dso.html
+++ /dev/null
@@ -1,523 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache 1.3 Dynamic Shared Object (DSO) support</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <blockquote>
-          <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-      <div align="CENTER">
-        <h1>Apache 1.3<br />
-         Dynamic Shared Object (DSO)<br />
-         Support</h1>
-
-        <address>
-          Originally written by<br />
-           Ralf S. Engelschall &lt;rse@apache.org&gt;, April 1998
-        </address>
-      </div>
-
-      <h3>Background</h3>
-
-      <p>On modern Unix derivatives there exists a nifty mechanism
-      usually called dynamic linking/loading of <em>Dynamic Shared
-      Objects</em> (DSO) which provides a way to build a piece of
-      program code in a special format for loading it at run-time
-      into the address space of an executable program.</p>
-
-      <p>This loading can usually be done in two ways:
-      Automatically by a system program called <code>ld.so</code>
-      when an executable program is started or manually from within
-      the executing program via a programmatic system interface to
-      the Unix loader through the system calls
-      <code>dlopen()/dlsym()</code>.</p>
-
-      <p>In the first way the DSO's are usually called <em>shared
-      libraries</em> or <em>DSO libraries</em> and named
-      <code>libfoo.so</code> or <code>libfoo.so.1.2</code>. They
-      reside in a system directory (usually <code>/usr/lib</code>)
-      and the link to the executable program is established at
-      build-time by specifying <code>-lfoo</code> to the linker
-      command. This hard-codes library references into the
-      executable program file so that at start-time the Unix loader
-      is able to locate <code>libfoo.so</code> in
-      <code>/usr/lib</code>, in paths hard-coded via linker-options
-      like <code>-R</code> or in paths configured via the
-      environment variable <code>LD_LIBRARY_PATH</code>. It then
-      resolves any (yet unresolved) symbols in the executable
-      program which are available in the DSO.</p>
-
-      <p>Symbols in the executable program are usually not
-      referenced by the DSO (because it's a reusable library of
-      general code) and hence no further resolving has to be done.
-      The executable program has no need to do anything on its own
-      to use the symbols from the DSO because the complete
-      resolving is done by the Unix loader. (In fact, the code to
-      invoke <code>ld.so</code> is part of the run-time startup
-      code which is linked into every executable program which has
-      been bound non-static). The advantage of dynamic loading of
-      common library code is obvious: the library code needs to be
-      stored only once, in a system library like
-      <code>libc.so</code>, saving disk space for every
-      program.</p>
-
-      <p>In the second way the DSO's are usually called <em>shared
-      objects</em> or <em>DSO files</em> and can be named with an
-      arbitrary extension (although the canonical name is
-      <code>foo.so</code>). These files usually stay inside a
-      program-specific directory and there is no automatically
-      established link to the executable program where they are
-      used. Instead the executable program manually loads the DSO
-      at run-time into its address space via <code>dlopen()</code>.
-      At this time no resolving of symbols from the DSO for the
-      executable program is done. But instead the Unix loader
-      automatically resolves any (yet unresolved) symbols in the
-      DSO from the set of symbols exported by the executable
-      program and its already loaded DSO libraries (especially all
-      symbols from the ubiquitous <code>libc.so</code>). This way
-      the DSO gets knowledge of the executable program's symbol set
-      as if it had been statically linked with it in the first
-      place.</p>
-
-      <p>Finally, to take advantage of the DSO's API the executable
-      program has to resolve particular symbols from the DSO via
-      <code>dlsym()</code> for later use inside dispatch tables
-      <em>etc.</em> In other words: The executable program has to
-      manually resolve every symbol it needs to be able to use it.
-      The advantage of such a mechanism is that optional program
-      parts need not be loaded (and thus do not spend memory) until
-      they are needed by the program in question. When required,
-      these program parts can be loaded dynamically to extend the
-      base program's functionality.</p>
-
-      <p>Although this DSO mechanism sounds straightforward there
-      is at least one difficult step here: The resolving of symbols
-      from the executable program for the DSO when using a DSO to
-      extend a program (the second way). Why? Because "reverse
-      resolving" DSO symbols from the executable program's symbol
-      set is against the library design (where the library has no
-      knowledge about the programs it is used by) and is neither
-      available under all platforms nor standardized. In practice
-      the executable program's global symbols are often not
-      re-exported and thus not available for use in a DSO. Finding
-      a way to force the linker to export all global symbols is the
-      main problem one has to solve when using DSO for extending a
-      program at run-time.</p>
-
-      <p>Windows and NetWare provide similar facilities, although
-      they are implemented somewhat differently than the
-      description of Unix DSO throughout this document. In
-      particular, DSO modules (DLL's and NLM's, respectively) are
-      built quite differently than their Unix cousins. This
-      document does not attempt to explore the topic of building
-      DSO modules on these platforms. The description of mod_so and
-      its configuration, however, are similar.</p>
-
-      <h3>Practical Usage</h3>
-
-      <p>The shared library approach is the typical one, because it
-      is what the DSO mechanism was designed for, hence it is used
-      for nearly all types of libraries the operating system
-      provides. On the other hand using shared objects for
-      extending a program is not used by a lot of programs.</p>
-
-      <p>As of 1998 there are only a few software packages
-      available which use the DSO mechanism to actually extend
-      their functionality at run-time: Perl 5 (via its XS mechanism
-      and the DynaLoader module), Netscape Server, <em>etc.</em>
-      Starting with version 1.3, Apache joined the crew, because
-      Apache already uses a module concept to extend its
-      functionality and internally uses a dispatch-list-based
-      approach to link external modules into the Apache core
-      functionality. So, Apache is really predestined for using DSO
-      to load its modules at run-time.</p>
-
-      <p>As of Apache 1.3, the configuration system supports two
-      optional features for taking advantage of the modular DSO
-      approach: compilation of the Apache core program into a DSO
-      library for shared usage and compilation of the Apache
-      modules into DSO files for explicit loading at run-time.</p>
-
-      <h3>Implementation</h3>
-
-      <p>The DSO support for loading individual Apache modules is
-      based on a module named <a
-      href="mod/mod_so.html"><code>mod_so.c</code></a> which has to
-      be statically compiled into the Apache core. It is the only
-      module besides <code>http_core.c</code> which cannot be put
-      into a DSO itself (bootstrapping!). Practically all other
-      distributed Apache modules can then be placed into a DSO
-      by individually enabling the DSO build for them via
-      <code>configure</code>'s <code>--enable-shared</code> option
-      (see top-level <code>INSTALL</code> file) or by changing the
-      <code>AddModule</code> command in your
-      <code>src/Configuration</code> into a
-      <code>SharedModule</code> command (see
-      <code>src/INSTALL</code> file). After a module is compiled
-      into a DSO named <code>mod_foo.so</code> you can use <a
-      href="mod/mod_so.html"><code>mod_so</code></a>'s <a
-      href="mod/mod_so.html#loadmodule"><code>LoadModule</code></a>
-      command in your <code>httpd.conf</code> file to load this
-      module at server startup or restart.</p>
-
-      <p>To simplify this creation of DSO files for Apache modules
-      (especially for third-party modules) a new support program
-      named <a href="programs/apxs.html">apxs</a> (<em>APache
-      eXtenSion</em>) is available. It can be used to build DSO
-      based modules <em>outside of</em> the Apache source tree. The
-      idea is simple: When installing Apache the
-      <code>configure</code>'s <code>make install</code> procedure
-      installs the Apache C header files and puts the
-      platform-dependent compiler and linker flags for building DSO
-      files into the <code>apxs</code> program. This way the user
-      can use <code>apxs</code> to compile his Apache module
-      sources without the Apache distribution source tree and
-      without having to fiddle with the platform-dependent compiler
-      and linker flags for DSO support.</p>
-
-      <p>To place the complete Apache core program into a DSO
-      library (only required on some of the supported platforms to
-      force the linker to export the apache core symbols -- a
-      prerequisite for the DSO modularization) the rule
-      <code>SHARED_CORE</code> has to be enabled via
-      <code>configure</code>'s
-      <code>--enable-rule=SHARED_CORE</code> option (see top-level
-      <code>INSTALL</code> file) or by changing the
-      <code>Rule</code> command in your <code>Configuration</code>
-      file to <code>Rule SHARED_CORE=yes</code> (see
-      <code>src/INSTALL</code> file). The Apache core code is then
-      placed into a DSO library named <code>libhttpd.so</code>.
-      Because one cannot link a DSO against static libraries on all
-      platforms, an additional executable program named
-      <code>libhttpd.ep</code> is created which both binds this
-      static code and provides a stub for the <code>main()</code>
-      function. Finally the <code>httpd</code> executable program
-      itself is replaced by a bootstrapping code which
-      automatically makes sure the Unix loader is able to load and
-      start <code>libhttpd.ep</code> by providing the
-      <code>LD_LIBRARY_PATH</code> to <code>libhttpd.so</code>.</p>
-
-      <h3>Supported Platforms</h3>
-
-      <p>Apache's <code>src/Configure</code> script currently has
-      only limited but adequate built-in knowledge on how to
-      compile DSO files, because as already mentioned this is
-      heavily platform-dependent. Nevertheless all major Unix
-      platforms are supported. The definitive current state (May
-      1999) is this:</p>
-
-      <ul>
-        <li>
-          Out-of-the-box supported platforms:<br />
-           (actually tested versions in parenthesis) 
-<pre>
-o  FreeBSD            (2.1.5, 2.2.x, 3.x, 4.x)
-o  OpenBSD            (2.x)
-o  NetBSD             (1.3.1)
-o  BSDI               (3.x, 4.x)
-o  Linux              (Debian/1.3.1, RedHat/4.2)
-o  Solaris            (2.4, 2.5, 2.6, 2.7)
-o  SunOS              (4.1.3)
-o  Digital UNIX       (4.0)
-o  IRIX               (5.3, 6.2)
-o  HP/UX              (10.20)
-o  UnixWare           (2.01, 2.1.2)
-o  SCO                (5.0.4)
-o  AIX                (3.2, 4.1.5, 4.2, 4.3)
-o  ReliantUNIX/SINIX  (5.43)
-o  SVR4               (-)
-o  Mac OS X Server    (1.0)
-o  Mac OS             (10.0 preview 1)
-o  OpenStep/Mach      (4.2)
-o  DGUX               (??)
-o  NetWare            (5.1)
-o  Windows            (95, 98, NT 4.0, 2000)
-</pre>
-        </li>
-
-        <li>
-          Explicitly unsupported platforms: 
-<pre>
-o  Ultrix             (no dlopen-style interface under this platform)
-</pre>
-        </li>
-      </ul>
-
-      <h3>Usage Summary</h3>
-
-      <p>To give you an overview of the DSO features of Apache 1.3,
-      here is a short and concise summary:</p>
-
-      <ol>
-        <li>
-          Placing the Apache core code (all the stuff which usually
-          forms the <code>httpd</code> binary) into a DSO
-          <code>libhttpd.so</code>, an executable program
-          <code>libhttpd.ep</code> and a bootstrapping executable
-          program <code>httpd</code> (Notice: this is only required
-          on some of the supported platforms to force the linker to
-          export the Apache core symbols, which in turn is a
-          prerequisite for the DSO modularization): 
-
-          <ul>
-            <li>
-              Build and install via <code>configure</code>
-              (preferred): 
-
-              <table bgcolor="#f0f0f0" cellpadding="10">
-                <tr>
-                  <td>
-<pre>
-$ ./configure --prefix=/path/to/install
-              --enable-rule=SHARED_CORE ...
-$ make install
-</pre>
-                  </td>
-                </tr>
-              </table>
-            </li>
-
-            <li>
-              Build and install manually: 
-
-              <table bgcolor="#f0f0f0" cellpadding="10">
-                <tr>
-                  <td>
-<pre>
-- Edit src/Configuration:
-  &lt;&lt; Rule SHARED_CORE=default
-  &gt;&gt; Rule SHARED_CORE=yes
-  &lt;&lt; EXTRA_CFLAGS= 
-  &gt;&gt; EXTRA_CFLAGS= -DSHARED_CORE_DIR=\"/path/to/install/libexec\"
-$ make 
-$ cp src/libhttpd.so* /path/to/install/libexec/
-$ cp src/libhttpd.ep  /path/to/install/libexec/
-$ cp src/httpd        /path/to/install/bin/
-</pre>
-                  </td>
-                </tr>
-              </table>
-            </li>
-          </ul>
-        </li>
-
-        <li>
-          Build and install a <em>distributed</em> Apache module,
-          say <code>mod_foo.c</code>, into its own DSO
-          <code>mod_foo.so</code>: 
-
-          <ul>
-            <li>
-              Build and install via <code>configure</code>
-              (preferred): 
-
-              <table bgcolor="#f0f0f0" cellpadding="10">
-                <tr>
-                  <td>
-<pre>
-$ ./configure --prefix=/path/to/install
-        --enable-shared=foo
-$ make install
-</pre>
-                  </td>
-                </tr>
-              </table>
-            </li>
-
-            <li>
-              Build and install manually: 
-
-              <table bgcolor="#f0f0f0" cellpadding="10">
-                <tr>
-                  <td>
-<pre>
-- Edit src/Configuration:
-  &lt;&lt; AddModule    modules/xxxx/mod_foo.o
-  &gt;&gt; SharedModule modules/xxxx/mod_foo.so
-$ make
-$ cp src/xxxx/mod_foo.so /path/to/install/libexec
-- Edit /path/to/install/etc/httpd.conf
-  &gt;&gt; LoadModule foo_module /path/to/install/libexec/mod_foo.so
-</pre>
-                  </td>
-                </tr>
-              </table>
-            </li>
-          </ul>
-        </li>
-
-        <li>
-          Build and install a <em>third-party</em> Apache module,
-          say <code>mod_foo.c</code>, into its own DSO
-          <code>mod_foo.so</code> 
-
-          <ul>
-            <li>
-              Build and install via <code>configure</code>
-              (preferred): 
-
-              <table bgcolor="#f0f0f0" cellpadding="10">
-                <tr>
-                  <td>
-<pre>
-$ ./configure --add-module=/path/to/3rdparty/mod_foo.c 
-        --enable-shared=foo
-$ make install
-</pre>
-                  </td>
-                </tr>
-              </table>
-            </li>
-
-            <li>
-              Build and install manually: 
-
-              <table bgcolor="#f0f0f0" cellpadding="10">
-                <tr>
-                  <td>
-<pre>
-$ cp /path/to/3rdparty/mod_foo.c /path/to/apache-1.3/src/modules/extra/
-- Edit src/Configuration:
-  &gt;&gt; SharedModule modules/extra/mod_foo.so
-$ make
-$ cp src/xxxx/mod_foo.so /path/to/install/libexec
-- Edit /path/to/install/etc/httpd.conf
-  &gt;&gt; LoadModule foo_module /path/to/install/libexec/mod_foo.so
-</pre>
-                  </td>
-                </tr>
-              </table>
-            </li>
-          </ul>
-        </li>
-
-        <li>
-          Build and install a <em>third-party</em> Apache module,
-          say <code>mod_foo.c</code>, into its own DSO
-          <code>mod_foo.so</code> <em>outside of</em> the Apache
-          source tree: 
-
-          <ul>
-            <li>
-              Build and install via <a
-              href="programs/apxs.html">apxs</a>: 
-
-              <table bgcolor="#f0f0f0" cellpadding="10">
-                <tr>
-                  <td>
-<pre>
-$ cd /path/to/3rdparty
-$ apxs -c mod_foo.c
-$ apxs -i -a -n foo mod_foo.so
-</pre>
-                  </td>
-                </tr>
-              </table>
-            </li>
-          </ul>
-        </li>
-      </ol>
-
-      <h3>Advantages &amp; Disadvantages</h3>
-
-      <p>The above DSO based features of Apache 1.3 have the
-      following advantages:</p>
-
-      <ul>
-        <li>The server package is more flexible at run-time because
-        the actual server process can be assembled at run-time via
-        <a
-        href="mod/mod_so.html#loadmodule"><code>LoadModule</code></a>
-        <code>httpd.conf</code> configuration commands instead of
-        <code>Configuration</code> <code>AddModule</code> commands
-        at build-time. For instance this way one is able to run
-        different server instances (standard &amp; SSL version,
-        minimalistic &amp; powered up version [mod_perl, PHP3],
-        <em>etc.</em>) with only one Apache installation.</li>
-
-        <li>The server package can be easily extended with
-        third-party modules even after installation. This is at
-        least a great benefit for vendor package maintainers who
-        can create a Apache core package and additional packages
-        containing extensions like PHP3, mod_perl, mod_fastcgi,
-        <em>etc.</em></li>
-
-        <li>Easier Apache module prototyping because with the
-        DSO/<code>apxs</code> pair you can both work outside the
-        Apache source tree and only need an <code>apxs -i</code>
-        command followed by an <code>apachectl restart</code> to
-        bring a new version of your currently developed module into
-        the running Apache server.</li>
-      </ul>
-
-      <p>DSO has the following disadvantages:</p>
-
-      <ul>
-        <li>The DSO mechanism cannot be used on every platform
-        because not all operating systems support dynamic loading
-        of code into the address space of a program.</li>
-
-        <li>The server is approximately 20% slower at startup time
-        because of the symbol resolving overhead the Unix loader
-        now has to do.</li>
-
-        <li>The server is approximately 5% slower at execution time
-        under some platforms because position independent code
-        (PIC) sometimes needs complicated assembler tricks for
-        relative addressing which are not necessarily as fast as
-        absolute addressing.</li>
-
-        <li>Because DSO modules cannot be linked against other
-        DSO-based libraries (<code>ld -lfoo</code>) on all
-        platforms (for instance a.out-based platforms usually don't
-        provide this functionality while ELF-based platforms do)
-        you cannot use the DSO mechanism for all types of modules.
-        Or in other words, modules compiled as DSO files are
-        restricted to only use symbols from the Apache core, from
-        the C library (<code>libc</code>) and all other dynamic or
-        static libraries used by the Apache core, or from static
-        library archives (<code>libfoo.a</code>) containing
-        position independent code. The only chances to use other
-        code is to either make sure the Apache core itself already
-        contains a reference to it, loading the code yourself via
-        <code>dlopen()</code> or enabling the
-        <code>SHARED_CHAIN</code> rule while building Apache when
-        your platform supports linking DSO files against DSO
-        libraries.</li>
-
-        <li>Under some platforms (many SVR4 systems) there is no
-        way to force the linker to export all global symbols for
-        use in DSO's when linking the Apache httpd executable
-        program. But without the visibility of the Apache core
-        symbols no standard Apache module could be used as a DSO.
-        The only chance here is to use the <code>SHARED_CORE</code>
-        feature because this way the global symbols are forced to
-        be exported. As a consequence the Apache
-        <code>src/Configure</code> script automatically enforces
-        <code>SHARED_CORE</code> on these platforms when DSO
-        features are used in the <code>Configuration</code> file or
-        on the configure command line.</li>
-      </ul>
-          <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-    </blockquote>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/env.html b/usr.sbin/httpd/htdocs/manual/env.html
deleted file mode 100644
index 2b674e345e3..00000000000
--- a/usr.sbin/httpd/htdocs/manual/env.html
+++ /dev/null
@@ -1,361 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Environment Variables in Apache</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="center">Environment Variables in Apache</h1>
-
-    <p>The Apache HTTP Server provides a mechanism for storing
-    information in named variables that are called <em>environment
-    variables</em>. This information can be used to control various
-    operations such as logging or access control. The variables are
-    also used as a mechanism to communicate with external programs
-    such as CGI scripts. This document discusses different ways to
-    manipulate and use these variables.</p>
-
-    <p>Although these variables are referred to as <em>environment
-    variables</em>, they are not the same as the environment
-    variables controlled by the underlying operating system.
-    Instead, these variables are stored and manipulated in an
-    internal Apache structure. They only become actual operating
-    system environment variables when they are provided to CGI
-    scripts and Server Side Include scripts. If you wish to
-    manipulate the operating system environment under which the
-    server itself runs, you must use the standard environment
-    manipulation mechanisms provided by your operating system
-    shell.</p>
-
-    <ul>
-      <li><a href="#setting">Setting Environment Variables</a></li>
-
-      <li><a href="#using">Using Environment Variables</a></li>
-
-      <li><a href="#special">Special Purpose Environment
-      Variables</a></li>
-
-      <li><a href="#examples">Examples</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="setting" name="setting">Setting Environment
-    Variables</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="mod/mod_env.html">mod_env</a><br />
-         <a href="mod/mod_rewrite.html">mod_rewrite</a><br />
-         <a href="mod/mod_setenvif.html">mod_setenvif</a><br />
-         <a href="mod/mod_unique_id.html">mod_unique_id</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="mod/mod_setenvif.html#browsermatch">BrowserMatch</a><br />
-         <a
-        href="mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a><br />
-         <a href="mod/mod_env.html#passenv">PassEnv</a><br />
-         <a
-        href="mod/mod_rewrite.html#RewriteRule">RewriteRule</a><br />
-         <a href="mod/mod_env.html#setenv">SetEnv</a><br />
-         <a
-        href="mod/mod_setenvif.html#setenvif">SetEnvIf</a><br />
-         <a
-        href="mod/mod_setenvif.html#setenvifnocase">SetEnvIfNoCase</a><br />
-         <a href="mod/mod_env.html#unsetenv">UnsetEnv</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <h3>Basic Environment Manipulation</h3>
-
-    <p>The most basic way to set an environment variable in Apache
-    is using the unconditional <code>SetEnv</code> directive.
-    Variables may also be passed from the environment of the shell
-    which started the server using the <code>PassEnv</code>
-    directive.</p>
-
-    <h3>Conditional Per-Request Settings</h3>
-
-    <p>For additional flexibility, the directives provided by
-    mod_setenvif allow environment variables to be set on a
-    per-request basis, conditional on characteristics of particular
-    requests. For example, a variable could be set only when a
-    specific browser (User-Agent) is making a request, or only when
-    a specific Referer [sic] header is found. Even more flexibility
-    is available through the mod_rewrite's <code>RewriteRule</code>
-    which uses the <code>[E=...]</code> option to set environment
-    variables.</p>
-
-    <h3>Unique Identifiers</h3>
-
-    <p>Finally, mod_unique_id sets the environment variable
-    <code>UNIQUE_ID</code> for each request to a value which is
-    guaranteed to be unique across "all" requests under very
-    specific conditions.</p>
-
-    <h3>Standard CGI Variables</h3>
-
-    <p>In addition to all environment variables set within the
-    Apache configuration and passed from the shell, CGI scripts and
-    SSI pages are provided with a set of environment variables
-    containing meta-information about the request as required by
-    the <a href="misc/FAQ.html#cgi-spec">CGI specification</a>.</p>
-
-    <h3>Some Caveats</h3>
-
-    <ul>
-      <li>It is not possible to override or change the standard CGI
-      variables using the environment manipulation directives.</li>
-
-      <li>When <a href="suexec.html">suexec</a> is used to launch
-      CGI scripts, the environment will be cleaned down to a set of
-      <em>safe</em> variables before CGI scripts are launched. The
-      list of <em>safe</em> variables is defined at compile-time in
-      <code>suexec.c</code>.</li>
-
-      <li>For portability reasons, the names of environment
-      variables may contain only letters, numbers, and the
-      underscore character. In addition, the first character may
-      not be a number. Characters which do not match this
-      restriction will be replaced by an underscore when passed to
-      CGI scripts and SSI pages.</li>
-    </ul>
-    <hr />
-
-    <h2><a id="using" name="using">Using Environment
-    Variables</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="mod/mod_access.html">mod_access</a><br />
-         <a href="mod/mod_cgi.html">mod_cgi</a><br />
-         <a href="mod/mod_include.html">mod_include</a><br />
-         <a href="mod/mod_log_config.html">mod_log_config</a><br />
-         <a href="mod/mod_rewrite.html">mod_rewrite</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="mod/mod_access.html#allow">Allow</a><br />
-         <a
-        href="mod/mod_log_config.html#customlog">CustomLog</a><br />
-         <a href="mod/mod_access.html#deny">Deny</a><br />
-         <a
-        href="mod/mod_log_config.html#logformat">LogFormat</a><br />
-         <a
-        href="mod/mod_rewrite.html#RewriteCond">RewriteCond</a><br />
-         <a
-        href="mod/mod_rewrite.html#RewriteRule">RewriteRule</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <h3>CGI Scripts</h3>
-
-    <p>One of the primary uses of environment variables is to
-    communicate information to CGI scripts. As discussed above, the
-    environment passed to CGI scripts includes standard
-    meta-information about the request in addition to any variables
-    set within the Apache configuration. For more details, see the
-    <a href="howto/cgi.html">CGI tutorial</a>.</p>
-
-    <h3>SSI Pages</h3>
-
-    <p>Server-parsed (SSI) documents processed by mod_include's
-    <code>server-parsed</code> handler can print environment
-    variables using the <code>echo</code> element, and can use
-    environment variables in flow control elements to makes parts
-    of a page conditional on characteristics of a request. Apache
-    also provides SSI pages with the standard CGI environment
-    variables as discussed above. For more details, see the <a
-    href="howto/ssi.html">SSI tutorial</a>.</p>
-
-    <h3>Access Control</h3>
-
-    <p>Access to the server can be controlled based on the value of
-    environment variables using the <code>allow from env=</code>
-    and <code>deny from env=</code> directives. In combination with
-    <code>SetEnvIf</code>, this allows for flexible control of
-    access to the server based on characteristics of the client.
-    For example, you can use these directives to deny access to a
-    particular browser (User-Agent).</p>
-
-    <h3>Conditional Logging</h3>
-
-    <p>Environment variables can be logged in the access log using
-    the <code>LogFormat</code> option <code>%e</code>. In addition,
-    the decision on whether or not to log requests can be made
-    based on the status of environment variables using the
-    conditional form of the <code>CustomLog</code> directive. In
-    combination with <code>SetEnvIf</code> this allows for flexible
-    control of which requests are logged. For example, you can
-    choose not to log requests for filenames ending in
-    <code>gif</code>, or you can choose to only log requests from
-    clients which are outside your subnet.</p>
-
-    <h3>URL Rewriting</h3>
-
-    <p>The <code>%{ENV:...}</code> form of <em>TestString</em> in
-    the <code>RewriteCond</code> allows mod_rewrite's rewrite
-    engine to make decisions conditional on environment variables.
-    Note that the variables accessible in mod_rewrite without the
-    <code>ENV:</code> prefix are not actually environment
-    variables. Rather, they are variables special to mod_rewrite
-    which cannot be accessed from other modules.</p>
-    <hr />
-
-    <h2><a id="special" name="special">Special Purpose Environment
-    Variables</a></h2>
-
-    <p>Interoperability problems have led to the introduction of
-    mechanisms to modify the way Apache behaves when talking to
-    particular clients. To make these mechanisms as flexible as
-    possible, they are invoked by defining environment variables,
-    typically with <a
-    href="mod/mod_setenvif.html#browsermatch">BrowserMatch</a>,
-    though <a href="mod/mod_env.html#setenv">SetEnv</a> and <a
-    href="mod/mod_env.html#passenv">PassEnv</a> could also be used,
-    for example.</p>
-
-    <h2>downgrade-1.0</h2>
-
-    <p>This forces the request to be treated as a HTTP/1.0 request
-    even if it was in a later dialect.</p>
-
-    <h2>force-no-vary</h2>
-
-    <p>This causes any <code>Vary</code> fields to be removed from
-    the response header before it is sent back to the client. Some
-    clients don't interpret this field correctly (see the <a
-    href="misc/known_client_problems.html">known client
-    problems</a> page); setting this variable can work around this
-    problem. Setting this variable also implies
-    <strong>force-response-1.0</strong>.</p>
-
-    <h2>force-response-1.0</h2>
-
-    <p>This forces an HTTP/1.0 response when set. It was originally
-    implemented as a result of a problem with AOL's proxies. Some
-    clients may not behave correctly when given an HTTP/1.1
-    response, and this can be used to interoperate with them.</p>
-
-    <h2>nokeepalive</h2>
-
-    <p>This disables <a
-    href="mod/core.html#keepalive">KeepAlive</a> when set.</p>
-
-    <h2>suppress-error-charset</h2>
-    <p><i>Available in versions after 1.3.26 and 2.0.40</i></p>
-    <p>When Apache issues a redirect in response to a client request,
-    the response includes some actual text to be displayed in case
-    the client can't (or doesn't) automatically follow the redirection.
-    Apache ordinarily labels this text according to the character set
-    which it uses, which is ISO-8859-1.</p>
-    <p> However, if the redirection is to a page that uses a different
-    character set, some broken browser versions will try to use the
-    character set from the redirection text rather than the actual page.
-    This can result in Greek, for instance, being incorrectly rendered.</p>
-    <p>Setting this environment variable causes Apache to omit the character
-    set for the redirection text, and these broken browsers will then correctly
-    use that of the destination page.</p>
-    <hr />
-
-    <h2><a id="examples" name="examples">Examples</a></h2>
-
-    <h3>Changing protocol behavior with misbehaving clients</h3>
-
-    <p>We recommend that the following lines be included in
-    httpd.conf to deal with known client problems.</p>
-<pre>
-#
-# The following directives modify normal HTTP response behavior.
-# The first directive disables keepalive for Netscape 2.x and browsers that
-# spoof it. There are known problems with these browser implementations.
-# The second directive is for Microsoft Internet Explorer 4.0b2
-# which has a broken HTTP/1.1 implementation and does not properly
-# support keepalive when it is used on 301 or 302 (redirect) responses.
-#
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-
-#
-# The following directive disables HTTP/1.1 responses to browsers which
-# are in violation of the HTTP/1.0 spec by not being able to grok a
-# basic 1.1 response.
-#
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-</pre>
-
-    <h3>Do not log requests for images in the access log</h3>
-
-    <p>This example keeps requests for images from appearing in the
-    access log. It can be easily modified to prevent logging of
-    particular directories, or to prevent logging of requests
-    coming from particular hosts.</p>
-<pre>
-    SetEnvIf Request_URI \.gif image-request
-    SetEnvIf Request_URI \.jpg image-request
-    SetEnvIf Request_URI \.png image-request
-    CustomLog logs/access_log env=!image-request
-</pre>
-
-    <h3>Prevent "Image Theft"</h3>
-
-    <p>This example shows how to keep people not on your server
-    from using images on your server as inline-images on their
-    pages. This is not a recommended configuration, but it can work
-    in limited circumstances. We assume that all your images are in
-    a directory called /web/images.</p>
-<pre>
-    SetEnvIf Referer "^http://www.example.com/" local_referal
-    # Allow browsers that do not send Referer info
-    SetEnvIf Referer "^$" local_referal
-    &lt;Directory /web/images&gt;
-       Order Deny,Allow
-       Deny from all
-       Allow from env=local_referal
-    &lt;/Directory&gt;
-</pre>
-
-    <p><em>Note:</em> spelling of 'referer' and 'referal' is
-    intentional.</p>
-
-    <p>For more information about this technique, see the
-    ApacheToday tutorial " <a
-    href="http://apachetoday.com/news_story.php3?ltsn=2000-06-14-002-01-PS">
-    Keeping Your Images from Adorning Other Sites</a>".</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/handler.html b/usr.sbin/httpd/htdocs/manual/handler.html
deleted file mode 100644
index 57a87305145..00000000000
--- a/usr.sbin/httpd/htdocs/manual/handler.html
+++ /dev/null
@@ -1,179 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache's Handler Use</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Apache's Handler Use</h1>
-
-    <ul>
-      <li><a href="#definition">What is a Handler</a></li>
-
-      <li><a href="#examples">Examples</a></li>
-
-      <li><a href="#programmer">Programmer's Note</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="definition" name="definition">What is a
-    Handler</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="mod/mod_actions.html">mod_actions</a><br />
-         <a href="mod/mod_asis.html">mod_asis</a><br />
-         <a href="mod/mod_cgi.html">mod_cgi</a><br />
-         <a href="mod/mod_imap.html">mod_imap</a><br />
-         <a href="mod/mod_info.html">mod_info</a><br />
-         <a href="mod/mod_include.html">mod_include</a><br />
-         <a href="mod/mod_mime.html">mod_mime</a><br />
-         <a
-        href="mod/mod_negotiation.html">mod_negotiation</a><br />
-         <a href="mod/mod_status.html">mod_status</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="mod/mod_actions.html#action">Action</a><br />
-         <a
-        href="mod/mod_mime.html#addhandler">AddHandler</a><br />
-         <a
-        href="mod/mod_mime.html#removehandler">RemoveHandler</a><br />
-         <a
-        href="mod/mod_mime.html#sethandler">SetHandler</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>A "handler" is an internal Apache representation of the
-    action to be performed when a file is called. Generally, files
-    have implicit handlers, based on the file type. Normally, all
-    files are simply served by the server, but certain file types
-    are "handled" separately.</p>
-
-    <p>Apache 1.1 adds the ability to use handlers explicitly.
-    Based on either filename extensions or on location, handlers
-    can be specified without relation to file type. This is
-    advantageous both because it is a more elegant solution, and
-    because it also allows for both a type <strong>and</strong> a
-    handler to be associated with a file. (See also <a
-    href="mod/mod_mime.html#multipleext">Files with Multiple
-    Extensions</a>.)</p>
-
-    <p>Handlers can either be built into the server or included in
-    a module, or they can be added with the <a
-    href="mod/mod_actions.html#action">Action</a> directive. The
-    built-in handlers in the standard distribution are as
-    follows:</p>
-
-    <ul>
-      <li><strong>default-handler</strong>: Send the file using the
-      <code>default_handler()</code>, which is the handler used by
-      default to handle static content. (core)</li>
-
-      <li><strong>send-as-is</strong>: Send file with HTTP headers
-      as is. (<a href="mod/mod_asis.html">mod_asis</a>)</li>
-
-      <li><strong>cgi-script</strong>: Treat the file as a CGI
-      script. (<a href="mod/mod_cgi.html">mod_cgi</a>)</li>
-
-      <li><strong>imap-file</strong>: Parse as an imagemap rule
-      file. (<a href="mod/mod_imap.html">mod_imap</a>)</li>
-
-      <li><strong>server-info</strong>: Get the server's
-      configuration information. (<a
-      href="mod/mod_info.html">mod_info</a>)</li>
-
-      <li><strong>server-parsed</strong>: Parse for server-side
-      includes. (<a
-      href="mod/mod_include.html">mod_include</a>)</li>
-
-      <li><strong>server-status</strong>: Get the server's status
-      report. (<a href="mod/mod_status.html">mod_status</a>)</li>
-
-      <li><strong>type-map</strong>: Parse as a type map file for
-      content negotiation. (<a
-      href="mod/mod_negotiation.html">mod_negotiation</a>)</li>
-    </ul>
-    <hr />
-
-    <h2><a id="examples" name="examples">Examples</a></h2>
-
-    <h3>Modifying static content using a CGI script</h3>
-
-    <p>The following directives will cause requests for files with
-    the <code>html</code> extension to trigger the launch of the
-    <code>footer.pl</code> CGI script.</p>
-<pre>
-     Action add-footer /cgi-bin/footer.pl
-     AddHandler add-footer .html
-</pre>
-
-    <p>Then the CGI script is responsible for sending the
-    originally requested document (pointed to by the
-    <code>PATH_TRANSLATED</code> environment variable) and making
-    whatever modifications or additions are desired.</p>
-
-    <h3>Files with HTTP headers</h3>
-
-    <p>The following directives will enable the
-    <code>send-as-is</code> handler, which is used for files which
-    contain their own HTTP headers. All files in the
-    <code>/web/htdocs/asis/</code> directory will be processed by
-    the <code>send-as-is</code> handler, regardless of their
-    filename extensions.</p>
-<pre>
-    &lt;Directory /web/htdocs/asis&gt;
-    SetHandler send-as-is
-    &lt;/Directory&gt;
-</pre>
-    <hr />
-
-    <h2><a id="programmer" name="programmer">Programmer's
-    Note</a></h2>
-
-    <p>In order to implement the handler features, an addition has
-    been made to the <a href="misc/API.html">Apache API</a> that
-    you may wish to make use of. Specifically, a new record has
-    been added to the <code>request_rec</code> structure:</p>
-<pre>
-    char *handler
-</pre>
-
-    <p>If you wish to have your module engage a handler, you need
-    only to set <code>r-&gt;handler</code> to the name of the
-    handler at any time prior to the <code>invoke_handler</code>
-    stage of the request. Handlers are implemented as they were
-    before, albeit using the handler name instead of a content
-    type. While it is not necessary, the naming convention for
-    handlers is to use a dash-separated word, with no slashes, so
-    as to not invade the media type name-space.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/howto/auth.html b/usr.sbin/httpd/htdocs/manual/howto/auth.html
deleted file mode 100644
index 940d5ff7600..00000000000
--- a/usr.sbin/httpd/htdocs/manual/howto/auth.html
+++ /dev/null
@@ -1,1197 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <title>Authentication, Authorization, and Access Control</title>
-  </head>
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-
-<h1 align="center">Authentication, Authorization, and Access
-Control</h1>
-
-    <a name="TOC"></a>
-
-    <ul>
-      <li><a href="#intro">Introduction</a></li>
-      <li>
-        <a href="#basic">Basic authentication</a>
-
-        <ul>
-          <li><a href="#basicworks">How basic
-          authentication works</a></li>
-
-          <li>
-            <a href="#basicconfig">Configuration:
-            Protecting content with basic authentication</a>
-
-          </li>
-
-          <li>
-            <a href="#basicfaq">Frequently asked
-            questions about basic auth</a>
-          </li>
-
-          <li><a href="#basiccaveat">Security
-          caveat</a></li>
-        </ul>
-        <br />
-      </li>
-
-      <li>
-        <a href="#digest">Digest authentication</a>
-
-        <ul>
-          <li><a href="#digestworks">How digest auth
-          works</a></li>
-
-          <li>
-            <a href="#digestconfig">Configuration:
-            Protecting content with digest authentication</a>
-          </li>
-
-          <li><a href="#digestcaveat">Caveats</a></li>
-        </ul>
-        <br />
-      </li>
-
-      <li>
-        <a href="#database">Database authentication
-        modules</a>
-
-        <ul>
-          <li><a href="#modauthdb">mod_auth_db and
-          mod_auth_dbm</a></li>
-
-          <li><a href="#dbfiles">Berkeley DB files</a></li>
-
-          <li><a href="#installauthdb">Installing mod_auth_db</a></li>
-
-          <li>
-            <a href="#authdbconfig">Protecting a
-            directory with mod_auth_db</a>
-          </li>
-        </ul>
-        <br />
-      </li>
-
-      <li>
-        <a href="#access">Access control</a>
-
-        <ul>
-          <li><a href="#allowdeny">Allow and Deny</a></li>
-
-          <li><a href="#satisfy">Satisfy</a></li>
-        </ul>
-        <br />
-      </li>
-
-      <li><a href="#summary">Summary</a></li>
-    </ul>
-    <!--End of Table of Child-Links-->
-    <hr />
-
-    <h1><a name="auth"></a><br />
-     Authentication, Authorization, and Access Control</h1>
-
-    <h1><a name="intro">Introduction</a></h1>
-
-    <p>Apache has three distinct ways of dealing with the question
-    of whether a particular request for a resource will result in
-    that resource actually be returned. These criteria are called
-    <i>Authorization</i>, <i>Authentication</i>, and <i>Access
-    control</i>.</p>
-
-    <p>Authentication is any process by which you verify that
-    someone is who they claim they are. This usually involves a
-    username and a password, but can include any other method of
-    demonstrating identity, such as a smart card, retina scan,
-    voice recognition, or fingerprints. Authentication is
-    equivalent to showing your drivers license at the ticket
-    counter at the airport.</p>
-
-    <p>Authorization is finding out if the person, once identified,
-    is permitted to have the resource. This is usually determined
-    by finding out if that person is a part of a particular group,
-    if that person has paid admission, or has a particular level of
-    security clearance. Authorization is equivalent to checking the
-    guest list at an exclusive party, or checking for your ticket
-    when you go to the opera.</p>
-
-    <p>Finally, access control is a much more general way of
-    talking about controlling access to a web resource. Access can
-    be granted or denied based on a wide variety of criteria, such
-    as the network address of the client, the time of day, the
-    phase of the moon, or the browser which the visitor is using.
-    Access control is analogous to locking the gate at closing
-    time, or only letting people onto the ride who are more than 48
-    inches tall - it's controlling entrance by some arbitrary
-    condition which may or may not have anything to do with the
-    attributes of the particular visitor.</p>
-
-    <p>Because these three techniques are so closely related in
-    most real applications, it is difficult to talk about them
-    separate from one another. In particular, authentication and
-    authorization are, in most actual implementations,
-    inextricable.</p>
-
-    <p>If you have information on your web site that is sensitive,
-    or intended for only a small group of people, the techniques in
-    this tutorial will help you make sure that the people that see
-    those pages are the people that you wanted to see them.</p>
-
-    <h1><a name="basic"></a>Basic authentication</h1>
-
-    <p>As the name implies, basic authentication is the simplest
-    method of authentication, and for a long time was the most
-    common authentication method used. However, other methods of
-    authentication have recently passed basic in common usage, due
-    to usability issues that will be discussed in a minute.</p>
-
-    <h2><a name="basicworks"></a><br />
-     How basic authentication works</h2>
-
-    <p>When a particular resource has been protected using basic
-    authentication, Apache sends a <tt>401 Authentication
-    Required</tt> header with the response to the request, in order
-    to notify the client that user credentials must be supplied in
-    order for the resource to be returned as requested.</p>
-
-    <p>Upon receiving a <tt>401</tt> response header, the client's
-    browser, if it supports basic authentication, will ask the user
-    to supply a username and password to be sent to the server. If
-    you are using a graphical browser, such as Netscape or Internet
-    Explorer, what you will see is a box which pops up and gives
-    you a place to type in your username and password, to be sent
-    back to the server. If the username is in the approved list,
-    and if the password supplied is correct, the resource will be
-    returned to the client.</p>
-
-    <p>Because the HTTP protocol is stateless, each request will be
-    treated in the same way, even though they are from the same
-    client. That is, every resource which is requested from the
-    server will have to supply authentication credentials over
-    again in order to receive the resource.</p>
-
-    <p>Fortunately, the browser takes care of the details here, so
-    that you only have to type in your username and password one
-    time per browser session - that is, you might have to type it
-    in again the next time you open up your browser and visit the
-    same web site.</p>
-
-    <p>Along with the <tt>401</tt> response, certain other
-    information will be passed back to the client. In particular,
-    it sends a name which is associated with the protected area of
-    the web site. This is called the <i>realm</i>, or just the
-    authentication name. The client
-    browser caches the username and password that you supplied, and
-    stores it along with the authentication realm, so that if other
-    resources are requested from the same realm, the same username
-    and password can be returned to authenticate that request
-    without requiring the user to type them in again. This caching
-    is usually just for the current browser session, but some
-    browsers allow you to store them permanently, so that you never
-    have to type in your password again.</p>
-
-    <p>The authentication name, or realm, will appear in the pop-up
-    box, in order to identify what the username and password are
-    being requested for.</p>
-
-    <h2><a name="basicconfig"></a>
-     Configuration: Protecting content with basic
-    authentication</h2>
-
-    <p>There are two configuration steps which you must complete in
-    order to protect a resource using basic authentication. Or
-    three, depending on what you are trying to do.</p>
-
-    <ol>
-      <li>Create a password file</li>
-
-      <li>Set the configuration to use this password file</li>
-
-      <li>Optionally, create a group file</li>
-    </ol>
-
-    <h3><a name="htpasswd"></a><br />
-     Create a password file</h3>
-
-    <p>In order to determine whether a particular username/password
-    combination is valid, the username and password supplied by the
-    user will need to be compared to some authoritative listing of
-    usernames and password. This is the password file, which you
-    will need to create on the server side, and populate with valid
-    users and their passwords.</p>
-
-    <p>Because this file contains sensitive information, it should
-    be stored outside of the document directory. Although, as you
-    will see in a moment, the passwords are encrypted in the file,
-    if a cracker were to gain access to the file, it would be an
-    aid in their attempt to figure out the passwords. And, because
-    people tend to be sloppy with the passwords that they choose,
-    and use the same password for web site authentication as for
-    their bank account, this potentially be a very serious breach
-    of security, even if the content on your web site is not
-    particularly sensitive.</p>
-
-    <p><b>Caution:</b> Encourage your users to use a different
-    password for your web site than for other more essential
-    things. For example, many people tend to use two passwords -
-    one for all of their extremely important things, such as the
-    login to their desktop computer, and for their bank account,
-    and another for less sensitive things, the compromise of which
-    would be less serious.</p>
-
-    <p>To create the password file, use the <tt>htpasswd</tt>
-    utility that came with Apache. This will be located in the
-    <tt>bin</tt> directory of wherever you installed Apache. For
-    example, it will probably be located at
-    <tt>/usr/local/apache/bin/htpasswd</tt> if you installed Apache
-    from source.</p>
-
-    <p>To create the file, type:</p>
-<pre>
-htpasswd -c /usr/local/apache/passwd/passwords username
-</pre>
-
-    <p><tt>htpasswd</tt> will ask you for the password, and then
-    ask you to type it again to confirm it:</p>
-<pre>
-# htpasswd -c /usr/local/apache/passwd/passwords rbowen
-New password: mypassword
-Re-type new password: mypassword
-Adding password for user rbowen
-</pre>
-
-    <p>Note that in the example shown, a password file is being
-    created containing a user called <tt>rbowen</tt>, and this
-    password file is being placed in the location
-    <tt>/usr/local/apache/passwd/passwords</tt>. You will
-    substitute the location, and the username, which you want to
-    use to start your password file.</p>
-
-    <p>If <tt>htpasswd</tt> is not in your path, you will have to
-    type the full path to the file to get it to run. That is, in
-    the example above, you would replace <tt>htpasswd</tt> with
-    <tt>/usr/local/apache/bin/htpasswd</tt></p>
-
-    <p>The <tt>-c</tt> flag is used only when you are creating a
-    new file. After the first time, you will omit the <tt>-c</tt>
-    flag, when you are adding new users to an already-existing
-    password file.</p>
-<pre>
-htpasswd /usr/local/apache/passwd/passwords sungo
-</pre>
-
-    <p>The example just shown will add a user named <tt>sungo</tt>
-    to a password file which has already been created earlier. As
-    before, you will be asked for the password at the command line,
-    and then will be asked to confirm the password by typing it
-    again.</p>
-
-    <p><b>Caution:</b> Be very careful when you add new users to an
-    existing password file that you don't use the <tt>-c</tt> flag
-    by mistake. Using the <tt>-c</tt> flag will create a new
-    password file, even if you already have an existing file of
-    that name. That is, it will remove the contents of the file
-    that is there, and replace it with a new file containing only
-    the one username which you were adding.</p>
-
-    <p>The password is stored in the password file in encrypted
-    form, so that users on the system will not be able to read the
-    file and immediately determine the passwords of all the users.
-    Nevertheless, you should store the file in as secure a location
-    as possible, with whatever minimum permissions on the file so
-    that the web server itself can read the file. For example, if
-    your server is configured to run as user <tt>nobody</tt> and
-    group <tt>nogroup</tt>, then you should set permissions on the
-    file so that only the webserver can read the file and only
-    root can write to it:</p>
-<pre>
-chown root.nogroup /usr/local/apache/passwd/passwords
-chmod 640 /usr/local/apache/passwd/passwords
-</pre>
-
-    <p>On Windows, a similar precaution should be taken, changing
-    the ownership of the password file to the web server user, so
-    that other users cannot read the file.</p>
-
-    <h3><a name="htpasswdconfig"></a><br />
-     Set the configuration to use this password file</h3>
-
-    <p>Once you have created the password file, you need to tell
-    Apache about it, and tell Apache to use this file in order to
-    require user credentials for admission. This configuration is
-    done with the following directives:</p>
-
-    <table cellpadding="3">
-      <tr>
-        <td align="left">AuthType</td>
-
-        <td align="left" valign="top" width="360">Authentication
-        type being used. In this case, it will be set to
-        <tt>Basic</tt></td>
-      </tr>
-
-      <tr>
-        <td align="left">AuthName</td>
-
-        <td align="left" valign="top" width="360">The
-        authentication realm or name</td>
-      </tr>
-
-      <tr>
-        <td align="left">AuthUserFile</td>
-
-        <td align="left" valign="top" width="360">The location of
-        the password file</td>
-      </tr>
-
-      <tr>
-        <td align="left">AuthGroupFile</td>
-
-        <td align="left" valign="top" width="360">The location of
-        the group file, if any</td>
-      </tr>
-
-      <tr>
-        <td align="left">Require</td>
-
-        <td align="left" valign="top" width="360">The
-        requirement(s) which must be satisfied in order to grant
-        admission</td>
-      </tr>
-    </table>
-
-    <p>These directives may be placed in a <tt>.htaccess</tt> file
-    in the particular directory being protected, or may go in the
-    main server configuration file, in a <tt>&lt;Directory&gt;</tt>
-    section, or other scope container.</p>
-
-    <p>The example shown below defines an authentication realm
-    called ``By Invitation Only''. The password file located at
-    <tt>/usr/local/apache/passwd/passwords</tt> will be used to
-    verify the user's identity. Only users named <tt>rbowen</tt> or
-    <tt>sungo</tt> will be granted access, and even then only if
-    they provide a password which matches the password stored in
-    the password file.</p>
-<pre>
-AuthType Basic
-AuthName "By Invitation Only"
-AuthUserFile /usr/local/apache/passwd/passwords
-Require user rbowen sungo
-</pre>
-
-    <p>The phrase ``By Invitation Only'' will be displayed in the
-    password pop-up box, where the user will have to type their
-    credentials.</p>
-
-    <p>You will need to restart your Apache server in order for the
-    new configuration to take effect, if these directives were put
-    in the main server configuration file. Directives placed in
-    <tt>.htaccess</tt> files take effect immediately, since
-    <tt>.htaccess</tt> files are parsed each time files are
-    served.</p>
-
-    <p>The next time that you load a file from that directory, you
-    will see the familiar username/password dialog box pop up,
-    requiring that you type the username and password before you
-    are permitted to proceed.</p>
-
-    <p>Note that in addition to specifically listing the users to
-    whom you want to grant access, you can specify that any valid
-    user should be let in. This is done with the
-    <tt>valid-user</tt> keyword:</p>
-<pre>
-Require valid-user
-</pre>
-
-    <h3><a name="basicgroupfile"></a><br />
-     Optionally, create a group file</h3>
-
-    <p>Most of the time, you will want more than one, or two, or
-    even a dozen, people to have access to a resource. You want to
-    be able to define a group of people that have access to that
-    resource, and be able to manage that group of people, adding
-    and removing members, without having to edit the server
-    configuration file, and restart Apache, each time.</p>
-
-    <p>This is handled using authentication groups. An
-    authentication group is, as you would expect, a group name
-    associated with a list of members. This list is stored in a
-    group file, which should be stored in the same location as the
-    password file, so that you are able to keep track of these
-    things.</p>
-
-    <p>The format of the group file is exceedingly simple. A group
-    name appears first on a line, followed by a colon, and then a
-    list of the members of the group, separated by spaces. For
-    example:</p>
-<pre>
-authors: rich daniel allan
-</pre>
-
-    <p>Once this file has been created, you can <tt>Require</tt>
-    that someone be in a particular group in order to get the
-    requested resource. This is done with the
-    <tt>AuthGroupFile</tt> directive, as shown in the following
-    example.</p>
-<pre>
-AuthType Basic
-AuthName "Apache Admin Guide Authors"
-AuthUserFile /usr/local/apache/passwd/passwords
-AuthGroupFile /usr/local/apache/passwd/groups
-Require group authors
-</pre>
-
-    <p>The authentication process is now one step more involved.
-    When a request is received, and the requested username and
-    password are supplied, the group file is first checked to see
-    if the supplied username is even in the required group. If it
-    is, then the password file will be checked to see if the
-    username is in there, and if the supplied password matches the
-    password stored in that file. If any of these steps fail,
-    access will be forbidden.</p>
-
-    <h2><a name="basicfaq"></a><br />
-     Frequently asked questions about basic auth</h2>
-
-    <p>The following questions tend to get asked very frequently
-    with regard to basic authentication. It should be understood
-    that basic authentication is very basic, and so is limited to
-    the set of features that has been presented above. Most of the
-    more interesting things that people tend to want, need to be
-    implemented using some alternate authentication scheme.</p>
-
-    <h3><a name="logout"></a><br />
-     How do I log out?</h3>
-
-    <p>Since browsers first started implementing basic
-    authentication, website administrators have wanted to know how
-    to let the user log out. Since the browser caches the username
-    and password with the authentication realm, as described
-    earlier in this tutorial, this is not a function of the server
-    configuration, but is a question of getting the browser to
-    forget the credential information, so that the next time the
-    resource is requested, the username and password must be
-    supplied again. There are numerous situations in which this is
-    desirable, such as when using a browser in a public location,
-    and not wishing to leave the browser logged in, so that the
-    next person can get into your bank account.</p>
-
-    <p>However, although this is perhaps the most frequently asked
-    question about basic authentication, thus far none of the major
-    browser manufacturers have seen this as being a desirable
-    feature to put into their products.</p>
-
-    <p>Consequently, the answer to this question is, you can't.
-    Sorry.</p>
-
-    <h3><a name="passworddialog"></a><br />
-     How can I change what the password box looks like?</h3>
-
-    <p>The dialog that pops up for the user to enter their username
-    and password is ugly. It contains text that you did not
-    indicate that you wanted in there. It looks different in
-    Internet Explorer and Netscape, and contains different text.
-    And it asks for fields that the user might not understand -
-    for example, Netscape asks the user to type in their ``User
-    ID'', and they might not know what that means. Or, you might
-    want to provide additional explanatory text so that the user
-    has a better idea what is going on.</p>
-
-    <p>Unfortunately, these things are features of the browser, and
-    cannot be controlled from the server side. If you want the
-    login to look different, then you will need to implement your
-    own authentication scheme. There is no way to change what this
-    login box looks like if you are using basic authentication.</p>
-
-    <h3><a name="persistpass"></a><br />
-     How to I make it not ask me for my password the next
-    time?</h3>
-
-    <p>Because most browsers store your password information only
-    for the current browser session, when you close your browser it
-    forgets your username and password. So, when you visit the same
-    web site again, you will need to re-enter your username and
-    password.</p>
-
-    <p>There is nothing that can be done about this on the server
-    side.</p>
-
-    <p>However, the most recent versions of the major browsers
-    contain the ability to remember your password forever, so that
-    you never have to log in again. While it is debatable whether
-    this is a good idea, since it effectively overrides the entire
-    point of having security in the first place, it is certainly
-    convenient for the user, and simplifies the user
-    experience.</p>
-
-    <h3><a name="passwordtwice"></a><br />
-     Why does it sometimes ask me for my password twice?</h3>
-
-    <p>When entering a password-protected web site for the first
-    time, you will occasionally notice that you are asked for your
-    password twice. This may happen immediately after you entered
-    the password the first time, or it may happen when you click on
-    the first link after authenticating the first time.</p>
-
-    <p>This happens for a very simple, but nonetheless confusing,
-    reason, again having to do with the way that the browser caches
-    the login information.</p>
-
-    <p>Login information is stored on the browser based on the
-    authentication realm, specified by the <tt>AuthName</tt>
-    directive, and by the server name. In this way, the browser can
-    distinguish between the <tt>Private</tt> authentication realm
-    on one site and on another. So, if you go to a site using one
-    name for the server, and internal links on the server refer to
-    that server by a different name, the browser has no way to know
-    that they are in fact the same server.</p>
-
-    <p>For example, if you were to visit the URL
-    <tt>http://example.com/private/</tt>, which required
-    authentication, your browser would remember the supplied
-    username and password, associated with the hostname
-    <tt>example.com</tt>. If, by virtue of an internal redirect, or
-    fully-qualified HTML links in pages, you are then sent to the
-    URL <tt>http://www.example.com/private/</tt>, even though this
-    is really exactly the same URL, the browser does not know this
-    for sure, and is forced to request the authentication
-    information again, since <tt>example.com</tt> and
-    <tt>www.example.com</tt> are not exactly the same hostname.
-    Your browser has no particular way to know that these are the
-    same web site.</p>
-
-    <h2><a name="basiccaveat"></a><br />
-     Security caveat</h2>
-
-    <p>Basic authentication should not be considered secure for any
-    particularly rigorous definition of secure.</p>
-
-    <p>Although the password is stored on the server in encrypted
-    format, it is passed from the client to the server in plain
-    text across the network. Anyone listening with any variety of
-    packet sniffer will be able to read the username and password
-    in the clear as it goes across.</p>
-
-    <p>Not only that, but remember that the username and password
-    are passed with every request, not just when the user first
-    types them in. So the packet sniffer need not be listening at a
-    particularly strategic time, but just for long enough to see
-    any single request come across the wire.</p>
-
-    <p>And, in addition to that, the content itself is also going
-    across the network in the clear, and so if the web site
-    contains sensitive information, the same packet sniffer would
-    have access to that information as it went past, even if the
-    username and password were not used to gain direct access to
-    the web site.</p>
-
-    <p>Don't use basic authentication for anything that requires
-    real security. It is a detriment for most users, since very few
-    people will take the trouble, or have the necessary software
-    and/or equipment, to find out passwords. However, if someone
-    had a desire to get in, it would take very little for them to
-    do so.</p>
-
-    <h1><a name="digest"></a>Digest authentication</h1>
-
-    <p>Addressing one of the security caveats of basic
-    authentication, digest authentication provides an alternate
-    method for protecting your web content. However, it to has a
-    few caveats.</p>
-
-    <h2><a name="digestworks">How digest auth works</a></h2>
-
-    <p>Digest authentication is implemented by the module
-    <tt>mod_auth_digest</tt>. There is an older module,
-    <tt>mod_digest</tt>, which implemented an older version of the
-    digest authentication specification, but which will probably
-    not work with newer browsers.</p>
-
-    <p>Using digest authentication, your password is never sent
-    across the network in the clear, but is always transmitted as
-    an MD5 digest of the user's password. In this way, the password
-    cannot be determined by sniffing network traffic.</p>
-
-    <p>The full specification of digest authentication can be seen
-    in the internet standards document RFC 2617, which you can see
-    at <tt>http://www1.ics.uci.edu/pub/ietf/http/rfc2617.txt</tt>.
-    Additional information and resources about MD5 can be found at
-    <tt>http://userpages.umbc.edu/&nbsp;mabzug1/cs/md5/md5.html</tt></p>
-
-    <h2><a name="digestconfig"></a>Configuration:
-    Protecting content with digest authentication</h2>
-
-    <p>The steps for configuring your server for digest
-    authentication are very similar for those for basic
-    authentication.</p>
-
-    <ol>
-      <li>Create the password file</li>
-
-      <li>Set the configuration to use this password file</li>
-
-      <li>Optionally, create a group file</li>
-    </ol>
-
-    <h3><a name="htdigest"></a>Creating a password file</h3>
-
-    <p>As with basic authentication, a simple utility is provided
-    to create and maintain the password file which will be used to
-    determine whether a particular user's name and password are
-    valid. This utility is called <tt>htdigest</tt>, and will be
-    located in the <tt>bin</tt> directory of wherever you installed
-    Apache. If you installed Apache from some variety of package
-    manager, <tt>htdigest</tt> is likely to have been placed
-    somewhere in your path.</p>
-
-    <p>To create a new digest password file, type:</p>
-<pre>
-htdigest -c /usr/local/apache/passwd/digest realm username
-</pre>
-
-    <p><tt>htdigest</tt> will ask you for the desired password, and
-    then ask you to type it again to confirm it.</p>
-
-    <p>Note that the realm for which the authentication will be
-    required is part of the argument list.</p>
-
-    <p>Once again, as with basic authentication, you are encouraged
-    to place the generated file somewhere outside of the document
-    directory.</p>
-
-    <p>And, as with the <tt>htpasswd</tt> utility, the <tt>-c</tt>
-    flag creates a new file, or, if a file of that name already
-    exists, deletes the contents of that file and generates a new
-    file in its place. Omit the <tt>-c</tt> flag in order to add
-    new user information to an existing password file.</p>
-
-    <h3><a name="htdigestconfig"></a>Set the configuration
-    to use this password file</h3>
-
-    <p>Once you have created a password file, you need to tell
-    Apache about it in order to start using it as a source of
-    authenticated user information. This configuration is done with
-    the following directives:</p>
-
-    <table cellpadding="3">
-      <tr>
-        <td align="left">AuthType</td>
-
-        <td align="left" valign="top" width="360">Authentication
-        type being used. In this case, it will be set to
-        <tt>Digest</tt></td>
-      </tr>
-
-      <tr>
-        <td align="left">AuthName</td>
-
-        <td align="left" valign="top" width="360">The
-        authentication realm or name</td>
-      </tr>
-
-      <tr>
-        <td align="left">AuthDigestFile</td>
-
-        <td align="left" valign="top" width="360">The location of
-        the password file</td>
-      </tr>
-
-      <tr>
-        <td align="left">AuthDigestGroupFile</td>
-
-        <td align="left" valign="top" width="360">Location of the
-        group file, if any</td>
-      </tr>
-
-      <tr>
-        <td align="left">Require</td>
-
-        <td align="left" valign="top" width="360">The
-        requirement(s) which must be satisfied in order to grant
-        admission</td>
-      </tr>
-    </table>
-
-    <p>These directives may be placed in a <tt>.htaccess</tt> file
-    in the particular directory being protected, or may go in the
-    main server configuration file, in a <tt>&lt;Directory&gt;</tt>
-    section, or another scope container.</p>
-
-    <p>The following example defines an authentication realm called
-    "Private". The password file located at
-    <tt>/usr/local/apache/passwd/digest</tt> will be used to verify
-    the user's identity. Only users named <tt>drbacchus</tt> or
-    <tt>dorfl</tt> will be granted access, if they provide a
-    password that patches the password stored in the password
-    file.</p>
-<pre>
-AuthType Digest
-AuthName "Private"
-AuthDigestFile /usr/local/apache/passwd/digest
-Require user drbacchus dorfl
-</pre>
-
-    <p>The phrase "Private" will be displayed in the password
-    pop-up box, where the user will have to type their
-    credentials.</p>
-
-    <h3><a name="digestgroup"></a>Optionally, create a group file</h3>
-
-    <p>As you have observed, there are not many differences between
-    this configuration process and that required by basic
-    authentication, described in the previous section. This is true
-    also of group functionality. The group file used for digest
-    authentication is exactly the same as that used for basic
-    authentication. That is to say, lines in the group file consist
-    the name of the group, a colon, and a list of the members of
-    that group. For example:</p>
-<pre>
-admins: jim roy ed anne
-</pre>
-
-    <p>Once this file has been created, you can <tt>Require</tt>
-    that someone be in a particular group in order to get the
-    requested resource. This is done with the
-    <tt>AuthDigestGroupFile</tt> directive, as shown in the
-    following example.</p>
-<pre>
-AuthType Digest
-AuthName "Private"
-AuthDigestFile /usr/local/apache/passwd/digest
-AuthDigestGroupFile /usr/local/apache/passwd/digest.groups
-Require group admins
-</pre>
-
-    <p>The authentication process is the same as that used by basic
-    authentication. It is first verified that the user is in the
-    required group, and, if this is true, then the password is
-    verified.</p>
-
-    <h2><a name="digestcaveat">Caveats</a></h2>
-
-    <p>Before you leap into using digest authentication instead of
-    basic authentication, there are a few things that you should
-    know about.</p>
-
-    <p>Most importantly, you need to know that, although digest
-    authentication has this great advantage that you don't send
-    your password across the network in the clear, it is not
-    supported by all major browsers in use today, and so you should
-    not use it on a web site on which you cannot control the
-    browsers that people will be using, such as on your intranet
-    site. In particular, Opera 4.0 or later, Microsoft Internet
-    Explorer 5.0 or later, Mozilla 1.0.1 and Netscape 7 or later
-    as well as Amaya support digest authentication, while various
-    other browsers do not.</p>
-
-    <p>Next, with regard to security considerations, you should
-    understand two things. Although your password is not passed in
-    the clear, all of your data is, and so this is a rather small
-    measure of security. And, although your password is not really
-    sent at all, but a digest form of it, someone very familiar
-    with the workings of HTTP could use that information - just
-    your digested password - and use that to gain access to the
-    content, since that digested password is really all the
-    information required to access the web site.</p>
-
-    <p>The moral of this is that if you have content that really
-    needs to be kept secure, use SSL.</p>
-
-    <h1><a name="database">Database authentication
-    modules</a></h1>
-
-    <p>Basic authentication and digest authentication both suffer
-    from the same major flaw. They use text files to store the
-    authentication information. The problem with this is that
-    looking something up in a text file is very slow. It's rather
-    like trying to find something in a book that has no index. You
-    have to start at the beginning, and work through it one page at
-    a time until you find what you are looking for. Now imagine
-    that the next time you need to find the same thing, you don't
-    remember where it was before, so you have to start at the
-    beginning again, and work through one page at a time until you
-    find it again. And the next time. And the time after that.</p>
-
-    <p>Since HTTP is stateless, authentication has to be verified
-    every time that content is requested. And so every time a
-    document is accessed which is secured with basic or digest
-    authentication, Apache has to open up those text password files
-    and look through them one line at a time, until it finds the
-    user that is trying to log in, and verifies their password. In
-    the worst case, if the username supplied is not in there at
-    all, every line in the file will need to be checked. On
-    average, half of the file will need to be read before the user
-    is found. This is very slow.</p>
-
-    <p>While this is not a big problem for small sets of users,
-    when you get into larger numbers of users (where "larger" means
-    a few hundred) this becomes prohibitively slow. In many cases,
-    in fact, valid username/password combinations will get rejected
-    because the authentication module just had to spend so much
-    time looking for the username in the file that Apache will just
-    get tired of waiting and return a failed authentication.</p>
-
-    <p>In these cases, you need an alternative, and that
-    alternative is to use some variety of database. Databases are
-    optimized for looking for a particular piece of information in
-    a very large data set. It builds indexes in order to rapidly
-    locate a particular record, and they have query languages for
-    swiftly locating records that match particular criteria.</p>
-
-    <p>There are numerous modules available for Apache to
-    authenticate using a variety of different databases. In this
-    section, we'll just look at two modules which ship with Apache.
-    </p>
-
-    <h2><a name="modauthdb"></a>mod_auth_db and mod_auth_dbm</h2>
-
-    <p><tt>mod_auth_db</tt> and <tt>mod_auth_dbm</tt> are modules
-    which lets you keep your usernames and passwords in DB or DBM
-    files. There are few practical differences between DB files and
-    DBM files. And, on some operating systems, such as various
-    BSDs, and Linux, they are exactly the same thing. You should
-    pick whichever of the two modules makes the most sense on your
-    particular platform of choice. If you do not have DB support on
-    your platform, you may need to install it. You download an
-    implementation of DB at <tt>http://www.sleepycat.com/</tt>.
-
-    <h2><a name="dbfiles"></a>Berkeley DB files</h2>
-
-    <p>DB files, also known as Berkeley database files, are the
-    simplest form of database, and are rather ideally suited for
-    the sort of data that needs to be stored for HTTP
-    authentication. DB files store key/value pairs. That is, the
-    name of a variable, and the value of that variable. While other
-    databases allow the storage of many fields in a given record, a
-    DB file allows only this pairing of key and value.<a
-    name="foot1_return" href="#foot1"><sup>1</sup></a> This is ideal for
-    authentication, which requires only the pair of a username and
-    password.</p>
-
-    <h2><a name="installauthdb">Installing mod_auth_db</a></h2>
-
-    <p>For the purposes of this tutorial, we'll talk about
-    installing and configuring <tt>mod_auth_db</tt>. However,
-    everything that is said here can be directly applied to
-    <tt>mod_auth_dbm</tt> by simply replacing 'db' with 'dbm' and
-    'DB' with 'DBM' in the various commands, file names, and
-    directives.</p>
-
-    <p>Since <tt>mod_auth_db</tt> is not compiled in by default,
-    you will need to rebuild Apache in order to get the
-    functionality, unless you built in everything when we started.
-    Note that if you installed Apache with shared object
-    support, you may be able to just build the module and load it
-    in to Apache.</p>
-
-    <p>To build Apache from scratch with <tt>mod_auth_db</tt> built
-    in, use the following <tt>./configure</tt> line in your apache
-    source code directory.</p>
-<pre>
-./configure --enable-module=auth_db
-</pre>
-
-    <p>Or, if you had a more complex <tt>configure</tt> command
-    line, you can just add the <tt>-enable-module=auth_db</tt>
-    option to that command line, and you'll get
-    <tt>mod_auth_db</tt> built into your server.</p>
-
-    <h2><a name="authdbconfig">Protecting a directory with
-    mod_auth_db</a></h2>
-
-    <p>Once you have compiled the <tt>mod_auth_db</tt> module, and
-    loaded it into your web server, you'll find that there's very
-    little difference between using regular authentication and
-    using <tt>mod_auth_db</tt> authentication. The procedure is the
-    same as that we went through with basic and digest
-    authentication:</p>
-
-    <ol>
-      <li>Create the user file.</li>
-
-      <li>Configure Apache to use that file for
-      authentication.</li>
-
-      <li>Optionally, create a group file.</li>
-    </ol>
-
-    <h3><a name="dbmmanage"></a>Create the user file</h3>
-
-    <p>The user file for authentication is, this time, not a flat
-    text file, but is a DB file<a name="foot2_return"
-    href="#foot2"><sup>2</sup></a>. Fortunately, once again,
-    Apache provides us with a simple utility for the purpose of
-    managing this user file. This time, the utility is called
-    <tt>dbmmanage</tt>, and will be located in the <tt>bin</tt>
-    subdirectory of wherever you installed Apache.</p>
-
-    <p><tt>dbmmanage</tt> is somewhat more complicated to use than
-    <tt>htpasswd</tt> or <tt>htdigest</tt>, but it is still fairly
-    simple. The syntax which you will usually be using is as
-    follows:</p>
-<pre>
-dbmmanage passwords.dat adduser montressor
-</pre>
-
-    <p>As with <tt>htpasswd</tt>, you will at this point be
-    prompted for a password, and then asked to confirm that
-    password by typing it again. The main difference here is that
-    rather than a text file being created, you are creating a
-    binary file containing the information that you have
-    supplied.</p>
-
-    <p>Type <tt>dbmmanage</tt> with no arguments to get the full
-    list of options available with this utility.</p>
-
-    <h3><a name="perl_dbfile">Creating your user file with
-    Perl</a></h3>
-
-    <p>Note that, if you are so inclined, you can manage your user
-    file with Perl, or any other language which has a DB-file
-    module, for interfacing with this type of database. This covers
-    a number of popular programming languages.</p>
-
-    <p>The following Perl code, for example, will add a user
-    'rbowen', with password 'mypassword', to your password
-    file:</p>
-<pre>
-use DB_File;
-tie %database, 'DB_File', "passwords.dat"
-    or die "Can't initialize database: $!\n";
-
-$username = 'rbowen';
-$password = 'mypassword';
-@chars=(0..9,'a'..'z');
-$salt = $chars[int rand @chars] . $chars[int rand @chars];
-
-$crypt = crypt($password, $salt);
-$database{$username} = $crypt;
-
-untie %database;
-</pre>
-
-    <p>As you can imagine, this makes it very simple to write tools
-    to manage the user and password information stored in these
-    files.</p>
-
-    <p>Passwords are stored in Unix <tt>crypt</tt> format, just as
-    they were in the "regular" password files. The 'salt' that is
-    created in the middle there is part of the process, generating
-    a random starting point for that encryption. The technique
-    being used is called a 'tied hash'. The idea is to tie a
-    built-in data structure to the contents of the file, such that
-    when the data structure is changed, the file is automatically
-    modified at the same time.</p>
-
-    <h3><a name="authdbuserfile"></a>Configuring Apache
-    to use this password file</h3>
-
-    <p>Once you have created the password file, you need to tell
-    Apache about it, and tell Apache to use this file to verify
-    user credentials. This configuration will look almost the same
-    as that for basic authentication. This configuration can go in
-    a <tt>.htaccess</tt> file in the directory to be protected, or
-    can go in the main server configuration, in a
-    <tt>&lt;Directory&gt;</tt> section, or other scope container
-    directive.</p>
-
-    <p>The configuration will look something like the
-    following:</p>
-<pre>
-AuthName "Members Only"
-AuthType Basic
-AuthDBUserFile /usr/local/apache/passwd/passwords.dat
-require user rbowen
-</pre>
-
-    <p>Now, users accessing the directory will be required to
-    authenticate against the list of valid users who are in
-    <tt>/usr/local/apache/passwd/passwords.dat</tt>.</p>
-
-    <h3><a name="authdbgroupfile"></a><br />
-     Optionally, create a group file</h3>
-
-    <p>As mentioned earlier, DB files store a key/value pair. In
-    the case of group files, the key is the name of the user, and
-    the value is a comma-separated list of the groups to which the
-    user belongs.</p>
-
-    <p>While this is the opposite of the way that group files are
-    stored elsewhere, note that we will primarily be looking up
-    records based on the username, so it is more efficient to index
-    the file by username, rather than by the group name.</p>
-
-    <p>Groups can be added to your group file using
-    <tt>dbmmanage</tt> and the <tt>add</tt> command:</p>
-<pre>
-dbmmanage add groupfile rbowen one,two,three
-</pre>
-
-    <p>In the above example, <tt>groupfile</tt> is the literal name
-    of the group file, <tt>rbowen</tt> is the user being added, and
-    <tt>one</tt>, <tt>two</tt>, and <tt>three</tt> are names of
-    three groups to which this user belongs.</p>
-
-    <p>Once you have your groups in the file, you can require a
-    group in the regular way:</p>
-<pre>
-AuthName "Members Only"
-AuthType Basic
-AuthDBUserFile /usr/local/apache/passwd/passwords.dat
-AuthDBGroupFile /usr/local/apache/passwd/groups.dat
-require group three
-</pre>
-
-    <p>Note that if you want to use the same file for both password
-    and group information, you can do so, but this is a little more
-    complicated to manage, as you have to encrypt the password
-    yourself before you feed it to the <tt>dbmmanage</tt>
-    utility.</p>
-
-    <h1><a name="access"></a>Access control</h1>
-
-    <p>Authentication by username and password is only part of the
-    story. Frequently you want to let people in based on something
-    other than who they are. Something such as where they are
-    coming from. Restricting access based on something other than
-    the identity of the user is generally referred to as <i>Access
-    Control</i>.</p>
-
-    <h2><a name="allowdeny"></a>Allow and Deny</h2>
-
-    <p>The <tt>Allow</tt> and <tt>Deny</tt> directives let you
-    allow and deny access based on the host name, or host address,
-    of the machine requesting a document. The directive goes
-    hand-in-hand with these is the <tt>Order</tt> directive, which
-    tells Apache in which order to apply the filters.</p>
-
-    <p>The usage of these directives is:</p>
-<pre>
-allow from address
-</pre>
-
-    <p>where <i>address</i> is an IP address (or a partial IP
-    address) or a fully qualified domain name (or a partial domain
-    name); you may provide multiple addresses or domain names, if
-    desired.</p>
-
-    <p>For example, if you have someone spamming your message
-    board, and you want to keep them out, you could do the
-    following:</p>
-<pre>
-deny from 11.22.33.44
-</pre>
-
-    <p>Visitors coming from that address will not be able to see
-    the content behind this directive. If, instead, you have a
-    machine name, rather than an IP address, you can use that.
-    </p>
-<pre>
-deny from hostname.example.com
-</pre>
-
-    <p>And, if you'd like to block access from an entire domain,
-    or even from an entire tld (top level domain, such as .com or .gov)
-    you can specify just part of an address or domain name:</p>
-<pre>
-deny from 192.101.205
-deny from exampleone.com exampletwo.com
-deny from tld
-</pre>
-
-    <p>Using <tt>Order</tt> will let you be sure that you are
-    actually restricting things to the group that you want to let
-    in, by combining a <tt>deny</tt> and an <tt>allow</tt>
-    directive:</p>
-<pre>
-Order Deny,Allow
-Deny from all
-Allow from hostname.example.com
-</pre>
-
-    <p>Listing just the <tt>allow</tt> directive would not do what
-    you want, because it will let users from that host in, in
-    addition to letting everyone in. What you want is to let in
-    <i>only</i> users from that host.</p>
-
-    <h2><a name="satisfy"></a>Satisfy</h2>
-
-    <p>The <tt>Satisfy</tt> directive can be used to specify that
-    several criteria may be considered when trying to decide if a
-    particular user will be granted admission. <tt>Satisfy</tt> can
-    take as an argument one of two options - <tt>all</tt> or
-    <tt>any</tt>. By default, it is assumed that the value is
-    <tt>all</tt>. This means that if several criteria are
-    specified, then all of them must be met in order for someone to
-    get in. However, if set to <tt>any</tt>, then several criteria
-    may be specified, but if the user satisfies any of these, then
-    they will be granted entrance.</p>
-
-    <p>A very good example of this is using access control to
-    assure that, although a resource is password protected from
-    outside your network, all hosts inside the network will be
-    given free access to the resource. This would be accomplished
-    by using the <tt>Satisfy</tt> directive, as shown below.</p>
-<pre>
-&lt;Directory /usr/local/apache/htdocs/sekrit&gt;
-  AuthType Basic
-  AuthName intranet
-  AuthUserFile /www/passwd/users
-  AuthGroupFile /www/passwd/groups
-  Require group customers
-  Order allow,deny
-  Allow from internal.com
-  Satisfy any
-&lt;/Directory&gt;
-</pre>
-
-    <p>In this scenario, users will be let in if they either have a
-    password, or if they are in the internal network.</p>
-
-    <h1><a name="summary">Summary</a></h1>
-
-    <p>The various authentication modules provide a number of ways
-    to restrict access to your host based on the identity of the
-    user. They offer a somewhat standard interface to this
-    functionality, but provide different back-end mechanisms for
-    actually authenticating the user.</p>
-
-    <p>And the access control mechanism allows you to restrict
-    access based on criteria unrelated to the identity of the
-    user.<br />
-    </p>
-    <hr />
-
-    <h4>Footnotes</h4>
-
-    <dl>
-      <dt><a name="foot1">... value.</a><a
-      href="#foot1_return"><sup>1</sup></a></dt>
-
-      <dd>There are actually a number of implementations that get
-      around this limitation. MLDBM is one of them, for example.
-      However, for the purposes of this discussion, we'll just deal
-      with standard Berkeley DB, which is likely to have shipped
-      with whatever operating system you are already running.</dd>
-
-      <dt><a name="foot2">... file</a><a
-      href="#foot2_return"><sup>2</sup></a></dt>
-
-      <dd>Or, if you are using mod_auth_dbm, a DBM file.</dd>
-    </dl>
-    <hr />
-
-  </body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/howto/cgi.html b/usr.sbin/httpd/htdocs/manual/howto/cgi.html
deleted file mode 100644
index 9efd6e4ce88..00000000000
--- a/usr.sbin/httpd/htdocs/manual/howto/cgi.html
+++ /dev/null
@@ -1,567 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Tutorial: Dynamic Content with CGI</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Dynamic Content with CGI</h1>
-    <a id="__index__" name="__index__"></a> <!-- INDEX BEGIN -->
-     
-
-    <ul>
-      <li><a href="#dynamiccontentwithcgi">Dynamic Content with
-      CGI</a></li>
-
-      <li>
-        <a href="#configuringapachetopermitcgi">Configuring Apache
-        to permit CGI</a> 
-
-        <ul>
-          <li><a href="#scriptalias">ScriptAlias</a></li>
-
-          <li>
-            <a href="#cgioutsideofscriptaliasdirectories">CGI
-            outside of ScriptAlias directories</a> 
-
-            <ul>
-              <li><a
-              href="#explicitlyusingoptionstopermitcgiexecution">Explicitly
-              using Options to permit CGI execution</a></li>
-
-              <li><a href="#htaccessfiles">.htaccess files</a></li>
-            </ul>
-          </li>
-        </ul>
-      </li>
-
-      <li>
-        <a href="#writingacgiprogram">Writing a CGI program</a> 
-
-        <ul>
-          <li><a href="#yourfirstcgiprogram">Your first CGI
-          program</a></li>
-        </ul>
-      </li>
-
-      <li>
-        <a href="#butitsstillnotworking">But it's still not
-        working!</a> 
-
-        <ul>
-          <li><a href="#filepermissions">File permissions</a></li>
-
-          <li><a href="#pathinformation">Path information</a></li>
-
-          <li><a href="#syntaxerrors">Syntax errors</a></li>
-
-          <li><a href="#errorlogs">Error logs</a></li>
-        </ul>
-      </li>
-
-      <li>
-        <a href="#whatsgoingonbehindthescenes">What's going on
-        behind the scenes?</a> 
-
-        <ul>
-          <li><a href="#environmentvariables">Environment
-          variables</a></li>
-
-          <li><a href="#stdinandstdout">STDIN and STDOUT</a></li>
-        </ul>
-      </li>
-
-      <li><a href="#cgimoduleslibraries">CGI
-      modules/libraries</a></li>
-
-      <li><a href="#formoreinformation">For more
-      information</a></li>
-    </ul>
-    <!-- INDEX END -->
-    <hr />
-
-    <h2><a id="dynamiccontentwithcgi"
-    name="dynamiccontentwithcgi">Dynamic Content with CGI</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="../mod/mod_alias.html">mod_alias</a><br />
-         <a href="../mod/mod_cgi.html">mod_cgi</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="../mod/mod_mime.html#addhandler">AddHandler</a><br />
-         <a href="../mod/core.html#options">Options</a><br />
-         <a
-        href="../mod/mod_alias.html#scriptalias">ScriptAlias</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>The CGI (Common Gateway Interface) defines a way for a web
-    server to interact with external content-generating programs,
-    which are often referred to as CGI programs or CGI scripts. It
-    is the simplest, and most common, way to put dynamic content on
-    your web site. This document will be an introduction to setting
-    up CGI on your Apache web server, and getting started writing
-    CGI programs.</p>
-    <hr />
-
-    <h2><a id="configuringapachetopermitcgi"
-    name="configuringapachetopermitcgi">Configuring Apache to
-    permit CGI</a></h2>
-
-    <p>In order to get your CGI programs to work properly, you'll
-    need to have Apache configured to permit CGI execution. There
-    are several ways to do this.</p>
-
-    <h3><a id="scriptalias" name="scriptalias">ScriptAlias</a></h3>
-
-    <p>The <code>ScriptAlias</code> directive tells Apache that a
-    particular directory is set aside for CGI programs. Apache will
-    assume that every file in this directory is a CGI program, and
-    will attempt to execute it, when that particular resource is
-    requested by a client.</p>
-
-    <p>The <code>ScriptAlias</code> directive looks like:</p>
-<pre>
-        ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/
-</pre>
-
-    <p>The example shown is from your default
-    <code>httpd.conf</code> configuration file, if you installed
-    Apache in the default location. The <code>ScriptAlias</code>
-    directive is much like the <code>Alias</code> directive, which
-    defines a URL prefix that is to mapped to a particular
-    directory. <code>Alias</code> and <code>ScriptAlias</code> are
-    usually used for directories that are outside of the
-    <code>DocumentRoot</code> directory. The difference between
-    <code>Alias</code> and <code>ScriptAlias</code> is that
-    <code>ScriptAlias</code> has the added meaning that everything
-    under that URL prefix will be considered a CGI program. So, the
-    example above tells Apache that any request for a resource
-    beginning with <code>/cgi-bin/</code> should be served from the
-    directory <code>/usr/local/apache/cgi-bin/</code>, and should
-    be treated as a CGI program.</p>
-
-    <p>For example, if the URL
-    <code>http://www.example.com/cgi-bin/test.pl</code> is
-    requested, Apache will attempt to execute the file
-    <code>/usr/local/apache/cgi-bin/test.pl</code> and return the
-    output. Of course, the file will have to exist, and be
-    executable, and return output in a particular way, or Apache
-    will return an error message.</p>
-
-    <h3><a id="cgioutsideofscriptaliasdirectories"
-    name="cgioutsideofscriptaliasdirectories">CGI outside of
-    ScriptAlias directories</a></h3>
-
-    <p>CGI programs are often restricted to
-    <code>ScriptAlias</code>'ed directories for security reasons.
-    In this way, administrators can tightly control who is allowed
-    to use CGI programs. However, if the proper security
-    precautions are taken, there is no reason why CGI programs
-    cannot be run from arbitrary directories. For example, you may
-    wish to let users have web content in their home directories
-    with the <code>UserDir</code> directive. If they want to have
-    their own CGI programs, but don't have access to the main
-    <code>cgi-bin</code> directory, they will need to be able to
-    run CGI programs elsewhere.</p>
-
-    <h3><a id="explicitlyusingoptionstopermitcgiexecution"
-    name="explicitlyusingoptionstopermitcgiexecution">Explicitly
-    using Options to permit CGI execution</a></h3>
-
-    <p>You could explicitly use the <code>Options</code> directive,
-    inside your main server configuration file, to specify that CGI
-    execution was permitted in a particular directory:</p>
-<pre>
-        &lt;Directory /usr/local/apache/htdocs/somedir&gt;
-                Options +ExecCGI
-        &lt;/Directory&gt;
-</pre>
-
-    <p>The above directive tells Apache to permit the execution of
-    CGI files. You will also need to tell the server what files are
-    CGI files. The following <code>AddHandler</code> directive
-    tells the server to treat all files with the <code>cgi</code>
-    or <code>pl</code> extension as CGI programs:</p>
-<pre>
-     AddHandler cgi-script cgi pl
-</pre>
-
-    <h3><a id="htaccessfiles" name="htaccessfiles">.htaccess
-    files</a></h3>
-
-    <p>A <code>.htaccess</code> file is a way to set configuration
-    directives on a per-directory basis. When Apache serves a
-    resource, it looks in the directory from which it is serving a
-    file for a file called <code>.htaccess</code>, and, if it finds
-    it, it will apply directives found therein.
-    <code>.htaccess</code> files can be permitted with the
-    <code>AllowOverride</code> directive, which specifies what
-    types of directives can appear in these files, or if they are
-    not allowed at all. To permit the directive we will need for
-    this purpose, the following configuration will be needed in
-    your main server configuration:</p>
-<pre>
-        AllowOverride Options
-</pre>
-
-    <p>In the <code>.htaccess</code> file, you'll need the
-    following directive:</p>
-<pre>
-        Options +ExecCGI
-</pre>
-
-    <p>which tells Apache that execution of CGI programs is
-    permitted in this directory.</p>
-    <hr />
-
-    <h2><a id="writingacgiprogram"
-    name="writingacgiprogram">Writing a CGI program</a></h2>
-
-    <p>There are two main differences between ``regular''
-    programming, and CGI programming.</p>
-
-    <p>First, all output from your CGI program must be preceded by
-    a MIME-type header. This is HTTP header that tells the client
-    what sort of content it is receiving. Most of the time, this
-    will look like:</p>
-<pre>
-        Content-type: text/html
-</pre>
-
-    <p>Secondly, your output needs to be in HTML, or some other
-    format that a browser will be able to display. Most of the
-    time, this will be HTML, but occasionally you might write a CGI
-    program that outputs a gif image, or other non-HTML
-    content.</p>
-
-    <p>Apart from those two things, writing a CGI program will look
-    a lot like any other program that you might write.</p>
-
-    <h3><a id="yourfirstcgiprogram" name="yourfirstcgiprogram">Your
-    first CGI program</a></h3>
-
-    <p>The following is an example CGI program that prints one line
-    to your browser. Type in the following, save it to a file
-    called <code>first.pl</code>, and put it in your
-    <code>cgi-bin</code> directory.</p>
-<pre>
-        #!/usr/bin/perl
-        print "Content-type: text/html\r\n\r\n";
-        print "Hello, World.";
-</pre>
-
-    <p>Even if you are not familiar with Perl, you should be able
-    to see what is happening here. The first line tells Apache (or
-    whatever shell you happen to be running under) that this
-    program can be executed by feeding the file to the interpreter
-    found at the location <code>/usr/bin/perl</code>. The second
-    line prints the content-type declaration we talked about,
-    followed by two carriage-return newline pairs. This puts a
-    blank line after the header, to indicate the end of the HTTP
-    headers, and the beginning of the body. The third line prints
-    the string ``Hello, World.'' And that's the end of it.</p>
-
-    <p>If you open your favorite browser and tell it to get the
-    address</p>
-<pre>
-        http://www.example.com/cgi-bin/first.pl
-</pre>
-
-    <p>or wherever you put your file, you will see the one line
-    <code>Hello, World.</code> appear in your browser window. It's
-    not very exciting, but once you get that working, you'll have a
-    good chance of getting just about anything working.</p>
-    <hr />
-
-    <h2><a id="butitsstillnotworking"
-    name="butitsstillnotworking">But it's still not
-    working!</a></h2>
-
-    <p>There are four basic things that you may see in your browser
-    when you try to access your CGI program from the web:</p>
-
-    <dl>
-      <dt>The output of your CGI program</dt>
-
-      <dd>Great! That means everything worked fine.<br />
-      <br />
-      </dd>
-
-      <dt>The source code of your CGI program or a "POST Method Not
-      Allowed" message</dt>
-
-      <dd>That means that you have not properly configured Apache
-      to process your CGI program. Reread the section on <a
-      href="#configuringapachetopermitcgi">configuring Apache</a>
-      and try to find what you missed.<br />
-      <br />
-      </dd>
-
-      <dt>A message starting with "Forbidden"</dt>
-
-      <dd>That means that there is a permissions problem. Check the
-      <a href="#errorlogs">Apache error log</a> and the section
-      below on <a href="#filepermissions">file
-      permissions</a>.<br />
-      <br />
-      </dd>
-
-      <dt>A message saying "Internal Server Error"</dt>
-
-      <dd>If you check the <a href="#errorlogs">Apache error
-      log</a>, you will probably find that it says "Premature end
-      of script headers", possibly along with an error message
-      generated by your CGI program. In this case, you will want to
-      check each of the below sections to see what might be
-      preventing your CGI program from emitting the proper HTTP
-      headers.</dd>
-    </dl>
-
-    <h3><a id="filepermissions" name="filepermissions">File
-    permissions</a></h3>
-
-    <p>Remember that the server does not run as you. That is, when
-    the server starts up, it is running with the permissions of an
-    unprivileged user - usually ``nobody'', or ``www'' - and so it
-    will need extra permissions to execute files that are owned by
-    you. Usually, the way to give a file sufficient permissions to
-    be executed by ``nobody'' is to give everyone execute
-    permission on the file:</p>
-<pre>
-        chmod a+x first.pl
-</pre>
-
-    <p>Also, if your program reads from, or writes to, any other
-    files, those files will need to have the correct permissions to
-    permit this.</p>
-
-    <p>The exception to this is when the server is configured to
-    use <a href="../suexec.html">suexec</a>. This program allows
-    CGI programs to be run under different user permissions,
-    depending on which virtual host or user home directory they are
-    located in. Suexec has very strict permission checking, and any
-    failure in that checking will result in your CGI programs
-    failing with an "Internal Server Error". In this case, you will
-    need to check the suexec log file to see what specific security
-    check is failing.</p>
-
-    <h3><a id="pathinformation" name="pathinformation">Path
-    information</a></h3>
-
-    <p>When you run a program from your command line, you have
-    certain information that is passed to the shell without you
-    thinking about it. For example, you have a path, which tells
-    the shell where it can look for files that you reference.</p>
-
-    <p>When a program runs through the web server as a CGI program,
-    it does not have that path. Any programs that you invoke in
-    your CGI program (like 'sendmail', for example) will need to be
-    specified by a full path, so that the shell can find them when
-    it attempts to execute your CGI program.</p>
-
-    <p>A common manifestation of this is the path to the script
-    interpreter (often <code>perl</code>) indicated in the first
-    line of your CGI program, which will look something like:</p>
-<pre>
-     #!/usr/bin/perl
-</pre>
-
-    <p>Make sure that this is in fact the path to the
-    interpreter.</p>
-
-    <h3><a id="syntaxerrors" name="syntaxerrors">Syntax
-    errors</a></h3>
-
-    <p>Most of the time when a CGI program fails, it's because of a
-    problem with the program itself. This is particularly true once
-    you get the hang of this CGI stuff, and no longer make the
-    above two mistakes. Always attempt to run your program from the
-    command line before you test if via a browser. This will
-    eliminate most of your problems.</p>
-
-    <h3><a id="errorlogs" name="errorlogs">Error logs</a></h3>
-
-    <p>The error logs are your friend. Anything that goes wrong
-    generates message in the error log. You should always look
-    there first. If the place where you are hosting your web site
-    does not permit you access to the error log, you should
-    probably host your site somewhere else. Learn to read the error
-    logs, and you'll find that almost all of your problems are
-    quickly identified, and quickly solved.</p>
-    <hr />
-
-    <h2><a id="whatsgoingonbehindthescenes"
-    name="whatsgoingonbehindthescenes">What's going on behind the
-    scenes?</a></h2>
-
-    <p>As you become more advanced in CGI programming, it will
-    become useful to understand more about what's happening behind
-    the scenes. Specifically, how the browser and server
-    communicate with one another. Because although it's all very
-    well to write a program that prints ``Hello, World.'', it's not
-    particularly useful.</p>
-
-    <h3><a id="environmentvariables"
-    name="environmentvariables">Environment variables</a></h3>
-
-    <p>Environment variables are values that float around you as
-    you use your computer. They are useful things like your path
-    (where the computer searches for a the actual file implementing
-    a command when you type it), your username, your terminal type,
-    and so on. For a full list of your normal, every day
-    environment variables, type <code>env</code> at a command
-    prompt.</p>
-
-    <p>During the CGI transaction, the server and the browser also
-    set environment variables, so that they can communicate with
-    one another. These are things like the browser type (Netscape,
-    IE, Lynx), the server type (Apache, IIS, WebSite), the name of
-    the CGI program that is being run, and so on.</p>
-
-    <p>These variables are available to the CGI programmer, and are
-    half of the story of the client-server communication. The
-    complete list of required variables is at <a
-    href="http://hoohoo.ncsa.uiuc.edu/cgi/env.html">http://hoohoo.ncsa.uiuc.edu/cgi/env.html</a></p>
-
-    <p>This simple Perl CGI program will display all of the
-    environment variables that are being passed around. Two similar
-    programs are included in the <code>cgi-bin</code> directory of
-    the Apache distribution. Note that some variables are required,
-    while others are optional, so you may see some variables listed
-    that were not in the official list. In addition, Apache
-    provides many different ways for you to <a
-    href="../env.html">add your own environment variables</a> to
-    the basic ones provided by default.</p>
-<pre>
-     #!/usr/bin/perl
-     print "Content-type: text/html\n\n";
-     foreach $key (keys %ENV) {
-          print "$key --&gt; $ENV{$key}&lt;br&gt;";
-     }
-</pre>
-
-    <h3><a id="stdinandstdout" name="stdinandstdout">STDIN and
-    STDOUT</a></h3>
-
-    <p>Other communication between the server and the client
-    happens over standard input (<code>STDIN</code>) and standard
-    output (<code>STDOUT</code>). In normal everyday context,
-    <code>STDIN</code> means the keyboard, or a file that a program
-    is given to act on, and <code>STDOUT</code> usually means the
-    console or screen.</p>
-
-    <p>When you <code>POST</code> a web form to a CGI program, the
-    data in that form is bundled up into a special format and gets
-    delivered to your CGI program over <code>STDIN</code>. The
-    program then can process that data as though it was coming in
-    from the keyboard, or from a file</p>
-
-    <p>The ``special format'' is very simple. A field name and its
-    value are joined together with an equals (=) sign, and pairs of
-    values are joined together with an ampersand (&amp;).
-    Inconvenient characters like spaces, ampersands, and equals
-    signs, are converted into their hex equivalent so that they
-    don't gum up the works. The whole data string might look
-    something like:</p>
-<pre>
-     name=Rich%20Bowen&amp;city=Lexington&amp;state=KY&amp;sidekick=Squirrel%20Monkey
-</pre>
-
-    <p>You'll sometimes also see this type of string appended to
-    the a URL. When that is done, the server puts that string into
-    the environment variable called <code>QUERY_STRING</code>.
-    That's called a <code>GET</code> request. Your HTML form
-    specifies whether a <code>GET</code> or a <code>POST</code> is
-    used to deliver the data, by setting the <code>METHOD</code>
-    attribute in the <code>FORM</code> tag.</p>
-
-    <p>Your program is then responsible for splitting that string
-    up into useful information. Fortunately, there are libraries
-    and modules available to help you process this data, as well as
-    handle other of the aspects of your CGI program.</p>
-    <hr />
-
-    <h2><a id="cgimoduleslibraries" name="cgimoduleslibraries">CGI
-    modules/libraries</a></h2>
-
-    <p>When you write CGI programs, you should consider using a
-    code library, or module, to do most of the grunt work for you.
-    This leads to fewer errors, and faster development.</p>
-
-    <p>If you're writing CGI programs in Perl, modules are
-    available on <a href="http://www.cpan.org/">CPAN</a>. The most
-    popular module for this purpose is CGI.pm. You might also
-    consider CGI::Lite, which implements a minimal set of
-    functionality, which is all you need in most programs.</p>
-
-    <p>If you're writing CGI programs in C, there are a variety of
-    options. One of these is the CGIC library, from <a
-    href="http://www.boutell.com/cgic/">http://www.boutell.com/cgic/</a></p>
-    <hr />
-
-    <h2><a id="formoreinformation" name="formoreinformation">For
-    more information</a></h2>
-
-    <p>There are a large number of CGI resources on the web. You
-    can discuss CGI problems with other users on the Usenet group
-    comp.infosystems.www.authoring.cgi. And the -servers mailing
-    list from the HTML Writers Guild is a great source of answers
-    to your questions. You can find out more at <a
-    href="http://www.hwg.org/lists/hwg-servers/">http://www.hwg.org/lists/hwg-servers/</a></p>
-
-    <p>And, of course, you should probably read the CGI
-    specification, which has all the details on the operation of
-    CGI programs. You can find the original version at the <a
-    href="http://hoohoo.ncsa.uiuc.edu/cgi/interface.html">NCSA</a>
-    and there is an updated draft at the <a
-    href="http://web.golux.com/coar/cgi/">Common Gateway Interface
-    RFC project</a>.</p>
-
-    <p>When you post a question about a CGI problem that you're
-    having, whether to a mailing list, or to a newsgroup, make sure
-    you provide enough information about what happened, what you
-    expected to happen, and how what actually happened was
-    different, what server you're running, what language your CGI
-    program was in, and, if possible, the offending code. This will
-    make finding your problem much simpler.</p>
-
-    <p>Note that questions about CGI problems should
-    <strong>never</strong> be posted to the Apache bug database
-    unless you are sure you have found a problem in the Apache
-    source code.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/howto/htaccess.html b/usr.sbin/httpd/htdocs/manual/howto/htaccess.html
deleted file mode 100644
index 9f5312f5e56..00000000000
--- a/usr.sbin/httpd/htdocs/manual/howto/htaccess.html
+++ /dev/null
@@ -1,422 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Tutorial: .htaccess files</title>
-  </head>
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080"
-  alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-
-    <h1 align="CENTER"><code>.htaccess</code> files</h1>
-    <!-- INDEX BEGIN -->
-
-    <ul>
-      <li><a href="#what">What they are/How to use them</a></li>
-
-      <li><a href="#when">When (not) to use <code
-      class="file">.htaccess</code></a> files</li>
-
-      <li><a href="#how">How directives are applied</a></li>
-
-      <li><a href="#auth">Authentication example</a></li>
-
-      <li><a href="#ssi">Server side includes example</a></li>
-
-      <li><a href="#cgi">CGI example</a></li>
-
-      <li><a href="#troubleshoot">Troubleshooting</a></li>
-    </ul>
-    <!-- Index End -->
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <code><a href="../mod/core.html">core</a></code><br />
-         <code><a href="../mod/mod_auth.html">mod_auth</a></code><br />
-         <code><a href="../mod/mod_cgi.html">mod_cgi</a></code><br />
-         <code><a href="../mod/mod_include.html">mod_include</a><br />
-        </code> <a href="../mod/mod_mime.html">mod_mine</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <code><a
-        href="../mod/core.html#accessfilename">AccessFileName</a></code><br />
-         <code><a
-        href="../mod/core.html#allowoverride">AllowOverride</a></code><br />
-         <code><a href="../mod/core.html#options">Options</a></code><br />
-         <code><a
-        href="../mod/mod_mime.html#addhandler">AddHandler</a></code><br />
-         <code><a
-        href="../mod/mod_mime.html#sethandler">SetHandler</a></code><br />
-         <code><a
-        href="../mod/core.html#authtype">AuthType</a></code><br />
-         <code><a
-        href="../mod/core.html#authname">AuthName</a></code><br />
-         <code><a
-        href="../mod/mod_auth.html#authuserfile">AuthUserFile</a></code><br />
-         <code><a
-        href="../mod/mod_auth.html#authuserfile">AuthGroupFile</a></code><br />
-         <code><a href="../mod/core.html#require">Require</a></code><br />
-         </td>
-      </tr>
-    </table>
-    <hr />
-
-    <h2><a id="what" name="what">What they are/How to use them</a></h2>
-
-    <p><code>.htaccess</code> files (or "distributed configuration files")
-    provide a way to make configuration changes on a per-directory basis. A
-    file, containing one or more configuration directives, is placed in a
-    particular document directory, and the directives apply to that
-    directory, and all subdirectories thereof.</p>
-
-    <p>Note: If you want to call your <code>.htaccess</code> file something
-    else, you can change the name of the file using the <code><a
-    href="../mod/core.html#accessfilename">AccessFileName</a></code>
-    directive. For example, if you would rather call the file
-    <code>.config</code> then you can put the following in your server
-    configuration file:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>AccessFileName .config</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>What you can put in these files is determined by the <code><a
-    href="../mod/core.html#allowoverride">AllowOverride</a></code>
-    directive. This directive specifies, in categories, what directives
-    will be honored if they are found in a <code>.htaccess</code> file. If
-    a directive is permitted in a <code>.htaccess</code> file, the
-    documentation for that directive will contain an Override section,
-    specifying what value must be in <code>AllowOverride</code> in order
-    for that directive to be permitted.</p>
-
-    <p>For example, if you look at the documentation for the <a
-    href="../mod/core.html#adddefaultcharset">AddDefaultCharset</a>
-    directive, you will find that it is permitted in <code>.htaccess</code>
-    files. (See the Context line in the directive summary.) The <a
-    href="../mod/directive-dict.html#Context">Override</a> line reads
-    "<code>FileInfo</code>". Thus, you must have at least
-    "<code>AllowOverride FileInfo</code>" in order for this directive to be
-    honored in <code>.htaccess</code> files.</p>
-
-    <p>Example:</p>
-
-    <blockquote>
-      <table>
-        <tr>
-          <td><a
-          href="../mod/directive-dict.html#Context">Context:</a></td>
-
-          <td>server config, virtual host, directory, .htaccess</td>
-        </tr>
-
-        <tr>
-          <td><a
-          href="../mod/directive-dict.html#Override">Override:</a></td>
-
-          <td>FileInfo</td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>If you are unsure whether a particular directive is permitted in a
-    <code>.htaccess</code> file, look at the documentation for that
-    directive, and check the Context line for ".htaccess."</p>
-
-    <h2><a id="when" name="when">When (not) to use .htaccess files</a></h2>
-
-    <p>In general, you should never use <code>.htaccess</code> files unless
-    you don't have access to the main server configuration file. There is,
-    for example, a prevailing misconception that user authentication should
-    always be done in <code>.htaccess</code> files. This is simply not the
-    case. You can put user authentication configurations in the main server
-    configuration, and this is, in fact, the preferred way to do
-    things.</p>
-
-    <p><code>.htaccess</code> files should be used in a case where the
-    content providers need to make configuration changes to the server on a
-    per-directory basis, but do not have root access on the server system.
-    In the event that the server administrator is not willing to make
-    frequent configuration changes, it might be desirable to permit
-    individual users to make these changes in <code>.htaccess</code> files
-    for themselves. This is particularly true, for example, in cases where
-    ISPs are hosting multiple user sites on a single machine, and want
-    their users to be able to alter their configuration.</p>
-
-    <p>However, in general, use of <code>.htaccess</code> files should be
-    avoided when possible. Any configuration that you would consider
-    putting in a <code>.htaccess</code> file, can just as effectively be
-    made in a <a href="../mod/core.html#directory">&lt;Directory&gt;</a>
-    section in your main server configuration file.</p>
-
-    <p>There are two main reasons to avoid the use of
-    <code>.htaccess</code> files.</p>
-
-    <p>The first of these is performance. When <code>AllowOverride</code>
-    is set to allow the use of <code>.htaccess</code> files, Apache will
-    look in every directory for <code>.htaccess</code> files. Thus,
-    permitting <code>.htaccess</code> files causes a performance hit,
-    whether or not you actually even use them! Also, the
-    <code>.htaccess</code> file is loaded every time a document is
-    requested.</p>
-
-    <p>Further note that Apache must look for <code>.htaccess</code> files
-    in all higher-level directories, in order to have a full complement of
-    directives that it must apply. (See section on <a href="#how">how
-    directives are applied</a>.) Thus, if a file is requested out of a
-    directory <code>/www/htdocs/example</code>, Apache must look for the
-    following files:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>/.htaccess<br />
-           /www/.htaccess<br />
-           /www/htdocs/.htaccess<br />
-           /www/htdocs/example/.htaccess</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>And so, for each file access out of that directory, there are 4
-    additional file-system accesses, even if none of those files are
-    present. (Note that this would only be the case if .htaccess files were
-    enabled for /, which is not usually the case.)</p>
-
-    <p>The second consideration is one of security. You are permitting
-    users to modify server configuration, which may result in changes over
-    which you have no control. Carefully consider whether you want to give
-    your users this privilege.</p>
-
-    <p>Note that it is completely equivalent to put a .htaccess file in a
-    directory <code>/www/htdocs/example</code> containing a directive, and
-    to put that same directive in a Directory section <code>&lt;Directory
-    /www/htdocs/example&gt;</code> in your main server configuration:</p>
-
-    <p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>AddType text/example .exm</code>
-          </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p><code>httpd.conf</code></p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>&lt;Directory
-          /www/htdocs/example&gt;<br />
-           AddType text/example .exm<br />
-           &lt;/Directory&gt;</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>However, putting this configuration in your server configuration
-    file will result in less of a performance hit, as the configuration is
-    loaded once when Apache starts, rather than every time a file is
-    requested.</p>
-
-    <p>The use of <code>.htaccess</code> files can be disabled completely
-    by setting the <code>AllowOverride</code> directive to "none"</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>AllowOverride None</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <h2><a id="how" name="how">How directives are applied</a></h2>
-
-    <p>The configuration directives found in a <code>.htaccess</code> file
-    are applied to the directory in which the <code>.htaccess</code> file
-    is found, and to all subdirectories thereof. However, it is important
-    to also remember that there may have been <code>.htaccess</code> files
-    in directories higher up. Directives are applied in the order that they
-    are found. Therefore, a <code>.htaccess</code> file in a particular
-    directory may override directives found in <code>.htaccess</code> files
-    found higher up in the directory tree. And those, in turn, may have
-    overridden directives found yet higher up, or in the main server
-    configuration file itself.</p>
-
-    <p>Example:</p>
-
-    <p>In the directory <code>/www/htdocs/example1</code> we have a
-    <code>.htaccess</code> file containing the following:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>Options +ExecCGI</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>(Note: you must have "<code>AllowOverride Options</code>" in effect
-    to permit the use of the "<code><a
-    href="../mod/core.html#options">Options</a></code>" directive in
-    <code>.htaccess</code> files.)</p>
-
-    <p>In the directory <code>/www/htdocs/example1/example2</code> we have
-    a <code>.htaccess</code> file containing:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>Options Includes</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>Because of this second <code>.htaccess</code> file, in the directory
-    <code>/www/htdocs/example1/example2</code>, CGI execution is not
-    permitted, as only <code>Options Includes</code> is in effect, which
-    completely overrides any earlier setting that may have been in
-    place.</p>
-
-    <h2><a id="auth" name="auth">Authentication example</a></h2>
-
-    <p>If you jumped directly to this part of the document to find out how
-    to do authentication, it is important to note one thing. There is a
-    common misconception that you are required to use
-    <code>.htaccess</code> files in order to implement password
-    authentication. This is not the case. Putting authentication directives
-    in a <code>&lt;Directory&gt;</code> section, in your main server
-    configuration file, is the preferred way to implement this, and
-    <code>.htaccess</code> files should be used only if you don't have
-    access to the main server configuration file. See above for a
-    discussion of when you should and should not use <code>.htaccess</code>
-    files.</p>
-
-    <p>Having said that, if you still think you need to use a
-    <code>.htaccess</code> file, you may find that a configuration such as
-    what follows may work for you.</p>
-
-    <p>You must have "<code>AllowOverride AuthConfig</code>" in effect for
-    these directives to be honored.</p>
-
-    <p><code>.htaccess</code> file contents:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>AuthType Basic<br />
-           AuthName "Password Required"<br />
-           AuthUserFile /www/passwords/password.file<br />
-           AuthGroupFile /www/passwords/group.file<br />
-           Require Group admins</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>Note that <code>AllowOverride AuthConfig</code> must be in effect
-    for these directives to have any effect.</p>
-
-    <p>Please see the <a href="auth.html">authentication tutorial</a> for a
-    more complete discussion of authentication and authorization.</p>
-
-    <h2><a id="ssi" name="ssi">Server side includes example</a></h2>
-
-    <p>Another common use of <code>.htaccess</code> files is to enable
-    Server Side Includes for a particular directory. This may be done with
-    the following configuration directives, placed in a
-    <code>.htaccess</code> file in the desired directory:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>Options +Includes<br />
-           AddType text/html shtml<br />
-           AddHandler server-parsed shtml</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>Note that <code>AllowOverride Options</code> and <code>AllowOverride
-    FileInfo</code> must both be in effect for these directives to have any
-    effect.</p>
-
-    <p>Please see the <a href="ssi.html">SSI tutorial</a> for a more
-    complete discussion of server-side includes.</p>
-
-    <h2><a id="cgi" name="cgi">CGI example</a></h2>
-
-    <p>Finally, you may wish to use a <code>.htaccess</code> file to permit
-    the execution of CGI programs in a particular directory. This may be
-    implemented with the following configuration:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>Options +ExecCGI<br />
-           AddHandler cgi-script cgi pl</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>Alternately, if you wish to have all files in the given directory be
-    considered to be CGI programs, this may be done with the following
-    configuration:</p>
-
-    <blockquote>
-      <table cellpadding="10">
-        <tr>
-          <td bgcolor="#eeeeee"><code>Options +ExecCGI<br />
-           SetHandler cgi-script</code> </td>
-        </tr>
-      </table>
-    </blockquote>
-
-    <p>Note that <code>AllowOverride Options</code> must be in effect for
-    these directives to have any effect.</p>
-
-    <p>Please see the <a href="cgi.html">CGI tutorial</a> for a more
-    complete discussion of CGI programming and configuration.</p>
-
-    <h2><a id="troubleshoot" name="troubleshoot">Troubleshooting</a></h2>
-
-    <p>When you put configuration directives in a <code>.htaccess</code>
-    file, and you don't get the desired effect, there are a number of
-    things that may be going wrong.</p>
-
-    <p>Most commonly, the problem is that <code><a
-    href="../mod/core.html#allowoverride">AllowOverride</a></code> is not
-    set such that your configuration directives are being honored. Make
-    sure that you don't have a <code>AllowOverride None</code> in effect
-    for the file scope in question. A good test for this is to put garbage
-    in your <code>.htaccess</code> file and reload. If a server error is
-    not generated, then you almost certainly have <code>AllowOverride
-    None</code> in effect.</p>
-
-    <p>If, on the other hand, you are getting server errors when trying to
-    access documents, check your Apache error log. It will likely tell you
-    that the directive used in your .htaccess file is not permitted.
-    Alternately, it may tell you that you had a syntax error, which you
-    will then need to fix.</p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/howto/ssi.html b/usr.sbin/httpd/htdocs/manual/howto/ssi.html
deleted file mode 100644
index 2da0dab0dfe..00000000000
--- a/usr.sbin/httpd/htdocs/manual/howto/ssi.html
+++ /dev/null
@@ -1,558 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Tutorial: Introduction to Server Side
-    Includes</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Apache Tutorial: Introduction to Server Side
-    Includes</h1>
-    <a id="__index__" name="__index__"></a> <!-- INDEX BEGIN -->
-     
-
-    <ul>
-      <li><a
-      href="#apachetutorial:introductiontoserversideincludes">Apache
-      Tutorial: Introduction to Server Side Includes</a></li>
-
-      <li><a href="#whataressi">What are SSI?</a></li>
-
-      <li><a href="#configuringyourservertopermitssi">Configuring
-      your server to permit SSI</a></li>
-
-      <li>
-        <a href="#basicssidirectives">Basic SSI directives</a> 
-
-        <ul>
-          <li><a href="#today'sdate">Today's date</a></li>
-
-          <li><a href="#modificationdateofthefile">Modification
-          date of the file</a></li>
-
-          <li><a href="#includingtheresultsofacgiprogram">Including
-          the results of a CGI program</a></li>
-        </ul>
-      </li>
-
-      <li>
-        <a href="#additionalexamples">Additional examples</a> 
-
-        <ul>
-          <li><a href="#whenwasthisdocumentmodified">When was this
-          document modified?</a></li>
-
-          <li><a href="#includingastandardfooter">Including a
-          standard footer</a></li>
-
-          <li><a href="#whatelsecaniconfig">What else can I
-          config?</a></li>
-
-          <li><a href="#executingcommands">Executing
-          commands</a></li>
-        </ul>
-      </li>
-
-      <li>
-        <a href="#advancedssitechniques">Advanced SSI
-        techniques</a> 
-
-        <ul>
-          <li><a href="#settingvariables">Setting
-          variables</a></li>
-
-          <li><a href="#conditionalexpressions">Conditional
-          expressions</a></li>
-        </ul>
-      </li>
-
-      <li><a href="#conclusion">Conclusion</a></li>
-    </ul>
-    <!-- INDEX END -->
-    <hr />
-
-    <h2><a id="apachetutorial:introductiontoserversideincludes"
-    name="apachetutorial:introductiontoserversideincludes">Apache
-    Tutorial: Introduction to Server Side Includes</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="../mod/mod_include.html">mod_include</a><br />
-         <a href="../mod/mod_cgi.html">mod_cgi</a><br />
-         <a href="../mod/mod_expires.html">mod_expires</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="../mod/core.html#options">Options</a><br />
-         <a
-        href="../mod/mod_include.html#xbithack">XBitHack</a><br />
-         <a href="../mod/mod_mime.html#addtype">AddType</a><br />
-         <a
-        href="../mod/mod_mime.html#addhandler">AddHandler</a><br />
-         <a
-        href="../mod/mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>This article deals with Server Side Includes, usually called
-    simply SSI. In this article, I'll talk about configuring your
-    server to permit SSI, and introduce some basic SSI techniques
-    for adding dynamic content to your existing HTML pages.</p>
-
-    <p>In the latter part of the article, we'll talk about some of
-    the somewhat more advanced things that can be done with SSI,
-    such as conditional statements in your SSI directives.</p>
-    <hr />
-
-    <h2><a id="whataressi" name="whataressi">What are SSI?</a></h2>
-
-    <p>SSI (Server Side Includes) are directives that are placed in
-    HTML pages, and evaluated on the server while the pages are
-    being served. They let you add dynamically generated content to
-    an existing HTML page, without having to serve the entire page
-    via a CGI program, or other dynamic technology.</p>
-
-    <p>The decision of when to use SSI, and when to have your page
-    entirely generated by some program, is usually a matter of how
-    much of the page is static, and how much needs to be
-    recalculated every time the page is served. SSI is a great way
-    to add small pieces of information, such as the current time.
-    But if a majority of your page is being generated at the time
-    that it is served, you need to look for some other
-    solution.</p>
-    <hr />
-
-    <h2><a id="configuringyourservertopermitssi"
-    name="configuringyourservertopermitssi">Configuring your server
-    to permit SSI</a></h2>
-
-    <p>To permit SSI on your server, you must have <a
-    href="../mod/mod_include.html">mod_include</a> installed and
-    enabled. Additionally, you must have the following
-    directive either in your <code>httpd.conf</code> file, or in a
-    <code>.htaccess</code> file:</p>
-<pre>
-        Options +Includes
-</pre>
-
-    <p>This tells Apache that you want to permit files to be parsed
-    for SSI directives.  Note that most configurations contain 
-    multiple <a href="../mod/core.html#options">Options</a> directives
-    that can override each other.  You will probably need to apply the
-    <code>Options</code> to the specific directory where you want SSI
-    enabled in order to assure that it gets evaluated last.</p>
-
-    <p>Not just any file is parsed for SSI directives. You have to
-    tell Apache which files should be parsed. There are two ways to
-    do this. You can tell Apache to parse any file with a
-    particular file extension, such as <code>.shtml</code>, with
-    the following directives:</p>
-<pre>
-        AddType text/html .shtml
-        AddHandler server-parsed .shtml
-</pre>
-
-    <p>One disadvantage to this approach is that if you wanted to
-    add SSI directives to an existing page, you would have to
-    change the name of that page, and all links to that page, in
-    order to give it a <code>.shtml</code> extension, so that those
-    directives would be executed.</p>
-
-    <p>The other method is to use the <code>XBitHack</code>
-    directive:</p>
-<pre>
-        XBitHack on
-</pre>
-
-    <p><code>XBitHack</code> tells Apache to parse files for SSI
-    directives if they have the execute bit set. So, to add SSI
-    directives to an existing page, rather than having to change
-    the file name, you would just need to make the file executable
-    using <code>chmod</code>.</p>
-<pre>
-        chmod +x pagename.html
-</pre>
-
-    <p>A brief comment about what not to do. You'll occasionally
-    see people recommending that you just tell Apache to parse all
-    <code>.html</code> files for SSI, so that you don't have to
-    mess with <code>.shtml</code> file names. These folks have
-    perhaps not heard about <code>XBitHack</code>. The thing to
-    keep in mind is that, by doing this, you're requiring that
-    Apache read through every single file that it sends out to
-    clients, even if they don't contain any SSI directives. This
-    can slow things down quite a bit, and is not a good idea.</p>
-
-    <p>Of course, on Windows, there is no such thing as an execute
-    bit to set, so that limits your options a little.</p>
-
-    <p>In its default configuration, Apache does not send the last
-    modified date or content length HTTP headers on SSI pages,
-    because these values are difficult to calculate for dynamic
-    content. This can prevent your document from being cached, and
-    result in slower perceived client performance. There are two
-    ways to solve this:</p>
-
-    <ol>
-      <li>Use the <code>XBitHack Full</code> configuration. This
-      tells Apache to determine the last modified date by looking
-      only at the date of the originally requested file, ignoring
-      the modification date of any included files.</li>
-
-      <li>Use the directives provided by <a
-      href="../mod/mod_expires.html">mod_expires</a> to set an
-      explicit expiration time on your files, thereby letting
-      browsers and proxies know that it is acceptable to cache
-      them.</li>
-    </ol>
-    <hr />
-
-    <h2><a id="basicssidirectives" name="basicssidirectives">Basic
-    SSI directives</a></h2>
-
-    <p>SSI directives have the following syntax:</p>
-<pre>
-        &lt;!--#element attribute=value attribute=value ... --&gt;
-</pre>
-
-    <p>It is formatted like an HTML comment, so if you don't have
-    SSI correctly enabled, the browser will ignore it, but it will
-    still be visible in the HTML source. If you have SSI correctly
-    configured, the directive will be replaced with its
-    results.</p>
-
-    <p>The element can be one of a number of things, and we'll talk
-    some more about most of these in the next installment of this
-    series. For now, here are some examples of what you can do with
-    SSI</p>
-
-    <h3><a id="today'sdate" name="today'sdate">Today's
-    date</a></h3>
-<pre>
-        &lt;!--#echo var="DATE_LOCAL" --&gt;
-</pre>
-
-    <p>The <code>echo</code> element just spits out the value of a
-    variable. There are a number of standard variables, which
-    include the whole set of environment variables that are
-    available to CGI programs. Also, you can define your own
-    variables with the <code>set</code> element.</p>
-
-    <p>If you don't like the format in which the date gets printed,
-    you can use the <code>config</code> element, with a
-    <code>timefmt</code> attribute, to modify that formatting.</p>
-<pre>
-        &lt;!--#config timefmt="%A %B %d, %Y" --&gt;
-        Today is &lt;!--#echo var="DATE_LOCAL" --&gt;
-</pre>
-
-    <h3><a id="modificationdateofthefile"
-    name="modificationdateofthefile">Modification date of the
-    file</a></h3>
-<pre>
-        This document last modified &lt;!--#flastmod file="index.html" --&gt;
-</pre>
-
-    <p>This element is also subject to <code>timefmt</code> format
-    configurations.</p>
-
-    <h3><a id="includingtheresultsofacgiprogram"
-    name="includingtheresultsofacgiprogram">Including the results
-    of a CGI program</a></h3>
-
-    <p>This is one of the more common uses of SSI - to output the
-    results of a CGI program, such as everybody's favorite, a ``hit
-    counter.''</p>
-<pre>
-        &lt;!--#include virtual="/cgi-bin/counter.pl" --&gt;
-</pre>
-    <hr />
-
-    <h2><a id="additionalexamples"
-    name="additionalexamples">Additional examples</a></h2>
-
-    <p>Following are some specific examples of things you can do in
-    your HTML documents with SSI.</p>
-    <hr />
-
-    <h2><a id="whenwasthisdocumentmodified"
-    name="whenwasthisdocumentmodified">When was this document
-    modified?</a></h2>
-
-    <p>Earlier, we mentioned that you could use SSI to inform the
-    user when the document was most recently modified. However, the
-    actual method for doing that was left somewhat in question. The
-    following code, placed in your HTML document, will put such a
-    time stamp on your page. Of course, you will have to have SSI
-    correctly enabled, as discussed above.</p>
-<pre>
-        &lt;!--#config timefmt="%A %B %d, %Y" --&gt;
-        This file last modified &lt;!--#flastmod file="ssi.shtml" --&gt;
-</pre>
-
-    <p>Of course, you will need to replace the
-    <code>ssi.shtml</code> with the actual name of the file that
-    you're referring to. This can be inconvenient if you're just
-    looking for a generic piece of code that you can paste into any
-    file, so you probably want to use the
-    <code>LAST_MODIFIED</code> variable instead:</p>
-<pre>
-        &lt;!--#config timefmt="%D" --&gt;
-        This file last modified &lt;!--#echo var="LAST_MODIFIED" --&gt;
-</pre>
-
-    <p>For more details on the <code>timefmt</code> format, go to
-    your favorite search site and look for <code>strftime()</code>. The
-    syntax is the same.</p>
-    <hr />
-
-    <h2><a id="includingastandardfooter"
-    name="includingastandardfooter">Including a standard
-    footer</a></h2>
-
-    <p>If you are managing any site that is more than a few pages,
-    you may find that making changes to all those pages can be a
-    real pain, particularly if you are trying to maintain some kind
-    of standard look across all those pages.</p>
-
-    <p>Using an include file for a header and/or a footer can
-    reduce the burden of these updates. You just have to make one
-    footer file, and then include it into each page with the
-    <code>include</code> SSI command. The <code>include</code>
-    element can determine what file to include with either the
-    <code>file</code> attribute, or the <code>virtual</code>
-    attribute. The <code>file</code> attribute is a file path,
-    <em>relative to the current directory</em>. That means that it
-    cannot be an absolute file path (starting with /), nor can it
-    contain ../ as part of that path. The <code>virtual</code>
-    attribute is probably more useful, and should specify a URL
-    relative to the document being served. It can start with a /,
-    but must be on the same server as the file being served.</p>
-<pre>
-        &lt;!--#include virtual="/footer.html" --&gt;
-</pre>
-
-    <p>I'll frequently combine the last two things, putting a
-    <code>LAST_MODIFIED</code> directive inside a footer file to be
-    included. SSI directives can be contained in the included file,
-    and includes can be nested - that is, the included file can
-    include another file, and so on.</p>
-    <hr />
-
-    <h2><a id="whatelsecaniconfig" name="whatelsecaniconfig">What
-    else can I config?</a></h2>
-
-    <p>In addition to being able to <code>config</code> the time
-    format, you can also <code>config</code> two other things.</p>
-
-    <p>Usually, when something goes wrong with your SSI directive,
-    you get the message</p>
-<pre>
-        [an error occurred while processing this directive]
-</pre>
-
-    <p>If you want to change that message to something else, you
-    can do so with the <code>errmsg</code> attribute to the
-    <code>config</code> element:</p>
-<pre>
-        &lt;!--#config errmsg="[It appears that you don't know how to use SSI]" --&gt;
-</pre>
-
-    <p>Hopefully, end users will never see this message, because
-    you will have resolved all the problems with your SSI
-    directives before your site goes live. (Right?)</p>
-
-    <p>And you can <code>config</code> the format in which file
-    sizes are returned with the <code>sizefmt</code> attribute. You
-    can specify <code>bytes</code> for a full count in bytes, or
-    <code>abbrev</code> for an abbreviated number in Kb or Mb, as
-    appropriate.</p>
-    <hr />
-
-    <h2><a id="executingcommands"
-    name="executingcommands">Executing commands</a></h2>
-
-    <p>I expect that I'll have an article some time in the coming
-    months about using SSI with small CGI programs. For now, here's
-    something else that you can do with the <code>exec</code>
-    element. You can actually have SSI execute a command using the
-    shell (<code>/bin/sh</code>, to be precise - or the DOS shell,
-    if you're on Win32). The following, for example, will give you
-    a directory listing.</p>
-<pre>
-        &lt;pre&gt;
-        &lt;!--#exec cmd="ls" --&gt;
-        &lt;/pre&gt;
-</pre>
-
-    <p>or, on Windows</p>
-<pre>
-        &lt;pre&gt;
-        &lt;!--#exec cmd="dir" --&gt;
-        &lt;/pre&gt;
-</pre>
-
-    <p>You might notice some strange formatting with this directive
-    on Windows, because the output from <code>dir</code> contains
-    the string ``&lt;<code>dir</code>&gt;'' in it, which confuses
-    browsers.</p>
-
-    <p>Note that this feature is exceedingly dangerous, as it will
-    execute whatever code happens to be embedded in the
-    <code>exec</code> tag. If you have any situation where users
-    can edit content on your web pages, such as with a
-    ``guestbook'', for example, make sure that you have this
-    feature disabled. You can allow SSI, but not the
-    <code>exec</code> feature, with the <code>IncludesNOEXEC</code>
-    argument to the <code>Options</code> directive.</p>
-    <hr />
-
-    <h2><a id="advancedssitechniques"
-    name="advancedssitechniques">Advanced SSI techniques</a></h2>
-
-    <p>In addition to spitting out content, Apache SSI gives you
-    the option of setting variables, and using those variables in
-    comparisons and conditionals.</p>
-
-    <h3><a id="caveat" name="caveat">Caveat</a></h3>
-
-    <p>Most of the features discussed in this article are only
-    available to you if you are running Apache 1.2 or later. Of
-    course, if you are not running Apache 1.2 or later, you need to
-    upgrade immediately, if not sooner. Go on. Do it now. We'll
-    wait.</p>
-    <hr />
-
-    <h2><a id="settingvariables" name="settingvariables">Setting
-    variables</a></h2>
-
-    <p>Using the <code>set</code> directive, you can set variables
-    for later use. We'll need this later in the discussion, so
-    we'll talk about it here. The syntax of this is as follows:</p>
-<pre>
-        &lt;!--#set var="name" value="Rich" --&gt;
-</pre>
-
-    <p>In addition to merely setting values literally like that,
-    you can use any other variable, including, for example,
-    environment variables, or some of the variables we discussed in
-    the last article (like <code>LAST_MODIFIED</code>, for example)
-    to give values to your variables. You will specify that
-    something is a variable, rather than a literal string, by using
-    the dollar sign ($) before the name of the variable.</p>
-<pre>
-        &lt;!--#set var="modified" value="$LAST_MODIFIED" --&gt;
-</pre>
-
-    <p>To put a literal dollar sign into the value of your
-    variable, you need to escape the dollar sign with a
-    backslash.</p>
-<pre>
-        &lt;!--#set var="cost" value="\$100" --&gt;
-</pre>
-
-    <p>Finally, if you want to put a variable in the midst of a
-    longer string, and there's a chance that the name of the
-    variable will run up against some other characters, and thus be
-    confused with those characters, you can place the name of the
-    variable in braces, to remove this confusion. (It's hard to
-    come up with a really good example of this, but hopefully
-    you'll get the point.)</p>
-<pre>
-        &lt;!--#set var="date" value="${DATE_LOCAL}_${DATE_GMT}" --&gt;
-</pre>
-    <hr />
-
-    <h2><a id="conditionalexpressions"
-    name="conditionalexpressions">Conditional expressions</a></h2>
-
-    <p>Now that we have variables, and are able to set and compare
-    their values, we can use them to express conditionals. This
-    lets SSI be a tiny programming language of sorts.
-    <code>mod_include</code> provides an <code>if</code>,
-    <code>elif</code>, <code>else</code>, <code>endif</code>
-    structure for building conditional statements. This allows you
-    to effectively generate multiple logical pages out of one
-    actual page.</p>
-
-    <p>The structure of this conditional construct is:</p>
-<pre>
-        &lt;!--#if expr="test_condition" --&gt;
-    &lt;!--#elif expr="test_condition" --&gt;
-    &lt;!--#else --&gt;
-    &lt;!--#endif --&gt;
-</pre>
-
-    <p>A <em>test_condition</em> can be any sort of logical
-    comparison - either comparing values to one another, or testing
-    the ``truth'' of a particular value. (A given string is true if
-    it is nonempty.) For a full list of the comparison operators
-    available to you, see the <code>mod_include</code>
-    documentation. Here are some examples of how one might use this
-    construct.</p>
-
-    <p>In your configuration file, you could put the following
-    line:</p>
-<pre>
-        BrowserMatchNoCase macintosh Mac
-        BrowserMatchNoCase MSIE InternetExplorer
-</pre>
-
-    <p>This will set environment variables ``Mac'' and
-    ``InternetExplorer'' to true, if the client is running Internet
-    Explorer on a Macintosh.</p>
-
-    <p>Then, in your SSI-enabled document, you might do the
-    following:</p>
-<pre>
-        &lt;!--#if expr="${Mac} &amp;&amp; ${InternetExplorer}" --&gt;
-        Apologetic text goes here
-        &lt;!--#else --&gt;
-        Cool JavaScript code goes here
-        &lt;!--#endif --&gt;
-</pre>
-
-    <p>Not that I have anything against IE on Macs - I just
-    struggled for a few hours last week trying to get some
-    JavaScript working on IE on a Mac, when it was working
-    everywhere else. The above was the interim workaround.</p>
-
-    <p>Any other variable (either ones that you define, or normal
-    environment variables) can be used in conditional statements.
-    With Apache's ability to set environment variables with the
-    <code>SetEnvIf</code> directives, and other related directives,
-    this functionality can let you do some pretty involved dynamic
-    stuff without ever resorting to CGI.</p>
-    <hr />
-
-    <h2><a id="conclusion" name="conclusion">Conclusion</a></h2>
-
-    <p>SSI is certainly not a replacement for CGI, or other
-    technologies used for generating dynamic web pages. But it is a
-    great way to add small amounts of dynamic content to pages,
-    without doing a lot of extra work.</p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/images/apache_header.gif b/usr.sbin/httpd/htdocs/manual/images/apache_header.gif
deleted file mode 100644
index 260e421bf4a..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/apache_header.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/apache_pb.gif b/usr.sbin/httpd/htdocs/manual/images/apache_pb.gif
deleted file mode 100644
index 6fd80e2db86..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/apache_pb.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/custom_errordocs.gif b/usr.sbin/httpd/htdocs/manual/images/custom_errordocs.gif
deleted file mode 100644
index d566c5d891e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/custom_errordocs.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/feather.jpg b/usr.sbin/httpd/htdocs/manual/images/feather.jpg
deleted file mode 100644
index 68cdaf8b58b..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/feather.jpg
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/home.gif b/usr.sbin/httpd/htdocs/manual/images/home.gif
deleted file mode 100644
index 11299c1cb7e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/home.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/index.gif b/usr.sbin/httpd/htdocs/manual/images/index.gif
deleted file mode 100644
index 741c8939d77..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/index.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.fig b/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.fig
deleted file mode 100644
index 7c80fea3f1d..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.fig
+++ /dev/null
@@ -1,60 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Inches
-Letter  
-100.00
-Single
--2
-1200 2
-0 32 #efefef
-0 33 #cfcfef
-0 34 #bebebe
-2 1 0 4 4 7 0 0 -1 0.000 0 0 -1 1 0 6
-	1 1 2.00 120.00 240.00
-	 6675 5250 6900 5250 6900 4650 4950 4650 4950 4050 5475 4050
-2 1 0 4 4 7 0 0 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 6900 4050 7650 4050
-2 1 0 4 4 7 0 0 -1 0.000 0 0 -1 1 0 6
-	1 1 2.00 120.00 240.00
-	 9375 4050 9900 4050 9900 4650 7200 4650 7200 5250 7650 5250
-2 1 0 4 9 7 0 0 -1 0.000 0 0 -1 1 0 4
-	1 1 2.00 120.00 240.00
-	 9300 5250 9900 5250 9900 6300 6975 6300
-2 1 2 4 0 7 0 0 -1 7.500 1 1 -1 0 0 2
-	 3900 2100 3900 1500
-2 1 2 4 0 7 0 0 -1 7.500 1 1 -1 0 0 2
-	 3900 7950 3900 7350
-2 1 1 4 9 7 0 0 -1 10.000 0 0 -1 1 0 4
-	1 1 2.00 120.00 240.00
-	 5625 6300 2700 6300 2700 7050 3225 7050
-2 1 0 4 9 7 0 0 -1 0.000 0 0 -1 1 0 4
-	1 1 2.00 120.00 240.00
-	 5550 3000 2700 3000 2700 5250 3225 5250
-2 1 1 4 9 7 0 0 -1 10.000 0 0 -1 1 0 4
-	1 1 2.00 120.00 240.00
-	 9225 2325 9900 2325 9900 3000 6975 3000
-2 1 0 4 9 7 0 0 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 4800 5250 5550 5250
-2 4 0 2 9 7 0 0 -1 0.000 0 0 7 0 0 5
-	 6900 3300 5700 3300 5700 2700 6900 2700 6900 3300
-2 4 0 2 9 7 0 0 -1 0.000 0 0 7 0 0 5
-	 6900 6600 5700 6600 5700 6000 6900 6000 6900 6600
-4 0 0 0 0 0 20 0.0000 4 195 1455 3300 5400 RewriteRule\001
-4 0 0 0 0 1 20 0.0000 4 210 1440 7800 4200 CondPattern\001
-4 0 0 0 0 1 20 0.0000 4 270 1110 5625 4200 TestString\001
-4 0 0 0 0 0 20 0.0000 4 195 1905 3300 4200 RewriteCond     \001
-4 0 0 0 0 1 20 0.0000 4 210 1320 7800 5400 Substitution\001
-4 0 0 0 0 1 20 0.0000 4 195 825 5700 5400 Pattern\001
-4 0 0 0 0 0 20 0.0000 4 195 1455 3300 7200 RewriteRule\001
-4 0 0 0 0 0 20 0.0000 4 195 1455 3300 2400 RewriteRule\001
-4 0 0 0 0 1 20 0.0000 4 195 825 5700 7200 Pattern\001
-4 0 0 0 0 1 20 0.0000 4 210 1320 7800 7200 Substitution\001
-4 0 0 0 0 1 20 0.0000 4 210 1320 7800 2400 Substitution\001
-4 0 0 0 0 1 20 0.0000 4 195 825 5700 2400 Pattern\001
-4 0 9 0 0 18 12 0.0000 4 135 645 6000 2925 current\001
-4 0 9 0 0 18 12 0.0000 4 135 375 6075 3150 URL\001
-4 0 9 0 0 18 12 0.0000 4 135 825 5925 6225 rewritten\001
-4 0 9 0 0 18 12 0.0000 4 135 375 6075 6450 URL\001
diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.gif b/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.gif
deleted file mode 100644
index 664ac1e7bb7..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.fig b/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.fig
deleted file mode 100644
index facf410fc98..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.fig
+++ /dev/null
@@ -1,50 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Inches
-Letter  
-100.00
-Single
--2
-1200 2
-0 32 #efefef
-0 33 #cfcfef
-0 34 #bebebe
-2 1 2 4 0 7 0 0 -1 10.000 1 1 -1 0 0 2
-	 4050 3750 4050 4425
-2 1 0 2 9 7 0 0 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 4950 4800 5550 4800
-2 1 0 2 9 7 0 0 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 4950 3600 5550 3600
-2 1 0 2 9 7 0 0 -1 0.000 0 0 -1 1 0 2
-	1 1 2.00 120.00 240.00
-	 6600 5700 7725 5700
-2 1 0 2 9 7 0 0 -1 0.000 0 0 -1 1 0 6
-	1 1 2.00 120.00 240.00
-	 6600 5550 6900 5550 6900 5100 4950 5100 4950 2850 5550 2850
-2 1 0 2 4 7 0 0 -1 0.000 0 0 -1 1 0 6
-	1 1 2.00 120.00 240.00
-	 9525 4800 9750 4800 9750 5100 7200 5100 7200 5550 7725 5550
-2 1 0 2 4 7 0 0 -1 0.000 0 0 -1 1 0 6
-	1 1 2.00 120.00 240.00
-	 9450 3000 9750 3000 9750 3225 5100 3225 5100 3450 5550 3450
-2 1 0 2 4 7 0 0 -1 0.000 0 0 -1 1 0 6
-	1 1 2.00 120.00 240.00
-	 9450 3600 9750 3600 9750 3825 5100 3825 5100 4050 5550 4050
-2 1 0 2 4 7 0 0 -1 0.000 0 0 -1 1 0 6
-	1 1 2.00 120.00 240.00
-	 9450 4200 9750 4200 9750 4425 5100 4425 5100 4650 5550 4650
-4 0 0 0 0 0 20 0.0000 4 195 1905 3300 4800 RewriteCond     \001
-4 0 0 0 0 1 20 0.0000 4 210 1620 7800 4800 CondPatternN\001
-4 0 0 0 0 0 20 0.0000 4 195 1905 3300 3600 RewriteCond     \001
-4 0 0 0 0 1 20 0.0000 4 210 1575 7800 3600 CondPattern2\001
-4 0 0 0 0 1 20 0.0000 4 270 1290 5625 4800 TestStringN\001
-4 0 0 0 0 1 20 0.0000 4 270 1245 5625 3600 TestString2\001
-4 0 0 0 0 0 20 0.0000 4 195 1905 3300 3000 RewriteCond     \001
-4 0 0 0 0 1 20 0.0000 4 270 1245 5625 3000 TestString1\001
-4 0 0 0 0 1 20 0.0000 4 210 1575 7800 3000 CondPattern1\001
-4 0 0 0 0 1 20 0.0000 4 210 1320 7800 5700 Substitution\001
-4 0 0 0 0 1 20 0.0000 4 195 825 5700 5700 Pattern\001
-4 0 0 0 0 0 20 0.0000 4 195 1455 3300 5700 RewriteRule\001
diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.gif b/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.gif
deleted file mode 100644
index 3ea8cb65a3f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_ssl_sb.gif b/usr.sbin/httpd/htdocs/manual/images/mod_ssl_sb.gif
deleted file mode 100644
index aecd3c119c6..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/mod_ssl_sb.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/openssl_ics.gif b/usr.sbin/httpd/htdocs/manual/images/openssl_ics.gif
deleted file mode 100644
index 3d3c90c9f84..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/openssl_ics.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/pixel.gif b/usr.sbin/httpd/htdocs/manual/images/pixel.gif
deleted file mode 100644
index c0801475d27..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/pixel.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/images/sub.gif b/usr.sbin/httpd/htdocs/manual/images/sub.gif
deleted file mode 100644
index 93061c5ad7f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/images/sub.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/index.html b/usr.sbin/httpd/htdocs/manual/index.html
deleted file mode 100644
index 0c4ada5943d..00000000000
--- a/usr.sbin/httpd/htdocs/manual/index.html
+++ /dev/null
@@ -1,289 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache HTTP Server Version 1.3 Documentation</title>
-  </head>
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <div align="center">
-      <table cellspacing="0" cellpadding="0" border="0"
-      width="600">
-        <tr>
-          <td align="center"><img src="images/apache_header.gif"
-          width="600" height="62" border="0"
-          alt="[Apache Documentation]" /></td>
-        </tr>
-
-        <tr>
-          <td align="center" bgcolor="#4f4f4f">
-            <table cellspacing="1" cellpadding="4" border="0"
-            width="100%">
-              <tr>
-                <td align="center" bgcolor="#bebebe"><a
-                href="misc/FAQ.html"><strong>FAQ</strong></a> </td>
-
-		<td align="center" bgcolor="#bebebe"><a
-		href="sitemap.html"><strong>SiteMap</strong></a></td>
-
-                <td align="center" bgcolor="#bebebe"><a
-                href="mod/directives.html"><strong>Directives</strong></a>
-                </td>
-
-                <td align="center" bgcolor="#bebebe"><a
-                href="mod/"><strong>Modules</strong></a> </td>
-
-                <td align="center" bgcolor="#bebebe"><a
-                href="http://www.apache.org/search.html"><strong>Search</strong></a>
-                </td>
-              </tr>
-            </table>
-          </td>
-        </tr>
-
-        <tr>
-          <td>&nbsp;</td>
-        </tr>
-
-        <tr>
-          <td align="center" height="30">
-            <h3>Apache HTTP Server Version 1.3</h3>
-          </td>
-        </tr>
-      </table>
-    </div>
-
-    <div align="center">
-      <table cellspacing="0" cellpadding="0" border="0"
-      width="600">
-        <tr>
-          <td align="center">
-            <form method="post" action="http://search.apache.org/">
-              <input type="hidden" name="what"
-              value="httpd.apache.org" /> <input type="hidden"
-              name="results" value="20" /> <input type="hidden"
-              name="version" value="2" /> <input type="text"
-              name="keyword" size="20" /> <input type="submit"
-              value="Search" />
-            </form>
-          </td>
-        </tr>
-      </table>
-
-      <table cellspacing="0" cellpadding="0" border="0"
-      width="600">
-        <tr>
-          <td align="center" valign="top">
-            <table border="0" cellpadding="4" cellspacing="0"
-            bgcolor="#ffffff" width="280">
-              <tr>
-                <td align="center" bgcolor="#e9e9e9">
-                <strong>Miscellaneous information</strong> </td>
-              </tr>
-
-              <tr>
-                <td><a href="LICENSE">Apache License</a> </td>
-              </tr>
-            </table>
-
-            <table border="0" cellpadding="4" cellspacing="0"
-            bgcolor="#ffffff" width="280">
-              <tr>
-                <td align="center" bgcolor="#e9e9e9">
-                <strong>Reference Manual</strong> </td>
-              </tr>
-
-              <tr>
-                <td><a href="invoking.html">Starting</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="stopping.html">Stopping or
-                Restarting</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="mod/directives.html">Run-time
-                Configuration Directives</a> </td>
-              </tr>
-
-              <tr>
-                <td>Modules: <a href="mod/index-bytype.html">By
-                Type</a> or <a
-                href="mod/index.html">Alphabetical</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="programs/">Server and Supporting
-                Programs</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="dso.html">Dynamic Shared Object (DSO)
-                Support</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="misc/API.html">The Apache API</a>
-                </td>
-              </tr>
-            </table>
-
-            <table border="0" cellpadding="4" cellspacing="0"
-            bgcolor="#ffffff" width="280">
-              <tr>
-                <td align="center" bgcolor="#e9e9e9">
-                <strong>Platform Specific Notes</strong> </td>
-              </tr>
-              <tr>
-                <td><a href="ipv6.html">Support for IPv6</a>
-                </td>
-              </tr>
-            </table>
-          </td>
-
-          <td align="center" valign="top" bgcolor="#cccccc">
-            <table border="0" cellpadding="0" cellspacing="0"
-            bgcolor="#cccccc">
-              <tr>
-                <td align="center"><img src="images/pixel.gif"
-                width="1" height="1" border="0" alt="." /></td>
-              </tr>
-            </table>
-          </td>
-
-          <td align="center" valign="top">
-            <table border="0" cellpadding="4" cellspacing="0"
-            bgcolor="#ffffff" width="280">
-              <tr>
-                <td align="center" bgcolor="#e9e9e9"><strong>Using
-                the Apache HTTP Server</strong> </td>
-              </tr>
-
-              <tr>
-                <td><a href="howto/auth.html">Authentication,
-                Authorization, and Access Control</a></td>
-              </tr>
-
-              <tr>
-                <td><a href="howto/cgi.html">CGI: Dynamic Content with
-                CGI</a> </td>
-              </tr>
-
-               <tr>
-                <td><a href="configuring.html">Configuration
-                Files</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="content-negotiation.html">Content
-                negotiation</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="env.html">Environment Variables</a>
-                </td>
-              </tr>
-
-              <tr>
-                <td><a href="misc/perf-tuning.html">General
-                Performance hints</a> </td>
-              </tr>
-
-               <tr>
-                <td><a href="handler.html">Handlers</a> </td>
-              </tr>
-
-               <tr>
-                <td><a href="logs.html">Log Files</a> </td>
-              </tr>
-
-             <tr>
-                <td><a href="misc/security_tips.html">Security
-                tips</a> </td>
-              </tr>
-
-               <tr>
-                <td><a href="howto/ssi.html">Server Side
-                Includes</a> </td>
-              </tr>
-
-               <tr>
-                <td><a href="server-wide.html">Server-Wide
-                Configuration</a> </td>
-              </tr>
-
-             <tr>
-                <td><a href="suexec.html">suexec: Using SetUserID Execution
-                for CGI</a> </td>
-              </tr>
-
-               <tr>
-                <td><a href="urlmapping.html">URL Mapping: Mapping 
-                URLs to the Filesystem</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="misc/rewriteguide.html">URL Rewriting
-                Guide</a> </td>
-              </tr>
-
-               <tr>
-                <td><a href="vhosts/index.html">Virtual Hosts</a>
-                </td>
-              </tr>
-
-           </table>
-
-            <table border="0" cellpadding="4" cellspacing="0"
-            bgcolor="#ffffff" width="280">
-              <tr>
-                <td align="center" bgcolor="#e9e9e9"><strong>Other
-                Topics</strong> </td>
-              </tr>
-
-              <tr>
-                <td><a href="misc/FAQ.html">Frequently Asked
-                Questions</a> </td>
-              </tr>
-
-              <tr>
-                <td><a href="sitemap.html">SiteMap</a>
-                </td>
-              </tr>
-
-              <tr>
-                <td><a href="misc/tutorials.html">Tutorials</a>
-                </td>
-              </tr>
-
-              <tr>
-                <td><a href="misc/">Other Notes</a> </td>
-              </tr>
-            </table>
-          </td>
-        </tr>
-      </table>
-      <br />
-      <br />
-    </div>
-
-    <p align="center">Maintained by the <a
-    href="http://httpd.apache.org/docs-project/">Apache HTTP Server
-    Documentation Project</a>.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/invoking.html b/usr.sbin/httpd/htdocs/manual/invoking.html
deleted file mode 100644
index a8967264149..00000000000
--- a/usr.sbin/httpd/htdocs/manual/invoking.html
+++ /dev/null
@@ -1,148 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Starting Apache</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Starting Apache</h1>
-
-    <ul>
-      <li>
-        <a href="#unix">Starting Apache on Unix</a> 
-
-        <ul>
-          <li><a href="#errors">Errors During Start-up</a></li>
-
-          <li><a href="#boot">Starting at Boot-Time</a></li>
-
-          <li><a href="#info">Additional Information</a></li>
-        </ul>
-      </li>
-    </ul>
-    <hr />
-
-    <h2><a id="unix" name="unix">Starting Apache on Unix</a></h2>
-
-    <p>On Unix, the <a href="programs/httpd.html">httpd</a> program
-    is run as a daemon which executes continuously in the
-    background to handle requests. It is possible to have Apache
-    invoked by the Internet daemon <code>inetd</code> each time a
-    connection to the HTTP service is made using the <a
-    href="mod/core.html#servertype">ServerType</a> directive, but
-    this is not recommended.</p>
-
-    <p>If the <a href="mod/core.html#port">Port</a> specified in
-    the configuration file is the default of 80 (or any other port
-    below 1024), then it is necessary to have root privileges in
-    order to start Apache, so that it can bind to this privileged
-    port. Once the server has started and completed a few
-    preliminary activities such as opening its log files, it will
-    launch several <em>child</em> processes which do the work of
-    listening for and answering requests from clients. The main
-    <code>httpd</code> process continues to run as the root user,
-    but the child processes run as a less privileged user. This is
-    controlled by Apache's <a
-    href="server-wide.html#process">process creation
-    directives</a>.</p>
-
-    <p>The first thing that <code>httpd</code> does when it is
-    invoked is to locate and read the <a
-    href="configuring.html">configuration file</a>
-    <code>httpd.conf</code>. The location of this file is set at
-    compile-time, but it is possible to specify its location at run
-    time using the <code>-f</code> command-line option as in</p>
-
-    <blockquote>
-      <code>/usr/local/apache/bin/httpd -f
-      /usr/local/apache/conf/httpd.conf</code>
-    </blockquote>
-
-    <p>As an alternative to invoking the <code>httpd</code> binary
-    directly, a shell script called <a
-    href="programs/apachectl.html">apachectl</a> is provided which
-    can be used to control the daemon process with simple commands
-    such as <code>apachectl start</code> and <code>apachectl
-    stop</code>.</p>
-
-    <p>If all goes well during startup, the server will detach from
-    the terminal and the command prompt will return almost
-    immediately. This indicates that the server is up and running.
-    You can then use your browser to connect to the server and view
-    the test page in the <a
-    href="mod/core.html#documentroot">DocumentRoot</a> directory
-    and the local copy of the documentation linked from that
-    page.</p>
-
-    <h3><a id="errors" name="errors">Errors During
-    Start-up</a></h3>
-
-    <p>If Apache suffers a fatal problem during startup, it will
-    write a message describing the problem either to the console or
-    to the <a href="mod/core.html#errorlog">ErrorLog</a> before
-    exiting. One of the most common error messages is "<code>Unable
-    to bind to Port ...</code>". This message is usually caused by
-    either:</p>
-
-    <ul>
-      <li>Trying to start the server on a privileged port when not
-      logged in as the root user; or</li>
-
-      <li>Trying to start the server when there is another instance
-      of Apache or some other web server already bound to the same
-      port.</li>
-    </ul>
-
-    <p>For further trouble-shooting instructions, consult the
-    Apache <a href="misc/FAQ.html">FAQ</a>.</p>
-
-    <h3><a id="boot" name="boot">Starting at Boot-Time</a></h3>
-
-    <p>If you want your server to continue running after a system
-    reboot, you should add a call to <code>httpd</code> or
-    <code>apachectl</code> to your system startup files (typically
-    <code>rc.local</code> or a file in an <code>rc.N</code>
-    directory). This will start Apache as root. Before doing this
-    ensure that your server is properly configured for security and
-    access restrictions. The <code>apachectl</code> script is
-    designed so that it can often be linked directly as an init
-    script, but be sure to check the exact requirements of your
-    system.</p>
-
-    <h3><a id="info" name="info">Additional Information</a></h3>
-
-    <p>Additional information about the command-line options of <a
-    href="programs/httpd.html">httpd</a> and <a
-    href="programs/apachectl.html">apachectl</a> as well as other
-    support programs included with the server is available on the
-    <a href="programs/">Server and Supporting Programs</a> page.
-    There is also documentation on all the <a
-    href="mod/">modules</a> included with the Apache distribution
-    and the <a href="mod/directives.html">directives</a> that they
-    provide.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/ipv6.html b/usr.sbin/httpd/htdocs/manual/ipv6.html
deleted file mode 100644
index 29503958804..00000000000
--- a/usr.sbin/httpd/htdocs/manual/ipv6.html
+++ /dev/null
@@ -1,231 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>IPv6 Support for the OpenBSD Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="center">IPv6 Support for the OpenBSD Apache HTTP Server</h1>
-
-    <p>This document explains how OpenBSD Apache makes use of IPv6.</p>
-
-
-<p>
-To support IPv6 the apache module API/ABI had to be changed, to avoid
-IPv4-dependent structure member variables (like use of u_long to hold
-an IPv4 address, or whatever).  Keep this in mind when writing new
-modules or adding modules to the ports collection.
-</p>
-
-Basically you can write IPv6 address where IPv4 address fits.
-
-<h2>extra command-line argument</h2>
-
-<dl>
-<dt>-4</dt><dd>Assume IPv4 address on ambiguous directives (default)</dd>
-<dt>-6</dt><dd>Assume IPv6 address on ambiguous directives</dd>
-<dt>-U</dt><dd>Don't assume a specific address family on ambiguous
-directives</dd>
-</dl>
-
-<p>
-The above options can be used to remove ambiguities in directives,
-for example "BindAddress *".
-</p>
-
-<h2>base commands</h2>
-<h3>Listen</h3>
-<p>
-Listen is expanded to take one or two arguments.
-</p>
-<pre>
-	Listen port
-	Listen address:port
-	Listen address port
-</pre>
-<p>
-This is to let you specify "Listen :: 80", since "Listen :::80"
-won't work.
-</p>
-<p>
-If you want httpd to listen on port 80 of all IPv4 and IPv6 addresses
-simultaneously, you would specify this using the following commands in
-your main server configuration:
-<pre>
-	Listen 0.0.0.0 80
-	Listen :: 80
-</pre>
-
-
-<h2>mod_access</h2>
-
-deny from<br>
-allow from
-
-<p>
-"deny from" and "allow from" supports IPv6 addresses, under the
-following forms:
-</p>
-
-<pre>
-	{deny,allow} from v6addr
-	{deny,allow} from v6addr/v6mask
-	{deny,allow} from v6addr/prefixlen
-</pre>
-
-<p>
-Also, wildcard ("*") and string hostname matches IPv6 hosts as well.
-</p>
-
-<h2>mod_proxy</h2>
-
-ProxyRequests on<br>
-
-<p>
-http/ftp proxying for both IPv4 and IPv6 is possible.
-Access control functions (NoProxy) are not updated yet.
-</p>
-<p>
-NOTE: for security reasons, we recommend you to filter out
-outsider's access to your proxy, by directives like below:
-</p>
-<pre>
-	<Directory proxy:*>
-	order deny,allow
-	deny from all
-	allow from 10.0.0.0/8
-	allow from 3ffe:9999:8888:7777::/64
-	</Directory>
-</pre>
-
-<h2>virtual host</h2>
-<p>
-If you would like to this feature, you must describe 'Listen'
-part on configuration file explicitly. like below:
-</p>
-<pre>
-	Listen :: 80
-	Listen 0.0.0.0 80
-</pre>
-
-NameVirtualHost<br>
-<p>
-NameVirtualHost is expanded to take one or two arguments.
-</p>
-<pre>
-	NameVirtualHost address
-	NameVirtualHost address:port
-	NameVirtualHost address port
-</pre>
-<p>
-This is to let you specify IPv6 address into address part.
-</p>
-<p>
-Note that, if a colon is found in the specified address string,
-the code will try to resolve the address in the following way:
-<ol>
-	<li>try to resolve as address:port (most of IPv6 address fails)
-	<li>if (1) is failed, try to resolve as address only
-</ol>
-</p>
-<p>
-If there's ambiguity, i.e. 3ffe:0501::1:2, the address may not be
-parsed as you expect (3ffe:0501::1 with port 2, or 3ffe:0501::1:2
-with default port).  To get the right effect you are encouraged
-to specify it without ambiguity.  In IPv6 case "address port"
-(specify address and port separated by a space) is the safest way.
-</p>
-
-<pre>
-&lt;VirtualHost host:port [host:port ...]&gt;<br>
-</pre>
-<p>
-If you would like to specify IPv6 numeric address in host part,
-use bracketed format like below:
-<p>
-<pre>
-	&lt;VirtualHost [::1]:80&gt;
-</pre>
-<p>
-Note: Now we DO NOT handle old non-bracketed format, 
-</p>
-<pre>
-	&lt;VirtualHost 0:0:0:0:0:0:0:1:80&gt;
-</pre>
-<p>
-so configuration file must be updated.
-</p>
-<p>
-Note: The following is bad example to specify host ::1 port 80.
-This will treated as host ::1:80.
-</p>
-<pre>
-	&lt;VirtualHost ::1:80&gt;
-</pre>
-
-<h2>logresolve (src/support)</h2>
-<p>
-error statistics in nameserver cache code is omitted.
-</p>
-
-<h2>mod_unique_id</h2>
-<p>
-Originally mod_unique_id used IPv4 address as a seed for UNIQUE_ID,
-and took IPv4 address registered onto DNS for the hostname (UNIX
-hostname taken by gethostname(3)).  Therefore, this does not work
-for IPv6-only hosts as they do not have IPv4 address for them.
-</p>
-<p>
-Now, UNIQUE_ID can be generated using IPv6 address.  IPv6 address can
-be used as the seed for UNIQUE_ID.
-Because of this, UNIQUE_ID will be longer than normal apache.  This
-may cause problem with some of the CGI scripts.
-The preference of the addresses is based on the order returned
-by getaddrinfo().  If your getaddrinfo() returns IPv4 address, IPv4
-adderss will be used as a seed.
-</p>
-<p>
-Note that some of IPv6 addresses are "scoped"; If you happened to use
-link-local or site-local address as a seed, the UNIQUE_ID may not be
-worldwide unique.
-</p>
-<p>
-If longer UNIQUE_ID causes a problem, define SHORT_UNIQUE_ID in
-mod_unique_id.c.  In this case, length of UNIQUE_ID will be kept the
-same.  However, for IPv6 addresses mod_unique_id.c will use the last
-32bit (not the whole 128bit) as the seed.  Therefore, there can be
-collision in UNIQUE_ID.
-</p>
-<p>
-The behavior should be improved in the near future; we welcome your
-inputs.
-</p>
-
-<h2>configuration file</h2>
-<p>
-We do not support IPv4 mapped addresses (IPv6 address format like
-::ffff:10.1.1.1) in configuration file. 
-</p>
-
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/keepalive.html b/usr.sbin/httpd/htdocs/manual/keepalive.html
deleted file mode 100644
index c3a3018dcdb..00000000000
--- a/usr.sbin/httpd/htdocs/manual/keepalive.html
+++ /dev/null
@@ -1,107 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Keep-Alive Support</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Apache Keep-Alive Support</h1>
-    <hr />
-
-    <h2>What is Keep-Alive?</h2>
-    The Keep-Alive extension to HTTP, as defined by the
-    <code>HTTP/1.1</code> draft, allows persistent connections.
-    These long-lived HTTP sessions allow multiple requests to be
-    send over the same TCP connection, and in some cases have been
-    shown to result in an almost 50% speedup in latency times for
-    HTML documents with lots of images. 
-
-    <h2>Enabling Keep-Alive Support</h2>
-    Apache 1.1 comes with Keep-Alive support on by default, however
-    there are some directives you can use to modify Apache's
-    behavior: 
-
-    <p><strong>Note</strong>: Apache 1.2 uses a different syntax
-    for the <a href="mod/core.html#keepalive">KeepAlive</a>
-    directive.</p>
-
-    <h3>KeepAlive</h3>
-    <a href="mod/directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> KeepAlive
-    <em>max-requests</em><br />
-     <a href="mod/directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>KeepAlive
-    5</code><br />
-     <a href="mod/directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="mod/directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core 
-
-    <p>This directive enables Keep-Alive support. Set
-    <em>max-requests</em> to the maximum number of requests you
-    want Apache to entertain per connection. A limit is imposed to
-    prevent a client from hogging your server resources. Set this
-    to <code>0</code> to disable support.</p>
-
-    <h3>KeepAliveTimeout</h3>
-    <a href="mod/directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> KeepAliveTimeout
-    <em>seconds</em><br />
-     <a href="mod/directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>KeepAliveTimeout
-    15</code><br />
-     <a href="mod/directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="mod/directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core 
-
-    <p>The number of seconds Apache will wait for a subsequent
-    request before closing the connection. Once a request has been
-    received, the timeout value specified by the <a
-    href="mod/core.html#timeout"><code>Timeout</code></a> directive
-    applies.</p>
-
-    <h2>When Keep-Alive Is Used</h2>
-    In order for Keep-Alive support to be used, first the browser
-    must support it. Many current browsers, including Netscape
-    Navigator 2.0, and Spyglass Mosaic-based browsers (including
-    Microsoft Internet Explorer) do. Note, however, that some
-    Windows 95-based browsers misbehave with Keep-Alive-supporting
-    servers; they may occasionally hang on a connect. This has been
-    observed with several Windows browsers, and occurs when
-    connecting to any Keep-Alive server, not just Apache. Netscape
-    3.0b5 and later versions are known to work around this problem.
-    
-
-    <p>However, Keep-Alive support only is active with files where
-    the length is known beforehand. This means that most CGI
-    scripts, server-side included files and directory listings will
-    not use the Keep-Alive protocol. While this should be
-    completely transparent to the end user, it is something the
-    web-master may want to keep in mind.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/location.html b/usr.sbin/httpd/htdocs/manual/location.html
deleted file mode 100644
index 5d29f24d1d8..00000000000
--- a/usr.sbin/httpd/htdocs/manual/location.html
+++ /dev/null
@@ -1,75 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Access Control by URL</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Access Control by URL</h1>
-
-    <h2><a id="location" name="location">The
-    <code>&lt;Location&gt;</code> Directive</a></h2>
-    <a href="mod/directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;Location <em>URL
-    prefix</em>&gt;<br />
-     <a href="mod/directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="mod/directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     
-
-    <p>The &lt;Location&gt; directive provides for access control
-    by URL. It is comparable to the <a
-    href="mod/core.html#directory">&lt;Directory&gt;</a> directive,
-    and should be matched with a &lt;/Location&gt; directive.
-    Directives that apply to the URL given should be listed between
-    them. <code>&lt;Location&gt;</code> sections are processed in
-    the order they appear in the configuration file, after the
-    &lt;Directory&gt; sections and <code>.htaccess</code> files are
-    read.</p>
-
-    <p>Note that, due to the way HTTP functions, <em>URL
-    prefix</em> should, save for proxy requests, be of the form
-    <code>/path/</code>, and should not include the
-    <code>http://servername</code>. It doesn't necessarily have to
-    protect a directory (it can be an individual file, or a number
-    of files), and can include wild-cards. In a wild-card string,
-    `?' matches any single character, and `*' matches any sequences
-    of characters.</p>
-
-    <p>This functionality is especially useful when combined with
-    the <code><a
-    href="mod/mod_mime.html#sethandler">SetHandler</a></code>
-    directive. For example, to enable status requests, but allow
-    them only from browsers at foo.com, you might use:</p>
-<pre>
-    &lt;Location /status&gt;
-    SetHandler server-status
-    Order Deny,Allow
-    Deny from all
-    Allow from .foo.com
-    &lt;/Location&gt;
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/logs.html b/usr.sbin/httpd/htdocs/manual/logs.html
deleted file mode 100644
index 0e3e171fbfc..00000000000
--- a/usr.sbin/httpd/htdocs/manual/logs.html
+++ /dev/null
@@ -1,660 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Log Files - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="center">Log Files</h1>
-
-    <p>In order to effectively manage a web server, it is necessary
-    to get feedback about the activity and performance of the
-    server as well as any problems that may be occuring. The Apache
-    HTTP Server provides very comprehensive and flexible logging
-    capabilities. This document describes how to configure its
-    logging capabilities, and how to understand what the logs
-    contain.</p>
-
-    <ul>
-      <li><a href="#security">Security Warning</a></li>
-
-      <li><a href="#errorlog">Error Log</a></li>
-
-      <li>
-        <a href="#accesslog">Access Log</a> 
-
-        <ul>
-          <li><a href="#common">Common Log Format</a></li>
-
-          <li><a href="#combined">Combined Log Format</a></li>
-
-          <li><a href="#multiple">Multiple Access Logs</a></li>
-
-          <li><a href="#conditional">Conditional Logging</a></li>
-        </ul>
-      </li>
-
-      <li><a href="#rotation">Log Rotation</a></li>
-
-      <li><a href="#piped">Piped Logs</a></li>
-
-      <li><a href="#virtualhosts">Virtual Hosts</a></li>
-
-      <li>
-        <a href="#other">Other Log Files</a> 
-
-        <ul>
-          <li><a href="#pidfile">PID File</a></li>
-
-          <li><a href="#scriptlog">Script Log</a></li>
-
-          <li><a href="#rewritelog">Rewrite Log</a></li>
-        </ul>
-      </li>
-    </ul>
-    <hr />
-
-    <h2><a id="security" name="security">Security Warning</a></h2>
-
-    <p>Anyone who can write to the directory where Apache is
-    writing a log file can almost certainly gain access to the uid
-    that the server is started as, which is normally root. Do
-    <em>NOT</em> give people write access to the directory the logs
-    are stored in without being aware of the consequences; see the
-    <a href="misc/security_tips.html">security tips</a> document
-    for details.</p>
-
-    <p>In addition, log files may contain information supplied
-    directly by the client, without escaping. Therefore, it is
-    possible for malicious clients to insert control-characters in
-    the log files, so care must be taken in dealing with raw
-    logs.</p>
-    <hr />
-
-    <h2><a id="errorlog" name="errorlog">Error Log</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="mod/core.html#errorlog">ErrorLog</a><br />
-         <a href="mod/core.html#loglevel">LogLevel</a> </td>
-      </tr>
-    </table>
-
-    <p>The server error log, whose name and location is set by the
-    <a href="mod/core.html#errorlog">ErrorLog</a> directive, is the
-    most important log file. This is the place where Apache httpd
-    will send diagnostic information and record any errors that it
-    encounters in processing requests. It is the first place to
-    look when a problem occurs with starting the server or with the
-    operation of the server, since it will often contain details of
-    what went wrong and how to fix it.</p>
-
-    <p>The error log is usually written to a file (typically
-    <code>error_log</code> on unix systems and
-    <code>error.log</code> on Windows and OS/2). On unix systems it
-    is also possible to have the server send errors to
-    <code>syslog</code> or <a href="#piped">pipe them to a
-    program</a>.</p>
-
-    <p>The format of the error log is relatively free-form and
-    descriptive. But there is certain information that is contained
-    in most error log entries. For example, here is a typical
-    message.</p>
-
-    <blockquote>
-      <code>[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1]
-      client denied by server configuration:
-      /export/home/live/ap/htdocs/test</code>
-    </blockquote>
-
-    <p>The first item in the log entry is the date and time of the
-    message. The second entry lists the severity of the error being
-    reported. The <a href="mod/core.html#loglevel">LogLevel</a>
-    directive is used to control the types of errors that are sent
-    to the error log by restricting the severity level. The third
-    entry gives the IP address of the client that generated the
-    error. Beyond that is the message itself, which in this case
-    indicates that the server has been configured to deny the
-    client access. The server reports the file-system path (as
-    opposed to the web path) of the requested document.</p>
-
-    <p>A very wide variety of different messages can appear in the
-    error log. Most look similar to the example above. The error
-    log will also contain debugging output from CGI scripts. Any
-    information written to <code>stderr</code> by a CGI script will
-    be copied directly to the error log.</p>
-
-    <p>It is not possible to customize the error log by adding or
-    removing information. However, error log entries dealing with
-    particular requests have corresponding entries in the <a
-    href="#accesslog">access log</a>. For example, the above example
-    entry corresponds to an access log entry with status code 403.
-    Since it is possible to customize the access log, you can
-    obtain more information about error conditions using that log
-    file.</p>
-
-    <p>During testing, it is often useful to continuously monitor
-    the error log for any problems. On unix systems, you can
-    accomplish this using:</p>
-
-    <blockquote>
-      <code>tail -f error_log</code>
-    </blockquote>
-    <hr />
-
-    <h2><a id="accesslog" name="accesslog">Access Log</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="mod/mod_log_config.html">mod_log_config</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="mod/mod_log_config.html#customlog">CustomLog</a><br />
-         <a
-        href="mod/mod_log_config.html#logformat">LogFormat</a><br />
-         <a href="mod/mod_setenvif.html#setenvif">SetEnvIf</a>
-        </td>
-      </tr>
-    </table>
-
-    <p>The server access log records all requests processed by the
-    server. The location and content of the access log are
-    controlled by the <a
-    href="mod/mod_log_config.html#customlog">CustomLog</a>
-    directive. The <a
-    href="mod/mod_log_config.html#logformat">LogFormat</a>
-    directive can be used to simplify the selection of the contents
-    of the logs. This section describes how to configure the server
-    to record information in the access log.</p>
-
-    <p>Of course, storing the information in the access log is only
-    the start of log management. The next step is to analyze this
-    information to produce useful statistics. Log analysis in
-    general is beyond the scope of this document, and not really
-    part of the job of the web server itself. For more information
-    about this topic, and for applications which perform log
-    analysis, check the <a
-    href="http://dmoz.org/Computers/Software/Internet/Site_Management/Log_Analysis/">
-    Open Directory</a> or <a
-    href="http://dir.yahoo.com/Computers_and_Internet/Software/Internet/World_Wide_Web/Servers/Log_Analysis_Tools/">
-    Yahoo</a>.</p>
-
-    <p>Various versions of Apache httpd have used other modules and
-    directives to control access logging, including
-    mod_log_referer, mod_log_agent, and the
-    <code>TransferLog</code> directive. The <code>CustomLog</code>
-    directive now subsumes the functionality of all the older
-    directives.</p>
-
-    <p>The format of the access log is highly configurable. The
-    format is specified using a <a
-    href="mod/mod_log_config.html#formats">format string</a> that
-    looks much like a C-style printf(1) format string. Some
-    examples are presented in the next sections. For a complete
-    list of the possible contents of the format string, see the <a
-    href="mod/mod_log_config.html">mod_log_config
-    documentation</a>.</p>
-
-    <h3><a id="common" name="common">Common Log Format</a></h3>
-
-    <p>A typical configuration for the access log might look as
-    follows.</p>
-
-    <blockquote>
-      <code>LogFormat "%h %l %u %t \"%r\" %&gt;s %b" common<br />
-       CustomLog logs/access_log common</code>
-    </blockquote>
-
-    <p>This defines the <em>nickname</em> <code>common</code> and
-    associates it with a particular log format string. The format
-    string consists of percent directives, each of which tell the
-    server to log a particular piece of information. Literal
-    characters may also be placed in the format string and will be
-    copied directly into the log output. The quote character
-    (<code>"</code>) must be escaped by placing a back-slash before
-    it to prevent it from being interpreted as the end of the
-    format string. The format string may also contain the special
-    control characters "<code>\n</code>" for new-line and
-    "<code>\t</code>" for tab.</p>
-
-    <p>The <code>CustomLog</code> directive sets up a new log file
-    using the defined <em>nickname</em>. The filename for the
-    access log is relative to the <a
-    href="mod/core.html#serverroot">ServerRoot</a> unless it begins
-    with a slash.</p>
-
-    <p>The above configuration will write log entries in a format
-    known as the Common Log Format (CLF). This standard format can
-    be produced by many different web servers and read by many log
-    analysis programs. The log file entries produced in CLF will
-    look something like this:</p>
-
-    <blockquote>
-      <code>127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
-      /apache_pb.gif HTTP/1.0" 200 2326</code>
-    </blockquote>
-
-    <p>Each part of this log entry is described below.</p>
-
-    <dl>
-      <dt><code>127.0.0.1</code> (<code>%h</code>)</dt>
-
-      <dd>This is the IP address of the client (remote host) which
-      made the request to the server. If <a
-      href="mod/core.html#hostnamelookups">HostnameLookups</a> is
-      set to <code>On</code>, then the server will try to determine
-      the hostname and log it in place of the IP address. However,
-      this configuration is not recommended since it can
-      significantly slow the server. Instead, it is best to use a
-      log post-processor such as <a
-      href="programs/logresolve.html">logresolve</a> to determine
-      the hostnames. The IP address reported here is not
-      necessarily the address of the machine at which the user is
-      sitting. If a proxy server exists between the user and the
-      server, this address will be the address of the proxy, rather
-      than the originating machine.</dd>
-
-      <dt><code>-</code> (<code>%l</code>)</dt>
-
-      <dd>The "hyphen" in the output indicates that the requested
-      piece of information is not available. In this case, the
-      information that is not available is the RFC 1413 identity of
-      the client determined by <code>identd</code> on the clients
-      machine. This information is highly unreliable and should
-      almost never be used except on tightly controlled internal
-      networks. Apache httpd will not even attempt to determine
-      this information unless <a
-      href="mod/core.html#identitycheck">IdentityCheck</a> is set
-      to <code>On</code>.</dd>
-
-      <dt><code>frank</code> (<code>%u</code>)</dt>
-
-      <dd>This is the userid of the person requesting the document
-      as determined by HTTP authentication. The same value is
-      typically provided to CGI scripts in the
-      <code>REMOTE_USER</code> environment variable. If the status
-      code for the request (see below) is 401, then this value
-      should not be trusted because the user is not yet
-      authenticated. If the document is not password protected,
-      this entry will be "<code>-</code>" just like the previous
-      one.</dd>
-
-      <dt><code>[10/Oct/2000:13:55:36 -0700]</code>
-      (<code>%t</code>)</dt>
-
-      <dd>
-        The time that the server finished processing the request.
-        The format is: 
-
-        <blockquote>
-          <code>[day/month/year:hour:minute:second zone]<br />
-           day = 2*digit<br />
-           month = 3*letter<br />
-           year = 4*digit<br />
-           hour = 2*digit<br />
-           minute = 2*digit<br />
-           second = 2*digit<br />
-           zone = (`+' | `-') 4*digit</code>
-        </blockquote>
-        It is possible to have the time displayed in another format
-        by specifying <code>%{format}t</code> in the log format
-        string, where <code>format</code> is as in
-        <code>strftime(3)</code> from the C standard library.
-      </dd>
-
-      <dt><code>"GET /apache_pb.gif HTTP/1.0"</code>
-      (<code>\"%r\"</code>)</dt>
-
-      <dd>The request line from the client is given in double
-      quotes. The request line contains a great deal of useful
-      information. First, the method used by the client is
-      <code>GET</code>. Second, the client requested the resource
-      <code>/apache_pb.gif</code>, and third, the client used the
-      protocol <code>HTTP/1.0</code>. It is also possible to log
-      one or more parts of the request line independently. For
-      example, the format string "<code>%m %U%q %H</code>" will log
-      the method, path, query-string, and protocol, resulting in
-      exactly the same output as "<code>%r</code>".</dd>
-
-      <dt><code>200</code> (<code>%&gt;s</code>)</dt>
-
-      <dd>This is the status code that the server sends back to the
-      client. This information is very valuable, because it reveals
-      whether the request resulted in a successful response (codes
-      beginning in 2), a redirection (codes beginning in 3), an
-      error caused by the client (codes beginning in 4), or an
-      error in the server (codes beginning in 5). The full list of
-      possible status codes can be found in the <a
-      href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html">HTTP
-      specification</a> (RFC2616 section 10).</dd>
-
-      <dt><code>2326</code> (<code>%b</code>)</dt>
-
-      <dd>The last entry indicates the size of the object returned
-      to the client, not including the response headers. If no
-      content was returned to the client, this value will be
-      "<code>-</code>". To log "<code>0</code>" for no content, use
-      <code>%B</code> instead.</dd>
-    </dl>
-
-    <h4><a id="combined" name="combined">Combined Log
-    Format</a></h4>
-
-    <p>Another commonly used format string is called the Combined
-    Log Format. It can be used as follows.</p>
-
-    <blockquote>
-      <code>LogFormat "%h %l %u %t \"%r\" %&gt;s %b \"%{Referer}i\"
-      \"%{User-agent}i\"" combined<br />
-       CustomLog log/acces_log combined</code>
-    </blockquote>
-
-    <p>This format is exactly the same as the Common Log Format,
-    with the addition of two more fields. Each of the additional
-    fields uses the percent-directive
-    <code>%{<em>header</em>}i</code>, where <em>header</em> can be
-    any HTTP request header. The access log under this format will
-    look like:</p>
-
-    <blockquote>
-      <code>127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
-      /apache_pb.gif HTTP/1.0" 200 2326
-      "http://www.example.com/start.html" "Mozilla/4.08 [en]
-      (Win98; I ;Nav)"</code>
-    </blockquote>
-
-    <p>The additional fields are:</p>
-
-    <dl>
-      <dt><code>"http://www.example.com/start.html"</code>
-      (<code>\"%{Referer}i\"</code>)</dt>
-
-      <dd>The "Referer" (sic) HTTP request header. This gives the
-      site that the client reports having been referred from. (This
-      should be the page that links to or includes
-      <code>/apache_pb.gif</code>).</dd>
-
-      <dt><code>"Mozilla/4.08 [en] (Win98; I ;Nav)"</code>
-      (<code>\"%{User-agent}i\"</code>)</dt>
-
-      <dd>The User-Agent HTTP request header. This is the
-      identifying information that the client browser reports about
-      itself.</dd>
-    </dl>
-
-    <h3><a id="multiple" name="multiple">Multiple Access
-    Logs</a></h3>
-
-    <p>Multiple access logs can be created simply by specifying
-    multiple <code>CustomLog</code> directives in the configuration
-    file. For example, the following directives will create three
-    access logs. The first contains the basic CLF information,
-    while the second and third contain referer and browser
-    information. The last two <code>CustomLog</code> lines show how
-    to mimic the effects of the <code>ReferLog</code> and
-    <code>AgentLog</code> directives.</p>
-
-    <blockquote>
-      <code>LogFormat "%h %l %u %t \"%r\" %&gt;s %b" common<br />
-       CustomLog logs/access_log common<br />
-       CustomLog logs/referer_log "%{Referer}i -&gt; %U"<br />
-       CustomLog logs/agent_log "%{User-agent}i"</code>
-    </blockquote>
-
-    <p>This example also shows that it is not necessary to define a
-    nickname with the <code>LogFormat</code> directive. Instead,
-    the log format can be specified directly in the
-    <code>CustomLog</code> directive.</p>
-
-    <h3><a id="conditional" name="conditional">Conditional
-    Logging</a></h3>
-
-    <p>There are times when it is convenient to exclude certain
-    entries from the access logs based on characteristics of the
-    client request. This is easily accomplished with the help of <a
-    href="env.html">environment variables</a>. First, an
-    environment variable must be set to indicate that the request
-    meets certain conditions. This is usually accomplished with <a
-    href="mod/mod_setenvif.html#setenvif">SetEnvIf</a>. Then the
-    <code>env=</code> clause of the <code>CustomLog</code>
-    directive is used to include or exclude requests where the
-    environment variable is set. Some examples:</p>
-
-    <blockquote>
-      <code># Mark requests from the loop-back interface<br />
-       SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog<br />
-       # Mark requests for the robots.txt file<br />
-       SetEnvIf Request_URI "^/robots\.txt$" dontlog<br />
-       # Log what remains<br />
-       CustomLog logs/access_log common env=!dontlog</code>
-    </blockquote>
-
-    <p>As another example, consider logging requests from
-    english-speakers to one log file, and non-english speakers to a
-    different log file.</p>
-
-    <blockquote>
-      <code>SetEnvIf Accept-Language "en" english<br />
-       CustomLog logs/english_log common env=english<br />
-       CustomLog logs/non_english_log common env=!english</code>
-    </blockquote>
-
-    <p>Although we have just shown that conditional logging is very
-    powerful and flexibly, it is not the only way to control the
-    contents of the logs. Log files are more useful when they
-    contain a complete record of server activity. It is often
-    easier to simply post-process the log files to remove requests
-    that you do not want to consider.</p>
-    <hr />
-
-    <h2><a id="rotation" name="rotation">Log Rotation</a></h2>
-
-    <p>On even a moderately busy server, the quantity of
-    information stored in the log files is very large. The access
-    log file typically grows 1 MB or more per 10,000 requests. It
-    will consequently be necessary to periodically rotate the log
-    files by moving or deleting the existing logs. This cannot be
-    done while the server is running, because Apache will continue
-    writing to the old log file as long as it holds the file open.
-    Instead, the server must be <a
-    href="stopping.html">restarted</a> after the log files are
-    moved or deleted so that it will open new log files.</p>
-
-    <p>By using a <em>graceful</em> restart, the server can be
-    instructed to open new log files without losing any existing or
-    pending connections from clients. However, in order to
-    accomplish this, the server must continue to write to the old
-    log files while it finishes serving old requests. It is
-    therefore necessary to wait for some time after the restart
-    before doing any processing on the log files. A typical
-    scenario that simply rotates the logs and compresses the old
-    logs to save space is:</p>
-
-    <blockquote>
-      <code>mv access_log access_log.old<br />
-       mv error_log error_log.old<br />
-       apachectl graceful<br />
-       sleep 600<br />
-       gzip access_log.old error_log.old</code>
-    </blockquote>
-
-    <p>Another way to perform log rotation is using <a
-    href="#piped">piped logs</a> as discussed in the next
-    section.</p>
-    <hr />
-
-    <h2><a id="piped" name="piped">Piped Logs</a></h2>
-
-    <p>Apache httpd is capable of writing error and access log
-    files through a pipe to another process, rather than directly
-    to a file. This capability dramatically increases the
-    flexibility of logging, without adding code to the main server.
-    In order to write logs to a pipe, simply replace the filename
-    with the pipe character "<code>|</code>", followed by the name
-    of the executable which should accept log entries on its
-    standard input. Apache will start the piped-log process when
-    the server starts, and will restart it if it crashes while the
-    server is running. (This last feature is why we can refer to
-    this technique as "reliable piped logging".)</p>
-
-    <p>Piped log processes are spawned by the parent Apache httpd
-    process, and inherit the userid of that process. This means
-    that piped log programs usually run as root. It is therefore
-    very important to keep the programs simple and secure.</p>
-
-    <p>One important use of piped logs is to allow log rotation
-    without having to restart the server. The Apache HTTP Server
-    includes a simple program called <a
-    href="programs/rotatelogs.html">rotatelogs</a> for this
-    purpose. For example, to rotate the logs every 24 hours, you
-    can use:</p>
-
-    <blockquote>
-      <code>CustomLog "|/usr/local/apache/bin/rotatelogs
-      /var/log/access_log 86400" common</code>
-    </blockquote>
-
-    <p>A similar, but much more flexible log rotation program
-    called <a href="http://www.cronolog.org/">cronolog</a>
-    is available at an external site.</p>
-
-    <p>As with conditional logging, piped logs are a very powerful
-    tool, but they should not be used where a simpler solution like
-    off-line post-processing is available.</p>
-    <hr />
-
-    <h2><a id="virtualhosts" name="virtualhosts">Virtual
-    Hosts</a></h2>
-
-    <p>When running a server with many <a href="vhosts/">virtual
-    hosts</a>, there are several options for dealing with log
-    files. First, it is possible to use logs exactly as in a
-    single-host server. Simply by placing the logging directives
-    outside the <code>&lt;VirtualHost&gt;</code> sections in the
-    main server context, it is possible to log all requests in the
-    same access log and error log. This technique does not allow
-    for easy collection of statistics on individual virtual
-    hosts.</p>
-
-    <p>If <code>CustomLog</code> or <code>ErrorLog</code>
-    directives are placed inside a <code>&lt;VirtualHost&gt;</code>
-    section, all requests or errors for that virtual host will be
-    logged only to the specified file. Any virtual host which does
-    not have logging directives will still have its requests sent
-    to the main server logs. This technique is very useful for a
-    small number of virtual hosts, but if the number of hosts is
-    very large, it can be complicated to manage. In addition, it
-    can often create problems with <a
-    href="vhosts/fd-limits.html">insufficient file
-    descriptors</a>.</p>
-
-    <p>For the access log, there is a very good compromise. By
-    adding information on the virtual host to the log format
-    string, it is possible to log all hosts to the same log, and
-    later split the log into individual files. For example,
-    consider the following directives.</p>
-
-    <blockquote>
-      <code>LogFormat "%v %l %u %t \"%r\" %&gt;s %b"
-      comonvhost<br />
-       CustomLog logs/access_log comonvhost</code>
-    </blockquote>
-
-    <p>The <code>%v</code> is used to log the name of the virtual
-    host that is serving the request. Then a program like <a
-    href="programs/other.html">split-logfile</a> can be used to
-    post-process the access log in order to split it into one file
-    per virtual host.</p>
-
-    <p>Unfortunately, no similar technique is available for the
-    error log, so you must choose between mixing all virtual hosts
-    in the same error log and using one error log per virtual
-    host.</p>
-    <hr />
-
-    <h2><a id="other" name="other">Other Log Files</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="mod/mod_cgi.html">mod_cgi</a><br />
-         <a href="mod/mod_rewrite.html">mod_rewrite</a> </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="mod/core.html#pidfile">PidFile</a><br />
-         <a
-        href="mod/mod_rewrite.html#RewriteLog">RewriteLog</a><br />
-         <a
-        href="mod/mod_rewrite.html#RewriteLogLevel">RewriteLogLevel</a><br />
-         <a href="mod/mod_cgi.html#scriptlog">ScriptLog</a><br />
-         <a
-        href="mod/mod_cgi.html#scriptloglength">ScriptLogLength</a><br />
-         <a
-        href="mod/mod_cgi.html#scriptlogbuffer">ScriptLogBuffer</a>
-        </td>
-      </tr>
-    </table>
-
-    <h3><a id="pidfile" name="pidfile">PID File</a></h3>
-
-    <p>On startup, Apache httpd saves the process id of the parent
-    httpd process to the file <code>logs/httpd.pid</code>. This
-    filename can be changed with the <a
-    href="mod/core.html#pidfile">PidFile</a> directive. The
-    process-id is for use by the administrator in restarting and
-    terminating the daemon by sending signals to the parent
-    process; on Windows, use the -k command line option instead.
-    For more information see the <a href="stopping.html">Stopping
-    and Restarting</a> page.</p>
-
-    <h3><a id="scriptlog" name="scriptlog">Script Log</a></h3>
-
-    <p>In order to aid in debugging, the <a
-    href="mod/mod_cgi.html#scriptlog">ScriptLog</a> directive
-    allows you to record the input to and output from CGI scripts.
-    This should only be used in testing - not for live servers.
-    More information is available in the <a
-    href="mod/mod_cgi.html">mod_cgi documentation</a>.</p>
-
-    <h3><a id="rewritelog" name="rewritelog">Rewrite Log</a></h3>
-
-    <p>When using the powerful and complex features of <a
-    href="mod/mod_rewrite.html">mod_rewrite</a>, it is almost
-    always necessary to use the <a
-    href="mod/mod_rewrite.html#RewriteLog">RewriteLog</a> to help
-    in debugging. This log file produces a detailed analysis of how
-    the rewriting engine transforms requests. The level of detail
-    is controlled by the <a
-    href="mod/mod_rewrite.html#RewriteLogLevel">RewriteLogLevel</a>
-    directive.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/API.html b/usr.sbin/httpd/htdocs/manual/misc/API.html
deleted file mode 100644
index 15ed67c12ba..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/API.html
+++ /dev/null
@@ -1,1253 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache API notes</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache API notes</h1>
-    These are some notes on the Apache API and the data structures
-    you have to deal with, <em>etc.</em> They are not yet nearly
-    complete, but hopefully, they will help you get your bearings.
-    Keep in mind that the API is still subject to change as we gain
-    experience with it. (See the TODO file for what <em>might</em>
-    be coming). However, it will be easy to adapt modules to any
-    changes that are made. (We have more modules to adapt than you
-    do). 
-
-    <p>A few notes on general pedagogical style here. In the
-    interest of conciseness, all structure declarations here are
-    incomplete --- the real ones have more slots that I'm not
-    telling you about. For the most part, these are reserved to one
-    component of the server core or another, and should be altered
-    by modules with caution. However, in some cases, they really
-    are things I just haven't gotten around to yet. Welcome to the
-    bleeding edge.</p>
-
-    <p>Finally, here's an outline, to give you some bare idea of
-    what's coming up, and in what order:</p>
-
-    <ul>
-      <li>
-        <a href="#basics">Basic concepts.</a> 
-
-        <ul>
-          <li><a href="#HMR">Handlers, Modules, and
-          Requests</a></li>
-
-          <li><a href="#moduletour">A brief tour of a
-          module</a></li>
-        </ul>
-      </li>
-
-      <li>
-        <a href="#handlers">How handlers work</a> 
-
-        <ul>
-          <li><a href="#req_tour">A brief tour of the
-          <code>request_rec</code></a></li>
-
-          <li><a href="#req_orig">Where request_rec structures come
-          from</a></li>
-
-          <li><a href="#req_return">Handling requests, declining,
-          and returning error codes</a></li>
-
-          <li><a href="#resp_handlers">Special considerations for
-          response handlers</a></li>
-
-          <li><a href="#auth_handlers">Special considerations for
-          authentication handlers</a></li>
-
-          <li><a href="#log_handlers">Special considerations for
-          logging handlers</a></li>
-        </ul>
-      </li>
-
-      <li><a href="#pools">Resource allocation and resource
-      pools</a></li>
-
-      <li>
-        <a href="#config">Configuration, commands and the like</a> 
-
-        <ul>
-          <li><a href="#per-dir">Per-directory configuration
-          structures</a></li>
-
-          <li><a href="#commands">Command handling</a></li>
-
-          <li><a href="#servconf">Side notes --- per-server
-          configuration, virtual servers, <em>etc</em>.</a></li>
-        </ul>
-      </li>
-    </ul>
-
-    <h2><a id="basics" name="basics">Basic concepts.</a></h2>
-    We begin with an overview of the basic concepts behind the API,
-    and how they are manifested in the code. 
-
-    <h3><a id="HMR" name="HMR">Handlers, Modules, and
-    Requests</a></h3>
-    Apache breaks down request handling into a series of steps,
-    more or less the same way the Netscape server API does
-    (although this API has a few more stages than NetSite does, as
-    hooks for stuff I thought might be useful in the future). These
-    are: 
-
-    <ul>
-      <li>URI -&gt; Filename translation</li>
-
-      <li>Auth ID checking [is the user who they say they
-      are?]</li>
-
-      <li>Auth access checking [is the user authorized
-      <em>here</em>?]</li>
-
-      <li>Access checking other than auth</li>
-
-      <li>Determining MIME type of the object requested</li>
-
-      <li>`Fixups' --- there aren't any of these yet, but the phase
-      is intended as a hook for possible extensions like
-      <code>SetEnv</code>, which don't really fit well
-      elsewhere.</li>
-
-      <li>Actually sending a response back to the client.</li>
-
-      <li>Logging the request</li>
-    </ul>
-    These phases are handled by looking at each of a succession of
-    <em>modules</em>, looking to see if each of them has a handler
-    for the phase, and attempting invoking it if so. The handler
-    can typically do one of three things: 
-
-    <ul>
-      <li><em>Handle</em> the request, and indicate that it has
-      done so by returning the magic constant <code>OK</code>.</li>
-
-      <li><em>Decline</em> to handle the request, by returning the
-      magic integer constant <code>DECLINED</code>. In this case,
-      the server behaves in all respects as if the handler simply
-      hadn't been there.</li>
-
-      <li>Signal an error, by returning one of the HTTP error
-      codes. This terminates normal handling of the request,
-      although an ErrorDocument may be invoked to try to mop up,
-      and it will be logged in any case.</li>
-    </ul>
-    Most phases are terminated by the first module that handles
-    them; however, for logging, `fixups', and non-access
-    authentication checking, all handlers always run (barring an
-    error). Also, the response phase is unique in that modules may
-    declare multiple handlers for it, via a dispatch table keyed on
-    the MIME type of the requested object. Modules may declare a
-    response-phase handler which can handle <em>any</em> request,
-    by giving it the key <code>*/*</code> (<em>i.e.</em>, a
-    wildcard MIME type specification). However, wildcard handlers
-    are only invoked if the server has already tried and failed to
-    find a more specific response handler for the MIME type of the
-    requested object (either none existed, or they all declined). 
-
-    <p>The handlers themselves are functions of one argument (a
-    <code>request_rec</code> structure. vide infra), which returns
-    an integer, as above.</p>
-
-    <h3><a id="moduletour" name="moduletour">A brief tour of a
-    module</a></h3>
-    At this point, we need to explain the structure of a module.
-    Our candidate will be one of the messier ones, the CGI module
-    --- this handles both CGI scripts and the
-    <code>ScriptAlias</code> config file command. It's actually a
-    great deal more complicated than most modules, but if we're
-    going to have only one example, it might as well be the one
-    with its fingers in every place. 
-
-    <p>Let's begin with handlers. In order to handle the CGI
-    scripts, the module declares a response handler for them.
-    Because of <code>ScriptAlias</code>, it also has handlers for
-    the name translation phase (to recognize
-    <code>ScriptAlias</code>ed URIs), the type-checking phase (any
-    <code>ScriptAlias</code>ed request is typed as a CGI
-    script).</p>
-
-    <p>The module needs to maintain some per (virtual) server
-    information, namely, the <code>ScriptAlias</code>es in effect;
-    the module structure therefore contains pointers to a functions
-    which builds these structures, and to another which combines
-    two of them (in case the main server and a virtual server both
-    have <code>ScriptAlias</code>es declared).</p>
-
-    <p>Finally, this module contains code to handle the
-    <code>ScriptAlias</code> command itself. This particular module
-    only declares one command, but there could be more, so modules
-    have <em>command tables</em> which declare their commands, and
-    describe where they are permitted, and how they are to be
-    invoked.</p>
-
-    <p>A final note on the declared types of the arguments of some
-    of these commands: a <code>pool</code> is a pointer to a
-    <em>resource pool</em> structure; these are used by the server
-    to keep track of the memory which has been allocated, files
-    opened, <em>etc.</em>, either to service a particular request,
-    or to handle the process of configuring itself. That way, when
-    the request is over (or, for the configuration pool, when the
-    server is restarting), the memory can be freed, and the files
-    closed, <em>en masse</em>, without anyone having to write
-    explicit code to track them all down and dispose of them. Also,
-    a <code>cmd_parms</code> structure contains various information
-    about the config file being read, and other status information,
-    which is sometimes of use to the function which processes a
-    config-file command (such as <code>ScriptAlias</code>). With no
-    further ado, the module itself:</p>
-<pre>
-/* Declarations of handlers. */
-
-int translate_scriptalias (request_rec *);
-int type_scriptalias (request_rec *);
-int cgi_handler (request_rec *);
-
-/* Subsidiary dispatch table for response-phase handlers, by MIME type */
-
-handler_rec cgi_handlers[] = {
-{ "application/x-httpd-cgi", cgi_handler },
-{ NULL }
-};
-
-/* Declarations of routines to manipulate the module's configuration
- * info.  Note that these are returned, and passed in, as void *'s;
- * the server core keeps track of them, but it doesn't, and can't,
- * know their internal structure.
- */
-
-void *make_cgi_server_config (pool *);
-void *merge_cgi_server_config (pool *, void *, void *);
-
-/* Declarations of routines to handle config-file commands */
-
-extern char *script_alias(cmd_parms *, void *per_dir_config, char *fake,
-                          char *real);
-
-command_rec cgi_cmds[] = {
-{ "ScriptAlias", script_alias, NULL, RSRC_CONF, TAKE2,
-    "a fakename and a realname"},
-{ NULL }
-};
-
-module cgi_module = {
-   STANDARD_MODULE_STUFF,
-   NULL,                     /* initializer */
-   NULL,                     /* dir config creator */
-   NULL,                     /* dir merger --- default is to override */
-   make_cgi_server_config,   /* server config */
-   merge_cgi_server_config,  /* merge server config */
-   cgi_cmds,                 /* command table */
-   cgi_handlers,             /* handlers */
-   translate_scriptalias,    /* filename translation */
-   NULL,                     /* check_user_id */
-   NULL,                     /* check auth */
-   NULL,                     /* check access */
-   type_scriptalias,         /* type_checker */
-   NULL,                     /* fixups */
-   NULL,                     /* logger */
-   NULL                      /* header parser */
-};
-</pre>
-
-    <h2><a id="handlers" name="handlers">How handlers work</a></h2>
-    The sole argument to handlers is a <code>request_rec</code>
-    structure. This structure describes a particular request which
-    has been made to the server, on behalf of a client. In most
-    cases, each connection to the client generates only one
-    <code>request_rec</code> structure. 
-
-    <h3><a id="req_tour" name="req_tour">A brief tour of the
-    <code>request_rec</code></a></h3>
-    The <code>request_rec</code> contains pointers to a resource
-    pool which will be cleared when the server is finished handling
-    the request; to structures containing per-server and
-    per-connection information, and most importantly, information
-    on the request itself. 
-
-    <p>The most important such information is a small set of
-    character strings describing attributes of the object being
-    requested, including its URI, filename, content-type and
-    content-encoding (these being filled in by the translation and
-    type-check handlers which handle the request,
-    respectively).</p>
-
-    <p>Other commonly used data items are tables giving the MIME
-    headers on the client's original request, MIME headers to be
-    sent back with the response (which modules can add to at will),
-    and environment variables for any subprocesses which are
-    spawned off in the course of servicing the request. These
-    tables are manipulated using the <code>ap_table_get</code> and
-    <code>ap_table_set</code> routines.</p>
-
-    <blockquote>
-      Note that the <samp>Content-type</samp> header value
-      <em>cannot</em> be set by module content-handlers using the
-      <samp>ap_table_*()</samp> routines. Rather, it is set by
-      pointing the <samp>content_type</samp> field in the
-      <samp>request_rec</samp> structure to an appropriate string.
-      <em>E.g.</em>, 
-<pre>
-  r-&gt;content_type = "text/html";
-</pre>
-    </blockquote>
-    Finally, there are pointers to two data structures which, in
-    turn, point to per-module configuration structures.
-    Specifically, these hold pointers to the data structures which
-    the module has built to describe the way it has been configured
-    to operate in a given directory (via <code>.htaccess</code>
-    files or <code>&lt;Directory&gt;</code> sections), for private
-    data it has built in the course of servicing the request (so
-    modules' handlers for one phase can pass `notes' to their
-    handlers for other phases). There is another such configuration
-    vector in the <code>server_rec</code> data structure pointed to
-    by the <code>request_rec</code>, which contains per (virtual)
-    server configuration data. 
-
-    <p>Here is an abridged declaration, giving the fields most
-    commonly used:</p>
-<pre>
-struct request_rec {
-
-  pool *pool;
-  conn_rec *connection;
-  server_rec *server;
-
-  /* What object is being requested */
-
-  char *uri;
-  char *filename;
-  char *path_info;
-  char *args;           /* QUERY_ARGS, if any */
-  struct stat finfo;    /* Set by server core;
-                         * st_mode set to zero if no such file */
-
-  char *content_type;
-  char *content_encoding;
-
-  /* MIME header environments, in and out.  Also, an array containing
-   * environment variables to be passed to subprocesses, so people can
-   * write modules to add to that environment.
-   *
-   * The difference between headers_out and err_headers_out is that
-   * the latter are printed even on error, and persist across internal
-   * redirects (so the headers printed for ErrorDocument handlers will
-   * have them).
-   */
-
-  table *headers_in;
-  table *headers_out;
-  table *err_headers_out;
-  table *subprocess_env;
-
-  /* Info about the request itself... */
-
-  int header_only;     /* HEAD request, as opposed to GET */
-  char *protocol;      /* Protocol, as given to us, or HTTP/0.9 */
-  char *method;        /* GET, HEAD, POST, <em>etc.</em> */
-  int method_number;   /* M_GET, M_POST, <em>etc.</em> */
-
-  /* Info for logging */
-
-  char *the_request;
-  int bytes_sent;
-
-  /* A flag which modules can set, to indicate that the data being
-   * returned is volatile, and clients should be told not to cache it.
-   */
-
-  int no_cache;
-
-  /* Various other config info which may change with .htaccess files
-   * These are config vectors, with one void* pointer for each module
-   * (the thing pointed to being the module's business).
-   */
-
-  void *per_dir_config;   /* Options set in config files, <em>etc.</em> */
-  void *request_config;   /* Notes on *this* request */
-
-};
-
-</pre>
-
-    <h3><a id="req_orig" name="req_orig">Where request_rec
-    structures come from</a></h3>
-    Most <code>request_rec</code> structures are built by reading
-    an HTTP request from a client, and filling in the fields.
-    However, there are a few exceptions: 
-
-    <ul>
-      <li>If the request is to an imagemap, a type map
-      (<em>i.e.</em>, a <code>*.var</code> file), or a CGI script
-      which returned a local `Location:', then the resource which
-      the user requested is going to be ultimately located by some
-      URI other than what the client originally supplied. In this
-      case, the server does an <em>internal redirect</em>,
-      constructing a new <code>request_rec</code> for the new URI,
-      and processing it almost exactly as if the client had
-      requested the new URI directly.</li>
-
-      <li>If some handler signaled an error, and an
-      <code>ErrorDocument</code> is in scope, the same internal
-      redirect machinery comes into play.</li>
-
-      <li>
-        Finally, a handler occasionally needs to investigate `what
-        would happen if' some other request were run. For instance,
-        the directory indexing module needs to know what MIME type
-        would be assigned to a request for each directory entry, in
-        order to figure out what icon to use. 
-
-        <p>Such handlers can construct a <em>sub-request</em>,
-        using the functions <code>ap_sub_req_lookup_file</code>,
-        <code>ap_sub_req_lookup_uri</code>, and
-        <code>ap_sub_req_method_uri</code>; these construct a new
-        <code>request_rec</code> structure and processes it as you
-        would expect, up to but not including the point of actually
-        sending a response. (These functions skip over the access
-        checks if the sub-request is for a file in the same
-        directory as the original request).</p>
-
-        <p>(Server-side includes work by building sub-requests and
-        then actually invoking the response handler for them, via
-        the function <code>ap_run_sub_req</code>).</p>
-      </li>
-    </ul>
-
-    <h3><a id="req_return" name="req_return">Handling requests,
-    declining, and returning error codes</a></h3>
-    As discussed above, each handler, when invoked to handle a
-    particular <code>request_rec</code>, has to return an
-    <code>int</code> to indicate what happened. That can either be 
-
-    <ul>
-      <li>OK --- the request was handled successfully. This may or
-      may not terminate the phase.</li>
-
-      <li>DECLINED --- no erroneous condition exists, but the
-      module declines to handle the phase; the server tries to find
-      another.</li>
-
-      <li>an HTTP error code, which aborts handling of the
-      request.</li>
-    </ul>
-    Note that if the error code returned is <code>REDIRECT</code>,
-    then the module should put a <code>Location</code> in the
-    request's <code>headers_out</code>, to indicate where the
-    client should be redirected <em>to</em>. 
-
-    <h3><a id="resp_handlers" name="resp_handlers">Special
-    considerations for response handlers</a></h3>
-    Handlers for most phases do their work by simply setting a few
-    fields in the <code>request_rec</code> structure (or, in the
-    case of access checkers, simply by returning the correct error
-    code). However, response handlers have to actually send a
-    request back to the client. 
-
-    <p>They should begin by sending an HTTP response header, using
-    the function <code>ap_send_http_header</code>. (You don't have
-    to do anything special to skip sending the header for HTTP/0.9
-    requests; the function figures out on its own that it shouldn't
-    do anything). If the request is marked
-    <code>header_only</code>, that's all they should do; they
-    should return after that, without attempting any further
-    output.</p>
-
-    <p>Otherwise, they should produce a request body which responds
-    to the client as appropriate. The primitives for this are
-    <code>ap_rputc</code> and <code>ap_rprintf</code>, for
-    internally generated output, and <code>ap_send_fd</code>, to
-    copy the contents of some <code>FILE *</code> straight to the
-    client.</p>
-
-    <p>At this point, you should more or less understand the
-    following piece of code, which is the handler which handles
-    <code>GET</code> requests which have no more specific handler;
-    it also shows how conditional <code>GET</code>s can be handled,
-    if it's desirable to do so in a particular response handler ---
-    <code>ap_set_last_modified</code> checks against the
-    <code>If-modified-since</code> value supplied by the client, if
-    any, and returns an appropriate code (which will, if nonzero,
-    be USE_LOCAL_COPY). No similar considerations apply for
-    <code>ap_set_content_length</code>, but it returns an error
-    code for symmetry.</p>
-<pre>
-int default_handler (request_rec *r)
-{
-    int errstatus;
-    FILE *f;
-
-    if (r-&gt;method_number != M_GET) return DECLINED;
-    if (r-&gt;finfo.st_mode == 0) return NOT_FOUND;
-
-    if ((errstatus = ap_set_content_length (r, r-&gt;finfo.st_size))) {
-        return errstatus;
-    }
-
-    r-&gt;mtime = r-&gt;finfo.st_mtime;
-    ap_set_last_modified (r);
-
-    f = ap_pfopen (r-&gt;pool, r-&gt;filename, "r");
-
-    if (f == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-             "file permissions deny server access: %s", r-&gt;filename);
-        return FORBIDDEN;
-    }
-
-    ap_soft_timeout ("send", r);
-    ap_send_http_header (r);
-
-    if (!r-&gt;header_only) ap_send_fd (f, r);
-    ap_pfclose (r-&gt;pool, f);
-
-    ap_kill_timeout (r);
-    return OK;
-}
-</pre>
-    Finally, if all of this is too much of a challenge, there are a
-    few ways out of it. First off, as shown above, a response
-    handler which has not yet produced any output can simply return
-    an error code, in which case the server will automatically
-    produce an error response. Secondly, it can punt to some other
-    handler by invoking <code>ap_internal_redirect</code>, which is
-    how the internal redirection machinery discussed above is
-    invoked. A response handler which has internally redirected
-    should always return <code>OK</code>. 
-
-    <p>(Invoking <code>ap_internal_redirect</code> from handlers
-    which are <em>not</em> response handlers will lead to serious
-    confusion).</p>
-
-    <h3><a id="auth_handlers" name="auth_handlers">Special
-    considerations for authentication handlers</a></h3>
-    Stuff that should be discussed here in detail: 
-
-    <ul>
-      <li>Authentication-phase handlers not invoked unless auth is
-      configured for the directory.</li>
-
-      <li>Common auth configuration stored in the core per-dir
-      configuration; it has accessors <code>ap_auth_type</code>,
-      <code>ap_auth_name</code>, and <code>ap_requires</code>.</li>
-
-      <li>Common routines, to handle the protocol end of things, at
-      least for HTTP basic authentication
-      (<code>ap_get_basic_auth_pw</code>, which sets the
-      <code>connection-&gt;user</code> structure field
-      automatically, and <code>ap_note_basic_auth_failure</code>,
-      which arranges for the proper <code>WWW-Authenticate:</code>
-      header to be sent back).</li>
-    </ul>
-
-    <h3><a id="log_handlers" name="log_handlers">Special
-    considerations for logging handlers</a></h3>
-    When a request has internally redirected, there is the question
-    of what to log. Apache handles this by bundling the entire
-    chain of redirects into a list of <code>request_rec</code>
-    structures which are threaded through the
-    <code>r-&gt;prev</code> and <code>r-&gt;next</code> pointers.
-    The <code>request_rec</code> which is passed to the logging
-    handlers in such cases is the one which was originally built
-    for the initial request from the client; note that the
-    bytes_sent field will only be correct in the last request in
-    the chain (the one for which a response was actually sent). 
-
-    <h2><a id="pools" name="pools">Resource allocation and resource
-    pools</a></h2>
-
-    <p>One of the problems of writing and designing a server-pool
-    server is that of preventing leakage, that is, allocating
-    resources (memory, open files, <em>etc.</em>), without
-    subsequently releasing them. The resource pool machinery is
-    designed to make it easy to prevent this from happening, by
-    allowing resource to be allocated in such a way that they are
-    <em>automatically</em> released when the server is done with
-    them.</p>
-
-    <p>The way this works is as follows: the memory which is
-    allocated, file opened, <em>etc.</em>, to deal with a
-    particular request are tied to a <em>resource pool</em> which
-    is allocated for the request. The pool is a data structure
-    which itself tracks the resources in question.</p>
-
-    <p>When the request has been processed, the pool is
-    <em>cleared</em>. At that point, all the memory associated with
-    it is released for reuse, all files associated with it are
-    closed, and any other clean-up functions which are associated
-    with the pool are run. When this is over, we can be confident
-    that all the resource tied to the pool have been released, and
-    that none of them have leaked.</p>
-
-    <p>Server restarts, and allocation of memory and resources for
-    per-server configuration, are handled in a similar way. There
-    is a <em>configuration pool</em>, which keeps track of
-    resources which were allocated while reading the server
-    configuration files, and handling the commands therein (for
-    instance, the memory that was allocated for per-server module
-    configuration, log files and other files that were opened, and
-    so forth). When the server restarts, and has to reread the
-    configuration files, the configuration pool is cleared, and so
-    the memory and file descriptors which were taken up by reading
-    them the last time are made available for reuse.</p>
-
-    <p>It should be noted that use of the pool machinery isn't
-    generally obligatory, except for situations like logging
-    handlers, where you really need to register cleanups to make
-    sure that the log file gets closed when the server restarts
-    (this is most easily done by using the function <code><a
-    href="#pool-files">ap_pfopen</a></code>, which also arranges
-    for the underlying file descriptor to be closed before any
-    child processes, such as for CGI scripts, are
-    <code>exec</code>ed), or in case you are using the timeout
-    machinery (which isn't yet even documented here). However,
-    there are two benefits to using it: resources allocated to a
-    pool never leak (even if you allocate a scratch string, and
-    just forget about it); also, for memory allocation,
-    <code>ap_palloc</code> is generally faster than
-    <code>malloc</code>.</p>
-
-    <p>We begin here by describing how memory is allocated to
-    pools, and then discuss how other resources are tracked by the
-    resource pool machinery.</p>
-
-    <h3>Allocation of memory in pools</h3>
-
-    <p>Memory is allocated to pools by calling the function
-    <code>ap_palloc</code>, which takes two arguments, one being a
-    pointer to a resource pool structure, and the other being the
-    amount of memory to allocate (in <code>char</code>s). Within
-    handlers for handling requests, the most common way of getting
-    a resource pool structure is by looking at the
-    <code>pool</code> slot of the relevant
-    <code>request_rec</code>; hence the repeated appearance of the
-    following idiom in module code:</p>
-<pre>
-int my_handler(request_rec *r)
-{
-    struct my_structure *foo;
-    ...
-
-    foo = (foo *)ap_palloc (r-&gt;pool, sizeof(my_structure));
-}
-</pre>
-
-    <p>Note that <em>there is no <code>ap_pfree</code></em> ---
-    <code>ap_palloc</code>ed memory is freed only when the
-    associated resource pool is cleared. This means that
-    <code>ap_palloc</code> does not have to do as much accounting
-    as <code>malloc()</code>; all it does in the typical case is to
-    round up the size, bump a pointer, and do a range check.</p>
-
-    <p>(It also raises the possibility that heavy use of
-    <code>ap_palloc</code> could cause a server process to grow
-    excessively large. There are two ways to deal with this, which
-    are dealt with below; briefly, you can use <code>malloc</code>,
-    and try to be sure that all of the memory gets explicitly
-    <code>free</code>d, or you can allocate a sub-pool of the main
-    pool, allocate your memory in the sub-pool, and clear it out
-    periodically. The latter technique is discussed in the section
-    on sub-pools below, and is used in the directory-indexing code,
-    in order to avoid excessive storage allocation when listing
-    directories with thousands of files).</p>
-
-    <h3>Allocating initialized memory</h3>
-
-    <p>There are functions which allocate initialized memory, and
-    are frequently useful. The function <code>ap_pcalloc</code> has
-    the same interface as <code>ap_palloc</code>, but clears out
-    the memory it allocates before it returns it. The function
-    <code>ap_pstrdup</code> takes a resource pool and a <code>char
-    *</code> as arguments, and allocates memory for a copy of the
-    string the pointer points to, returning a pointer to the copy.
-    Finally <code>ap_pstrcat</code> is a varargs-style function,
-    which takes a pointer to a resource pool, and at least two
-    <code>char *</code> arguments, the last of which must be
-    <code>NULL</code>. It allocates enough memory to fit copies of
-    each of the strings, as a unit; for instance:</p>
-<pre>
-     ap_pstrcat (r-&gt;pool, "foo", "/", "bar", NULL);
-</pre>
-
-    <p>returns a pointer to 8 bytes worth of memory, initialized to
-    <code>"foo/bar"</code>.</p>
-
-    <h3><a id="pools-used" name="pools-used">Commonly-used pools in
-    the Apache Web server</a></h3>
-
-    <p>A pool is really defined by its lifetime more than anything
-    else. There are some static pools in http_main which are passed
-    to various non-http_main functions as arguments at opportune
-    times. Here they are:</p>
-
-    <dl compact="compact">
-      <dt>permanent_pool</dt>
-
-      <dd>
-        <ul>
-          <li>never passed to anything else, this is the ancestor
-          of all pools</li>
-        </ul>
-      </dd>
-
-      <dt>pconf</dt>
-
-      <dd>
-        <ul>
-          <li>subpool of permanent_pool</li>
-
-          <li>created at the beginning of a config "cycle"; exists
-          until the server is terminated or restarts; passed to all
-          config-time routines, either via cmd-&gt;pool, or as the
-          "pool *p" argument on those which don't take pools</li>
-
-          <li>passed to the module init() functions</li>
-        </ul>
-      </dd>
-
-      <dt>ptemp</dt>
-
-      <dd>
-        <ul>
-          <li>sorry I lie, this pool isn't called this currently in
-          1.3, I renamed it this in my pthreads development. I'm
-          referring to the use of ptrans in the parent... contrast
-          this with the later definition of ptrans in the
-          child.</li>
-
-          <li>subpool of permanent_pool</li>
-
-          <li>created at the beginning of a config "cycle"; exists
-          until the end of config parsing; passed to config-time
-          routines <em>via</em> cmd-&gt;temp_pool. Somewhat of a
-          "bastard child" because it isn't available everywhere.
-          Used for temporary scratch space which may be needed by
-          some config routines but which is deleted at the end of
-          config.</li>
-        </ul>
-      </dd>
-
-      <dt>pchild</dt>
-
-      <dd>
-        <ul>
-          <li>subpool of permanent_pool</li>
-
-          <li>created when a child is spawned (or a thread is
-          created); lives until that child (thread) is
-          destroyed</li>
-
-          <li>passed to the module child_init functions</li>
-
-          <li>destruction happens right after the child_exit
-          functions are called... (which may explain why I think
-          child_exit is redundant and unneeded)</li>
-        </ul>
-      </dd>
-
-      <dt>ptrans</dt>
-
-      <dd>
-        <ul>
-          <li>should be a subpool of pchild, but currently is a
-          subpool of permanent_pool, see above</li>
-
-          <li>cleared by the child before going into the accept()
-          loop to receive a connection</li>
-
-          <li>used as connection-&gt;pool</li>
-        </ul>
-      </dd>
-
-      <dt>r-&gt;pool</dt>
-
-      <dd>
-        <ul>
-          <li>for the main request this is a subpool of
-          connection-&gt;pool; for subrequests it is a subpool of
-          the parent request's pool.</li>
-
-          <li>exists until the end of the request (<em>i.e.</em>,
-          ap_destroy_sub_req, or in child_main after
-          process_request has finished)</li>
-
-          <li>note that r itself is allocated from r-&gt;pool;
-          <em>i.e.</em>, r-&gt;pool is first created and then r is
-          the first thing palloc()d from it</li>
-        </ul>
-      </dd>
-    </dl>
-
-    <p>For almost everything folks do, r-&gt;pool is the pool to
-    use. But you can see how other lifetimes, such as pchild, are
-    useful to some modules... such as modules that need to open a
-    database connection once per child, and wish to clean it up
-    when the child dies.</p>
-
-    <p>You can also see how some bugs have manifested themself,
-    such as setting connection-&gt;user to a value from r-&gt;pool
-    -- in this case connection exists for the lifetime of ptrans,
-    which is longer than r-&gt;pool (especially if r-&gt;pool is a
-    subrequest!). So the correct thing to do is to allocate from
-    connection-&gt;pool.</p>
-
-    <p>And there was another interesting bug in
-    mod_include/mod_cgi. You'll see in those that they do this test
-    to decide if they should use r-&gt;pool or r-&gt;main-&gt;pool.
-    In this case the resource that they are registering for cleanup
-    is a child process. If it were registered in r-&gt;pool, then
-    the code would wait() for the child when the subrequest
-    finishes. With mod_include this could be any old #include, and
-    the delay can be up to 3 seconds... and happened quite
-    frequently. Instead the subprocess is registered in
-    r-&gt;main-&gt;pool which causes it to be cleaned up when the
-    entire request is done -- <em>i.e.</em>, after the output has
-    been sent to the client and logging has happened.</p>
-
-    <h3><a id="pool-files" name="pool-files">Tracking open files,
-    etc.</a></h3>
-
-    <p>As indicated above, resource pools are also used to track
-    other sorts of resources besides memory. The most common are
-    open files. The routine which is typically used for this is
-    <code>ap_pfopen</code>, which takes a resource pool and two
-    strings as arguments; the strings are the same as the typical
-    arguments to <code>fopen</code>, <em>e.g.</em>,</p>
-<pre>
-     ...
-     FILE *f = ap_pfopen (r-&gt;pool, r-&gt;filename, "r");
-
-     if (f == NULL) { ... } else { ... }
-</pre>
-
-    <p>There is also a <code>ap_popenf</code> routine, which
-    parallels the lower-level <code>open</code> system call. Both
-    of these routines arrange for the file to be closed when the
-    resource pool in question is cleared.</p>
-
-    <p>Unlike the case for memory, there <em>are</em> functions to
-    close files allocated with <code>ap_pfopen</code>, and
-    <code>ap_popenf</code>, namely <code>ap_pfclose</code> and
-    <code>ap_pclosef</code>. (This is because, on many systems, the
-    number of files which a single process can have open is quite
-    limited). It is important to use these functions to close files
-    allocated with <code>ap_pfopen</code> and
-    <code>ap_popenf</code>, since to do otherwise could cause fatal
-    errors on systems such as Linux, which react badly if the same
-    <code>FILE*</code> is closed more than once.</p>
-
-    <p>(Using the <code>close</code> functions is not mandatory,
-    since the file will eventually be closed regardless, but you
-    should consider it in cases where your module is opening, or
-    could open, a lot of files).</p>
-
-    <h3>Other sorts of resources --- cleanup functions</h3>
-
-    <blockquote>
-      More text goes here. Describe the the cleanup primitives in
-      terms of which the file stuff is implemented; also,
-      <code>spawn_process</code>.
-    </blockquote>
-
-    <p>Pool cleanups live until clear_pool() is called:
-    clear_pool(a) recursively calls destroy_pool() on all subpools
-    of a; then calls all the cleanups for a; then releases all the
-    memory for a. destroy_pool(a) calls clear_pool(a) and then
-    releases the pool structure itself. <em>i.e.</em>,
-    clear_pool(a) doesn't delete a, it just frees up all the
-    resources and you can start using it again immediately.</p>
-
-    <h3>Fine control --- creating and dealing with sub-pools, with
-    a note on sub-requests</h3>
-    On rare occasions, too-free use of <code>ap_palloc()</code> and
-    the associated primitives may result in undesirably profligate
-    resource allocation. You can deal with such a case by creating
-    a <em>sub-pool</em>, allocating within the sub-pool rather than
-    the main pool, and clearing or destroying the sub-pool, which
-    releases the resources which were associated with it. (This
-    really <em>is</em> a rare situation; the only case in which it
-    comes up in the standard module set is in case of listing
-    directories, and then only with <em>very</em> large
-    directories. Unnecessary use of the primitives discussed here
-    can hair up your code quite a bit, with very little gain). 
-
-    <p>The primitive for creating a sub-pool is
-    <code>ap_make_sub_pool</code>, which takes another pool (the
-    parent pool) as an argument. When the main pool is cleared, the
-    sub-pool will be destroyed. The sub-pool may also be cleared or
-    destroyed at any time, by calling the functions
-    <code>ap_clear_pool</code> and <code>ap_destroy_pool</code>,
-    respectively. (The difference is that
-    <code>ap_clear_pool</code> frees resources associated with the
-    pool, while <code>ap_destroy_pool</code> also deallocates the
-    pool itself. In the former case, you can allocate new resources
-    within the pool, and clear it again, and so forth; in the
-    latter case, it is simply gone).</p>
-
-    <p>One final note --- sub-requests have their own resource
-    pools, which are sub-pools of the resource pool for the main
-    request. The polite way to reclaim the resources associated
-    with a sub request which you have allocated (using the
-    <code>ap_sub_req_...</code> functions) is
-    <code>ap_destroy_sub_req</code>, which frees the resource pool.
-    Before calling this function, be sure to copy anything that you
-    care about which might be allocated in the sub-request's
-    resource pool into someplace a little less volatile (for
-    instance, the filename in its <code>request_rec</code>
-    structure).</p>
-
-    <p>(Again, under most circumstances, you shouldn't feel obliged
-    to call this function; only 2K of memory or so are allocated
-    for a typical sub request, and it will be freed anyway when the
-    main request pool is cleared. It is only when you are
-    allocating many, many sub-requests for a single main request
-    that you should seriously consider the
-    <code>ap_destroy_...</code> functions).</p>
-
-    <h2><a id="config" name="config">Configuration, commands and
-    the like</a></h2>
-    One of the design goals for this server was to maintain
-    external compatibility with the NCSA 1.3 server --- that is, to
-    read the same configuration files, to process all the
-    directives therein correctly, and in general to be a drop-in
-    replacement for NCSA. On the other hand, another design goal
-    was to move as much of the server's functionality into modules
-    which have as little as possible to do with the monolithic
-    server core. The only way to reconcile these goals is to move
-    the handling of most commands from the central server into the
-    modules. 
-
-    <p>However, just giving the modules command tables is not
-    enough to divorce them completely from the server core. The
-    server has to remember the commands in order to act on them
-    later. That involves maintaining data which is private to the
-    modules, and which can be either per-server, or per-directory.
-    Most things are per-directory, including in particular access
-    control and authorization information, but also information on
-    how to determine file types from suffixes, which can be
-    modified by <code>AddType</code> and <code>DefaultType</code>
-    directives, and so forth. In general, the governing philosophy
-    is that anything which <em>can</em> be made configurable by
-    directory should be; per-server information is generally used
-    in the standard set of modules for information like
-    <code>Alias</code>es and <code>Redirect</code>s which come into
-    play before the request is tied to a particular place in the
-    underlying file system.</p>
-
-    <p>Another requirement for emulating the NCSA server is being
-    able to handle the per-directory configuration files, generally
-    called <code>.htaccess</code> files, though even in the NCSA
-    server they can contain directives which have nothing at all to
-    do with access control. Accordingly, after URI -&gt; filename
-    translation, but before performing any other phase, the server
-    walks down the directory hierarchy of the underlying
-    filesystem, following the translated pathname, to read any
-    <code>.htaccess</code> files which might be present. The
-    information which is read in then has to be <em>merged</em>
-    with the applicable information from the server's own config
-    files (either from the <code>&lt;Directory&gt;</code> sections
-    in <code>access.conf</code>, or from defaults in
-    <code>srm.conf</code>, which actually behaves for most purposes
-    almost exactly like <code>&lt;Directory /&gt;</code>).</p>
-
-    <p>Finally, after having served a request which involved
-    reading <code>.htaccess</code> files, we need to discard the
-    storage allocated for handling them. That is solved the same
-    way it is solved wherever else similar problems come up, by
-    tying those structures to the per-transaction resource
-    pool.</p>
-
-    <h3><a id="per-dir" name="per-dir">Per-directory configuration
-    structures</a></h3>
-    Let's look out how all of this plays out in
-    <code>mod_mime.c</code>, which defines the file typing handler
-    which emulates the NCSA server's behavior of determining file
-    types from suffixes. What we'll be looking at, here, is the
-    code which implements the <code>AddType</code> and
-    <code>AddEncoding</code> commands. These commands can appear in
-    <code>.htaccess</code> files, so they must be handled in the
-    module's private per-directory data, which in fact, consists of
-    two separate <code>table</code>s for MIME types and encoding
-    information, and is declared as follows: 
-<pre>
-typedef struct {
-    table *forced_types;      /* Additional AddTyped stuff */
-    table *encoding_types;    /* Added with AddEncoding... */
-} mime_dir_config;
-</pre>
-    When the server is reading a configuration file, or
-    <code>&lt;Directory&gt;</code> section, which includes one of
-    the MIME module's commands, it needs to create a
-    <code>mime_dir_config</code> structure, so those commands have
-    something to act on. It does this by invoking the function it
-    finds in the module's `create per-dir config slot', with two
-    arguments: the name of the directory to which this
-    configuration information applies (or <code>NULL</code> for
-    <code>srm.conf</code>), and a pointer to a resource pool in
-    which the allocation should happen. 
-
-    <p>(If we are reading a <code>.htaccess</code> file, that
-    resource pool is the per-request resource pool for the request;
-    otherwise it is a resource pool which is used for configuration
-    data, and cleared on restarts. Either way, it is important for
-    the structure being created to vanish when the pool is cleared,
-    by registering a cleanup on the pool if necessary).</p>
-
-    <p>For the MIME module, the per-dir config creation function
-    just <code>ap_palloc</code>s the structure above, and a creates
-    a couple of <code>table</code>s to fill it. That looks like
-    this:</p>
-<pre>
-void *create_mime_dir_config (pool *p, char *dummy)
-{
-    mime_dir_config *new =
-      (mime_dir_config *) ap_palloc (p, sizeof(mime_dir_config));
-
-    new-&gt;forced_types = ap_make_table (p, 4);
-    new-&gt;encoding_types = ap_make_table (p, 4);
-
-    return new;
-}
-</pre>
-    Now, suppose we've just read in a <code>.htaccess</code> file.
-    We already have the per-directory configuration structure for
-    the next directory up in the hierarchy. If the
-    <code>.htaccess</code> file we just read in didn't have any
-    <code>AddType</code> or <code>AddEncoding</code> commands, its
-    per-directory config structure for the MIME module is still
-    valid, and we can just use it. Otherwise, we need to merge the
-    two structures somehow. 
-
-    <p>To do that, the server invokes the module's per-directory
-    config merge function, if one is present. That function takes
-    three arguments: the two structures being merged, and a
-    resource pool in which to allocate the result. For the MIME
-    module, all that needs to be done is overlay the tables from
-    the new per-directory config structure with those from the
-    parent:</p>
-<pre>
-void *merge_mime_dir_configs (pool *p, void *parent_dirv, void *subdirv)
-{
-    mime_dir_config *parent_dir = (mime_dir_config *)parent_dirv;
-    mime_dir_config *subdir = (mime_dir_config *)subdirv;
-    mime_dir_config *new =
-      (mime_dir_config *)ap_palloc (p, sizeof(mime_dir_config));
-
-    new-&gt;forced_types = ap_overlay_tables (p, subdir-&gt;forced_types,
-                                        parent_dir-&gt;forced_types);
-    new-&gt;encoding_types = ap_overlay_tables (p, subdir-&gt;encoding_types,
-                                          parent_dir-&gt;encoding_types);
-
-    return new;
-}
-</pre>
-    As a note --- if there is no per-directory merge function
-    present, the server will just use the subdirectory's
-    configuration info, and ignore the parent's. For some modules,
-    that works just fine (<em>e.g.</em>, for the includes module,
-    whose per-directory configuration information consists solely
-    of the state of the <code>XBITHACK</code>), and for those
-    modules, you can just not declare one, and leave the
-    corresponding structure slot in the module itself
-    <code>NULL</code>. 
-
-    <h3><a id="commands" name="commands">Command handling</a></h3>
-    Now that we have these structures, we need to be able to figure
-    out how to fill them. That involves processing the actual
-    <code>AddType</code> and <code>AddEncoding</code> commands. To
-    find commands, the server looks in the module's <code>command
-    table</code>. That table contains information on how many
-    arguments the commands take, and in what formats, where it is
-    permitted, and so forth. That information is sufficient to
-    allow the server to invoke most command-handling functions with
-    pre-parsed arguments. Without further ado, let's look at the
-    <code>AddType</code> command handler, which looks like this
-    (the <code>AddEncoding</code> command looks basically the same,
-    and won't be shown here): 
-<pre>
-char *add_type(cmd_parms *cmd, mime_dir_config *m, char *ct, char *ext)
-{
-    if (*ext == '.') ++ext;
-    ap_table_set (m-&gt;forced_types, ext, ct);
-    return NULL;
-}
-</pre>
-    This command handler is unusually simple. As you can see, it
-    takes four arguments, two of which are pre-parsed arguments,
-    the third being the per-directory configuration structure for
-    the module in question, and the fourth being a pointer to a
-    <code>cmd_parms</code> structure. That structure contains a
-    bunch of arguments which are frequently of use to some, but not
-    all, commands, including a resource pool (from which memory can
-    be allocated, and to which cleanups should be tied), and the
-    (virtual) server being configured, from which the module's
-    per-server configuration data can be obtained if required. 
-
-    <p>Another way in which this particular command handler is
-    unusually simple is that there are no error conditions which it
-    can encounter. If there were, it could return an error message
-    instead of <code>NULL</code>; this causes an error to be
-    printed out on the server's <code>stderr</code>, followed by a
-    quick exit, if it is in the main config files; for a
-    <code>.htaccess</code> file, the syntax error is logged in the
-    server error log (along with an indication of where it came
-    from), and the request is bounced with a server error response
-    (HTTP error status, code 500).</p>
-
-    <p>The MIME module's command table has entries for these
-    commands, which look like this:</p>
-<pre>
-command_rec mime_cmds[] = {
-{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
-    "a mime type followed by a file extension" },
-{ "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
-    "an encoding (<em>e.g.</em>, gzip), followed by a file extension" },
-{ NULL }
-};
-</pre>
-    The entries in these tables are: 
-
-    <ul>
-      <li>The name of the command</li>
-
-      <li>The function which handles it</li>
-
-      <li>a <code>(void *)</code> pointer, which is passed in the
-      <code>cmd_parms</code> structure to the command handler ---
-      this is useful in case many similar commands are handled by
-      the same function.</li>
-
-      <li>A bit mask indicating where the command may appear. There
-      are mask bits corresponding to each
-      <code>AllowOverride</code> option, and an additional mask
-      bit, <code>RSRC_CONF</code>, indicating that the command may
-      appear in the server's own config files, but <em>not</em> in
-      any <code>.htaccess</code> file.</li>
-
-      <li>A flag indicating how many arguments the command handler
-      wants pre-parsed, and how they should be passed in.
-      <code>TAKE2</code> indicates two pre-parsed arguments. Other
-      options are <code>TAKE1</code>, which indicates one
-      pre-parsed argument, <code>FLAG</code>, which indicates that
-      the argument should be <code>On</code> or <code>Off</code>,
-      and is passed in as a boolean flag, <code>RAW_ARGS</code>,
-      which causes the server to give the command the raw, unparsed
-      arguments (everything but the command name itself). There is
-      also <code>ITERATE</code>, which means that the handler looks
-      the same as <code>TAKE1</code>, but that if multiple
-      arguments are present, it should be called multiple times,
-      and finally <code>ITERATE2</code>, which indicates that the
-      command handler looks like a <code>TAKE2</code>, but if more
-      arguments are present, then it should be called multiple
-      times, holding the first argument constant.</li>
-
-      <li>Finally, we have a string which describes the arguments
-      that should be present. If the arguments in the actual config
-      file are not as required, this string will be used to help
-      give a more specific error message. (You can safely leave
-      this <code>NULL</code>).</li>
-    </ul>
-    Finally, having set this all up, we have to use it. This is
-    ultimately done in the module's handlers, specifically for its
-    file-typing handler, which looks more or less like this; note
-    that the per-directory configuration structure is extracted
-    from the <code>request_rec</code>'s per-directory configuration
-    vector by using the <code>ap_get_module_config</code> function.
-    
-<pre>
-int find_ct(request_rec *r)
-{
-    int i;
-    char *fn = ap_pstrdup (r-&gt;pool, r-&gt;filename);
-    mime_dir_config *conf = (mime_dir_config *)
-             ap_get_module_config(r-&gt;per_dir_config, &amp;mime_module);
-    char *type;
-
-    if (S_ISDIR(r-&gt;finfo.st_mode)) {
-        r-&gt;content_type = DIR_MAGIC_TYPE;
-        return OK;
-    }
-
-    if((i=ap_rind(fn,'.')) &lt; 0) return DECLINED;
-    ++i;
-
-    if ((type = ap_table_get (conf-&gt;encoding_types, &amp;fn[i])))
-    {
-        r-&gt;content_encoding = type;
-
-        /* go back to previous extension to try to use it as a type */
-
-        fn[i-1] = '\0';
-        if((i=ap_rind(fn,'.')) &lt; 0) return OK;
-        ++i;
-    }
-
-    if ((type = ap_table_get (conf-&gt;forced_types, &amp;fn[i])))
-    {
-        r-&gt;content_type = type;
-    }
-
-    return OK;
-}
-
-</pre>
-
-    <h3><a id="servconf" name="servconf">Side notes --- per-server
-    configuration, virtual servers, <em>etc</em>.</a></h3>
-    The basic ideas behind per-server module configuration are
-    basically the same as those for per-directory configuration;
-    there is a creation function and a merge function, the latter
-    being invoked where a virtual server has partially overridden
-    the base server configuration, and a combined structure must be
-    computed. (As with per-directory configuration, the default if
-    no merge function is specified, and a module is configured in
-    some virtual server, is that the base configuration is simply
-    ignored). 
-
-    <p>The only substantial difference is that when a command needs
-    to configure the per-server private module data, it needs to go
-    to the <code>cmd_parms</code> data to get at it. Here's an
-    example, from the alias module, which also indicates how a
-    syntax error can be returned (note that the per-directory
-    configuration argument to the command handler is declared as a
-    dummy, since the module doesn't actually have per-directory
-    config data):</p>
-<pre>
-char *add_redirect(cmd_parms *cmd, void *dummy, char *f, char *url)
-{
-    server_rec *s = cmd-&gt;server;
-    alias_server_conf *conf = (alias_server_conf *)
-            ap_get_module_config(s-&gt;module_config,&amp;alias_module);
-    alias_entry *new = ap_push_array (conf-&gt;redirects);
-
-    if (!ap_is_url (url)) return "Redirect to non-URL";
-
-    new-&gt;fake = f; new-&gt;real = url;
-    return NULL;
-}
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html b/usr.sbin/httpd/htdocs/manual/misc/FAQ.html
deleted file mode 100644
index 16508214293..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html
+++ /dev/null
@@ -1,3953 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Server Frequently Asked Questions</title>
-    
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache Server Frequently Asked
-    Questions</h1>
-
-    <p>The latest version of this FAQ is always available from the
-    main Apache web site, at &lt;<a
-    href="http://httpd.apache.org/docs/misc/FAQ.html"
-    rel="Help"><samp>http://httpd.apache.org/docs/misc/FAQ.html</samp></a>&gt;.</p>
-    <!-- Notes about changes:                                           -->
-    <!--  - If adding a relative link to another part of the            -->
-    <!--    documentation, *do* include the ".html" portion.  There's a -->
-    <!--    good chance that the user will be reading the documentation -->
-    <!--    on his own system, which may not be configured for          -->
-    <!--    multiviews.                                                 -->
-    <!--  - When adding items, make sure they're put in the right place -->
-    <!--    - verify that the numbering matches up.                     -->
-    <!--  - *Don't* use <PRE></PRE> blocks - they don't appear          -->
-    <!--    correctly in a reliable way when this is converted to text  -->
-    <!--    with Lynx.  Use <DL><DD><CODE>xxx<BR>xx</CODE></DD></DL>    -->
-    <!--    blocks inside a <P></P> instead.  This is necessary to get  -->
-    <!--    the horizontal and vertical indenting right.                -->
-    <!--  - Don't forget to include an HR tag after the last /P tag     -->
-    <!--    but before the /LI in an item.                              -->
-
-    <p>If you are reading a text-only version of this FAQ, you may
-    find numbers enclosed in brackets (such as "[12]"). These refer
-    to the list of reference URLs to be found at the end of the
-    document. These references do not appear, and are not needed,
-    for the hypertext version.</p>
-
-    <h2>The Questions</h2>
-    <!-- Stuff to Add:                                                  -->
-    <!-- - can't bind to port 80                                        -->
-    <!--   - permission denied                                          -->
-    <!--   - address already in use                                     -->
-    <!-- - mod_auth & passwd lines "user:pw:.*" - ++1st colon onward is -->
-    <!--   treated as pw, not just ++1st to \-\-2nd.                    -->
-    <!-- - SSL:                                                         -->
-    <!--   - Can I use Apache-SSL for free in Canada?                   -->
-    <!--   - Why can't I use Apache-SSL in the U.S.?                    -->
-    <!-- - How can I found out how many visitors my site gets?          -->
-    <!-- - How do I add a counter?                                      -->
-    <!-- - How do I configure Apache as a proxy?                        -->
-    <!-- - What browsers support HTTP/1.1?                              -->
-    <!-- - What's the point of vhosts-by-name is there aren't any       -->
-    <!--   HTTP/1.1 browsers?                                           -->
-    <!-- - Is there an Apache for W95/WNT?                              -->
-    <!-- - Why does Apache die when a vhost can't be DNS-resolved?      -->
-    <!-- - Why do I get "send lost connection" messages in my error     -->
-    <!--   log?                                                         -->
-    <!--   - specifically consider .pdf files which seem to cause this  -->
-    <!--     a lot when accessed via the plugin ... and also mention    -->
-    <!--     how range-requests can cause bytes served < file size      -->
-    <!-- - Why do directory indexes appear as garbage?  (A: -lucb)      -->
-    <!-- - How do I add a footer to all pages offered by my server?     -->
-    <!-- - Fix midi question; a bigger problem than midi vs. x-midi is  -->
-    <!--   the simple fact that older versions of Apache (and new ones  -->
-    <!--   that have been upgraded without upgrading the mime.types     -->
-    <!--   file) don't have the type listed at all.                     -->
-    <!-- - RewriteRule /~fraggle/* /cgi-bin/fraggle.pl does not work    -->
-    <!-- - how do I disable authentication for a subdirectory?          -->
-    <!--   (A: you can't but "Satisfy any; Allow from all" can be close -->
-    <!-- - '400 malformed request' on Win32 might mean stale proxy; see -->
-    <!--   PR #2300.                                                    -->
-    <!-- - how do I tell what version of Apache I am running?           -->
-
-    <ol type="A">
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="1">
-        <strong>Background</strong> 
-
-        <ol>
-          <li><a href="#what">What is Apache?</a></li>
-
-          <li><a href="#why">How and why was Apache
-          created?</a></li>
-
-          <li><a href="#name">Why the name "Apache"?</a></li>
-
-          <li><a href="#compare">OK, so how does Apache compare to
-          other servers?</a></li>
-
-          <li><a href="#tested">How thoroughly tested is
-          Apache?</a></li>
-
-          <li><a href="#future">What are the future plans for
-          Apache?</a></li>
-
-          <li><a href="#support">Whom do I contact for
-          support?</a></li>
-
-          <li><a href="#more">Is there any more information on
-          Apache?</a></li>
-
-          <li><a href="#where">Where can I get Apache?</a></li>
-
-          <li><a href="#logo">May I use the Apache logo on my
-          product or Web site?</a></li>
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="2">
-        <strong>General Technical Questions</strong> 
-
-        <ol>
-          <li><a href="#what2do">"Why can't I ...? Why won't ...
-          work?" What to do in case of problems</a></li>
-
-          <li><a href="#compatible">How compatible is Apache with
-          my existing NCSA 1.3 setup?</a></li>
-
-          <li><a href="#year2000">Is Apache Year 2000
-          compliant?</a></li>
-
-          <li><a href="#submit_patch">How do I submit a patch to
-          the Apache Group?</a></li>
-
-          <li><a href="#domination">Why has Apache stolen my
-          favourite site's Internet address?</a></li>
-
-          <li><a href="#apspam">Why am I getting spam mail from the
-          Apache site?</a></li>
-
-          <li><a href="#redist">May I include the Apache software
-          on a CD or other package I'm distributing?</a></li>
-
-          <li><a href="#zoom">What's the best hardware/operating
-          system/... How do I get the most out of my Apache Web
-          server?</a></li>
-
-          <li><a href="#regex">What are "regular
-          expressions"?</a></li>
-
-          <li><a href="#binaries">Why isn't there a binary for my
-          platform?</a></li>
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="3">
-        <strong>Building Apache</strong> 
-
-        <ol>
-          <li><a href="#bind8.1">Why do I get an error about an
-          undefined reference to "<samp>__inet_ntoa</samp>" or
-          other <samp>__inet_*</samp> symbols?</a></li>
-
-          <li><a href="#cantbuild">Why won't Apache compile with my
-          system's <samp>cc</samp>?</a></li>
-
-          <li><a href="#linuxiovec">Why do I get complaints about
-          redefinition of "<code>struct iovec</code>" when
-          compiling under Linux?</a></li>
-
-          <li><a href="#broken-gcc">I'm using gcc and I get some
-          compilation errors, what is wrong?</a></li>
-
-          <li><a href="#glibc-crypt">I'm using RedHat Linux 5.0, or
-          some other <samp>glibc</samp>-based Linux system, and I
-          get errors with the <code>crypt</code> function when I
-          attempt to build Apache 1.2.</a></li>
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="4">
-        <strong>Error Log Messages and Problems Starting
-        Apache</strong> 
-
-        <ol>
-          <li><a href="#setgid">Why do I get "<samp>setgid: Invalid
-          argument</samp>" at startup?</a></li>
-
-          <li><a href="#nodelay">Why am I getting "<samp>httpd:
-          could not set socket option TCP_NODELAY</samp>" in my
-          error log?</a></li>
-
-          <li><a href="#peerreset">Why am I getting
-          "<samp>connection reset by peer</samp>" in my error
-          log?</a></li>
-
-          <li><a href="#wheres-the-dump">The errorlog says Apache
-          dumped core, but where's the dump file?</a></li>
-
-          <li><a href="#linux-shmget">When I run it under Linux I
-          get "shmget: function not found", what should I
-          do?</a></li>
-
-          <li><a href="#nfslocking">Server hangs, or fails to
-          start, and/or error log fills with "<samp>fcntl:
-          F_SETLKW: No record locks available</samp>" or similar
-          messages</a></li>
-
-          <li><a href="#aixccbug">Why am I getting "<samp>Expected
-          &lt;/Directory&gt; but saw &lt;/Directory&gt;</samp>"
-          when I try to start Apache?</a></li>
-
-          <li><a href="#redhat">I'm using RedHat Linux and I have
-          problems with httpd dying randomly or not restarting
-          properly</a></li>
-
-          <li><a href="#stopping">I upgraded from an Apache version
-          earlier than 1.2.0 and suddenly I have problems with
-          Apache dying randomly or not restarting properly</a></li>
-
-          <li><a href="#setservername">When I try to start Apache
-          from a DOS window, I get a message like "<samp>Cannot
-          determine host name. Use ServerName directive to set it
-          manually.</samp>" What does this mean?</a></li>
-
-          <li><a href="#ws2_32dll">When I try to start Apache for
-          Windows, I get a message like "<samp>Unable To Locate
-          WS2_32.DLL...</samp>". What should I do?</a></li>
-
-          <li><a href="#WSADuplicateSocket">Apache for Windows does
-          not start. Error log contains this message "<samp>[crit]
-          (10045) The attempted operation is not supported for the
-          type of object referenced: Parent: WSADuplicateSocket
-          failed for socket ###</samp>". What does this
-          mean?</a></li>
-
-          <li><a href="#err1067">When I try to start Apache on
-          Windows, I get a message like "<code>System error 1067
-          has occurred. The process terminated
-          unexpectedly.</code>" What does this mean?</a></li>
-
-          <li><a href="#suseFDN">On a SuSE Linux system, I try and 
-          configure access control using basic authentication.
-	  Although I follow the example exactly, authentication
-	  fails, and an error message "<code>admin: not a valid
-	  FDN: ....</code>" is logged.</a></li>
-
-          <li><a href="#codered">Why do I have weird entries in my
-          logs asking for <code>default.ida</code> and
-          <code>cmd.exe</code>?</a></li>
-
-          <li><a href="#restart">Why am I getting server restart
-          messages periodically, when I did not restart the
-          server?</a></li>
-
-          <li><a href="#modulemagic">Why am I getting &quot;module
-          <em>module-name</em> is not compatible with this version of
-          Apache&quot; messages in my error log?</a></li>
-
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="5">
-        <strong>Configuration Questions</strong> 
-
-        <ol>
-          <li><a href="#fdlim">Why can't I run more than
-          &lt;<em>n</em>&gt; virtual hosts?</a></li>
-
-          <li><a href="#freebsd-setsize">Can I increase
-          <samp>FD_SETSIZE</samp> on FreeBSD?</a></li>
-
-          <li><a href="#errordoc401">Why doesn't my
-          <code>ErrorDocument 401</code> work?</a></li>
-
-          <li><a href="#cookies1">Why does Apache send a cookie on
-          every response?</a></li>
-
-          <li><a href="#jdk1-and-http1.1">Why do my Java app[let]s
-          give me plain text when I request an URL from an Apache
-          server?</a></li>
-
-          <li><a href="#midi">How do I get Apache to send a MIDI
-          file so the browser can play it?</a></li>
-
-          <li><a href="#addlog">How do I add browsers and referrers
-          to my logs?</a></li>
-
-          <li><a href="#set-servername">Why does accessing
-          directories only work when I include the trailing "/"
-          (<em>e.g.</em>,&nbsp;<samp>http://foo.domain.com/~user/</samp>)
-          but not when I omit it
-          (<em>e.g.</em>,&nbsp;<samp>http://foo.domain.com/~user</samp>)?</a></li>
-
-          <li><a href="#no-info-directives">Why doesn't mod_info
-          list any directives?</a></li>
-
-          <li><a href="#namevhost">I upgraded to Apache 1.3 and now
-          my virtual hosts don't work!</a></li>
-
-          <li><a href="#redhat-htm">I'm using RedHat Linux and my
-          .htm files are showing up as HTML source rather than
-          being formatted!</a></li>
-
-          <li><a href="#htaccess-work">My <code>.htaccess</code>
-          files are being ignored.</a></li>
-
-          <li><a href="#forbidden">Why do I get a
-          "<samp>Forbidden</samp>" message whenever I try to access
-          a particular directory?</a></li>
-
-          <li><a href="#malfiles">Why do I get a
-          "<samp>Forbidden/You don't have permission to access / on
-          this server</samp>" message whenever I try to access my
-          server?</a></li>
-
-          <li><a href="#ie-ignores-mime">Why do my files appear
-          correctly in Internet Explorer, but show up as source or
-          trigger a save window with Netscape; or, Why doesn't
-          Internet Explorer render my text/plain document
-          correctly?</a></li>
-
-	  <li><a href="#canonical-hostnames">My site is accessible
-          under many different hostnames; how do I redirect clients
-          so that they see only a single name?</a></li>
-
-          <li><a href="#firewall">Why can I access my website from the
-          server or from my local network, but I can't access it from
-          elsewhere on the Internet?</a></li>
-
-	  <li><a href="#indexes">How do I turn automatic directory listings
-	  on or off?</a></li>
-
-         <li><a href="#options">Why do my Options directives not have
-         the desired effect?</a></li>
-
-         <li><a href="#serverheader">How can I change the information
-         that Apache returns about itself in the headers?</a></li>
-
-         <li><a href="#proxyscan">Why do I see requests for other sites
-         appearing in my log files?</a></li>
-
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="6">
-        <strong>Dynamic Content (CGI and SSI)</strong> 
-
-        <ol>
-          <li><a href="#CGIoutsideScriptAlias">How do I enable CGI
-          execution in directories other than the
-          ScriptAlias?</a></li>
-
-          <li><a href="#premature-script-headers">What does it mean
-          when my CGIs fail with "<samp>Premature end of script
-          headers</samp>"?</a></li>
-
-          <li><a href="#POSTnotallowed">Why do I keep getting
-          "Method Not Allowed" for form POST requests?</a></li>
-
-          <li><a href="#nph-scripts">How can I get my script's
-          output without Apache buffering it? Why doesn't my server
-          push work?</a></li>
-
-          <li><a href="#cgi-spec">Where can I find the "CGI
-          specification"?</a></li>
-
-          <li><a href="#fastcgi">Why isn't FastCGI included with
-          Apache any more?</a></li>
-
-          <li><a href="#ssi-part-i">How do I enable SSI (parsed
-          HTML)?</a></li>
-
-          <li><a href="#ssi-part-ii">Why don't my parsed files get
-          cached?</a></li>
-
-          <li><a href="#ssi-part-iii">How can I have my script
-          output parsed?</a></li>
-
-          <li><a href="#ssi-part-iv">SSIs don't work for
-          VirtualHosts and/or user home directories</a></li>
-
-          <li><a href="#errordocssi">How can I use
-          <code>ErrorDocument</code> and SSI to simplify customized
-          error messages?</a></li>
-
-          <li><a href="#remote-user-var">Why is the environment
-          variable <samp>REMOTE_USER</samp> not set?</a></li>
-
-          <li><a href="#user-cgi">How do I allow each of my user
-          directories to have a cgi-bin directory?</a></li>
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="7">
-        <strong>Authentication and Access Restrictions</strong> 
-
-        <ol>
-          <li><a href="#dnsauth">Why isn't restricting access by
-          host or domain name working correctly?</a></li>
-
-          <li><a href="#user-authentication">How do I set up Apache
-          to require a username and password to access certain
-          documents?</a></li>
-
-          <li><a href="#remote-auth-only">How do I set up Apache to
-          allow access to certain documents only if a site is
-          either a local site <em>or</em> the user supplies a
-          password and username?</a></li>
-
-          <li><a href="#authauthoritative">Why does my
-          authentication give me a server error?</a></li>
-
-          <li><a href="#auth-on-same-machine">Do I have to keep the
-          (mSQL) authentication information on the same
-          machine?</a></li>
-
-          <li><a href="#msql-slow">Why is my mSQL authentication
-          terribly slow?</a></li>
-
-          <li><a href="#passwdauth">Can I use my
-          <samp>/etc/passwd</samp> file for Web page
-          authentication?</a></li>
-
-          <li><a href="#prompted-twice">Why does Apache ask for my
-          password twice before serving a file?</a></li>
-
-          <li><a href="#image-theft">How can I prevent people from
-          "stealing" the images from my web site?</a></li>
-
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="8">
-        <strong>URL Rewriting</strong> 
-
-        <ol>
-          <li><a href="#rewrite-more-config">Where can I find
-          mod_rewrite rulesets which already solve particular
-          URL-related problems?</a></li>
-
-          <li><a href="#rewrite-article">Where can I find any
-          published information about URL-manipulations and
-          mod_rewrite?</a></li>
-
-          <li><a href="#rewrite-complexity">Why is mod_rewrite so
-          difficult to learn and seems so complicated?</a></li>
-
-          <li><a href="#rewrite-dontwork">What can I do if my
-          RewriteRules don't work as expected?</a></li>
-
-          <li><a href="#rewrite-prefixdocroot">Why don't some of my
-          URLs get prefixed with DocumentRoot when using
-          mod_rewrite?</a></li>
-
-          <li><a href="#rewrite-nocase">How can I make all my URLs
-          case-insensitive with mod_rewrite?</a></li>
-
-          <li><a href="#rewrite-virthost">Why are RewriteRules in
-          my VirtualHost parts ignored?</a></li>
-
-          <li><a href="#rewrite-envwhitespace">How can I use
-          strings with whitespaces in RewriteRule's ENV
-          flag?</a></li>
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-      
-
-
-
-
-
-
-
-
-      
-
-      <li value="9">
-        <strong>Features</strong> 
-
-        <ol>
-          <li><a href="#proxy">Does or will Apache act as a Proxy
-          server?</a></li>
-
-          <li><a href="#multiviews">What are "multiviews"?</a></li>
-
-          <li><a href="#putsupport">Why can't I publish to my
-          Apache server using PUT on Netscape Gold and other
-          programs?</a></li>
-
-          <li><a href="#SSL-i">Why doesn't Apache include
-          SSL?</a></li>
-
-          <li><a href="#footer">How can I attach a footer to my
-          documents without using SSI?</a></li>
-
-          <li><a href="#search">Does Apache include a search
-          engine?</a></li>
-
-          <li><a href="#rotate">How can I rotate my log
-          files?</a></li>
-
-          <li><a href="#conditional-logging">How do I keep certain
-          requests from appearing in my logs?</a></li>
-
-          <li><a href="#dbinteg">Does Apache include any sort of
-          database integration?</a></li>
-
-          <li><a href="#asp">Can I use Active Server Pages (ASP)
-          with Apache?</a></li>
-
-          <li><a href="#java">Does Apache come with Java
-          support?</a></li>
-        </ol>
-      </li>
-      
-      
-    
-    
-  </body>
-</html>
-
-
-    </ol>
-    <hr />
-
-    <h2>The Answers</h2>
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>A. Background</h3>
-
-    <ol>
-      <li>
-        <a id="what" name="what"><strong>What is
-        Apache?</strong></a> 
-
-        <p>The Apache httpd server</p>
-
-        <ul>
-          <li>is a powerful, flexible, HTTP/1.1 compliant web
-          server</li>
-
-          <li>implements the latest protocols, including HTTP/1.1
-          (RFC2616)</li>
-
-          <li>is highly configurable and extensible with
-          third-party modules</li>
-
-          <li>can be customised by writing 'modules' using the
-          Apache module API</li>
-
-          <li>provides full source code and comes with an
-          unrestrictive license</li>
-
-          <li>runs on Windows NT/9x, Netware 5.x and above, OS/2, and most
-          versions of Unix, as well as several other operating
-          systems</li>
-
-          <li>is actively being developed</li>
-
-          <li>encourages user feedback through new ideas, bug
-          reports and patches</li>
-
-          <li>
-            implements many frequently requested features,
-            including:<br />
-            <br />
-             
-
-            <dl>
-              <dt>DBM databases for authentication</dt>
-
-              <dd>allows you to easily set up password-protected
-              pages with enormous numbers of authorized users,
-              without bogging down the server.</dd>
-
-              <dt>Customized responses to errors and problems</dt>
-
-              <dd>Allows you to set up files, or even CGI scripts,
-              which are returned by the server in response to
-              errors and problems, e.g. setup a script to intercept
-              <strong>500 Server Error</strong>s and perform
-              on-the-fly diagnostics for both users and
-              yourself.</dd>
-
-              <dt>Multiple DirectoryIndex directives</dt>
-
-              <dd>Allows you to say <code>DirectoryIndex index.html
-              index.cgi</code>, which instructs the server to
-              either send back <code>index.html</code> or run
-              <code>index.cgi</code> when a directory URL is
-              requested, whichever it finds in the directory.</dd>
-
-              <dt>Unlimited flexible URL rewriting and
-              aliasing</dt>
-
-              <dd>Apache has no fixed limit on the numbers of
-              Aliases and Redirects which may be declared in the
-              config files. In addition, a powerful rewriting
-              engine can be used to solve most URL manipulation
-              problems.</dd>
-
-              <dt>Content negotiation</dt>
-
-              <dd>i.e. the ability to automatically serve clients
-              of varying sophistication and HTML level compliance,
-              with documents which offer the best representation of
-              information that the client is capable of
-              accepting.</dd>
-
-              <dt>Virtual Hosts</dt>
-
-              <dd>A much requested feature, sometimes known as
-              multi-homed servers. This allows the server to
-              distinguish between requests made to different IP
-              addresses or names (mapped to the same machine).
-              Apache also offers dynamically configurable
-              mass-virtual hosting.</dd>
-
-              <dt>Configurable Reliable Piped Logs</dt>
-
-              <dd>You can configure Apache to generate logs in the
-              format that you want. In addition, on most Unix
-              architectures, Apache can send log files to a pipe,
-              allowing for log rotation, hit filtering, real-time
-              splitting of multiple vhosts into separate logs, and
-              asynchronous DNS resolving on the fly.</dd>
-            </dl>
-          </li>
-        </ul>
-        <hr />
-      </li>
-
-      <li>
-        <a id="why" name="why"><strong>How and why was Apache
-        created?</strong></a> 
-
-        <p>The <a
-        href="http://httpd.apache.org/ABOUT_APACHE.html">About
-        Apache</a> document explains how the Apache project evolved
-        from its beginnings as an outgrowth of the NCSA httpd
-        project to its current status as one of the fastest, most
-        efficient, and most functional web servers in
-        existence.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="name" name="name"><strong>Why the name
-        "Apache"?</strong></a> 
-
-        <p>The name 'Apache' was chosen from respect for
-        the Native American Indian tribe of Apache (Ind&eacute;),
-        <a href="http://www.indians.org/welker/apache.htm">well-known
-        for their superior skills in warfare strategy and their
-        inexhaustible endurance</a>. For more information on the
-        Apache Nation, we suggest searching
-        <a href="http://www.google.com/search?q=Apache+Nation">Google</a>,
-        <a href="http://www.northernlight.com/nlquery.fcg?qr=Apache+Nation"
-          >Northernlight</a>, or
-        <a href="http://www.alltheweb.com/cgi-bin/asearch?query=Apache+Nation"
-          >AllTheWeb</a>.</p>
-
-        <p>Secondarily, and more popularly (though incorrectly) accepted,
-        it's a considered cute name which stuck. Apache is "<strong>A
-        PA</strong>t<strong>CH</strong>y server". It was based on
-        some existing code and a series of "patch files".</p>
-
-        <hr />
-      </li>
-
-      <li>
-        <a id="compare" name="compare"><strong>OK, so how does
-        Apache compare to other servers?</strong></a> 
-
-        <p>For an independent assessment, see <a
-        href="http://webcompare.internet.com/">Web
-        Compare</a>.</p>
-
-        <p>Apache has been shown to be substantially faster, more
-        stable, and more feature-full than many other web servers.
-        Although certain commercial servers have claimed to surpass
-        Apache's speed (it has not been demonstrated that any of
-        these "benchmarks" are a good way of measuring WWW server
-        speed at any rate), we feel that it is better to have a
-        mostly-fast free server than an extremely-fast server that
-        costs thousands of dollars. Apache is run on sites that get
-        millions of hits per day, and they have experienced no
-        performance difficulties.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="tested" name="tested"><strong>How thoroughly tested
-        is Apache?</strong></a> 
-
-        <p>Apache is run on over 6 million Internet servers (as of
-        February 2000). It has been tested thoroughly by both
-        developers and users. The Apache Group maintains rigorous
-        standards before releasing new versions of their server,
-        and our server runs without a hitch on over one half of all
-        WWW servers available on the Internet. When bugs do show
-        up, we release patches and new versions as soon as they are
-        available.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="future" name="future"><strong>What are the future
-        plans for Apache?</strong></a> 
-
-        <ul>
-          <li>to continue to be an "open source" no-charge-for-use
-          HTTP server,</li>
-
-          <li>to keep up with advances in HTTP protocol and web
-          developments in general,</li>
-
-          <li>to collect suggestions for fixes/improvements from
-          its users,</li>
-
-          <li>to respond to needs of large volume providers as well
-          as occasional users.</li>
-        </ul>
-        <hr />
-      </li>
-
-      <li>
-        <a id="support" name="support"><strong>Whom do I contact
-        for support?</strong></a> 
-
-        <p>There is no official support for Apache. None of the
-        developers want to be swamped by a flood of trivial
-        questions that can be resolved elsewhere. Bug reports and
-        suggestions should be sent <em>via</em> <a
-        href="http://httpd.apache.org/bug_report.html">the bug
-        report page</a>. Other questions should be directed to the
-        <a href="http://httpd.apache.org/userslist.html">Apache HTTP
-        Server Users List</a> or the
-        <a
-        href="news:comp.infosystems.www.servers.unix">comp.infosystems.www.servers.unix</a>
-        or <a
-        href="news:comp.infosystems.www.servers.ms-windows">comp.infosystems.www.servers.ms-windows</a>
-        newsgroup (as appropriate for the platform you use), where
-        some of the Apache team lurk, in the company of many other
-        httpd gurus who should be able to help.</p>
-
-        <p>Commercial support for Apache is, however, available
-        from a number of third parties.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="more" name="more"><strong>Is there any more
-        information available on Apache?</strong></a> 
-
-        <p>Indeed there is. See the main <a
-        href="http://httpd.apache.org/">Apache web site</a>. There
-        is also a regular electronic publication called <a
-        href="http://www.apacheweek.com/" rel="Help"><cite>Apache
-        Week</cite></a> available. Links to relevant <cite>Apache
-        Week</cite> articles are included below where appropriate.
-        There are also some <a
-        href="http://httpd.apache.org/info/apache_books.html">Apache-specific
-        books</a> available.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="where" name="where"><strong>Where can I get
-        Apache?</strong></a> 
-
-        <p>You can find out how to download the source for Apache
-        at the project's <a href="http://httpd.apache.org/">main
-        web page</a>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="logo" name="logo"><b>May I use the Apache logo on my
-        product or Web site?</b></a> 
-
-        <p>You may <b>NOT</b> use any original artwork from the
-        Apache Software Foundation, nor make or use modified
-        versions of such artwork, except under the following
-        conditions:</p>
-
-        <ul>
-          <li>You may use the <a
-          href="../../apache_pb.gif">'Powered by Apache'
-          graphic</a> on a Web site that is being served by the
-          Apache HTTP server software.</li>
-
-          <li>You may use the aforementioned 'Powered by Apache'
-          graphic or the <a
-          href="http://www.apache.org/images/asf_logo.gif">
-          Apache Software Foundation logo</a> in product
-          description and promotional material <b>IF and ONLY
-          IF</b> such use can in no way be interpreted as anything
-          other than an attribution. Using the Apache name and
-          artwork in a manner that implies endorsement of a product
-          or service is <b>strictly forbidden</b>.</li>
-        </ul>
-        <hr />
-      </li>
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>B. General Technical Questions</h3>
-
-    <ol>
-      <li>
-        <a id="what2do" name="what2do"><strong>"Why can't I ...?
-        Why won't ... work?" What to do in case of
-        problems</strong></a> 
-
-        <p>If you are having trouble with your Apache server
-        software, you should take the following steps:</p>
-
-        <ol>
-          <li>
-            <strong>Check the errorlog!</strong> 
-
-            <p>Apache tries to be helpful when it encounters a
-            problem. In many cases, it will provide some details by
-            writing one or messages to the server error log.
-            Sometimes this is enough for you to diagnose &amp; fix
-            the problem yourself (such as file permissions or the
-            like). The default location of the error log is
-            <samp>/usr/local/apache/logs/error_log</samp>, but see
-            the <a
-            href="../mod/core.html#errorlog"><samp>ErrorLog</samp></a>
-            directive in your config files for the location on your
-            server.</p>
-          </li>
-
-          <li>
-            <strong>Check the <a
-            href="http://httpd.apache.org/docs/misc/FAQ.html">FAQ</a>!</strong>
-            
-
-            <p>The latest version of the Apache Frequently-Asked
-            Questions list can always be found at the main Apache
-            web site.</p>
-          </li>
-
-          <li>
-            <strong>Check the Apache bug database</strong> 
-
-            <p>Most problems that get reported to The Apache Group
-            are recorded in the <a
-            href="http://bugs.apache.org/">bug database</a>.
-            <em><strong>Please</strong> check the existing reports,
-            open <strong>and</strong> closed, before adding
-            one.</em> If you find that your issue has already been
-            reported, please <em>don't</em> add a "me, too" report.
-            If the original report isn't closed yet, we suggest
-            that you check it periodically. You might also consider
-            contacting the original submitter, because there may be
-            an email exchange going on about the issue that isn't
-            getting recorded in the database.</p>
-          </li>
-
-          <li>
-            <strong>Ask in a user support group.</strong> 
-
-            <p>A lot of common problems never make it to the bug
-            database because there's already high Q&amp;A traffic
-            about them in the <a
-            href="http://httpd.apache.org/userslist.html">Users
-            mailing list</a> or <a
-            href="news:comp.infosystems.www.servers.unix"><samp>comp.infosystems.www.servers.unix</samp></a>
-            and related newsgroups. These newsgroups are also
-            available via <a
-            href="http://groups.google.com/groups?group=comp.infosystems.www.servers">
-            Google</a>. Many Apache users, and some of the developers,
-            can be found roaming their virtual halls, so it is suggested
-            that you seek wisdom there. The chances are good that
-            you'll get a faster answer there than from the bug
-            database, even if you <em>don't</em> see your question
-            already posted.</p>
-          </li>
-
-          <li>
-            <strong>If all else fails, report the problem in the
-            bug database</strong> 
-
-            <p>If you've gone through those steps above that are
-            appropriate and have obtained no relief, then please
-            <em>do</em> let The Apache Group know about the problem
-            by <a
-            href="http://httpd.apache.org/bug_report.html">logging
-            a bug report</a>.</p>
-
-            <p>If your problem involves the server crashing and
-            generating a core dump, please include a backtrace (if
-            possible). As an example,</p>
-
-            <dl>
-              <dd><code># cd <em>ServerRoot</em><br />
-               # dbx httpd core<br />
-               (dbx) where</code></dd>
-            </dl>
-
-            <p>(Substitute the appropriate locations for your
-            <samp>ServerRoot</samp> and your <samp>httpd</samp> and
-            <samp>core</samp> files. You may have to use
-            <code>gdb</code> instead of <code>dbx</code>.)</p>
-          </li>
-        </ol>
-        <hr />
-      </li>
-
-      <li>
-        <a id="compatible" name="compatible"><strong>How compatible
-        is Apache with my existing NCSA 1.3 setup?</strong></a> 
-
-        <p>Apache attempts to offer all the features and
-        configuration options of NCSA httpd 1.3, as well as many of
-        the additional features found in NCSA httpd 1.4 and NCSA
-        httpd 1.5.</p>
-
-        <p>NCSA httpd appears to be moving toward adding
-        experimental features which are not generally required at
-        the moment. Some of the experiments will succeed while
-        others will inevitably be dropped. The Apache philosophy is
-        to add what's needed as and when it is needed.</p>
-
-        <p>Friendly interaction between Apache and NCSA developers
-        should ensure that fundamental feature enhancements stay
-        consistent between the two servers for the foreseeable
-        future.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="year2000" name="year2000"><strong>Is Apache Year
-        2000 compliant?</strong></a> 
-
-        <p>Yes, Apache is Year 2000 compliant.</p>
-
-        <p>Apache internally never stores years as two digits. On
-        the HTTP protocol level RFC1123-style addresses are
-        generated which is the only format a HTTP/1.1-compliant
-        server should generate. To be compatible with older
-        applications Apache recognizes ANSI C's
-        <code>asctime()</code> and RFC850-/RFC1036-style date
-        formats, too. The <code>asctime()</code> format uses
-        four-digit years, but the RFC850 and RFC1036 date formats
-        only define a two-digit year. If Apache sees such a date
-        with a value less than 70 it assumes that the century is
-        <samp>20</samp> rather than <samp>19</samp>.</p>
-
-        <p>Although Apache is Year 2000 compliant, you may still
-        get problems if the underlying OS has problems with dates
-        past year 2000 (<em>e.g.</em>, OS calls which accept or
-        return year numbers). Most (UNIX) systems store dates
-        internally as signed 32-bit integers which contain the
-        number of seconds since 1<sup>st</sup> January 1970, so the
-        magic boundary to worry about is the year 2038 and not
-        2000. But modern operating systems shouldn't cause any
-        trouble at all.</p>
-
-        <p>The Apache HTTP Server project is an open-source
-        software product of the Apache Software Foundation. The
-        project and the Foundation <b>cannot</b> offer legal
-        assurances regarding any suitability of the software for
-        your application. There are several commercial Apache
-        support organizations and derivative server products
-        available that may be able to stand behind the software and
-        provide you with any assurances you may require. You may
-        find links to some of these vendors at <samp>&lt;<a
-        href="http://www.apache.org/info/support.cgi">http://www.apache.org/info/support.cgi</a>&gt;</samp>.</p>
-
-        <p>The Apache HTTP server software is distributed with the
-        following disclaimer, found in the software license:</p>
-<pre>
-   THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
-   EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-   PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
-   ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-   OF THE POSSIBILITY OF SUCH DAMAGE.
- 
-</pre>
-        <hr />
-      </li>
-
-      <li>
-        <a id="submit_patch" name="submit_patch"><strong>How do I
-        submit a patch to the Apache Group?</strong></a> 
-
-        <p>The Apache Group encourages patches from outside
-        developers. There are 2 main "types" of patches: small
-        bugfixes and general improvements. Bugfixes should be
-        submitting using the Apache <a
-        href="http://httpd.apache.org/bug_report.html">bug report
-        page</a>. Improvements, modifications, and additions should
-        follow the instructions below.</p>
-
-        <p>In general, the first course of action is to be a member
-        of the <samp>dev@httpd.apache.org</samp> mailing list. This
-        indicates to the Group that you are closely following the
-        latest Apache developments. Your patch file should be
-        generated using either '<code>diff&nbsp;-c</code>' or
-        '<code>diff&nbsp;-u</code>' against the latest CVS tree. To
-        submit your patch, send email to
-        <samp>dev@httpd.apache.org</samp> with a
-        <samp>Subject:</samp> line that starts with
-        <samp>[PATCH]</samp> and includes a general description of
-        the patch. In the body of the message, the patch should be
-        clearly described and then included at the end of the
-        message. If the patch-file is long, you can note a URL to
-        the file instead of the file itself. Use of MIME
-        enclosures/attachments should be avoided.</p>
-
-        <p>Be prepared to respond to any questions about your
-        patches and possibly defend your code. If your patch
-        results in a lot of discussion, you may be asked to submit
-        an updated patch that incorporates all changes and
-        suggestions.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="domination" name="domination"><strong>Why has Apache
-        stolen my favourite site's Internet address?</strong></a> 
-
-        <p>The simple answer is: "It hasn't." This misconception is
-        usually caused by the site in question having migrated to
-        the Apache Web server software, but not having migrated the
-        site's content yet. When Apache is installed, the default
-        page that gets installed tells the Webmaster the
-        installation was successful. The expectation is that this
-        default page will be replaced with the site's real content.
-        If it doesn't, complain to the Webmaster, not to the Apache
-        project -- we just make the software and aren't responsible
-        for what people do (or don't do) with it.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="apspam" name="apspam"><strong>Why am I getting spam
-        mail from the Apache site?</strong></a> 
-
-        <p>The short answer is: "You aren't." Usually when someone
-        thinks the Apache site is originating spam, it's because
-        they've traced the spam to a Web site, and the Web site
-        says it's using Apache. See the <a
-        href="#domination">previous FAQ entry</a> for more details
-        on this phenomenon.</p>
-
-        <p>No marketing spam originates from the Apache site. The
-        only mail that comes from the site goes only to addresses
-        that have been <em>requested</em> to receive the mail.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="redist" name="redist"><strong>May I include the
-        Apache software on a CD or other package I'm
-        distributing?</strong></a> 
-
-        <p>The detailed answer to this question can be found in the
-        Apache license, which is included in the Apache
-        distribution in the file <code>LICENSE</code>. You can also
-        find it on the Web at <samp>&lt;<a
-        href="http://www.apache.org/LICENSE.txt">http://www.apache.org/LICENSE.txt</a>&gt;</samp>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="zoom" name="zoom"><strong>What's the best
-        hardware/operating system/... How do I get the most out of
-        my Apache Web server?</strong></a> 
-
-        <p>Check out Dean Gaudet's <a
-        href="perf-tuning.html">performance tuning page</a>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="regex" name="regex"><strong>What are "regular
-        expressions"?</strong></a> 
-
-        <p>Regular expressions are a way of describing a pattern -
-        for example, "all the words that begin with the letter A"
-        or "every 10-digit phone number" or even "Every sentence
-        with two commas in it, and no capital letter Q". Regular
-        expressions (aka "regex"s) are useful in Apache because
-        they let you apply certain attributes against collections
-        of files or resources in very flexible ways - for example,
-        all .gif and .jpg files under any "images" directory could
-        be written as /\/images\/.*(jpg|gif)$/.</p>
-
-        <p>The best overview around is probably the one which comes
-        with Perl. We implement a simple subset of Perl's regex
-        support, but it's still a good way to learn what they mean.
-        You can start by going to the <a
-        href="http://www.perl.com/doc/manual/html/pod/perlre.html">CPAN
-        page on regular expressions</a>, and branching out from
-        there.</p> <hr />
-      </li>
-
-      <li>
-        <a id="binaries" name="binaries"><b>Why isn't there a
-        binary for my platform?</b></a> 
-
-        <p>The developers make sure that the software builds and
-        works correctly on the platforms available to them; this
-        does <i>not</i> necessarily mean that <i>your</i> platform
-        is one of them. In addition, the Apache HTTP server project
-        is primarily source oriented, meaning that distributing
-        valid and buildable source code is the purpose of a
-        release, not making sure that there is a binary package for
-        all of the supported platforms.</p>
-
-        <p>If you don't see a kit for your platform listed in the
-        binary distribution area (&lt;URL:<a
-        href="http://httpd.apache.org/dist/httpd/binaries/">http://httpd.apache.org/dist/httpd/binaries/</a>&gt;),
-        it means either that the platform isn't available to any of
-        the developers, or that they just haven't gotten around to
-        preparing a binary for it. As this is a voluntary project,
-        they are under no obligation to do so. Users are encouraged
-        and expected to build the software themselves.</p>
-
-        <p>The sole exception to these practices is the Windows
-        package. Unlike most Unix and Unix-like platforms, Windows
-        systems do not come with a bundled software development
-        environment, so we <i>do</i> prepare binary kits for
-        Windows when we make a release. Again, however, it's a
-        voluntary thing and only a limited number of the developers
-        have the capability to build the InstallShield package, so
-        the Windows release may lag somewhat behind the source
-        release. This lag should be no more than a few days at
-        most.</p>
-        <hr />
-      </li>
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>C. Building Apache</h3>
-
-    <ol>
-      <li>
-        <a id="bind8.1" name="bind8.1"><strong>Why do I get an
-        error about an undefined reference to
-        "<samp>__inet_ntoa</samp>" or other <samp>__inet_*</samp>
-        symbols?</strong></a> 
-
-        <p>If you have installed <a
-        href="http://www.isc.org/bind.html">BIND-8</a> then this is
-        normally due to a conflict between your include files and
-        your libraries. BIND-8 installs its include files and
-        libraries <code>/usr/local/include/</code> and
-        <code>/usr/local/lib/</code>, while the resolver that comes
-        with your system is probably installed in
-        <code>/usr/include/</code> and <code>/usr/lib/</code>. If
-        your system uses the header files in
-        <code>/usr/local/include/</code> before those in
-        <code>/usr/include/</code> but you do not use the new
-        resolver library, then the two versions will conflict.</p>
-
-        <p>To resolve this, you can either make sure you use the
-        include files and libraries that came with your system or
-        make sure to use the new include files and libraries.
-        Adding <code>-lbind</code> to the
-        <code>EXTRA_LDFLAGS</code> line in your
-        <samp>Configuration</samp> file, then re-running
-        <samp>Configure</samp>, should resolve the problem. (Apache
-        versions 1.2.* and earlier use <code>EXTRA_LFLAGS</code>
-        instead.)</p>
-
-        <p><strong>Note:</strong>As of BIND 8.1.1, the bind
-        libraries and files are installed under
-        <samp>/usr/local/bind</samp> by default, so you should not
-        run into this problem. Should you want to use the bind
-        resolvers you'll have to add the following to the
-        respective lines:</p>
-
-        <dl>
-          <dd><code>EXTRA_CFLAGS=-I/usr/local/bind/include<br />
-           EXTRA_LDFLAGS=-L/usr/local/bind/lib<br />
-           EXTRA_LIBS=-lbind</code></dd>
-        </dl>
-        <hr />
-      </li>
-
-      <li>
-        <a id="cantbuild" name="cantbuild"><strong>Why won't Apache
-        compile with my system's <samp>cc</samp>?</strong></a> 
-
-        <p>If the server won't compile on your system, it is
-        probably due to one of the following causes:</p>
-
-        <ul>
-          <li><strong>The <samp>Configure</samp> script doesn't
-          recognize your system environment.</strong><br />
-           This might be either because it's completely unknown or
-          because the specific environment (include files, OS
-          version, <em>et cetera</em>) isn't explicitly handled. If
-          this happens, you may need to port the server to your OS
-          yourself.</li>
-
-          <li><strong>Your system's C compiler is
-          garbage.</strong><br />
-           Some operating systems include a default C compiler that
-          is either not ANSI C-compliant or suffers from other
-          deficiencies. The usual recommendation in cases like this
-          is to acquire, install, and use <samp>gcc</samp>.</li>
-
-          <li><strong>Your <samp>include</samp> files may be
-          confused.</strong><br />
-           In some cases, we have found that a compiler
-          installation or system upgrade has left the C header
-          files in an inconsistent state. Make sure that your
-          include directory tree is in sync with the compiler and
-          the operating system.</li>
-
-          <li><strong>Your operating system or compiler may be out
-          of revision.</strong><br />
-           Software vendors (including those that develop operating
-          systems) issue new releases for a reason; sometimes to
-          add functionality, but more often to fix bugs that have
-          been discovered. Try upgrading your compiler and/or your
-          operating system.</li>
-        </ul>
-
-        <p>The Apache Group tests the ability to build the server
-        on many different platforms. Unfortunately, we can't test
-        all of the OS platforms there are. If you have verified
-        that none of the above issues is the cause of your problem,
-        and it hasn't been reported before, please submit a <a
-        href="http://httpd.apache.org/bug_report.html">problem
-        report</a>. Be sure to include <em>complete</em> details,
-        such as the compiler &amp; OS versions and exact error
-        messages.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="linuxiovec" name="linuxiovec"><strong>Why do I get
-        complaints about redefinition of "<code>struct
-        iovec</code>" when compiling under Linux?</strong></a> 
-
-        <p>This is a conflict between your C library includes and
-        your kernel includes. You need to make sure that the
-        versions of both are matched properly. There are two
-        workarounds, either one will solve the problem:</p>
-
-        <ul>
-          <li>Remove the definition of <code>struct iovec</code>
-          from your C library includes. It is located in
-          <code>/usr/include/sys/uio.h</code>.
-          <strong>Or,</strong></li>
-
-          <li>Add <code>-DNO_WRITEV</code> to the
-          <code>EXTRA_CFLAGS</code> line in your
-          <samp>Configuration</samp> and reconfigure/rebuild. This
-          hurts performance and should only be used as a last
-          resort.</li>
-        </ul>
-        <hr />
-      </li>
-
-      <li>
-        <a id="broken-gcc" name="broken-gcc"><strong>I'm using gcc
-        and I get some compilation errors, what is
-        wrong?</strong></a> 
-
-        <p>GCC parses your system header files and produces a
-        modified subset which it uses for compiling. This behavior
-        ties GCC tightly to the version of your operating system.
-        So, for example, if you were running IRIX 5.3 when you
-        built GCC and then upgrade to IRIX 6.2 later, you will have
-        to rebuild GCC. Similarly for Solaris 2.4, 2.5, or 2.5.1
-        when you upgrade to 2.6. Sometimes you can type "gcc -v"
-        and it will tell you the version of the operating system it
-        was built against.</p>
-
-        <p>If you fail to do this, then it is very likely that
-        Apache will fail to build. One of the most common errors is
-        with <code>readv</code>, <code>writev</code>, or
-        <code>uio.h</code>. This is <strong>not</strong> a bug with
-        Apache. You will need to re-install GCC.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="glibc-crypt" name="glibc-crypt"><strong>I'm using
-        RedHat Linux 5.0, or some other <samp>glibc</samp>-based
-        Linux system, and I get errors with the <code>crypt</code>
-        function when I attempt to build Apache 1.2.</strong></a> 
-
-        <p><samp>glibc</samp> puts the <code>crypt</code> function
-        into a separate library. Edit your
-        <code>src/Configuration</code> file and set this:</p>
-
-        <dl>
-          <dd><code>EXTRA_LIBS=-lcrypt</code></dd>
-        </dl>
-
-        <p>Then re-run <samp>src/Configure</samp> and re-execute
-        the make.</p>
-        <hr />
-      </li>
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>D. Error Log Messages and Problems Starting Apache</h3>
-
-    <ol>
-      <li>
-        <a id="setgid" name="setgid"><strong>Why do I get
-        "<samp>setgid: Invalid argument</samp>" at
-        startup?</strong></a> 
-
-        <p>Your <a
-        href="../mod/core.html#group"><samp>Group</samp></a>
-        directive (probably in <samp>conf/httpd.conf</samp>) needs
-        to name a group that actually exists in the
-        <samp>/etc/group</samp> file (or your system's equivalent).
-        This problem is also frequently seen when a negative number
-        is used in the <code>Group</code> directive (<em>e.g.</em>,
-        "<code>Group&nbsp;#-1</code>"). Using a group name -- not
-        group number -- found in your system's group database
-        should solve this problem in all cases.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="nodelay" name="nodelay"><strong>Why am I getting
-        "<samp>httpd: could not set socket option
-        TCP_NODELAY</samp>" in my error log?</strong></a> 
-
-        <p>This message almost always indicates that the client
-        disconnected before Apache reached the point of calling
-        <code>setsockopt()</code> for the connection. It shouldn't
-        occur for more than about 1% of the requests your server
-        handles, and it's advisory only in any case.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="peerreset" name="peerreset"><strong>Why am I getting
-        "<samp>connection reset by peer</samp>" in my error
-        log?</strong></a> 
-
-        <p>This is a normal message and nothing about which to be
-        alarmed. It simply means that the client canceled the
-        connection before it had been completely set up - such as
-        by the end-user pressing the "Stop" button. People's
-        patience being what it is, sites with response-time
-        problems or slow network links may experience this more
-        than high capacity ones or those with large pipes to the
-        network.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="wheres-the-dump" name="wheres-the-dump"><strong>The
-        errorlog says Apache dumped core, but where's the dump
-        file?</strong></a> 
-
-        <p>In Apache version 1.2, the error log message about
-        dumped core includes the directory where the dump file
-        should be located. However, many Unixes do not allow a
-        process that has called <code>setuid()</code> to dump core
-        for security reasons; the typical Apache setup has the
-        server started as root to bind to port 80, after which it
-        changes UIDs to a non-privileged user to serve
-        requests.</p>
-
-        <p>Dealing with this is extremely operating
-        system-specific, and may require rebuilding your system
-        kernel. Consult your operating system documentation or
-        vendor for more information about whether your system does
-        this and how to bypass it. If there <em>is</em> a
-        documented way of bypassing it, it is recommended that you
-        bypass it only for the <samp>httpd</samp> server process if
-        possible.</p>
-
-        <p>The canonical location for Apache's core-dump files is
-        the <a href="../mod/core.html#serverroot">ServerRoot</a>
-        directory. As of Apache version 1.3, the location can be
-        set <em>via</em> the <a
-        href="../mod/core.html#coredumpdirectory"><samp>CoreDumpDirectory</samp></a>
-        directive to a different directory. Make sure that this
-        directory is writable by the user the server runs as (as
-        opposed to the user the server is <em>started</em> as).</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="linux-shmget" name="linux-shmget"><strong>When I run
-        it under Linux I get "shmget: function not found", what
-        should I do?</strong></a> 
-
-        <p>Your kernel has been built without SysV IPC support. You
-        will have to rebuild the kernel with that support enabled
-        (it's under the "General Setup" submenu). Documentation for
-        kernel building is beyond the scope of this FAQ; you should
-        consult the <a
-        href="http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html">
-        Kernel HOWTO</a>, or the documentation provided with your
-        distribution, or a <a
-        href="http://www.redhat.com/mirrors/LDP/HOWTO/META-FAQ.html">
-        Linux newsgroup/mailing list</a>. As a last-resort
-        workaround, you can comment out the
-        <code>#define&nbsp;USE_SHMGET_SCOREBOARD</code> definition
-        in the <samp>LINUX</samp> section of
-        <samp>src/conf.h</samp> and rebuild the server (prior to
-        1.3b4, simply removing
-        <code>#define&nbsp;HAVE_SHMGET</code> would have sufficed).
-        This will produce a server which is slower and less
-        reliable.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="nfslocking" name="nfslocking"><strong>Server hangs,
-        or fails to start, and/or error log fills with
-        "<samp>fcntl: F_SETLKW: No record locks available</samp>"
-        or similar messages</strong></a> 
-
-        <p>These are symptoms of a fine locking problem, which
-        usually means that the server is trying to use a
-        synchronization file on an NFS filesystem.</p>
-
-        <p>Because of its parallel-operation model, the Apache Web
-        server needs to provide some form of synchronization when
-        accessing certain resources. One of these synchronization
-        methods involves taking out locks on a file, which means
-        that the filesystem whereon the lockfile resides must
-        support locking. In many cases this means it <em>can't</em>
-        be kept on an NFS-mounted filesystem.</p>
-
-        <p>To cause the Web server to work around the NFS locking
-        limitations, include a line such as the following in your
-        server configuration files:</p>
-
-        <dl>
-          <dd><code>LockFile /var/run/apache-lock</code></dd>
-        </dl>
-
-        <p>The directory should not be generally writable
-        (<em>e.g.</em>, don't use <samp>/var/tmp</samp>). See the
-        <a
-        href="../mod/core.html#lockfile"><samp>LockFile</samp></a>
-        documentation for more information.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="aixccbug" name="aixccbug"><strong>Why am I getting
-        "<samp>Expected &lt;/Directory&gt; but saw
-        &lt;/Directory&gt;</samp>" when I try to start
-        Apache?</strong></a> 
-
-        <p>This is a known problem with certain versions of the AIX
-        C compiler. IBM are working on a solution, and the issue is
-        being tracked by <a
-        href="http://bugs.apache.org/index/full/2312">problem
-        report #2312</a>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="redhat" name="redhat"><strong>I'm using RedHat Linux
-        and I have problems with httpd dying randomly or not
-        restarting properly</strong></a> 
-
-        <p>RedHat Linux versions 4.x (and possibly earlier) RPMs
-        contain various nasty scripts which do not stop or restart
-        Apache properly. These can affect you even if you're not
-        running the RedHat supplied RPMs.</p>
-
-        <p>If you're using the default install then you're probably
-        running Apache 1.1.3, which is outdated. From RedHat's ftp
-        site you can pick up a more recent RPM for Apache 1.2.x.
-        This will solve one of the problems.</p>
-
-        <p>If you're using a custom built Apache rather than the
-        RedHat RPMs then you should <code>rpm -e apache</code>. In
-        particular you want the mildly broken
-        <code>/etc/logrotate.d/apache</code> script to be removed,
-        and you want the broken <code>/etc/rc.d/init.d/httpd</code>
-        (or <code>httpd.init</code>) script to be removed. The
-        latter is actually fixed by the apache-1.2.5 RPMs but if
-        you're building your own Apache then you probably don't
-        want the RedHat files.</p>
-
-        <p>We can't stress enough how important it is for folks,
-        <em>especially vendors</em> to follow the <a
-        href="../stopping.html">stopping Apache directions</a>
-        given in our documentation. In RedHat's defense, the broken
-        scripts were necessary with Apache 1.1.x because the Linux
-        support in 1.1.x was very poor, and there were various race
-        conditions on all platforms. None of this should be
-        necessary with Apache 1.2 and later.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="stopping" name="stopping"><strong>I upgraded from an
-        Apache version earlier than 1.2.0 and suddenly I have
-        problems with Apache dying randomly or not restarting
-        properly</strong></a> 
-
-        <p>You should read <a href="#redhat">the previous note</a>
-        about problems with RedHat installations. It is entirely
-        likely that your installation has start/stop/restart
-        scripts which were built for an earlier version of Apache.
-        Versions earlier than 1.2.0 had various race conditions
-        that made it necessary to use <code>kill -9</code> at times
-        to take out all the httpd servers. But that should not be
-        necessary any longer. You should follow the <a
-        href="../stopping.html">directions on how to stop and
-        restart Apache</a>.</p>
-
-        <p>As of Apache 1.3 there is a script
-        <code>src/support/apachectl</code> which, after a bit of
-        customization, is suitable for starting, stopping, and
-        restarting your server.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="setservername" name="setservername"><b>When I try to
-        start Apache from a DOS window, I get a message like
-        "<samp>Cannot determine host name. Use ServerName directive
-        to set it manually.</samp>" What does this mean?</b></a> 
-
-        <p>It means what it says; the Apache software can't
-        determine the hostname of your system. Edit your
-        <samp>conf\httpd.conf</samp> file, look for the string
-        "ServerName", and make sure there's an uncommented
-        directive such as</p>
-
-        <dl>
-          <dd><code>ServerName localhost</code></dd>
-        </dl>
-
-        <p>or</p>
-
-        <dl>
-          <dd><code>ServerName www.foo.com</code></dd>
-        </dl>
-
-        <p>in the file. Correct it if there one there with wrong
-        information, or add one if you don't already have one.</p>
-
-        <p>Also, make sure that your Windows system has DNS
-        enabled. See the TCP/IP setup component of the Networking
-        or Internet Options control panel.</p>
-
-        <p>After verifying that DNS is enabled and that you have a
-        valid hostname in your <samp>ServerName</samp> directive,
-        try to start the server again.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="ws2_32dll" name="ws2_32dll"><b>When I try to start
-        Apache for Windows, I get a message like "<samp>Unable To
-        Locate WS2_32.DLL...</samp>". What should I do?</b></a> 
-
-        <p>Short answer: You need to install Winsock 2, available
-        from <a
-        href="http://www.microsoft.com/windows95/downloads/">http://www.microsoft.com/windows95/downloads/</a></p>
-
-        <p>Detailed answer: Prior to version 1.3.9, Apache for
-        Windows used Winsock 1.1. Beginning with version 1.3.9,
-        Apache began using Winsock 2 features (specifically,
-        WSADuplicateSocket()). WS2_32.DLL implements the Winsock 2
-        API. Winsock 2 ships with Windows NT 4.0 and Windows 98.
-        Some of the earlier releases of Windows 95 did not include
-        Winsock 2.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="WSADuplicateSocket"
-        name="WSADuplicateSocket"><b>Apache for Windows does not
-        start. Error log contains this message: "<samp>[crit]
-        (10045) The attempted operation is not supported for the
-        type of object referenced: Parent: WSADuplicateSocket
-        failed for socket ###</samp>". What does this mean?</b></a>
-        
-
-        <p>We have seen this problem when Apache is run on systems
-        along with Virtual Private Networking clients like Aventail
-        Connect. Aventail Connect is a Layered Service Provider
-        (LSP) that inserts itself, as a "shim," between the Winsock
-        2 API and Window's native Winsock 2 implementation. The
-        Aventail Connect shim does not implement
-        WSADuplicateSocket, which is the cause of the failure.</p>
-
-        <p>The shim is not unloaded when Aventail Connect is shut
-        down. Once observed, the problem persists until the shim is
-        either explicitly unloaded or the machine is rebooted.
-        Another potential solution (not tested) is to add
-        <code>apache.exe</code> to the Aventail "Connect Exclusion
-        List".</p>
-
-        <p>Apache is affected in a similar way by <em>any</em>
-        firewall program that isn't correctly configured. Assure
-        you exclude your Apache server ports (usually port 80) from
-        the list of ports to block. Refer to your firewall
-        program's documentation for the how-to.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="err1067" name="err1067"><b>When I try to start
-        Apache on Windows, I get a message like "<code>System error
-        1067 has occurred. The process terminated
-        unexpectedly</code>." What does this mean?</b></a> 
-
-        <p>This message means that the Web server was unable to
-        start correctly for one reason or another. To find out why,
-        execute the following commands in a DOS window:</p>
-<pre>
-    c:
-    cd "\Program Files\Apache Group\Apache"
-    apache
- 
-</pre>
-
-        <p>(If you don't get the prompt back, hit Control-C to
-        cause Apache to exit.)</p>
-
-        <p>The error you see will probably be one of those
-        preceding this question in the FAQ.</p>
-
-        <p>As of Apache 1.3.14, first check the Windows NT Event
-        Log for Application errors using the Windows NT/2000 Event
-        Viewer program. Any errors that occur prior to opening the
-        Apache error log will be stored here, if Apache is run as a
-        Service on NT or 2000. As with any error, also check your
-        Apache error log.</p>
-        <hr />
-      </li>
-
-      <li><a id="suseFDN" name="suseFDN"><b>On a SuSE Linux system, I try and 
-          configure access control using basic authentication.
-	  Although I follow the example exactly, authentication
-	  fails, and an error message "<code>admin: not a valid
-	  FDN: ....</code>" is logged.</b></a>
-
-          <p>
-	  In the SuSE distribution, additional 3rd party authentication
-	  modules have been added and activated by default. These modules
-	  interfere with the Apache standard modules and cause Basic
-	  authentication to fail. Our recommendation is to comment all
-	  those modules in <code>/etc/httpd/suse_addmodule.conf</code>
-	  and <code>/etc/httpd/suse_loadmodule.conf</code> which are not
-	  actually required for running your server.
-          </p><hr />
-      </li>
-
-     <li><a id="codered" name="codered"><b>Why do I have weird entries in my
-          logs asking for <code>default.ida</code> and
-          <code>cmd.exe</code>?</b></a>
-      
-          <p>The host requesting pages from your website and creating
-          those entries is a Windows machine running IIS that has been
-          infected by an Internet worm such as Nimda or Code Red. You
-          can safely ignore these error messages as they do not affect
-          Apache.  ApacheWeek has an <a
-          href="http://www.apacheweek.com/features/codered">article</a>
-          with more information.</p><hr />
-     </li>
-
-    <li><a id="restart" name="restart"><b>Why am I getting server restart
-    messages periodically, when I did not restart the server?</b></a>
-
-          <p>Problem: You are noticing restart messages in your error log,
-          periodically, when you know you did not restart the server
-          yourself:</p>
-
-<pre>
-[Thu Jun  6 04:02:01 2002] [notice] SIGHUP received.  Attempting to restart
-[Thu Jun  6 04:02:02 2002] [notice] Apache configured -- resuming normal operations
-</pre>
-
-          <p>Check your cron jobs to see when/if your server logs are being
-          rotated. Compare the time of rotation to the error message time.
-          If they are the same, you can somewhat safely assume that the 
-          restart is due to your server logs being rotated.</p><hr />
-     </li>
-
-     <li><a id="modulemagic" name="modulemagic"><b>Why am I getting
-          &quot;module <em>module-name</em> is not compatible with this version
-          of Apache&quot; messages in my error log?</b></a>
-      
-          <p>Module Magic Number (MMN) is a constant defined in Apache
-          source that is associated with binary compatibility of
-          modules. It is changed when internal Apache structures,
-          function calls and other significant parts of API change in
-          such a way that binary compatibility cannot be guaranteed any
-          more. On MMN change, all third party modules have to be at
-          least recompiled, sometimes even slightly changed in order
-          to work with the new version of Apache.</p>
-
-          <p>If you're getting the above error messages, contact the
-          vendor of the module for the new binary, or compile it if
-          you have access to the source code.</p><hr />
-     </li>
-
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>E. Configuration Questions</h3>
-
-    <ol>
-      <li>
-        <a id="fdlim" name="fdlim"><strong>Why can't I run more
-        than &lt;<em>n</em>&gt; virtual hosts?</strong></a> 
-
-        <p>You are probably running into resource limitations in
-        your operating system. The most common limitation is the
-        <em>per</em>-process limit on <strong>file
-        descriptors</strong>, which is almost always the cause of
-        problems seen when adding virtual hosts. Apache often does
-        not give an intuitive error message because it is normally
-        some library routine (such as <code>gethostbyname()</code>)
-        which needs file descriptors and doesn't complain
-        intelligibly when it can't get them.</p>
-
-        <p>Each log file requires a file descriptor, which means
-        that if you are using separate access and error logs for
-        each virtual host, each virtual host needs two file
-        descriptors. Each <a
-        href="../mod/core.html#listen"><samp>Listen</samp></a>
-        directive also needs a file descriptor.</p>
-
-        <p>Typical values for &lt;<em>n</em>&gt; that we've seen
-        are in the neighborhood of 128 or 250. When the server
-        bumps into the file descriptor limit, it may dump core with
-        a SIGSEGV, it might just hang, or it may limp along and
-        you'll see (possibly meaningful) errors in the error log.
-        One common problem that occurs when you run into a file
-        descriptor limit is that CGI scripts stop being executed
-        properly.</p>
-
-        <p>As to what you can do about this:</p>
-
-        <ol>
-          <li>Reduce the number of <a
-          href="../mod/core.html#listen"><samp>Listen</samp></a>
-          directives. If there are no other servers running on the
-          machine on the same port then you normally don't need any
-          Listen directives at all. By default Apache listens to
-          all addresses on port 80.</li>
-
-          <li>Reduce the number of log files. You can use <a
-          href="../mod/mod_log_config.html"><samp>mod_log_config</samp></a>
-          to log all requests to a single log file while including
-          the name of the virtual host in the log file. You can
-          then write a script to split the logfile into separate
-          files later if necessary. Such a script is provided with
-          the Apache 1.3 distribution in the
-          <samp>src/support/split-logfile</samp> file.</li>
-
-          <li>
-            Increase the number of file descriptors available to
-            the server (see your system's documentation on the
-            <code>limit</code> or <code>ulimit</code> commands).
-            For some systems, information on how to do this is
-            available in the <a href="perf.html">performance
-            hints</a> page. There is a specific note for <a
-            href="#freebsd-setsize">FreeBSD</a> below. 
-
-            <p>For Windows 95, try modifying your
-            <samp>C:\CONFIG.SYS</samp> file to include a line
-            like</p>
-
-            <dl>
-              <dd><code>FILES=300</code></dd>
-            </dl>
-
-            <p>Remember that you'll need to reboot your Windows 95
-            system in order for the new value to take effect.</p>
-          </li>
-
-          <li>"Don't do that" - try to run with fewer virtual
-          hosts</li>
-
-          <li>Spread your operation across multiple server
-          processes (using <a
-          href="../mod/core.html#listen"><samp>Listen</samp></a>
-          for example, but see the first point) and/or ports.</li>
-        </ol>
-
-        <p>Since this is an operating-system limitation, there's
-        not much else available in the way of solutions.</p>
-
-        <p>As of 1.2.1 we have made attempts to work around various
-        limitations involving running with many descriptors. <a
-        href="descriptors.html">More information is
-        available.</a></p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="freebsd-setsize" name="freebsd-setsize"><strong>Can
-        I increase <samp>FD_SETSIZE</samp> on FreeBSD?</strong></a>
-        
-
-        <p>On versions of FreeBSD before 3.0, the
-        <samp>FD_SETSIZE</samp> define defaults to 256. This means
-        that you will have trouble usefully using more than 256
-        file descriptors in Apache. This can be increased, but
-        doing so can be tricky.</p>
-
-        <p>If you are using a version prior to 2.2, you need to
-        recompile your kernel with a larger
-        <samp>FD_SETSIZE</samp>. This can be done by adding a line
-        such as:</p>
-
-        <dl>
-          <dd><code>options FD_SETSIZE <em>nnn</em></code></dd>
-        </dl>
-
-        <p>to your kernel config file. Starting at version 2.2,
-        this is no longer necessary.</p>
-
-        <p>If you are using a version of 2.1-stable from after
-        1997/03/10 or 2.2 or 3.0-current from before 1997/06/28,
-        there is a limit in the resolver library that prevents it
-        from using more file descriptors than what
-        <samp>FD_SETSIZE</samp> is set to when libc is compiled. To
-        increase this, you have to recompile libc with a higher
-        <samp>FD_SETSIZE</samp>.</p>
-
-        <p>In FreeBSD 3.0, the default <samp>FD_SETSIZE</samp> has
-        been increased to 1024 and the above limitation in the
-        resolver library has been removed.</p>
-
-        <p>After you deal with the appropriate changes above, you
-        can increase the setting of <samp>FD_SETSIZE</samp> at
-        Apache compilation time by adding
-        "<samp>-DFD_SETSIZE=<em>nnn</em></samp>" to the
-        <samp>EXTRA_CFLAGS</samp> line in your
-        <samp>Configuration</samp> file.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="errordoc401" name="errordoc401"><strong>Why doesn't
-        my <code>ErrorDocument 401</code> work?</strong></a> 
-
-        <p>You need to use it with a URL in the form
-        "<samp>/foo/bar</samp>" and not one with a method and
-        hostname such as "<samp>http://host/foo/bar</samp>". See
-        the <a
-        href="../mod/core.html#errordocument"><samp>ErrorDocument</samp></a>
-        documentation for details. This was incorrectly documented
-        in the past.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="cookies1" name="cookies1"><strong>Why does Apache
-        send a cookie on every response?</strong></a> 
-
-        <p>Apache does <em>not</em> automatically send a cookie on
-        every response, unless you have re-compiled it with the <a
-        href="../mod/mod_usertrack.html"><samp>mod_usertrack</samp></a>
-        module, and specifically enabled it with the <a
-        href="../mod/mod_usertrack.html#cookietracking"><samp>CookieTracking</samp></a>
-        directive. This module has been in Apache since version
-        1.2. This module may help track users, and uses cookies to
-        do this. If you are not using the data generated by
-        <samp>mod_usertrack</samp>, do not compile it into
-        Apache.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="jdk1-and-http1.1"
-        name="jdk1-and-http1.1"><strong>Why do my Java app[let]s
-        give me plain text when I request an URL from an Apache
-        server?</strong></a> 
-
-        <p>As of version 1.2, Apache is an HTTP/1.1 (HyperText
-        Transfer Protocol version 1.1) server. This fact is
-        reflected in the protocol version that's included in the
-        response headers sent to a client when processing a
-        request. Unfortunately, low-level Web access classes
-        included in the Java Development Kit (JDK) version 1.0.2
-        expect to see the version string "HTTP/1.0" and do not
-        correctly interpret the "HTTP/1.1" value Apache is sending
-        (this part of the response is a declaration of what the
-        server can do rather than a declaration of the dialect of
-        the response). The result is that the JDK methods do not
-        correctly parse the headers, and include them with the
-        document content by mistake.</p>
-
-        <p>This is definitely a bug in the JDK 1.0.2 foundation
-        classes from Sun, and it has been fixed in version 1.1.
-        However, the classes in question are part of the virtual
-        machine environment, which means they're part of the Web
-        browser (if Java-enabled) or the Java environment on the
-        client system - so even if you develop <em>your</em>
-        classes with a recent JDK, the eventual users might
-        encounter the problem. The classes involved are replaceable
-        by vendors implementing the Java virtual machine
-        environment, and so even those that are based upon the
-        1.0.2 version may not have this problem.</p>
-
-        <p>In the meantime, a workaround is to tell Apache to
-        "fake" an HTTP/1.0 response to requests that come from the
-        JDK methods; this can be done by including a line such as
-        the following in your server configuration files:</p>
-
-        <dl>
-          <dd><code>BrowserMatch Java1.0 force-response-1.0<br />
-           BrowserMatch JDK/1.0 force-response-1.0</code></dd>
-        </dl>
-
-        <p>More information about this issue can be found in the <a
-        href="http://httpd.apache.org/info/jdk-102.html"><cite>Java
-        and HTTP/1.1</cite></a> page at the Apache web site.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="midi" name="midi"><strong>How do I get Apache to
-        send a MIDI file so the browser can play it?</strong></a> 
-
-        <p>Even though the registered MIME type for MIDI files is
-        <samp>audio/midi</samp>, some browsers are not set up to
-        recognize it as such; instead, they look for
-        <samp>audio/x-midi</samp>. There are two things you can do
-        to address this:</p>
-
-        <ol>
-          <li>Configure your browser to treat documents of type
-          <samp>audio/midi</samp> correctly. This is the type that
-          Apache sends by default. This may not be workable,
-          however, if you have many client installations to change,
-          or if some or many of the clients are not under your
-          control.</li>
-
-          <li>
-            Instruct Apache to send a different
-            <samp>Content-type</samp> header for these files by
-            adding the following line to your server's
-            configuration files: 
-
-            <dl>
-              <dd><code>AddType audio/x-midi .mid .midi
-              .kar</code></dd>
-            </dl>
-
-            <p>Note that this may break browsers that <em>do</em>
-            recognize the <samp>audio/midi</samp> MIME type unless
-            they're prepared to also handle
-            <samp>audio/x-midi</samp> the same way.</p>
-          </li>
-        </ol>
-        <hr />
-      </li>
-
-      <li>
-        <a id="addlog" name="addlog"><strong>How do I add browsers
-        and referrers to my logs?</strong></a> 
-
-        <p>Apache provides a couple of different ways of doing
-        this. The recommended method is to compile the <a
-        href="../mod/mod_log_config.html"><samp>mod_log_config</samp></a>
-        module into your configuration and use the <a
-        href="../mod/mod_log_config.html#customlog"><samp>CustomLog</samp></a>
-        directive.</p>
-
-        <p>You can either log the additional information in files
-        other than your normal transfer log, or you can add them to
-        the records already being written. For example:</p>
-
-        <p>
-        <code>CustomLog&nbsp;logs/access_log&nbsp;"%h&nbsp;%l&nbsp;%u&nbsp;%t&nbsp;\"%r\"&nbsp;%s&nbsp;%b&nbsp;\"%{Referer}i\"&nbsp;\"%{User-Agent}i\""</code></p>
-
-        <p>This will add the values of the <samp>User-agent:</samp>
-        and <samp>Referer:</samp> headers, which indicate the
-        client and the referring page, respectively, to the end of
-        each line in the access log.</p>
-
-        <p>You may want to check out the <cite>Apache Week</cite>
-        article entitled: "<a
-        href="http://www.apacheweek.com/features/logfiles"
-        rel="Help"><cite>Gathering Visitor Information: Customizing
-        Your Logfiles</cite></a>".</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="set-servername" name="set-servername"><strong>Why
-        does accessing directories only work when I include the
-        trailing "/"
-        (<em>e.g.</em>,&nbsp;<samp>http://foo.domain.com/~user/</samp>)
-        but not when I omit it
-        (<em>e.g.</em>,&nbsp;<samp>http://foo.domain.com/~user</samp>)?</strong></a>
-        
-
-        <p>When you access a directory without a trailing "/",
-        Apache needs to send what is called a redirect to the
-        client to tell it to add the trailing slash. If it did not
-        do so, relative URLs would not work properly. When it sends
-        the redirect, it needs to know the name of the server so
-        that it can include it in the redirect. There are two ways
-        for Apache to find this out; either it can guess, or you
-        can tell it. If your DNS is configured correctly, it can
-        normally guess without any problems. If it is not, however,
-        then you need to tell it.</p>
-
-        <p>Add a <a
-        href="../mod/core.html#servername">ServerName</a> directive
-        to the config file to tell it what the domain name of the
-        server is.</p>
-
-        <p>The other thing that can occasionally cause this symptom is a
-        misunderstanding of the <a
-        href="../mod/mod_alias.html#alias">Alias</a> directive,
-        resulting in an alias working with a trailing slash, and not 
-        without one. The <code>Alias</code> directive is very literal,
-        and aliases what you tell it to. Consider the following
-        example:</p>
-
-        <pre>
-        Alias /example/ /home/www/example/
-        </pre>
-
-        <p>The above directive creates an alias for URLs starting with
-        <code>/example/</code>, but does <em>not</em> alias URLs
-        starting with <code>/example</code>. That is to say, a URL such
-        as <code>http://servername.com/example/</code> will get the
-        desired content, but a URL such as
-        <code>http://servername.com/example</code> will result in a
-        "file not found" error.</p>
-
-        <p>The following <code>Alias</code>, on the other hand, will
-        work for both cases:</p>
-
-        <pre>
-        Alias /example /home/www/example
-        </pre>
-
-        <hr />
-      </li>
-
-      <li>
-        <a id="no-info-directives"
-        name="no-info-directives"><strong>Why doesn't mod_info list
-        any directives?</strong></a> 
-
-        <p>The <a
-        href="../mod/mod_info.html"><samp>mod_info</samp></a>
-        module allows you to use a Web browser to see how your
-        server is configured. Among the information it displays is
-        the list modules and their configuration directives. The
-        "current" values for the directives are not necessarily
-        those of the running server; they are extracted from the
-        configuration files themselves at the time of the request.
-        If the files have been changed since the server was last
-        reloaded, the display will not match the values actively in
-        use. If the files and the path to the files are not
-        readable by the user as which the server is running (see
-        the <a href="../mod/core.html#user"><samp>User</samp></a>
-        directive), then <samp>mod_info</samp> cannot read them in
-        order to list their values. An entry <em>will</em> be made
-        in the error log in this event, however.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="namevhost" name="namevhost"><strong>I upgraded to
-        Apache 1.3 and now my virtual hosts don't
-        work!</strong></a> 
-
-        <p>In versions of Apache prior to 1.3b2, there was a lot of
-        confusion regarding address-based virtual hosts and
-        (HTTP/1.1) name-based virtual hosts, and the rules
-        concerning how the server processed
-        <samp>&lt;VirtualHost&gt;</samp> definitions were very
-        complex and not well documented.</p>
-
-        <p>Apache 1.3b2 introduced a new directive, <a
-        href="../mod/core.html#namevirtualhost"><samp>NameVirtualHost</samp></a>,
-        which simplifies the rules quite a bit. However, changing
-        the rules like this means that your existing name-based
-        <samp>&lt;VirtualHost&gt;</samp> containers probably won't
-        work correctly immediately following the upgrade.</p>
-
-        <p>To correct this problem, add the following line to the
-        beginning of your server configuration file, before
-        defining any virtual hosts:</p>
-
-        <dl>
-          <dd><code>NameVirtualHost <em>n.n.n.n</em></code></dd>
-        </dl>
-
-        <p>Replace the "<samp>n.n.n.n</samp>" with the IP address
-        to which the name-based virtual host names resolve; if you
-        have multiple name-based hosts on multiple addresses,
-        repeat the directive for each address.</p>
-
-        <p>Make sure that your name-based
-        <samp>&lt;VirtualHost&gt;</samp> blocks contain
-        <samp>ServerName</samp> and possibly
-        <samp>ServerAlias</samp> directives so Apache can be sure
-        to tell them apart correctly.</p>
-
-        <p>Please see the <a href="../vhosts/">Apache Virtual Host
-        documentation</a> for further details about
-        configuration.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="redhat-htm" name="redhat-htm"><strong>I'm using
-        RedHat Linux and my .htm files are showing up as HTML
-        source rather than being formatted!</strong></a> 
-
-        <p>RedHat messed up and forgot to put a content type for
-        <code>.htm</code> files into <code>/etc/mime.types</code>.
-        Edit <code>/etc/mime.types</code>, find the line containing
-        <code>html</code> and add <code>htm</code> to it. Then
-        restart your httpd server:</p>
-
-        <dl>
-          <dd><code>kill -HUP `cat /var/run/httpd.pid`</code></dd>
-        </dl>
-
-        <p>Then <strong>clear your browsers' caches</strong>. (Many
-        browsers won't re-examine the content type after they've
-        reloaded a page.)</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="htaccess-work" name="htaccess-work"><strong>My
-        <code>.htaccess</code> files are being
-        ignored.</strong></a> 
-
-        <p>This is almost always due to your <a
-        href="../mod/core.html#allowoverride">AllowOverride</a>
-        directive being set incorrectly for the directory in
-        question. If it is set to <code>None</code> then .htaccess
-        files will not even be looked for. If you do have one that
-        is set, then be certain it covers the directory you are
-        trying to use the .htaccess file in. This is normally
-        accomplished by ensuring it is inside the proper <a
-        href="../mod/core.html#directory">Directory</a>
-        container.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="forbidden" name="forbidden"><strong>Why do I get a
-        "<samp>Forbidden</samp>" message whenever I try to access a
-        particular directory?</strong></a> 
-
-        <p>This message is generally caused because either</p>
-
-        <ul>
-          <li>The underlying file system permissions do not allow
-          the User/Group under which Apache is running to access
-          the necessary files; or</li>
-
-          <li>The Apache configuration has some access restrictions
-          in place which forbid access to the files.</li>
-        </ul>
-
-        <p>You can determine which case applies to your situation
-        by checking the error log.</p>
-
-        <p>In the case where file system permission are at fault,
-        remember that not only must the directory and files in
-        question be readable, but also all parent directories must
-        be at least searchable by the web server in order for the
-        content to be accessible.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="malfiles" name="malfiles"><b>Why do I get a
-        "<samp>Forbidden/You don't have permission to access / on
-        this server</samp>" message whenever I try to access my
-        server?</b></a> 
-
-        <p>Search your <code>conf/httpd.conf</code> file for this
-        exact string: <code>&lt;Files ~&gt;</code>. If you find it,
-        that's your problem -- that particular &lt;Files&gt;
-        container is malformed. Delete it or replace it with
-        <code>&lt;Files ~ "^\.ht"&gt;</code> and restart your
-        server and things should work as expected.</p>
-
-        <p>This error appears to be caused by a problem with the
-        version of linuxconf distributed with Redhat 6.x. It may
-        reappear if you use linuxconf again.</p>
-
-        <p>If you don't find this string, check out the <a
-        href="#forbidden">previous question</a>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="ie-ignores-mime" name="ie-ignores-mime"><strong>Why
-        do my files appear correctly in Internet Explorer, but show
-        up as source or trigger a save window with
-        Netscape; or, Why doesn't Internet Explorer render
-        my text/plain document correctly?</strong></a> 
-
-        <p>MS Internet Explorer (MSIE) and Netscape handle mime type
-        detection in different ways, and therefore will display the
-        document differently. In particular, IE sometimes relies on
-        the file extension or the contents of the file to determine
-        the mime type. This can happen when the server specifies a
-        mime type of <code>application/octet-stream</code> or
-        <code>text/plain</code>.  This behavior violates the the HTTP
-        standard and makes it impossible to deliver plain text
-        documents to MSIE clients in some cases.  More details are
-        available on MSIE's mime type detection behavior in an <a
-        href="http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp">
-        MSDN article</a> and a <a
-        href="http://ppewww.ph.gla.ac.uk/~flavell/www/content-type.html">note</a>
-        by Alan J. Flavell.</p>
-
-        <p>The best you can do as a server administrator is to
-        accurately configure the mime type of your documents by editing
-        the <code>mime.types</code> file or using an <a
-        href="../mod/mod_mime.html#addtype"><code>AddType</code></a>
-        directive in the Apache configuration files.  In some cases,
-        you may be able to fool MSIE into rendering text/plain documents
-        correctly by assuring they have a <code>.txt</code> filename
-        extension, but this will not work if MSIE thinks the content
-        looks like another file type.
-</p> <hr />
-      </li>
-      <li>
-	<a name="canonical-hostnames"><strong>My site is accessible
-        under many different hostnames; how do I redirect clients
-        so that they see only a single name?</strong></a>
-
-        <p>Many sites map a variety of hostnames to the same content.
-        For example, <code>www.example.com</code>,
-        <code>example.com</code> and <code>www.example.net</code> may
-        all refer to the same site.  It is best to make sure that,
-        regardless of the name clients use to access the site, they
-        will be redirected to a single, canonical hostname.  This
-        makes the site easier to maintain and assures that there will
-        be only one version of the site in proxy caches and search
-        engines.</p>
-
-        <p>There are two techniques to implement canonical hostnames:</p>
-
-        <ol>
-          <li>Use <a href="../mod/mod_rewrite.html">mod_rewrite</a>
-          as described in the "Canonical Hostnames" section of the
-          <a href="rewriteguide.html">URL Rewriting Guide</a>.</li>
-
-          <li>Use <a href="../vhosts/name-based.html">name-based
-          virtual hosting</a>:
-
-<blockquote><code>
-NameVirtualHost *<br />
-<br />
-&lt;VirtualHost *&gt;<br />
-&nbsp;&nbsp;ServerName www.example.net<br />
-&nbsp;&nbsp;ServerAlias example.com<br />
-&nbsp;&nbsp;Redirect permanent / http://www.example.com/<br />
-&lt;/VirtualHost&gt;<br />
-<br />
-&lt;VirtualHost *&gt;<br />
-&nbsp;&nbsp;ServerName www.example.com<br />
-&nbsp;&nbsp;DocumentRoot /usr/local/apache/htdocs<br />
-&lt;/VirtualHost&gt;
-</code></blockquote>
-          </li></ol>
-        <hr /></li>
-
-         <li><a id="firewall" name="firewall"><strong>Why can I access my
-         website from the server or from my local network, but I
-         can't access it from elsewhere on the Internet?</strong></a>
-
-         <p>There are many possible reasons for this, and almost all
-         of them are related to the configuration of your network, not
-         the configuration of the Apache HTTP Server.  One of the most
-         common problems is that a firewall blocks access to the
-         default HTTP port 80.  In particular, many consumer ISPs
-         block access to this port.  You can see if this is the case
-         by changing any <code>Port</code> and <code>Listen</code>
-         directives in <code>httpd.conf</code> to use port 8000 and
-         then request your site using
-         <code>http://yourhost.example.com:8000/</code>.  (Of course,
-         a very restrictive firewall may block this port as well.)</p>
-
-        <hr /></li>
-
-         <li><a id="indexes" name="indexes"><strong>How do I turn automatic
-         directory listings on or off?</strong></a>
-
-         <p>If a client requests a URL that designates a directory and
-         the directory does not contain a filename that matches the <a
-         href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a>
-         directive, then <a
-         href="../mod/mod_autoindex.html">mod_autoindex</a> can be
-         configured to present a listing of the directory contents.</p>
-
-         <p>To turn on automatic directory indexing, find the 
-         <a href="../mod/core.html#options">Options</a> directive that
-         applies to the directory and add the <code>Indexes</code>
-         keyword. For example:</p>
-
-         <blockquote><code>
-         &lt;Directory /path/to/directory&gt;<br />
-         &nbsp;&nbsp;&nbsp;Options +Indexes<br />
-         &lt;/Directory&gt;
-         </code></blockquote>
-         
-         <p>To turn off automatic directory indexing, remove
-         the <code>Indexes</code> keyword from the appropriate 
-         <code>Options</code> line. To turn off directory listing
-         for a particular subdirectory, you can use 
-         <code>Options -Indexes</code>. For example:</p>
-
-         <blockquote><code>
-         &lt;Directory /path/to/directory&gt;<br />
-         &nbsp;&nbsp;&nbsp;Options -Indexes<br />
-         &lt;/Directory&gt;
-         </code></blockquote>
-
-       <hr /></li>
-
-         <li><a id="options" name="options"><strong>Why do my Options
-         directives not have the desired effect?</strong></a>
-
-         <p>Directives placed in the configuration files are applied
-         in a very particular order, as described by <a
-         href="../sections.html">How Directory, Location, and Files
-         sections work</a>.  In addition, each <a
-         href="../mod/core.html#options">Options</a> directive has the
-         effect of resetting the options to <code>none</code> before
-         adding the specified options (unless only "+" and "-" options
-         are used).  The consequence is that <code>Options</code> set
-         in the main server or virtual host context (outside any
-         directory, location, or files section) will usually have no
-         effect, because they are overridden by more specific
-         <code>Options</code> directives.  For example, in the following</p>
-
-<blockquote><code>
-&lt;Directory /usr/local/apache/htdocs&gt;<br />
-&nbsp;&nbsp;&nbsp;&nbsp;Options Indexes<br />
-&lt;/Directory&gt;<br />
-Options Includes ExecCGI<br />
-</code></blockquote>
-    
-         <p><code>Includes</code> and <code>ExecCGI</code> will be 
-         <strong>off</strong> in the <code>/usr/local/apache/htdocs</code>
-         directory.</p>
-
-         <p>You can usually avoid problems by either finding the 
-         <code>Options</code> directive that already applies to a 
-         specific directory and changing it, or by putting your
-         <code>Options</code> directive inside the most specific possible
-         <code>&lt;Directory&gt;</code> section.</p>
-
-       <hr /></li>
-
-
-       <li><a id="serverheader" name="serverheader"><strong>How can I change
-       the information that Apache returns about itself in the
-       headers?</strong></a>
-
-    <p>When a client connects to Apache, part of the information returned in
-    the headers is the name "Apache" Additional information that can be sent
-    is the version number, such as "1.3.26", the operating system, and a
-    list of non-standard modules you have installed.</p>
-
-    <p>For example:</p>
-
-<blockquote><code>
-Server: Apache/1.3.26 (Unix) mod_perl/1.26
-</code></blockquote>
-
-    <p>Frequently, people want to remove this information, under the mistaken
-    understanding that this will make the system more secure. This is
-    probably not the case, as the same exploits will likely be attempted
-    regardless of the header information you provide.</p>
-
-    <p>There are, however, two answers to this question: the correct answer,
-    and the answer that you are probably looking for.</p>
-
-    <p>The correct answer to this question is that you should use the
-    ServerTokens directive to alter the quantity of information which is
-    passed in the headers. Setting this directive to <code>Prod</code> will
-    pass the least possible amount of information:</p>
-
-<blockquote><code>
-Server: Apache
-</code></blockquote>
-
-    <p>The answer you are probably looking for is how to make Apache lie 
-    about what what it is, ie send something like:</p>
-
-<blockquote><code>
-Server: Bob's Happy HTTPd Server
-</code></blockquote>
-
-    <p>In order to do this, you will need to modify the Apache source code and
-    rebuild Apache. This is not advised, as it is almost certain not to
-    provide you with the added security you think that you are gaining. The
-    exact method of doing this is left as an exercise for the reader, as we
-    are not keen on helping you do something that is intrinsically a bad
-    idea.</p>
-
-    <hr /></li>
-
-         <li><a id="proxyscan" name="proxyscan"><strong>Why do I see requests
-         for other sites appearing in my log files?</strong></a>
-
-         <p>A an access_log entry showing this situation could look
-         like this:</p> 
-
-         <blockquote><code> 63.251.56.142 - -
-         [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/
-         HTTP/1.0" 200 1456 </code></blockquote>
-
-         <p>The question is: why did a request for
-         <code>www.yahoo.com</code> come to your server instead of
-         Yahoo's server?  And why does the response have a status 
-         code of 200 (success)?</p>
-
-         <p>This is usually the result of malicious clients trying to
-         exploit open proxy servers to access a website without
-         revealing their true location.  If you find entries like this
-         in your log, the first thing to do is to make sure you have
-         properly configured your server not to proxy for unknown
-         clients.  If you don't need to provide a proxy server at all,
-         you should simply assure that the <a
-         href="../mod/mod_proxy.html#proxyrequests">ProxyRequests</a>
-         directive is <strong>not</strong> set <code>on</code>.
-         If you do need to run a proxy server, then you must ensure
-         that you <a href="../mod/mod_proxy.html#access">secure your
-         server properly</a> so that only authorized clients can use
-         it.</p>
-
-         <p>If your server is configured properly, then the attempt to
-         proxy through your server will fail.  If you see a status
-         code of <code>404</code> (file not found) in the log, then
-         you know that the request failed.  If you see a status code
-         of <code>200</code> (success), that does not necessarily mean
-         that the attempt to proxy succeeded.  RFC2616 section 5.1.2
-         mandates that Apache must accept requests with absolute URLs
-         in the request-URI, even for non-proxy requests.  Since
-         Apache has no way to know all the different names that your
-         server may be known under, it cannot simply reject hostnames
-         it does not recognize.  Instead, it will serve requests for
-         unknown sites locally by stripping off the hostname and using
-         the default server or virtual host.  Therefore you can
-         compare the size of the file (1456 in the above example) to
-         the size of the corresponding file in your default server.
-         If they are the same, then the proxy attempt failed, since a
-         document from your server was delivered, not a document from
-         <code>www.yahoo.com</code>.</p>
-
-         <p>If you wish to prevent this type of request entirely, then
-         you need to let Apache know what hostnames to accept and what
-         hostnames to reject.  You do this by configuring name-virtual
-         hosts, where the first listed host is the default host that
-         will catch and reject unknown hostnames.  For example:</p>
-
-<blockquote>
-<pre>
-NameVirtualHost *
-
-&lt;VirtualHost *&gt;
-  ServerName default.only
-  &lt;Location /&gt;
-    Order allow,deny
-    Deny from all
-  &lt;/Location&gt;
-&lt;/VirtualHost&gt;
-
-&lt;VirtualHost *&gt;
-  ServerName realhost1.example.com
-  ServerAlias alias1.example.com alias2.example.com
-  DocumentRoot /path/to/site1
-&lt;/VirtualHost&gt;
-
-...
-</pre>
-</blockquote>
-    <hr /></li>
-
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>F. Dynamic Content (CGI and SSI)</h3>
-
-    <ol>
-      <li>
-        <a id="CGIoutsideScriptAlias"
-        name="CGIoutsideScriptAlias"><strong>How do I enable CGI
-        execution in directories other than the
-        ScriptAlias?</strong></a> 
-
-        <p>Apache recognizes all files in a directory named as a <a
-        href="../mod/mod_alias.html#scriptalias"><samp>ScriptAlias</samp></a>
-        as being eligible for execution rather than processing as
-        normal documents. This applies regardless of the file name,
-        so scripts in a ScriptAlias directory don't need to be
-        named "<samp>*.cgi</samp>" or "<samp>*.pl</samp>" or
-        whatever. In other words, <em>all</em> files in a
-        ScriptAlias directory are scripts, as far as Apache is
-        concerned.</p>
-
-        <p>To persuade Apache to execute scripts in other
-        locations, such as in directories where normal documents
-        may also live, you must tell it how to recognize them - and
-        also that it's okay to execute them. For this, you need to
-        use something like the <a
-        href="../mod/mod_mime.html#addhandler"><samp>AddHandler</samp></a>
-        directive.</p>
-
-        <ol>
-          <li>
-            In an appropriate section of your server configuration
-            files, add a line such as 
-
-            <dl>
-              <dd><code>AddHandler cgi-script .cgi</code></dd>
-            </dl>
-
-            <p>The server will then recognize that all files in
-            that location (and its logical descendants) that end in
-            "<samp>.cgi</samp>" are script files, not
-            documents.</p>
-          </li>
-
-          <li>Make sure that the directory location is covered by
-          an <a
-          href="../mod/core.html#options"><samp>Options</samp></a>
-          declaration that includes the <samp>ExecCGI</samp>
-          option.</li>
-        </ol>
-
-        <p>In some situations, you might not want to actually allow
-        all files named "<samp>*.cgi</samp>" to be executable.
-        Perhaps all you want is to enable a particular file in a
-        normal directory to be executable. This can be
-        alternatively accomplished <em>via</em> <a
-        href="../mod/mod_rewrite.html"><samp>mod_rewrite</samp></a>
-        and the following steps:</p>
-
-        <ol>
-          <li>
-            Locally add to the corresponding <samp>.htaccess</samp>
-            file a ruleset similar to this one: 
-
-            <dl>
-              <dd><code>RewriteEngine on<br />
-               RewriteBase /~foo/bar/<br />
-               RewriteRule ^quux\.cgi$ -
-              [T=application/x-httpd-cgi]</code></dd>
-            </dl>
-          </li>
-
-          <li>Make sure that the directory location is covered by
-          an <a
-          href="../mod/core.html#options"><samp>Options</samp></a>
-          declaration that includes the <samp>ExecCGI</samp> and
-          <samp>FollowSymLinks</samp> option.</li>
-        </ol>
-        <hr />
-      </li>
-
-      <li>
-        <a id="premature-script-headers"
-        name="premature-script-headers"><strong>What does it mean
-        when my CGIs fail with "<samp>Premature end of script
-        headers</samp>"?</strong></a> 
-
-        <p>It means just what it says: the server was expecting a
-        complete set of HTTP headers (one or more followed by a
-        blank line), and didn't get them.</p>
-
-        <p>The most common cause of this problem is the script
-        dying before sending the complete set of headers, or
-        possibly any at all, to the server. To see if this is the
-        case, try running the script standalone from an interactive
-        session, rather than as a script under the server. If you
-        get error messages, this is almost certainly the cause of
-        the "premature end of script headers" message. Even if the
-        CGI runs fine from the command line, remember that the
-        environment and permissions may be different when running
-        under the web server. The CGI can only access resources
-        allowed for the <a
-        href="../mod/core.html#user"><code>User</code></a> and <a
-        href="../mod/core.html#group"><code>Group</code></a>
-        specified in your Apache configuration. In addition, the
-        environment will not be the same as the one provided on the
-        command line, but it can be adjusted using the directives
-        provided by <a href="../mod/mod_env.html">mod_env</a>.</p>
-
-        <p>The second most common cause of this (aside from people
-        not outputting the required headers at all) is a result of
-        an interaction with Perl's output buffering. To make Perl
-        flush its buffers after each output statement, insert the
-        following statements around the <code>print</code> or
-        <code>write</code> statements that send your HTTP
-        headers:</p>
-
-        <dl>
-          <dd><code>{<br />
-           &nbsp;local ($oldbar) = $|;<br />
-           &nbsp;$cfh = select (STDOUT);<br />
-           &nbsp;$| = 1;<br />
-           &nbsp;#<br />
-           &nbsp;# print your HTTP headers here<br />
-           &nbsp;#<br />
-           &nbsp;$| = $oldbar;<br />
-           &nbsp;select ($cfh);<br />
-           }</code></dd>
-        </dl>
-
-        <p>This is generally only necessary when you are calling
-        external programs from your script that send output to
-        stdout, or if there will be a long delay between the time
-        the headers are sent and the actual content starts being
-        emitted. To maximize performance, you should turn
-        buffer-flushing back <em>off</em> (with <code>$| = 0</code>
-        or the equivalent) after the statements that send the
-        headers, as displayed above.</p>
-
-        <p>If your script isn't written in Perl, do the equivalent
-        thing for whatever language you <em>are</em> using
-        (<em>e.g.</em>, for C, call <code>fflush()</code> after
-        writing the headers).</p>
-
-        <p>Another cause for the "premature end of script headers"
-        message are the RLimitCPU and RLimitMEM directives. You may
-        get the message if the CGI script was killed due to a
-        resource limit.</p>
-
-        <p>In addition, a configuration problem in <a
-        href="../suexec.html">suEXEC</a>, mod_perl, or another
-        third party module can often interfere with the execution
-        of your CGI and cause the "premature end of script headers"
-        message.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="POSTnotallowed" name="POSTnotallowed"><strong>Why do
-        I keep getting "Method Not Allowed" for form POST
-        requests?</strong></a> 
-
-        <p>This is almost always due to Apache not being configured
-        to treat the file you are trying to POST to as a CGI
-        script. You can not POST to a normal HTML file; the
-        operation has no meaning. See the FAQ entry on <a
-        href="#CGIoutsideScriptAlias">CGIs outside ScriptAliased
-        directories</a> for details on how to configure Apache to
-        treat the file in question as a CGI.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="nph-scripts" name="nph-scripts"><strong>How can I
-        get my script's output without Apache buffering it? Why
-        doesn't my server push work?</strong></a> 
-
-        <p>As of Apache 1.3, CGI scripts are essentially not
-        buffered. Every time your script does a "flush" to output
-        data, that data gets relayed on to the client. Some
-        scripting languages, for example Perl, have their own
-        buffering for output - this can be disabled by setting the
-        <code>$|</code> special variable to 1. Of course this does
-        increase the overall number of packets being transmitted,
-        which can result in a sense of slowness for the end
-        user.</p>
-
-        <p>Prior to 1.3, you needed to use "nph-" scripts to
-        accomplish non-buffering. Today, the only difference
-        between nph scripts and normal scripts is that nph scripts
-        require the full HTTP headers to be sent.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="cgi-spec" name="cgi-spec"><strong>Where can I find
-        the "CGI specification"?</strong></a> 
-
-        <p>The Common Gateway Interface (CGI) specification can be
-        found at the original NCSA site &lt; <a
-        href="http://hoohoo.ncsa.uiuc.edu/cgi/interface.html"><samp>
-        http://hoohoo.ncsa.uiuc.edu/cgi/interface.html</samp></a>&gt;.
-        This version hasn't been updated since 1995, and there have
-        been some efforts to update it.</p>
-
-        <p>A new draft is being worked on with the intent of making
-        it an informational RFC; you can find out more about this
-        project at &lt;<a
-        href="http://web.golux.com/coar/cgi/"><samp>http://web.golux.com/coar/cgi/</samp></a>&gt;.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="fastcgi" name="fastcgi"><strong>Why isn't FastCGI
-        included with Apache any more?</strong></a> 
-
-        <p>The simple answer is that it was becoming too difficult
-        to keep the version being included with Apache synchronized
-        with the master copy at the <a
-        href="http://www.fastcgi.com/">FastCGI web site</a>. When a
-        new version of Apache was released, the version of the
-        FastCGI module included with it would soon be out of
-        date.</p>
-
-        <p>You can still obtain the FastCGI module for Apache from
-        the master FastCGI web site.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="ssi-part-i" name="ssi-part-i"><strong>How do I
-        enable SSI (parsed HTML)?</strong></a> 
-
-        <p>SSI (an acronym for Server-Side Include) directives
-        allow static HTML documents to be enhanced at run-time
-        (<em>e.g.</em>, when delivered to a client by Apache). The
-        format of SSI directives is covered in the <a
-        href="../mod/mod_include.html">mod_include manual</a>;
-        suffice it to say that Apache supports not only SSI but
-        xSSI (eXtended SSI) directives.</p>
-
-        <p>Processing a document at run-time is called
-        <em>parsing</em> it; hence the term "parsed HTML" sometimes
-        used for documents that contain SSI instructions. Parsing
-        tends to be resource-consumptive compared to serving static
-        files, and is not enabled by default. It can also interfere
-        with the cachability of your documents, which can put a
-        further load on your server. (See the <a
-        href="#ssi-part-ii">next question</a> for more information
-        about this.)</p>
-
-        <p>To enable SSI processing, you need to</p>
-
-        <ul>
-          <li>Build your server with the <a
-          href="../mod/mod_include.html"><samp>mod_include</samp></a>
-          module. This is normally compiled in by default.</li>
-
-          <li>Make sure your server configuration files have an <a
-          href="../mod/core.html#options"><samp>Options</samp></a>
-          directive which permits <samp>Includes</samp>.</li>
-
-          <li>
-            Make sure that the directory where you want the SSI
-            documents to live is covered by the "server-parsed"
-            content handler, either explicitly or in some ancestral
-            location. That can be done with the following <a
-            href="../mod/mod_mime.html#addhandler"><samp>AddHandler</samp></a>
-            directive: 
-
-            <dl>
-              <dd><code>AddHandler server-parsed .shtml</code></dd>
-            </dl>
-
-            <p>This indicates that all files ending in ".shtml" in
-            that location (or its descendants) should be parsed.
-            Note that using ".html" will cause all normal HTML
-            files to be parsed, which may put an inordinate load on
-            your server.</p>
-          </li>
-        </ul>
-
-        <p>For additional information, see the <cite>Apache
-        Week</cite> article on <a
-        href="http://www.apacheweek.com/features/ssi"
-        rel="Help"><cite>Using Server Side Includes</cite></a>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="ssi-part-ii" name="ssi-part-ii"><strong>Why don't my
-        parsed files get cached?</strong></a> 
-
-        <p>Since the server is performing run-time processing of
-        your SSI directives, which may change the content shipped
-        to the client, it can't know at the time it starts parsing
-        what the final size of the result will be, or whether the
-        parsed result will always be the same. This means that it
-        can't generate <samp>Content-Length</samp> or
-        <samp>Last-Modified</samp> headers. Caches commonly work by
-        comparing the <samp>Last-Modified</samp> of what's in the
-        cache with that being delivered by the server. Since the
-        server isn't sending that header for a parsed document,
-        whatever's doing the caching can't tell whether the
-        document has changed or not - and so fetches it again to be
-        on the safe side.</p>
-
-        <p>You can work around this in some cases by causing an
-        <samp>Expires</samp> header to be generated. (See the <a
-        href="../mod/mod_expires.html"
-        rel="Help"><samp>mod_expires</samp></a> documentation for
-        more details.) Another possibility is to use the <a
-        href="../mod/mod_include.html#xbithack"
-        rel="Help"><samp>XBitHack Full</samp></a> mechanism, which
-        tells Apache to send (under certain circumstances detailed
-        in the XBitHack directive description) a
-        <samp>Last-Modified</samp> header based upon the last
-        modification time of the file being parsed. Note that this
-        may actually be lying to the client if the parsed file
-        doesn't change but the SSI-inserted content does; if the
-        included content changes often, this can result in stale
-        copies being cached.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="ssi-part-iii" name="ssi-part-iii"><strong>How can I
-        have my script output parsed?</strong></a> 
-
-        <p>So you want to include SSI directives in the output from
-        your CGI script, but can't figure out how to do it? The
-        short answer is "you can't." This is potentially a security
-        liability and, more importantly, it can not be cleanly
-        implemented under the current server API. The best
-        workaround is for your script itself to do what the SSIs
-        would be doing. After all, it's generating the rest of the
-        content.</p>
-
-        <p>This is a feature The Apache Group hopes to add in the
-        next major release after 1.3.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="ssi-part-iv" name="ssi-part-iv"><strong>SSIs don't
-        work for VirtualHosts and/or user home
-        directories.</strong></a> 
-
-        <p>This is almost always due to having some setting in your
-        config file that sets "Options Includes" or some other
-        setting for your DocumentRoot but not for other
-        directories. If you set it inside a Directory section, then
-        that setting will only apply to that directory.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="errordocssi" name="errordocssi"><strong>How can I
-        use <code>ErrorDocument</code> and SSI to simplify
-        customized error messages?</strong></a> 
-
-        <p>Have a look at <a href="custom_errordocs.html">this
-        document</a>. It shows in example form how you can a
-        combination of XSSI and negotiation to tailor a set of
-        <code>ErrorDocument</code>s to your personal taste, and
-        returning different internationalized error responses based
-        on the client's native language.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="remote-user-var" name="remote-user-var"><strong>Why
-        is the environment variable <samp>REMOTE_USER</samp> not
-        set?</strong></a> 
-
-        <p>This variable is set and thus available in SSI or CGI
-        scripts <strong>if and only if</strong> the requested
-        document was protected by access authentication. For an
-        explanation on how to implement these restrictions, see <a
-        href="http://www.apacheweek.com/"><cite>Apache
-        Week</cite></a>'s articles on <a
-        href="http://www.apacheweek.com/features/userauth"><cite>Using
-        User Authentication</cite></a> or <a
-        href="http://www.apacheweek.com/features/dbmauth"><cite>DBM
-        User Authentication</cite></a>.</p>
-
-        <p>Hint: When using a CGI script to receive the data of a
-        HTML <samp>FORM</samp> notice that protecting the document
-        containing the <samp>FORM</samp> is not sufficient to
-        provide <samp>REMOTE_USER</samp> to the CGI script. You
-        have to protect the CGI script, too. Or alternatively only
-        the CGI script (then authentication happens only after
-        filling out the form).</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="user-cgi" name="user-cgi"><strong>How do I allow
-        each of my user directories to have a cgi-bin
-        directory?</strong></a> 
-
-        <p>Remember that CGI execution does not need to be
-        restricted only to cgi-bin directories. You can <a
-        href="#CGIoutsideScriptAlias">allow CGI script execution in
-        arbitrary parts of your filesystem</a>.</p>
-
-        <p>There are many ways to give each user directory a
-        cgi-bin directory such that anything requested as
-        <samp>http://example.com/~user/cgi-bin/program</samp> will
-        be executed as a CGI script. Two alternatives are:</p>
-
-        <ol>
-          <li>
-            Place the cgi-bin directory next to the public_html
-            directory: 
-
-            <dl>
-              <dd><code>ScriptAliasMatch ^/~([^/]*)/cgi-bin/(.*)
-              /home/$1/cgi-bin/$2</code></dd>
-            </dl>
-          </li>
-
-          <li>
-            Place the cgi-bin directory underneath the public_html
-            directory: 
-
-            <dl>
-              <dd><code>&lt;Directory
-              /home/*/public_html/cgi-bin&gt;<br />
-               &nbsp;&nbsp;&nbsp;&nbsp;Options ExecCGI<br />
-               &nbsp;&nbsp;&nbsp;&nbsp;SetHandler cgi-script<br />
-               &lt;/Directory&gt;</code></dd>
-            </dl>
-          </li>
-        </ol>
-        <p>If you are using suexec, the first technique will not work
-        because CGI scripts must be stored under the <code>public_html</code>
-        directory.</p>
-
-        <hr />
-      </li>
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>G. Authentication and Access Restrictions</h3>
-
-    <ol>
-      <li>
-        <a id="dnsauth" name="dnsauth"><strong>Why isn't
-        restricting access by host or domain name working
-        correctly?</strong></a> 
-
-        <p>Two of the most common causes of this are:</p>
-
-        <ol>
-          <li><strong>An error, inconsistency, or unexpected
-          mapping in the DNS registration</strong><br />
-           This happens frequently: your configuration restricts
-          access to <samp>Host.FooBar.Com</samp>, but you can't get
-          in from that host. The usual reason for this is that
-          <samp>Host.FooBar.Com</samp> is actually an alias for
-          another name, and when Apache performs the
-          address-to-name lookup it's getting the <em>real</em>
-          name, not <samp>Host.FooBar.Com</samp>. You can verify
-          this by checking the reverse lookup yourself. The easiest
-          way to work around it is to specify the correct host name
-          in your configuration.</li>
-
-          <li>
-            <strong>Inadequate checking and verification in your
-            configuration of Apache</strong><br />
-             If you intend to perform access checking and
-            restriction based upon the client's host or domain
-            name, you really need to configure Apache to
-            double-check the origin information it's supplied. You
-            do this by adding the <samp>-DMAXIMUM_DNS</samp> clause
-            to the <samp>EXTRA_CFLAGS</samp> definition in your
-            <samp>Configuration</samp> file. For example: 
-
-            <dl>
-              <dd><code>EXTRA_CFLAGS=-DMAXIMUM_DNS</code></dd>
-            </dl>
-
-            <p>This will cause Apache to be very paranoid about
-            making sure a particular host address is
-            <em>really</em> assigned to the name it claims to be.
-            Note that this <em>can</em> incur a significant
-            performance penalty, however, because of all the name
-            resolution requests being sent to a nameserver.</p>
-          </li>
-        </ol>
-        <hr />
-      </li>
-
-      <li>
-        <a id="user-authentication"
-        name="user-authentication"><strong>How do I set up Apache
-        to require a username and password to access certain
-        documents?</strong></a> 
-
-        <p>There are several ways to do this; some of the more
-        popular ones are to use the <a
-        href="../mod/mod_auth.html">mod_auth</a>, <a
-        href="../mod/mod_auth_db.html">mod_auth_db</a>, or <a
-        href="../mod/mod_auth_dbm.html">mod_auth_dbm</a>
-        modules.</p>
-
-        <p>For an explanation on how to implement these
-        restrictions, see <a
-        href="http://www.apacheweek.com/"><cite>Apache
-        Week</cite></a>'s articles on <a
-        href="http://www.apacheweek.com/features/userauth"><cite>Using
-        User Authentication</cite></a> or <a
-        href="http://www.apacheweek.com/features/dbmauth"><cite>DBM
-        User Authentication</cite></a>, or see the <a
-        href="../howto/auth.html">authentication tutorial</a> in the
-        Apache documentation.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="remote-auth-only"
-        name="remote-auth-only"><strong>How do I set up Apache to
-        allow access to certain documents only if a site is either
-        a local site <em>or</em> the user supplies a password and
-        username?</strong></a> 
-
-        <p>Use the <a href="../mod/core.html#satisfy">Satisfy</a>
-        directive, in particular the <code>Satisfy Any</code>
-        directive, to require that only one of the access
-        restrictions be met. For example, adding the following
-        configuration to a <samp>.htaccess</samp> or server
-        configuration file would restrict access to people who
-        either are accessing the site from a host under domain.com
-        or who can supply a valid username and password:</p>
-
-        <dl>
-          <dd><code>Deny from all<br />
-           Allow from .domain.com<br />
-           AuthType Basic<br />
-           AuthUserFile /usr/local/apache/conf/htpasswd.users<br />
-           AuthName "special directory"<br />
-           Require valid-user<br />
-           Satisfy any</code></dd>
-        </dl>
-
-        <p>See the <a href="#user-authentication">user
-        authentication</a> question and the <a
-        href="../mod/mod_access.html">mod_access</a> module for
-        details on how the above directives work.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="authauthoritative"
-        name="authauthoritative"><strong>Why does my authentication
-        give me a server error?</strong></a> 
-
-        <p>Under normal circumstances, the Apache access control
-        modules will pass unrecognized user IDs on to the next
-        access control module in line. Only if the user ID is
-        recognized and the password is validated (or not) will it
-        give the usual success or "authentication failed"
-        messages.</p>
-
-        <p>However, if the last access module in line 'declines'
-        the validation request (because it has never heard of the
-        user ID or because it is not configured), the
-        <samp>http_request</samp> handler will give one of the
-        following, confusing, errors:</p>
-
-        <ul>
-          <li><samp>check access</samp></li>
-
-          <li><samp>check user. No user file?</samp></li>
-
-          <li><samp>check access. No groups file?</samp></li>
-        </ul>
-
-        <p>This does <em>not</em> mean that you have to add an
-        '<samp>AuthUserFile&nbsp;/dev/null</samp>' line as some
-        magazines suggest!</p>
-
-        <p>The solution is to ensure that at least the last module
-        is authoritative and <strong>CONFIGURED</strong>. By
-        default, <samp>mod_auth</samp> is authoritative and will
-        give an OK/Denied, but only if it is configured with the
-        proper <samp>AuthUserFile</samp>. Likewise, if a valid
-        group is required. (Remember that the modules are processed
-        in the reverse order from that in which they appear in your
-        compile-time <samp>Configuration</samp> file.)</p>
-
-        <p>A typical situation for this error is when you are using
-        the <samp>mod_auth_dbm</samp>, <samp>mod_auth_msql</samp>,
-        <samp>mod_auth_mysql</samp>, <samp>mod_auth_anon</samp> or
-        <samp>mod_auth_cookie</samp> modules on their own. These
-        are by default <strong>not</strong> authoritative, and this
-        will pass the buck on to the (non-existent) next
-        authentication module when the user ID is not in their
-        respective database. Just add the appropriate
-        '<samp><em>XXX</em>Authoritative yes</samp>' line to the
-        configuration.</p>
-
-        <p>In general it is a good idea (though not terribly
-        efficient) to have the file-based <samp>mod_auth</samp> a
-        module of last resort. This allows you to access the web
-        server with a few special passwords even if the databases
-        are down or corrupted. This does cost a file
-        open/seek/close for each request in a protected area.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="auth-on-same-machine"
-        name="auth-on-same-machine"><strong>Do I have to keep the
-        (mSQL) authentication information on the same
-        machine?</strong></a> 
-
-        <p>Some organizations feel very strongly about keeping the
-        authentication information on a different machine than the
-        webserver. With the <samp>mod_auth_msql</samp>,
-        <samp>mod_auth_mysql</samp>, and other SQL modules
-        connecting to (R)DBMses this is quite possible. Just
-        configure an explicit host to contact.</p>
-
-        <p>Be aware that with mSQL and Oracle, opening and closing
-        these database connections is very expensive and time
-        consuming. You might want to look at the code in the
-        <samp>auth_*</samp> modules and play with the compile time
-        flags to alleviate this somewhat, if your RDBMS licences
-        allow for it.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="msql-slow" name="msql-slow"><strong>Why is my mSQL
-        authentication terribly slow?</strong></a> 
-
-        <p>You have probably configured the Host by specifying a
-        FQHN, and thus the <samp>libmsql</samp> will use a full
-        blown TCP/IP socket to talk to the database, rather than a
-        fast internal device. The <samp>libmsql</samp>, the mSQL
-        FAQ, and the <samp>mod_auth_msql</samp> documentation warn
-        you about this. If you have to use different hosts, check
-        out the <samp>mod_auth_msql</samp> code for some compile
-        time flags which might - or might not - suit you.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="passwdauth" name="passwdauth"><strong>Can I use my
-        <samp>/etc/passwd</samp> file for Web page
-        authentication?</strong></a> 
-
-        <p>Yes, you can - but it's a <strong>very bad
-        idea</strong>. Here are some of the reasons:</p>
-
-        <ul>
-          <li>The Web technology provides no governors on how often
-          or how rapidly password (authentication failure) retries
-          can be made. That means that someone can hammer away at
-          your system's <samp>root</samp> password using the Web,
-          using a dictionary or similar mass attack, just as fast
-          as the wire and your server can handle the requests. Most
-          operating systems these days include attack detection
-          (such as <em>n</em> failed passwords for the same account
-          within <em>m</em> seconds) and evasion (breaking the
-          connection, disabling the account under attack, disabling
-          <em>all</em> logins from that source, <em>et
-          cetera</em>), but the Web does not.</li>
-
-          <li>An account under attack isn't notified (unless the
-          server is heavily modified); there's no "You have 19483
-          login failures" message when the legitimate owner logs
-          in.</li>
-
-          <li>Without an exhaustive and error-prone examination of
-          the server logs, you can't tell whether an account has
-          been compromised. Detecting that an attack has occurred,
-          or is in progress, is fairly obvious, though -
-          <em>if</em> you look at the logs.</li>
-
-          <li>Web authentication passwords (at least for Basic
-          authentication) generally fly across the wire, and
-          through intermediate proxy systems, in what amounts to
-          plain text. "O'er the net we go/Caching all the way;/O
-          what fun it is to surf/Giving my password away!"</li>
-
-          <li>Since HTTP is stateless, information about the
-          authentication is transmitted <em>each and every
-          time</em> a request is made to the server. Essentially,
-          the client caches it after the first successful access,
-          and transmits it without asking for all subsequent
-          requests to the same server.</li>
-
-          <li>It's relatively trivial for someone on your system to
-          put up a page that will steal the cached password from a
-          client's cache without them knowing. Can you say
-          "password grabber"?</li>
-        </ul>
-
-        <p>If you still want to do this in light of the above
-        disadvantages, the method is left as an exercise for the
-        reader. It'll void your Apache warranty, though, and you'll
-        lose all accumulated UNIX guru points.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="prompted-twice" name="prompted-twice"><strong>Why
-        does Apache ask for my password twice before serving a
-        file?</strong></a> 
-
-        <p>If the hostname under which you are accessing the server
-        is different than the hostname specified in the <a
-        href="../mod/core.html#servername"><code>ServerName</code></a>
-        directive, then depending on the setting of the <a
-        href="../mod/core.html#usecanonicalname"><code>UseCanonicalName</code></a>
-        directive, Apache will redirect you to a new hostname when
-        constructing self-referential URLs. This happens, for
-        example, in the case where you request a directory without
-        including the trailing slash.</p>
-
-        <p>When this happens, Apache will ask for authentication
-        once under the original hostname, perform the redirect, and
-        then ask again under the new hostname. For security
-        reasons, the browser must prompt again for the password
-        when the host name changes.</p>
-
-        <p>To eliminate this problem you should</p>
-
-        <ol>
-          <li>Always use the trailing slash when requesting
-          directories;</li>
-
-          <li>Change the <code>ServerName</code> to match the name
-          you are using in the URL; and/or</li>
-
-          <li>Set <code>UseCanonicalName off</code>.</li>
-        </ol>
-        <hr />
-      </li>
-
-      <li>
-        <a id="image-theft" name="image-theft"><strong>How can I prevent
-        people from "stealing" the images from my web site?</strong></a> 
-
-        <p>The goal here is to prevent people from inlining your images
-        directly from their web site, but accessing them only if they
-        appear inline in your pages.<p>
-
-        <p>This can be accomplished with a combination of SetEnvIf and
-        the Deny and Allow directives. However, it is important to 
-        understand that any access restriction based on the REFERER
-        header is intrinsically problematic due to the fact that 
-        browsers can send an incorrect REFERER, either because they 
-        want to circumvent your restriction or simply because they don't
-        send the right thing (or anything at all).</p>
-
-        <p>The following configuration will produce the desired effect
-        if the browser passes correct REFERER headers.</p>
-
-<pre>
-SetEnvIf REFERER "www\.mydomain\.com" linked_from_here
-SetEnvIf REFERER "^$" linked_from_here
-
-&lt;Directory /www/images&gt;
-    Order deny,allow
-    Deny from all
-    Allow from env=linked_from_here
-&lt;/Directory&gt;
-</pre>
-
-<p>Further examples can be found in the <a 
-href="../env.html#examples">Environment Variables</a> documentation.</p>
-
-        <hr />
-      </li>
-
-
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>H. URL Rewriting</h3>
-
-    <ol>
-      <li>
-        <a id="rewrite-more-config"
-        name="rewrite-more-config"><strong>Where can I find
-        mod_rewrite rulesets which already solve particular
-        URL-related problems?</strong></a> 
-
-        <p>There is a collection of <a
-        href="http://www.engelschall.com/pw/apache/rewriteguide/">Practical
-        Solutions for URL-Manipulation</a> where you can find all
-        typical solutions the author of <a
-        href="../mod/mod_rewrite.html"><samp>mod_rewrite</samp></a>
-        currently knows of. If you have more interesting rulesets
-        which solve particular problems not currently covered in
-        this document, send it to <a
-        href="mailto:rse@apache.org">Ralf S. Engelschall</a> for
-        inclusion. The other webmasters will thank you for avoiding
-        the reinvention of the wheel.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="rewrite-article"
-        name="rewrite-article"><strong>Where can I find any
-        published information about URL-manipulations and
-        mod_rewrite?</strong></a> 
-
-        <p>There is an article from <a
-        href="mailto:rse@apache.org">Ralf S. Engelschall</a> about
-        URL-manipulations based on <a
-        href="../mod/mod_rewrite.html"><samp>mod_rewrite</samp></a>
-        in the "iX Multiuser Multitasking Magazin" issue #12/96.
-        The german (original) version can be read online at &lt;<a
-        href="http://www.heise.de/ix/artikel/9612149/">http://www.heise.de/ix/artikel/9612149/</a>&gt;,
-        the English (translated) version can be found at &lt;<a
-        href="http://www.heise.de/ix/artikel/E/9612149/">http://www.heise.de/ix/artikel/E/9612149/</a>&gt;.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="rewrite-complexity"
-        name="rewrite-complexity"><strong>Why is mod_rewrite so
-        difficult to learn and seems so complicated?</strong></a> 
-
-        <p>Hmmm... there are a lot of reasons. First, mod_rewrite
-        itself is a powerful module which can help you in really
-        <strong>all</strong> aspects of URL rewriting, so it can be
-        no trivial module per definition. To accomplish its hard
-        job it uses software leverage and makes use of a powerful
-        regular expression library by Henry Spencer which is an
-        integral part of Apache since its version 1.2. And regular
-        expressions itself can be difficult to newbies, while
-        providing the most flexible power to the advanced
-        hacker.</p>
-
-        <p>On the other hand mod_rewrite has to work inside the
-        Apache API environment and needs to do some tricks to fit
-        there. For instance the Apache API as of 1.x really was not
-        designed for URL rewriting at the <tt>.htaccess</tt> level
-        of processing. Or the problem of multiple rewrites in
-        sequence, which is also not handled by the API per design.
-        To provide this features mod_rewrite has to do some special
-        (but API compliant!) handling which leads to difficult
-        processing inside the Apache kernel. While the user usually
-        doesn't see anything of this processing, it can be
-        difficult to find problems when some of your RewriteRules
-        seem not to work.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="rewrite-dontwork"
-        name="rewrite-dontwork"><strong>What can I do if my
-        RewriteRules don't work as expected?</strong></a> 
-
-        <p>Use "<samp>RewriteLog somefile</samp>" and
-        "<samp>RewriteLogLevel 9</samp>" and have a precise look at
-        the steps the rewriting engine performs. This is really the
-        only one and best way to debug your rewriting
-        configuration.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="rewrite-prefixdocroot"
-        name="rewrite-prefixdocroot"><strong>Why don't some of my
-        URLs get prefixed with DocumentRoot when using
-        mod_rewrite?</strong></a> 
-
-        <p>If the rule starts with <samp>/somedir/...</samp> make
-        sure that really no <samp>/somedir</samp> exists on the
-        filesystem if you don't want to lead the URL to match this
-        directory, <em>i.e.</em>, there must be no root directory
-        named <samp>somedir</samp> on the filesystem. Because if
-        there is such a directory, the URL will not get prefixed
-        with DocumentRoot. This behavior looks ugly, but is really
-        important for some other aspects of URL rewriting.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="rewrite-nocase" name="rewrite-nocase"><strong>How
-        can I make all my URLs case-insensitive with
-        mod_rewrite?</strong></a> 
-
-        <p>You can't! The reasons are: first, that, case
-        translations for arbitrary length URLs cannot be done
-        <em>via</em> regex patterns and corresponding
-        substitutions. One needs a per-character pattern like the
-        sed/Perl <samp>tr|..|..|</samp> feature. Second, just
-        making URLs always upper or lower case does not solve the
-        whole problem of case-INSENSITIVE URLs, because URLs
-        actually have to be rewritten to the correct case-variant
-        for the file residing on the filesystem in order to allow
-        Apache to access the file. And the Unix filesystem is
-        always case-SENSITIVE.</p>
-
-        <p>But there is a module named <code><a
-        href="../mod/mod_speling.html">mod_speling.c</a></code> in
-        the Apache distribution. Try this module to help correct
-        people who use mis-cased URLs.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="rewrite-virthost"
-        name="rewrite-virthost"><strong>Why are RewriteRules in my
-        VirtualHost parts ignored?</strong></a> 
-
-        <p>Because you have to enable the engine for every virtual
-        host explicitly due to security concerns. Just add a
-        "RewriteEngine on" to your virtual host configuration
-        parts.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="rewrite-envwhitespace"
-        name="rewrite-envwhitespace"><strong>How can I use strings
-        with whitespaces in RewriteRule's ENV flag?</strong></a> 
-
-        <p>There is only one ugly solution: You have to surround
-        the complete flag argument by quotation marks
-        (<samp>"[E=...]"</samp>). Notice: The argument to quote
-        here is not the argument to the E-flag, it is the argument
-        of the Apache config file parser, <em>i.e.</em>, the third
-        argument of the RewriteRule here. So you have to write
-        <samp>"[E=any text with whitespaces]"</samp>.</p>
-        <hr />
-      </li>
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-    
-
-
-
-
-
-
-
-
-      
-      
-    
-
-    <h3>I. Features</h3>
-
-    <ol>
-      <li>
-        <a id="proxy" name="proxy"><strong>Does or will Apache act
-        as a Proxy server?</strong></a> 
-
-        <p>Apache version 1.1 and above comes with a <a
-        href="../mod/mod_proxy.html">proxy module</a>. If compiled
-        in, this will make Apache act as a caching-proxy
-        server.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="multiviews" name="multiviews"><strong>What are
-        "multiviews"?</strong></a> 
-
-        <p>"Multiviews" is the general name given to the Apache
-        server's ability to provide language-specific document
-        variants in response to a request. This is documented quite
-        thoroughly in the <a href="../content-negotiation.html"
-        rel="Help">content negotiation</a> description page. In
-        addition, <cite>Apache Week</cite> carried an article on
-        this subject entitled "<a
-        href="http://www.apacheweek.com/features/negotiation"
-        rel="Help"><cite>Content Negotiation
-        Explained</cite></a>".</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="putsupport" name="putsupport"><strong>Why can't I
-        publish to my Apache server using PUT on Netscape Gold and
-        other programs?</strong></a> 
-
-        <p>Because you need to install and configure a script to
-        handle the uploaded files. This script is often called a
-        "PUT" handler. There are several available, but they may
-        have security problems. Using FTP uploads may be easier and
-        more secure, at least for now. For more information, see
-        the <cite>Apache Week</cite> article <a
-        href="http://www.apacheweek.com/features/put"><cite>Publishing
-        Pages with PUT</cite></a>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="SSL-i" name="SSL-i"><strong>Why doesn't Apache
-        include SSL?</strong></a> 
-
-        <p>SSL (Secure Socket Layer) data transport requires
-        encryption, and many governments have restrictions upon the
-        import, export, and use of encryption technology. If Apache
-        included SSL in the base package, its distribution would
-        involve all sorts of legal and bureaucratic issues, and it
-        would no longer be freely available. Also, some of the
-        technology required to talk to current clients using SSL is
-        patented by <a href="http://www.rsa.com/">RSA Data
-        Security</a>, who restricts its use without a license.</p>
-
-        <p>Some SSL implementations of Apache are available,
-        however; see the "<a
-        href="http://httpd.apache.org/related_projects.html">related
-        projects</a>" page at the main Apache web site.</p>
-
-        <p>You can find out more about this topic in the
-        <cite>Apache Week</cite> article about <a
-        href="http://www.apacheweek.com/features/ssl"
-        rel="Help"><cite>Apache and Secure
-        Transactions</cite></a>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="footer" name="footer"><strong>How can I attach a
-        footer to my documents without using SSI?</strong></a> 
-
-        <p>You can make arbitrary changes to static documents by
-        configuring an <a
-        href="../mod/mod_actions.html#action">Action</a> which
-        launches a CGI script. The CGI is then responsible for
-        setting a content-type and delivering the requested
-        document (the location of which is passed in the
-        <samp>PATH_TRANSLATED</samp> environment variable), along
-        with whatever footer is needed.</p>
-
-        <p>Busy sites may not want to run a CGI script on every
-        request, and should consider using an Apache module to add
-        the footer. There are several third party modules available
-        through the <a href="http://modules.apache.org/">Apache
-        Module Registry</a> which will add footers to documents.
-        These include mod_trailer, PHP
-        (<samp>php3_auto_append_file</samp>), mod_layout, and
-        mod_perl (<samp>Apache::Sandwich</samp>).</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="search" name="search"><strong>Does Apache include a
-        search engine?</strong></a> 
-
-        <p>Apache does not include a search engine, but there are
-        many good commercial and free search engines which can be
-        used easily with Apache. Some of them are listed on the <a
-        href="http://www.searchtools.com/tools/tools.html">Web Site
-        Search Tools</a> page. Open source search engines that are
-        often used with Apache include <a
-        href="http://www.htdig.org/">ht://Dig</a> and <a
-        href="http://sunsite.berkeley.edu/SWISH-E/">SWISH-E</a>.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="rotate" name="rotate"><strong>How can I rotate my
-        log files?</strong></a> 
-
-        <p>The simple answer: by piping the transfer log into an
-        appropriate log file rotation utility.</p>
-
-        <p>The longer answer: In the src/support/ directory, you
-        will find a utility called <a
-        href="../programs/rotatelogs.html">rotatelogs</a> which can
-        be used like this:</p>
-<pre>
-   TransferLog "|/path/to/rotatelogs /path/to/logs/access_log 86400"
-</pre>
-
-        <p>to enable daily rotation of the log files.<br />
-         A more sophisticated solution of a logfile rotation
-        utility is available under the name <code>cronolog</code>
-        from Andrew Ford's site at <a
-        href="http://www.cronolog.org/">http://www.cronolog.org/</a>.
-        It can automatically create logfile subdirectories based on
-        time and date, and can have a constant symlink point to the
-        rotating logfiles. (As of version 1.6.1, cronolog is
-        available under the <a href="../LICENSE">Apache
-        License</a>). Use it like this:</p>
-<pre>
-   CustomLog "|/path/to/cronolog --symlink=/usr/local/apache/logs/access_log /usr/local/apache/logs/%Y/%m/access_log" combined
-</pre>
-        <hr />
-      </li>
-
-      <li>
-        <a id="conditional-logging"
-        name="conditional-logging"><strong>How do I keep certain
-        requests from appearing in my logs?</strong></a> 
-
-        <p>The maximum flexibility for removing unwanted
-        information from log files is obtained by post-processing
-        the logs, or using piped-logs to feed the logs through a
-        program which does whatever you want. However, Apache does
-        offer the ability to prevent requests from ever appearing
-        in the log files. You can do this by using the <a
-        href="../mod/mod_setenvif.html#setenvif"><code>SetEnvIf</code></a>
-        directive to set an environment variable for certain
-        requests and then using the conditional <a
-        href="../mod/mod_log_config.html#customlog-conditional"><code>
-        CustomLog</code></a> syntax to prevent logging when the
-        environment variable is set.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="dbinteg" name="dbinteg"><b>Does Apache support any
-        sort of database integration?</b></a> 
-
-        <p>No. Apache is a Web (HTTP) server, not an application
-        server. The base package does not include any such
-        functionality. See the <a href="http://www.php.net/">PHP
-        project</a> and the <a
-        href="http://perl.apache.org/">mod_perl project</a> for
-        examples of modules that allow you to work with databases
-        from within the Apache environment.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="asp" name="asp"><b>Can I use Active Server Pages
-        (ASP) with Apache?</b></a> 
-
-        <p>The base Apache Web server package does not include ASP
-        support. However, there are a couple of after-market
-        solutions that let you add this functionality; see the <a
-        href="http://httpd.apache.org/related_projects.html">related
-        projects</a> page to find out more.</p>
-        <hr />
-      </li>
-
-      <li>
-        <a id="java" name="java"><b>Does Apache come with Java
-        support?</b></a> 
-
-        <p>The base Apache Web server package does not include
-        support for Java, Java Server Pages, Enterprise Java Beans,
-        or Java servlets. Those features are available as add-ons
-        from the Apache/Java project site, &lt;URL:<a
-        href="http://jakarta.apache.org">http://jakarta.apache.org/</a>&gt;.</p>
-        <hr />
-      </li>
-    </ol>
-    
-    
-  </body>
-</html>
-
-
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html b/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html
deleted file mode 100644
index 0525ba43614..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html
+++ /dev/null
@@ -1,493 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>International Customized Server Error Messages</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Using XSSI and <samp>ErrorDocument</samp> to
-    configure customized international server error responses</h1>
-
-    <h2>Index</h2>
-
-    <ul>
-      <li><a href="#intro">Introduction</a></li>
-
-      <li><a href="#createdir">Creating an ErrorDocument
-      directory</a></li>
-
-      <li><a href="#docnames">Naming the individual error document
-      files</a></li>
-
-      <li><a href="#headfoot">The common header and footer
-      files</a></li>
-
-      <li><a href="#createdocs">Creating ErrorDocuments in
-      different languages</a></li>
-
-      <li><a href="#fallback">The fallback language</a></li>
-
-      <li><a href="#proxy">Customizing Proxy Error
-      Messages</a></li>
-
-      <li><a href="#listings">HTML listing of the discussed
-      example</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="intro" name="intro">Introduction</a></h2>
-
-    <p>This document describes an easy way to provide your apache
-    WWW server with a set of customized error messages which take
-    advantage of <a href="../content-negotiation.html">Content
-    Negotiation</a> and <a href="../mod/mod_include.html">eXtended
-    Server Side Includes (XSSI)</a> to return error messages
-    generated by the server in the client's native language.</p>
-
-    <p>By using XSSI, all <a
-    href="../mod/core.html#errordocument">customized messages</a>
-    can share a homogenous and consistent style and layout, and
-    maintenance work (changing images, changing links) is kept to a
-    minimum because all layout information can be kept in a single
-    file.<br />
-     Error documents can be shared across different servers, or
-    even hosts, because all varying information is inserted at the
-    time the error document is returned on behalf of a failed
-    request.</p>
-
-    <p>Content Negotiation then selects the appropriate language
-    version of a particular error message text, honoring the
-    language preferences passed in the client's request. (Users
-    usually select their favorite languages in the preferences
-    options menu of today's browsers). When an error document in
-    the client's primary language version is unavailable, the
-    secondary languages are tried or a default (fallback) version
-    is used.</p>
-
-    <p>You have full flexibility in designing your error documents
-    to your personal taste (or your company's conventions). For
-    demonstration purposes, we present a simple generic error
-    document scheme. For this hypothetic server, we assume that all
-    error messages...</p>
-
-    <ul>
-      <li>possibly are served by different virtual hosts (different
-      host name, different IP address, or different port) on the
-      server machine,</li>
-
-      <li>show a predefined company logo in the right top of the
-      message (selectable by virtual host),</li>
-
-      <li>print the error title first, followed by an explanatory
-      text and (depending on the error context) help on how to
-      resolve the error,</li>
-
-      <li>have some kind of standardized background image,</li>
-
-      <li>display an apache logo and a feedback email address at
-      the bottom of the error message.</li>
-    </ul>
-
-    <p>An example of a "document not found" message for a german
-    client might look like this:<br />
-     <img src="../images/custom_errordocs.gif"
-    alt="[Needs graphics capability to display]" /><br />
-     All links in the document as well as links to the server's
-    administrator mail address, and even the name and port of the
-    serving virtual host are inserted in the error document at
-    "run-time", <em>i.e.</em>, when the error actually occurs.</p>
-
-    <h2><a id="createdir" name="createdir">Creating an
-    ErrorDocument directory</a></h2>
-    For this concept to work as easily as possible, we must take
-    advantage of as much server support as we can get: 
-
-    <ol>
-      <li>By defining the <a
-      href="../mod/core.html#options">MultiViews option</a>, we
-      enable the language selection of the most appropriate
-      language alternative (content negotiation).</li>
-
-      <li>By setting the <a
-      href="../mod/mod_negotiation.html#languagepriority">LanguagePriority</a>
-      directive we define a set of default fallback languages in
-      the situation where the client's browser did not express any
-      preference at all.</li>
-
-      <li>By enabling <a href="../mod/mod_include.html">Server Side
-      Includes</a> (and disallowing execution of cgi scripts for
-      security reasons), we allow the server to include building
-      blocks of the error message, and to substitute the value of
-      certain environment variables into the generated document
-      (dynamic HTML) or even to conditionally include or omit parts
-      of the text.</li>
-
-      <li>The <a
-      href="../mod/mod_mime.html#addhandler">AddHandler</a> and <a
-      href="../mod/mod_mime.html#addtype">AddType</a> directives
-      are useful for automatically XSSI-expanding all files with a
-      <samp>.shtml</samp> suffix to <em>text/html</em>.</li>
-
-      <li>By using the <a
-      href="../mod/mod_alias.html#alias">Alias</a> directive, we
-      keep the error document directory outside of the document
-      tree because it can be regarded more as a server part than
-      part of the document tree.</li>
-
-      <li>The <a
-      href="../mod/core.html#directory">&lt;Directory&gt;</a>-Block
-      restricts these "special" settings to the error document
-      directory and avoids an impact on any of the settings for the
-      regular document tree.</li>
-
-      <li>For each of the error codes to be handled (see RFC2068
-      for an exact description of each error code, or look at
-      <code>src/main/http_protocol.c</code> if you wish to see
-      apache's standard messages), an <a
-      href="../mod/core.html#errordocument">ErrorDocument</a> in
-      the aliased <samp>/errordocs</samp> directory is defined.
-      Note that we only define the basename of the document here
-      because the MultiViews option will select the best candidate
-      based on the language suffixes and the client's preferences.
-      Any error situation with an error code <em>not</em> handled
-      by a custom document will be dealt with by the server in the
-      standard way (<em>i.e.</em>, a plain error message in
-      english).</li>
-
-      <li>Finally, the <a
-      href="../mod/core.html#allowoverride">AllowOverride</a>
-      directive tells apache that it is not necessary to look for a
-      .htaccess file in the /errordocs directory: a minor speed
-      optimization.</li>
-    </ol>
-    The resulting <samp>httpd.conf</samp> configuration would then
-    look similar to this: <small>(Note that you can define your own
-    error messages using this method for only part of the document
-    tree, e.g., a /~user/ subtree. In this case, the configuration
-    could as well be put into the .htaccess file at the root of the
-    subtree, and the &lt;Directory&gt; and &lt;/Directory&gt;
-    directives -but not the contained directives- must be
-    omitted.)</small> 
-<pre>
-  LanguagePriority en fr de 
-  Alias  /errordocs  /usr/local/apache/errordocs
-  &lt;Directory /usr/local/apache/errordocs&gt;
-   AllowOverride none
-   Options MultiViews IncludesNoExec FollowSymLinks
-   AddType text/html .shtml
-   AddHandler server-parsed .shtml
-  &lt;/Directory&gt;
-  #    "400 Bad Request",
-  ErrorDocument  400  /errordocs/400
-  #    "401 Authorization Required",
-  ErrorDocument  401  /errordocs/401
-  #    "403 Forbidden",
-  ErrorDocument  403  /errordocs/403
-  #    "404 Not Found",
-  ErrorDocument  404  /errordocs/404
-  #    "500 Internal Server Error",
-  ErrorDocument  500  /errordocs/500
-</pre>
-    The directory for the error messages (here:
-    <samp>/usr/local/apache/errordocs/</samp>) must then be created
-    with the appropriate permissions (readable and executable by
-    the server uid or gid, only writable for the administrator). 
-
-    <h3><a id="docnames" name="docnames">Naming the individual
-    error document files</a></h3>
-    By defining the <samp>MultiViews</samp> option, the server was
-    told to automatically scan the directory for matching variants
-    (looking at language and content type suffixes) when a
-    requested document was not found. In the configuration, we
-    defined the names for the error documents to be just their
-    error number (without any suffix). 
-
-    <p>The names of the individual error documents are now
-    determined like this (I'm using 403 as an example, think of it
-    as a placeholder for any of the configured error
-    documents):</p>
-
-    <ul>
-      <li>No file errordocs/403 should exist. Otherwise, it would
-      be found and served (with the DefaultType, usually
-      text/plain), all negotiation would be bypassed.</li>
-
-      <li>For each language for which we have an internationalized
-      version (note that this need not be the same set of languages
-      for each error code - you can get by with a single language
-      version until you actually <em>have</em> translated
-      versions), a document
-      <samp>errordocs/403.shtml.<em>lang</em></samp> is created and
-      filled with the error text in that language (<a
-      href="#createdocs">see below</a>).</li>
-
-      <li>One fallback document called
-      <samp>errordocs/403.shtml</samp> is created, usually by
-      creating a symlink to the default language variant (<a
-      href="#fallback">see below</a>).</li>
-    </ul>
-
-    <h3><a id="headfoot" name="headfoot">The common header and
-    footer files</a></h3>
-    By putting as much layout information in two special "include
-    files", the error documents can be reduced to a bare minimum. 
-
-    <p>One of these layout files defines the HTML document header
-    and a configurable list of paths to the icons to be shown in
-    the resulting error document. These paths are exported as a set
-    of XSSI environment variables and are later evaluated by the
-    "footer" special file. The title of the current error (which is
-    put into the TITLE tag and an H1 header) is simply passed in
-    from the main error document in a variable called
-    <code>title</code>.<br />
-     <strong>By changing this file, the layout of all generated
-    error messages can be changed in a second.</strong> (By
-    exploiting the features of XSSI, you can easily define
-    different layouts based on the current virtual host, or even
-    based on the client's domain name).</p>
-
-    <p>The second layout file describes the footer to be displayed
-    at the bottom of every error message. In this example, it shows
-    an apache logo, the current server time, the server version
-    string and adds a mail reference to the site's webmaster.</p>
-
-    <p>For simplicity, the header file is simply called
-    <code>head.shtml</code> because it contains server-parsed
-    content but no language specific information. The footer file
-    exists once for each language translation, plus a symlink for
-    the default language.</p>
-
-    <p><strong>Example:</strong> for English, French and German
-    versions (default english)<br />
-     <code>foot.shtml.en</code>,<br />
-     <code>foot.shtml.fr</code>,<br />
-     <code>foot.shtml.de</code>,<br />
-     <code>foot.shtml</code> symlink to
-    <code>foot.shtml.en</code></p>
-
-    <p>Both files are included into the error document by using the
-    directives <code>&lt;!--#include virtual="head" --&gt;</code>
-    and <code>&lt;!--#include virtual="foot" --&gt;</code>
-    respectively: the rest of the magic occurs in mod_negotiation
-    and in mod_include.</p>
-
-    <p>See <a href="#listings">the listings below</a> to see an
-    actual HTML implementation of the discussed example.</p>
-
-    <h3><a id="createdocs" name="createdocs">Creating
-    ErrorDocuments in different languages</a></h3>
-    After all this preparation work, little remains to be said
-    about the actual documents. They all share a simple common
-    structure: 
-<pre>
-&lt;!--#set var="title" value="<em>error description title</em>" --&gt;
-&lt;!--#include virtual="head" --&gt;
-   <em>explanatory error text</em>
-&lt;!--#include virtual="foot" --&gt;
-</pre>
-    In the <a href="#listings">listings section</a>, you can see an
-    example of a [400 Bad Request] error document. Documents as
-    simple as that certainly cause no problems to translate or
-    expand. 
-
-    <h3><a id="fallback" name="fallback">The fallback
-    language</a></h3>
-    Do we need a special handling for languages other than those we
-    have translations for? We did set the LanguagePriority, didn't
-    we?! 
-
-    <p>Well, the LanguagePriority directive is for the case where
-    the client does not express any language priority at all. But
-    what happens in the situation where the client wants one of the
-    languages we do not have, and none of those we do have?</p>
-
-    <p>Without doing anything, the Apache server will usually
-    return a [406 no acceptable variant] error, listing the choices
-    from which the client may select. But we're in an error message
-    already, and important error information might get lost when
-    the client had to choose a language representation first.</p>
-
-    <p>So, in this situation it appears to be easier to define a
-    fallback language (by copying or linking, <em>e.g.</em>, the
-    english version to a language-less version). Because the
-    negotiation algorithm prefers "more specialized" variants over
-    "more generic" variants, these generic alternatives will only
-    be chosen when the normal negotiation did not succeed.</p>
-
-    <p>A simple shell script to do it (execute within the
-    errordocs/ dir):</p>
-<pre>
-  for f in *.shtml.en
-  do
-     ln -s $f `basename $f .en`
-  done
-</pre>
-
-    <h2><a id="proxy" name="proxy">Customizing Proxy Error
-    Messages</a></h2>
-
-    <p>As of Apache-1.3, it is possible to use the
-    <code>ErrorDocument</code> mechanism for proxy error messages
-    as well (previous versions always returned fixed predefined
-    error messages).</p>
-
-    <p>Most proxy errors return an error code of [500 Internal
-    Server Error]. To find out whether a particular error document
-    was invoked on behalf of a proxy error or because of some other
-    server error, and what the reason for the failure was, you can
-    check the contents of the new <code>ERROR_NOTES</code> CGI
-    environment variable: if invoked for a proxy error, this
-    variable will contain the actual proxy error message text in
-    HTML form.</p>
-
-    <p>The following excerpt demonstrates how to exploit the
-    <code>ERROR_NOTES</code> variable within an error document:</p>
-<pre>
- &lt;!--#if expr="$REDIRECT_ERROR_NOTES = ''" --&gt;
-  &lt;p&gt;
-   The server encountered an unexpected condition
-   which prevented it from fulfilling the request. 
-  &lt;/p&gt;
-  &lt;p&gt;
-   &lt;A HREF="mailto:&lt;!--#echo var="SERVER_ADMIN" --&gt;"
-    SUBJECT="Error message [&lt;!--#echo var="REDIRECT_STATUS" --&gt;] &lt;!--#echo var="title" --&gt; for &lt;!--#echo var="REQUEST_URI" --&gt;"&gt;
-   Please forward this error screen to &lt;!--#echo var="SERVER_NAME" --&gt;'s
-   WebMaster&lt;/A&gt;; it includes useful debugging information about
-   the Request which caused the error.
-   &lt;pre&gt;&lt;!--#printenv --&gt;&lt;/pre&gt;
-  &lt;/p&gt;
- &lt;!--#else --&gt;
-  &lt;!--#echo var="REDIRECT_ERROR_NOTES" --&gt;
- &lt;!--#endif --&gt;
-</pre>
-
-    <h2><a id="listings" name="listings">HTML listing of the
-    discussed example</a></h2>
-    So, to summarize our example, here's the complete listing of
-    the <samp>400.shtml.en</samp> document. You will notice that it
-    contains almost nothing but the error text (with conditional
-    additions). Starting with this example, you will find it easy
-    to add more error documents, or to translate the error
-    documents to different languages. 
-    <hr />
-<pre>
-&lt;!--#set var="title" value="Bad Request"
---&gt;&lt;!--#include virtual="head" --&gt;&lt;P&gt;
-   Your browser sent a request that this server could not understand:
-   &lt;BLOCKQUOTE&gt;
-     &lt;STRONG&gt;&lt;!--#echo var="REQUEST_URI" --&gt;&lt;/STRONG&gt;
-   &lt;/BLOCKQUOTE&gt;
-   The request could not be understood by the server due to malformed
-   syntax. The client should not repeat the request without
-   modifications.
-   &lt;/P&gt;
-   &lt;P&gt;
-   &lt;!--#if expr="$HTTP_REFERER != ''" --&gt;
-    Please inform the owner of
-    &lt;A HREF="&lt;!--#echo var="HTTP_REFERER" --&gt;"&gt;the referring page&lt;/A&gt; about 
-    the malformed link.
-   &lt;!--#else --&gt;
-    Please check your request for typing errors and retry.
-   &lt;!--#endif --&gt;
-   &lt;/P&gt;
-&lt;!--#include virtual="foot" --&gt;
-</pre>
-    <hr />
-    Here is the complete <samp>head.shtml</samp> file (the funny
-    line breaks avoid empty lines in the document after XSSI
-    processing). Note the configuration section at top. That's
-    where you configure the images and logos as well as the apache
-    documentation directory. Look how this file displays two
-    different logos depending on the content of the virtual host
-    name ($SERVER_NAME), and that an animated apache logo is shown
-    if the browser appears to support it (the latter requires
-    server configuration lines of the form <br />
-     <code>BrowserMatch "^Mozilla/[2-4]" anigif</code><br />
-     for browser types which support animated GIFs). 
-    <hr />
-<pre>
-&lt;!--#if expr="$SERVER_NAME = /.*\.mycompany\.com/" 
---&gt;&lt;!--#set var="IMG_CorpLogo"
-            value="http://$SERVER_NAME:$SERVER_PORT/errordocs/CorpLogo.gif" 
---&gt;&lt;!--#set var="ALT_CorpLogo" value="Powered by Linux!" 
---&gt;&lt;!--#else
---&gt;&lt;!--#set var="IMG_CorpLogo"
-            value="http://$SERVER_NAME:$SERVER_PORT/errordocs/PrivLogo.gif" 
---&gt;&lt;!--#set var="ALT_CorpLogo" value="Powered by Linux!" 
---&gt;&lt;!--#endif
---&gt;&lt;!--#set var="IMG_BgImage" value="http://$SERVER_NAME:$SERVER_PORT/errordocs/BgImage.gif" 
---&gt;&lt;!--#set var="DOC_Apache" value="http://$SERVER_NAME:$SERVER_PORT/Apache/" 
---&gt;&lt;!--#if expr="$anigif" 
---&gt;&lt;!--#set var="IMG_Apache" value="http://$SERVER_NAME:$SERVER_PORT/icons/apache_anim.gif" 
---&gt;&lt;!--#else
---&gt;&lt;!--#set var="IMG_Apache" value="http://$SERVER_NAME:$SERVER_PORT/icons/apache_pb.gif" 
---&gt;&lt;!--#endif
---&gt;&lt;!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"&gt;
-&lt;HTML&gt;
- &lt;HEAD&gt;
-  &lt;TITLE&gt;
-   [&lt;!--#echo var="REDIRECT_STATUS" --&gt;] &lt;!--#echo var="title" --&gt;
-  &lt;/TITLE&gt;
- &lt;/HEAD&gt;
- &lt;BODY BGCOLOR="white" BACKGROUND="&lt;!--#echo var="IMG_BgImage" --&gt;"&gt;&lt;UL&gt;
-  &lt;H1 ALIGN="center"&gt;
-   [&lt;!--#echo var="REDIRECT_STATUS" --&gt;] &lt;!--#echo var="title" --&gt;
-   &lt;IMG SRC="&lt;!--#echo var="IMG_CorpLogo" --&gt;"
-        ALT="&lt;!--#echo var="ALT_CorpLogo" --&gt;" ALIGN=right&gt;
-  &lt;/H1&gt;
-  &lt;HR&gt;&lt;!-- ======================================================== --&gt;
-  &lt;DIV&gt;
-</pre>
-    <hr />
-    and this is the <samp>foot.shtml.en</samp> file: 
-    <hr />
-<pre>
-  &lt;/DIV&gt;
-  &lt;HR&gt;
-  &lt;DIV ALIGN="right"&gt;&lt;SMALL&gt;&lt;SUP&gt;Local Server time:
-      &lt;!--#echo var="DATE_LOCAL" --&gt;
-  &lt;/SUP&gt;&lt;/SMALL&gt;&lt;/DIV&gt;
-  &lt;DIV ALIGN="center"&gt;
-    &lt;A HREF="&lt;!--#echo var="DOC_Apache" --&gt;"&gt;
-    &lt;IMG SRC="&lt;!--#echo var="IMG_Apache" --&gt;" BORDER=0 ALIGN="bottom"
-         ALT="Powered by &lt;!--#echo var="SERVER_SOFTWARE" --&gt;"&gt;&lt;/A&gt;&lt;BR&gt;
-    &lt;SMALL&gt;&lt;SUP&gt;&lt;!--#set var="var"
-     value="Powered by $SERVER_SOFTWARE -- File last modified on $LAST_MODIFIED"
-    --&gt;&lt;!--#echo var="var" --&gt;&lt;/SUP&gt;&lt;/SMALL&gt;
-  &lt;/DIV&gt;
-  &lt;ADDRESS&gt;If the indicated error looks like a misconfiguration, please inform
-   &lt;A HREF="mailto:&lt;!--#echo var="SERVER_ADMIN" --&gt;"
-      SUBJECT="Feedback about Error message [&lt;!--#echo var="REDIRECT_STATUS" 
-        --&gt;] &lt;!--#echo var="title" --&gt;, req=&lt;!--#echo var="REQUEST_URI" --&gt;"&gt;
-   &lt;!--#echo var="SERVER_NAME" --&gt;'s WebMaster&lt;/A&gt;.
-  &lt;/ADDRESS&gt;
- &lt;/UL&gt;&lt;/BODY&gt;
-&lt;/HTML&gt;
-</pre>
-    <hr />
-
-    <h3>More welcome!</h3>
-    If you have tips to contribute, send mail to <a
-    href="mailto:martin@apache.org">martin@apache.org</a> 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/descriptors.html b/usr.sbin/httpd/htdocs/manual/misc/descriptors.html
deleted file mode 100644
index 811ef241aeb..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/descriptors.html
+++ /dev/null
@@ -1,218 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Descriptors and Apache</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Descriptors and Apache</h1>
-
-    <p>A <em>descriptor</em>, also commonly called a <em>file
-    handle</em> is an object that a program uses to read or write
-    an open file, or open network socket, or a variety of other
-    devices. It is represented by an integer, and you may be
-    familiar with <code>stdin</code>, <code>stdout</code>, and
-    <code>stderr</code> which are descriptors 0, 1, and 2
-    respectively. Apache needs a descriptor for each log file, plus
-    one for each network socket that it listens on, plus a handful
-    of others. Libraries that Apache uses may also require
-    descriptors. Normal programs don't open up many descriptors at
-    all, and so there are some latent problems that you may
-    experience should you start running Apache with many
-    descriptors (<em>i.e.</em>, with many virtual hosts).</p>
-
-    <p>The operating system enforces a limit on the number of
-    descriptors that a program can have open at a time. There are
-    typically three limits involved here. One is a kernel
-    limitation, depending on your operating system you will either
-    be able to tune the number of descriptors available to higher
-    numbers (this is frequently called <em>FD_SETSIZE</em>). Or you
-    may be stuck with a (relatively) low amount. The second limit
-    is called the <em>hard resource</em> limit, and it is sometimes
-    set by root in an obscure operating system file, but frequently
-    is the same as the kernel limit. The third limit is called the
-    <em>soft resource</em> limit. The soft limit is always less
-    than or equal to the hard limit. For example, the hard limit
-    may be 1024, but the soft limit only 64. Any user can raise
-    their soft limit up to the hard limit. Root can raise the hard
-    limit up to the system maximum limit. The soft limit is the
-    actual limit that is used when enforcing the maximum number of
-    files a process can have open.</p>
-
-    <p>To summarize:</p>
-
-    <center>
-<pre>
-  #open files  &lt;=  soft limit  &lt;=  hard limit  &lt;=  kernel limit
-</pre>
-    </center>
-
-    <p>You control the hard and soft limits using the
-    <code>limit</code> (csh) or <code>ulimit</code> (sh)
-    directives. See the respective man pages for more information.
-    For example you can probably use <code>ulimit -n
-    unlimited</code> to raise your soft limit up to the hard limit.
-    You should include this command in a shell script which starts
-    your webserver.</p>
-
-    <p>Unfortunately, it's not always this simple. As mentioned
-    above, you will probably run into some system limitations that
-    will need to be worked around somehow. Work was done in version
-    1.2.1 to improve the situation somewhat. Here is a partial list
-    of systems and workarounds (assuming you are using 1.2.1 or
-    later):</p>
-
-    <dl>
-      <dt><strong>BSDI 2.0</strong></dt>
-
-      <dd>Under BSDI 2.0 you can build Apache to support more
-      descriptors by adding <code>-DFD_SETSIZE=nnn</code> to
-      <code>EXTRA_CFLAGS</code> (where nnn is the number of
-      descriptors you wish to support, keep it less than the hard
-      limit). But it will run into trouble if more than
-      approximately 240 Listen directives are used. This may be
-      cured by rebuilding your kernel with a higher
-      FD_SETSIZE.</dd>
-
-      <dt><strong>FreeBSD 2.2, BSDI 2.1+</strong></dt>
-
-      <dd>Similar to the BSDI 2.0 case, you should define
-      <code>FD_SETSIZE</code> and rebuild. But the extra Listen
-      limitation doesn't exist.</dd>
-
-      <dt><strong>Linux</strong></dt>
-
-      <dd>By default Linux has a kernel maximum of 256 open
-      descriptors per process. There are several patches available
-      for the 2.0.x series which raise this to 1024 and beyond, and
-      you can find them in the "unofficial patches" section of <a
-      href="http://www.linuxhq.com/">the Linux Information HQ</a>.
-      None of these patches are perfect, and an entirely different
-      approach is likely to be taken during the 2.1.x development.
-      Applying these patches will raise the FD_SETSIZE used to
-      compile all programs, and unless you rebuild all your
-      libraries you should avoid running any other program with a
-      soft descriptor limit above 256. As of this writing the
-      patches available for increasing the number of descriptors do
-      not take this into account. On a dedicated webserver you
-      probably won't run into trouble.</dd>
-
-      <dt><strong>Solaris through 2.5.1</strong></dt>
-
-      <dd>Solaris has a kernel hard limit of 1024 (may be lower in
-      earlier versions). But it has a limitation that files using
-      the stdio library cannot have a descriptor above 255. Apache
-      uses the stdio library for the ErrorLog directive. When you
-      have more than approximately 110 virtual hosts (with an error
-      log and an access log each) you will need to build Apache
-      with <code>-DHIGH_SLACK_LINE=256</code> added to
-      <code>EXTRA_CFLAGS</code>. You will be limited to
-      approximately 240 error logs if you do this.</dd>
-
-      <dt><strong>AIX</strong></dt>
-
-      <dd>AIX version 3.2?? appears to have a hard limit of 128
-      descriptors. End of story. Version 4.1.5 has a hard limit of
-      2000.  Version 4.3.3 and 5.1 say
-      <pre>
-/*
- * Select uses bit masks of file descriptors.
- * These macros manipulate such bit fields.
- * FD_SETSIZE may be defined by the user to the maximum valued file
- * descriptor to be selected; the default here should be == OPEN_MAX
- */
-#ifndef FD_SETSIZE
-#define FD_SETSIZE     32767    /* must be == OPEN_MAX in <limits.h> */
-#endif
-</pre></dd>
-
-      <dt><strong>SCO OpenServer</strong></dt>
-
-      <dd>Edit the <code>/etc/conf/cf.d/stune</code> file or use
-      <code>/etc/conf/cf.d/configure</code> choice 7 (User and
-      Group configuration) and modify the <code>NOFILES</code>
-      kernel parameter to a suitably higher value. SCO recommends a
-      number between 60 and 11000, the default is 110. Relink and
-      reboot, and the new number of descriptors will be
-      available.</dd>
-
-      <dt><strong>Compaq Tru64 UNIX/Digital UNIX/OSF</strong></dt>
-
-      <dd>
-        <ol>
-          <li>Raise <code>open_max_soft</code> and
-          <code>open_max_hard</code> to 4096 in the proc subsystem.
-          Do a man on sysconfig, sysconfigdb, and
-          sysconfigtab.</li>
-
-          <li>Raise <code>max-vnodes</code> to a large number which
-          is greater than the number of apache processes * 4096
-          (Setting it to 250,000 should be good for most people).
-          Do a man on sysconfig, sysconfigdb, and
-          sysconfigtab.</li>
-
-          <li>If you are using Tru64 5.0, 5.0A, or 5.1, define
-          <code>NO_SLACK</code> to work around a bug in the OS.
-          <code>CFLAGS="-DNO_SLACK" ./configure</code></li>
-        </ol>
-      </dd>
-
-      <dt><strong>Others</strong></dt>
-
-      <dd>If you have details on another operating system, please
-      submit it through our <a
-      href="http://httpd.apache.org/bug_report.html">Bug Report
-      Page</a>.</dd>
-    </dl>
-
-    <p>In addition to the problems described above there are
-    problems with many libraries that Apache uses. The most common
-    example is the bind DNS resolver library that is used by pretty
-    much every unix, which fails if it ends up with a descriptor
-    above 256. We suspect there are other libraries that similar
-    limitations. So the code as of 1.2.1 takes a defensive stance
-    and tries to save descriptors less than 16 for use while
-    processing each request. This is called the <em>low slack
-    line</em>.</p>
-
-    <p>Note that this shouldn't waste descriptors. If you really
-    are pushing the limits and Apache can't get a descriptor above
-    16 when it wants it, it will settle for one below 16.</p>
-
-    <p>In extreme situations you may want to lower the low slack
-    line, but you shouldn't ever need to. For example, lowering it
-    can increase the limits 240 described above under Solaris and
-    BSDI 2.0. But you'll play a delicate balancing game with the
-    descriptors needed to serve a request. Should you want to play
-    this game, the compile time parameter is
-    <code>LOW_SLACK_LINE</code> and there's a tiny bit of
-    documentation in the header file <code>httpd.h</code>.</p>
-
-    <p>Finally, if you suspect that all this slack stuff is causing
-    you problems, you can disable it. Add <code>-DNO_SLACK</code>
-    to <code>EXTRA_CFLAGS</code> and rebuild. But please report it
-    to our <a href="http://httpd.apache.org/bug_report.html">Bug
-    Report Page</a> so that we can investigate. 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html b/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html
deleted file mode 100644
index 5b4b8faa017..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html
+++ /dev/null
@@ -1,398 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Connections in FIN_WAIT_2 and Apache</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Connections in the FIN_WAIT_2 state and
-    Apache</h1>
-
-    <ol>
-      <li>
-        <h2>What is the FIN_WAIT_2 state?</h2>
-        Starting with the Apache 1.2 betas, people are reporting
-        many more connections in the FIN_WAIT_2 state (as reported
-        by <code>netstat</code>) than they saw using older
-        versions. When the server closes a TCP connection, it sends
-        a packet with the FIN bit sent to the client, which then
-        responds with a packet with the ACK bit set. The client
-        then sends a packet with the FIN bit set to the server,
-        which responds with an ACK and the connection is closed.
-        The state that the connection is in during the period
-        between when the server gets the ACK from the client and
-        the server gets the FIN from the client is known as
-        FIN_WAIT_2. See the <a
-        href="ftp://ds.internic.net/rfc/rfc793.txt">TCP RFC</a> for
-        the technical details of the state transitions. 
-
-        <p>The FIN_WAIT_2 state is somewhat unusual in that there
-        is no timeout defined in the standard for it. This means
-        that on many operating systems, a connection in the
-        FIN_WAIT_2 state will stay around until the system is
-        rebooted. If the system does not have a timeout and too
-        many FIN_WAIT_2 connections build up, it can fill up the
-        space allocated for storing information about the
-        connections and crash the kernel. The connections in
-        FIN_WAIT_2 do not tie up an httpd process.</p>
-      </li>
-
-      <li>
-        <h2>But why does it happen?</h2>
-        There are numerous reasons for it happening, some of them
-        may not yet be fully clear. What is known follows. 
-
-        <h3>Buggy clients and persistent connections</h3>
-        Several clients have a bug which pops up when dealing with
-        <a href="../keepalive.html">persistent connections</a> (aka
-        keepalives). When the connection is idle and the server
-        closes the connection (based on the <a
-        href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a>),
-        the client is programmed so that the client does not send
-        back a FIN and ACK to the server. This means that the
-        connection stays in the FIN_WAIT_2 state until one of the
-        following happens: 
-
-        <ul>
-          <li>The client opens a new connection to the same or a
-          different site, which causes it to fully close the older
-          connection on that socket.</li>
-
-          <li>The user exits the client, which on some (most?)
-          clients causes the OS to fully shutdown the
-          connection.</li>
-
-          <li>The FIN_WAIT_2 times out, on servers that have a
-          timeout for this state.</li>
-        </ul>
-
-        <p>If you are lucky, this means that the buggy client will
-        fully close the connection and release the resources on
-        your server. However, there are some cases where the socket
-        is never fully closed, such as a dialup client
-        disconnecting from their provider before closing the
-        client. In addition, a client might sit idle for days
-        without making another connection, and thus may hold its
-        end of the socket open for days even though it has no
-        further use for it. <strong>This is a bug in the browser or
-        in its operating system's TCP implementation.</strong></p>
-
-        <p>The clients on which this problem has been verified to
-        exist:</p>
-
-        <ul>
-          <li>Mozilla/3.01 (X11; I; FreeBSD 2.1.5-RELEASE
-          i386)</li>
-
-          <li>Mozilla/2.02 (X11; I; FreeBSD 2.1.5-RELEASE
-          i386)</li>
-
-          <li>Mozilla/3.01Gold (X11; I; SunOS 5.5 sun4m)</li>
-
-          <li>MSIE 3.01 on the Macintosh</li>
-
-          <li>MSIE 3.01 on Windows 95</li>
-        </ul>
-
-        <p>This does not appear to be a problem on:</p>
-
-        <ul>
-          <li>Mozilla/3.01 (Win95; I)</li>
-        </ul>
-
-        <p>It is expected that many other clients have the same
-        problem. What a client <strong>should do</strong> is
-        periodically check its open socket(s) to see if they have
-        been closed by the server, and close their side of the
-        connection if the server has closed. This check need only
-        occur once every few seconds, and may even be detected by a
-        OS signal on some systems (<em>e.g.</em>, Win95 and NT
-        clients have this capability, but they seem to be ignoring
-        it).</p>
-
-        <p>Apache <strong>cannot</strong> avoid these FIN_WAIT_2
-        states unless it disables persistent connections for the
-        buggy clients, just like we recommend doing for Navigator
-        2.x clients due to other bugs. However, non-persistent
-        connections increase the total number of connections needed
-        per client and slow retrieval of an image-laden web page.
-        Since non-persistent connections have their own resource
-        consumptions and a short waiting period after each closure,
-        a busy server may need persistence in order to best serve
-        its clients.</p>
-
-        <p>As far as we know, the client-caused FIN_WAIT_2 problem
-        is present for all servers that support persistent
-        connections, including Apache 1.1.x and 1.2.</p>
-
-        <h3>A necessary bit of code introduced in 1.2</h3>
-        While the above bug is a problem, it is not the whole
-        problem. Some users have observed no FIN_WAIT_2 problems
-        with Apache 1.1.x, but with 1.2b enough connections build
-        up in the FIN_WAIT_2 state to crash their server. The most
-        likely source for additional FIN_WAIT_2 states is a
-        function called <code>lingering_close()</code> which was
-        added between 1.1 and 1.2. This function is necessary for
-        the proper handling of persistent connections and any
-        request which includes content in the message body
-        (<em>e.g.</em>, PUTs and POSTs). What it does is read any
-        data sent by the client for a certain time after the server
-        closes the connection. The exact reasons for doing this are
-        somewhat complicated, but involve what happens if the
-        client is making a request at the same time the server
-        sends a response and closes the connection. Without
-        lingering, the client might be forced to reset its TCP
-        input buffer before it has a chance to read the server's
-        response, and thus understand why the connection has
-        closed. See the <a href="#appendix">appendix</a> for more
-        details. 
-
-        <p>The code in <code>lingering_close()</code> appears to
-        cause problems for a number of factors, including the
-        change in traffic patterns that it causes. The code has
-        been thoroughly reviewed and we are not aware of any bugs
-        in it. It is possible that there is some problem in the BSD
-        TCP stack, aside from the lack of a timeout for the
-        FIN_WAIT_2 state, exposed by the
-        <code>lingering_close</code> code that causes the observed
-        problems.</p>
-      </li>
-
-      <li>
-        What can I do about it? There are several possible
-        workarounds to the problem, some of which work better than
-        others. 
-
-        <h3>Add a timeout for FIN_WAIT_2</h3>
-        The obvious workaround is to simply have a timeout for the
-        FIN_WAIT_2 state. This is not specified by the RFC, and
-        could be claimed to be a violation of the RFC, but it is
-        widely recognized as being necessary. The following systems
-        are known to have a timeout: 
-
-        <ul>
-          <li><a href="http://www.freebsd.org/">FreeBSD</a>
-          versions starting at 2.0 or possibly earlier.</li>
-
-          <li><a href="http://www.netbsd.org/">NetBSD</a> version
-          1.2(?)</li>
-
-          <li><a href="http://www.openbsd.org/">OpenBSD</a> all
-          versions(?)</li>
-
-          <li><a href="http://www.bsdi.com/">BSD/OS</a> 2.1, with
-          the <a
-          href="ftp://ftp.bsdi.com/bsdi/patches/patches-2.1/K210-027">
-          K210-027</a> patch installed.</li>
-
-          <li><a href="http://www.sun.com/">Solaris</a> as of
-          around version 2.2. The timeout can be tuned by using
-          <code>ndd</code> to modify
-          <code>tcp_fin_wait_2_flush_interval</code>, but the
-          default should be appropriate for most servers and
-          improper tuning can have negative impacts.</li>
-
-          <li><a href="http://www.linux.org/">Linux</a> 2.0.x and
-          earlier(?)</li>
-
-          <li><a href="http://www.hp.com/">HP-UX</a> 10.x defaults
-          to terminating connections in the FIN_WAIT_2 state after
-          the normal keepalive timeouts. This does not refer to the
-          persistent connection or HTTP keepalive timeouts, but the
-          <code>SO_LINGER</code> socket option which is enabled by
-          Apache. This parameter can be adjusted by using
-          <code>nettune</code> to modify parameters such as
-          <code>tcp_keepstart</code> and <code>tcp_keepstop</code>.
-          In later revisions, there is an explicit timer for
-          connections in FIN_WAIT_2 that can be modified; contact
-          HP support for details.</li>
-
-          <li><a href="http://www.sgi.com/">SGI IRIX</a> can be
-          patched to support a timeout. For IRIX 5.3, 6.2, and 6.3,
-          use patches 1654, 1703 and 1778 respectively. If you have
-          trouble locating these patches, please contact your SGI
-          support channel for help.</li>
-
-          <li><a href="http://www.ncr.com/">NCR's MP RAS Unix</a>
-          2.xx and 3.xx both have FIN_WAIT_2 timeouts. In 2.xx it
-          is non-tunable at 600 seconds, while in 3.xx it defaults
-          to 600 seconds and is calculated based on the tunable
-          "max keep alive probes" (default of 8) multiplied by the
-          "keep alive interval" (default 75 seconds).</li>
-
-          <li><a href="http://www.sequent.com">Sequent's ptx/TCP/IP
-          for DYNIX/ptx</a> has had a FIN_WAIT_2 timeout since
-          around release 4.1 in mid-1994.</li>
-        </ul>
-
-        <p>The following systems are known to not have a
-        timeout:</p>
-
-        <ul>
-          <li><a href="http://www.sun.com/">SunOS 4.x</a> does not
-          and almost certainly never will have one because it as at
-          the very end of its development cycle for Sun. If you
-          have kernel source should be easy to patch.</li>
-        </ul>
-
-        <p>There is a <a
-        href="http://www.apache.org/dist/httpd/contrib/patches/1.2/fin_wait_2.patch">
-        patch available</a> for adding a timeout to the FIN_WAIT_2
-        state; it was originally intended for BSD/OS, but should be
-        adaptable to most systems using BSD networking code. You
-        need kernel source code to be able to use it. 
-
-        <h3>Compile without using
-        <code>lingering_close()</code></h3>
-        It is possible to compile Apache 1.2 without using the
-        <code>lingering_close()</code> function. This will result
-        in that section of code being similar to that which was in
-        1.1. If you do this, be aware that it can cause problems
-        with PUTs, POSTs and persistent connections, especially if
-        the client uses pipelining. That said, it is no worse than
-        on 1.1, and we understand that keeping your server running
-        is quite important. 
-
-        <p>To compile without the <code>lingering_close()</code>
-        function, add <code>-DNO_LINGCLOSE</code> to the end of the
-        <code>EXTRA_CFLAGS</code> line in your
-        <code>Configuration</code> file, rerun
-        <code>Configure</code> and rebuild the server.</p>
-
-        <h3>Use <code>SO_LINGER</code> as an alternative to
-        <code>lingering_close()</code></h3>
-        On most systems, there is an option called
-        <code>SO_LINGER</code> that can be set with
-        <code>setsockopt(2)</code>. It does something very similar
-        to <code>lingering_close()</code>, except that it is broken
-        on many systems so that it causes far more problems than
-        <code>lingering_close</code>. On some systems, it could
-        possibly work better so it may be worth a try if you have
-        no other alternatives. 
-
-        <p>To try it, add <code>-DUSE_SO_LINGER
-        -DNO_LINGCLOSE</code> to the end of the
-        <code>EXTRA_CFLAGS</code> line in your
-        <code>Configuration</code> file, rerun
-        <code>Configure</code> and rebuild the server.</p>
-
-        <p><strong>NOTE:</strong> Attempting to use
-        <code>SO_LINGER</code> and <code>lingering_close()</code>
-        at the same time is very likely to do very bad things, so
-        don't.</p>
-
-        <h3>Increase the amount of memory used for storing
-        connection state</h3>
-
-        <dl>
-          <dt>BSD based networking code:</dt>
-
-          <dd>
-            BSD stores network data, such as connection states, in
-            something called an mbuf. When you get so many
-            connections that the kernel does not have enough mbufs
-            to put them all in, your kernel will likely crash. You
-            can reduce the effects of the problem by increasing the
-            number of mbufs that are available; this will not
-            prevent the problem, it will just make the server go
-            longer before crashing. 
-
-            <p>The exact way to increase them may depend on your
-            OS; look for some reference to the number of "mbufs" or
-            "mbuf clusters". On many systems, this can be done by
-            adding the line <code>NMBCLUSTERS="n"</code>, where
-            <code>n</code> is the number of mbuf clusters you want
-            to your kernel config file and rebuilding your
-            kernel.</p>
-          </dd>
-        </dl>
-
-        <h3>Disable KeepAlive</h3>
-
-        <p>If you are unable to do any of the above then you
-        should, as a last resort, disable KeepAlive. Edit your
-        httpd.conf and change "KeepAlive On" to "KeepAlive
-        Off".</p>
-      </li>
-
-
-      <li>
-      <h2><a id="appendix" name="appendix">Appendix</a></h2>
-
-        <p>Below is a message from Roy Fielding, one of the authors
-        of HTTP/1.1.</p>
-
-        <h3>Why the lingering close functionality is necessary with
-        HTTP</h3>
-        The need for a server to linger on a socket after a close
-        is noted a couple times in the HTTP specs, but not
-        explained. This explanation is based on discussions between
-        myself, Henrik Frystyk, Robert S. Thau, Dave Raggett, and
-        John C. Mallery in the hallways of MIT while I was at W3C. 
-
-        <p>If a server closes the input side of the connection
-        while the client is sending data (or is planning to send
-        data), then the server's TCP stack will signal an RST
-        (reset) back to the client. Upon receipt of the RST, the
-        client will flush its own incoming TCP buffer back to the
-        un-ACKed packet indicated by the RST packet argument. If
-        the server has sent a message, usually an error response,
-        to the client just before the close, and the client
-        receives the RST packet before its application code has
-        read the error message from its incoming TCP buffer and
-        before the server has received the ACK sent by the client
-        upon receipt of that buffer, then the RST will flush the
-        error message before the client application has a chance to
-        see it. The result is that the client is left thinking that
-        the connection failed for no apparent reason.</p>
-
-        <p>There are two conditions under which this is likely to
-        occur:</p>
-
-        <ol>
-          <li>sending POST or PUT data without proper
-          authorization</li>
-
-          <li>sending multiple requests before each response
-          (pipelining) and one of the middle requests resulting in
-          an error or other break-the-connection result.</li>
-        </ol>
-
-        <p>The solution in all cases is to send the response, close
-        only the write half of the connection (what shutdown is
-        supposed to do), and continue reading on the socket until
-        it is either closed by the client (signifying it has
-        finally read the response) or a timeout occurs. That is
-        what the kernel is supposed to do if SO_LINGER is set.
-        Unfortunately, SO_LINGER has no effect on some systems; on
-        some other systems, it does not have its own timeout and
-        thus the TCP memory segments just pile-up until the next
-        reboot (planned or not).</p>
-
-        <p>Please note that simply removing the linger code will
-        not solve the problem -- it only moves it to a different
-        and much harder one to detect.</p>
-      </li>
-    </ol>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/howto.html b/usr.sbin/httpd/htdocs/manual/misc/howto.html
deleted file mode 100644
index c37b82f933d..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/howto.html
+++ /dev/null
@@ -1,239 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-    <meta name="description"
-    content="Some 'how to' tips for the Apache httpd server" />
-    <meta name="keywords"
-    content="apache,redirect,robots,rotate,logfiles" />
-
-    <title>Apache HOWTO documentation</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache HOWTO documentation</h1>
-    How to: 
-
-    <ul>
-      <li><a href="#redirect">redirect an entire server or
-      directory to a single URL</a></li>
-
-      <li><a href="#logreset">reset your log files</a></li>
-
-      <li><a href="#stoprob">stop/restrict robots</a></li>
-
-      <li><a href="#proxyssl">proxy SSL requests <em>through</em>
-      your non-SSL server</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="redirect" name="redirect">How to redirect an entire
-    server or directory to a single URL</a></h2>
-
-    <p>There are two chief ways to redirect all requests for an
-    entire server to a single location: one which requires the use
-    of <code>mod_rewrite</code>, and another which uses a CGI
-    script.</p>
-
-    <p>First: if all you need to do is migrate a server from one
-    name to another, simply use the <code>Redirect</code>
-    directive, as supplied by <code>mod_alias</code>:</p>
-
-    <blockquote>
-<pre>
-  Redirect / http://www.apache.org/
-</pre>
-    </blockquote>
-
-    <p>Since <code>Redirect</code> will forward along the complete
-    path, however, it may not be appropriate - for example, when
-    the directory structure has changed after the move, and you
-    simply want to direct people to the home page.</p>
-
-    <p>The best option is to use the standard Apache module
-    <code>mod_rewrite</code>. If that module is compiled in, the
-    following lines</p>
-
-    <blockquote>
-<pre>
-RewriteEngine On
-RewriteRule /.* http://www.apache.org/ [R]
-</pre>
-    </blockquote>
-    will send an HTTP 302 Redirect back to the client, and no
-    matter what they gave in the original URL, they'll be sent to
-    "http://www.apache.org/". 
-
-    <p>The second option is to set up a <code>ScriptAlias</code>
-    pointing to a <strong>CGI script</strong> which outputs a 301
-    or 302 status and the location of the other server.</p>
-
-    <p>By using a <strong>CGI script</strong> you can intercept
-    various requests and treat them specially, <em>e.g.</em>, you
-    might want to intercept <strong>POST</strong> requests, so that
-    the client isn't redirected to a script on the other server
-    which expects POST information (a redirect will lose the POST
-    information.) You might also want to use a CGI script if you
-    don't want to compile mod_rewrite into your server.</p>
-
-    <p>Here's how to redirect all requests to a script... In the
-    server configuration file,</p>
-
-    <blockquote>
-<pre>
-ScriptAlias / /usr/local/httpd/cgi-bin/redirect_script/
-</pre>
-    </blockquote>
-    and here's a simple perl script to redirect requests: 
-
-    <blockquote>
-<pre>
-#!/usr/local/bin/perl
-
-print "Status: 302 Moved Temporarily\r\n" .
-      "Location: http://www.some.where.else.com/\r\n" .
-      "\r\n";
-
-</pre>
-    </blockquote>
-    <hr />
-
-    <h2><a id="logreset" name="logreset">How to reset your log
-    files</a></h2>
-
-    <p>Sooner or later, you'll want to reset your log files
-    (access_log and error_log) because they are too big, or full of
-    old information you don't need.</p>
-
-    <p><code>access.log</code> typically grows by 1Mb for each
-    10,000 requests.</p>
-
-    <p>Most people's first attempt at replacing the logfile is to
-    just move the logfile or remove the logfile. This doesn't
-    work.</p>
-
-    <p>Apache will continue writing to the logfile at the same
-    offset as before the logfile moved. This results in a new
-    logfile being created which is just as big as the old one, but
-    it now contains thousands (or millions) of null characters.</p>
-
-    <p>The correct procedure is to move the logfile, then signal
-    Apache to tell it to reopen the logfiles.</p>
-
-    <p>Apache is signaled using the <strong>SIGHUP</strong> (-1)
-    signal. <em>e.g.</em></p>
-
-    <blockquote>
-      <code>mv access_log access_log.old<br />
-       kill -1 `cat httpd.pid`</code>
-    </blockquote>
-
-    <p>Note: <code>httpd.pid</code> is a file containing the
-    <strong>p</strong>rocess <strong>id</strong> of the Apache
-    httpd daemon, Apache saves this in the same directory as the
-    log files.</p>
-
-    <p>Many people use this method to replace (and backup) their
-    logfiles on a nightly or weekly basis.</p>
-    <hr />
-
-    <h2><a id="stoprob" name="stoprob">How to stop or restrict
-    robots</a></h2>
-
-    <p>Ever wondered why so many clients are interested in a file
-    called <code>robots.txt</code> which you don't have, and never
-    did have?</p>
-
-    <p>These clients are called <strong>robots</strong> (also known
-    as crawlers, spiders and other cute names) - special automated
-    clients which wander around the web looking for interesting
-    resources.</p>
-
-    <p>Most robots are used to generate some kind of <em>web
-    index</em> which is then used by a <em>search engine</em> to
-    help locate information.</p>
-
-    <p><code>robots.txt</code> provides a means to request that
-    robots limit their activities at the site, or more often than
-    not, to leave the site alone.</p>
-
-    <p>When the first robots were developed, they had a bad
-    reputation for sending hundreds/thousands of requests to each
-    site, often resulting in the site being overloaded. Things have
-    improved dramatically since then, thanks to <a
-    href="http://www.robotstxt.org/wc/guidelines.html">
-    Guidelines for Robot Writers</a>, but even so, some robots may
-    exhibit unfriendly behavior which the webmaster isn't willing
-    to tolerate, and will want to stop.</p>
-
-    <p>Another reason some webmasters want to block access to
-    robots, is to stop them indexing dynamic information. Many
-    search engines will use the data collected from your pages for
-    months to come - not much use if you're serving stock quotes,
-    news, weather reports or anything else that will be stale by
-    the time people find it in a search engine.</p>
-
-    <p>If you decide to exclude robots completely, or just limit
-    the areas in which they can roam, create a
-    <code>robots.txt</code> file; refer to the <a
-    href="http://www.robotstxt.org/wc/robots.html">
-    robot information pages</a> provided by Martijn Koster for the
-    syntax.</p>
-    <hr />
-
-    <h2><a id="proxyssl" name="proxyssl">How to proxy SSL requests
-    <em>through</em> your non-SSL Apache server</a><br />
-     <small>(<em>submitted by David Sedlock</em>)</small></h2>
-
-    <p>SSL uses port 443 for requests for secure pages. If your
-    browser just sits there for a long time when you attempt to
-    access a secure page over your Apache proxy, then the proxy may
-    not be configured to handle SSL. You need to instruct Apache to
-    listen on port 443 in addition to any of the ports on which it
-    is already listening:</p>
-<pre>
-    Listen 80
-    Listen 443
-</pre>
-
-    <p>Then set the security proxy in your browser to 443. That
-    might be it!</p>
-
-    <p>If your proxy is sending requests to another proxy, then you
-    may have to set the directive ProxyRemote differently. Here are
-    my settings:</p>
-<pre>
-    ProxyRemote http://nicklas:80/ http://proxy.mayn.franken.de:8080
-    ProxyRemote http://nicklas:443/ http://proxy.mayn.franken.de:443
-</pre>
-
-    <p>Requests on port 80 of my proxy <samp>nicklas</samp> are
-    forwarded to <samp>proxy.mayn.franken.de:8080</samp>, while
-    requests on port 443 are forwarded to
-    <samp>proxy.mayn.franken.de:443</samp>. If the remote proxy is
-    not set up to handle port 443, then the last directive can be
-    left out. SSL requests will only go over the first proxy.</p>
-
-    <p>Note that your Apache does NOT have to be set up to serve
-    secure pages with SSL. Proxying SSL is a different thing from
-    using it.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/index.html b/usr.sbin/httpd/htdocs/manual/misc/index.html
deleted file mode 100644
index 8415d4f4cc4..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/index.html
+++ /dev/null
@@ -1,104 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Miscellaneous Documentation</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache Miscellaneous Documentation</h1>
-
-    <p>Below is a list of additional documentation pages that apply
-    to the Apache web server development project.</p>
-
-    <dl>
-      <dt><a href="API.html">API</a></dt>
-
-      <dd>Description of Apache's Application Programming
-      Interface.</dd>
-
-      <dt><a href="FAQ.html">FAQ</a></dt>
-
-      <dd>Frequently-Asked Questions concerning the Apache project
-      and server.</dd>
-
-      <dt><a href="custom_errordocs.html">How to use XSSI and
-      Negotiation for custom ErrorDocuments</a></dt>
-
-      <dd>Describes a solution which uses XSSI and negotiation to
-      custom-tailor the Apache ErrorDocuments to taste, adding the
-      advantage of returning internationalized versions of the
-      error messages depending on the client's language
-      preferences.</dd>
-
-      <dt><a href="descriptors.html">File Descriptor use in
-      Apache</a></dt>
-
-      <dd>Describes how Apache uses file descriptors and talks
-      about various limits imposed on the number of descriptors
-      available by various operating systems.</dd>
-
-      <dt><a
-      href="fin_wait_2.html"><samp>FIN_WAIT_2</samp></a></dt>
-
-      <dd>A description of the causes of Apache processes going
-      into the <samp>FIN_WAIT_2</samp> state, and what you can do
-      about it.</dd>
-
-      <dt><a href="howto.html">"How-To"</a></dt>
-
-      <dd>Instructions about how to accomplish some
-      commonly-desired server functionality changes.</dd>
-
-      <dt><a href="known_client_problems.html">Known Client
-      Problems</a></dt>
-
-      <dd>A list of problems in HTTP clients which can be mitigated
-      by Apache.</dd>
-
-      <dt><a href="perf-bsd44.html">Performance Notes (BSD
-      4.4)</a></dt>
-
-      <dd>Some notes about ways to improve/optimize Apache
-      performance on BSD 4.4 systems.</dd>
-
-      <dt><a href="perf.html">Performance Notes (General)</a></dt>
-
-      <dd>Some generic notes about how to improve the performance
-      of your machine/OS.</dd>
-
-      <dt><a href="perf-tuning.html">Performance Notes -- Apache
-      Tuning</a></dt>
-
-      <dd>Notes about how to (run-time and compile-time) configure
-      Apache for highest performance. Notes explaining why Apache
-      does some things, and why it doesn't do other things (which
-      make it slower/faster).</dd>
-
-      <dt><a href="security_tips.html">Security Tips</a></dt>
-
-      <dd>Some "do"s - and "don't"s - for keeping your Apache web
-      site secure.</dd>
-
-    </dl>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html b/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html
deleted file mode 100644
index 86f55b8f3d3..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html
+++ /dev/null
@@ -1,356 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache HTTP Server Project</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Known Problems in Clients</h1>
-
-    <p>Over time the Apache Group has discovered or been notified
-    of problems with various clients which we have had to work
-    around, or explain. This document describes these problems and
-    the workarounds available. It's not arranged in any particular
-    order. Some familiarity with the standards is assumed, but not
-    necessary.</p>
-
-    <p>For brevity, <em>Navigator</em> will refer to Netscape's
-    Navigator product (which in later versions was renamed
-    "Communicator" and various other names), and <em>MSIE</em> will
-    refer to Microsoft's Internet Explorer product. All trademarks
-    and copyrights belong to their respective companies. We welcome
-    input from the various client authors to correct
-    inconsistencies in this paper, or to provide us with exact
-    version numbers where things are broken/fixed.</p>
-
-    <p>For reference, <a
-    href="ftp://ds.internic.net/rfc/rfc1945.txt">RFC1945</a>
-    defines HTTP/1.0, and <a
-    href="ftp://ds.internic.net/rfc/rfc2068.txt">RFC2068</a>
-    defines HTTP/1.1. Apache as of version 1.2 is an HTTP/1.1
-    server (with an optional HTTP/1.0 proxy).</p>
-
-    <p>Various of these workarounds are triggered by environment
-    variables. The admin typically controls which are set, and for
-    which clients, by using <a
-    href="../mod/mod_setenvif.html">mod_setenvif</a>. Unless
-    otherwise noted all of these workarounds exist in versions 1.2
-    and later.</p>
-
-    <h3><a id="trailing-crlf" name="trailing-crlf">Trailing CRLF on
-    POSTs</a></h3>
-
-    <p>This is a legacy issue. The CERN webserver required
-    <code>POST</code> data to have an extra <code>CRLF</code>
-    following it. Thus many clients send an extra <code>CRLF</code>
-    that is not included in the <code>Content-Length</code> of the
-    request. Apache works around this problem by eating any empty
-    lines which appear before a request.</p>
-
-    <h3><a id="broken-keepalive" name="broken-keepalive">Broken
-    keepalive</a></h3>
-
-    <p>Various clients have had broken implementations of
-    <em>keepalive</em> (persistent connections). In particular the
-    Windows versions of Navigator 2.0 get very confused when the
-    server times out an idle connection. The workaround is present
-    in the default config files:</p>
-
-    <blockquote>
-      <code>BrowserMatch Mozilla/2 nokeepalive</code>
-    </blockquote>
-    Note that this matches some earlier versions of MSIE, which
-    began the practice of calling themselves <em>Mozilla</em> in
-    their user-agent strings just like Navigator. 
-
-    <p>MSIE 4.0b2, which claims to support HTTP/1.1, does not
-    properly support keepalive when it is used on 301 or 302
-    (redirect) responses. Unfortunately Apache's
-    <code>nokeepalive</code> code prior to 1.2.2 would not work
-    with HTTP/1.1 clients. You must apply <a
-    href="http://www.apache.org/dist/httpd/patches/apply_to_1.2.1/msie_4_0b2_fixes.patch">
-    this patch</a> to version 1.2.1. Then add this to your
-    config:</p>
-
-    <blockquote>
-      <code>BrowserMatch "MSIE 4\.0b2;" nokeepalive</code>
-    </blockquote>
-
-    <h3><a id="force-response-1.0"
-    name="force-response-1.0">Incorrect interpretation of
-    <code>HTTP/1.1</code> in response</a></h3>
-
-    <p>To quote from section 3.1 of RFC1945:</p>
-
-    <blockquote>
-      HTTP uses a "&lt;MAJOR&gt;.&lt;MINOR&gt;" numbering scheme to
-      indicate versions of the protocol. The protocol versioning
-      policy is intended to allow the sender to indicate the format
-      of a message and its capacity for understanding further HTTP
-      communication, rather than the features obtained via that
-      communication.
-    </blockquote>
-    Since Apache is an HTTP/1.1 server, it indicates so as part of
-    its response. Many client authors mistakenly treat this part of
-    the response as an indication of the protocol that the response
-    is in, and then refuse to accept the response. 
-
-    <p>The first major indication of this problem was with AOL's
-    proxy servers. When Apache 1.2 went into beta it was the first
-    wide-spread HTTP/1.1 server. After some discussion, AOL fixed
-    their proxies. In anticipation of similar problems, the
-    <code>force-response-1.0</code> environment variable was added
-    to Apache. When present Apache will indicate "HTTP/1.0" in
-    response to an HTTP/1.0 client, but will not in any other way
-    change the response.</p>
-
-    <p>The pre-1.1 Java Development Kit (JDK) that is used in many
-    clients (including Navigator 3.x and MSIE 3.x) exhibits this
-    problem. As do some of the early pre-releases of the 1.1 JDK.
-    We think it is fixed in the 1.1 JDK release. In any event the
-    workaround:</p>
-
-    <blockquote>
-      <code>BrowserMatch Java/1.0 force-response-1.0<br />
-       BrowserMatch JDK/1.0 force-response-1.0</code>
-    </blockquote>
-
-    <p>RealPlayer 4.0 from Progressive Networks also exhibits this
-    problem. However they have fixed it in version 4.01 of the
-    player, but version 4.01 uses the same <code>User-Agent</code>
-    as version 4.0. The workaround is still:</p>
-
-    <blockquote>
-      <code>BrowserMatch "RealPlayer 4.0" force-response-1.0</code>
-    </blockquote>
-
-    <h3><a id="msie4.0b2" name="msie4.0b2">Requests use HTTP/1.1
-    but responses must be in HTTP/1.0</a></h3>
-
-    <p>MSIE 4.0b2 has this problem. Its Java VM makes requests in
-    HTTP/1.1 format but the responses must be in HTTP/1.0 format
-    (in particular, it does not understand <em>chunked</em>
-    responses). The workaround is to fool Apache into believing the
-    request came in HTTP/1.0 format.</p>
-
-    <blockquote>
-      <code>BrowserMatch "MSIE 4\.0b2;" downgrade-1.0
-      force-response-1.0</code>
-    </blockquote>
-    This workaround is available in 1.2.2, and in a <a
-    href="http://www.apache.org/dist/httpd/patches/apply_to_1.2.1/msie_4_0b2_fixes.patch">
-    patch</a> against 1.2.1. 
-
-    <h3><a id="257th-byte" name="257th-byte">Boundary problems with
-    header parsing</a></h3>
-
-    <p>All versions of Navigator from 2.0 through 4.0b2 (and
-    possibly later) have a problem if the trailing CRLF of the
-    response header starts at offset 256, 257 or 258 of the
-    response. A BrowserMatch for this would match on nearly every
-    hit, so the workaround is enabled automatically on all
-    responses. The workaround implemented detects when this
-    condition would occur in a response and adds extra padding to
-    the header to push the trailing CRLF past offset 258 of the
-    response.</p>
-
-    <h3><a id="boundary-string" name="boundary-string">Multipart
-    responses and Quoted Boundary Strings</a></h3>
-
-    <p>On multipart responses some clients will not accept quotes
-    (") around the boundary string. The MIME standard recommends
-    that such quotes be used. But the clients were probably written
-    based on one of the examples in RFC2068, which does not include
-    quotes. Apache does not include quotes on its boundary strings
-    to workaround this problem.</p>
-
-    <h3><a id="byterange-requests"
-    name="byterange-requests">Byterange requests</a></h3>
-
-    <p>A byterange request is used when the client wishes to
-    retrieve a portion of an object, not necessarily the entire
-    object. There was a very old draft which included these
-    byteranges in the URL. Old clients such as Navigator 2.0b1 and
-    MSIE 3.0 for the MAC exhibit this behavior, and it will appear
-    in the servers' access logs as (failed) attempts to retrieve a
-    URL with a trailing ";xxx-yyy". Apache does not attempt to
-    implement this at all.</p>
-
-    <p>A subsequent draft of this standard defines a header
-    <code>Request-Range</code>, and a response type
-    <code>multipart/x-byteranges</code>. The HTTP/1.1 standard
-    includes this draft with a few fixes, and it defines the header
-    <code>Range</code> and type
-    <code>multipart/byteranges</code>.</p>
-
-    <p>Navigator (versions 2 and 3) sends both <code>Range</code>
-    and <code>Request-Range</code> headers (with the same value),
-    but does not accept a <code>multipart/byteranges</code>
-    response. The response must be
-    <code>multipart/x-byteranges</code>. As a workaround, if Apache
-    receives a <code>Request-Range</code> header it considers it
-    "higher priority" than a <code>Range</code> header and in
-    response uses <code>multipart/x-byteranges</code>.</p>
-
-    <p>The Adobe Acrobat Reader plugin makes extensive use of
-    byteranges and prior to version 3.01 supports only the
-    <code>multipart/x-byterange</code> response. Unfortunately
-    there is no clue that it is the plugin making the request. If
-    the plugin is used with Navigator, the above workaround works
-    fine. But if the plugin is used with MSIE 3 (on Windows) the
-    workaround won't work because MSIE 3 doesn't give the
-    <code>Range-Request</code> clue that Navigator does. To
-    workaround this, Apache special cases "MSIE 3" in the
-    <code>User-Agent</code> and serves
-    <code>multipart/x-byteranges</code>. Note that the necessity
-    for this with MSIE 3 is actually due to the Acrobat plugin, not
-    due to the browser.</p>
-
-    <p>Netscape Communicator appears to not issue the non-standard
-    <code>Request-Range</code> header. When an Acrobat plugin prior
-    to version 3.01 is used with it, it will not properly
-    understand byteranges. The user must upgrade their Acrobat
-    reader to 3.01.</p>
-
-    <h3><a id="cookie-merge"
-    name="cookie-merge"><code>Set-Cookie</code> header is
-    unmergeable</a></h3>
-
-    <p>The HTTP specifications say that it is legal to merge
-    headers with duplicate names into one (separated by commas).
-    Some browsers that support Cookies don't like merged headers
-    and prefer that each <code>Set-Cookie</code> header is sent
-    separately. When parsing the headers returned by a CGI, Apache
-    will explicitly avoid merging any <code>Set-Cookie</code>
-    headers.</p>
-
-    <h3><a id="gif89-expires"
-    name="gif89-expires"><code>Expires</code> headers and GIF89A
-    animations</a></h3>
-
-    <p>Navigator versions 2 through 4 will erroneously re-request
-    GIF89A animations on each loop of the animation if the first
-    response included an <code>Expires</code> header. This happens
-    regardless of how far in the future the expiry time is set.
-    There is no workaround supplied with Apache, however there are
-    hacks for <a
-    href="http://arctic.org/~dean/patches/apache-1.2-gif89-expires-hack.patch">
-    1.2</a> and for <a
-    href="http://arctic.org/~dean/patches/apache-1.3-gif89-expires-hack.patch">
-    1.3</a>.</p>
-
-    <h3><a id="no-content-length"
-    name="no-content-length"><code>POST</code> without
-    <code>Content-Length</code></a></h3>
-
-    <p>In certain situations Navigator 3.01 through 3.03 appear to
-    incorrectly issue a POST without the request body. There is no
-    known workaround. It has been fixed in Navigator 3.04,
-    Netscapes provides some <a
-    href="http://help.netscape.com/kb/client/971014-42.html">information</a>.
-    There's also <a
-    href="http://arctic.org/~dean/apache/no-content-length/">
-    some information</a> about the actual problem.</p>
-
-    <h3><a id="jdk-12-bugs" name="jdk-12-bugs">JDK 1.2 betas lose
-    parts of responses.</a></h3>
-
-    <p>The http client in the JDK1.2beta2 and beta3 will throw away
-    the first part of the response body when both the headers and
-    the first part of the body are sent in the same network packet
-    AND keep-alive's are being used. If either condition is not met
-    then it works fine.</p>
-
-    <p>See also Bug-ID's 4124329 and 4125538 at the java developer
-    connection.</p>
-
-    <p>If you are seeing this bug yourself, you can add the
-    following BrowserMatch directive to work around it:</p>
-
-    <blockquote>
-      <code>BrowserMatch "Java1\.2beta[23]" nokeepalive</code>
-    </blockquote>
-
-    <p>We don't advocate this though since bending over backwards
-    for beta software is usually not a good idea; ideally it gets
-    fixed, new betas or a final release comes out, and no one uses
-    the broken old software anymore. In theory.</p>
-
-    <h3><a id="content-type-persistence"
-    name="content-type-persistence"><code>Content-Type</code>
-    change is not noticed after reload</a></h3>
-
-    <p>Navigator (all versions?) will cache the
-    <code>content-type</code> for an object "forever". Using reload
-    or shift-reload will not cause Navigator to notice a
-    <code>content-type</code> change. The only work-around is for
-    the user to flush their caches (memory and disk). By way of an
-    example, some folks may be using an old <code>mime.types</code>
-    file which does not map <code>.htm</code> to
-    <code>text/html</code>, in this case Apache will default to
-    sending <code>text/plain</code>. If the user requests the page
-    and it is served as <code>text/plain</code>. After the admin
-    fixes the server, the user will have to flush their caches
-    before the object will be shown with the correct
-    <code>text/html</code> type.</p>
-
-    <h3><a id="msie-cookie-y2k" name="msie-cookie-y2k">MSIE Cookie
-    problem with expiry date in the year 2000</a></h3>
-
-    <p>MSIE versions 3.00 and 3.02 (without the Y2K patch) do not
-    handle cookie expiry dates in the year 2000 properly. Years
-    after 2000 and before 2000 work fine. This is fixed in IE4.01
-    service pack 1, and in the Y2K patch for IE3.02. Users should
-    avoid using expiry dates in the year 2000.</p>
-
-    <h3><a id="lynx-negotiate-trans"
-    name="lynx-negotiate-trans">Lynx incorrectly asking for
-    transparent content negotiation</a></h3>
-
-    <p>The Lynx browser versions 2.7 and 2.8 send a "negotiate:
-    trans" header in their requests, which is an indication the
-    browser supports transparent content negotiation (TCN). However
-    the browser does not support TCN. As of version 1.3.4, Apache
-    supports TCN, and this causes problems with these versions of
-    Lynx. As a workaround future versions of Apache will ignore
-    this header when sent by the Lynx client.</p>
-
-    <h3><a id="ie40-vary" name="ie40-vary">MSIE 4.0 mishandles Vary
-    response header</a></h3>
-
-    <p>MSIE 4.0 does not handle a Vary header properly. The Vary
-    header is generated by mod_rewrite in apache 1.3. The result is
-    an error from MSIE saying it cannot download the requested
-    file. There are more details in <a
-    href="http://bugs.apache.org/index/full/4118">PR#4118</a>.</p>
-
-    <p>A workaround is to add the following to your server's
-    configuration files:</p>
-<pre>
-    BrowserMatch "MSIE 4\.0" force-no-vary
-</pre>
-
-    <p>(This workaround is only available with releases
-    <strong>after</strong> 1.3.6 of the Apache Web server.)</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html b/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html
deleted file mode 100644
index 785f66dad85..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html
+++ /dev/null
@@ -1,281 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Running a High-Performance Web Server for BSD</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <a id="initial" name="initial">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-    </a> 
-
-    <h1 align="CENTER">Running a High-Performance Web Server for
-    BSD</h1>
-
-    <p>This document assumes that you have read the appropriate
-    overview documentation for
-    <a href="http://www.FreeBSD.org/docs.html">FreeBSD</a>,
-    <a href="http://www.NetBSD.org/Documentation/">NetBSD</a>, or
-    <a href="http://www.OpenBSD.org/docum.html">OpenBSD</a>.
-    In addition, the FreeBSD
-    <a href="http://www.FreeBSD.org/cgi/man.cgi?query=tuning">tuning</a>
-    manual page contains lots of wisdom, especially regarding sysctl
-    options.</p>
-
-    <p>Like other OS's, the listen queue is often the <strong>first
-    limit hit</strong>. The following are comments from "Aaron
-    Gifford &lt;agifford@InfoWest.COM&gt;" on how to fix this on
-    BSDI 1.x, 2.x, and FreeBSD 2.0 (and earlier):</p>
-
-    <p>Edit the following two files:</p>
-
-    <blockquote>
-      <code>/usr/include/sys/socket.h<br />
-       /usr/src/sys/sys/socket.h</code>
-    </blockquote>
-    In each file, look for the following: 
-<pre>
-    /*
-     * Maximum queue length specifiable by listen.
-     */
-    #define SOMAXCONN       5
-</pre>
-    Just change the "5" to whatever appears to work. I bumped the
-    two machines I was having problems with up to 32 and haven't
-    noticed the problem since. 
-
-    <p>After the edit, recompile the kernel and recompile the
-    Apache server then reboot.</p>
-
-    <p>FreeBSD 2.1 seems to be perfectly happy, with SOMAXCONN set
-    to 32 already.</p>
-
-    <p><a id="detail" name="detail"><strong>Addendum for
-    <em>very</em> heavily loaded BSD servers</strong><br />
-    </a> from Chuck Murcko &lt;chuck@telebase.com&gt;</p>
-
-    <p>If you're running a really busy BSD Apache server, the
-    following are useful things to do if the system is acting
-    sluggish:</p>
-
-    <ul>
-      <li>Run vmstat to check memory usage, page/swap rates,
-      <em>etc.</em></li>
-
-      <li>Run netstat -m to check mbuf usage</li>
-
-      <li>Run fstat to check file descriptor usage</li>
-    </ul>
-    These utilities give you an idea what you'll need to tune in
-    your kernel, and whether it'll help to buy more RAM. Here are
-    some BSD kernel config parameters (actually BSDI, but pertinent
-    to FreeBSD and other 4.4-lite derivatives) from a system
-    getting heavy usage. The tools mentioned above were used, and
-    the system memory was increased to 48 MB before these tuneups.
-    Other system parameters remained unchanged. 
-<pre>
-maxusers        256
-</pre>
-    Maxusers drives a <em>lot</em> of other kernel parameters: 
-
-    <ul>
-      <li>Maximum # of processes</li>
-
-      <li>Maximum # of processes per user</li>
-
-      <li>System wide open files limit</li>
-
-      <li>Per-process open files limit</li>
-
-      <li>Maximum # of mbuf clusters</li>
-
-      <li>Proc/pgrp hash table size</li>
-    </ul>
-    The actual formulae for these derived parameters are in
-    <em>/usr/src/sys/conf/param.c</em>. These calculated parameters
-    can also be overridden (in part) by specifying your own values
-    in the kernel configuration file: 
-<pre>
-# Network options. NMBCLUSTERS defines the number of mbuf clusters and
-# defaults to 256. This machine is a server that handles lots of traffic,
-# so we crank that value.
-options         NMBCLUSTERS=4096        # mbuf clusters at 4096
-
-#
-# Misc. options
-#
-options         CHILD_MAX=512           # maximum number of child processes
-options         OPEN_MAX=512            # maximum fds (breaks RPC svcs)
-</pre>
-
-    <p>In many cases, NMBCLUSTERS must be set much larger than
-    would appear necessary at first glance. The reason for this is
-    that if the browser disconnects in mid-transfer, the socket fd
-    associated with that particular connection ends up in the
-    TIME_WAIT state for several minutes, during which time its
-    mbufs are not yet freed. Another reason is that, on server
-    timeouts, some connections end up in FIN_WAIT_2 state forever,
-    because this state doesn't time out on the server, and the
-    browser never sent a final FIN. For more details see the <a
-    href="fin_wait_2.html">FIN_WAIT_2</a> page.</p>
-
-    <p>Some more info on mbuf clusters (from sys/mbuf.h):</p>
-<pre>
-/*
- * Mbufs are of a single size, MSIZE (machine/machparam.h), which
- * includes overhead.  An mbuf may add a single "mbuf cluster" of size
- * MCLBYTES (also in machine/machparam.h), which has no additional overhead
- * and is used instead of the internal data area; this is done when
- * at least MINCLSIZE of data must be stored.
- */
-</pre>
-
-    <p>CHILD_MAX and OPEN_MAX are set to allow up to 512 child
-    processes (different than the maximum value for processes per
-    user ID) and file descriptors. These values may change for your
-    particular configuration (a higher OPEN_MAX value if you've got
-    modules or CGI scripts opening lots of connections or files).
-    If you've got a lot of other activity besides httpd on the same
-    machine, you'll have to set NPROC higher still. In this
-    example, the NPROC value derived from maxusers proved
-    sufficient for our load.</p>
-
-    <p>To increase the size of the <code>listen()</code> queue, you
-    need to adjust the value of SOMAXCONN. SOMAXCONN is not derived
-    from maxusers, so you'll always need to increase that yourself.
-    We use a value guaranteed to be larger than Apache's default
-    for the listen() of 128, currently. The actual value for
-    SOMAXCONN is set in <code>sys/socket.h</code>. The best way to
-    adjust this parameter is run-time, rather than changing it in
-    this header file and thus hardcoding a value in the kernel and
-    elsewhere. To do this, edit <code>/etc/rc.local</code> and add
-    the following line:</p>
-<pre>
-    /usr/sbin/sysctl -w kern.somaxconn=256
-</pre>
-
-    <p>We used <code>256</code> but you can tune it for your own
-    setup. In many cases, however, even the default value of
-    <code>128</code> (for later versions of FreeBSD) is OK.</p>
-
-    <p><strong>Caveats</strong></p>
-
-    <p>Be aware that your system may not boot with a kernel that is
-    configured to use more resources than you have available system
-    RAM. <strong>ALWAYS</strong> have a known bootable kernel
-    available when tuning your system this way, and use the system
-    tools beforehand to learn if you need to buy more memory before
-    tuning.</p>
-
-    <p>RPC services will fail when the value of OPEN_MAX is larger
-    than 256. This is a function of the original implementations of
-    the RPC library, which used a byte value for holding file
-    descriptors. BSDI has partially addressed this limit in its 2.1
-    release, but a real fix may well await the redesign of RPC
-    itself.</p>
-
-    <p>Finally, there's the hard limit of child processes
-    configured in Apache.</p>
-
-    <p>For versions of Apache later than 1.0.5 you'll need to
-    change the definition for <strong>HARD_SERVER_LIMIT</strong> in
-    <em>httpd.h</em> and recompile if you need to run more than the
-    default 150 instances of httpd.</p>
-
-    <p>From conf/httpd.conf:</p>
-<pre>
-# Limit on total number of servers running, <em>i.e.</em>, limit on the number
-# of clients who can simultaneously connect --- if this limit is ever
-# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
-# It is intended mainly as a brake to keep a runaway server from taking
-# Unix with it as it spirals down...
-
-MaxClients 150
-</pre>
-    Know what you're doing if you bump this value up, and make sure
-    you've done your system monitoring, RAM expansion, and kernel
-    tuning beforehand. Then you're ready to service some serious
-    hits! 
-
-    <p>Thanks to <em>Tony Sanders</em> and <em>Chris Torek</em> at
-    BSDI for their helpful suggestions and information.</p>
-
-    <p>"M. Teterin" &lt;mi@ALDAN.ziplink.net&gt; writes:</p>
-
-    <blockquote>
-      It really does help if your kernel and frequently used
-      utilities are fully optimized. Rebuilding the FreeBSD kernel
-      on an AMD-133 (486-class CPU) web-server with<br />
-       <code>-m486 -fexpensive-optimizations -fomit-frame-pointer
-      -O2</code><br />
-       helped reduce the number of "unable" errors, because the CPU
-      was often maxed out.
-    </blockquote>
-
-    <h2><a id="accf" name="accf">Accept filtering on
-    FreeBSD</a></h2>
-
-    <p>Versions of FreeBSD from August 2000 onwards include a
-    feature called "accept filters" which delay the return from
-    accept() until a condition has been met, e.g. an HTTP request
-    has arrived. This postpones the requirement for a child process
-    to handle the new connection which therefore increases the
-    number of connections that a given number of child processes
-    can handle. It also allows a child process to accomplish more
-    immediately after accept() returns (because the request is
-    already available to be read) so there is less context
-    switching.</p>
-
-    <p>Accept filters provide the most benefit on servers that are
-    already so busy that they are configured with "<code>KeepAlive
-    Off</code>". <a href="../keepalive.html">HTTP KeepAlive (aka
-    persistent connections)</a> avoids the cost of setting up a new
-    connection for every request, but connections that are being
-    kept alive use up one of the available child processes. Since
-    there is a limited number of child processes this can
-    significantly reduce the capacity of the server. The viewers of
-    a web site will still get a lot of the benefit of persistent
-    connections even with a very small
-    <code>KeepAliveTimeout</code> so you should try reducing it
-    before turning it off altogether.</p>
-
-    <p>To enable accept filtering, you must either load the
-    appropriate accept filter module, e.g. with the command
-    <code>kldload accf_http</code>, or compile a kernel with
-    <code>options ACCEPT_FILTER_HTTP</code>. Apache will then
-    enable filtering when it is restarted.</p>
-
-    <p>Accept filters are compiled in if the symbol
-    <code>SO_ACCEPTFILTER</code> is defined on the machine on which
-    Apache is built. Additionally there is a directive <a
-    href="../mod/core.html#acceptfilter">AcceptFilter</a> to switch
-    the filters on or off. The default is on; except when apache is
-    compiled with <code>-D AP_ACCEPTFILTER_ON</code>.</p>
-
-    <p>See the manual page
-    <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_http">accf_http(9)</a>
-    for more information.</p>
-
-    <h3>More welcome!</h3>
-    If you have tips to contribute, send mail to <a
-    href="mailto:apache@apache.org">apache@apache.org</a> 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html b/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html
deleted file mode 100644
index 4cfae4fe37c..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html
+++ /dev/null
@@ -1,1066 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Performance Notes</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080"
-  alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Apache Performance Notes</h1>
-
-    <p>Author: Dean Gaudet</p>
-
-    <ul>
-      <li><a href="#introduction">Introduction</a></li>
-
-      <li><a href="#hardware">Hardware and Operating System Issues</a></li>
-
-      <li><a href="#runtime">Run-Time Configuration Issues</a></li>
-
-      <!--
-        Contains subsections:
-            #dns
-            #symlinks
-            #htaccess
-            #negotiation
-            #process
-            #modules
-            #mmap
-      -->
-
-      <li><a href="#compiletime">Compile-Time Configuration Issues</a></li>
-
-      <li>
-        Appendixes 
-
-        <ul>
-          <li><a href="#trace">Detailed Analysis of a Trace</a></li>
-
-          <li><a href="#patches">Patches Available</a></li>
-
-          <li><a href="#preforking">The Pre-Forking Model</a></li>
-        </ul>
-      </li>
-    </ul>
-    <hr />
-
-    <h3><a id="introduction" name="introduction">Introduction</a></h3>
-
-    <p>Apache is a general webserver, which is designed to be correct
-    first, and fast second. Even so, its performance is quite satisfactory.
-    Most sites have less than 10Mbits of outgoing bandwidth, which Apache
-    can fill using only a low end Pentium-based webserver. In practice,
-    sites with more bandwidth require more than one machine to fill the
-    bandwidth due to other constraints (such as CGI or database transaction
-    overhead). For these reasons, the development focus has been mostly on
-    correctness and configurability.</p>
-
-    <p>Unfortunately many folks overlook these facts and cite raw
-    performance numbers as if they are some indication of the quality of a
-    web server product. There is a bare minimum performance that is
-    acceptable, beyond that, extra speed only caters to a much smaller
-    segment of the market. But in order to avoid this hurdle to the
-    acceptance of Apache in some markets, effort was put into Apache 1.3 to
-    bring performance up to a point where the difference with other
-    high-end webservers is minimal.</p>
-
-    <p>Finally there are the folks who just want to see how fast something
-    can go. The author falls into this category. The rest of this document
-    is dedicated to these folks who want to squeeze every last bit of
-    performance out of Apache's current model, and want to understand why
-    it does some things which slow it down.</p>
-
-    <p>Note that this is tailored towards Apache 1.3 on Unix. Some of it
-    applies to Apache on NT. Apache on NT has not been tuned for
-    performance yet; in fact it probably performs very poorly because NT
-    performance requires a different programming model.</p>
-    <hr />
-
-    <h3><a id="hardware" name="hardware">Hardware and Operating System
-    Issues</a></h3>
-
-    <p>The single biggest hardware issue affecting webserver performance is
-    RAM. A webserver should never ever have to swap, as swapping increases
-    the latency of each request beyond a point that users consider "fast
-    enough". This causes users to hit stop and reload, further increasing
-    the load. You can, and should, control the <code>MaxClients</code>
-    setting so that your server does not spawn so many children it starts
-    swapping. The procedure for doing this is simple: determine the size of
-    your average Apache process, by looking at your process list via a tool
-    such as <code>top</code>, and divide this into your total available
-    memory, leaving some room for other processes.</p>
-
-    <p>Beyond that the rest is mundane: get a fast enough CPU, a fast
-    enough network card, and fast enough disks, where "fast enough" is
-    something that needs to be determined by experimentation.</p>
-
-    <p>Operating system choice is largely a matter of local concerns. But a
-    general guideline is to always apply the latest vendor TCP/IP
-    patches.</p>
-    <hr />
-
-    <h3><a id="runtime" name="runtime">Run-Time Configuration
-    Issues</a></h3>
-
-    <h4><a id="dns" name="dns"><code>HostnameLookups</code> and other DNS considerations</a></h4>
-
-    <p>Prior to Apache 1.3, <a
-    href="../mod/core.html#hostnamelookups"><code>HostnameLookups</code></a>
-    defaulted to <code>On</code>. This adds latency to every request
-    because it requires a DNS lookup to complete before the request is
-    finished. In Apache 1.3 this setting defaults to <code>Off</code>. If
-    you need to have addresses in your log files resolved to hostnames, use
-    the <a href="../programs/logresolve.html">logresolve</a> program that
-    comes with Apache, or one of the numerous log reporting packages which
-    are available.</p>
-
-    <p>It is recommended that you do this sort of postprocessing of your
-    log files on some machine other than the production web server machine,
-    in order that this activity not adversely affect server
-    performance.</p>
-
-    <p>If you use any <code><a
-    href="../mod/mod_access.html#allow">Allow</a> from domain</code> or
-    <code><a href="../mod/mod_access.html#deny">Deny</a> from domain</code>
-    directives (i.e., using a hostname, or a domain name, rather than an IP
-    address) then you will pay for a double reverse DNS lookup (a reverse,
-    followed by a forward to make sure that the reverse is not being
-    spoofed). For best performance, therefore, use IP addresses, rather 
-    than names, when using these directives, if possible.</p>
-
-    <p>Note that it's possible to scope the directives, such as within a
-    <code>&lt;Location /server-status&gt;</code> section. In this case the
-    DNS lookups are only performed on requests matching the criteria.
-    Here's an example which disables lookups except for .html and .cgi
-    files:</p>
-
-    <blockquote>
-<pre>
-HostnameLookups off
-&lt;Files ~ "\.(html|cgi)$"&gt;
-    HostnameLookups on
-&lt;/Files&gt;
-</pre>
-    </blockquote>
-
-    <p>But even still, if you just need DNS names in some CGIs you could
-    consider doing the <code>gethostbyname</code> call in the specific CGIs
-    that need it.</p>
-
-    <h4><a id="symlinks" name="symlinks">FollowSymLinks and SymLinksIfOwnerMatch</a></h4>
-
-    <p>Wherever in your URL-space you do not have an <code>Options
-    FollowSymLinks</code>, or you do have an <code>Options
-    SymLinksIfOwnerMatch</code> Apache will have to issue extra system
-    calls to check up on symlinks. One extra call per filename component.
-    For example, if you had:</p>
-
-    <blockquote>
-<pre>
-DocumentRoot /www/htdocs
-&lt;Directory /&gt;
-    Options SymLinksIfOwnerMatch
-&lt;/Directory&gt;
-</pre>
-    </blockquote>
-
-    <p>and a request is made for the URI <code>/index.html</code>. Then
-    Apache will perform <code>lstat(2)</code> on <code>/www</code>,
-    <code>/www/htdocs</code>, and <code>/www/htdocs/index.html</code>. The
-    results of these <code>lstats</code> are never cached, so they will
-    occur on every single request. If you really desire the symlinks
-    security checking you can do something like this:</p>
-
-    <blockquote>
-<pre>
-DocumentRoot /www/htdocs
-&lt;Directory /&gt;
-    Options FollowSymLinks
-&lt;/Directory&gt;
-&lt;Directory /www/htdocs&gt;
-    Options -FollowSymLinks +SymLinksIfOwnerMatch
-&lt;/Directory&gt;
-</pre>
-    </blockquote>
-
-    <p>This at least avoids the extra checks for the
-    <code>DocumentRoot</code> path. Note that you'll need to add similar
-    sections if you have any <code>Alias</code> or <code>RewriteRule</code>
-    paths outside of your document root. For highest performance, and no
-    symlink protection, set <code>FollowSymLinks</code> everywhere, and
-    never set <code>SymLinksIfOwnerMatch</code>.</p>
-
-    <h4><a id="htaccess" name="htaccess">AllowOverride</a></h4>
-
-    <p>Wherever in your URL-space you allow overrides (typically
-    <code>.htaccess</code> files) Apache will attempt to open
-    <code>.htaccess</code> for each filename component. For example,</p>
-
-    <blockquote>
-<pre>
-DocumentRoot /www/htdocs
-&lt;Directory /&gt;
-    AllowOverride all
-&lt;/Directory&gt;
-</pre>
-    </blockquote>
-
-    <p>and a request is made for the URI <code>/index.html</code>. Then
-    Apache will attempt to open <code>/.htaccess</code>,
-    <code>/www/.htaccess</code>, and <code>/www/htdocs/.htaccess</code>.
-    The solutions are similar to the previous case of <code>Options
-    FollowSymLinks</code>. For highest performance use <code>AllowOverride
-    None</code> everywhere in your filesystem.</p>
-
-    <p>See also the <a href="../howto/htaccess.html">.htaccess tutorial</a>
-    for further discussion of this.</p>
-
-    <h4><a id="negotiation" name="negotiation">Negotiation</a></h4>
-
-    <p>If at all possible, avoid content-negotiation if you're really
-    interested in every last ounce of performance. In practice the benefits
-    of negotiation outweigh the performance penalties. There's one case
-    where you can speed up the server. Instead of using a wildcard such
-    as:</p>
-
-    <blockquote>
-<pre>
-DirectoryIndex index
-</pre>
-    </blockquote>
-
-    <p>Use a complete list of options:</p>
-
-    <blockquote>
-<pre>
-DirectoryIndex index.cgi index.pl index.shtml index.html
-</pre>
-    </blockquote>
-
-    <p>where you list the most common choice first.</p>
-
-    <p>If your site needs content negotiation, consider using
-    <code>type-map</code> files rather than the <code>Options
-    MultiViews</code> directive to accomplish the negotiation. See the <a
-    href="../content-negotiation.html">Content Negotiation</a>
-    documentation for a full discussion of the methods of negotiation, and
-    instructions for creating <code>type-map</code> files.</p>
-
-    <h4><a name="process" id="process">Process Creation</a></h4>
-
-    <p>Prior to Apache 1.3 the <a
-    href="../mod/core.html#minspareservers"><code>MinSpareServers</code></a>,
-    <a
-    href="../mod/core.html#maxspareservers"><code>MaxSpareServers</code></a>,
-    and <a
-    href="../mod/core.html#startservers"><code>StartServers</code></a>
-    settings all had drastic effects on benchmark results. In particular,
-    Apache required a "ramp-up" period in order to reach a number of
-    children sufficient to serve the load being applied. After the initial
-    spawning of <code>StartServers</code> children, only one child per
-    second would be created to satisfy the <code>MinSpareServers</code>
-    setting. So a server being accessed by 100 simultaneous clients, using
-    the default <code>StartServers</code> of 5 would take on the order 95
-    seconds to spawn enough children to handle the load. This works fine in
-    practice on real-life servers, because they aren't restarted
-    frequently. But results in poor performance on benchmarks, which might
-    only run for ten minutes.</p>
-
-    <p>The one-per-second rule was implemented in an effort to avoid
-    swamping the machine with the startup of new children. If the machine
-    is busy spawning children it can't service requests. But it has such a
-    drastic effect on the perceived performance of Apache that it had to be
-    replaced. As of Apache 1.3, the code will relax the one-per-second
-    rule. It will spawn one, wait a second, then spawn two, wait a second,
-    then spawn four, and it will continue exponentially until it is
-    spawning 32 children per second. It will stop whenever it satisfies the
-    <code>MinSpareServers</code> setting.</p>
-
-    <p>This appears to be responsive enough that it's almost unnecessary to
-    adjust the <code>MinSpareServers</code>, <code>MaxSpareServers</code>
-    and <code>StartServers</code> settings. When more than 4 children are
-    spawned per second, a message will be emitted to the
-    <code>ErrorLog</code>. If you see a lot of these errors then consider
-    tuning these settings. Use the <code>mod_status</code> output as a
-    guide.</p>
-
-    <p>In particular, you may need to set <code>MinSpareServers</code>
-    higher if traffic on your site is extremely bursty - that is, if the
-    number of connections to your site fluctuates radically in short
-    periods of time. This may be the case, for example, if traffic to your
-    site is highly event-driven, such as sites for major sports events, or
-    other sites where users are encouraged to visit the site at a
-    particular time.</p>
-
-    <p>Related to process creation is process death induced by the
-    <code>MaxRequestsPerChild</code> setting. By default this is 0, which
-    means that there is no limit to the number of requests handled per
-    child. If your configuration currently has this set to some very low
-    number, such as 30, you may want to bump this up significantly. If you
-    are running SunOS or an old version of Solaris, limit this to 10000 or
-    so because of memory leaks.</p>
-
-    <p>When keep-alives are in use, children will be kept busy doing
-    nothing waiting for more requests on the already open connection. The
-    default <code>KeepAliveTimeout</code> of 15 seconds attempts to
-    minimize this effect. The tradeoff here is between network bandwidth
-    and server resources. In no event should you raise this above about 60
-    seconds, as <a
-    href="http://www.research.compaq.com/wrl/techreports/abstracts/95.4.html">
-    most of the benefits are lost</a>.</p>
-
-    <p>Related to process creation is process death induced by the <a
-    href="../mod/core.html#maxfooperchild"><code>MaxFOOPerChild</code></a>
-    setting, where FOO is one of the system resource limits. There are
-    directives to control the CPU, DATA, NOFILE, RSS and STACK rlimits.
-    By default, they are set to 0, meaning that the system default values
-    will be used for the child. On a busy server with script interpreters
-    and memory caches, these should be set to some appropriate finite
-    values.</p>
-
-    <h4><a name="modules" id="modules">Modules</a></h4>
-
-    <p>Since memory usage is such an important consideration in
-    performance, you should attempt to eliminate modules that you are not
-    actually using. If you have built the modules as <a
-    href="../dso.html">DSOs</a>, eliminating modules is a simple matter of
-    commenting out the associated <a
-    href="../mod/core.html#addmodule.html">AddModule</a> and <a
-    href="../mod/mod_so.html#loadmodule.html">LoadModule</a> directives for
-    that module. This allows you to experiment with removing modules, and
-    seeing if your site still functions in their absence.</p>
-
-    <p>If, on the other hand, you have modules statically linked into your
-    Apache binary, you will need to recompile Apache in order to remove
-    unwanted modules.</p>
-
-    <p>An associated question that arises here is, of course, what modules
-    you need, and which ones you don't. The answer here will, of course,
-    vary from one web site to another. However, the <i>minimal</i> list of
-    modules which you can get by with tends to include <a
-    href="../mod/mod_mime.html">mod_mime</a>, <a
-    href="../mod/mod_dir.html">mod_dir</a>, and <a
-    href="../mod/mod_log_config.html">mod_log_config</a>.
-    <code>mod_log_config</code> is, of course, optional, as you can run a
-    web site without log files. This is, however, not recommended.</p>
-
-    <h4><a name="mmap" id="mmap">mod_mmap_static</a></h4>
-
-    <p>Apache comes with a module, <a
-    href="../mod/mod_mmap_static.html">mod_mmap_static</a>, which is not
-    enabled by default, which allows you to map files into RAM, and
-    serve them directly from memory rather than from the disc, which
-    should result in substantial performance improvement for
-    frequently-requests files. Note that when files are modified, you
-    will need to restart your server in order to serve the latest
-    version of the file, so this is not appropriate for files which
-    change frequently. See the documentation for this module for more
-    complete details.</p>
-
-    <hr />
-
-    <h3><a id="compiletime" name="compiletime">Compile-Time Configuration
-    Issues</a></h3>
-
-    <h4>mod_status and ExtendedStatus On</h4>
-
-    <p>If you include <a
-    href="../mod/mod_status.html"><code>mod_status</code></a> and you also
-    set <code>ExtendedStatus On</code> when building and running Apache,
-    then on every request Apache will perform two calls to
-    <code>gettimeofday(2)</code> (or <code>times(2)</code> depending on
-    your operating system), and (pre-1.3) several extra calls to
-    <code>time(2)</code>. This is all done so that the status report
-    contains timing indications. For highest performance, set
-    <code>ExtendedStatus off</code> (which is the default).</p>
-
-    <p><code>mod_status</code> should probably be configured to allow
-    access by only a few users, rather than to the general public, so this
-    will likely have very low impact on your overall performance.</p>
-
-    <h4>accept Serialization - multiple sockets</h4>
-
-    <p>This discusses a shortcoming in the Unix socket API. Suppose your
-    web server uses multiple <code>Listen</code> statements to listen on
-    either multiple ports or multiple addresses. In order to test each
-    socket to see if a connection is ready Apache uses
-    <code>select(2)</code>. <code>select(2)</code> indicates that a socket
-    has <em>zero</em> or <em>at least one</em> connection waiting on it.
-    Apache's model includes multiple children, and all the idle ones test
-    for new connections at the same time. A naive implementation looks
-    something like this (these examples do not match the code, they're
-    contrived for pedagogical purposes):</p>
-
-    <blockquote>
-<pre>
-    for (;;) {
-    for (;;) {
-        fd_set accept_fds;
-
-        FD_ZERO (&amp;accept_fds);
-        for (i = first_socket; i &lt;= last_socket; ++i) {
-        FD_SET (i, &amp;accept_fds);
-        }
-        rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
-        if (rc &lt; 1) continue;
-        new_connection = -1;
-        for (i = first_socket; i &lt;= last_socket; ++i) {
-        if (FD_ISSET (i, &amp;accept_fds)) {
-            new_connection = accept (i, NULL, NULL);
-            if (new_connection != -1) break;
-        }
-        }
-        if (new_connection != -1) break;
-    }
-    process the new_connection;
-    }
-</pre>
-    </blockquote>
-    But this naive implementation has a serious starvation problem. Recall
-    that multiple children execute this loop at the same time, and so
-    multiple children will block at <code>select</code> when they are in
-    between requests. All those blocked children will awaken and return
-    from <code>select</code> when a single request appears on any socket
-    (the number of children which awaken varies depending on the operating
-    system and timing issues). They will all then fall down into the loop
-    and try to <code>accept</code> the connection. But only one will
-    succeed (assuming there's still only one connection ready), the rest
-    will be <em>blocked</em> in <code>accept</code>. This effectively locks
-    those children into serving requests from that one socket and no other
-    sockets, and they'll be stuck there until enough new requests appear on
-    that socket to wake them all up. This starvation problem was first
-    documented in <a
-    href="http://bugs.apache.org/index/full/467">PR#467</a>. There are at
-    least two solutions. 
-
-    <p>One solution is to make the sockets non-blocking. In this case the
-    <code>accept</code> won't block the children, and they will be allowed
-    to continue immediately. But this wastes CPU time. Suppose you have ten
-    idle children in <code>select</code>, and one connection arrives. Then
-    nine of those children will wake up, try to <code>accept</code> the
-    connection, fail, and loop back into <code>select</code>, accomplishing
-    nothing. Meanwhile none of those children are servicing requests that
-    occurred on other sockets until they get back up to the
-    <code>select</code> again. Overall this solution does not seem very
-    fruitful unless you have as many idle CPUs (in a multiprocessor box) as
-    you have idle children, not a very likely situation.</p>
-
-    <p>Another solution, the one used by Apache, is to serialize entry into
-    the inner loop. The loop looks like this (differences highlighted):</p>
-
-    <blockquote>
-<pre>
-    for (;;) {
-    <strong>accept_mutex_on ();</strong>
-    for (;;) {
-        fd_set accept_fds;
-
-        FD_ZERO (&amp;accept_fds);
-        for (i = first_socket; i &lt;= last_socket; ++i) {
-        FD_SET (i, &amp;accept_fds);
-        }
-        rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
-        if (rc &lt; 1) continue;
-        new_connection = -1;
-        for (i = first_socket; i &lt;= last_socket; ++i) {
-        if (FD_ISSET (i, &amp;accept_fds)) {
-            new_connection = accept (i, NULL, NULL);
-            if (new_connection != -1) break;
-        }
-        }
-        if (new_connection != -1) break;
-    }
-    <strong>accept_mutex_off ();</strong>
-    process the new_connection;
-    }
-</pre>
-    </blockquote>
-    <a id="serialize" name="serialize">The functions</a>
-    <code>accept_mutex_on</code> and <code>accept_mutex_off</code>
-    implement a mutual exclusion semaphore. Only one child can have the
-    mutex at any time. There are several choices for implementing these
-    mutexes. The choice is defined in <code>src/conf.h</code> (pre-1.3) or
-    <code>src/include/ap_config.h</code> (1.3 or later). Some architectures
-    do not have any locking choice made, on these architectures it is
-    unsafe to use multiple <code>Listen</code> directives. 
-
-    <dl>
-      <dt><code>HAVE_FLOCK_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>This method uses the <code>flock(2)</code> system call to lock a
-      lock file (located by the <code>LockFile</code> directive).</dd>
-
-      <dt><code>HAVE_FCNTL_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>This method uses the <code>fcntl(2)</code> system call to lock a
-      lock file (located by the <code>LockFile</code> directive).</dd>
-
-      <dt><code>HAVE_SYSVSEM_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>(1.3 or later) This method uses SysV-style semaphores to
-      implement the mutex. Unfortunately SysV-style semaphores have some
-      bad side-effects. One is that it's possible Apache will die without
-      cleaning up the semaphore (see the <code>ipcs(8)</code> man page).
-      The other is that the semaphore API allows for a denial of service
-      attack by any CGIs running under the same uid as the webserver
-      (<em>i.e.</em>, all CGIs, unless you use something like suexec or
-      cgiwrapper). For these reasons this method is not used on any
-      architecture except IRIX (where the previous two are prohibitively
-      expensive on most IRIX boxes).</dd>
-
-      <dt><code>HAVE_USLOCK_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>(1.3 or later) This method is only available on IRIX, and uses
-      <code>usconfig(2)</code> to create a mutex. While this method avoids
-      the hassles of SysV-style semaphores, it is not the default for IRIX.
-      This is because on single processor IRIX boxes (5.3 or 6.2) the
-      uslock code is two orders of magnitude slower than the SysV-semaphore
-      code. On multi-processor IRIX boxes the uslock code is an order of
-      magnitude faster than the SysV-semaphore code. Kind of a messed up
-      situation. So if you're using a multiprocessor IRIX box then you
-      should rebuild your webserver with
-      <code>-DHAVE_USLOCK_SERIALIZED_ACCEPT</code> on the
-      <code>EXTRA_CFLAGS</code>.</dd>
-
-      <dt><code>HAVE_PTHREAD_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>(1.3 or later) This method uses POSIX mutexes and should work on
-      any architecture implementing the full POSIX threads specification,
-      however appears to only work on Solaris (2.5 or later), and even then
-      only in certain configurations. If you experiment with this you
-      should watch out for your server hanging and not responding. Static
-      content only servers may work just fine.</dd>
-    </dl>
-
-    <p>If your system has another method of serialization which isn't in
-    the above list then it may be worthwhile adding code for it (and
-    submitting a patch back to Apache). The above
-    <code>HAVE_METHOD_SERIALIZED_ACCEPT</code> defines specify which method
-    is available and works on the platform (you can have more than one);
-    <code>USE_METHOD_SERIALIZED_ACCEPT</code> is used to specify the
-    default method (see the <code>AcceptMutex</code> directive).</p>
-
-    <p>Another solution that has been considered but never implemented is
-    to partially serialize the loop -- that is, let in a certain number of
-    processes. This would only be of interest on multiprocessor boxes where
-    it's possible multiple children could run simultaneously, and the
-    serialization actually doesn't take advantage of the full bandwidth.
-    This is a possible area of future investigation, but priority remains
-    low because highly parallel web servers are not the norm.</p>
-
-    <p>Ideally you should run servers without multiple <code>Listen</code>
-    statements if you want the highest performance. But read on.</p>
-
-    <h4>accept Serialization - single socket</h4>
-
-    <p>The above is fine and dandy for multiple socket servers, but what
-    about single socket servers? In theory they shouldn't experience any of
-    these same problems because all children can just block in
-    <code>accept(2)</code> until a connection arrives, and no starvation
-    results. In practice this hides almost the same "spinning" behavior
-    discussed above in the non-blocking solution. The way that most TCP
-    stacks are implemented, the kernel actually wakes up all processes
-    blocked in <code>accept</code> when a single connection arrives. One of
-    those processes gets the connection and returns to user-space, the rest
-    spin in the kernel and go back to sleep when they discover there's no
-    connection for them. This spinning is hidden from the user-land code,
-    but it's there nonetheless. This can result in the same load-spiking
-    wasteful behavior that a non-blocking solution to the multiple sockets
-    case can.</p>
-
-    <p>For this reason we have found that many architectures behave more
-    "nicely" if we serialize even the single socket case. So this is
-    actually the default in almost all cases. Crude experiments under Linux
-    (2.0.30 on a dual Pentium pro 166 w/128Mb RAM) have shown that the
-    serialization of the single socket case causes less than a 3% decrease
-    in requests per second over unserialized single-socket. But
-    unserialized single-socket showed an extra 100ms latency on each
-    request. This latency is probably a wash on long haul lines, and only
-    an issue on LANs. If you want to override the single socket
-    serialization you can define
-    <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> and then single-socket
-    servers will not serialize at all.</p>
-
-    <h4>Lingering Close</h4>
-
-    <p>As discussed in <a
-    href="http://ftp.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">
-    draft-ietf-http-connection-00.txt</a> section 8, in order for an HTTP
-    server to <strong>reliably</strong> implement the protocol it needs to
-    shutdown each direction of the communication independently (recall that
-    a TCP connection is bi-directional, each half is independent of the
-    other). This fact is often overlooked by other servers, but is
-    correctly implemented in Apache as of 1.2.</p>
-
-    <p>When this feature was added to Apache it caused a flurry of problems
-    on various versions of Unix because of a shortsightedness. The TCP
-    specification does not state that the FIN_WAIT_2 state has a timeout,
-    but it doesn't prohibit it. On systems without the timeout, Apache 1.2
-    induces many sockets stuck forever in the FIN_WAIT_2 state. In many
-    cases this can be avoided by simply upgrading to the latest TCP/IP
-    patches supplied by the vendor. In cases where the vendor has never
-    released patches (<em>i.e.</em>, SunOS4 -- although folks with a source
-    license can patch it themselves) we have decided to disable this
-    feature.</p>
-
-    <p>There are two ways of accomplishing this. One is the socket option
-    <code>SO_LINGER</code>. But as fate would have it, this has never been
-    implemented properly in most TCP/IP stacks. Even on those stacks with a
-    proper implementation (<em>i.e.</em>, Linux 2.0.31) this method proves
-    to be more expensive (cputime) than the next solution.</p>
-
-    <p>For the most part, Apache implements this in a function called
-    <code>lingering_close</code> (in <code>http_main.c</code>). The
-    function looks roughly like this:</p>
-
-    <blockquote>
-<pre>
-    void lingering_close (int s)
-    {
-    char junk_buffer[2048];
-
-    /* shutdown the sending side */
-    shutdown (s, 1);
-
-    signal (SIGALRM, lingering_death);
-    alarm (30);
-
-    for (;;) {
-        select (s for reading, 2 second timeout);
-        if (error) break;
-        if (s is ready for reading) {
-        if (read (s, junk_buffer, sizeof (junk_buffer)) &lt;= 0) {
-            break;
-        }
-        /* just toss away whatever is read */
-        }
-    }
-
-    close (s);
-    }
-</pre>
-    </blockquote>
-    This naturally adds some expense at the end of a connection, but it is
-    required for a reliable implementation. As HTTP/1.1 becomes more
-    prevalent, and all connections are persistent, this expense will be
-    amortized over more requests. If you want to play with fire and disable
-    this feature you can define <code>NO_LINGCLOSE</code>, but this is not
-    recommended at all. In particular, as HTTP/1.1 pipelined persistent
-    connections come into use <code>lingering_close</code> is an absolute
-    necessity (and <a
-    href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">pipelined
-    connections are faster</a>, so you want to support them). 
-
-    <h4>Scoreboard File</h4>
-
-    <p>Apache's parent and children communicate with each other through
-    something called the scoreboard. Ideally this should be implemented in
-    shared memory. For those operating systems that we either have access
-    to, or have been given detailed ports for, it typically is implemented
-    using shared memory. The rest default to using an on-disk file. The
-    on-disk file is not only slow, but it is unreliable (and less
-    featured). Peruse the <code>src/main/conf.h</code> file for your
-    architecture and look for either <code>USE_MMAP_SCOREBOARD</code> or
-    <code>USE_SHMGET_SCOREBOARD</code>. Defining one of those two (as well
-    as their companions <code>HAVE_MMAP</code> and <code>HAVE_SHMGET</code>
-    respectively) enables the supplied shared memory code. If your system
-    has another type of shared memory, edit the file
-    <code>src/main/http_main.c</code> and add the hooks necessary to use it
-    in Apache. (Send us back a patch too please.)</p>
-
-    <p>Historical note: The Linux port of Apache didn't start to use shared
-    memory until version 1.2 of Apache. This oversight resulted in really
-    poor and unreliable behavior of earlier versions of Apache on
-    Linux.</p>
-
-    <h4><code>DYNAMIC_MODULE_LIMIT</code></h4>
-
-    <p>If you have no intention of using dynamically loaded modules (you
-    probably don't if you're reading this and tuning your server for every
-    last ounce of performance) then you should add
-    <code>-DDYNAMIC_MODULE_LIMIT=0</code> when building your server. This
-    will save RAM that's allocated only for supporting dynamically loaded
-    modules.</p>
-    <hr />
-
-    <h3><a id="trace" name="trace">Appendix: Detailed Analysis of a
-    Trace</a></h3>
-    Here is a system call trace of Apache 1.3 running on Linux. The
-    run-time configuration file is essentially the default plus: 
-
-    <blockquote>
-<pre>
-&lt;Directory /&gt;
-    AllowOverride none
-    Options FollowSymLinks
-&lt;/Directory&gt;
-</pre>
-    </blockquote>
-    The file being requested is a static 6K file of no particular content.
-    Traces of non-static requests or requests with content negotiation look
-    wildly different (and quite ugly in some cases). First the entire
-    trace, then we'll examine details. (This was generated by the
-    <code>strace</code> program, other similar programs include
-    <code>truss</code>, <code>ktrace</code>, and <code>par</code>.) 
-
-    <blockquote>
-<pre>
-accept(15, {sin_family=AF_INET, sin_port=htons(22283), sin_addr=inet_addr("127.0.0.1")}, [16]) = 3
-flock(18, LOCK_UN)                      = 0
-sigaction(SIGUSR1, {SIG_IGN}, {0x8059954, [], SA_INTERRUPT}) = 0
-getsockname(3, {sin_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
-setsockopt(3, IPPROTO_TCP1, [1], 4)     = 0
-read(3, "GET /6k HTTP/1.0\r\nUser-Agent: "..., 4096) = 60
-sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
-time(NULL)                              = 873959960
-gettimeofday({873959960, 404935}, NULL) = 0
-stat("/home/dgaudet/ap/apachen/htdocs/6k", {st_mode=S_IFREG|0644, st_size=6144, ...}) = 0
-open("/home/dgaudet/ap/apachen/htdocs/6k", O_RDONLY) = 4
-mmap(0, 6144, PROT_READ, MAP_PRIVATE, 4, 0) = 0x400ee000
-writev(3, [{"HTTP/1.1 200 OK\r\nDate: Thu, 11"..., 245}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 6144}], 2) = 6389
-close(4)                                = 0
-time(NULL)                              = 873959960
-write(17, "127.0.0.1 - - [10/Sep/1997:23:39"..., 71) = 71
-gettimeofday({873959960, 417742}, NULL) = 0
-times({tms_utime=5, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 446747
-shutdown(3, 1 /* send */)               = 0
-oldselect(4, [3], NULL, [3], {2, 0})    = 1 (in [3], left {2, 0})
-read(3, "", 2048)                       = 0
-close(3)                                = 0
-sigaction(SIGUSR1, {0x8059954, [], SA_INTERRUPT}, {SIG_IGN}) = 0
-munmap(0x400ee000, 6144)                = 0
-flock(18, LOCK_EX)                      = 0
-</pre>
-    </blockquote>
-
-    <p>Notice the accept serialization:</p>
-
-    <blockquote>
-<pre>
-flock(18, LOCK_UN)                      = 0
-...
-flock(18, LOCK_EX)                      = 0
-</pre>
-    </blockquote>
-    These two calls can be removed by defining
-    <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> as described earlier. 
-
-    <p>Notice the <code>SIGUSR1</code> manipulation:</p>
-
-    <blockquote>
-<pre>
-sigaction(SIGUSR1, {SIG_IGN}, {0x8059954, [], SA_INTERRUPT}) = 0
-...
-sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
-...
-sigaction(SIGUSR1, {0x8059954, [], SA_INTERRUPT}, {SIG_IGN}) = 0
-</pre>
-    </blockquote>
-    This is caused by the implementation of graceful restarts. When the
-    parent receives a <code>SIGUSR1</code> it sends a <code>SIGUSR1</code>
-    to all of its children (and it also increments a "generation counter"
-    in shared memory). Any children that are idle (between connections)
-    will immediately die off when they receive the signal. Any children
-    that are in keep-alive connections, but are in between requests will
-    die off immediately. But any children that have a connection and are
-    still waiting for the first request will not die off immediately. 
-
-    <p>To see why this is necessary, consider how a browser reacts to a
-    closed connection. If the connection was a keep-alive connection and
-    the request being serviced was not the first request then the browser
-    will quietly reissue the request on a new connection. It has to do this
-    because the server is always free to close a keep-alive connection in
-    between requests (<em>i.e.</em>, due to a timeout or because of a
-    maximum number of requests). But, if the connection is closed before
-    the first response has been received the typical browser will display a
-    "document contains no data" dialogue (or a broken image icon). This is
-    done on the assumption that the server is broken in some way (or maybe
-    too overloaded to respond at all). So Apache tries to avoid ever
-    deliberately closing the connection before it has sent a single
-    response. This is the cause of those <code>SIGUSR1</code>
-    manipulations.</p>
-
-    <p>Note that it is theoretically possible to eliminate all three of
-    these calls. But in rough tests the gain proved to be almost
-    unnoticeable.</p>
-
-    <p>In order to implement virtual hosts, Apache needs to know the local
-    socket address used to accept the connection:</p>
-
-    <blockquote>
-<pre>
-getsockname(3, {sin_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
-</pre>
-    </blockquote>
-    It is possible to eliminate this call in many situations (such as when
-    there are no virtual hosts, or when <code>Listen</code> directives are
-    used which do not have wildcard addresses). But no effort has yet been
-    made to do these optimizations. 
-
-    <p>Apache turns off the Nagle algorithm:</p>
-
-    <blockquote>
-<pre>
-setsockopt(3, IPPROTO_TCP1, [1], 4)     = 0
-</pre>
-    </blockquote>
-    because of problems described in <a
-    href="http://www.isi.edu/~johnh/PAPERS/Heidemann97a.html">a paper by
-    John Heidemann</a>. 
-
-    <p>Notice the two <code>time</code> calls:</p>
-
-    <blockquote>
-<pre>
-time(NULL)                              = 873959960
-...
-time(NULL)                              = 873959960
-</pre>
-    </blockquote>
-    One of these occurs at the beginning of the request, and the other
-    occurs as a result of writing the log. At least one of these is
-    required to properly implement the HTTP protocol. The second occurs
-    because the Common Log Format dictates that the log record include a
-    timestamp of the end of the request. A custom logging module could
-    eliminate one of the calls. Or you can use a method which moves the
-    time into shared memory, see the <a href="#patches">patches section
-    below</a>. 
-
-    <p>As described earlier, <code>ExtendedStatus On</code> causes two
-    <code>gettimeofday</code> calls and a call to <code>times</code>:</p>
-
-    <blockquote>
-<pre>
-gettimeofday({873959960, 404935}, NULL) = 0
-...
-gettimeofday({873959960, 417742}, NULL) = 0
-times({tms_utime=5, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 446747
-</pre>
-    </blockquote>
-    These can be removed by setting <code>ExtendedStatus Off</code> (which
-    is the default). 
-
-    <p>It might seem odd to call <code>stat</code>:</p>
-
-    <blockquote>
-<pre>
-stat("/home/dgaudet/ap/apachen/htdocs/6k", {st_mode=S_IFREG|0644, st_size=6144, ...}) = 0
-</pre>
-    </blockquote>
-    This is part of the algorithm which calculates the
-    <code>PATH_INFO</code> for use by CGIs. In fact if the request had been
-    for the URI <code>/cgi-bin/printenv/foobar</code> then there would be
-    two calls to <code>stat</code>. The first for
-    <code>/home/dgaudet/ap/apachen/cgi-bin/printenv/foobar</code> which
-    does not exist, and the second for
-    <code>/home/dgaudet/ap/apachen/cgi-bin/printenv</code>, which does
-    exist. Regardless, at least one <code>stat</code> call is necessary
-    when serving static files because the file size and modification times
-    are used to generate HTTP headers (such as <code>Content-Length</code>,
-    <code>Last-Modified</code>) and implement protocol features (such as
-    <code>If-Modified-Since</code>). A somewhat more clever server could
-    avoid the <code>stat</code> when serving non-static files, however
-    doing so in Apache is very difficult given the modular structure. 
-
-    <p>All static files are served using <code>mmap</code>:</p>
-
-    <blockquote>
-<pre>
-mmap(0, 6144, PROT_READ, MAP_PRIVATE, 4, 0) = 0x400ee000
-...
-munmap(0x400ee000, 6144)                = 0
-</pre>
-    </blockquote>
-    On some architectures it's slower to <code>mmap</code> small files than
-    it is to simply <code>read</code> them. The define
-    <code>MMAP_THRESHOLD</code> can be set to the minimum size required
-    before using <code>mmap</code>. By default it's set to 0 (except on
-    SunOS4 where experimentation has shown 8192 to be a better value).
-    Using a tool such as <a
-    href="http://www.bitmover.com/lmbench/">lmbench</a> you can determine
-    the optimal setting for your environment. 
-
-    <p>You may also wish to experiment with <code>MMAP_SEGMENT_SIZE</code>
-    (default 32768) which determines the maximum number of bytes that will
-    be written at a time from mmap()d files. Apache only resets the
-    client's <code>Timeout</code> in between write()s. So setting this
-    large may lock out low bandwidth clients unless you also increase the
-    <code>Timeout</code>.</p>
-
-    <p>It may even be the case that <code>mmap</code> isn't used on your
-    architecture; if so then defining <code>USE_MMAP_FILES</code> and
-    <code>HAVE_MMAP</code> might work (if it works then report back to
-    us).</p>
-
-    <p>Apache does its best to avoid copying bytes around in memory. The
-    first write of any request typically is turned into a
-    <code>writev</code> which combines both the headers and the first hunk
-    of data:</p>
-
-    <blockquote>
-<pre>
-writev(3, [{"HTTP/1.1 200 OK\r\nDate: Thu, 11"..., 245}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 6144}], 2) = 6389
-</pre>
-    </blockquote>
-    When doing HTTP/1.1 chunked encoding Apache will generate up to four
-    element <code>writev</code>s. The goal is to push the byte copying into
-    the kernel, where it typically has to happen anyhow (to assemble
-    network packets). On testing, various Unixes (BSDI 2.x, Solaris 2.5,
-    Linux 2.0.31+) properly combine the elements into network packets.
-    Pre-2.0.31 Linux will not combine, and will create a packet for each
-    element, so upgrading is a good idea. Defining <code>NO_WRITEV</code>
-    will disable this combining, but result in very poor chunked encoding
-    performance. 
-
-    <p>The log write:</p>
-
-    <blockquote>
-<pre>
-write(17, "127.0.0.1 - - [10/Sep/1997:23:39"..., 71) = 71
-</pre>
-    </blockquote>
-    can be deferred by defining <code>BUFFERED_LOGS</code>. In this case up
-    to <code>PIPE_BUF</code> bytes (a POSIX defined constant) of log
-    entries are buffered before writing. At no time does it split a log
-    entry across a <code>PIPE_BUF</code> boundary because those writes may
-    not be atomic. (<em>i.e.</em>, entries from multiple children could
-    become mixed together). The code does its best to flush this buffer
-    when a child dies. 
-
-    <p>The lingering close code causes four system calls:</p>
-
-    <blockquote>
-<pre>
-shutdown(3, 1 /* send */)               = 0
-oldselect(4, [3], NULL, [3], {2, 0})    = 1 (in [3], left {2, 0})
-read(3, "", 2048)                       = 0
-close(3)                                = 0
-</pre>
-    </blockquote>
-    which were described earlier. 
-
-    <p>Let's apply some of these optimizations:
-    <code>-DSINGLE_LISTEN_UNSERIALIZED_ACCEPT -DBUFFERED_LOGS</code> and
-    <code>ExtendedStatus Off</code>. Here's the final trace:</p>
-
-    <blockquote>
-<pre>
-accept(15, {sin_family=AF_INET, sin_port=htons(22286), sin_addr=inet_addr("127.0.0.1")}, [16]) = 3
-sigaction(SIGUSR1, {SIG_IGN}, {0x8058c98, [], SA_INTERRUPT}) = 0
-getsockname(3, {sin_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
-setsockopt(3, IPPROTO_TCP1, [1], 4)     = 0
-read(3, "GET /6k HTTP/1.0\r\nUser-Agent: "..., 4096) = 60
-sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
-time(NULL)                              = 873961916
-stat("/home/dgaudet/ap/apachen/htdocs/6k", {st_mode=S_IFREG|0644, st_size=6144, ...}) = 0
-open("/home/dgaudet/ap/apachen/htdocs/6k", O_RDONLY) = 4
-mmap(0, 6144, PROT_READ, MAP_PRIVATE, 4, 0) = 0x400e3000
-writev(3, [{"HTTP/1.1 200 OK\r\nDate: Thu, 11"..., 245}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 6144}], 2) = 6389
-close(4)                                = 0
-time(NULL)                              = 873961916
-shutdown(3, 1 /* send */)               = 0
-oldselect(4, [3], NULL, [3], {2, 0})    = 1 (in [3], left {2, 0})
-read(3, "", 2048)                       = 0
-close(3)                                = 0
-sigaction(SIGUSR1, {0x8058c98, [], SA_INTERRUPT}, {SIG_IGN}) = 0
-munmap(0x400e3000, 6144)                = 0
-</pre>
-    </blockquote>
-    That's 19 system calls, of which 4 remain relatively easy to remove,
-    but don't seem worth the effort. 
-
-    <h3><a id="patches" name="patches">Appendix: Patches Available</a></h3>
-    There are <a href="http://arctic.org/~dean/apache/1.3/">several
-    performance patches available for 1.3.</a> Although they may not apply
-    cleanly to the current version, it shouldn't be difficult for someone
-    with a little C knowledge to update them. In particular: 
-
-    <ul>
-      <li>A <a
-      href="http://arctic.org/~dean/apache/1.3/shared_time.patch">patch</a>
-      to remove all <code>time(2)</code> system calls.</li>
-
-      <li>A <a
-      href="http://arctic.org/~dean/apache/1.3/mod_include_speedups.patch">
-      patch</a> to remove various system calls from
-      <code>mod_include</code>, these calls are used by few sites but
-      required for backwards compatibility.</li>
-
-      <li>A <a
-      href="http://arctic.org/~dean/apache/1.3/top_fuel.patch">patch</a>
-      which integrates the above two plus a few other speedups at the cost
-      of removing some functionality.</li>
-    </ul>
-
-    <h3><a id="preforking" name="preforking">Appendix: The Pre-Forking
-    Model</a></h3>
-
-    <p>Apache (on Unix) is a <em>pre-forking</em> model server. The
-    <em>parent</em> process is responsible only for forking <em>child</em>
-    processes, it does not serve any requests or service any network
-    sockets. The child processes actually process connections, they serve
-    multiple connections (one at a time) before dying. The parent spawns
-    new or kills off old children in response to changes in the load on the
-    server (it does so by monitoring a scoreboard which the children keep
-    up to date).</p>
-
-    <p>This model for servers offers a robustness that other models do not.
-    In particular, the parent code is very simple, and with a high degree
-    of confidence the parent will continue to do its job without error. The
-    children are complex, and when you add in third party code via modules,
-    you risk segmentation faults and other forms of corruption. Even should
-    such a thing happen, it only affects one connection and the server
-    continues serving requests. The parent quickly replaces the dead
-    child.</p>
-
-    <p>Pre-forking is also very portable across dialects of Unix.
-    Historically this has been an important goal for Apache, and it
-    continues to remain so.</p>
-
-    <p>The pre-forking model comes under criticism for various performance
-    aspects. Of particular concern are the overhead of forking a process,
-    the overhead of context switches between processes, and the memory
-    overhead of having multiple processes. Furthermore it does not offer as
-    many opportunities for data-caching between requests (such as a pool of
-    <code>mmapped</code> files). Various other models exist and extensive
-    analysis can be found in the <a
-    href="http://www.cs.wustl.edu/~jxh/research/research.html">papers of
-    the JAWS project</a>. In practice all of these costs vary drastically
-    depending on the operating system.</p>
-
-    <p>Apache's core code is already multithread aware, and Apache version
-    1.3 is multithreaded on NT. There have been at least two other
-    experimental implementations of threaded Apache, one using the 1.3 code
-    base on DCE, and one using a custom user-level threads package and the
-    1.0 code base; neither is publicly available. There is also an
-    experimental port of Apache 1.3 to <a
-    href="http://www.mozilla.org/docs/refList/refNSPR/">Netscape's Portable
-    Run Time</a>, which <a
-    href="http://arctic.org/~dean/apache/2.0/">is available</a> (but
-    you're encouraged to join the <a
-    href="http://httpd.apache.org/lists.html">new-httpd mailing list</a>
-    if you intend to use it). Part of our redesign for version 2.0 of
-    Apache includes abstractions of the server model so that we can
-    continue to support the pre-forking model, and also support various
-    threaded models.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf.html b/usr.sbin/httpd/htdocs/manual/misc/perf.html
deleted file mode 100644
index d7d7632439b..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/perf.html
+++ /dev/null
@@ -1,150 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Hints on Running a High-Performance Web Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Hints on Running a High-Performance Web
-    Server</h1>
-    Running Apache on a heavily loaded web server, one often
-    encounters problems related to the machine and OS
-    configuration. "Heavy" is relative, of course - but if you are
-    seeing more than a couple hits per second on a sustained basis
-    you should consult the pointers on this page. In general the
-    suggestions involve how to tune your kernel for the heavier TCP
-    load, hardware/software conflicts that arise, <em>etc.</em> 
-
-    <ul>
-      <li><a href="#AUX">A/UX (Apple's UNIX)</a></li>
-
-      <li><a href="#BSD">BSD-based (BSDI, FreeBSD, etc)</a></li>
-
-      <li><a href="#DEC">Digital UNIX</a></li>
-
-      <li><a href="perf-hp.html">HPUX</a></li>
-
-      <li><a href="#irix">IRIX</a></li>
-
-      <li><a href="#Linux">Linux</a></li>
-
-      <li><a href="#Solaris">Solaris</a></li>
-
-      <li><a href="#SunOS">SunOS 4.x</a></li>
-
-      <li><a href="#SVR4">SVR4</a></li>
-    </ul>
-    <hr />
-
-    <h3><a id="AUX" name="AUX">A/UX (Apple's UNIX)</a></h3>
-    If you are running Apache on A/UX, a page that gives some
-    helpful performance hints (concerning the <em>listen()</em>
-    queue and using virtual hosts) <a
-    href="http://www.jaguNET.com/apache.html">can be found here</a>
-    
-    <hr />
-
-    <h3><a id="BSD" name="BSD">BSD-based (BSDI, FreeBSD,
-    etc)</a></h3>
-    <a href="perf-bsd44.html#initial">Quick</a> and <a
-    href="perf-bsd44.html#detail">detailed</a> performance tuning
-    hints for BSD-derived systems. <a
-    href="perf-bsd44.html#accf">Accept filtering</a> on FreeBSD. 
-    <hr />
-
-    <h3><a id="DEC" name="DEC">Digital UNIX</a></h3>
-
-    <ul>
-      <li><a
-      href="http://www.sean.de/Solaris/tune.html">
-      Solaris 2.x - tuning your TCP/IP stack</a> contains some good
-      technical information about tuning various Solaris TCP/IP
-      parameters.</li>
-    </ul>
-    <hr />
-
-    <h3><a id="SunOS" name="SunOS">SunOS 4.x</a></h3>
-    More information on tuning SOMAXCONN on SunOS can be found at
-    <a
-    href="http://www.islandnet.com/~mark/somaxconn.html">http://www.islandnet.com/~mark/somaxconn.html</a>.
-    
-    <hr />
-
-    <h3><a id="SVR4" name="SVR4">SVR4</a></h3>
-    Some SVR4 versions waste three system calls on every
-    <samp>gettimeofday()</samp> call. Depending on the syntactic
-    form of the <samp>TZ</samp> environment variable, these systems
-    have several different algorithms to determine the local time
-    zone (presumably <em>compatible</em> with something). The
-    following example uses the central european time zone to
-    demonstrate this: 
-
-    <dl>
-      <dt><strong>TZ=:MET</strong></dt>
-
-      <dd>
-        This form delegates the knowledge of the time zone
-        information to an external compiled zoneinfo file (&agrave;
-        la BSD).<br />
-         <strong>Caveat:</strong> Each time the gettimeofday()
-        function is called, the external zone info is read in again
-        (at least on some SVR4 systems). That results in three
-        wasted system calls with every apache request served. 
-<pre>
-     open("/usr/lib/locale/TZ/MET", O_RDONLY) = 3
-     read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 7944) = 778
-     close(3)                                = 0
-</pre>
-      </dd>
-
-      <dt>
-      <strong>TZ=MET-1MDT,M3.5.0/02:00:00,M10.5.0/03:00:00</strong></dt>
-
-      <dd>This syntax form (&agrave; la SYSV) contains all the
-      knowledge about time zone beginning and ending times in its
-      external representation. It has to be parsed each time it is
-      evaluated, resulting in a slight computing overhead, but it
-      requires no system call. Though the table lookup &agrave; la
-      BSD is the more sophisticated technical solution, the bad
-      SVR4 implementation makes this the preferred syntax on
-      systems which otherwise access the external zone info file
-      repeatedly.</dd>
-    </dl>
-    You should use the <samp>truss</samp> utility on a
-    single-process apache server (started with the <samp>-X</samp>
-    debugging switch) to determine whether your system can profit
-    from the second form of the <samp>TZ</samp> environment
-    variable. If it does, you could integrate the setting of the
-    preferred <samp>TZ</samp> syntax into the httpd startup script,
-    which is usually simply a copy of (or symbolic link to) the
-    <samp>apachectl</samp> utility script, or into the system's
-    <samp>/etc/TIMEZONE</samp> script. 
-    <hr />
-
-    <h3>More welcome!</h3>
-    If you have tips to contribute, please submit them to
-    the <a href="http://bugs.apache.org/">Apache Bug
-    Database</a>.
-
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html b/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html
deleted file mode 100644
index bd62b24d778..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html
+++ /dev/null
@@ -1,2342 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache 1.3 URL Rewriting Guide</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <blockquote>
-          <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-      <div align="CENTER">
-        <h1>Apache 1.3<br />
-         URL Rewriting Guide<br />
-        </h1>
-
-        <address>
-          Originally written by<br />
-           Ralf S. Engelschall &lt;rse@apache.org&gt;<br />
-           December 1997
-        </address>
-      </div>
-
-      <p>This document supplements the mod_rewrite <a
-      href="../mod/mod_rewrite.html">reference documentation</a>.
-      It describes how one can use Apache's mod_rewrite to solve
-      typical URL-based problems webmasters are usually confronted
-      with in practice. I give detailed descriptions on how to
-      solve each problem by configuring URL rewriting rulesets.</p>
-
-      <h2><a id="ToC1" name="ToC1">Introduction to
-      mod_rewrite</a></h2>
-      The Apache module mod_rewrite is a killer one, i.e. it is a
-      really sophisticated module which provides a powerful way to
-      do URL manipulations. With it you can nearly do all types of
-      URL manipulations you ever dreamed about. The price you have
-      to pay is to accept complexity, because mod_rewrite's major
-      drawback is that it is not easy to understand and use for the
-      beginner. And even Apache experts sometimes discover new
-      aspects where mod_rewrite can help. 
-
-      <p>In other words: With mod_rewrite you either shoot yourself
-      in the foot the first time and never use it again or love it
-      for the rest of your life because of its power. This paper
-      tries to give you a few initial success events to avoid the
-      first case by presenting already invented solutions to
-      you.</p>
-
-      <h2><a id="ToC2" name="ToC2">Practical Solutions</a></h2>
-      Here come a lot of practical solutions I've either invented
-      myself or collected from other peoples solutions in the past.
-      Feel free to learn the black magic of URL rewriting from
-      these examples. 
-
-      <table bgcolor="#FFE0E0" border="0" cellspacing="0"
-      cellpadding="5">
-        <tr>
-          <td>ATTENTION: Depending on your server-configuration it
-          can be necessary to slightly change the examples for your
-          situation, e.g. adding the [PT] flag when additionally
-          using mod_alias and mod_userdir, etc. Or rewriting a
-          ruleset to fit in <code>.htaccess</code> context instead
-          of per-server context. Always try to understand what a
-          particular ruleset really does before you use it. It
-          avoid problems.</td>
-        </tr>
-      </table>
-
-      <h1>URL Layout</h1>
-
-      <h2>Canonical URLs</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>On some webservers there are more than one URL for a
-        resource. Usually there are canonical URLs (which should be
-        actually used and distributed) and those which are just
-        shortcuts, internal ones, etc. Independent which URL the
-        user supplied with the request he should finally see the
-        canonical one only.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We do an external HTTP redirect for all non-canonical
-          URLs to fix them in the location view of the Browser and
-          for all subsequent requests. In the example ruleset below
-          we replace <code>/~user</code> by the canonical
-          <code>/u/user</code> and fix a missing trailing slash for
-          <code>/u/user</code>. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteRule   ^/<strong>~</strong>([^/]+)/?(.*)    /<strong>u</strong>/$1/$2  [<strong>R</strong>]
-RewriteRule   ^/([uge])/(<strong>[^/]+</strong>)$  /$1/$2<strong>/</strong>   [<strong>R</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Canonical Hostnames</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>...</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
-RewriteCond %{HTTP_HOST}   !^$
-RewriteCond %{SERVER_PORT} !^80$
-RewriteRule ^/(.*)         http://fully.qualified.domain.name:%{SERVER_PORT}/$1 [L,R]
-RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
-RewriteCond %{HTTP_HOST}   !^$
-RewriteRule ^/(.*)         http://fully.qualified.domain.name/$1 [L,R]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Moved DocumentRoot</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Usually the DocumentRoot of the webserver directly
-        relates to the URL ``<code>/</code>''. But often this data
-        is not really of top-level priority, it is perhaps just one
-        entity of a lot of data pools. For instance at our Intranet
-        sites there are <code>/e/www/</code> (the homepage for
-        WWW), <code>/e/sww/</code> (the homepage for the Intranet)
-        etc. Now because the data of the DocumentRoot stays at
-        <code>/e/www/</code> we had to make sure that all inlined
-        images and other stuff inside this data pool work for
-        subsequent requests.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We just redirect the URL <code>/</code> to
-          <code>/e/www/</code>. While is seems trivial it is
-          actually trivial with mod_rewrite, only. Because the
-          typical old mechanisms of URL <em>Aliases</em> (as
-          provides by mod_alias and friends) only used
-          <em>prefix</em> matching. With this you cannot do such a
-          redirection because the DocumentRoot is a prefix of all
-          URLs. With mod_rewrite it is really trivial: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteRule   <strong>^/$</strong>  /e/www/  [<strong>R</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Trailing Slash Problem</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Every webmaster can sing a song about the problem of
-        the trailing slash on URLs referencing directories. If they
-        are missing, the server dumps an error, because if you say
-        <code>/~quux/foo</code> instead of <code>/~quux/foo/</code>
-        then the server searches for a <em>file</em> named
-        <code>foo</code>. And because this file is a directory it
-        complains. Actually is tries to fix it themself in most of
-        the cases, but sometimes this mechanism need to be emulated
-        by you. For instance after you have done a lot of
-        complicated URL rewritings to CGI scripts etc.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          The solution to this subtle problem is to let the server
-          add the trailing slash automatically. To do this
-          correctly we have to use an external redirect, so the
-          browser correctly requests subsequent images etc. If we
-          only did a internal rewrite, this would only work for the
-          directory page, but would go wrong when any images are
-          included into this page with relative URLs, because the
-          browser would request an in-lined object. For instance, a
-          request for <code>image.gif</code> in
-          <code>/~quux/foo/index.html</code> would become
-          <code>/~quux/image.gif</code> without the external
-          redirect! 
-
-          <p>So, to do this trick we write:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^foo<strong>$</strong>  foo<strong>/</strong>  [<strong>R</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>The crazy and lazy can even do the following in the
-          top-level <code>.htaccess</code> file of their homedir.
-          But notice that this creates some processing
-          overhead.</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteCond    %{REQUEST_FILENAME}  <strong>-d</strong>
-RewriteRule    ^(.+<strong>[^/]</strong>)$           $1<strong>/</strong>  [R]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Webcluster through Homogeneous URL Layout</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>We want to create a homogenous and consistent URL
-        layout over all WWW servers on a Intranet webcluster, i.e.
-        all URLs (per definition server local and thus server
-        dependent!) become actually server <em>independed</em>!
-        What we want is to give the WWW namespace a consistent
-        server-independend layout: no URL should have to include
-        any physically correct target server. The cluster itself
-        should drive us automatically to the physical target
-        host.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          First, the knowledge of the target servers come from
-          (distributed) external maps which contain information
-          where our users, groups and entities stay. The have the
-          form 
-<pre>
-user1  server_of_user1
-user2  server_of_user2
-:      :
-</pre>
-
-          <p>We put them into files <code>map.xxx-to-host</code>.
-          Second we need to instruct all servers to redirect URLs
-          of the forms</p>
-<pre>
-/u/user/anypath
-/g/group/anypath
-/e/entity/anypath
-</pre>
-
-          <p>to</p>
-<pre>
-http://physical-host/u/user/anypath
-http://physical-host/g/group/anypath
-http://physical-host/e/entity/anypath
-</pre>
-
-          <p>when the URL is not locally valid to a server. The
-          following ruleset does this for us by the help of the map
-          files (assuming that server0 is a default server which
-          will be used if a user has no entry in the map):</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-
-RewriteMap      user-to-host   txt:/path/to/map.user-to-host
-RewriteMap     group-to-host   txt:/path/to/map.group-to-host
-RewriteMap    entity-to-host   txt:/path/to/map.entity-to-host
-
-RewriteRule   ^/u/<strong>([^/]+)</strong>/?(.*)   http://<strong>${user-to-host:$1|server0}</strong>/u/$1/$2
-RewriteRule   ^/g/<strong>([^/]+)</strong>/?(.*)  http://<strong>${group-to-host:$1|server0}</strong>/g/$1/$2
-RewriteRule   ^/e/<strong>([^/]+)</strong>/?(.*) http://<strong>${entity-to-host:$1|server0}</strong>/e/$1/$2
-
-RewriteRule   ^/([uge])/([^/]+)/?$          /$1/$2/.www/
-RewriteRule   ^/([uge])/([^/]+)/([^.]+.+)   /$1/$2/.www/$3\
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Move Homedirs to Different Webserver</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>A lot of webmaster aksed for a solution to the
-        following situation: They wanted to redirect just all
-        homedirs on a webserver to another webserver. They usually
-        need such things when establishing a newer webserver which
-        will replace the old one over time.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          The solution is trivial with mod_rewrite. On the old
-          webserver we just redirect all
-          <code>/~user/anypath</code> URLs to
-          <code>http://newserver/~user/anypath</code>. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteRule   ^/~(.+)  http://<strong>newserver</strong>/~$1  [R,L]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Structured Homedirs</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Some sites with thousend of users usually use a
-        structured homedir layout, i.e. each homedir is in a
-        subdirectory which begins for instance with the first
-        character of the username. So, <code>/~foo/anypath</code>
-        is <code>/home/<strong>f</strong>/foo/.www/anypath</code>
-        while <code>/~bar/anypath</code> is
-        <code>/home/<strong>b</strong>/bar/.www/anypath</code>.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We use the following ruleset to expand the tilde URLs
-          into exactly the above layout. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteRule   ^/~(<strong>([a-z])</strong>[a-z0-9]+)(.*)  /home/<strong>$2</strong>/$1/.www$3
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Filesystem Reorganisation</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>
-          This really is a hardcore example: a killer application
-          which heavily uses per-directory
-          <code>RewriteRules</code> to get a smooth look and feel
-          on the Web while its data structure is never touched or
-          adjusted. Background: <strong><em>net.sw</em></strong> is
-          my archive of freely available Unix software packages,
-          which I started to collect in 1992. It is both my hobby
-          and job to to this, because while I'm studying computer
-          science I have also worked for many years as a system and
-          network administrator in my spare time. Every week I need
-          some sort of software so I created a deep hierarchy of
-          directories where I stored the packages: 
-<pre>
-drwxrwxr-x   2 netsw  users    512 Aug  3 18:39 Audio/
-drwxrwxr-x   2 netsw  users    512 Jul  9 14:37 Benchmark/
-drwxrwxr-x  12 netsw  users    512 Jul  9 00:34 Crypto/
-drwxrwxr-x   5 netsw  users    512 Jul  9 00:41 Database/
-drwxrwxr-x   4 netsw  users    512 Jul 30 19:25 Dicts/
-drwxrwxr-x  10 netsw  users    512 Jul  9 01:54 Graphic/
-drwxrwxr-x   5 netsw  users    512 Jul  9 01:58 Hackers/
-drwxrwxr-x   8 netsw  users    512 Jul  9 03:19 InfoSys/
-drwxrwxr-x   3 netsw  users    512 Jul  9 03:21 Math/
-drwxrwxr-x   3 netsw  users    512 Jul  9 03:24 Misc/
-drwxrwxr-x   9 netsw  users    512 Aug  1 16:33 Network/
-drwxrwxr-x   2 netsw  users    512 Jul  9 05:53 Office/
-drwxrwxr-x   7 netsw  users    512 Jul  9 09:24 SoftEng/
-drwxrwxr-x   7 netsw  users    512 Jul  9 12:17 System/
-drwxrwxr-x  12 netsw  users    512 Aug  3 20:15 Typesetting/
-drwxrwxr-x  10 netsw  users    512 Jul  9 14:08 X11/
-</pre>
-
-          <p>In July 1996 I decided to make this archive public to
-          the world via a nice Web interface. "Nice" means that I
-          wanted to offer an interface where you can browse
-          directly through the archive hierarchy. And "nice" means
-          that I didn't wanted to change anything inside this
-          hierarchy - not even by putting some CGI scripts at the
-          top of it. Why? Because the above structure should be
-          later accessible via FTP as well, and I didn't want any
-          Web or CGI stuff to be there.</p>
-        </dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          The solution has two parts: The first is a set of CGI
-          scripts which create all the pages at all directory
-          levels on-the-fly. I put them under
-          <code>/e/netsw/.www/</code> as follows: 
-<pre>
--rw-r--r--   1 netsw  users    1318 Aug  1 18:10 .wwwacl
-drwxr-xr-x  18 netsw  users     512 Aug  5 15:51 DATA/
--rw-rw-rw-   1 netsw  users  372982 Aug  5 16:35 LOGFILE
--rw-r--r--   1 netsw  users     659 Aug  4 09:27 TODO
--rw-r--r--   1 netsw  users    5697 Aug  1 18:01 netsw-about.html
--rwxr-xr-x   1 netsw  users     579 Aug  2 10:33 netsw-access.pl
--rwxr-xr-x   1 netsw  users    1532 Aug  1 17:35 netsw-changes.cgi
--rwxr-xr-x   1 netsw  users    2866 Aug  5 14:49 netsw-home.cgi
-drwxr-xr-x   2 netsw  users     512 Jul  8 23:47 netsw-img/
--rwxr-xr-x   1 netsw  users   24050 Aug  5 15:49 netsw-lsdir.cgi
--rwxr-xr-x   1 netsw  users    1589 Aug  3 18:43 netsw-search.cgi
--rwxr-xr-x   1 netsw  users    1885 Aug  1 17:41 netsw-tree.cgi
--rw-r--r--   1 netsw  users     234 Jul 30 16:35 netsw-unlimit.lst
-</pre>
-
-          <p>The <code>DATA/</code> subdirectory holds the above
-          directory structure, i.e. the real
-          <strong><em>net.sw</em></strong> stuff and gets
-          automatically updated via <code>rdist</code> from time to
-          time. The second part of the problem remains: how to link
-          these two structures together into one smooth-looking URL
-          tree? We want to hide the <code>DATA/</code> directory
-          from the user while running the appropriate CGI scripts
-          for the various URLs. Here is the solution: first I put
-          the following into the per-directory configuration file
-          in the Document Root of the server to rewrite the
-          announced URL <code>/net.sw/</code> to the internal path
-          <code>/e/netsw</code>:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteRule  ^net.sw$       net.sw/        [R]
-RewriteRule  ^net.sw/(.*)$  e/netsw/$1
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>The first rule is for requests which miss the trailing
-          slash! The second rule does the real thing. And then
-          comes the killer configuration which stays in the
-          per-directory config file
-          <code>/e/netsw/.www/.wwwacl</code>:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-Options       ExecCGI FollowSymLinks Includes MultiViews 
-
-RewriteEngine on
-
-#  we are reached via /net.sw/ prefix
-RewriteBase   /net.sw/
-
-#  first we rewrite the root dir to 
-#  the handling cgi script
-RewriteRule   ^$                       netsw-home.cgi     [L]
-RewriteRule   ^index\.html$            netsw-home.cgi     [L]
-
-#  strip out the subdirs when
-#  the browser requests us from perdir pages
-RewriteRule   ^.+/(netsw-[^/]+/.+)$    $1                 [L]
-
-#  and now break the rewriting for local files
-RewriteRule   ^netsw-home\.cgi.*       -                  [L]
-RewriteRule   ^netsw-changes\.cgi.*    -                  [L]
-RewriteRule   ^netsw-search\.cgi.*     -                  [L]
-RewriteRule   ^netsw-tree\.cgi$        -                  [L]
-RewriteRule   ^netsw-about\.html$      -                  [L]
-RewriteRule   ^netsw-img/.*$           -                  [L]
-
-#  anything else is a subdir which gets handled
-#  by another cgi script
-RewriteRule   !^netsw-lsdir\.cgi.*     -                  [C]
-RewriteRule   (.*)                     netsw-lsdir.cgi/$1
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>Some hints for interpretation:</p>
-
-          <ol>
-            <li>Notice the L (last) flag and no substitution field
-            ('-') in the forth part</li>
-
-            <li>Notice the ! (not) character and the C (chain) flag
-            at the first rule in the last part</li>
-
-            <li>Notice the catch-all pattern in the last rule</li>
-          </ol>
-        </dd>
-      </dl>
-
-      <h2>NCSA imagemap to Apache mod_imap</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>When switching from the NCSA webserver to the more
-        modern Apache webserver a lot of people want a smooth
-        transition. So they want pages which use their old NCSA
-        <code>imagemap</code> program to work under Apache with the
-        modern <code>mod_imap</code>. The problem is that there are
-        a lot of hyperlinks around which reference the
-        <code>imagemap</code> program via
-        <code>/cgi-bin/imagemap/path/to/page.map</code>. Under
-        Apache this has to read just
-        <code>/path/to/page.map</code>.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We use a global rule to remove the prefix on-the-fly for
-          all requests: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine  on
-RewriteRule    ^/cgi-bin/imagemap(.*)  $1  [PT]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Search pages in more than one directory</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Sometimes it is necessary to let the webserver search
-        for pages in more than one directory. Here MultiViews or
-        other techniques cannot help.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We program a explicit ruleset which searches for the
-          files in the directories. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-
-#   first try to find it in custom/...
-#   ...and if found stop and be happy:
-RewriteCond         /your/docroot/<strong>dir1</strong>/%{REQUEST_FILENAME}  -f
-RewriteRule  ^(.+)  /your/docroot/<strong>dir1</strong>/$1  [L]
-
-#   second try to find it in pub/...
-#   ...and if found stop and be happy:
-RewriteCond         /your/docroot/<strong>dir2</strong>/%{REQUEST_FILENAME}  -f
-RewriteRule  ^(.+)  /your/docroot/<strong>dir2</strong>/$1  [L]
-
-#   else go on for other Alias or ScriptAlias directives,
-#   etc.
-RewriteRule   ^(.+)  -  [PT]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Set Environment Variables According To URL Parts</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Perhaps you want to keep status information between
-        requests and use the URL to encode it. But you don't want
-        to use a CGI wrapper for all pages just to strip out this
-        information.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We use a rewrite rule to strip out the status information
-          and remember it via an environment variable which can be
-          later dereferenced from within XSSI or CGI. This way a
-          URL <code>/foo/S=java/bar/</code> gets translated to
-          <code>/foo/bar/</code> and the environment variable named
-          <code>STATUS</code> is set to the value "java". 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteRule   ^(.*)/<strong>S=([^/]+)</strong>/(.*)    $1/$3 [E=<strong>STATUS:$2</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Virtual User Hosts</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Assume that you want to provide
-        <code>www.<strong>username</strong>.host.domain.com</code>
-        for the homepage of username via just DNS A records to the
-        same machine and without any virtualhosts on this
-        machine.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          For HTTP/1.0 requests there is no solution, but for
-          HTTP/1.1 requests which contain a Host: HTTP header we
-          can use the following ruleset to rewrite
-          <code>http://www.username.host.com/anypath</code>
-          internally to <code>/home/username/anypath</code>: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteCond   %{<strong>HTTP_HOST</strong>}                 ^www\.<strong>[^.]+</strong>\.host\.com$
-RewriteRule   ^(.+)                        %{HTTP_HOST}$1          [C]
-RewriteRule   ^www\.<strong>([^.]+)</strong>\.host\.com(.*) /home/<strong>$1</strong>$2
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Redirect Homedirs For Foreigners</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>We want to redirect homedir URLs to another webserver
-        <code>www.somewhere.com</code> when the requesting user
-        does not stay in the local domain
-        <code>ourdomain.com</code>. This is sometimes used in
-        virtual host contexts.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          Just a rewrite condition: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteCond   %{REMOTE_HOST}  <strong>!^.+\.ourdomain\.com$</strong>
-RewriteRule   ^(/~.+)         http://www.somewhere.com/$1 [R,L]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Redirect Failing URLs To Other Webserver</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>A typical FAQ about URL rewriting is how to redirect
-        failing requests on webserver A to webserver B. Usually
-        this is done via ErrorDocument CGI-scripts in Perl, but
-        there is also a mod_rewrite solution. But notice that this
-        is less performant than using a ErrorDocument
-        CGI-script!</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          The first solution has the best performance but less
-          flexibility and is less error safe: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteCond   /your/docroot/%{REQUEST_FILENAME} <strong>!-f</strong>
-RewriteRule   ^(.+)                             http://<strong>webserverB</strong>.dom/$1
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>The problem here is that this will only work for pages
-          inside the DocumentRoot. While you can add more
-          Conditions (for instance to also handle homedirs, etc.)
-          there is better variant:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteCond   %{REQUEST_URI} <strong>!-U</strong>
-RewriteRule   ^(.+)          http://<strong>webserverB</strong>.dom/$1
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>This uses the URL look-ahead feature of mod_rewrite.
-          The result is that this will work for all types of URLs
-          and is a safe way. But it does a performance impact on
-          the webserver, because for every request there is one
-          more internal subrequest. So, if your webserver runs on a
-          powerful CPU, use this one. If it is a slow machine, use
-          the first approach or better a ErrorDocument
-          CGI-script.</p>
-        </dd>
-      </dl>
-
-      <h2>Extended Redirection</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Sometimes we need more control (concerning the
-        character escaping mechanism) of URLs on redirects. Usually
-        the Apache kernels URL escape function also escapes
-        anchors, i.e. URLs like "url#anchor". You cannot use this
-        directly on redirects with mod_rewrite because the
-        uri_escape() function of Apache would also escape the hash
-        character. How can we redirect to such a URL?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We have to use a kludge by the use of a NPH-CGI script
-          which does the redirect itself. Because here no escaping
-          is done (NPH=non-parseable headers). First we introduce a
-          new URL scheme <code>xredirect:</code> by the following
-          per-server config-line (should be one of the last rewrite
-          rules): 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteRule ^xredirect:(.+) /path/to/nph-xredirect.cgi/$1 \
-            [T=application/x-httpd-cgi,L]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>This forces all URLs prefixed with
-          <code>xredirect:</code> to be piped through the
-          <code>nph-xredirect.cgi</code> program. And this program
-          just looks like:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-#!/path/to/perl
-##
-##  nph-xredirect.cgi -- NPH/CGI script for extended redirects
-##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved. 
-##
-
-$| = 1;
-$url = $ENV{'PATH_INFO'};
-
-print "HTTP/1.0 302 Moved Temporarily\n";
-print "Server: $ENV{'SERVER_SOFTWARE'}\n";
-print "Location: $url\n";
-print "Content-type: text/html\n";
-print "\n";
-print "&lt;html&gt;\n";
-print "&lt;head&gt;\n";
-print "&lt;title&gt;302 Moved Temporarily (EXTENDED)&lt;/title&gt;\n";
-print "&lt;/head&gt;\n";
-print "&lt;body&gt;\n";
-print "&lt;h1&gt;Moved Temporarily (EXTENDED)&lt;/h1&gt;\n";
-print "The document has moved &lt;a HREF=\"$url\"&gt;here&lt;/a&gt;.&lt;p&gt;\n";
-print "&lt;/body&gt;\n";
-print "&lt;/html&gt;\n";
-
-##EOF##
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>This provides you with the functionality to do
-          redirects to all URL schemes, i.e. including the one
-          which are not directly accepted by mod_rewrite. For
-          instance you can now also redirect to
-          <code>news:newsgroup</code> via</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteRule ^anyurl  xredirect:news:newsgroup
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>Notice: You have not to put [R] or [R,L] to the above
-          rule because the <code>xredirect:</code> need to be
-          expanded later by our special "pipe through" rule
-          above.</p>
-        </dd>
-      </dl>
-
-      <h2>Archive Access Multiplexer</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Do you know the great CPAN (Comprehensive Perl Archive
-        Network) under <a
-        href="http://www.perl.com/CPAN">http://www.perl.com/CPAN</a>?
-        This does a redirect to one of several FTP servers around
-        the world which carry a CPAN mirror and is approximately
-        near the location of the requesting client. Actually this
-        can be called an FTP access multiplexing service. While
-        CPAN runs via CGI scripts, how can a similar approach
-        implemented via mod_rewrite?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          First we notice that from version 3.0.0 mod_rewrite can
-          also use the "ftp:" scheme on redirects. And second, the
-          location approximation can be done by a rewritemap over
-          the top-level domain of the client. With a tricky chained
-          ruleset we can use this top-level domain as a key to our
-          multiplexing map. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteMap    multiplex                txt:/path/to/map.cxan
-RewriteRule   ^/CxAN/(.*)              %{REMOTE_HOST}::$1                 [C]
-RewriteRule   ^.+\.<strong>([a-zA-Z]+)</strong>::(.*)$  ${multiplex:<strong>$1</strong>|ftp.default.dom}$2  [R,L]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-##
-##  map.cxan -- Multiplexing Map for CxAN
-##
-
-de        ftp://ftp.cxan.de/CxAN/
-uk        ftp://ftp.cxan.uk/CxAN/
-com       ftp://ftp.cxan.com/CxAN/
- :
-##EOF##
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Time-Dependend Rewriting</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>When tricks like time-dependend content should happen a
-        lot of webmasters still use CGI scripts which do for
-        instance redirects to specialized pages. How can it be done
-        via mod_rewrite?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          There are a lot of variables named <code>TIME_xxx</code>
-          for rewrite conditions. In conjunction with the special
-          lexicographic comparison patterns &lt;STRING, &gt;STRING
-          and =STRING we can do time-dependend redirects: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteCond   %{TIME_HOUR}%{TIME_MIN} &gt;0700
-RewriteCond   %{TIME_HOUR}%{TIME_MIN} &lt;1900
-RewriteRule   ^foo\.html$             foo.day.html
-RewriteRule   ^foo\.html$             foo.night.html
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>This provides the content of <code>foo.day.html</code>
-          under the URL <code>foo.html</code> from 07:00-19:00 and
-          at the remaining time the contents of
-          <code>foo.night.html</code>. Just a nice feature for a
-          homepage...</p>
-        </dd>
-      </dl>
-
-      <h2>Backward Compatibility for YYYY to XXXX migration</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>How can we make URLs backward compatible (still
-        existing virtually) after migrating document.YYYY to
-        document.XXXX, e.g. after translating a bunch of .html
-        files to .phtml?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We just rewrite the name to its basename and test for
-          existence of the new extension. If it exists, we take
-          that name, else we rewrite the URL to its original state.
-          
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-#   backward compatibility ruleset for 
-#   rewriting document.html to document.phtml
-#   when and only when document.phtml exists
-#   but no longer document.html
-RewriteEngine on
-RewriteBase   /~quux/
-#   parse out basename, but remember the fact
-RewriteRule   ^(.*)\.html$              $1      [C,E=WasHTML:yes]
-#   rewrite to document.phtml if exists
-RewriteCond   %{REQUEST_FILENAME}.phtml -f
-RewriteRule   ^(.*)$ $1.phtml                   [S=1]
-#   else reverse the previous basename cutout
-RewriteCond   %{ENV:WasHTML}            ^yes$
-RewriteRule   ^(.*)$ $1.html
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h1>Content Handling</h1>
-
-      <h2>From Old to New (intern)</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Assume we have recently renamed the page
-        <code>foo.html</code> to <code>bar.html</code> and now want
-        to provide the old URL for backward compatibility. Actually
-        we want that users of the old URL even not recognize that
-        the pages was renamed.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We rewrite the old URL to the new one internally via the
-          following rule: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^<strong>foo</strong>\.html$  <strong>bar</strong>.html
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>From Old to New (extern)</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Assume again that we have recently renamed the page
-        <code>foo.html</code> to <code>bar.html</code> and now want
-        to provide the old URL for backward compatibility. But this
-        time we want that the users of the old URL get hinted to
-        the new one, i.e. their browsers Location field should
-        change, too.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We force a HTTP redirect to the new URL which leads to a
-          change of the browsers and thus the users view: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^<strong>foo</strong>\.html$  <strong>bar</strong>.html  [<strong>R</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Browser Dependend Content</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>At least for important top-level pages it is sometimes
-        necesarry to provide the optimum of browser dependend
-        content, i.e. one has to provide a maximum version for the
-        latest Netscape variants, a minimum version for the Lynx
-        browsers and a average feature version for all others.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We cannot use content negotiation because the browsers do
-          not provide their type in that form. Instead we have to
-          act on the HTTP header "User-Agent". The following condig
-          does the following: If the HTTP header "User-Agent"
-          begins with "Mozilla/3", the page <code>foo.html</code>
-          is rewritten to <code>foo.NS.html</code> and and the
-          rewriting stops. If the browser is "Lynx" or "Mozilla" of
-          version 1 or 2 the URL becomes <code>foo.20.html</code>.
-          All other browsers receive page <code>foo.32.html</code>.
-          This is done by the following ruleset: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{HTTP_USER_AGENT}  ^<strong>Mozilla/3</strong>.*
-RewriteRule ^foo\.html$         foo.<strong>NS</strong>.html          [<strong>L</strong>]
-
-RewriteCond %{HTTP_USER_AGENT}  ^<strong>Lynx/</strong>.*         [OR]
-RewriteCond %{HTTP_USER_AGENT}  ^<strong>Mozilla/[12]</strong>.*
-RewriteRule ^foo\.html$         foo.<strong>20</strong>.html          [<strong>L</strong>]
-
-RewriteRule ^foo\.html$         foo.<strong>32</strong>.html          [<strong>L</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Dynamic Mirror</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Assume there are nice webpages on remote hosts we want
-        to bring into our namespace. For FTP servers we would use
-        the <code>mirror</code> program which actually maintains an
-        explicit up-to-date copy of the remote data on the local
-        machine. For a webserver we could use the program
-        <code>webcopy</code> which acts similar via HTTP. But both
-        techniques have one major drawback: The local copy is
-        always just as up-to-date as often we run the program. It
-        would be much better if the mirror is not a static one we
-        have to establish explicitly. Instead we want a dynamic
-        mirror with data which gets updated automatically when
-        there is need (updated data on the remote host).</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          To provide this feature we map the remote webpage or even
-          the complete remote webarea to our namespace by the use
-          of the <i>Proxy Throughput</i> feature (flag [P]): 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^<strong>hotsheet/</strong>(.*)$  <strong>http://www.tstimpreso.com/hotsheet/</strong>$1  [<strong>P</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^<strong>usa-news\.html</strong>$   <strong>http://www.quux-corp.com/news/index.html</strong>  [<strong>P</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Reverse Dynamic Mirror</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>...</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteCond   /mirror/of/remotesite/$1           -U 
-RewriteRule   ^http://www\.remotesite\.com/(.*)$ /mirror/of/remotesite/$1
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Retrieve Missing Data from Intranet</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>This is a tricky way of virtually running a corporates
-        (external) Internet webserver
-        (<code>www.quux-corp.dom</code>), while actually keeping
-        and maintaining its data on a (internal) Intranet webserver
-        (<code>www2.quux-corp.dom</code>) which is protected by a
-        firewall. The trick is that on the external webserver we
-        retrieve the requested data on-the-fly from the internal
-        one.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          First, we have to make sure that our firewall still
-          protects the internal webserver and that only the
-          external webserver is allowed to retrieve data from it.
-          For a packet-filtering firewall we could for instance
-          configure a firewall ruleset like the following: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-<strong>ALLOW</strong> Host www.quux-corp.dom Port &gt;1024 --&gt; Host www2.quux-corp.dom Port <strong>80</strong>  
-<strong>DENY</strong>  Host *                 Port *     --&gt; Host www2.quux-corp.dom Port <strong>80</strong>
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>Just adjust it to your actual configuration syntax.
-          Now we can establish the mod_rewrite rules which request
-          the missing data in the background through the proxy
-          throughput feature:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteRule ^/~([^/]+)/?(.*)          /home/$1/.www/$2
-RewriteCond %{REQUEST_FILENAME}       <strong>!-f</strong>
-RewriteCond %{REQUEST_FILENAME}       <strong>!-d</strong>
-RewriteRule ^/home/([^/]+)/.www/?(.*) http://<strong>www2</strong>.quux-corp.dom/~$1/pub/$2 [<strong>P</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Load Balancing</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Suppose we want to load balance the traffic to
-        <code>www.foo.com</code> over <code>www[0-5].foo.com</code>
-        (a total of 6 servers). How can this be done?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          There are a lot of possible solutions for this problem.
-          We will discuss first a commonly known DNS-based variant
-          and then the special one with mod_rewrite: 
-
-          <ol>
-            <li>
-              <strong>DNS Round-Robin</strong> 
-
-              <p>The simplest method for load-balancing is to use
-              the DNS round-robin feature of BIND. Here you just
-              configure <code>www[0-9].foo.com</code> as usual in
-              your DNS with A(address) records, e.g.</p>
-
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
-www0   IN  A       1.2.3.1
-www1   IN  A       1.2.3.2
-www2   IN  A       1.2.3.3
-www3   IN  A       1.2.3.4
-www4   IN  A       1.2.3.5
-www5   IN  A       1.2.3.6
-</pre>
-                  </td>
-                </tr>
-              </table>
-
-              <p>Then you additionally add the following entry:</p>
-
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
-www    IN  CNAME   www0.foo.com.
-       IN  CNAME   www1.foo.com.
-       IN  CNAME   www2.foo.com.
-       IN  CNAME   www3.foo.com.
-       IN  CNAME   www4.foo.com.
-       IN  CNAME   www5.foo.com.
-       IN  CNAME   www6.foo.com.
-</pre>
-                  </td>
-                </tr>
-              </table>
-
-              <p>Notice that this seems wrong, but is actually an
-              intended feature of BIND and can be used in this way.
-              However, now when <code>www.foo.com</code> gets
-              resolved, BIND gives out <code>www0-www6</code> - but
-              in a slightly permutated/rotated order every time.
-              This way the clients are spread over the various
-              servers. But notice that this not a perfect load
-              balancing scheme, because DNS resolve information
-              gets cached by the other nameservers on the net, so
-              once a client has resolved <code>www.foo.com</code>
-              to a particular <code>wwwN.foo.com</code>, all
-              subsequent requests also go to this particular name
-              <code>wwwN.foo.com</code>. But the final result is
-              ok, because the total sum of the requests are really
-              spread over the various webservers.</p>
-            </li>
-
-            <li>
-              <strong>DNS Load-Balancing</strong> 
-
-              <p>A sophisticated DNS-based method for
-              load-balancing is to use the program
-              <code>lbnamed</code> which can be found at <a
-              href="http://www.stanford.edu/~schemers/docs/lbnamed/lbnamed.html">
-              http://www.stanford.edu/~schemers/docs/lbnamed/lbnamed.html</a>.
-              It is a Perl 5 program in conjunction with auxilliary
-              tools which provides a real load-balancing for
-              DNS.</p>
-            </li>
-
-            <li>
-              <strong>Proxy Throughput Round-Robin</strong> 
-
-              <p>In this variant we use mod_rewrite and its proxy
-              throughput feature. First we dedicate
-              <code>www0.foo.com</code> to be actually
-              <code>www.foo.com</code> by using a single</p>
-
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
-www    IN  CNAME   www0.foo.com.
-</pre>
-                  </td>
-                </tr>
-              </table>
-
-              <p>entry in the DNS. Then we convert
-              <code>www0.foo.com</code> to a proxy-only server,
-              i.e. we configure this machine so all arriving URLs
-              are just pushed through the internal proxy to one of
-              the 5 other servers (<code>www1-www5</code>). To
-              accomplish this we first establish a ruleset which
-              contacts a load balancing script <code>lb.pl</code>
-              for all URLs.</p>
-
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
-RewriteEngine on
-RewriteMap    lb      prg:/path/to/lb.pl
-RewriteRule   ^/(.+)$ ${lb:$1}           [P,L]
-</pre>
-                  </td>
-                </tr>
-              </table>
-
-              <p>Then we write <code>lb.pl</code>:</p>
-
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
-#!/path/to/perl
-##
-##  lb.pl -- load balancing script
-##
-
-$| = 1;
-
-$name   = "www";     # the hostname base
-$first  = 1;         # the first server (not 0 here, because 0 is myself) 
-$last   = 5;         # the last server in the round-robin
-$domain = "foo.dom"; # the domainname
-
-$cnt = 0;
-while (&lt;STDIN&gt;) {
-    $cnt = (($cnt+1) % ($last+1-$first));
-    $server = sprintf("%s%d.%s", $name, $cnt+$first, $domain);
-    print "http://$server/$_";
-}
-
-##EOF##
-</pre>
-                  </td>
-                </tr>
-              </table>
-
-              <p>A last notice: Why is this useful? Seems like
-              <code>www0.foo.com</code> still is overloaded? The
-              answer is yes, it is overloaded, but with plain proxy
-              throughput requests, only! All SSI, CGI, ePerl, etc.
-              processing is completely done on the other machines.
-              This is the essential point.</p>
-            </li>
-
-            <li>
-              <strong>Hardware/TCP Round-Robin</strong> 
-
-              <p>There is a hardware solution available, too. Cisco
-              has a beast called LocalDirector which does a load
-              balancing at the TCP/IP level. Actually this is some
-              sort of a circuit level gateway in front of a
-              webcluster. If you have enough money and really need
-              a solution with high performance, use this one.</p>
-            </li>
-          </ol>
-        </dd>
-      </dl>
-
-      <h2>New MIME-type, New Service</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>
-          On the net there are a lot of nifty CGI programs. But
-          their usage is usually boring, so a lot of webmaster
-          don't use them. Even Apache's Action handler feature for
-          MIME-types is only appropriate when the CGI programs
-          don't need special URLs (actually PATH_INFO and
-          QUERY_STRINGS) as their input. First, let us configure a
-          new file type with extension <code>.scgi</code> (for
-          secure CGI) which will be processed by the popular
-          <code>cgiwrap</code> program. The problem here is that
-          for instance we use a Homogeneous URL Layout (see above)
-          a file inside the user homedirs has the URL
-          <code>/u/user/foo/bar.scgi</code>. But
-          <code>cgiwrap</code> needs the URL in the form
-          <code>/~user/foo/bar.scgi/</code>. The following rule
-          solves the problem: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteRule ^/[uge]/<strong>([^/]+)</strong>/\.www/(.+)\.scgi(.*) ...
-... /internal/cgi/user/cgiwrap/~<strong>$1</strong>/$2.scgi$3  [NS,<strong>T=application/x-http-cgi</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>Or assume we have some more nifty programs:
-          <code>wwwlog</code> (which displays the
-          <code>access.log</code> for a URL subtree and
-          <code>wwwidx</code> (which runs Glimpse on a URL
-          subtree). We have to provide the URL area to these
-          programs so they know on which area they have to act on.
-          But usually this ugly, because they are all the times
-          still requested from that areas, i.e. typically we would
-          run the <code>swwidx</code> program from within
-          <code>/u/user/foo/</code> via hyperlink to</p>
-<pre>
-/internal/cgi/user/swwidx?i=/u/user/foo/
-</pre>
-
-          <p>which is ugly. Because we have to hard-code
-          <strong>both</strong> the location of the area
-          <strong>and</strong> the location of the CGI inside the
-          hyperlink. When we have to reorganise or area, we spend a
-          lot of time changing the various hyperlinks.</p>
-        </dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          The solution here is to provide a special new URL format
-          which automatically leads to the proper CGI invocation.
-          We configure the following: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteRule   ^/([uge])/([^/]+)(/?.*)/\*  /internal/cgi/user/wwwidx?i=/$1/$2$3/
-RewriteRule   ^/([uge])/([^/]+)(/?.*):log /internal/cgi/user/wwwlog?f=/$1/$2$3
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>Now the hyperlink to search at
-          <code>/u/user/foo/</code> reads only</p>
-<pre>
-HREF="*"
-</pre>
-
-          <p>which internally gets automatically transformed to</p>
-<pre>
-/internal/cgi/user/wwwidx?i=/u/user/foo/
-</pre>
-
-          <p>The same approach leads to an invocation for the
-          access log CGI program when the hyperlink
-          <code>:log</code> gets used.</p>
-        </dd>
-      </dl>
-
-      <h2>From Static to Dynamic</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>How can we transform a static page
-        <code>foo.html</code> into a dynamic variant
-        <code>foo.cgi</code> in a seamless way, i.e. without notice
-        by the browser/user.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We just rewrite the URL to the CGI-script and force the
-          correct MIME-type so it gets really run as a CGI-script.
-          This way a request to <code>/~quux/foo.html</code>
-          internally leads to the invokation of
-          <code>/~quux/foo.cgi</code>. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^foo\.<strong>html</strong>$  foo.<strong>cgi</strong>  [T=<strong>application/x-httpd-cgi</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>On-the-fly Content-Regeneration</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Here comes a really esoteric feature: Dynamically
-        generated but statically served pages, i.e. pages should be
-        delivered as pure static pages (read from the filesystem
-        and just passed through), but they have to be generated
-        dynamically by the webserver if missing. This way you can
-        have CGI-generated pages which are statically served unless
-        one (or a cronjob) removes the static contents. Then the
-        contents gets refreshed.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          This is done via the following ruleset: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{REQUEST_FILENAME}   <strong>!-s</strong>
-RewriteRule ^page\.<strong>html</strong>$          page.<strong>cgi</strong>   [T=application/x-httpd-cgi,L]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>Here a request to <code>page.html</code> leads to a
-          internal run of a corresponding <code>page.cgi</code> if
-          <code>page.html</code> is still missing or has filesize
-          null. The trick here is that <code>page.cgi</code> is a
-          usual CGI script which (additionally to its STDOUT)
-          writes its output to the file <code>page.html</code>.
-          Once it was run, the server sends out the data of
-          <code>page.html</code>. When the webmaster wants to force
-          a refresh the contents, he just removes
-          <code>page.html</code> (usually done by a cronjob).</p>
-        </dd>
-      </dl>
-
-      <h2>Document With Autorefresh</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Wouldn't it be nice while creating a complex webpage if
-        the webbrowser would automatically refresh the page every
-        time we write a new version from within our editor?
-        Impossible?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          No! We just combine the MIME multipart feature, the
-          webserver NPH feature and the URL manipulation power of
-          mod_rewrite. First, we establish a new URL feature:
-          Adding just <code>:refresh</code> to any URL causes this
-          to be refreshed every time it gets updated on the
-          filesystem. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteRule   ^(/[uge]/[^/]+/?.*):refresh  /internal/cgi/apache/nph-refresh?f=$1
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>Now when we reference the URL</p>
-<pre>
-/u/foo/bar/page.html:refresh
-</pre>
-
-          <p>this leads to the internal invocation of the URL</p>
-<pre>
-/internal/cgi/apache/nph-refresh?f=/u/foo/bar/page.html
-</pre>
-
-          <p>The only missing part is the NPH-CGI script. Although
-          one would usually say "left as an exercise to the reader"
-          ;-) I will provide this, too.</p>
-<pre>
-#!/sw/bin/perl
-##
-##  nph-refresh -- NPH/CGI script for auto refreshing pages
-##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved. 
-##
-$| = 1;
-
-#   split the QUERY_STRING variable
-@pairs = split(/&amp;/, $ENV{'QUERY_STRING'});
-foreach $pair (@pairs) {
-    ($name, $value) = split(/=/, $pair);
-    $name =~ tr/A-Z/a-z/;
-    $name = 'QS_' . $name;
-    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
-    eval "\$$name = \"$value\"";
-}
-$QS_s = 1 if ($QS_s eq '');
-$QS_n = 3600 if ($QS_n eq '');
-if ($QS_f eq '') {
-    print "HTTP/1.0 200 OK\n";
-    print "Content-type: text/html\n\n";
-    print "&amp;lt;b&amp;gt;ERROR&amp;lt;/b&amp;gt;: No file given\n";
-    exit(0);
-}
-if (! -f $QS_f) {
-    print "HTTP/1.0 200 OK\n";
-    print "Content-type: text/html\n\n";
-    print "&amp;lt;b&amp;gt;ERROR&amp;lt;/b&amp;gt;: File $QS_f not found\n";
-    exit(0);
-}
-
-sub print_http_headers_multipart_begin {
-    print "HTTP/1.0 200 OK\n";
-    $bound = "ThisRandomString12345";
-    print "Content-type: multipart/x-mixed-replace;boundary=$bound\n";
-    &amp;print_http_headers_multipart_next;
-}
-
-sub print_http_headers_multipart_next {
-    print "\n--$bound\n";
-}
-
-sub print_http_headers_multipart_end {
-    print "\n--$bound--\n";
-}
-
-sub displayhtml {
-    local($buffer) = @_;
-    $len = length($buffer);
-    print "Content-type: text/html\n";
-    print "Content-length: $len\n\n";
-    print $buffer;
-}
-
-sub readfile {
-    local($file) = @_;
-    local(*FP, $size, $buffer, $bytes);
-    ($x, $x, $x, $x, $x, $x, $x, $size) = stat($file);
-    $size = sprintf("%d", $size);
-    open(FP, "&amp;lt;$file");
-    $bytes = sysread(FP, $buffer, $size);
-    close(FP);
-    return $buffer;
-}
-
-$buffer = &amp;readfile($QS_f);
-&amp;print_http_headers_multipart_begin;
-&amp;displayhtml($buffer);
-
-sub mystat {
-    local($file) = $_[0];
-    local($time);
-
-    ($x, $x, $x, $x, $x, $x, $x, $x, $x, $mtime) = stat($file);
-    return $mtime;
-}
-
-$mtimeL = &amp;mystat($QS_f);
-$mtime = $mtime;
-for ($n = 0; $n &amp;lt; $QS_n; $n++) {
-    while (1) {
-        $mtime = &amp;mystat($QS_f);
-        if ($mtime ne $mtimeL) {
-            $mtimeL = $mtime;
-            sleep(2);
-            $buffer = &amp;readfile($QS_f);
-            &amp;print_http_headers_multipart_next;
-            &amp;displayhtml($buffer);
-            sleep(5);
-            $mtimeL = &amp;mystat($QS_f);
-            last;
-        }
-        sleep($QS_s);
-    }
-}
-
-&amp;print_http_headers_multipart_end;
-
-exit(0);
-
-##EOF##
-</pre>
-        </dd>
-      </dl>
-
-      <h2>Mass Virtual Hosting</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>The <code>&lt;VirtualHost&gt;</code> feature of Apache
-        is nice and works great when you just have a few dozens
-        virtual hosts. But when you are an ISP and have hundreds of
-        virtual hosts to provide this feature is not the best
-        choice.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          To provide this feature we map the remote webpage or even
-          the complete remote webarea to our namespace by the use
-          of the <i>Proxy Throughput</i> feature (flag [P]): 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-##
-##  vhost.map 
-## 
-www.vhost1.dom:80  /path/to/docroot/vhost1
-www.vhost2.dom:80  /path/to/docroot/vhost2
-     :
-www.vhostN.dom:80  /path/to/docroot/vhostN
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-##
-##  httpd.conf
-##
-    :
-#   use the canonical hostname on redirects, etc.
-UseCanonicalName on
-
-    :
-#   add the virtual host in front of the CLF-format
-CustomLog  /path/to/access_log  "%{VHOST}e %h %l %u %t \"%r\" %&gt;s %b"
-    :
-
-#   enable the rewriting engine in the main server
-RewriteEngine on
-
-#   define two maps: one for fixing the URL and one which defines
-#   the available virtual hosts with their corresponding
-#   DocumentRoot.
-RewriteMap    lowercase    int:tolower
-RewriteMap    vhost        txt:/path/to/vhost.map
-
-#   Now do the actual virtual host mapping
-#   via a huge and complicated single rule:
-#
-#   1. make sure we don't map for common locations
-RewriteCond   %{REQUEST_URI}  !^/commonurl1/.*
-RewriteCond   %{REQUEST_URI}  !^/commonurl2/.*
-    :
-RewriteCond   %{REQUEST_URI}  !^/commonurlN/.*
-#
-#   2. make sure we have a Host header, because
-#      currently our approach only supports 
-#      virtual hosting through this header
-RewriteCond   %{HTTP_HOST}  !^$
-#
-#   3. lowercase the hostname
-RewriteCond   ${lowercase:%{HTTP_HOST}|NONE}  ^(.+)$
-#
-#   4. lookup this hostname in vhost.map and
-#      remember it only when it is a path 
-#      (and not "NONE" from above)
-RewriteCond   ${vhost:%1}  ^(/.*)$
-#
-#   5. finally we can map the URL to its docroot location 
-#      and remember the virtual host for logging puposes
-RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]
-    : 
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h1>Access Restriction</h1>
-
-      <h2>Blocking of Robots</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>How can we block a really annoying robot from
-        retrieving pages of a specific webarea? A
-        <code>/robots.txt</code> file containing entries of the
-        "Robot Exclusion Protocol" is typically not enough to get
-        rid of such a robot.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We use a ruleset which forbids the URLs of the webarea
-          <code>/~quux/foo/arc/</code> (perhaps a very deep
-          directory indexed area where the robot traversal would
-          create big server load). We have to make sure that we
-          forbid access only to the particular robot, i.e. just
-          forbidding the host where the robot runs is not enough.
-          This would block users from this host, too. We accomplish
-          this by also matching the User-Agent HTTP header
-          information. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{HTTP_USER_AGENT}   ^<strong>NameOfBadRobot</strong>.*      
-RewriteCond %{REMOTE_ADDR}       ^<strong>123\.45\.67\.[8-9]</strong>$
-RewriteRule ^<strong>/~quux/foo/arc/</strong>.+   -   [<strong>F</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Blocked Inline-Images</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Assume we have under http://www.quux-corp.de/~quux/
-        some pages with inlined GIF graphics. These graphics are
-        nice, so others directly incorporate them via hyperlinks to
-        their pages. We don't like this practice because it adds
-        useless traffic to our server.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          While we cannot 100% protect the images from inclusion,
-          we can at least restrict the cases where the browser
-          sends a HTTP Referer header. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{HTTP_REFERER} <strong>!^$</strong>                                  
-RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
-RewriteRule <strong>.*\.gif$</strong>        -                                    [F]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{HTTP_REFERER}         !^$                                  
-RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
-RewriteRule <strong>^inlined-in-foo\.gif$</strong>   -                        [F]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Host Deny</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>How can we forbid a list of externally configured hosts
-        from using our server?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          For Apache &gt;= 1.3b6: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteMap    hosts-deny  txt:/path/to/hosts.deny
-RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
-RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
-RewriteRule   ^/.*  -  [F]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>For Apache &lt;= 1.3b6:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteMap    hosts-deny  txt:/path/to/hosts.deny
-RewriteRule   ^/(.*)$ ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}/$1
-RewriteRule   !^NOT-FOUND/.* - [F]
-RewriteRule   ^NOT-FOUND/(.*)$ ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}/$1 
-RewriteRule   !^NOT-FOUND/.* - [F]
-RewriteRule   ^NOT-FOUND/(.*)$ /$1
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-##
-##  hosts.deny 
-##
-##  ATTENTION! This is a map, not a list, even when we treat it as such.
-##             mod_rewrite parses it for key/value pairs, so at least a
-##             dummy value "-" must be present for each entry.
-##
-
-193.102.180.41 -
-bsdti1.sdm.de  -
-192.76.162.40  -
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>URL-Restricted Proxy</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>How can we restrict the proxy to allow access to a
-        configurable set of internet sites only? The site list is
-        extracted from a prepared bookmarks file.</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We first have to make sure mod_rewrite is below(!)
-          mod_proxy in the <code>Configuration</code> file when
-          compiling the Apache webserver (or in the
-          <code>AddModule</code> list of <code>httpd.conf</code> in
-          the case of dynamically loaded modules), as it must get
-          called <em>_before_</em> mod_proxy. 
-
-          <p>For simplicity, we generate the site list as a
-          textfile map (but see the <a
-          href="../mod/mod_rewrite.html#RewriteMap">mod_rewrite
-          documentation</a> for a conversion script to DBM format).
-          A typical Netscape bookmarks file can be converted to a
-          list of sites with a shell script like this:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-#!/bin/sh
-cat ${1:-~/.netscape/bookmarks.html} |
-tr -d '\015' | tr '[A-Z]' '[a-z]' | grep href=\" |
-sed -e '/href="file:/d;' -e '/href="news:/d;' \
-    -e 's|^.*href="[^:]*://\([^:/"]*\).*$|\1 OK|;' \
-    -e '/href="/s|^.*href="\([^:/"]*\).*$|\1 OK|;' |
-sort -u
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>We redirect the resulting output into a text file
-          called <code>goodsites.txt</code>. It now looks similar
-          to this:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-www.apache.org OK
-xml.apache.org OK
-jakarta.apache.org OK
-perl.apache.org OK
-...
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>We reference this site file within the configuration
-          for the <code>VirtualHost</code> which is responsible for
-          serving as a proxy (often not port 80, but 81, 8080 or
-          8008).</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-&lt;VirtualHost 0.0.0.0:8008&gt;
-  ...
-  RewriteEngine   On
-  # Either use the (plaintext) allow list from goodsites.txt
-  RewriteMap      ProxyAllow   txt:/usr/local/apache/conf/goodsites.txt
-  # Or, for faster access, convert it to a DBM database:
-  #RewriteMap     ProxyAllow   dbm:/usr/local/apache/conf/goodsites
-  # Match lowercased hostnames
-  RewriteMap      lowercase    int:tolower
-  # Here we go:
-  # 1) first lowercase the site name and strip off a :port suffix
-  RewriteCond  ${lowercase:%{HTTP_HOST}}    ^([^:]*).*$
-  # 2) next look it up in the map file.
-  #    "%1" refers to the previous regex.
-  #    If the result is "OK", proxy access is granted.
-  RewriteCond  ${ProxyAllow:%1|DENY}        !^OK$          [NC]
-  # 3) Disallow proxy requests if the site was _not_ tagged "OK":
-  RewriteRule  ^proxy:                      -              [F]
-  ...
-&lt;/VirtualHost&gt;
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Proxy Deny</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>How can we forbid a certain host or even a user of a
-        special host from using the Apache proxy?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We first have to make sure mod_rewrite is below(!)
-          mod_proxy in the <code>Configuration</code> file when
-          compiling the Apache webserver. This way it gets called
-          <em>_before_</em> mod_proxy. Then we configure the
-          following for a host-dependend deny... 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{REMOTE_HOST} <strong>^badhost\.mydomain\.com$</strong> 
-RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>...and this one for a user@host-dependend deny:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST}  <strong>^badguy@badhost\.mydomain\.com$</strong>
-RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Special Authentication Variant</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>Sometimes a very special authentication is needed, for
-        instance a authentication which checks for a set of
-        explicitly configured users. Only these should receive
-        access and without explicit prompting (which would occur
-        when using the Basic Auth via mod_access).</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          We use a list of rewrite conditions to exclude all except
-          our friends: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend1@client1.quux-corp\.com$</strong> 
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend2</strong>@client2.quux-corp\.com$ 
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend3</strong>@client3.quux-corp\.com$ 
-RewriteRule ^/~quux/only-for-friends/      -                                 [F]
-</pre>
-              </td>
-            </tr>
-          </table>
-        </dd>
-      </dl>
-
-      <h2>Referer-based Deflector</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>How can we program a flexible URL Deflector which acts
-        on the "Referer" HTTP header and can be configured with as
-        many referring pages as we like?</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          Use the following really tricky ruleset... 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteMap  deflector txt:/path/to/deflector.map
-
-RewriteCond %{HTTP_REFERER} !=""
-RewriteCond ${deflector:%{HTTP_REFERER}} ^-$
-RewriteRule ^.* %{HTTP_REFERER} [R,L]
-
-RewriteCond %{HTTP_REFERER} !=""
-RewriteCond ${deflector:%{HTTP_REFERER}|NOT-FOUND} !=NOT-FOUND
-RewriteRule ^.* ${deflector:%{HTTP_REFERER}} [R,L]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>... in conjunction with a corresponding rewrite
-          map:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-##
-##  deflector.map
-##
-
-http://www.badguys.com/bad/index.html    -
-http://www.badguys.com/bad/index2.html   -
-http://www.badguys.com/bad/index3.html   http://somewhere.com/
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>This automatically redirects the request back to the
-          referring page (when "-" is used as the value in the map)
-          or to a specific URL (when an URL is specified in the map
-          as the second argument).</p>
-        </dd>
-      </dl>
-
-      <h1>Other</h1>
-
-      <h2>External Rewriting Engine</h2>
-
-      <dl>
-        <dt><strong>Description:</strong></dt>
-
-        <dd>A FAQ: How can we solve the FOO/BAR/QUUX/etc. problem?
-        There seems no solution by the use of mod_rewrite...</dd>
-
-        <dt><strong>Solution:</strong></dt>
-
-        <dd>
-          Use an external rewrite map, i.e. a program which acts
-          like a rewrite map. It is run once on startup of Apache
-          receives the requested URLs on STDIN and has to put the
-          resulting (usually rewritten) URL on STDOUT (same
-          order!). 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteEngine on
-RewriteMap    quux-map       <strong>prg:</strong>/path/to/map.quux.pl
-RewriteRule   ^/~quux/(.*)$  /~quux/<strong>${quux-map:$1}</strong>
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-#!/path/to/perl
-
-#   disable buffered I/O which would lead 
-#   to deadloops for the Apache server
-$| = 1;
-
-#   read URLs one per line from stdin and
-#   generate substitution URL on stdout
-while (&lt;&gt;) {
-    s|^foo/|bar/|;
-    print $_;
-}
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>This is a demonstration-only example and just rewrites
-          all URLs <code>/~quux/foo/...</code> to
-          <code>/~quux/bar/...</code>. Actually you can program
-          whatever you like. But notice that while such maps can be
-          <strong>used</strong> also by an average user, only the
-          system administrator can <strong>define</strong> it.</p>
-        </dd>
-      </dl>
-          <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </blockquote>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/security_tips.html b/usr.sbin/httpd/htdocs/manual/misc/security_tips.html
deleted file mode 100644
index 12ff7b27e4a..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/security_tips.html
+++ /dev/null
@@ -1,312 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache HTTP Server: Security Tips</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Security Tips for Server Configuration</h1>
-
-    <ul>
-      <li><a href="#serverroot">Permissions on ServerRoot
-      Directories</a></li>
-
-      <li><a href="#ssi">Server Side Includes</a></li>
-
-      <li><a href="#nsaliasedcgi">Non Script Aliased CGI</a></li>
-
-      <li><a href="#saliasedcgi">Script Aliased CGI</a></li>
-
-      <li><a href="#cgi">CGI in General</a></li>
-
-      <li><a href="#dynamic">Other sources of dynamic content</a></li>
-
-      <li><a href="#systemsettings">Protecting System
-      Settings</a></li>
-
-      <li><a href="#protectserverfiles">Protect Server Files by
-      Default</a></li>
-    </ul>
-    <hr />
-
-    <p>Some hints and tips on security issues in setting up a web
-    server. Some of the suggestions will be general, others
-    specific to Apache.</p>
-    <hr />
-
-    <h2><a id="serverroot" name="serverroot">Permissions on
-    ServerRoot Directories</a></h2>
-
-    <p>In typical operation, Apache is started by the root user,
-    and it switches to the user defined by the <a
-    href="../mod/core.html#user"><strong>User</strong></a>
-    directive to serve hits. As is the case with any command that
-    root executes, you must take care that it is protected from
-    modification by non-root users. Not only must the files
-    themselves be writeable only by root, but also the
-    directories and parents of all directories. For example, if
-    you choose to place ServerRoot in
-    <code>/usr/local/apache</code> then it is suggested that you
-    create that directory as root, with commands like these:</p>
-
-    <blockquote>
-<pre>
-    mkdir /usr/local/apache
-    cd /usr/local/apache
-    mkdir bin conf logs
-    chown 0 . bin conf logs
-    chgrp 0 . bin conf logs
-    chmod 755 . bin conf logs
-</pre>
-    </blockquote>
-    It is assumed that /, /usr, and /usr/local are only modifiable
-    by root. When you install the httpd executable, you should
-    ensure that it is similarly protected: 
-
-    <blockquote>
-<pre>
-    cp httpd /usr/local/apache/bin
-    chown 0 /usr/local/apache/bin/httpd
-    chgrp 0 /usr/local/apache/bin/httpd
-    chmod 511 /usr/local/apache/bin/httpd
-</pre>
-    </blockquote>
-
-    <p>You can create an htdocs subdirectory which is modifiable by
-    other users -- since root never executes any files out of
-    there, and shouldn't be creating files in there.</p>
-
-    <p>If you allow non-root users to modify any files that root
-    either executes or writes on then you open your system to root
-    compromises. For example, someone could replace the httpd
-    binary so that the next time you start it, it will execute some
-    arbitrary code. If the logs directory is writeable (by a
-    non-root user), someone could replace a log file with a symlink
-    to some other system file, and then root might overwrite that
-    file with arbitrary data. If the log files themselves are
-    writeable (by a non-root user), then someone may be able to
-    overwrite the log itself with bogus data.</p>
-    <hr />
-
-    <h2><a id="ssi" name="ssi">Server Side Includes</a></h2>
-
-    <p>Server Side Includes (SSI) present a server administrator
-    with several potential security risks.</p>
-
-    <p>The first risk is the increased load on the server. All
-    SSI-enabled files have to be parsed by Apache, whether or not
-    there are any SSI directives included within the files. While
-    this load increase is minor, in a shared server environment it
-    can become significant.</p>
-
-    <p>SSI files also pose the same risks that are associated with
-    CGI scripts in general. Using the "exec cmd" element,
-    SSI-enabled files can execute any CGI script or program under
-    the permissions of the user and group Apache runs as, as
-    configured in httpd.conf. That should definitely give server
-    administrators pause.</p>
-
-    <p>There are ways to enhance the security of SSI files while
-    still taking advantage of the benefits they provide.</p>
-
-    <p>To isolate the damage a wayward SSI file can cause, a server
-    administrator can enable <a
-    href="../suexec.html">suexec</a> as described in the <a
-    href="#cgi">CGI in General</a> section.</p>
-
-    <p>Enabling SSI for files with .html or .htm extensions can be
-    dangerous. This is especially true in a shared, or high
-    traffic, server environment. SSI-enabled files should have a
-    separate extension, such as the conventional .shtml. This helps
-    keep server load at a minimum and allows for easier management
-    of risk.</p>
-
-    <p>Another solution is to disable the ability to run scripts
-    and programs from SSI pages. To do this, replace
-    <code>Includes</code> with <code>IncludesNOEXEC</code> in the
-    <a href="../mod/core.html#options">Options</a> directive. Note
-    that users may still use &lt;--#include virtual="..." --&gt; to
-    execute CGI scripts if these scripts are in directories
-    designated by a <a
-    href="../mod/mod_alias.html#scriptalias">ScriptAlias</a>
-    directive.</p>
-    <hr />
-
-    <h2><a id="nsaliasedcgi" name="nsaliasedcgi">Non Script Aliased
-    CGI</a></h2>
-
-    <p>Allowing users to execute <strong>CGI</strong> scripts in
-    any directory should only be considered if;</p>
-
-    <ol>
-      <li>You trust your users not to write scripts which will
-      deliberately or accidentally expose your system to an
-      attack.</li>
-
-      <li>You consider security at your site to be so feeble in
-      other areas, as to make one more potential hole
-      irrelevant.</li>
-
-      <li>You have no users, and nobody ever visits your
-      server.</li>
-    </ol>
-    <hr />
-
-    <h2><a id="saliasedcgi" name="saliasedcgi">Script Aliased
-    CGI</a></h2>
-
-    <p>Limiting <strong>CGI</strong> to special directories gives
-    the admin control over what goes into those directories. This
-    is inevitably more secure than non script aliased CGI, but
-    <strong>only if users with write access to the directories are
-    trusted</strong> or the admin is willing to test each new CGI
-    script/program for potential security holes.</p>
-
-    <p>Most sites choose this option over the non script aliased
-    CGI approach.</p>
-    <hr />
-
-    <h2><a id="cgi" name="cgi">CGI in General</a></h2>
-
-    <p>Always remember that you must trust the writers of the CGI
-    script/programs or your ability to spot potential security
-    holes in CGI, whether they were deliberate or accidental.</p>
-
-    <p>All the CGI scripts will run as the same user, so they have
-    potential to conflict (accidentally or deliberately) with other
-    scripts <em>e.g.</em> User A hates User B, so he writes a
-    script to trash User B's CGI database. One program which can be
-    used to allow scripts to run as different users is <a
-    href="../suexec.html">suEXEC</a> which is included with Apache
-    as of 1.2 and is called from special hooks in the Apache server
-    code. Another popular way of doing this is with <a
-    href="http://wwwcgi.umr.edu/~cgiwrap/">CGIWrap</a>.</p>
-    <hr />
-
-    <h2><a id="dynamic" name="dynamic">Other sources of dynamic
-    content</a></h2>
-
-<p>Embedded scripting options which run as part of the server itself, such
-as mod_php, mod_perl, mod_tcl, and mod_python, run under the identity of
-the server itself (see the <a href="../mod/core.html#user">User</a>
-directive), and therefore scripts executed by these engines
-potentially can access anything the server user can. Some scripting
-engines may provide restrictions, but it is better to be safe and assume
-not.</p>
-<hr />
-
-    <h2><a id="systemsettings" name="systemsettings">Protecting
-    System Settings</a></h2>
-
-    <p>To run a really tight ship, you'll want to stop users from
-    setting up <code>.htaccess</code> files which can override
-    security features you've configured. Here's one way to do
-    it.</p>
-
-    <p>In the server configuration file, put</p>
-
-    <blockquote>
-      <code>&lt;Directory /&gt;<br />
-       AllowOverride None<br />
-       &lt;/Directory&gt;<br />
-      </code>
-    </blockquote>
-
-    <p>This prevents the use of <code>.htaccess</code> files in all
-    directories apart from those specifically enabled.</p>
-    <hr />
-
-    <h2><a id="protectserverfiles"
-    name="protectserverfiles">Protect Server Files by
-    Default</a></h2>
-
-    <p>One aspect of Apache which is occasionally misunderstood is
-    the feature of default access. That is, unless you take steps
-    to change it, if the server can find its way to a file through
-    normal URL mapping rules, it can serve it to clients.</p>
-
-    <p>For instance, consider the following example:</p>
-
-    <ol>
-      <li><samp># cd /; ln -s / public_html</samp></li>
-
-      <li>Accessing <samp>http://localhost/~root/</samp></li>
-    </ol>
-
-    <p>This would allow clients to walk through the entire
-    filesystem. To work around this, add the following block to
-    your server's configuration:</p>
-<pre>
- &lt;Directory /&gt;
-     Order Deny,Allow
-     Deny from all
- &lt;/Directory&gt;
-</pre>
-
-    <p>This will forbid default access to filesystem locations. Add
-    appropriate <a
-    href="../mod/core.html#directory"><samp>&lt;Directory&gt;</samp></a>
-    blocks to allow access only in those areas you wish. For
-    example,</p>
-<pre>
- &lt;Directory /usr/users/*/public_html&gt;
-     Order Deny,Allow
-     Allow from all
- &lt;/Directory&gt;
- &lt;Directory /usr/local/httpd&gt;
-     Order Deny,Allow
-     Allow from all
- &lt;/Directory&gt;
-</pre>
-
-    <p>Pay particular attention to the interactions of <a
-    href="../mod/core.html#location"><samp>&lt;Location&gt;</samp></a>
-    and <a
-    href="../mod/core.html#directory"><samp>&lt;Directory&gt;</samp></a>
-    directives; for instance, even if <samp>&lt;Directory
-    /&gt;</samp> denies access, a <samp>&lt;Location /&gt;</samp>
-    directive might overturn it.</p>
-
-    <p>Also be wary of playing games with the <a
-    href="../mod/mod_userdir.html#userdir">UserDir</a> directive;
-    setting it to something like <samp>"./"</samp> would have the
-    same effect, for root, as the first example above. If you are
-    using Apache 1.3 or above, we strongly recommend that you
-    include the following line in your server configuration
-    files:</p>
-
-    <dl>
-      <dd><samp>UserDir&nbsp;disabled&nbsp;root</samp></dd>
-    </dl>
-    <hr />
-
-    <p>Please send any other useful security tips to The Apache
-    Group by filling out a <a
-    href="http://bugs.apache.org/">problem report</a>. If you are
-    confident you have found a security bug in the Apache source
-    code itself, <a
-    href="http://httpd.apache.org/bug_report.html">please let us
-    know</a>.</p>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-</p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/misc/tutorials.html b/usr.sbin/httpd/htdocs/manual/misc/tutorials.html
deleted file mode 100644
index f2938f25957..00000000000
--- a/usr.sbin/httpd/htdocs/manual/misc/tutorials.html
+++ /dev/null
@@ -1,178 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Tutorials</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache Tutorials</h1>
-
-    <p>The following documents give you step-by-step instructions
-    on how to accomplish common tasks with the Apache http server.
-    Many of these documents are located at external sites and are
-    not the work of the Apache Software Foundation. Copyright to
-    documents on external sites is owned by the authors or their
-    assignees. Please consult the <a href="../">official Apache
-    Server documentation</a> to verify what you read on external
-    sites.</p>
-
-    <h2>Installation &amp; Getting Started</h2>
-
-    <ul>
-
-      <li><a
-      href="http://www.onlamp.com/pub/a/apache/2000/02/24/installing_apache.html">
-      Getting, Installing, and Running Apache (on Unix)</a>
-      (O'Reilly Network Apache DevCenter)</li>
-
-      <li><a
-      href="http://www.builder.com/Servers/Apache/ss01.html">Maximum
-      Apache: Getting Started</a> (CNET Builder.com)</li>
-
-      <li><a
-      href="http://www.devshed.com/Server_Side/Administration/APACHE/">
-      How to Build the Apache of Your Dreams</a> (Developer
-      Shed)</li>
-
-      <li><a
-      href="http://apache-server.com/tutorials/ATgetting-started.html">Getting
-      Started with Apache 1.3</a> (Ken Coar)</li>
-
-    </ul>
-
-    <h2>Basic Configuration</h2>
-
-    <ul>
-      <li><a
-      href="http://www.onlamp.com/pub/a/apache/2000/03/02/configuring_apache.html">
-      An Amble Through Apache Configuration</a> (O'Reilly Network
-      Apache DevCenter)</li>
-
-      <li><a
-      href="http://www.builder.com/Servers/Apache/ss02.html">Maximum
-      Apache: Configure Apache</a> (CNET Builder.com)</li>
-
-      <li><a
-      href="http://www.devshed.com/Server_Side/Administration/MoreApache/">
-      Getting More Out of Apache</a> (Developer Shed)</li>
-
-      <li><a
-      href="http://apache-server.com/tutorials/ATusing-htaccess.html">Using
-      .htaccess Files with Apache</a> (Ken Coar)</li>
-
-    </ul>
-
-    <h2>Security</h2>
-
-    <ul>
-      <li><a
-      href="http://www.linuxplanet.com/linuxplanet/tutorials/1527/1/">
-      Security and Apache: An Essential Primer</a>
-      (LinuxPlanet)</li>
-
-      <li><a
-      href="http://www.apacheweek.com/features/userauth">Using User
-      Authentication</a> (Apacheweek)</li>
-
-      <li><a href="http://www.apacheweek.com/features/dbmauth">DBM
-      User Authentication</a> (Apacheweek)</li>
-
-      <li><a
-      href="http://linux.com/security/newsitem.phtml?sid=12&amp;aid=3549">
-      An Introduction to Securing Apache</a> (Linux.com)</li>
-
-      <li><a
-      href="http://linux.com/security/newsitem.phtml?sid=12&amp;aid=3667">
-      Securing Apache - Access Control</a> (Linux.com)</li>
-
-      <li><a
-      href="http://apache-server.com/tutorials/LPsuexec.html">Using
-      Apache with suexec on Linux</a> (Ken Coar)</li>
-
-    </ul>
-
-    <h2>Logging</h2>
-
-    <ul>
-      <li><a
-      href="http://www.onlamp.com/pub/a/apache/2000/03/10/log_rhythms.html">
-      Log Rhythms</a> (O'Reilly Network Apache DevCenter)</li>
-
-      <li><a
-      href="http://www.apacheweek.com/features/logfiles">Gathering
-      Visitor Information: Customising Your Logfiles</a>
-      (Apacheweek)</li>
-
-    </ul>
-
-    <h2>CGI and SSI</h2>
-
-    <ul>
-
-      <li><a
-      href="http://www.cpan.org/doc/FAQs/cgi/idiots-guide.html">
-      The Idiot's Guide to Solving Perl CGI Problems</a>
-      (CPAN)</li>
-
-      <li><a
-      href="http://www.linuxplanet.com/linuxplanet/tutorials/1445/1/">
-      Executing CGI Scripts as Other Users</a> (LinuxPlanet)</li>
-
-      <li><a href="http://www.htmlhelp.org/faq/cgifaq.html">CGI
-      Programming FAQ</a> (Web Design Group)</li>
-
-      <li><a
-      href="http://www.builder.com/Servers/ApacheFiles/082400/">Setting
-      up CGI and SSI with Apache</a> (CNET Builder.com)</li>
-
-      <li><a
-      href="http://www.opendeveloper.org/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=1&page=1">How
-      to Set Up Server Side Includes in Apache</a> (OpenDeveloper.org)</li>
-    </ul>
-
-    <h2>Other Features</h2>
-
-    <ul>
-      <li><a
-      href="http://www.apacheweek.com/features/negotiation">Content
-      Negotiation Explained</a> (Apacheweek)</li>
-
-      <li><a
-      href="http://www.apacheweek.com/features/imagemaps">Using
-      Apache Imagemaps</a> (Apacheweek)</li>
-
-      <li><a
-      href="http://ppewww.ph.gla.ac.uk/~flavell/www/lang-neg.html">Language
-      Negotiation Notes</a> (Alan J. Flavell)</li>
-
-      <li><a
-      href="http://apache-server.com/tutorials/ATimage-theft.html">Preventing
-      Image 'Theft'</a> (Ken Coar)</li>
-    </ul>
-
-    <p>If you have a pointer to an accurate and well-written
-    tutorial not included here, please let us know by submitting it
-    to the <a href="http://bugs.apache.org/">Apache Bug
-    Database</a>.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/core.html b/usr.sbin/httpd/htdocs/manual/mod/core.html
deleted file mode 100644
index b27a7c0e35c..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/core.html
+++ /dev/null
@@ -1,4223 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Core Features</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Apache Core Features</h1>
-
-    <p>These configuration parameters control the core Apache
-    features, and are always available.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#acceptfilter">AcceptFilter</a></li>
-
-      <li><a href="#acceptmutex">AcceptMutex</a></li>
-
-      <li><a href="#accessconfig">AccessConfig</a></li>
-
-      <li><a href="#accessfilename">AccessFileName</a></li>
-
-      <li><a href="#adddefaultcharset">AddDefaultCharset</a></li>
-
-      <li><a href="#addmodule">AddModule</a></li>
-
-      <li><a href="#allowoverride">AllowOverride</a></li>
-
-      <li><a href="#authname">AuthName</a></li>
-
-      <li><a href="#authtype">AuthType</a></li>
-
-      <li><a href="#bindaddress">BindAddress</a></li>
-
-      <li><a href="#bs2000account">BS2000Account</a></li>
-
-      <li><a href="#cgicommandargs">CGICommandArgs</a></li>
-
-      <li><a href="#clearmodulelist">ClearModuleList</a></li>
-
-      <li><a href="#contentdigest">ContentDigest</a></li>
-
-      <li><a href="#coredumpdirectory">CoreDumpDirectory</a></li>
-
-      <li><a href="#defaulttype">DefaultType</a></li>
-
-      <li><a href="#directory">&lt;Directory&gt;</a></li>
-
-      <li><a href="#directorymatch">&lt;DirectoryMatch&gt;</a></li>
-
-      <li><a href="#documentroot">DocumentRoot</a></li>
-
-      <li><a href="#ebcdicconvert">EBCDICConvert</a></li>
-
-      <li><a
-      href="#ebcdicconvertbytype">EBCDICConvertByType</a></li>
-
-      <li><a href="#ebcdickludge">EBCDICKludge</a></li>
-
-      <li><a href="#errordocument">ErrorDocument</a></li>
-
-      <li><a href="#errorlog">ErrorLog</a></li>
-
-      <li><a href="#fileetag">FileETag</a></li>
-
-      <li><a href="#files">&lt;Files&gt;</a></li>
-
-      <li><a href="#filesmatch">&lt;FilesMatch&gt;</a></li>
-
-      <li><a href="#group">Group</a></li>
-
-      <li><a href="#hostnamelookups">HostnameLookups</a></li>
-
-      <li><a href="#identitycheck">IdentityCheck</a></li>
-
-      <li><a href="#ifdefine">&lt;IfDefine&gt;</a></li>
-
-      <li><a href="#ifmodule">&lt;IfModule&gt;</a></li>
-
-      <li><a href="#include">Include</a></li>
-
-      <li><a href="#keepalive">KeepAlive</a></li>
-
-      <li><a href="#keepalivetimeout">KeepAliveTimeout</a></li>
-
-      <li><a href="#limit">&lt;Limit&gt;</a></li>
-
-      <li><a href="#limitexcept">&lt;LimitExcept&gt;</a></li>
-
-      <li><a href="#limitinternalrecursion">LimitInternalRecursion</a></li>
-
-      <li><a href="#limitrequestbody">LimitRequestBody</a></li>
-
-      <li><a href="#limitrequestfields">LimitRequestFields</a></li>
-
-      <li><a
-      href="#limitrequestfieldsize">LimitRequestFieldsize</a></li>
-
-      <li><a href="#limitrequestline">LimitRequestLine</a></li>
-
-      <li><a href="#listen">Listen</a></li>
-
-      <li><a href="#listenbacklog">ListenBacklog</a></li>
-
-      <li><a href="#location">&lt;Location&gt;</a></li>
-
-      <li><a href="#locationmatch">&lt;LocationMatch&gt;</a></li>
-
-      <li><a href="#lockfile">LockFile</a></li>
-
-      <li><a href="#loglevel">LogLevel</a></li>
-
-      <li><a href="#maxclients">MaxClients</a></li>
-
-      <li><a
-      href="#maxkeepaliverequests">MaxKeepAliveRequests</a></li>
-
-      <li><a
-      href="#maxrequestsperchild">MaxRequestsPerChild</a></li>
-
-      <li><a href="#maxfooperchild">MaxCPUPerChild</a></li>
-      <li><a href="#maxfooperchild">MaxDATAPerChild</a></li>
-      <li><a href="#maxfooperchild">MaxNOFILEPerChild</a></li>
-      <li><a href="#maxfooperchild">MaxRSSPerChild</a></li>
-      <li><a href="#maxfooperchild">MaxSTACKPerChild</a></li>
-
-      <li><a href="#maxspareservers">MaxSpareServers</a></li>
-
-      <li><a href="#minspareservers">MinSpareServers</a></li>
-
-      <li><a href="#namevirtualhost">NameVirtualHost</a></li>
-
-      <li><a href="#options">Options</a></li>
-
-      <li><a href="#pidfile">PidFile</a></li>
-
-      <li><a href="#port">Port</a></li>
-
-      <li><a href="#protocolreqcheck">ProtocolReqCheck</a></li>
-
-      <li><a href="#require">Require</a></li>
-
-      <li><a href="#resourceconfig">ResourceConfig</a></li>
-
-      <li><a href="#rlimitcpu">RLimitCPU</a></li>
-
-      <li><a href="#rlimitmem">RLimitMEM</a></li>
-
-      <li><a href="#rlimitnproc">RLimitNPROC</a></li>
-
-      <li><a href="#rlimitnofile">RLimitNOFILE</a></li>
-
-      <li><a href="#satisfy">Satisfy</a></li>
-
-      <li><a href="#scoreboardfile">ScoreBoardFile</a></li>
-
-      <li><a
-      href="#scriptinterpretersource">ScriptInterpreterSource</a></li>
-
-      <li><a href="#sendbuffersize">SendBufferSize</a></li>
-
-      <li><a href="#serveradmin">ServerAdmin</a></li>
-
-      <li><a href="#serveralias">ServerAlias</a></li>
-
-      <li><a href="#servername">ServerName</a></li>
-
-      <li><a href="#serverpath">ServerPath</a></li>
-
-      <li><a href="#serverroot">ServerRoot</a></li>
-
-      <li><a href="#serversignature">ServerSignature</a></li>
-
-      <li><a href="#servertokens">ServerTokens</a></li>
-
-      <li><a href="#servertype">ServerType</a></li>
-
-      <li><a href="#shmemuidisuser">ShmemUIDisUser</a></li>
-
-      <li><a href="#startservers">StartServers</a></li>
-
-      <li><a href="#threadsperchild">ThreadsPerChild</a></li>
-
-      <li><a href="#threadstacksize">ThreadStackSize</a></li>
-
-      <li><a href="#timeout">TimeOut</a></li>
-
-      <li><a href="#usecanonicalname">UseCanonicalName</a></li>
-
-      <li><a href="#user">User</a></li>
-
-      <li><a href="#virtualhost">&lt;VirtualHost&gt;</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="acceptfilter" name="acceptfilter">AcceptFilter
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AcceptFilter
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>AcceptFilter
-    on</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server configt<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br /> 
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> AcceptFilter is
-    available in Apache 1.3.22 and later
- 
-    <p><code>AcceptFilter</code> controls a BSD specific filter
-    optimization. It is compiled in by default - and switched on by
-    default if your system supports it (setsocketopt() option
-    SO_ACCEPTFILTER). Currently only FreeBSD supports this.</p>
-
-    <p>See the filter section on <a
-    href="../misc/perf-bsd44.html">performance hints</a> for more
-    information.</p>
-
-    <p>The compile time flag <code>AP_ACCEPTFILTER_OFF</code> can
-    be used to change the default to 'off'. <code>httpd -V</code>
-    and <code>httpd -L</code> will show compile time defaults and
-    whether or not SO_ACCEPTFILTER was defined during the
-    compile.</p>
-
-    <hr />
-
-    <h2><a id="acceptmutex" name="acceptmutex">AcceptMutex
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AcceptMutex
-    uslock|pthread|sysvsem|fcntl|flock|os2sem|tpfcore|none|default<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>AcceptMutex
-    default</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> AcceptMutex is 
-    available in Apache 1.3.21 and later.
-
-    <p><code>AcceptMutex</code> controls which accept() mutex
-    method Apache will use. Not all methods are available on all
-    platforms, since the suite of methods is determined at
-    compile-time. For a list of which methods are available for
-    your particular build, the <code>httpd -V</code> command line
-    option will list them out.</p>
-
-    <p>The compile time flags <code>-D
-    HAVE_METHOD_SERIALIZED_ACCEPT</code> can be used to add
-    different methods to your build, or one can edit the
-    <code>include/ap_config.h</code> file for your particular
-    platform.</p>
-
-    <p>This directive has no effect on Microsoft Windows.</p>
-
-    <p>See the <a href="../misc/perf-tuning.html">performance tuning
-    guide</a> for more information.</p>
-
-    <hr />
-
-    <h2><a id="accessconfig" name="accessconfig">AccessConfig
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AccessConfig
-    <em>file-path</em>|<em>directory-path</em>|<em>wildcard-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>AccessConfig
-    conf/access.conf</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> The ability to
-    specify a directory, rather than a file name, is only available in
-    Apache 1.3.13 and later.  This directive will be eliminated in version
-    2.0.
-
-    <p>The server will read this file for more directives after
-    reading the <a href="#resourceconfig">ResourceConfig</a> file.
-    <em>File-path</em> is relative to the <a
-    href="#serverroot">ServerRoot</a>. This feature can be disabled
-    using:</p>
-
-    <blockquote>
-      <code>AccessConfig /dev/null</code>
-    </blockquote>
-    Or, on Win32 servers, 
-
-    <blockquote>
-      <code>AccessConfig nul</code>
-    </blockquote>
-    Historically, this file only contained <a
-    href="#directory">&lt;Directory&gt;</a> sections; in fact it
-    can now contain any server directive allowed in the <em>server
-    config</em> context. However, since Apache version 1.3.4,
-    the default <code>access.conf</code> file which ships with 
-    Apache contains only comments, and all directives are placed
-    in the main server configuration file, <code>httpd.conf</code>.
-
-    <p>If <code>AccessConfig</code> points to a directory, rather than a
-    file, Apache will read all files in that directory, and any
-    subdirectory, and parse those as configuration files. 
-    </p>
-    <p>Alternatively you can use a wildcard to limit the scope; i.e
-    to only *.conf files.
-    </p>
-    <p>Note that by default <em>any</em> file in the specified 
-    directory will be loaded as a configuration file.
-    </p>
-    <p>
-    So make sure that you don't have stray files in
-    this directory by mistake, such as temporary files created by your
-    editor, for example.</p>
-
-    <p><strong>See also:</strong> <a href="#include">Include</a> and <a
-    href="#resourceconfig">ResourceConfig</a>.</p>
-    <hr />
-
-    <h2><a id="accessfilename" name="accessfilename">AccessFileName
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AccessFileName
-    <em>filename</em> [<em>filename</em>] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>AccessFileName
-    .htaccess</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> AccessFileName
-    can accept more than one filename only in Apache 1.3 and later 
-
-    <p>When returning a document to the client the server looks for
-    the first existing access control file from this list of names
-    in every directory of the path to the document, if access
-    control files are enabled for that directory. For example:</p>
-
-    <blockquote>
-      <code>AccessFileName .acl</code>
-    </blockquote>
-    before returning the document /usr/local/web/index.html, the
-    server will read /.acl, /usr/.acl, /usr/local/.acl and
-    /usr/local/web/.acl for directives, unless they have been
-    disabled with 
-
-    <blockquote>
-      <code>&lt;Directory /&gt;<br />
-       AllowOverride None<br />
-       &lt;/Directory&gt;</code>
-    </blockquote>
-
-    <p><strong>See Also:</strong> <a
-    href="#allowoverride">AllowOverride</a> and <a
-    href="../configuring.html">Configuration Files</a></p>
-    <hr />
-
-    <h2><a id="adddefaultcharset"
-    name="adddefaultcharset">AddDefaultCharset directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddDefaultCharset
-    On|Off|<em>charset</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> all<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>AddDefaultCharset Off</code><br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    AddDefaultCharset is only available in Apache 1.3.12 and later 
-
-    <p>This directive specifies the name of the character set that
-    will be added to any response that does not have any parameter
-    on the content type in the HTTP headers. This will override any
-    character set specified in the body of the document via a
-    <code>META</code> tag. A setting of <code>AddDefaultCharset
-    Off</code> disables this functionality. <code>AddDefaultCharset
-    On</code> enables Apache's internal default charset of
-    <code>iso-8859-1</code> as required by the directive. You can
-    also specify an alternate <em>charset</em> to be used.</p>
-    
-    <p>For example:</p>
-
-    <blockquote>
-    <code>AddDefaultCharset utf-8</code>
-    </blockquote>
-
-    <p><b>Note:</b> This will <b>not</b> have any effect on the
-    Content-Type and character set for default Apache-generated
-    status pages (such as '404 Not Found' or '301 Moved Permanently')
-    because those have an <i>actual</i> character set (that in which the
-    hard-coded page content is written) and don't need to have a default
-    applied.</p>
-
-    <hr />
-
-    <h2><a id="addmodule" name="addmodule">AddModule
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddModule
-    <em>module</em> [<em>module</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config <br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> AddModule is
-    only available in Apache 1.2 and later 
-
-    <p>The server can have modules compiled in which are not
-    actively in use. This directive can be used to enable the use
-    of those modules. The server comes with a pre-loaded list of
-    active modules; this list can be cleared with the <a
-    href="#clearmodulelist">ClearModuleList</a> directive.</p>
-
-    <p>For example:</p>
-
-    <blockquote>
-    <code>AddModule mod_include.c</code>
-    </blockquote>
-
-    <p>The ordering of <code>AddModule</code> lines is important.
-    Modules are listed in reverse priority order --- the ones that come
-    later can override the behavior of those that come earlier.  This
-    can have visible effects; for instance, if UserDir followed Alias,
-    you couldn't alias out a particular user's home directory.  For
-    more information and a recommended ordering, see 
-    <code>src/Configuration.tmpl</code> in the Apache source
-    distribution.</p>
-
-    <p><strong>See also</strong>: <a
-    href="#clearmodulelist">ClearModuleList</a> and <a
-    href="mod_so.html#loadmodule">LoadModule</a></p>
-    <hr />
-
-    <h2><a id="allowoverride" name="allowoverride">AllowOverride
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AllowOverride
-    All|None|<em>directive-type</em> [<em>directive-type</em>]
-    ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>AllowOverride
-    All</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>When the server finds an .htaccess file (as specified by <a
-    href="#accessfilename">AccessFileName</a>) it needs to know
-    which directives declared in that file can override earlier
-    access information.</p>
-
-    <p><strong>Note:</strong> <code>AllowOverride</code> is only
-    valid in &lt;Directory&gt; sections, not in &lt;Location&gt; or
-    &lt;Files&gt; sections, as implied by the <strong>Context</strong>
-    section above.</p>
-
-    <p>When this directive is set to <code>None</code>, then
-    .htaccess files are completely ignored. In this case, the
-    server will not even attempt to read .htaccess files in the
-    filesystem.</p>
-
-    <p>When this directive is set to <code>All</code>, then any
-    directive which has the .htaccess <a
-    href="directive-dict.html#Context">Context</a> is allowed in
-    .htaccess files.</p>
-
-    <p>The <em>directive-type</em> can be one of the following
-    groupings of directives.</p>
-
-    <dl>
-      <dt>AuthConfig</dt>
-
-      <dd>
-
-      Allow use of the authorization directives (<a
-      href="mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a>,
-      <a
-      href="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</a>,
-      <a href="mod_auth.html#authgroupfile">AuthGroupFile</a>, <a
-      href="#authname">AuthName</a>, <a
-      href="#authtype">AuthType</a>, <a
-      href="mod_auth.html#authuserfile">AuthUserFile</a>, <a
-      href="#require">Require</a>, <em>etc.</em>).</dd>
-
-      <dt>FileInfo</dt>
-
-      <dd>
-      Allow use of the directives controlling document types (<a
-      href="mod_mime.html#addencoding">AddEncoding</a>, <a
-      href="mod_mime.html#addlanguage">AddLanguage</a>, <a
-      href="mod_mime.html#addtype">AddType</a>, <a
-      href="#defaulttype">DefaultType</a>, <a
-      href="#errordocument">ErrorDocument</a>, <a
-      href="mod_negotiation.html#languagepriority">LanguagePriority</a>,
-      <em>etc.</em>).</dd>
-
-      <dt>Indexes</dt>
-
-      <dd>
-      Allow use of the directives controlling directory indexing
-      (<a
-      href="mod_autoindex.html#adddescription">AddDescription</a>,
-      <a href="mod_autoindex.html#addicon">AddIcon</a>, <a
-      href="mod_autoindex.html#addiconbyencoding">AddIconByEncoding</a>,
-      <a href="mod_autoindex.html#addiconbytype">AddIconByType</a>,
-      <a href="mod_autoindex.html#defaulticon">DefaultIcon</a>, <a
-      href="mod_dir.html#directoryindex">DirectoryIndex</a>, <a
-      href="mod_autoindex.html#fancyindexing">FancyIndexing</a>, <a
-      href="mod_autoindex.html#headername">HeaderName</a>, <a
-      href="mod_autoindex.html#indexignore">IndexIgnore</a>, <a
-      href="mod_autoindex.html#indexoptions">IndexOptions</a>, <a
-      href="mod_autoindex.html#readmename">ReadmeName</a>,
-      <em>etc.</em>).</dd>
-
-      <dt>Limit</dt>
-
-      <dd>
-      Allow use of the directives controlling host access (<a
-      href="mod_access.html#allow">Allow</a>,
-      <a href="mod_access.html#deny">Deny</a>
-      and <a href="mod_access.html#order">Order</a>).</dd>
-
-      <dt>Options</dt>
-
-      <dd>
-      Allow use of the directives controlling specific directory
-      features (<a href="#options">Options</a> and <a
-      href="mod_include.html#xbithack">XBitHack</a>).</dd>
-    </dl>
-
-    <p>Example:</p>
-    <blockquote><code>AllowOverride AuthConfig Indexes</code></blockquote>
-
-    <p><strong>See Also:</strong> <a
-    href="#accessfilename">AccessFileName</a> and <a
-    href="../configuring.html">Configuration Files</a></p>
-    <hr />
-
-    <h2><a id="authname" name="authname">AuthName
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthName
-    <em>auth-domain</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>This directive sets the name of the authorization realm for
-    a directory. This realm is given to the client so that the user
-    knows which username and password to send.
-    <samp>AuthName</samp> takes a single argument; if the realm
-    name contains spaces, it must be enclosed in quotation marks.
-    It must be accompanied by <a href="#authtype">AuthType</a> and
-    <a href="#require">Require</a> directives, and directives such
-    as <a href="mod_auth.html#authuserfile">AuthUserFile</a> and <a
-    href="mod_auth.html#authgroupfile">AuthGroupFile</a> to
-    work.</p>
-
-    <p>For example:</p>
-
-    <blockquote><code>AuthName "Top Secret"</code></blockquote>
-
-    <p>The string provided for the <code>AuthName</code> is what will
-    appear in the password dialog provided by most browsers.</p>
-
-    <p><strong>See also:</strong> <a
-    href="../howto/auth.html">Authentication, Authorization, and
-    Access Control</a></p>
-    <hr />
-
-    <h2><a id="authtype" name="authtype">AuthType
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthType
-    Basic|Digest<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>This directive selects the type of user authentication for a
-    directory. Only <code>Basic</code> and <code>Digest</code> are
-    currently implemented. 
-
-     It must be accompanied by <a href="#authname">AuthName</a> and
-    <a href="#require">Require</a> directives, and directives such
-    as <a href="mod_auth.html#authuserfile">AuthUserFile</a> and <a
-    href="mod_auth.html#authgroupfile">AuthGroupFile</a> to
-    work.</p>
-
-    <p><strong>See also:</strong> <a
-    href="../howto/auth.html">Authentication, Authorization, and
-    Access Control</a></p>
-    <hr />
-
-    <h2><a id="bindaddress" name="bindaddress">BindAddress
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> BindAddress
-    *|<em>IP-address</em>|<em>domain-name</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>BindAddress
-    *</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> BindAddress is
-    deprecated and will be eliminated in Apache 2.0.
-
-    <p>A Unix&reg; http server can either listen for connections to
-    every IP address of the server machine, or just one IP address
-    of the server machine. If the argument to this directive is *,
-    then the server will listen for connections on every IP
-    address. Otherwise, the server can listen to only a specific
-    <em>IP-address</em> or a fully-qualified Internet
-    <em>domain-name</em>.</p>
-
-    <p>For example:</p>
-
-    <code>BindAddress 192.168.15.48</code><br />
-
-    <p>Only one <code>BindAddress</code> directive can be used.</p>
-    
-    <p>This directive is deprecated and will be eliminated in
-    Apache 2.0.  Equivalent functionality and more control over the
-    address and ports Apache listens to is available using the
-    <code><a href="#listen">Listen</a></code>
-    directive.</p>
-
-    <p><code>BindAddress</code> can be used as an alternative
-    method for supporting <a href="../vhosts/">virtual hosts</a>
-    using multiple independent servers, instead of using <code><a
-    href="#virtualhost">&lt;VirtualHost&gt;</a></code>
-    sections.</p>
-
-    <p><strong>See Also:</strong> <a href="../dns-caveats.html">DNS
-    Issues</a><br />
-     <strong>See Also:</strong> <a href="../bind.html">Setting
-    which addresses and ports Apache uses</a></p>
-    <hr />
-
-    <h2><a id="bs2000account" name="bs2000account">BS2000Account
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> BS2000Account
-    <em>account</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>none</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> BS2000Account is
-    only available for BS2000 machines, as of Apache 1.3 and later.
-    
-
-    <p>The <code>BS2000Account</code> directive is available for
-    BS2000 hosts only. It must be used to define the account number
-    for the non-privileged apache server user (which was configured
-    using the <a href="#user">User</a> directive). This is required
-    by the BS2000 POSIX subsystem (to change the underlying BS2000
-    task environment by performing a sub-LOGON) to prevent CGI
-    scripts from accessing resources of the privileged account
-    which started the server, usually <samp>SYSROOT</samp>.<br />
-     Only one <code>BS2000Account</code> directive can be used.</p>
-
-    <hr />
-
-    <h2><a id="cgicommandargs" name="cgicommandargs">CGICommandArgs
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CGICommandArgs On|Off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> CGICommandArgs On<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Options<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in Apache
-       1.3.24 and later.
-
-    <p>Way back when the internet was a safer, more naive place, it
-    was convenient for the server to take a query string that did not
-    contain an '=' sign and to parse and pass it to a CGI program as
-    command line args.  For example, <code>&lt;IsIndex&gt;</code>
-    generated searches often work in this way.  The default behavior
-    in Apache is to maintain this behavior for backwards
-    compatibility, although it is generally regarded as unsafe
-    practice today.  Most CGI programs do not take command line
-    parameters, but among those that do, many are unaware of this
-    method of passing arguments and are therefore vulnerable to
-    malicious clients passing unsafe material in this way. Setting
-    <code>CGICommandArgs Off</code> is recommended to protect such
-    scripts with little loss in functionality.</p>
-
-    <hr />
-
-    <h2><a id="clearmodulelist"
-    name="clearmodulelist">ClearModuleList directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ClearModuleList<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ClearModuleList
-    is only available in Apache 1.2 and later 
-
-    <p>The server comes with a built-in list of active modules.
-    This directive clears the list. It is assumed that the list
-    will then be re-populated using the <a
-    href="#addmodule">AddModule</a> directive.</p>
-
-    <p><strong>See also</strong>: <a
-    href="#addmodule">AddModule</a> and <a
-    href="mod_so.html#loadmodule">LoadModule</a></p>
- 
-    <hr />
-
-    <h2><a id="contentdigest" name="contentdigest">ContentDigest
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ContentDigest
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ContentDigest
-    off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Options<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> experimental<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ContentDigest is
-    only available in Apache 1.1 and later 
-
-    <p>This directive enables the generation of
-    <code>Content-MD5</code> headers as defined in RFC1864
-    respectively RFC2068.</p>
-
-    <p>MD5 is an algorithm for computing a "message digest"
-    (sometimes called "fingerprint") of arbitrary-length data, with
-    a high degree of confidence that any alterations in the data
-    will be reflected in alterations in the message digest.</p>
-
-    <p>The <code>Content-MD5</code> header provides an end-to-end
-    message integrity check (MIC) of the entity-body. A proxy or
-    client may check this header for detecting accidental
-    modification of the entity-body in transit. Example header:</p>
-<pre>
-   Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
-</pre>
-
-    <p>Note that this can cause performance problems on your server
-    since the message digest is computed on every request (the
-    values are not cached).</p>
-
-    <p><code>Content-MD5</code> is only sent for documents served
-    by the core, and not by any module. For example, SSI documents,
-    output from CGI scripts, and byte range responses do not have
-    this header.</p>
-    <hr />
-
-    <h2><a id="coredumpdirectory"
-    name="coredumpdirectory">CoreDumpDirectory directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CoreDumpDirectory
-    <em>directory-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> the same location as
-    ServerRoot<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>This controls the directory to which Apache attempts to
-    switch before dumping core. The default is in the <a
-    href="#serverroot">ServerRoot</a> directory, however since this
-    should not be writable by the user the server runs as, core
-    dumps won't normally get written. If you want a core dump for
-    debugging, you can use this directive to place it in a
-    different location.</p>
-
-    <p>For example:</p>
-
-    <blockquote>
-    <code>CoreDumpDirectory /tmp</code>
-    </blockquote>
-
-    <hr />
-
-    <h2><a id="defaulttype" name="defaulttype">DefaultType
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> DefaultType
-    <em>MIME-type</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>DefaultType
-    text/plain</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>There will be times when the server is asked to provide a
-    document whose type cannot be determined by its MIME types
-    mappings.</p>
-
-    <p>The server must inform the client of the content-type of the
-    document, so in the event of an unknown type it uses the
-    <code>DefaultType</code>. For example:</p>
-
-    <blockquote>
-      <code>DefaultType image/gif</code>
-    </blockquote>
-    would be appropriate for a directory which contained many gif
-    images with filenames missing the .gif extension. 
-
-    <p><strong>See also:</strong> <a
-    href="mod_mime.html#addtype">AddType</a> and <a
-    href="mod_mime.html#typesconfig">TypesConfig</a>.</p>
-
-    <hr />
-
-    <h2><a id="directory" name="directory">&lt;Directory&gt;
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;Directory
-    <em>directory-path</em>|proxy:<em>url-path</em>&gt;
-    ... &lt;/Directory&gt; <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core. 
-
-    <p>&lt;Directory&gt; and &lt;/Directory&gt; are used to enclose
-    a group of directives which will apply only to the named
-    directory and sub-directories of that directory. Any directive
-    which is allowed in a directory context may be used.
-    <em>Directory-path</em> is either the full path to a directory,
-    or a wild-card string. In a wild-card string, `?' matches any
-    single character, and `*' matches any sequences of characters.
-    As of Apache 1.3, you may also use `[ ]' character ranges like
-    in the shell. Also as of Apache 1.3 none of the wildcards match
-    a `/' character, which more closely mimics the behavior of
-    Unix shells. Example:</p>
-<pre>
-   &lt;Directory /usr/local/httpd/htdocs&gt;
-   Options Indexes FollowSymLinks
-   &lt;/Directory&gt;
-</pre>
-
-    <p><strong>Apache 1.2 and above:</strong> Extended regular
-    expressions can also be used, with the addition of the
-    <code>~</code> character. For example:</p>
-<pre>
-   &lt;Directory ~ "^/www/.*/[0-9]{3}"&gt;
-</pre>
-    would match directories in /www/ that consisted of three
-    numbers. 
-
-    <p>If multiple (non-regular expression) directory sections
-    match the directory (or its parents) containing a document,
-    then the directives are applied in the order of shortest match
-    first, interspersed with the directives from the <a
-    href="#accessfilename">.htaccess</a> files. For example,
-    with</p>
-
-    <blockquote>
-      <code>&lt;Directory /&gt;<br />
-       AllowOverride None<br />
-       &lt;/Directory&gt;<br />
-      <br />
-       &lt;Directory /home/*&gt;<br />
-       AllowOverride FileInfo<br />
-       &lt;/Directory&gt;</code>
-    </blockquote>
-    for access to the document <code>/home/web/dir/doc.html</code>
-    the steps are: 
-
-    <ul>
-      <li>Apply directive <code>AllowOverride None</code>
-      (disabling <code>.htaccess</code> files).</li>
-
-      <li>Apply directive <code>AllowOverride FileInfo</code> (for
-      directory <code>/home/web</code>).</li>
-
-      <li>Apply any FileInfo directives in
-      <code>/home/web/.htaccess</code></li>
-    </ul>
-
-    <p>Regular expression directory sections are handled slightly
-    differently by Apache 1.2 and 1.3. In Apache 1.2 they are
-    interspersed with the normal directory sections and applied in
-    the order they appear in the configuration file. They are
-    applied only once, and apply when the shortest match possible
-    occurs. In Apache 1.3 regular expressions are not considered
-    until after all of the normal sections have been applied. Then
-    all of the regular expressions are tested in the order they
-    appeared in the configuration file. For example, with</p>
-
-    <blockquote>
-      <code>&lt;Directory ~ abc$&gt;<br />
-       ... directives here ...<br />
-       &lt;/Directory&gt;<br />
-      </code>
-    </blockquote>
-    Suppose that the filename being accessed is
-    <code>/home/abc/public_html/abc/index.html</code>. The server
-    considers each of <code>/</code>, <code>/home</code>,
-    <code>/home/abc</code>, <code>/home/abc/public_html</code>, and
-    <code>/home/abc/public_html/abc</code> in that order. In Apache
-    1.2, when <code>/home/abc</code> is considered, the regular
-    expression will match and be applied. In Apache 1.3 the regular
-    expression isn't considered at all at that point in the tree.
-    It won't be considered until after all normal
-    &lt;Directory&gt;s and <code>.htaccess</code> files have been
-    applied. Then the regular expression will match on
-    <code>/home/abc/public_html/abc</code> and be applied. 
-
-    <p><strong>Note that the default Apache access for
-    &lt;Directory /&gt; is <samp>Allow from All</samp>. This means
-    that Apache will serve any file mapped from an URL. It is
-    recommended that you change this with a block such
-    as</strong></p>
-<pre>
- &lt;Directory /&gt;
-     Order Deny,Allow
-     Deny from All
- &lt;/Directory&gt;
-</pre>
-
-    <p><strong>and then override this for directories you
-    <em>want</em> accessible. See the <a
-    href="../misc/security_tips.html">Security Tips</a> page for
-    more details.</strong></p>
-    &lt;Directory&gt; directives cannot nest, and cannot appear in
-    a <a href="#limit">&lt;Limit&gt;</a> or <a
-    href="#limitexcept">&lt;LimitExcept&gt;</a> section. 
-
-   <p>If you have <a href="mod_proxy.html">mod_proxy</a> enabled, you
-   can use the <code>proxy:</code> syntax to apply configuration
-   directives to proxied content. The syntax for this is to specify the
-   proxied URLs to which you wish to apply the configuration, or to
-   specify <code>*</code> to apply to all proxied content:</p>
-
-   <p>To apply to all proxied content:</p>
-
-   <pre>
-   &lt;Directory proxy:*&gt;
-     ... directives here ...
-   &lt;/Directory&gt;
-   </pre>
-
-   <p>To apply to just a subset of proxied content:</p>
-
-   <pre>
-   &lt;Directory proxy:http://www.example.com/&gt;
-     ... directives here ...
-   &lt;/Directory&gt;
-   </pre>
-
-    <p><strong>See also</strong>: <a href="../sections.html">How
-    Directory, Location and Files sections work</a> for an
-    explanation of how these different sections are combined when a
-    request is received</p>
-    <p><strong>See also</strong>: <a
-    href="#directorymatch">DirectoryMatch</a></p>
-    <hr />
-
-    <h2><a id="directorymatch"
-    name="directorymatch">&lt;DirectoryMatch&gt;</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;DirectoryMatch
-    <em>regex</em>&gt; ... &lt;/DirectoryMatch&gt; <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core.<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later 
-
-    <p>&lt;DirectoryMatch&gt; and &lt;/DirectoryMatch&gt; are used
-    to enclose a group of directives which will apply only to the
-    named directory and sub-directories of that directory, the same
-    as <a href="#directory">&lt;Directory&gt;</a>. However, it
-    takes as an argument a regular expression. For example:</p>
-<pre>
-   &lt;DirectoryMatch "^/www/.*/[0-9]{3}"&gt;
-</pre>
-
-    <p>would match directories in /www/ that consisted of three
-    numbers.</p>
-
-    <p><strong>See Also:</strong> <a
-    href="#directory">&lt;Directory&gt;</a> for a description of
-    how regular expressions are mixed in with normal
-    &lt;Directory&gt;s.<br />
-     <strong>See also</strong>: <a href="../sections.html">How
-    Directory, Location and Files sections work</a> for an
-    explanation of how these different sections are combined when a
-    request is received</p>
-    <hr />
-
-    <h2><a id="documentroot" name="documentroot">DocumentRoot
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> DocumentRoot
-    <em>directory-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>DocumentRoot
-    /usr/local/apache/htdocs</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>This directive sets the directory from which httpd will
-    serve files. Unless matched by a directive like Alias, the
-    server appends the path from the requested URL to the document
-    root to make the path to the document. Example:</p>
-
-    <blockquote>
-      <code>DocumentRoot /usr/web</code>
-    </blockquote>
-    then an access to
-    <code>http://www.my.host.com/index.html</code> refers to
-    <code>/usr/web/index.html</code>. 
-
-    <p>There appears to be a bug in mod_dir which causes problems
-    when the DocumentRoot has a trailing slash (<em>i.e.</em>,
-    "DocumentRoot /usr/web/") so please avoid that.</p>
-    <hr />
-
-    <h2><a id="ebcdicconvert"
-    name="ebcdicconvert">EBCDICConvert</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> EBCDICConvert
-    On|Off[=<em>direction</em>] <em>extension</em>
-    [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> The configurable
-    EBCDIC conversion is only available in Apache 1.3.19 and later,
-    and on EBCDIC based platforms. 
-
-    <p>The EBCDICConvert directive maps the given filename
-    extensions to the specified conversion setting (<samp>On</samp>
-    or <samp>Off</samp>). File extensions may be specified with or
-    without a leading dot.</p>
-
-    <p>If the optional format <samp>On=<i>direction</i></samp> (or
-    <samp>Off=<i>direction</i></samp>) is used, where
-    <i>direction</i> is one of <samp>In</samp>, <samp>Out</samp> or
-    <samp>InOut</samp>, then the directive only applies to the
-    specified transfer direction (<samp>In</samp>: uploaded content
-    in a PUT or POST request, <samp>Out</samp>: returned content in
-    a GET or POST request, and <samp>InOut</samp>: conversion in
-    both directions).<br />
-     Otherwise, <samp>InOut</samp> (conversion in both directions)
-    is implied.</p>
-
-    <p>Conversion configuration based on file extension is tested
-    prior to configuration based on MIME type, to allow for generic
-    MIME based rules to be overridden by a more specific file
-    extension (several file extensions may exist for the same MIME
-    type).</p>
-
-    <p><strong>Example</strong>:<br />
-     With a configuration like the following, the normal
-    <samp>*.html</samp> files contain HTML text in EBCDIC encoding,
-    while <samp>*.ahtml</samp> files contain HTML text in ASCII
-    encoding:</p>
-<pre>
-    # *.html and *.ahtml contain HTML text:
-    AddType  text/html  .html .ahtml
-
-    # *.ahtml is not converted (contains ASCII text already):
-    EBCDICConvert       Off .ahtml
-
-    # All other text/html files presumably contain EBCDIC text:
-    EBCDICConvertByType On  text/html
-</pre>
-    <br />
-     <br />
-     
-
-    <p><strong>See also</strong>: <a
-    href="#ebcdicconvertbytype">EBCDICConvertByType</a></p>
-    <hr />
-
-    <h2><a id="ebcdicconvertbytype"
-    name="ebcdicconvertbytype">EBCDICConvertByType</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> EBCDICConvertByType
-    On|Off[=<em>direction</em>] <em>mimetype</em>
-    [<em>mimetype</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> The configurable
-    EBCDIC conversion is only available in Apache 1.3.19 and later,
-    and on EBCDIC based platforms. 
-
-    <p>The EBCDICConvertByType directive maps the given MIME type
-    (optionally containing wildcards) to the specified conversion
-    setting (<samp>On</samp> or <samp>Off</samp>).</p>
-
-    <p>If the optional format <samp>On=<i>direction</i></samp> (or
-    <samp>Off=<i>direction</i></samp>) is used, where
-    <i>direction</i> is one of <samp>In</samp>, <samp>Out</samp> or
-    <samp>InOut</samp>, then the directive only applies to the
-    specified transfer direction (<samp>In</samp>: uploaded content
-    in a PUT or POST request, <samp>Out</samp>: returned content in
-    a GET or POST request, and <samp>InOut</samp>: conversion in
-    both directions).<br />
-     Otherwise, <samp>InOut</samp> (conversion in both directions)
-    is implied.</p>
-
-    <p><strong>Example</strong>:<br />
-     A useful standard configuration should at least contain the
-    following defaults:</p>
-<pre>
-    # All text documents are stored as EBCDIC files:
-    EBCDICConvertByType On  text/* message/* multipart/*
-    EBCDICConvertByType On  application/x-www-form-urlencoded \
-                model/vrml application/postscript
-    # All other files are assumed to be binary:
-    EBCDICConvertByType Off */*
-</pre>
-    If you serve ASCII documents only, for example from an NFS
-    mounted unix server, use: 
-<pre>
-    # All documents are ASCII already:
-    EBCDICConvertByType Off */*
-</pre>
-
-    <p><strong>See also</strong>: <a
-    href="#ebcdicconvert">EBCDICConvert</a></p>
-    <hr />
-
-    <h2><a id="ebcdickludge"
-    name="ebcdickludge">EBCDICKludge</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> EBCDICKludge
-    On|Off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>EBCDICKludge
-    Off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> EBCDICKludge is
-    only available in Apache 1.3.19 and later, and on EBCDIC based
-    platforms. It is deprecated and will be withdrawn in a future
-    version.<br />
-     
-
-    <p>The EBCDICKludge is provided for the backward compatible
-    behavior with apache versions 1.3.0 through 1.3.18. In these
-    versions, all files with MIME types starting with "text/",
-    "message/" or "multipart/" or with type
-    "application/x-www-form-urlencoded" would be converted by
-    default, all other documents were returned unconverted. Only if
-    a MIME type "<samp>text/<b>x-ascii-</b><i>subtype</i></samp>"
-    was configured for a certain document, the document was assumed
-    to be in ASCII format already, and was not converted again.
-    Instead, the "<samp><b>x-ascii-</b></samp>" was removed from
-    the type, resulting in the MIME type
-    "<samp>text/<i>subtype</i></samp>" being returned for the
-    document.</p>
-
-    <p>If the EBCDICKludge directive is set to <samp>On</samp>, and
-    if none of the file extensions configured with the <a
-    href="#ebcdicconvert">EBCDICConvert</a> directive matches in
-    the current context, then the server tests for a MIME type of
-    the format
-    <samp><i>type/</i><b>x-ascii-</b><i>subtype</i></samp>. If the
-    document has such a type, then the
-    "<samp><b>x-ascii-</b></samp>" substring is removed and the
-    conversion set to <samp>Off</samp>. This allows for overriding
-    the implicit assumption that all text files are stored in
-    EBCDIC format, for example when serving documents from an NFS
-    mounted directory with ASCII documents.<br />
-     By using the EBCDICKludge, there is no way to force one of the
-    other MIME types (<em>e.g.</em>, model/vrml) to be treated as
-    an EBCDIC text file. Use of the <a
-    href="#ebcdicconvertbytype">EBCDICConvertByType</a> directive
-    mentioned above is the preferred way to configure such a
-    conversion. (Before Apache version 1.3.19, there was no way at
-    all to force these binary documents to be treated as EBCDIC
-    text files.)</p>
-
-    <p><strong>See also</strong>: <a
-    href="#ebcdicconvert">EBCDICConvert</a>, <a
-    href="#ebcdicconvertbytype">EBCDICConvertByType</a></p>
-    <hr />
-
-    <h2><a id="errordocument" name="errordocument">ErrorDocument
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ErrorDocument
-    <em>error-code document</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> The directory
-    and .htaccess contexts are only available in Apache 1.1 and
-    later. 
-
-    <p>In the event of a problem or error, Apache can be configured
-    to do one of four things,</p>
-
-    <ol>
-      <li>output a simple hardcoded error message</li>
-
-      <li>output a customized message</li>
-
-      <li>redirect to a local <em>URL-path</em> to handle the
-      problem/error</li>
-
-      <li>redirect to an external <em>URL</em> to handle the
-      problem/error</li>
-    </ol>
-
-    <p>The first option is the default, while options 2-4 are
-    configured using the <code>ErrorDocument</code> directive,
-    which is followed by the HTTP response code and a message or
-    URL.</p>
-
-    <p><em>Messages</em> in this context begin with a single
-    double-quote character (<code>"</code>), which does not form
-    part of the message itself. Apache will sometimes offer
-    additional information regarding the problem/error.</p>
-
-    <p>URLs can begin with a slash (/) for local URLs, or be a full
-    URL which the client can resolve. Examples:</p>
-
-    <blockquote>
-      <code>ErrorDocument 500
-      http://foo.example.com/cgi-bin/tester<br />
-       ErrorDocument 404 /cgi-bin/bad_urls.pl<br />
-       ErrorDocument 401 /subscription_info.html<br />
-       ErrorDocument 403 "Sorry can't allow you access today</code>
-    </blockquote>
-
-    <p>Note that when you specify an <code>ErrorDocument</code>
-    that points to a remote URL (ie. anything with a method such as
-    "http" in front of it), Apache will send a redirect to the
-    client to tell it where to find the document, even if the
-    document ends up being on the same server. This has several
-    implications, the most important being that the client will not
-    receive the original error status code, but instead will
-    receive a redirect status code. This in turn can confuse web
-    robots and other clients which try to determine if a URL is
-    valid using the status code. In addition, if you use a remote
-    URL in an <code>ErrorDocument 401</code>, the client will not
-    know to prompt the user for a password since it will not
-    receive the 401 status code. Therefore, <strong>if you use an
-    "ErrorDocument 401" directive then it must refer to a local
-    document.</strong></p>
-
-    <p>See Also: <a href="../custom-error.html">documentation of
-    customizable responses.</a> See the <a
-    href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html">HTTP
-    specification</a> for a complete list of the status codes and their
-    meanings.</p>
-    <hr />
-
-    <h2><a id="errorlog" name="errorlog">ErrorLog
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ErrorLog
-    <em>file-path</em>|syslog[:<em>facility</em>] <br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ErrorLog
-    logs/error_log</code> (Unix)<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ErrorLog
-    logs/error.log</code> (Windows and OS/2)<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The error log directive sets the name of the file to which
-    the server will log any errors it encounters. If the
-    <em>file-path</em> does not begin with a slash (/) then it is
-    assumed to be relative to the <a
-    href="#serverroot">ServerRoot</a>. If the <em>file-path</em>
-    begins with a pipe (|) then it is assumed to be a command to
-    spawn to handle the error log.</p>
-
-    <p>Examples</p>
-
-    <p><code>ErrorLog logs/vhost1.error</code></p>
-
-    or
-
-    <p><code>ErrorLog |/usr/local/bin/errorlog.pl</code></p>
-
-    <p><strong>Apache 1.3 and above:</strong> Using
-    <code>syslog</code> instead of a filename enables logging via
-    syslogd(8) if the system supports it. The default is to use
-    syslog facility <code>local7</code>, but you can override this
-    by using the <code>syslog:</code><em>facility</em> syntax where
-    <em>facility</em> can be one of the names usually documented in
-    syslog(1).</p>
-
-    <p>For example:</p>
-
-    <p><code>ErrorLog syslog</code></p>
-
-    or
-
-    <p><code>ErrorLog syslog:user</code></p>
-
-    <p>SECURITY: See the <a
-    href="../misc/security_tips.html#serverroot">security tips</a>
-    document for details on why your security could be compromised
-    if the directory where logfiles are stored is writable by
-    anyone other than the user that starts the server.</p>
-
-    <p><strong>See also:</strong> <a href="#loglevel">LogLevel</a>
-    and <a href="../logs.html">Apache Log Files</a></p>
-    <hr />
-
-    <h2><a id="fileetag" name="fileetag">FileETag directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> FileETag
-    <i>component</i> ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> only available
-    in Apache 1.3.23 versions and later. 
-
-    <p>
-    The FileETag directive configures the file attributes that are
-    used to create the ETag (entity tag) response header field
-    when the document is based on a file.
-    (The ETag value is used in cache management to save network
-    bandwidth.)  In Apache 1.3.22 and earlier, the ETag value was
-    <i>always</i> formed from the file's inode, size, and last-modified
-    time (mtime).  The FileETag directive allows you to choose
-    which of these -- if any -- should be used.  The recognized
-    keywords are:
-    </p>
-    <dl compact="compact">
-     <dt><b>INode</b></dt>
-     <dd>The file's i-node number will be included in the calculation</dd>
-     <dt><b>MTime</b></dt>
-     <dd>The date and time the file was last modified will be included</dd>
-     <dt><b>Size</b></dt>
-     <dd>The number of bytes in the file will be included</dd>
-     <dt><b>All</b></dt>
-     <dd>All available fields will be used (equivalent to
-      '<code>FileETag&nbsp;INode&nbsp;MTime&nbsp;Size</code>')</dd>
-     <dt><b>None</b></dt>
-     <dd>If a document is file-based, no ETag field will be included in the
-      response</dd>
-    </dl>
-    <p>
-    The INode, MTime, and Size keywords may be prefixed with either '+'
-    or '-', which allow changes to be made to the default setting
-    inherited from a broader scope.  Any keyword appearing without
-    such a prefix immediately and completely cancels the inherited
-    setting.
-    </p>
-    <p>
-    If a directory's configuration includes
-    '<code>FileETag&nbsp;INode&nbsp;MTime&nbsp;Size</code>', and a
-    subdirectory's includes '<code>FileETag&nbsp;-INode</code>',
-    the setting for that subdirectory (which will be inherited by
-    any sub-subdirectories that don't override it) will be equivalent to
-    '<code>FileETag&nbsp;MTime&nbsp;Size</code>'.
-    </p>
-    <hr />
-
-    <h2><a id="files" name="files">&lt;Files&gt; directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;Files
-    <em>filename</em>&gt; ... &lt;/Files&gt;<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> only available
-    in Apache 1.2 and above. 
-
-    <p>The &lt;Files&gt; directive provides for access control by
-    filename. It is comparable to the <a
-    href="#directory">&lt;Directory&gt;</a> directive and <a
-    href="#location">&lt;Location&gt;</a> directives. It should be
-    matched with a &lt;/Files&gt; directive. The directives given
-    within this section will be applied to any object with a
-    basename (last component of filename) matching the specified
-    filename. <code>&lt;Files&gt;</code> sections are processed in
-    the order they appear in the configuration file, after the
-    &lt;Directory&gt; sections and <code>.htaccess</code> files are
-    read, but before &lt;Location&gt; sections. Note that
-    &lt;Files&gt; can be nested inside &lt;Directory&gt; sections
-    to restrict the portion of the filesystem they apply to.</p>
-
-    <p>The <em>filename</em> argument should include a filename, or
-    a wild-card string, where `?' matches any single character, and
-    `*' matches any sequences of characters. Extended regular
-    expressions can also be used, with the addition of the
-    <code>~</code> character. For example:</p>
-<pre>
-   &lt;Files ~ "\.(gif|jpe?g|png)$"&gt;
-</pre>
-    would match most common Internet graphics formats. In Apache
-    1.3 and later, <a href="#filesmatch">&lt;FilesMatch&gt;</a> is
-    preferred, however. 
-
-    <p>Note that unlike <a
-    href="#directory"><code>&lt;Directory&gt;</code></a> and <a
-    href="#location"><code>&lt;Location&gt;</code></a> sections,
-    <code>&lt;Files&gt;</code> sections can be used inside
-    .htaccess files. This allows users to control access to their
-    own files, at a file-by-file level.
-    For example, to password protect a single file within a
-    particular directory, you might add the following to your
-    <code>.htaccess</code> file:</p>
-
-    <pre>
-    &lt;Files admin.cgi&gt;
-    Require group admin
-    &lt;/Files&gt;</pre>
-
-    <p>Remember that directives apply to subdirectories as well, so this
-    will also protect files called <code>admin.cgi</code> in
-    subdirectories, unless specifically overridden.</p>
-
-    <p>(See <a href="#require">Require</a> for details on using the
-    <code>Require</code> directive)</p>
-
-    <p><strong>See also</strong>: <a href="../sections.html">How
-    Directory, Location and Files sections work</a> for an
-    explanation of how these different sections are combined when a
-    request is received</p>
-    <hr />
-
-    <h2><a id="filesmatch"
-    name="filesmatch">&lt;FilesMatch&gt;</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;FilesMatch
-    <em>regex</em>&gt; ... &lt;/FilesMatch&gt;<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> only available
-    in Apache 1.3 and above. 
-
-    <p>The &lt;FilesMatch&gt; directive provides for access control
-    by filename, just as the <a href="#files">&lt;Files&gt;</a>
-    directive does. However, it accepts a regular expression. For
-    example:</p>
-<pre>
-   &lt;FilesMatch "\.(gif|jpe?g|png)$"&gt;
-</pre>
-
-    <p>would match most common Internet graphics formats.</p>
-    <strong>See also</strong>: <a href="../sections.html">How
-    Directory, Location and Files sections work</a> for an
-    explanation of how these different sections are combined when a
-    request is received 
-    <hr />
-
-    <h2><a id="group" name="group">Group directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Group
-    <em>unix-group</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>Group
-    #-1</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The Group directive sets the group under which the server
-    will answer requests. In order to use this directive, the
-    stand-alone server must be run initially as root.
-    <em>Unix-group</em> is one of:</p>
-
-    <dl>
-      <dt>A group name</dt>
-
-      <dd>Refers to the given group by name.</dd>
-
-      <dt># followed by a group number.</dt>
-
-      <dd>Refers to a group by its number.</dd>
-    </dl>
-    <p>It is recommended that you set up a new group specifically for
-    running the server. Some admins use user <code>nobody</code>,
-    but this is not always possible or desirable.</p>
-
-    <p>Example:</p>
-
-    <code>Group www-group</code>
-
-    <p>Note: if you start the server as a non-root user, it will
-    fail to change to the specified group, and will instead
-    continue to run as the group of the original user.</p>
-
-    <p>Special note: Use of this directive in &lt;VirtualHost&gt;
-    requires a properly configured <a href="../suexec.html">suEXEC
-    wrapper</a>. When used inside a &lt;VirtualHost&gt; in this
-    manner, only the group that CGIs are run as is affected.
-    Non-CGI requests are still processed as the group specified in
-    the main Group directive.</p>
-
-    <p>SECURITY: See <a href="#user">User</a> for a discussion of
-    the security considerations.</p>
-    <hr />
-
-    <h2><a id="hostnamelookups"
-    name="hostnamelookups">HostnameLookups directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> HostnameLookups
-    on|off|double<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>HostnameLookups
-    off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    <code>double</code> available only in Apache 1.3 and
-    above.<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Default was
-    <code>on</code> prior to Apache 1.3. 
-
-    <p>This directive enables DNS lookups so that host names can be
-    logged (and passed to CGIs/SSIs in <code>REMOTE_HOST</code>).
-    The value <code>double</code> refers to doing double-reverse
-    DNS. That is, after a reverse lookup is performed, a forward
-    lookup is then performed on that result. At least one of the ip
-    addresses in the forward lookup must match the original
-    address. (In "tcpwrappers" terminology this is called
-    <code>PARANOID</code>.)</p>
-
-    <p>Regardless of the setting, when <a
-    href="mod_access.html">mod_access</a> is used for controlling
-    access by hostname, a double reverse lookup will be performed.
-    This is necessary for security. Note that the result of this
-    double-reverse isn't generally available unless you set
-    <code>HostnameLookups double</code>. For example, if only
-    <code>HostnameLookups on</code> and a request is made to an
-    object that is protected by hostname restrictions, regardless
-    of whether the double-reverse fails or not, CGIs will still be
-    passed the single-reverse result in
-    <code>REMOTE_HOST</code>.</p>
-
-    <p>The default for this directive was previously
-    <code>on</code> in versions of Apache prior to 1.3. It was
-    changed to <code>off</code> in order to save the network
-    traffic for those sites that don't truly need the reverse
-    lookups done. It is also better for the end users because they
-    don't have to suffer the extra latency that a lookup entails.
-    Heavily loaded sites should leave this directive
-    <code>off</code>, since DNS lookups can take considerable
-    amounts of time. The utility <a
-    href="../programs/logresolve.html">logresolve</a>, provided in
-    the <em>/support</em> directory, can be used to look up host
-    names from logged IP addresses offline.</p>
-    <hr />
-
-    <h2><a id="identitycheck" name="identitycheck">IdentityCheck
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> IdentityCheck
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>IdentityCheck
-    off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>This directive enables RFC1413-compliant logging of the
-    remote user name for each connection, where the client machine
-    runs identd or something similar. This information is logged in
-    the access log.</p>
-
-    <p>The information should not be trusted in any way except for
-    rudimentary usage tracking.</p>
-
-    <p>Note that this can cause serious latency problems accessing
-    your server since every request requires one of these lookups
-    to be performed. When firewalls are involved each lookup might
-    possibly fail and add 30 seconds of latency to each hit. So in
-    general this is not very useful on public servers accessible
-    from the Internet.</p>
-    <hr />
-
-    <h2><a id="ifdefine" name="ifdefine">&lt;IfDefine&gt;
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;IfDefine
-    [!]<em>parameter-name</em>&gt; <em>...</em>
-    &lt;/IfDefine&gt;<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> None<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> all<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> &lt;IfDefine&gt;
-    is only available in 1.3.1 and later. 
-
-    <p>The &lt;IfDefine <em>test</em>&gt;...&lt;/IfDefine&gt;
-    section is used to mark directives that are conditional. The
-    directives within an IfDefine section are only processed if the
-    <em>test</em> is true. If <em>test</em> is false, everything
-    between the start and end markers is ignored.</p>
-
-    <p>The <em>test</em> in the &lt;IfDefine&gt; section directive
-    can be one of two forms:</p>
-
-    <ul>
-      <li><em>parameter-name</em></li>
-
-      <li><code>!</code><em>parameter-name</em></li>
-    </ul>
-
-    <p>In the former case, the directives between the start and end
-    markers are only processed if the parameter named
-    <em>parameter-name</em> is defined. The second format reverses
-    the test, and only processes the directives if
-    <em>parameter-name</em> is <strong>not</strong> defined.</p>
-
-    <p>The <em>parameter-name</em> argument is a define as given on
-    the <code>httpd</code> command line via
-    <code>-D</code><em>parameter-</em>, at the time the server was
-    started.</p>
-
-    <p>&lt;IfDefine&gt; sections are nest-able, which can be used
-    to implement simple multiple-parameter tests. Example:</p>
-<pre>
-  $ httpd -DReverseProxy ...
-
-  # httpd.conf
-  &lt;IfDefine ReverseProxy&gt;
-  LoadModule rewrite_module libexec/mod_rewrite.so
-  LoadModule proxy_module   libexec/libproxy.so
-  &lt;/IfDefine&gt;
-</pre>
-    <hr />
-
-    <h2><a id="ifmodule" name="ifmodule">&lt;IfModule&gt;
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;IfModule
-    [!]<em>module-name</em>&gt; <em>...</em>
-    &lt;/IfModule&gt;<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> None<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> all<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> IfModule is only
-    available in 1.2 and later. 
-
-    <p>The &lt;IfModule <em>test</em>&gt;...&lt;/IfModule&gt;
-    section is used to mark directives that are conditional. The
-    directives within an IfModule section are only processed if the
-    <em>test</em> is true. If <em>test</em> is false, everything
-    between the start and end markers is ignored.</p>
-
-    <p>The <em>test</em> in the &lt;IfModule&gt; section directive
-    can be one of two forms:</p>
-
-    <ul>
-      <li><em>module name</em></li>
-
-      <li>!<em>module name</em></li>
-    </ul>
-
-    <p>In the former case, the directives between the start and end
-    markers are only processed if the module named <em>module
-    name</em> is included in Apache -- either compiled in or
-    dynamically loaded using <a
-    href="mod_so.html#loadmodule">LoadModule</a>. The second format
-    reverses the test, and only processes the directives if <em>module
-    name</em> is <strong>not</strong> included.</p>
-
-    <p>The <em>module name</em> argument is the file name of the
-    module, at the time it was compiled.
-    For example, <code>mod_rewrite.c</code>.</p>
-
-    <p>&lt;IfModule&gt; sections are nest-able, which can be used
-    to implement simple multiple-module tests.</p>
-    <hr />
-
-    <h2><a id="include" name="include">Include directive</a></h2>
-    <strong>Syntax:</strong> Include
-    <em>file-path</em>|<em>directory-path</em>|<em>wildcard-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Include is only
-    available in Apache 1.3 and later. 
-
-    <p>This directive allows inclusion of other configuration files
-    from within the server configuration files.</p>
-
-    <p>The file path specified may be a fully qualified path (i.e.
-    starting with a slash), or may be relative to the
-    <code>ServerRoot</code> directory.</p>
-
-    <p>New in Apache 1.3.13 is the feature that if
-    <code>Include</code> points to a directory, rather than a file,
-    Apache will read all files in that directory, and any
-    subdirectory, and parse those as configuration files.</p>
-    <p>By using a wildcard this can be further limited to, say,
-    just the '*.conf' files.
-    </p>
-    <p>Examples:</p>
-    <blockquote>
-    <code>Include /usr/local/apache/conf/ssl.conf<br />
-    Include /usr/local/apache/conf/vhosts/
-    </code>
-    </blockquote>
-
-    <p>Or, providing paths relative to your <code>ServerRoot</code>
-    directory:</p>
-
-    <blockquote>
-    <code>Include conf/ssl.conf<br />
-    Include conf/vhosts/
-    </code>
-    </blockquote>
-
-    <p>Make sure that an included directory does not contain any stray
-    files, such as editor temporary files, for example, as Apache will
-    attempt to read them in and use the contents as configuration
-    directives, which may cause the server to fail on start up.
-    Running <code>apachectl configtest</code> will give you a list of
-    the files that are being processed during the configuration  
-    check:</p>
-
-<pre>
-root@host# apachectl configtest
- Processing config directory: /usr/local/apache/conf/vhosts
- Processing config file: /usr/local/apache/conf/vhosts/vhost1
- Processing config file: /usr/local/apache/conf/vhosts/vhost2
-Syntax OK
-</pre>
-
-    <p>This will help in verifying that you are getting only the files
-    that you intended as part of your configuration.</p>
-
-    <p><strong>See also</strong>: <a
-    href="../programs/apachectl.html">apachectl</a></p>
-
-    <hr />
-
-    <h2><a id="keepalive" name="keepalive">KeepAlive
-    directive</a></h2>
-    <strong>Syntax: (Apache 1.1)</strong> KeepAlive
-    <em>max-requests</em><br />
-     <strong>Default: (Apache 1.1)</strong> <code>KeepAlive
-    5</code><br />
-     <strong>Syntax: (Apache 1.2)</strong> KeepAlive on|off<br />
-     <strong>Default: (Apache 1.2)</strong> <code>KeepAlive
-    On</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> KeepAlive is
-    only available in Apache 1.1 and later. 
-
-    <p>The Keep-Alive extension to HTTP/1.0 and the persistent
-    connection feature of HTTP/1.1 provide long-lived HTTP sessions
-    which allow multiple requests to be sent over the same TCP
-    connection. In some cases this has been shown to result in an
-    almost 50% speedup in latency times for HTML documents with
-    many images. To enable Keep-Alive connections in Apache 1.2 and
-    later, set <code>KeepAlive On</code>.</p>
-
-    <p>For HTTP/1.0 clients, Keep-Alive connections will only be
-    used if they are specifically requested by a client. In
-    addition, a Keep-Alive connection with an HTTP/1.0 client can
-    only be used when the length of the content is known in
-    advance. This implies that dynamic content such as CGI output,
-    SSI pages, and server-generated directory listings will
-    generally not use Keep-Alive connections to HTTP/1.0 clients.
-    For HTTP/1.1 clients, persistent connections are the default
-    unless otherwise specified. If the client requests it, chunked
-    encoding will be used in order to send content of unknown
-    length over persistent connections.</p>
-
-    <p><strong>Apache 1.1 only</strong>: Set <em>max-requests</em>
-    to the maximum number of requests you want Apache to entertain
-    per connection. A limit is imposed to prevent a client from
-    hogging your server resources. Set this to <code>0</code> to
-    disable support. In Apache 1.2 and 1.3, this is controlled
-    through the MaxKeepAliveRequests directive instead.</p>
-
-    <p>See also <a
-    href="#maxkeepaliverequests">MaxKeepAliveRequests</a>.</p>
-    <hr />
-
-    <h2><a id="keepalivetimeout"
-    name="keepalivetimeout">KeepAliveTimeout directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> KeepAliveTimeout
-    <em>seconds</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>KeepAliveTimeout
-    15</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> KeepAliveTimeout
-    is only available in Apache 1.1 and later. 
-
-    <p>The number of seconds Apache will wait for a subsequent
-    request before closing the connection. Once a request has been
-    received, the timeout value specified by the <a
-    href="#timeout"><code>Timeout</code></a> directive applies.</p>
-
-    <p>Setting <code>KeepAliveTimeout</code> to a high value may
-    cause performance problems in heavily loaded servers. The
-    higher the timeout, the more server processes will be kept
-    occupied waiting on connections with idle clients.</p>
-    <hr />
-
-    <h2><a id="limit" name="limit">&lt;Limit&gt; directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;Limit
-    <em>method</em> [<em>method</em>] ... &gt; ...
-    &lt;/Limit&gt;<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> any<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>Access controls are normally effective for
-    <strong>all</strong> access methods, and this is the usual
-    desired behavior. <strong>In the general case, access control
-    directives should not be placed within a
-    <code>&lt;limit&gt;</code> section.</strong></p>
-
-    <p>The purpose of the &lt;Limit&gt; directive is to restrict
-    the effect of the access controls to the nominated HTTP
-    methods. For all other methods, the access restrictions that
-    are enclosed in the &lt;Limit&gt; bracket <strong>will have no
-    effect</strong>. The following example applies the access
-    control only to the methods POST, PUT, and DELETE, leaving all
-    other methods unprotected:</p>
-
-    <blockquote>
-      <code>&lt;Limit POST PUT DELETE&gt;<br />
-       Require valid-user<br />
-       &lt;/Limit&gt;</code>
-    </blockquote>
-    <p>The method names listed can be one or more of: GET, POST, PUT,
-    DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH,
-    MKCOL, COPY, MOVE, LOCK, and UNLOCK. <strong>The method name is
-    case-sensitive.</strong> If GET is used it will also restrict
-    HEAD requests. The TRACE method cannot be limited.</p>
-
-    <p><strong>Warning:</strong> A <a
-    href="#limitexcept">&lt;LimitExcept&gt;</a> section should
-    always be used in preference to a <a
-    href="#limit">&lt;Limit&gt;</a> section when restricting access,
-    since a <a href="#limitexcept">&lt;LimitExcept&gt;</a> section
-    provides protection against arbitrary methods.</p>
-
-    <hr />
-
-    <h2><a id="limitexcept" name="limitexcept">&lt;LimitExcept&gt;
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;LimitExcept
-    <em>method</em> [<em>method</em>] ... &gt; ...
-    &lt;/LimitExcept&gt;<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> any<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.5 and later 
-
-    <p>&lt;LimitExcept&gt; and &lt;/LimitExcept&gt; are used to
-    enclose a group of access control directives which will then
-    apply to any HTTP access method <strong>not</strong> listed in
-    the arguments; <em>i.e.</em>, it is the opposite of a <a
-    href="#limit">&lt;Limit&gt;</a> section and can be used to
-    control both standard and nonstandard/unrecognized methods. See
-    the documentation for <a href="#limit">&lt;Limit&gt;</a> for
-    more details.</p>
-
-    <p>For example:</p>
-
-    <pre>
-    &lt;LimitExcept POST GET&gt;
-    Require valid-user
-    &lt;/LimitExcept&gt;
-    </pre>
-
-    <hr />
-
-    <h2><a id="limitinternalrecursion"
-    name="limitinternalrecursion">LimitInternalRecursion directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LimitInternalRecursion
-    <em>number</em> [<em>number</em>]<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>LimitInternalRecursion
-    20</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> LimitInternalRecursion
-    is only available in Apache 1.3.28 and later. 
-
-    <p>An internal redirect happens, for example, when using the <a
-    href="mod_actions.html#action">Action</a> directive, which internally
-    redirects the original request to a CGI script. A subrequest is Apache's
-    mechanism to find out what would happen for some URI if it were requested.
-    For example, <a href="mod_dir.html">mod_dir</a> uses subrequests to look
-    for the files listed in the <a
-    href="mod_dir.html#directoryindex">DirectoryIndex</a>
-    directive.</p>
-
-    <p><code>LimitInternalRecursion</code> prevents the server
-    from crashing when entering an infinite loop of internal redirects or
-    subrequests. Such loops are usually caused by misconfigurations.</p>
-
-    <p>The directive stores two different limits, which are evaluated on
-    per-request basis. The first <em>number</em> is the maximum number of
-    internal redirects, that may follow each other. The second <em>number</em>
-    determines, how deep subrequests may be nested. If you specify only one
-    <em>number</em>, it will be assigned to both limits. A value of
-    <code>0</code> means "unlimited".</p>
-
-    <p><strong>Example</strong></p>
-    <pre>
-    LimitInternalRecursion 5
-    </pre>
-
-    <hr />
-
-    <h2><a id="limitrequestbody"
-    name="limitrequestbody">LimitRequestBody directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LimitRequestBody
-    <em>bytes</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>LimitRequestBody
-    0</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> LimitRequestBody
-    is only available in Apache 1.3.2 and later. 
-
-    <p>This directive specifies the number of <em>bytes</em> from 0
-    (meaning unlimited) to 2147483647 (2GB) that are allowed in a
-    request body.</p>
-
-    <p>The LimitRequestBody directive allows the user to set a
-    limit on the allowed size of an HTTP request message body
-    within the context in which the directive is given (server,
-    per-directory, per-file or per-location). If the client request
-    exceeds that limit, the server will return an error response
-    instead of servicing the request. The size of a normal request
-    message body will vary greatly depending on the nature of the
-    resource and the methods allowed on that resource. CGI scripts
-    typically use the message body for passing form information to
-    the server. Implementations of the PUT method will require a
-    value at least as large as any representation that the server
-    wishes to accept for that resource.</p>
-
-    <p>This directive gives the server administrator greater
-    control over abnormal client request behavior, which may be
-    useful for avoiding some forms of denial-of-service
-    attacks.</p>
-
-    <p>If, for example, you are permitting file upload to a particular
-    location, and wich to limit the size of the uploaded file to 100K,
-    you might use the following directive:</p>
-
-    <pre>LimitRequestBody 102400</pre>
-    
-    <hr />
-
-    <h2><a id="limitrequestfields"
-    name="limitrequestfields">LimitRequestFields directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LimitRequestFields
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>LimitRequestFields 100</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    LimitRequestFields is only available in Apache 1.3.2 and later.
-    
-
-    <p><em>Number</em> is an integer from 0 (meaning unlimited) to
-    32767. The default value is defined by the compile-time
-    constant <code>DEFAULT_LIMIT_REQUEST_FIELDS</code> (100 as
-    distributed).</p>
-
-    <p>The LimitRequestFields directive allows the server
-    administrator to modify the limit on the number of request
-    header fields allowed in an HTTP request. A server needs this
-    value to be larger than the number of fields that a normal
-    client request might include. The number of request header
-    fields used by a client rarely exceeds 20, but this may vary
-    among different client implementations, often depending upon
-    the extent to which a user has configured their browser to
-    support detailed content negotiation. Optional HTTP extensions
-    are often expressed using request header fields.</p>
-
-    <p>This directive gives the server administrator greater
-    control over abnormal client request behavior, which may be
-    useful for avoiding some forms of denial-of-service attacks.
-    The value should be increased if normal clients see an error
-    response from the server that indicates too many fields were
-    sent in the request.</p>
-
-    <p>For example:</p>
-
-    <pre>LimitRequestFields 50</pre>
-
-    <hr />
-
-    <h2><a id="limitrequestfieldsize"
-    name="limitrequestfieldsize">LimitRequestFieldsize
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LimitRequestFieldsize
-    <em>bytes</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>LimitRequestFieldsize 8190</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    LimitRequestFieldsize is only available in Apache 1.3.2 and
-    later. 
-
-    <p>This directive specifies the number of <em>bytes</em> from 0
-    to the value of the compile-time constant
-    <code>DEFAULT_LIMIT_REQUEST_FIELDSIZE</code> (8190 as
-    distributed) that will be allowed in an HTTP request
-    header.</p>
-
-    <p>The LimitRequestFieldsize directive allows the server
-    administrator to reduce the limit on the allowed size of an
-    HTTP request header field below the normal input buffer size
-    compiled with the server. A server needs this value to be large
-    enough to hold any one header field from a normal client
-    request. The size of a normal request header field will vary
-    greatly among different client implementations, often depending
-    upon the extent to which a user has configured their browser to
-    support detailed content negotiation.</p>
-
-    <p>This directive gives the server administrator greater
-    control over abnormal client request behavior, which may be
-    useful for avoiding some forms of denial-of-service attacks.</p>
-
-    <p>For example:</p>
-
-    <pre>LimitRequestFieldSize 16380</pre>
-
-    <p>Under normal conditions, the value should not be changed from
-    the default.</p>
-    <hr />
-
-    <h2><a id="limitrequestline"
-    name="limitrequestline">LimitRequestLine directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LimitRequestLine
-    <em>bytes</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>LimitRequestLine
-    8190</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> LimitRequestLine
-    is only available in Apache 1.3.2 and later. 
-
-    <p>This directive sets the number of <em>bytes</em> from 0 to
-    the value of the compile-time constant
-    <code>DEFAULT_LIMIT_REQUEST_LINE</code> (8190 as distributed)
-    that will be allowed on the HTTP request-line.</p>
-
-    <p>The LimitRequestLine directive allows the server
-    administrator to reduce the limit on the allowed size of a
-    client's HTTP request-line below the normal input buffer size
-    compiled with the server. Since the request-line consists of
-    the HTTP method, URI, and protocol version, the
-    LimitRequestLine directive places a restriction on the length
-    of a request-URI allowed for a request on the server. A server
-    needs this value to be large enough to hold any of its resource
-    names, including any information that might be passed in the
-    query part of a GET request.</p>
-
-    <p>This directive gives the server administrator greater
-    control over abnormal client request behavior, which may be
-    useful for avoiding some forms of denial-of-service attacks.</p>
-
-    <p>For example:</p>
-
-    <pre>LimitRequestLine 16380</pre>
-
-    <p>Under normal conditions, the value should not be changed from
-    the default.</p>
-    <hr />
-
-    <h2><a id="listen" name="listen">Listen directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Listen
-    [<em>IP-address</em>:]<em>port</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Listen is only
-    available in Apache 1.1 and later. 
-
-    <p>The Listen directive instructs Apache to listen to more than
-    one IP address or port; by default it responds to requests on
-    all IP interfaces, but only on the port given by the <code><a
-    href="#port">Port</a></code> directive.</p>
-    <tt>Listen</tt> can be used instead of <tt><a
-    href="#bindaddress">BindAddress</a></tt> and <tt>Port</tt>. It
-    tells the server to accept incoming requests on the specified
-    port or address-and-port combination. If the first format is
-    used, with a port number only, the server listens to the given
-    port on all interfaces, instead of the port given by the
-    <tt>Port</tt> directive. If an IP address is given as well as a
-    port, the server will listen on the given port and interface. 
-
-    <p>Note that you may still require a <tt>Port</tt> directive so
-    that URLs that Apache generates that point to your server still
-    work.</p>
-
-    <p>Multiple Listen directives may be used to specify a number
-    of addresses and ports to listen to. The server will respond to
-    requests from any of the listed addresses and ports.</p>
-
-    <p>For example, to make the server accept connections on both
-    port 80 and port 8000, use:</p>
-<pre>
-   Listen 80
-   Listen 8000
-</pre>
-    To make the server accept connections on two specified
-    interfaces and port numbers, use 
-<pre>
-   Listen 192.170.2.1:80
-   Listen 192.170.2.5:8000
-</pre>
-
-    <p><strong>See Also:</strong> <a href="../dns-caveats.html">DNS
-    Issues</a><br />
-     <strong>See Also:</strong> <a href="../bind.html">Setting
-    which addresses and ports Apache uses</a><br />
-    <hr />
-
-    <h2><a id="listenbacklog" name="listenbacklog">ListenBacklog
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ListenBacklog
-    <em>backlog</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ListenBacklog
-    511</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ListenBacklog is
-    only available in Apache versions after 1.2.0. 
-
-    <p>The maximum length of the queue of pending connections.
-    Generally no tuning is needed or desired, however on some
-    systems it is desirable to increase this when under a TCP SYN
-    flood attack. See the backlog parameter to the
-    <code>listen(2)</code> system call.</p>
-
-    <p>This will often be limited to a smaller number by the
-    operating system. This varies from OS to OS. Also note that
-    many OSes do not use exactly what is specified as the backlog,
-    but use a number based on (but normally larger than) what is
-    set.</p>
-    <hr />
-
-    <h2><a id="location" name="location">&lt;Location&gt;
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;Location
-    <em>URL-path</em>|<em>URL</em>&gt; ... &lt;/Location&gt;<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Location is only
-    available in Apache 1.1 and later. 
-
-    <p>The &lt;Location&gt; directive provides for access control
-    by URL. It is similar to the <a
-    href="#directory">&lt;Directory&gt;</a> directive, and starts a
-    subsection which is terminated with a &lt;/Location&gt;
-    directive. <code>&lt;Location&gt;</code> sections are processed
-    in the order they appear in the configuration file, after the
-    &lt;Directory&gt; sections and <code>.htaccess</code> files are
-    read, and after the &lt;Files&gt; sections.</p>
-
-    <p>Note that URLs do not have to line up with the filesystem at
-    all, it should be emphasized that &lt;Location&gt; operates
-    completely outside the filesystem.</p>
-
-    <p>For all origin (non-proxy) requests, the URL to be matched
-    is of the form <code>/path/</code>, and you should not include
-    any <code>http://servername</code> prefix. For proxy requests,
-    the URL to be matched is of the form
-    <code>scheme://servername/path</code>, and you must include the
-    prefix.</p>
-
-    <p>The URL may use wildcards In a wild-card string, `?' matches
-    any single character, and `*' matches any sequences of
-    characters.</p>
-
-    <p><strong>Apache 1.2 and above:</strong> Extended regular
-    expressions can also be used, with the addition of the
-    <code>~</code> character. For example:</p>
-<pre>
-   &lt;Location ~ "/(extra|special)/data"&gt;
-</pre>
-
-    <p>would match URLs that contained the substring "/extra/data"
-    or "/special/data". In Apache 1.3 and above, a new directive <a
-    href="#locationmatch">&lt;LocationMatch&gt;</a> exists which
-    behaves identical to the regex version of
-    <code>&lt;Location&gt;</code>.</p>
-
-    <p>The <code>Location</code> functionality is especially useful
-    when combined with the <code><a
-    href="mod_mime.html#sethandler">SetHandler</a></code>
-    directive. For example, to enable status requests, but allow
-    them only from browsers at foo.com, you might use:</p>
-<pre>
-    &lt;Location /status&gt;
-    SetHandler server-status
-    Order Deny,Allow
-    Deny from all
-    Allow from .foo.com
-    &lt;/Location&gt;
-</pre>
-
-    <p><strong>Apache 1.3 and above note about / (slash)</strong>:
-    The slash character has special meaning depending on where in a
-    URL it appears. People may be used to its behavior in the
-    filesystem where multiple adjacent slashes are frequently
-    collapsed to a single slash (<em>i.e.</em>,
-    <code>/home///foo</code> is the same as
-    <code>/home/foo</code>). In URL-space this is not necessarily
-    true. The <code>&lt;LocationMatch&gt;</code> directive and the
-    regex version of <code>&lt;Location&gt;</code> require you to
-    explicitly specify multiple slashes if that is your intention.
-    For example, <code>&lt;LocationMatch ^/abc&gt;</code> would
-    match the request URL <code>/abc</code> but not the request URL
-    <code>//abc</code>. The (non-regex)
-    <code>&lt;Location&gt;</code> directive behaves similarly when
-    used for proxy requests. But when (non-regex)
-    <code>&lt;Location&gt;</code> is used for non-proxy requests it
-    will implicitly match multiple slashes with a single slash. For
-    example, if you specify <code>&lt;Location /abc/def&gt;</code>
-    and the request is to <code>/abc//def</code> then it will
-    match.</p>
-
-    <p><strong>See also</strong>: <a href="../sections.html">How
-    Directory, Location and Files sections work</a> for an
-    explanation of how these different sections are combined when a
-    request is received</p>
-    <hr />
-
-    <h2><a id="locationmatch"
-    name="locationmatch">&lt;LocationMatch&gt;</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;LocationMatch
-    <em>regex</em>&gt; ... &lt;/LocationMatch&gt;<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> LocationMatch is
-    only available in Apache 1.3 and later. 
-
-    <p>The &lt;LocationMatch&gt; directive provides for access
-    control by URL, in an identical manner to <a
-    href="#location">&lt;Location&gt;</a>. However, it takes a
-    regular expression as an argument instead of a simple string.
-    For example:</p>
-<pre>
-   &lt;LocationMatch "/(extra|special)/data"&gt;
-</pre>
-
-    <p>would match URLs that contained the substring "/extra/data"
-    or "/special/data".</p>
-    <strong>See also</strong>: <a href="../sections.html">How
-    Directory, Location and Files sections work</a> for an
-    explanation of how these different sections are combined when a
-    request is received 
-    <hr />
-
-    <h2><a id="lockfile" name="lockfile">LockFile
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LockFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>LockFile
-    logs/accept.lock</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The LockFile directive sets the path to the lockfile used
-    when Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT
-    or USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally
-    be left at its default value. The main reason for changing it
-    is if the <code>logs</code> directory is NFS mounted, since
-    <strong>the lockfile must be stored on a local disk</strong>.
-    The PID of the main server process is automatically appended to
-    the filename.</p>
-
-    <p><strong>SECURITY:</strong> It is best to avoid putting this
-    file in a world writable directory such as
-    <code>/var/tmp</code> because someone could create a denial of
-    service attack and prevent the server from starting by creating
-    a lockfile with the same name as the one the server will try to
-    create.</p>
-    <hr />
-
-    <h2><a id="loglevel" name="loglevel">LogLevel
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LogLevel
-    <em>level</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>LogLevel
-    warn</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> LogLevel is only
-    available in 1.3 or later. 
-
-    <p>LogLevel adjusts the verbosity of the messages recorded in
-    the error logs (see <a href="#errorlog">ErrorLog</a>
-    directive). The following <em>level</em>s are available, in
-    order of decreasing significance:</p>
-
-    <table>
-      <tr>
-        <th align="left"><strong>Level</strong> </th>
-
-        <th align="left"><strong>Description</strong> </th>
-        <th align="left"><strong>Example</strong> </th>
-      </tr>
-
-      <tr>
-        <td><code>emerg</code> </td>
-
-        <td>Emergencies - system is unusable.</td>
-        <td>"Child cannot open lock file. Exiting"</td>
-      </tr>
-
-      <tr>
-        <td><code>alert</code> </td>
-
-        <td>Action must be taken immediately.</td>
-        <td>"getpwuid: couldn't determine user name from uid"</td>
-      </tr>
-
-      <tr>
-        <td><code>crit</code> </td>
-
-        <td>Critical Conditions.</td>
-       <td>"socket: Failed to get a socket, exiting child"</td>
-      </tr>
-
-      <tr>
-        <td><code>error</code> </td>
-
-        <td>Error conditions.</td>
-        <td>"Premature end of script headers"</td>
-      </tr>
-
-      <tr>
-        <td><code>warn</code> </td>
-
-        <td>Warning conditions.</td>
-        <td>"child process 1234 did not exit, sending another
-        SIGHUP"</td>
-      </tr>
-
-      <tr>
-        <td><code>notice</code> </td>
-
-        <td>Normal but significant condition.</td>
-        <td>"httpd: caught SIGBUS, attempting to dump core in
-        ..."</td>
-      </tr>
-
-      <tr>
-        <td><code>info</code> </td>
-
-        <td>Informational.</td>
-        <td>"Server seems busy, (you may need to increase
-        StartServers, or Min/MaxSpareServers)..."</td>
-      </tr>
-
-      <tr>
-        <td><code>debug</code> </td>
-
-        <td>Debug-level messages</td>
-        <td>"Opening config file ..."</td>
-      </tr>
-    </table>
-
-    <p>When a particular level is specified, messages from all
-    other levels of higher significance will be reported as well.
-    <em>E.g.</em>, when <code>LogLevel info</code> is specified,
-    then messages with log levels of <code>notice</code> and
-    <code>warn</code> will also be posted.</p>
-
-    <p>Using a level of at least <code>crit</code> is
-    recommended.</p>
-
-    <p>For example:</p>
-
-    <pre>LogLevel notice</pre>
-
-    <p><strong>NOTE:</strong> When logging to a regular file messages
-    of the level <code>notice</code> cannot be suppressed and thus are
-    always logged. However, this doesn't apply when logging is done
-    using <code>syslog</code>.</p>
-
-    <hr />
-
-    <h2><a id="maxclients" name="maxclients">MaxClients
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MaxClients
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>MaxClients
-    256</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The MaxClients directive sets the limit on the number of
-    simultaneous requests that can be supported; not more than this
-    number of child server processes will be created. To configure
-    more than 256 clients, you must edit the HARD_SERVER_LIMIT
-    entry in httpd.h and recompile.</p>
-
-    <p>Any connection attempts over the MaxClients limit will
-    normally be queued, up to a number based on the <a
-    href="#listenbacklog">ListenBacklog</a> directive. Once a child
-    process is freed at the end of a different request, the
-    connection will then be serviced.</p>
-    <hr />
-
-    <h2><a id="maxkeepaliverequests"
-    name="maxkeepaliverequests">MaxKeepAliveRequests
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MaxKeepAliveRequests
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>MaxKeepAliveRequests 100</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Only available
-    in Apache 1.2 and later. 
-
-    <p>The MaxKeepAliveRequests directive limits the number of
-    requests allowed per connection when <a
-    href="#keepalive">KeepAlive</a> is on. If it is set to
-    "<code>0</code>", unlimited requests will be allowed. We
-    recommend that this setting be kept to a high value for maximum
-    server performance. In Apache 1.1, this is controlled through
-    an option to the KeepAlive directive.</p>
-
-    <p>For example</p>
-
-    <pre>MaxKeepAliveRequests 500</pre>
-
-    <hr />
-
-    <h2><a id="maxrequestsperchild"
-    name="maxrequestsperchild">MaxRequestsPerChild
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MaxRequestsPerChild
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>MaxRequestsPerChild 0</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The MaxRequestsPerChild directive sets the limit on the
-    number of requests that an individual child server process will
-    handle. After MaxRequestsPerChild requests, the child process
-    will die. If MaxRequestsPerChild is 0, then the process will
-    never expire.</p>
-
-    <p>Setting MaxRequestsPerChild to a non-zero limit has two
-    beneficial effects:</p>
-
-    <ul>
-      <li>it limits the amount of memory that process can consume
-      by (accidental) memory leakage;</li>
-
-      <li>by giving processes a finite lifetime, it helps reduce
-      the number of processes when the server load reduces.</li>
-    </ul>
-
-    <p>However, on Win32, It is recommended that this be set to 0.
-    If it is set to a non-zero value, when the request count is
-    reached, the child process exits, and is respawned, at which
-    time it re-reads the configuration files. This can lead to
-    unexpected behavior if you have modified a configuration file,
-    but are not expecting the changes to be applied yet. See also
-    <a href="#threadsperchild">ThreadsPerChild</a>.</p>
-
-    <p><strong>NOTE:</strong> For <em>KeepAlive</em> requests, only
-    the first request is counted towards this limit. In effect, it
-    changes the behavior to limit the number of
-    <em>connections</em> per child.</p>
-    <hr />
-
-    <h2><a id="maxfooperchild"
-    name="maxfooperchild">MaxFOOPerChild directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a><br>
-    MaxCPUPerChild <em>number</em><br />
-    MaxDATAPerChild <em>number</em><br />
-    MaxNOFILEPerChild <em>number</em><br />
-    MaxRSSPerChild <em>number</em><br />
-    MaxSTACKPerChild <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>0 (no set limit)</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The MaxFOOPerChild directives set the soft and hard resource
-    limits for a child process using setrlimit(2). Each MaxFOOPerChild
-    limit can be set independently of any other limit, or may be left
-    unspecified, thereby using the system default value. The kernel will
-    take appropriate action when a child process exceeds a resource limit
-    - see the manpages for setrlimit(2) and signal(3) for more information.
-    Setting resource limits can be very useful when running a busy server
-    with a script interpreter (say, a webmail machine) as these limits
-    can prevent swapping, deadlock or kernel panic due to memory or swap
-    exhaustion.</p>
-
-    <p>The name of the limit to be set is capitalized and spelled as
-    it is found in the setrlimit(2) manpage.</p>
-    <hr />
-
-    <h2><a id="maxspareservers"
-    name="maxspareservers">MaxSpareServers directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MaxSpareServers
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>MaxSpareServers
-    10</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The MaxSpareServers directive sets the desired maximum
-    number of <em>idle</em> child server processes. An idle process
-    is one which is not handling a request. If there are more than
-    MaxSpareServers idle, then the parent process will kill off the
-    excess processes.</p>
-
-    <p>Tuning of this parameter should only be necessary on very
-    busy sites. Setting this parameter to a large number is almost
-    always a bad idea.</p>
-
-    <p>Note that this is the maximum number of <em>spare</em> servers,
-    not the maximum total number of client requests that can be handled
-    at one time. If you wish to limit that number, see the <a
-    href="#maxclients">MaxClients</a> directive.</p>
-
-    <p>This directive has no effect when used with the Apache Web
-    server on a Microsoft Windows platform.</p>
-
-    <p>See also <a href="#minspareservers">MinSpareServers</a>,
-    <a href="#startservers">StartServers</a>, and <a
-    href="#maxclients">MaxClients</a>.</p>
-    <hr />
-
-    <h2><a id="minspareservers"
-    name="minspareservers">MinSpareServers directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MinSpareServers
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>MinSpareServers
-    5</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The MinSpareServers directive sets the desired minimum
-    number of <em>idle</em> child server processes. An idle process
-    is one which is not handling a request. If there are fewer than
-    MinSpareServers idle, then the parent process creates new
-    children at a maximum rate of 1 per second.</p>
-
-    <p>Tuning of this parameter should only be necessary on very
-    busy sites. Setting this parameter to a large number is almost
-    always a bad idea.</p>
-
-    <p>Note that setting this directive to some value <i>m</i> ensures
-    that you will always have at least <i>n + m</i> <code>httpd</code>
-    processes running when you have <i>n</i> active client requests.</p>
-
-    <p>This directive has no effect on Microsoft Windows.</p>
-
-    <p>See also <a href="#maxspareservers">MaxSpareServers</a>,
-    <a href="#startservers">StartServers</a>, and <a
-    href="#maxclients">MaxClients</a>.</p>
-    <hr />
-
-    <h2><a id="namevirtualhost"
-    name="namevirtualhost">NameVirtualHost directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> NameVirtualHost
-    <em>addr</em>[:<em>port</em>]<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> NameVirtualHost
-    is only available in Apache 1.3 and later 
-
-    <p>The NameVirtualHost directive is a required directive if you
-    want to configure <a href="../vhosts/">name-based virtual
-    hosts</a>.</p>
-
-    <p>Although <em>addr</em> can be hostname it is recommended
-    that you always use an IP address or wildcard,
-    <em>e.g.</em></p>
-
-    <blockquote>
-      <code>NameVirtualHost 111.22.33.44</code>
-    </blockquote>
-    With the NameVirtualHost directive you specify the IP address
-    on which the server will receive requests for the name-based
-    virtual hosts. This will usually be the address to which your
-    name-based virtual host names resolve. In cases where a
-    firewall or other proxy receives the requests and forwards them
-    on a different IP address to the server, you must specify the
-    IP address of the physical interface on the machine which will
-    be servicing the requests. If you have multiple name-based
-    hosts on multiple addresses, repeat the directive for each
-    address. 
-
-    <p>Note: the "main server" and any _default_ servers will
-    <strong>never</strong> be served for a request to a
-    NameVirtualHost IP Address (unless for some reason you specify
-    NameVirtualHost but then don't define any VirtualHosts for that
-    address).</p>
-
-    <p>Optionally you can specify a port number on which the
-    name-based virtual hosts should be used, <em>e.g.</em></p>
-
-    <blockquote>
-      <code>NameVirtualHost 111.22.33.44:8080</code>
-    </blockquote>
-    In OpenBSD Apache you can specify a <code>0.0.0.0</code>(IPv4)
-    or <code>::</code>(IPv6)
-    for the <em>addr</em>. This creates a wildcard NameVirtualHost
-    which will match connections to any address that isn't
-    configured with a more specific NameVirtualHost directive or <a
-    href="#virtualhost">&lt;VirtualHost&gt;</a> section. This is
-    useful if you want only name-based virtual hosts and you don't
-    want to hard-code the server's IP address into the
-    configuration file. 
-
-    <p><strong>See also:</strong> <a href="../vhosts/">Apache
-    Virtual Host documentation</a></p>
-    <hr />
-
-    <h2><a id="options" name="options">Options directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Options
-    [+|-]<em>option</em> [[+|-]<em>option</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Options<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The Options directive controls which server features are
-    available in a particular directory.</p>
-
-    <p><em>option</em> can be set to <code>None</code>, in which
-    case none of the extra features are enabled, or one or more of
-    the following:</p>
-
-    <dl>
-      <dt>All</dt>
-
-      <dd>All options except for MultiViews. This is the default
-      setting.</dd>
-
-      <dt>ExecCGI</dt>
-
-      <dd>
-      Execution of CGI scripts is permitted.</dd>
-
-      <dt>FollowSymLinks</dt>
-
-      <dd>
-
-      The server will follow symbolic links in this
-      directory.<br />
-       <strong>Note</strong>: even though the server follows the
-      symlink it does <em>not</em> change the pathname used to
-      match against <code>&lt;Directory&gt;</code> sections.<br />
-       <strong>Note</strong>: this option gets ignored if set
-      inside a &lt;Location&gt; section.</dd>
-
-      <dt>Includes</dt>
-
-      <dd>
-      Server-side includes are permitted.</dd>
-
-      <dt>IncludesNOEXEC</dt>
-
-      <dd>
-      
-      Server-side includes are permitted, but the #exec command and
-      #exec CGI are disabled. It is still possible to #include
-      virtual CGI scripts from ScriptAliase'd directories.</dd>
-
-      <dt>Indexes</dt>
-
-      <dd>
-      If a URL which maps to a directory is requested, and the
-      there is no DirectoryIndex (<em>e.g.</em>, index.html) in
-      that directory, then the server will return a formatted
-      listing of the directory.</dd>
-
-      <dt>MultiViews</dt>
-
-      <dd>
-      <a href="../content-negotiation.html">Content negotiated</a>
-      MultiViews are allowed.</dd>
-
-      <dt>SymLinksIfOwnerMatch</dt>
-
-      <dd>
-
-      The server will only follow symbolic links for which the
-      target file or directory is owned by the same user id as the
-      link.<br />
-       <strong>Note</strong>: this option gets ignored if set
-      inside a &lt;Location&gt; section.</dd>
-    </dl>
-    Normally, if multiple <code>Options</code> could apply to a
-    directory, then the most specific one is taken complete; the
-    options are not merged. However if <em>all</em> the options on
-    the <code>Options</code> directive are preceded by a + or -
-    symbol, the options are merged. Any options preceded by a + are
-    added to the options currently in force, and any options
-    preceded by a - are removed from the options currently in
-    force. 
-
-    <p>For example, without any + and - symbols:</p>
-
-    <blockquote>
-      <code>&lt;Directory /web/docs&gt;<br />
-       Options Indexes FollowSymLinks<br />
-       &lt;/Directory&gt;<br />
-       &lt;Directory /web/docs/spec&gt;<br />
-       Options Includes<br />
-       &lt;/Directory&gt;</code>
-    </blockquote>
-    then only <code>Includes</code> will be set for the
-    /web/docs/spec directory. However if the second
-    <code>Options</code> directive uses the + and - symbols: 
-
-    <blockquote>
-      <code>&lt;Directory /web/docs&gt;<br />
-       Options Indexes FollowSymLinks<br />
-       &lt;/Directory&gt;<br />
-       &lt;Directory /web/docs/spec&gt;<br />
-       Options +Includes -Indexes<br />
-       &lt;/Directory&gt;</code>
-    </blockquote>
-    then the options <code>FollowSymLinks</code> and
-    <code>Includes</code> are set for the /web/docs/spec directory.
-    
-
-    <p><strong>Note:</strong> Using <code>-IncludesNOEXEC</code> or
-    <code>-Includes</code> disables server-side includes completely
-    regardless of the previous setting.</p>
-
-    <p>The default in the absence of any other settings is
-    <code>All</code>.</p>
-    <hr />
-
-    <h2><a id="pidfile" name="pidfile">PidFile directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> PidFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>PidFile
-    logs/httpd.pid</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The PidFile directive sets the file to which the server
-    records the process id of the daemon. If the filename does not
-    begin with a slash (/) then it is assumed to be relative to the
-    <a href="#serverroot">ServerRoot</a>. The PidFile is only used
-    in <a href="#servertype">standalone</a> mode.</p>
-
-    <p>It is often useful to be able to send the server a signal,
-    so that it closes and then reopens its <a
-    href="#errorlog">ErrorLog</a> and TransferLog, and re-reads its
-    configuration files. This is done by sending a SIGHUP (kill -1)
-    signal to the process id listed in the PidFile.</p>
-
-    <p>The PidFile is subject to the same warnings about log file
-    placement and <a
-    href="../misc/security_tips.html#serverroot">security</a>.</p>
-    <hr />
-
-    <h2><a id="port" name="port">Port directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Port
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>Port
-    80</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p><em>Number</em> is a number from 0 to 65535; some port
-    numbers (especially below 1024) are reserved for particular
-    protocols. See <code>/etc/services</code> for a list of some
-    defined ports; the standard port for the http protocol is
-    80.</p>
-
-    <p>The Port directive has two behaviors, the first of which is
-    necessary for NCSA backwards compatibility (and which is
-    confusing in the context of Apache).</p>
-
-    <ul>
-      <li>In the absence of any <a href="#listen">Listen</a> or <a
-      href="#bindaddress">BindAddress</a> directives specifying a
-      port number, a Port directive given in the "main server"
-      (<em>i.e.</em>, outside any <a
-      href="#virtualhost">&lt;VirtualHost&gt;</a> section) sets the
-      network port on which the server listens. If there are any
-      Listen or BindAddress directives specifying
-      <code>:number</code> then Port has no effect on what address
-      the server listens at.</li>
-
-      <li>The Port directive sets the <code>SERVER_PORT</code>
-      environment variable (for <a href="mod_cgi.html">CGI</a> and
-      <a href="mod_include.html">SSI</a>), and is used when the
-      server must generate a URL that refers to itself (for example
-      when creating an external redirect to itself). This behavior
-      is modified by <a
-      href="#usecanonicalname">UseCanonicalName</a>.</li>
-    </ul>
-    The primary behavior of Port should be considered to be
-    similar to that of the <a href="#servername">ServerName</a>
-    directive. The ServerName and Port together specify what you
-    consider to be the <em>canonical</em> address of the server.
-    (See also <a href="#usecanonicalname">UseCanonicalName</a>.) 
-
-    <p>Port 80 is one of Unix's special ports. All ports numbered
-    below 1024 are reserved for system use, <em>i.e.</em>, regular
-    (non-root) users cannot make use of them; instead they can only
-    use higher port numbers. To use port 80, you must start the
-    server from the root account. After binding to the port and
-    before accepting requests, Apache will change to a low
-    privileged user as set by the <a href="#user">User
-    directive</a>.</p>
-
-    <p>If you cannot use port 80, choose any other unused port.
-    Non-root users will have to choose a port number higher than
-    1023, such as 8000.</p>
-
-    <p>SECURITY: if you do start the server as root, be sure not to
-    set <a href="#user">User</a> to root. If you run the server as
-    root whilst handling connections, your site may be open to a
-    major security attack.</p>
-    <hr />
-
-    <h2><a id="protocolreqcheck" name="protocolreqcheck">ProtocolReqCheck
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProtocolReqCheck
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ProtocolReqCheck
-    on</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config
-    <br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-    <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    ProtocolReqCheck is only available in Apache 1.3.27 and later.
-
-    <p>This directive enables strict checking of the Protocol field
-    in the Request line. Versions of Apache prior to 1.3.26 would
-    silently accept bogus Protocols (such as <code>HTTP-1.1</code>)
-    and assume <code>HTTP/1.0</code>. Instead, now the Protocol field
-    must be valid. If the pre-1.3.26 behavior is desired or required,
-    it can be enabled via setting <code>ProtocolReqCheck off</code>.
-    </p>
-
-    <hr />
-
-    <h2><a id="require" name="require">Require directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Require
-    <em>entity-name</em> [<em>entity-name</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>This directive selects which authenticated users can access
-    a resource. The allowed syntaxes are:</p>
-
-    <ul>
-      <li>
-        Require user <em>userid</em> [<em>userid</em>] ... 
-
-        <p>Only the named users can access the resource.</p>
-      </li>
-
-      <li>
-        Require group <em>group-name</em> [<em>group-name</em>] ...
-        
-
-        <p>Only users in the named groups can access the
-        resource.</p>
-      </li>
-
-      <li>
-        Require valid-user 
-
-        <p>All valid users can access the resource.</p>
-      </li>
-      <li>file-owner
-        <p>Only the user, whose name matches the system's name for 
-	the file owner, can access the resource.<br>
-	[Available after Apache 1.3.20]</p>
-      </li>
-      <li>file-group
-        <p>Only the members of the group, whose name matches the
-	system's name of the file owner group, can access the 
-	resource.<br>[Available after Apache 1.3.20]</p>
-      </li>
-    </ul>
-
-    <p>Require must be accompanied by <a
-    href="#authname">AuthName</a> and <a
-    href="#authtype">AuthType</a> directives, and directives such
-    as <a href="mod_auth.html#authuserfile">AuthUserFile</a> and <a
-    href="mod_auth.html#authgroupfile">AuthGroupFile</a> (to define
-    users and groups) in order to work correctly. Example:</p>
-
-    <blockquote>
-      <code>AuthType Basic<br />
-       AuthName "Restricted Directory"<br />
-       AuthUserFile /web/users<br />
-       AuthGroupFile /web/groups<br />
-       Require group admin<br />
-      </code>
-    </blockquote>
-    Access controls which are applied in this way are effective for
-    <strong>all</strong> methods. <strong>This is what is normally
-    desired.</strong> If you wish to apply access controls only to
-    specific methods, while leaving other methods unprotected, then
-    place the <code>Require</code> statement into a <a
-    href="#limit">&lt;Limit&gt;</a> section 
-
-    <p>See also <a href="#satisfy">Satisfy</a> and <a
-    href="mod_access.html">mod_access</a>.</p>
-    <hr />
-
-    <h2><a id="resourceconfig" name="resourceconfig">ResourceConfig
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ResourceConfig
-    <em>file-path</em>|<em>directory-path</em>|<em>wildcard-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ResourceConfig
-    conf/srm.conf</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> The ability to
-    specify a directory, rather than a file name, is only available in
-    Apache 1.3.13 and later.
-
-    <p>The server will read this file for more directives after
-    reading the httpd.conf file. <em>File-path</em> is relative to
-    the <a href="#serverroot">ServerRoot</a>. This feature can be
-    disabled using:</p>
-
-    <blockquote>
-      <code>ResourceConfig /dev/null</code>
-    </blockquote>
-    Or, on Win32 servers, 
-
-    <blockquote>
-      <code>ResourceConfig nul</code>
-    </blockquote>
-    <p>Historically, this file contained most directives except for
-    server configuration directives and <a
-    href="#directory">&lt;Directory&gt;</a> sections; in fact it
-    can now contain any server directive allowed in the <em>server
-    config</em> context. However, since Apache version 1.3.4, the
-    default <code>srm.conf</code> file which ships with Apache contains
-    only comments, and all directives are placed in the main server
-    configuration file, <code>httpd.conf</code>.</p>
-
-    <p>If <code>ResourceConfig</code> points to a directory, rather than
-    a file, Apache will read all files in that directory, and any
-    subdirectory, and parse those as configuration files. 
-    </p>
-    <p>Alternatively you can use a wildcard to limit the scope; i.e
-    to only *.conf files.
-    </p>
-    <p>Note that by default <em>any</em> file in the specified
-    directory will be loaded as a configuration file.
-    </p>
-    <p>So make sure that you don't have stray files in
-    this directory by mistake, such as temporary files created by your
-    editor, for example.</p>
-
-    <p>See also <a href="#accessconfig">AccessConfig</a>.</p>
-    <hr />
-
-    <h2><a id="rlimit" name="rlimit">RLimitCPU</a> <a
-    id="rlimitcpu" name="rlimitcpu">directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RLimitCPU
-    <em>number</em>|max [<em>number</em>|max] <br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>Unset; uses
-    operating system defaults</em> <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> RLimitCPU is
-    only available in Apache 1.2 and later 
-
-    <p>Takes 1 or 2 parameters. The first parameter sets the soft
-    resource limit for all processes and the second parameter sets
-    the maximum resource limit. Either parameter can be a number,
-    or <code>max</code> to indicate to the server that the limit
-    should be set to the maximum allowed by the operating system
-    configuration. Raising the maximum resource limit requires that
-    the server is running as root, or in the initial startup
-    phase.</p>
-
-    <p>This applies to processes forked off from Apache children
-    servicing requests, not the Apache children themselves. This
-    includes CGI scripts and SSI exec commands, but not any
-    processes forked off from the Apache parent such as piped
-    logs.</p>
-
-    <p>CPU resource limits are expressed in seconds per
-    process.</p>
-
-    <p>See also <a href="#rlimitmem">RLimitMEM</a> or <a
-    href="#rlimitnproc">RLimitNPROC</a>.</p>
-    <hr />
-
-    <h2><a id="rlimitmem" name="rlimitmem">RLimitMEM
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RLimitMEM
-    <em>number</em>|max [<em>number</em>|max]<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>Unset; uses
-    operating system defaults</em> <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> RLimitMEM is
-    only available in Apache 1.2 and later 
-
-    <p>Takes 1 or 2 parameters. The first parameter sets the soft
-    resource limit for all processes and the second parameter sets
-    the maximum resource limit. Either parameter can be a number,
-    or <code>max</code> to indicate to the server that the limit
-    should be set to the maximum allowed by the operating system
-    configuration. Raising the maximum resource limit requires that
-    the server is running as root, or in the initial startup
-    phase.</p>
-
-    <p>This applies to processes forked off from Apache children
-    servicing requests, not the Apache children themselves. This
-    includes CGI scripts and SSI exec commands, but not any
-    processes forked off from the Apache parent such as piped
-    logs.</p>
-
-    <p>Memory resource limits are expressed in bytes per
-    process.</p>
-
-    <p>See also <a href="#rlimitcpu">RLimitCPU</a> or <a
-    href="#rlimitnproc">RLimitNPROC</a>.</p>
-    <hr />
-
-    <h2><a id="rlimitnproc" name="rlimitnproc">RLimitNPROC
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RLimitNPROC
-    <em>number</em>|max [<em>number</em>|max]<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>Unset; uses
-    operating system defaults</em> <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> RLimitNPROC is
-    only available in Apache 1.2 and later 
-
-    <p>Takes 1 or 2 parameters. The first parameter sets the soft
-    resource limit for all processes and the second parameter sets
-    the maximum resource limit. Either parameter can be a number,
-    or <code>max</code> to indicate to the server that the limit
-    should be set to the maximum allowed by the operating system
-    configuration. Raising the maximum resource limit requires that
-    the server is running as root, or in the initial startup
-    phase.</p>
-
-    <p>This applies to processes forked off from Apache children
-    servicing requests, not the Apache children themselves. This
-    includes CGI scripts and SSI exec commands, but not any
-    processes forked off from the Apache parent such as piped
-    logs.</p>
-
-    <p>Process limits control the number of processes per user.</p>
-
-    <p>Note: If CGI processes are <strong>not</strong> running
-    under userids other than the web server userid, this directive
-    will limit the number of processes that the server itself can
-    create. Evidence of this situation will be indicated by
-    <strong><em>cannot fork</em></strong> messages in the
-    error_log.</p>
-
-    <p>See also <a href="#rlimitmem">RLimitMEM</a> or <a
-    href="#rlimitcpu">RLimitCPU</a>.</p>
-    <hr />
-
-    <h2><a id="rlimitnofile" name="rlimitnofile">RLimitNOFILE
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RLimitNOFILE
-    <em>number</em>|max [<em>number</em>|max]<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>Unset; uses
-    operating system defaults</em> <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> RLimitNOFILE is
-    only available in Apache 1.2 and later 
-
-    <p>Takes 1 or 2 parameters. The first parameter sets the soft
-    resource limit for all processes and the second parameter sets
-    the maximum resource limit. Either parameter can be a number,
-    or <code>max</code> to indicate to the server that the limit
-    should be set to the maximum allowed by the operating system
-    configuration. Raising the maximum resource limit requires that
-    the server is running as root, or in the initial startup
-    phase.</p>
-
-    <p>This applies to processes forked off from Apache children
-    servicing requests, not the Apache children themselves. This
-    includes CGI scripts and SSI exec commands, but not any
-    processes forked off from the Apache parent such as piped
-    logs.</p>
-
-    <p>Process limits control the number of open files per user.</p>
-
-    <p>Note: If CGI processes are <strong>not</strong> running
-    under userids other than the web server userid, this directive
-    will limit the number of files that the server itself can
-    open.</p>
-    <hr />
-
-    <h2><a id="satisfy" name="satisfy">Satisfy directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Satisfy any|all<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> Satisfy all<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Satisfy is only
-    available in Apache 1.2 and later 
-
-    <p>Access policy if both <code>Allow</code> and
-    <code>Require</code> used. The parameter can be either
-    <em>'all'</em> or <em>'any'</em>. This directive is only useful
-    if access to a particular area is being restricted by both
-    username/password <em>and</em> client host address. In this
-    case the default behavior ("all") is to require that the client
-    passes the address access restriction <em>and</em> enters a
-    valid username and password. With the "any" option the client
-    will be granted access if they either pass the host restriction
-    or enter a valid username and password. This can be used to
-    password restrict an area, but to let clients from particular
-    addresses in without prompting for a password.</p>
-
-    <p>See also <a href="#require">Require</a> and <a
-    href="mod_access.html#allow">Allow</a>.</p>
-    <hr />
-
-    <h2><a id="scoreboardfile" name="scoreboardfile">ScoreBoardFile
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ScoreBoardFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ScoreBoardFile
-    logs/apache_status</code> <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The ScoreBoardFile directive is required on some
-    architectures to place a file that the server will use to
-    communicate between its children and the parent. The easiest
-    way to find out if your architecture requires a scoreboard file
-    is to run Apache and see if it creates the file named by the
-    directive. If your architecture requires it then you must
-    ensure that this file is not used at the same time by more than
-    one invocation of Apache.</p>
-
-    <p>If you have to use a ScoreBoardFile then you may see
-    improved speed by placing it on a RAM disk. But be careful that
-    you heed the same warnings about log file placement and <a
-    href="../misc/security_tips.html">security</a>.</p>
-
-    <p>Apache 1.2 and above:</p>
-
-    <p>Linux 1.x users might be able to add <code>-DHAVE_SHMGET
-    -DUSE_SHMGET_SCOREBOARD</code> to the <code>EXTRA_CFLAGS</code>
-    in your <code>Configuration</code>. This might work with some
-    1.x installations, but won't work with all of them. (Prior to
-    1.3b4, <code>HAVE_SHMGET</code> would have sufficed.)</p>
-
-    <p>SVR4 users should consider adding <code>-DHAVE_SHMGET
-    -DUSE_SHMGET_SCOREBOARD</code> to the <code>EXTRA_CFLAGS</code>
-    in your <code>Configuration</code>. This is believed to work,
-    but we were unable to test it in time for 1.2 release. (Prior
-    to 1.3b4, <code>HAVE_SHMGET</code> would have sufficed.)</p>
-
-    <p><strong>See Also</strong>: <a
-    href="../stopping.html">Stopping and Restarting Apache</a></p>
-    <hr />
-
-    <h2><a id="scriptinterpretersource"
-    name="scriptinterpretersource">ScriptInterpreterSource
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ScriptInterpreterSource
-    registry|script<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>ScriptInterpreterSource script</code> <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core (Windows only) 
-
-    <p>This directive is used to control how Apache 1.3.5 and later
-    finds the interpreter used to run CGI scripts. The default
-    technique is to use the interpreter pointed to by the #! line
-    in the script. Setting ScriptInterpreterSource registry will
-    cause the Windows Registry to be searched using the script file
-    extension (e.g., .pl) as a search key.</p>
-    <hr />
-
-    <h2><a id="sendbuffersize" name="sendbuffersize">SendBufferSize
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> SendBufferSize
-    <em>bytes</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The server will set the TCP buffer size to the number of
-    bytes specified. Very useful to increase past standard OS
-    defaults on high speed high latency (<em>i.e.</em>, 100ms or
-    so, such as transcontinental fast pipes)</p>
-    <hr />
-
-    <h2><a id="serveradmin" name="serveradmin">ServerAdmin
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ServerAdmin
-    <em>email-address</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The ServerAdmin sets the e-mail address that the server
-    includes in any error messages it returns to the client.</p>
-
-    <p>It may be worth setting up a dedicated address for this,
-    <em>e.g.</em></p>
-
-    <blockquote>
-      <code>ServerAdmin www-admin@foo.bar.com</code>
-    </blockquote>
-    as users do not always mention that they are talking about the
-    server! 
-    <hr />
-
-    <h2><a id="serveralias" name="serveralias">ServerAlias
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ServerAlias
-    <em>hostname</em> [<em>hostname</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> virtual host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ServerAlias is
-    only available in Apache 1.1 and later. 
-
-    <p>The ServerAlias directive sets the alternate names for a
-    host, for use with <a
-    href="../vhosts/name-based.html">name-based virtual
-    hosts</a>.</p>
-
-    <p>Example:</p>
-
-    <pre>
-    &lt;VirtualHost *&gt;
-    ServerName server.domain.com
-    ServerAlias server server2.domain.com server2
-    ...
-    &lt;/VirtualHost&gt;
-    </pre>
-
-    <p><strong>See also:</strong> <a href="../vhosts/">Apache
-    Virtual Host documentation</a></p>
-    <hr />
-
-    <h2><a id="servername" name="servername">ServerName
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ServerName
-    <em>fully-qualified-domain-name</em> <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The ServerName directive sets the hostname of the server;
-    this is used when creating redirection URLs. If it is not
-    specified, then the server attempts to deduce it from its own
-    IP address; however this may not work reliably, or may not
-    return the preferred hostname. For example:</p>
-
-    <blockquote>
-      <code>ServerName www.example.com</code>
-    </blockquote>
-    would be used if the canonical (main) name of the actual
-    machine were <code>simple.example.com</code>. 
-
-    <p>If you are using <a
-    href="../vhosts/name-based.html">name-based virtual hosts</a>,
-    the <code>ServerName</code> inside a <a
-    href="#virtualhost"><code>&lt;VirtualHost&gt;</code></a>
-    section specifies what hostname must appear in the request's
-    <code>Host:</code> header to match this virtual host.</p>
-
-    <p><strong>See Also</strong>:<br />
-     <a href="../dns-caveats.html">DNS Issues</a><br />
-     <a href="../vhosts/">Apache virtual host
-    documentation</a><br />
-     <a href="#usecanonicalname">UseCanonicalName</a><br />
-     <a href="#namevirtualhost">NameVirtualHost</a><br />
-     <a href="#serveralias">ServerAlias</a><br />
-    </p>
-    <hr />
-
-    <h2><a id="serverpath" name="serverpath">ServerPath
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ServerPath
-    <em>directory-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> virtual host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ServerPath is
-    only available in Apache 1.1 and later. 
-
-    <p>The ServerPath directive sets the legacy URL pathname for a
-    host, for use with <a href="../vhosts/">name-based virtual
-    hosts</a>.</p>
-
-    <p><strong>See also:</strong> <a href="../vhosts/">Apache
-    Virtual Host documentation</a></p>
-    <hr />
-
-    <h2><a id="serverroot" name="serverroot">ServerRoot
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ServerRoot
-    <em>directory-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ServerRoot
-    /usr/local/apache</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The ServerRoot directive sets the directory in which the
-    server lives. Typically it will contain the subdirectories
-    <code>conf/</code> and <code>logs/</code>. Relative paths for
-    other configuration files are taken as relative to this
-    directory.</p>
-
-    <p>See also <a href="../invoking.html">the <code>-d</code>
-    option to httpd</a>.</p>
-
-    <p>See also <a href="../misc/security_tips.html#serverroot">the
-    security tips</a> for information on how to properly set
-    permissions on the ServerRoot.</p>
-    <hr />
-
-    <h2><a id="serversignature"
-    name="serversignature">ServerSignature directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ServerSignature
-    On|Off|EMail<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ServerSignature
-    Off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ServerSignature
-    is only available in Apache 1.3 and later. 
-
-    <p>The ServerSignature directive allows the configuration of a
-    trailing footer line under server-generated documents (error
-    messages, mod_proxy ftp directory listings, mod_info output,
-    ...). The reason why you would want to enable such a footer
-    line is that in a chain of proxies, the user often has no
-    possibility to tell which of the chained servers actually
-    produced a returned error message.<br />
-     The <samp>Off</samp> setting, which is the default, suppresses
-    the error line (and is therefore compatible with the behavior
-    of Apache-1.2 and below). The <samp>On</samp> setting simply
-    adds a line with the server version number and <a
-    href="#servername">ServerName</a> of the serving virtual host,
-    and the <samp>EMail</samp> setting additionally creates a
-    "mailto:" reference to the <a
-    href="#serveradmin">ServerAdmin</a> of the referenced
-    document.</p>
-    <hr />
-
-    <h2><a id="servertokens" name="servertokens">ServerTokens
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ServerTokens
-    Minimal|ProductOnly|OS|Full<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ServerTokens
-    ProductOnly</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config <br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ServerTokens is
-    only available in Apache 1.3 and later; the
-    <code>ProductOnly</code> keyword is only available in versions
-    later than 1.3.12 
-
-    <p>This directive controls whether <samp>Server</samp> response
-    header field which is sent back to clients includes a
-    description of the generic OS-type of the server as well as
-    information about compiled-in modules.</p>
-
-    <dl>
-      <dt><code>ServerTokens Prod[uctOnly]</code> (or not specified)</dt>
-
-      <dd>Server sends (<em>e.g.</em>): <samp>Server:
-      Apache</samp></dd>
-
-      <dt><code>ServerTokens Min[imal]</code></dt>
-
-      <dd>Server sends (<em>e.g.</em>): <samp>Server:
-      Apache/1.3.0</samp></dd>
-
-      <dt><code>ServerTokens OS</code></dt>
-
-      <dd>Server sends (<em>e.g.</em>): <samp>Server: Apache/1.3.0
-      (Unix)</samp></dd>
-
-      <dt><code>ServerTokens Full</code></dt>
-
-      <dd>Server sends (<em>e.g.</em>): <samp>Server: Apache/1.3.0
-      (Unix) PHP/3.0 MyMod/1.2</samp></dd>
-    </dl>
-
-    <p>This setting applies to the entire server, and cannot be
-    enabled or disabled on a virtualhost-by-virtualhost basis.</p>
-    <hr />
-
-    <h2><a id="servertype" name="servertype">ServerType
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ServerType
-    <em>type</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ServerType
-    standalone</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The ServerType directive sets how the server is executed by
-    the system. <em>Type</em> is one of</p>
-
-    <dl>
-      <dt>inetd</dt>
-
-      <dd>The server will be run from the system process inetd; the
-      command to start the server is added to
-      <code>/etc/inetd.conf</code></dd>
-
-      <dt>standalone</dt>
-
-      <dd>The server will run as a daemon process; the command to
-      start the server is added to the system startup scripts.
-      (<code>/etc/rc.local</code> or
-      <code>/etc/rc3.d/...</code>.)</dd>
-    </dl>
-    Inetd is the lesser used of the two options. For each http
-    connection received, a new copy of the server is started from
-    scratch; after the connection is complete, this program exits.
-    There is a high price to pay per connection, but for security
-    reasons, some admins prefer this option. <font
-    color="red">Inetd mode is no longer recommended and does not
-    always work properly. Avoid it if at all possible.</font> 
-
-    <p>Standalone is the most common setting for ServerType since
-    it is far more efficient. The server is started once, and
-    services all subsequent connections. If you intend running
-    Apache to serve a busy site, standalone will probably be your
-    only option.</p>
-    <hr />
-
-    <h2><a id="shmemuidisuser" name="shmemuidisuser">ShmemUIDisUser
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ShmemUIDisUser
-    <em>on|off</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ShmemUIDisUser
-    off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core<br />
-    <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    ShmemUIDisUser directive is only available in Apache 1.3.27 and later.
-
-    <p>The ShmemUIDisUser directive controls whether Apache will change
-    the <code>uid</code> and <code>gid</code> ownership of System V shared memory
-    based scoreboards to the server settings of <a href="#user">User</a> and
-    <a href="#group">Group</a>. Releases of Apache up to 1.3.26 would do
-    this by default. Since the child processes are already attached to the
-    shared memory segment, this is not required for normal usage of Apache and
-    so to prevent possible abuse, Apache will no longer do that. The old
-    behavior may be required for special cases, however, which can be implemented
-    by setting this directive to <code>on</code>.</p>
-
-    <p>This directive has no effect on non-System V based scoreboards, such as
-       <code>mmap</code>.
-    </p>
-    
-    <hr />
-
-    <h2><a id="startservers" name="startservers">StartServers
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> StartServers
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>StartServers
-    5</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The StartServers directive sets the number of child server
-    processes created on startup. As the number of processes is
-    dynamically controlled depending on the load, there is usually
-    little reason to adjust this parameter.</p>
-
-    <p>When running under Microsoft Windows, this directive has no
-    effect. There is always one child which handles all requests.
-    Within the child requests are handled by separate threads. The
-    <a href="#threadsperchild">ThreadsPerChild</a> directive
-    controls the maximum number of child threads handling requests,
-    which will have a similar effect to the setting of
-    <samp>StartServers</samp> on Unix.</p>
-
-    <p>See also <a href="#minspareservers">MinSpareServers</a> and
-    <a href="#maxspareservers">MaxSpareServers</a>.</p>
-    <hr />
-
-    <h2><a id="threadsperchild"
-    name="threadsperchild">ThreadsPerChild</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ThreadsPerChild
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ThreadsPerChild
-    50</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core (Windows,
-    NetWare)<br />
-     <strong>Compatibility:</strong> Available only with Apache 1.3
-    and later with Windows 
-
-    <p>This directive tells the server how many threads it should
-    use. This is the maximum number of connections the server can
-    handle at once; be sure and set this number high enough for
-    your site if you get a lot of hits.</p>
-
-    <p>This directive has no effect on Unix systems. Unix users
-    should look at <a href="#startservers">StartServers</a> and <a
-    href="#maxrequestsperchild">MaxRequestsPerChild</a>.</p>
-    <hr />
-
-    <h2><a id="threadstacksize"
-    name="threadstacksize">ThreadStackSize</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ThreadStackSize
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ThreadStackSize
-    65536</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core (NetWare)<br />
-     <strong>Compatibility:</strong> Available only with Apache 1.3
-    and later with NetWare 
-
-    <p>This directive tells the server what stack size to use for
-    each of the running threads. If you ever get a stack overflow
-    you will need to bump this number to a higher setting.</p>
-
-    <p>This directive has no effect on other systems.</p>
-    <hr />
-
-    <h2><a id="timeout" name="timeout">TimeOut directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> TimeOut
-    <em>number</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>TimeOut
-    300</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The TimeOut directive currently defines the amount of time
-    Apache will wait for three things:</p>
-
-    <ol>
-      <li>The total amount of time it takes to receive a GET
-      request.</li>
-
-      <li>The amount of time between receipt of TCP packets on a
-      POST or PUT request.</li>
-
-      <li>The amount of time between ACKs on transmissions of TCP
-      packets in responses.</li>
-    </ol>
-    We plan on making these separately configurable at some point
-    down the road. The timer used to default to 1200 before 1.2,
-    but has been lowered to 300 which is still far more than
-    necessary in most situations. It is not set any lower by
-    default because there may still be odd places in the code where
-    the timer is not reset when a packet is sent. 
-    <hr />
-
-    <h2><a id="usecanonicalname"
-    name="usecanonicalname">UseCanonicalName directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> UseCanonicalName
-    on|off|dns<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>UseCanonicalName
-    on</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Options<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> UseCanonicalName
-    is only available in Apache 1.3 and later 
-
-    <p>In many situations Apache has to construct a
-    <em>self-referential</em> URL. That is, a URL which refers back
-    to the same server. With <code>UseCanonicalName on</code> (and
-    in all versions prior to 1.3) Apache will use the <a
-    href="#servername">ServerName</a> and <a href="#port">Port</a>
-    directives to construct the canonical name for the server. This
-    name is used in all self-referential URLs, and for the values
-    of <code>SERVER_NAME</code> and <code>SERVER_PORT</code> in
-    CGIs.</p>
-
-    <p>For example, if <a href="#servername">ServerName</a> is set to
-    <code>www.example.com</code> and <a href="#port">Port</a> is set to
-    <code>9090</code>, then the <em>canonical name</em> of the server is
-    <code>www.example.com:9090</code>. In the event that
-    <code>Port</code> has its default value of <code>80</code>, the
-    <code>:80</code> is omitted from the <em>canonical name</em>.</p>
-
-    <p>With <code>UseCanonicalName off</code> Apache will form
-    self-referential URLs using the hostname and port supplied by
-    the client if any are supplied (otherwise it will use the
-    canonical name, as defined above). These values are the same
-    that are used to implement <a 
-    href="../vhosts/name-based.html">name based virtual hosts</a>,
-    and are available with the same clients. The CGI variables
-    <code>SERVER_NAME</code> and <code>SERVER_PORT</code> will be
-    constructed from the client supplied values as well.</p>
-
-    <p>An example where this may be useful is on an intranet server
-    where you have users connecting to the machine using short
-    names such as <code>www</code>. You'll notice that if the users
-    type a shortname, and a URL which is a directory, such as
-    <code>http://www/splat</code>, <em>without the trailing
-    slash</em> then Apache will redirect them to
-    <code>http://www.domain.com/splat/</code>. If you have
-    authentication enabled, this will cause the user to have to
-    authenticate twice (once for <code>www</code> and once again
-    for <code>www.domain.com</code> -- see <a 
-    href="../misc/FAQ.html#prompted-twice">the FAQ on this subject for
-    more information</a>). But if <code>UseCanonicalName</code>
-    is set off, then Apache will redirect to 
-    <code>http://www/splat/</code>.</p>
-
-    <p>There is a third option, <code>UseCanonicalName DNS</code>,
-    which is intended for use with mass IP-based virtual hosting to
-    support ancient clients that do not provide a
-    <code>Host:</code> header. With this option Apache does a
-    reverse DNS lookup on the server IP address that the client
-    connected to in order to work out self-referential URLs.</p>
-
-    <p><strong>Warning:</strong> if CGIs make assumptions about the
-    values of <code>SERVER_NAME</code> they may be broken by this
-    option. The client is essentially free to give whatever value
-    they want as a hostname. But if the CGI is only using
-    <code>SERVER_NAME</code> to construct self-referential URLs
-    then it should be just fine.</p>
-
-    <p><strong>See also:</strong> <a
-    href="#servername">ServerName</a>, <a href="#port">Port</a></p>
-    <hr />
-
-    <h2><a id="user" name="user">User directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> User
-    <em>unix-userid</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>User
-    #-1</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> core 
-
-    <p>The User directive sets the userid as which the server will
-    answer requests. In order to use this directive, the standalone
-    server must be run initially as root. <em>Unix-userid</em> is
-    one of:</p>
-
-    <dl>
-      <dt>A username</dt>
-
-      <dd>Refers to the given user by name.</dd>
-
-      <dt># followed by a user number.</dt>
-
-      <dd>Refers to a user by their number.</dd>
-    </dl>
-    The user should have no privileges which result in it being
-    able to access files which are not intended to be visible to
-    the outside world, and similarly, the user should not be able
-    to execute code which is not meant for httpd requests. It is
-    recommended that you set up a new user and group specifically
-    for running the server. Some admins use user
-    <code>nobody</code>, but this is not always possible or
-    desirable. For example mod_proxy's cache, when enabled, must be
-    accessible to this user (see the <a
-    href="mod_proxy.html#cacheroot"><code>CacheRoot</code>
-    directive</a>). 
-
-    <p>Notes: If you start the server as a non-root user, it will
-    fail to change to the lesser privileged user, and will instead
-    continue to run as that original user. If you do start the
-    server as root, then it is normal for the parent process to
-    remain running as root.</p>
-
-    <p>Special note: Use of this directive in &lt;VirtualHost&gt;
-    requires a properly configured <a href="../suexec.html">suEXEC
-    wrapper</a>. When used inside a &lt;VirtualHost&gt; in this
-    manner, only the user that CGIs are run as is affected. Non-CGI
-    requests are still processed with the user specified in the
-    main User directive.</p>
-
-    <p>SECURITY: Don't set User (or <a href="#group">Group</a>) to
-    <code>root</code> unless you know exactly what you are doing,
-    and what the dangers are.</p>
-    <hr />
-
-    <h2><a id="virtualhost" name="virtualhost">&lt;VirtualHost&gt;
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> &lt;VirtualHost
-    <em>addr</em>[:<em>port</em>] [<em>addr</em>[:<em>port</em>]]
-    ...&gt; ... &lt;/VirtualHost&gt; <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Core.<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Non-IP
-    address-based Virtual Hosting only available in Apache 1.1 and
-    later.<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Multiple address
-    support only available in Apache 1.2 and later. 
-
-    <p>&lt;VirtualHost&gt; and &lt;/VirtualHost&gt; are used to
-    enclose a group of directives which will apply only to a
-    particular virtual host. Any directive which is allowed in a
-    virtual host context may be used. When the server receives a
-    request for a document on a particular virtual host, it uses
-    the configuration directives enclosed in the
-    &lt;VirtualHost&gt; section. <em>Addr</em> can be</p>
-
-    <ul>
-      <li>The IP address of the virtual host</li>
-
-      <li>A fully qualified domain name for the IP address of the
-      virtual host.</li>
-    </ul>
-    Example: 
-
-    <blockquote>
-      <code>&lt;VirtualHost 10.1.2.3&gt;<br />
-       ServerAdmin webmaster@host.foo.com<br />
-       DocumentRoot /www/docs/host.foo.com<br />
-       ServerName host.foo.com<br />
-       ErrorLog logs/host.foo.com-error_log<br />
-       TransferLog logs/host.foo.com-access_log<br />
-       &lt;/VirtualHost&gt;</code>
-    </blockquote>
-    Each VirtualHost must correspond to a different IP address,
-    different port number or a different host name for the server,
-    in the former case the server machine must be configured to
-    accept IP packets for multiple addresses. (If the machine does
-    not have multiple network interfaces, then this can be
-    accomplished with the <code>ifconfig alias</code> command (if
-    your OS supports it).
-
-    <p>You can specify more than one IP address. This is useful if
-    a machine responds to the same name on two different
-    interfaces. For example, if you have a VirtualHost that is
-    available to hosts on an internal (intranet) as well as
-    external (internet) network. Example:</p>
-
-    <blockquote>
-      <code>&lt;VirtualHost 192.168.1.2 204.255.176.199&gt;<br />
-       DocumentRoot /www/docs/host.foo.com<br />
-       ServerName host.foo.com<br />
-       ServerAlias host<br />
-       &lt;/VirtualHost&gt;</code>
-    </blockquote>
-    The special name <code>_default_</code> can be specified in
-    which case this virtual host will match any IP address that is
-    not explicitly listed in another virtual host. In the absence
-    of any _default_ virtual host the "main" server config,
-    consisting of all those definitions outside any VirtualHost
-    section, is used when no match occurs. 
-
-    <p>You can specify a <code>:port</code> to change the port that
-    is matched. If unspecified then it defaults to the same port as
-    the most recent <code><a href="#port">Port</a></code> statement
-    of the main server. You may also specify <code>:*</code> to
-    match all ports on that address. (This is recommended when used
-    with <code>_default_</code>.)</p>
-
-    <p><strong>SECURITY</strong>: See the <a
-    href="../misc/security_tips.html">security tips</a> document
-    for details on why your security could be compromised if the
-    directory where logfiles are stored is writable by anyone other
-    than the user that starts the server.</p>
-
-    <p><strong>NOTE</strong>: The use of &lt;VirtualHost&gt; does
-    <strong>not</strong> affect what addresses Apache listens on.
-    You may need to ensure that Apache is listening on the correct
-    addresses using either <a href="#bindaddress">BindAddress</a>
-    or <a href="#listen">Listen</a>.</p>
-
-    <p><strong>See also:</strong> <a href="../vhosts/">Apache
-    Virtual Host documentation</a><br />
-     <strong>See also:</strong> <a
-    href="../dns-caveats.html">Warnings about DNS and
-    Apache</a><br />
-     <strong>See also:</strong> <a href="../bind.html">Setting
-    which addresses and ports Apache uses</a><br />
-     <strong>See also</strong>: <a href="../sections.html">How
-    Directory, Location and Files sections work</a> for an
-    explanation of how these different sections are combined when a
-    request is received</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/directive-dict.html b/usr.sbin/httpd/htdocs/manual/mod/directive-dict.html
deleted file mode 100644
index 28949b7b0d8..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/directive-dict.html
+++ /dev/null
@@ -1,318 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Definitions of terms used to describe Apache
-    directives</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Terms Used to Describe Apache
-    Directives</h1>
-
-    <p>Each Apache configuration directive is described using a
-    common format that looks like this:</p>
-
-    <dl>
-      <dd><a href="#Syntax" rel="Help"><strong>Syntax:</strong></a>
-      <em>directive-name</em> <em>some args</em><br />
-       <a href="#Default" rel="Help"><strong>Default:</strong></a>
-      <samp><em>directive-name default-value</em></samp><br />
-       <a href="#Context" rel="Help"><strong>Context:</strong></a>
-      <em>context-list</em><br />
-       <a href="#Override"
-      rel="Help"><strong>Override:</strong></a>
-      <em>override</em><br />
-       <a href="#Status" rel="Help"><strong>Status:</strong></a>
-      <em>status</em><br />
-       <a href="#Module" rel="Help"><strong>Module:</strong></a>
-      <em>module-name</em><br />
-       <a href="#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a>
-      <em>compatibility notes</em></dd>
-    </dl>
-
-    <p>Each of the directive's attributes, complete with possible
-    values where possible, are described in this document.</p>
-
-    <h2>Directive Terms</h2>
-
-    <ul>
-      <li><a href="#Syntax">Syntax</a></li>
-
-      <li><a href="#Default">Default</a></li>
-
-      <li><a href="#Context">Context</a></li>
-
-      <li><a href="#Override">Override</a></li>
-
-      <li><a href="#Status">Status</a></li>
-
-      <li><a href="#Module">Module</a></li>
-
-      <li><a href="#Compatibility">Compatibility</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="Syntax" name="Syntax">Syntax</a></h2>
-
-    <p>This indicates the format of the directive as it would
-    appear in a configuration file. This syntax is extremely
-    directive-specific, and is described in detail in the
-    directive's definition. Generally, the directive name is
-    followed by a series of one or more space-separated arguments.
-    If an argument contains a space, the argument must be enclosed
-    in double quotes. Optional arguments are enclosed in square
-    brackets. Where an argument can take on more than one possible
-    value, the possible values are separated by vertical bars "|".
-    Literal text is presented in the default font, while
-    argument-types for which substitution is necessary are
-    <em>emphasized</em>. Directives which can take a variable
-    number of arguments will end in "..." indicating that the last
-    argument is repeated.</p>
-
-    <p>Directives use a great number of different argument types. A
-    few common ones are defined below.</p>
-
-    <dl>
-      <dt><em>URL</em></dt>
-
-      <dd>A complete Uniform Resource Locator including a scheme,
-      hostname, and optional pathname as in
-      <code>http://www.example.com/path/to/file.html</code></dd>
-
-      <dt><em>URL-path</em></dt>
-
-      <dd>The part of a <em>url</em> which follows the scheme and
-      hostname as in <code>/path/to/file.html</code>. The
-      <em>url-path</em> represents a web-view of a resource, as
-      opposed to a file-system view.</dd>
-
-      <dt><em>file-path</em></dt>
-
-      <dd>The path to a file in the local file-system beginning
-      with the root directory as in
-      <code>/usr/local/apache/htdocs/path/to/file.html</code>.
-      Unless otherwise specified, a <em>file-path</em> which does
-      not begin with a slash will be treated as relative to the <a
-      href="core.html#serverroot">ServerRoot</a>.</dd>
-
-      <dt><em>directory-path</em></dt>
-
-      <dd>The path to a directory in the local file-system
-      beginning with the root directory as in
-      <code>/usr/local/apache/htdocs/path/to/</code>.</dd>
-
-      <dt><em>filename</em></dt>
-
-      <dd>The name of a file with no accompanying path information
-      as in <code>file.html</code>.</dd>
-
-      <dt><em>regex</em></dt>
-
-      <dd>A <a href="../misc/FAQ.html#regex">regular
-      expression</a>, which is a way of describing a pattern to
-      match in text. The directive definition will specify what the
-      <em>regex</em> is matching against.</dd>
-
-      <dt><em>extension</em></dt>
-
-      <dd>In general, this is the part of the <em>filename</em>
-      which follows the last dot. However, Apache recognizes
-      multiple filename extensions, so if a <em>filename</em>
-      contains more than one dot, each dot-separated part of the
-      filename following the first dot is an <em>extension</em>.
-      For example, the <em>filename</em> <code>file.html.en</code>
-      contains two extensions: <code>.html</code> and
-      <code>.en</code>. For Apache directives, you may specify
-      <em>extension</em>s with or without the leading dot. In
-      addition, <em>extension</em>s are not case sensitive.</dd>
-
-      <dt><em>MIME-type</em></dt>
-
-      <dd>A method of describing the format of a file which
-      consists of a major format type and a minor format type,
-      separated by a slash as in <code>text/html</code>.</dd>
-
-      <dt><em>env-variable</em></dt>
-
-      <dd>The name of an <a href="../env.html">environment
-      variable</a> defined in the Apache configuration process.
-      Note this is not necessarily the same as an operating system
-      environment variable. See the <a
-      href="../env.html">environment variable documentation</a> for
-      more details.</dd>
-    </dl>
-    <hr />
-
-    <h2><a id="Default" name="Default">Default</a></h2>
-
-    <p>If the directive has a default value (<em>i.e.</em>, if you
-    omit it from your configuration entirely, the Apache Web server
-    will behave as though you set it to a particular value), it is
-    described here. If there is no default value, this section
-    should say "<em>None</em>". Note that the default listed here
-    is not necessarily the same as the value the directive takes in
-    the default httpd.conf distributed with the server.</p>
-    <hr />
-
-    <h2><a id="Context" name="Context">Context</a></h2>
-
-    <p>This indicates where in the server's configuration files the
-    directive is legal. It's a comma-separated list of one or more
-    of the following values:</p>
-
-    <dl>
-      <dt><strong>server config</strong></dt>
-
-      <dd>This means that the directive may be used in the server
-      configuration files (<em>e.g.</em>, <samp>httpd.conf</samp>,
-      <samp>srm.conf</samp>, and <samp>access.conf</samp>), but
-      <strong>not</strong> within any
-      <samp>&lt;VirtualHost&gt;</samp> or &lt;Directory&gt;
-      containers. It is not allowed in <samp>.htaccess</samp> files
-      at all.</dd>
-
-      <dt><strong>virtual host</strong></dt>
-
-      <dd>This context means that the directive may appear inside
-      <samp>&lt;VirtualHost&gt;</samp> containers in the server
-      configuration files.</dd>
-
-      <dt><strong>directory</strong></dt>
-
-      <dd>A directive marked as being valid in this context may be
-      used inside <samp>&lt;Directory&gt;</samp>,
-      <samp>&lt;Location&gt;</samp>, and <samp>&lt;Files&gt;</samp>
-      containers in the server configuration files, subject to the
-      restrictions outlined in <a href="../sections.html">How
-      Directory, Location and Files sections work</a>.</dd>
-
-      <dt><strong>.htaccess</strong></dt>
-
-      <dd>If a directive is valid in this context, it means that it
-      can appear inside <em>per</em>-directory
-      <samp>.htaccess</samp> files. It may not be processed, though
-      depending upon the <a href="#Override"
-      rel="Help">overrides</a> currently active.</dd>
-    </dl>
-
-    <p>The directive is <em>only</em> allowed within the designated
-    context; if you try to use it elsewhere, you'll get a
-    configuration error that will either prevent the server from
-    handling requests in that context correctly, or will keep the
-    server from operating at all -- <em>i.e.</em>, the server won't
-    even start.</p>
-
-    <p>The valid locations for the directive are actually the
-    result of a Boolean OR of all of the listed contexts. In other
-    words, a directive that is marked as being valid in
-    "<samp>server config, .htaccess</samp>" can be used in the
-    <samp>httpd.conf</samp> file and in <samp>.htaccess</samp>
-    files, but not within any &lt;Directory&gt; or
-    &lt;VirtualHost&gt; containers.</p>
-    <hr />
-
-    <h2><a id="Override" name="Override">Override</a></h2>
-
-    <p>This directive attribute indicates which configuration
-    override must be active in order for the directive to be
-    processed when it appears in a <samp>.htaccess</samp> file. If
-    the directive's <a href="#Context" rel="Help">context</a>
-    doesn't permit it to appear in <samp>.htaccess</samp> files,
-    this attribute should say "<em>Not applicable</em>".</p>
-
-    <p>Overrides are activated by the <a
-    href="core.html#allowoverride"
-    rel="Help"><samp>AllowOverride</samp></a> directive, and apply
-    to a particular scope (such as a directory) and all
-    descendants, unless further modified by other
-    <samp>AllowOverride</samp> directives at lower levels. The
-    documentation for that directive also lists the possible
-    override names available.</p>
-    <hr />
-
-    <h2><a id="Status" name="Status">Status</a></h2>
-
-    <p>This indicates how tightly bound into the Apache Web server
-    the directive is; in other words, you may need to recompile the
-    server with an enhanced set of modules in order to gain access
-    to the directive and its functionality. Possible values for
-    this attribute are:</p>
-
-    <dl>
-      <dt><strong>Core</strong></dt>
-
-      <dd>If a directive is listed as having "Core" status, that
-      means it is part of the innermost portions of the Apache Web
-      server, and is always available.</dd>
-
-      <dt><strong>Base</strong></dt>
-
-      <dd>A directive labeled as having "Base" status is supported
-      by one of the standard Apache modules which is compiled into
-      the server by default, and is therefore normally available
-      unless you've taken steps to remove the module from your
-      configuration.</dd>
-
-      <dt><strong>Extension</strong></dt>
-
-      <dd>A directive with "Extension" status is provided by one of
-      the modules included with the Apache server kit, but the
-      module isn't normally compiled into the server. To enable the
-      directive and its functionality, you will need to change the
-      server build configuration files and re-compile Apache.</dd>
-
-      <dt><strong>Experimental</strong></dt>
-
-      <dd>"Experimental" status indicates that the directive is
-      available as part of the Apache kit, but you're on your own
-      if you try to use it. The directive is being documented for
-      completeness, and is not necessarily supported. The module
-      which provides the directive may or may not be compiled in by
-      default; check the top of the page which describes the
-      directive and its module to see if it remarks on the
-      availability.</dd>
-    </dl>
-    <hr />
-
-    <h2><a id="Module" name="Module">Module</a></h2>
-
-    <p>This quite simply lists the name of the source module which
-    defines the directive.</p>
-    <hr />
-
-    <h2><a id="Compatibility"
-    name="Compatibility">Compatibility</a></h2>
-
-    <p>If the directive wasn't part of the original Apache version
-    1 distribution, the version in which it was introduced should
-    be listed here. If the directive has the same name as one from
-    the NCSA HTTPd server, any inconsistencies in behavior between
-    the two should also be mentioned. Otherwise, this attribute
-    should say "<em>No compatibility issues.</em>"</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/directives.html b/usr.sbin/httpd/htdocs/manual/mod/directives.html
deleted file mode 100644
index 86bc0d46bd5..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/directives.html
+++ /dev/null
@@ -1,597 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache directives</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache Directives</h1>
-
-    <p>Each Apache directive available in the standard Apache
-    distribution is listed here. They are described using a
-    consistent format, and there is <a href="directive-dict.html"
-    rel="Glossary">a dictionary</a> of the terms used in their
-    descriptions available.</p>
-
-    <ul>
-      <li><a href="core.html#acceptfilter">AcceptFilter</a></li>
-
-      <li><a href="core.html#acceptmutex">AcceptMutex</a></li>
-
-      <li><a href="core.html#accessconfig">AccessConfig</a></li>
-
-      <li><a
-      href="core.html#accessfilename">AccessFileName</a></li>
-
-      <li><a href="mod_actions.html#action">Action</a></li>
-
-      <li><a href="mod_autoindex.html#addalt">AddAlt</a></li>
-
-      <li><a
-      href="mod_autoindex.html#addaltbyencoding">AddAltByEncoding</a></li>
-
-      <li><a
-      href="mod_autoindex.html#addaltbytype">AddAltByType</a></li>
-
-      <li><a href="mod_mime.html#addcharset">AddCharset</a></li>
-
-      <li><a
-      href="core.html#adddefaultcharset">AddDefaultCharset</a></li>
-
-      <li><a
-      href="mod_autoindex.html#adddescription">AddDescription</a></li>
-
-      <li><a href="mod_mime.html#addencoding">AddEncoding</a></li>
-
-      <li><a href="mod_mime.html#addhandler">AddHandler</a></li>
-
-      <li><a href="mod_autoindex.html#addicon">AddIcon</a></li>
-
-      <li><a
-      href="mod_autoindex.html#addiconbyencoding">AddIconByEncoding</a></li>
-
-      <li><a
-      href="mod_autoindex.html#addiconbytype">AddIconByType</a></li>
-
-      <li><a href="mod_mime.html#addlanguage">AddLanguage</a></li>
-
-      <li><a href="core.html#addmodule">AddModule</a></li>
-
-      <li><a
-      href="mod_info.html#addmoduleinfo">AddModuleInfo</a></li>
-
-      <li><a href="mod_mime.html#addtype">AddType</a></li>
-
-      <li><a href="mod_log_agent.html#agentlog">AgentLog</a></li>
-
-      <li><a href="mod_alias.html#alias">Alias</a></li>
-
-      <li><a href="mod_alias.html#aliasmatch">AliasMatch</a></li>
-
-      <li><a href="mod_access.html#allow">Allow</a></li>
-
-      <li><a
-      href="mod_proxy.html#allowconnect">AllowCONNECT</a></li>
-
-      <li><a href="core.html#allowoverride">AllowOverride</a></li>
-
-      <li><a href="mod_auth_anon.html#anonymous">Anonymous</a></li>
-
-      <li><a
-      href="mod_auth_anon.html#Authoritative">Anonymous_Authoritative</a></li>
-
-      <li><a
-      href="mod_auth_anon.html#LogEmail">Anonymous_LogEmail</a></li>
-
-      <li><a
-      href="mod_auth_anon.html#MustGiveEmail">Anonymous_MustGiveEmail</a></li>
-
-      <li><a
-      href="mod_auth_anon.html#NoUserID">Anonymous_NoUserID</a></li>
-
-      <li><a
-      href="mod_auth_anon.html#VerifyEmail">Anonymous_VerifyEmail</a></li>
-
-      <li><a
-      href="mod_auth.html#authauthoritative">AuthAuthoritative</a></li>
-
-      <li><a
-      href="mod_auth_db.html#authdbauthoritative">AuthDBAuthoritative</a></li>
-
-      <li><a
-      href="mod_auth_db.html#authdbgroupfile">AuthDBGroupFile</a></li>
-
-      <li><a
-      href="mod_auth_dbm.html#authdbmauthoritative">AuthDBMAuthoritative</a></li>
-
-      <li><a
-      href="mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></li>
-
-      <li><a
-      href="mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></li>
-
-      <li><a
-      href="mod_auth_db.html#authdbuserfile">AuthDBUserFile</a></li>
-
-      <li><a
-      href="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</a></li>
-
-      <li><a
-      href="mod_digest.html#authdigestfile">AuthDigestFile</a></li>
-
-      <li><a
-      href="mod_auth.html#authgroupfile">AuthGroupFile</a></li>
-
-      <li><a href="core.html#authname">AuthName</a></li>
-
-      <li><a href="core.html#authtype">AuthType</a></li>
-
-      <li><a
-      href="mod_auth.html#authuserfile">AuthUserFile</a></li>
-
-      <li><a href="core.html#bindaddress">BindAddress</a></li>
-
-      <li><a
-      href="mod_setenvif.html#browsermatch">BrowserMatch</a></li>
-
-      <li><a
-      href="mod_setenvif.html#browsermatchnocase">BrowserMatchNoCase</a></li>
-
-      <li><a href="core.html#bs2000account">BS2000Account</a></li>
-
-      <li><a
-      href="mod_proxy.html#cachedefaultexpire">CacheDefaultExpire</a></li>
-
-      <li><a
-      href="mod_proxy.html#cachedirlength">CacheDirLength</a></li>
-
-      <li><a
-      href="mod_proxy.html#cachedirlevels">CacheDirLevels</a></li>
-
-      <li><a
-      href="mod_proxy.html#cacheforcecompletion">CacheForceCompletion</a></li>
-
-      <li><a
-      href="mod_proxy.html#cachegcinterval">CacheGcInterval</a></li>
-
-      <li><a
-      href="mod_proxy.html#cachelastmodifiedfactor">CacheLastModifiedFactor</a></li>
-
-      <li><a
-      href="mod_proxy.html#cachemaxexpire">CacheMaxExpire</a></li>
-
-      <li><a
-      href="mod_negotiation.html#cachenegotiateddocs">CacheNegotiatedDocs</a></li>
-
-      <li><a href="mod_proxy.html#cacheroot">CacheRoot</a></li>
-
-      <li><a href="mod_proxy.html#cachesize">CacheSize</a></li>
-
-      <li><a href="core.html#cgicommandargs">CGICommandArgs</a></li>
-
-      <li><a
-      href="mod_speling.html#checkspelling">CheckSpelling</a></li>
-
-      <li><a
-      href="core.html#clearmodulelist">ClearModuleList</a></li>
-
-      <li><a href="core.html#contentdigest">ContentDigest</a></li>
-
-      <li><a
-      href="mod_usertrack.html#cookiedomain">CookieDomain</a></li>
-
-      <li><a
-      href="mod_log_config.html#cookielog">CookieLog</a></li>
-
-      <li><a
-      href="mod_usertrack.html#cookieexpires">CookieExpires</a></li>
-
-      <li><a
-      href="mod_usertrack.html#cookieformat">CookieFormat</a></li>
-
-      <li><a href="mod_log_config.html#cookielog">CookieLog</a>
-      (mod_log_config)</li>
-
-      <li><a
-      href="mod_usertrack.html#cookieprefix">CookiePrefix</a></li>
-
-      <li><a
-      href="mod_usertrack.html#cookiestyle">CookieStyle</a></li>
-
-      <li><a
-      href="mod_usertrack.html#cookietracking">CookieTracking</a></li>
-
-      <li><a
-      href="core.html#coredumpdirectory">CoreDumpDirectory</a></li>
-
-      <li><a
-      href="mod_log_config.html#customlog">CustomLog</a></li>
-
-      <li><a
-      href="mod_autoindex.html#defaulticon">DefaultIcon</a></li>
-
-      <li><a
-      href="mod_mime.html#defaultlanguage">DefaultLanguage</a></li>
-
-      <li><a href="core.html#defaulttype">DefaultType</a></li>
-
-      <li><a href="mod_access.html#deny">Deny</a></li>
-
-      <li><a href="core.html#directory">&lt;Directory&gt;</a></li>
-
-      <li><a
-      href="core.html#directorymatch">&lt;DirectoryMatch&gt;</a></li>
-
-      <li><a
-      href="mod_dir.html#directoryindex">DirectoryIndex</a></li>
-
-      <li><a href="core.html#documentroot">DocumentRoot</a></li>
-
-      <li><a href="core.html#ebcdicconvert">EBCDICConvert</a></li>
-
-      <li><a
-      href="core.html#ebcdicconvertbytype">EBCDICConvertByType</a></li>
-
-      <li><a href="core.html#ebcdickludge">EBCDICKludge</a></li>
-
-      <li><a href="core.html#errordocument">ErrorDocument</a></li>
-
-      <li><a href="mod_headers.html#errorheader">ErrorHeader</a></li>
-      
-      <li><a href="core.html#errorlog">ErrorLog</a></li>
-
-      <li><a
-      href="mod_expires.html#expiresactive">ExpiresActive</a></li>
-
-      <li><a
-      href="mod_expires.html#expiresbytype">ExpiresByType</a></li>
-
-      <li><a
-      href="mod_expires.html#expiresdefault">ExpiresDefault</a></li>
-
-      <li><a
-      href="mod_status.html#extendedstatus">ExtendedStatus</a></li>
-
-      <li><a
-      href="mod_autoindex.html#fancyindexing">FancyIndexing</a></li>
-
-      <li><a href="core.html#fileetag">FileETag</a></li>
-
-      <li><a href="core.html#files">&lt;Files&gt;</a></li>
-
-      <li><a
-      href="core.html#filesmatch">&lt;FilesMatch&gt;</a></li>
-
-      <li><a href="mod_mime.html#forcetype">ForceType</a></li>
-
-      <li><a href="core.html#group">Group</a></li>
-
-      <li><a href="mod_headers.html#header">Header</a></li>
-
-      <li><a
-      href="mod_autoindex.html#headername">HeaderName</a></li>
-
-      <li><a
-      href="core.html#hostnamelookups">HostnameLookups</a></li>
-
-      <li><a href="core.html#identitycheck">IdentityCheck</a></li>
-
-      <li><a href="core.html#ifdefine">&lt;IfDefine&gt;</a></li>
-
-      <li><a href="core.html#ifmodule">&lt;IfModule&gt;</a></li>
-
-      <li><a href="mod_imap.html#imapbase">ImapBase</a></li>
-
-      <li><a href="mod_imap.html#imapdefault">ImapDefault</a></li>
-
-      <li><a href="mod_imap.html#imapmenu">ImapMenu</a></li>
-
-      <li><a href="core.html#include">Include</a></li>
-
-      <li><a
-      href="mod_autoindex.html#indexignore">IndexIgnore</a></li>
-
-      <li><a
-      href="mod_autoindex.html#indexoptions">IndexOptions</a></li>
-
-      <li><a
-      href="mod_autoindex.html#indexorderdefault">IndexOrderDefault</a></li>
-
-      <li><a href="core.html#keepalive">KeepAlive</a></li>
-
-      <li><a
-      href="core.html#keepalivetimeout">KeepAliveTimeout</a></li>
-
-      <li><a
-      href="mod_negotiation.html#languagepriority">LanguagePriority</a></li>
-
-      <li><a href="core.html#limit">&lt;Limit&gt;</a></li>
-
-      <li><a
-      href="core.html#limitexcept">&lt;LimitExcept&gt;</a></li>
-
-      <li><a
-      href="core.html#limitinternalrecursion">LimitInternalRecursion</a></li>
-
-      <li><a
-      href="core.html#limitrequestbody">LimitRequestBody</a></li>
-
-      <li><a
-      href="core.html#limitrequestfields">LimitRequestFields</a></li>
-
-      <li><a
-      href="core.html#limitrequestfieldsize">LimitRequestFieldsize</a></li>
-
-      <li><a
-      href="core.html#limitrequestline">LimitRequestLine</a></li>
-
-      <li><a href="core.html#listen">Listen</a></li>
-
-      <li><a href="core.html#listenbacklog">ListenBacklog</a></li>
-
-      <li><a href="mod_so.html#loadfile">LoadFile</a></li>
-
-      <li><a href="mod_so.html#loadmodule">LoadModule</a></li>
-
-      <li><a href="core.html#location">&lt;Location&gt;</a></li>
-
-      <li><a
-      href="core.html#locationmatch">&lt;LocationMatch&gt;</a></li>
-
-      <li><a href="core.html#lockfile">LockFile</a></li>
-
-      <li><a
-      href="mod_log_config.html#logformat">LogFormat</a></li>
-
-      <li><a href="core.html#loglevel">LogLevel</a></li>
-
-      <li><a href="core.html#maxclients">MaxClients</a></li>
-
-      <li><a
-      href="core.html#maxkeepaliverequests">MaxKeepAliveRequests</a></li>
-
-      <li><a
-      href="core.html#maxrequestsperchild">MaxRequestsPerChild</a></li>
-
-      <li><a href="core.html#maxfooperchild">MaxCPUPerChild</a></li>
-      <li><a href="core.html#maxfooperchild">MaxDATAPerChild</a></li>
-      <li><a href="core.html#maxfooperchild">MaxNOFILEPerChild</a></li>
-      <li><a href="core.html#maxfooperchild">MaxRSSPerChild</a></li>
-      <li><a href="core.html#maxfooperchild">MaxSTACKPerChild</a></li>
-
-      <li><a
-      href="core.html#maxspareservers">MaxSpareServers</a></li>
-
-      <li><a href="mod_cern_meta.html#metadir">MetaDir</a></li>
-
-      <li><a href="mod_cern_meta.html#metafiles">MetaFiles</a></li>
-
-      <li><a
-      href="mod_cern_meta.html#metasuffix">MetaSuffix</a></li>
-
-      <li><a
-      href="mod_mime_magic.html#mimemagicfile">MimeMagicFile</a></li>
-
-      <li><a
-      href="core.html#minspareservers">MinSpareServers</a></li>
-
-      <li><a href="mod_mmap_static.html#mmapfile">MMapFile</a></li>
-
-      <li><a
-      href="core.html#namevirtualhost">NameVirtualHost</a></li>
-
-      <li><a href="mod_proxy.html#nocache">NoCache</a></li>
-
-      <li><a href="core.html#options">Options</a></li>
-
-      <li><a href="mod_access.html#order">Order</a></li>
-
-      <li><a href="mod_env.html#passenv">PassEnv</a></li>
-
-      <li><a href="core.html#pidfile">PidFile</a></li>
-
-      <li><a href="core.html#port">Port</a></li>
-
-      <li><a href="core.html#protocolreqcheck">ProtocolReqCheck</a></li>
-
-      <li><a href="mod_proxy.html#proxyblock">ProxyBlock</a></li>
-
-      <li><a href="mod_proxy.html#proxydomain">ProxyDomain</a></li>
-
-      <li><a href="mod_proxy.html#proxypass">ProxyPass</a></li>
-
-      <li><a
-      href="mod_proxy.html#proxypassreverse">ProxyPassReverse</a></li>
-
-      <li><a
-      href="mod_proxy.html#proxyreceivebuffersize">ProxyReceiveBufferSize</a></li>
-
-      <li><a href="mod_proxy.html#proxyremote">ProxyRemote</a></li>
-
-      <li><a
-      href="mod_proxy.html#proxyrequests">ProxyRequests</a></li>
-
-      <li><a href="mod_proxy.html#proxyvia">ProxyVia</a></li>
-
-      <li><a
-      href="mod_autoindex.html#readmename">ReadmeName</a></li>
-
-      <li><a href="mod_alias.html#redirect">Redirect</a></li>
-
-      <li><a
-      href="mod_alias.html#redirectmatch">RedirectMatch</a></li>
-
-      <li><a
-      href="mod_alias.html#redirectperm">RedirectPermanent</a></li>
-
-      <li><a
-      href="mod_alias.html#redirecttemp">RedirectTemp</a></li>
-
-      <li><a
-      href="mod_log_referer.html#refererignore">RefererIgnore</a></li>
-
-      <li><a
-      href="mod_log_referer.html#refererlog">RefererLog</a></li>
-
-      <li><a
-      href="mod_mime.html#removeencoding">RemoveEncoding</a></li>
-
-      <li><a
-      href="mod_mime.html#removehandler">RemoveHandler</a></li>
-
-      <li><a href="mod_mime.html#removetype">RemoveType</a></li>
-
-      <li><a href="core.html#require">Require</a></li>
-
-      <li><a
-      href="core.html#resourceconfig">ResourceConfig</a></li>
-
-      <li><a
-      href="mod_rewrite.html#RewriteBase">RewriteBase</a></li>
-
-      <li><a
-      href="mod_rewrite.html#RewriteCond">RewriteCond</a></li>
-
-      <li><a
-      href="mod_rewrite.html#RewriteEngine">RewriteEngine</a></li>
-
-      <li><a
-      href="mod_rewrite.html#RewriteLock">RewriteLock</a></li>
-
-      <li><a href="mod_rewrite.html#RewriteLog">RewriteLog</a></li>
-
-      <li><a
-      href="mod_rewrite.html#RewriteLogLevel">RewriteLogLevel</a></li>
-
-      <li><a href="mod_rewrite.html#RewriteMap">RewriteMap</a></li>
-
-      <li><a
-      href="mod_rewrite.html#RewriteOptions">RewriteOptions</a></li>
-
-      <li><a
-      href="mod_rewrite.html#RewriteRule">RewriteRule</a></li>
-
-      <li><a href="core.html#rlimitcpu">RLimitCPU</a></li>
-
-      <li><a href="core.html#rlimitmem">RLimitMEM</a></li>
-
-      <li><a href="core.html#rlimitnproc">RLimitNPROC</a></li>
-
-      <li><a href="core.html#satisfy">Satisfy</a></li>
-
-      <li><a
-      href="core.html#scoreboardfile">ScoreBoardFile</a></li>
-
-      <li><a href="mod_actions.html#script">Script</a></li>
-
-      <li><a href="mod_alias.html#scriptalias">ScriptAlias</a></li>
-
-      <li><a
-      href="mod_alias.html#scriptaliasmatch">ScriptAliasMatch</a></li>
-
-      <li><a
-      href="core.html#scriptinterpretersource">ScriptInterpreterSource</a></li>
-
-      <li><a href="mod_cgi.html#scriptlog">ScriptLog</a></li>
-
-      <li><a
-      href="mod_cgi.html#scriptlogbuffer">ScriptLogBuffer</a></li>
-
-      <li><a
-      href="mod_cgi.html#scriptloglength">ScriptLogLength</a></li>
-
-      <li><a
-      href="core.html#sendbuffersize">SendBufferSize</a></li>
-
-      <li><a href="core.html#serveradmin">ServerAdmin</a></li>
-
-      <li><a href="core.html#serveralias">ServerAlias</a></li>
-
-      <li><a href="core.html#servername">ServerName</a></li>
-
-      <li><a href="core.html#serverpath">ServerPath</a></li>
-
-      <li><a href="core.html#serverroot">ServerRoot</a></li>
-
-      <li><a
-      href="core.html#serversignature">ServerSignature</a></li>
-
-      <li><a href="core.html#servertokens">ServerTokens</a></li>
-
-      <li><a href="core.html#servertype">ServerType</a></li>
-
-      <li><a href="mod_env.html#setenv">SetEnv</a></li>
-
-      <li><a href="mod_setenvif.html#setenvif">SetEnvIf</a></li>
-
-      <li><a
-      href="mod_setenvif.html#setenvifnocase">SetEnvIfNoCase</a></li>
-
-      <li><a href="mod_mime.html#sethandler">SetHandler</a></li>
-
-      <li><a href="core.html#shmemuidisuser">ShmemUIDisUser</a></li>
-
-      <li><a href="core.html#startservers">StartServers</a></li>
-
-      <li><a
-      href="core.html#threadsperchild">ThreadsPerChild</a></li>
-
-      <li><a href="core.html#timeout">TimeOut</a></li>
-
-      <li><a
-      href="mod_log_config.html#transferlog">TransferLog</a></li>
-
-      <li><a href="mod_mime.html#typesconfig">TypesConfig</a></li>
-
-      <li><a href="mod_env.html#unsetenv">UnsetEnv</a></li>
-
-      <li><a
-      href="core.html#usecanonicalname">UseCanonicalName</a></li>
-
-      <li><a href="core.html#user">User</a></li>
-
-      <li><a href="mod_userdir.html#userdir">UserDir</a></li>
-
-      <li><a
-      href="core.html#virtualhost">&lt;VirtualHost&gt;</a></li>
-
-      <li><a
-      href="mod_vhost_alias.html#virtualdocumentroot">VirtualDocumentRoot</a></li>
-
-      <li><a
-      href="mod_vhost_alias.html#virtualdocumentrootip">VirtualDocumentRootIP</a></li>
-
-      <li><a
-      href="mod_vhost_alias.html#virtualscriptalias">VirtualScriptAlias</a></li>
-
-      <li><a
-      href="mod_vhost_alias.html#virtualscriptaliasip">VirtualScriptAliasIP</a></li>
-
-      <li><a href="mod_include.html#xbithack">XBitHack</a></li>
-    </ul>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html b/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html
deleted file mode 100644
index 9f4a49f3ac7..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html
+++ /dev/null
@@ -1,276 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache modules</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache modules</h1>
-
-    <p>Below is a list of all of the modules that come as part of
-    the Apache distribution. See also the list of modules <a
-    href="./">sorted alphabetically</a> and the complete
-    alphabetical list of <a href="directives.html">all Apache
-    directives</a>. For modules that are not part of the Apache
-    distribution, please see <a
-    href="http://modules.apache.org/">http://modules.apache.org</a>.</p>
-
-    <h2>Core</h2>
-
-    <dl>
-      <dt><a href="core.html">Core</a></dt>
-
-      <dd>Core Apache features</dd>
-    </dl>
-
-    <h2>Environment Creation</h2>
-
-    <dl>
-      <dt><a href="mod_env.html">mod_env</a></dt>
-
-      <dd>Passing of environments to CGI scripts</dd>
-
-      <dt><a href="mod_setenvif.html">mod_setenvif</a> Apache 1.3
-      and up</dt>
-
-      <dd>Set environment variables based on client
-      information</dd>
-
-      <dt><a href="mod_unique_id.html">mod_unique_id</a> Apache 1.3
-      and up</dt>
-
-      <dd>Generate unique request identifier for every request</dd>
-    </dl>
-
-    <h2>Content Type Decisions</h2>
-
-    <dl>
-      <dt><a href="mod_mime.html">mod_mime</a></dt>
-
-      <dd>Determining document types using file extensions</dd>
-
-      <dt><a href="mod_mime_magic.html">mod_mime_magic</a></dt>
-
-      <dd>Determining document types using "magic numbers"</dd>
-
-      <dt><a href="mod_negotiation.html">mod_negotiation</a></dt>
-
-      <dd>Content negotiation</dd>
-    </dl>
-
-    <h2>URL Mapping</h2>
-
-    <dl>
-      <dt><a href="mod_alias.html">mod_alias</a></dt>
-
-      <dd>Mapping different parts of the host filesystem in the
-      document tree, and URL redirection</dd>
-
-      <dt><a href="mod_rewrite.html">mod_rewrite</a> Apache 1.2 and
-      up</dt>
-
-      <dd>Powerful URI-to-filename mapping using regular
-      expressions</dd>
-
-      <dt><a href="mod_userdir.html">mod_userdir</a></dt>
-
-      <dd>User home directories</dd>
-
-      <dt><a href="mod_speling.html">mod_speling</a> Apache 1.3 and
-      up</dt>
-
-      <dd>Automatically correct minor typos in URLs</dd>
-
-      <dt><a href="mod_vhost_alias.html">mod_vhost_alias</a> Apache
-      1.3.7 and up</dt>
-
-      <dd>Support for dynamically configured mass virtual
-      hosting</dd>
-    </dl>
-
-    <h2>Directory Handling</h2>
-
-    <dl>
-      <dt><a href="mod_dir.html">mod_dir</a></dt>
-
-      <dd>Basic directory handling</dd>
-
-      <dt><a href="mod_autoindex.html">mod_autoindex</a></dt>
-
-      <dd>Automatic directory listings</dd>
-    </dl>
-
-    <h2>Access Control</h2>
-
-    <dl>
-      <dt><a href="mod_access.html">mod_access</a></dt>
-
-      <dd>Access control based on client hostname or IP
-      address</dd>
-
-      <dt><a href="mod_auth.html">mod_auth</a></dt>
-
-      <dd>User authentication using text files</dd>
-
-      <dt><a href="mod_auth_dbm.html">mod_auth_dbm</a></dt>
-
-      <dd>User authentication using DBM files</dd>
-
-      <dt><a href="mod_auth_db.html">mod_auth_db</a></dt>
-
-      <dd>User authentication using Berkeley DB files</dd>
-
-      <dt><a href="mod_auth_anon.html">mod_auth_anon</a> Apache 1.1
-      and up</dt>
-
-      <dd>Anonymous user access to authenticated areas</dd>
-
-      <dt><a href="mod_auth_digest.html">mod_auth_digest</a> Apache
-      1.3.8 and up</dt>
-
-      <dd>Experimental MD5 authentication</dd>
-
-      <dt><a href="mod_digest.html">mod_digest</a> Apache 1.1 and
-      up</dt>
-
-      <dd>MD5 authentication</dd>
-    </dl>
-
-    <h2>HTTP Response</h2>
-
-    <dl>
-      <dt><a href="mod_headers.html">mod_headers</a> Apache 1.2 and
-      up</dt>
-
-      <dd>Add arbitrary HTTP headers to resources</dd>
-
-      <dt><a href="mod_cern_meta.html">mod_cern_meta</a> Apache 1.1
-      and up</dt>
-
-      <dd>Support for HTTP header metafiles</dd>
-
-      <dt><a href="mod_expires.html">mod_expires</a> Apache 1.2 and
-      up</dt>
-
-      <dd>Apply Expires: headers to resources</dd>
-
-      <dt><a href="mod_asis.html">mod_asis</a></dt>
-
-      <dd>Sending files which contain their own HTTP headers</dd>
-    </dl>
-
-    <h2>Dynamic Content</h2>
-
-    <dl>
-      <dt><a href="mod_include.html">mod_include</a></dt>
-
-      <dd>Server-parsed documents</dd>
-
-      <dt><a href="mod_cgi.html">mod_cgi</a></dt>
-
-      <dd>Invoking CGI scripts</dd>
-
-      <dt><a href="mod_actions.html">mod_actions</a> Apache 1.1 and
-      up</dt>
-
-      <dd>Executing CGI scripts based on media type or request
-      method</dd>
-
-    </dl>
-
-    <h2>Internal Content Handlers</h2>
-
-    <dl>
-      <dt><a href="mod_status.html">mod_status</a> Apache 1.1 and
-      up</dt>
-
-      <dd>Server status display</dd>
-
-      <dt><a href="mod_info.html">mod_info</a> Apache 1.1 and
-      up</dt>
-
-      <dd>Server configuration information</dd>
-    </dl>
-
-    <h2>Logging</h2>
-
-    <dl>
-      <dt><a href="mod_log_config.html">mod_log_config</a></dt>
-
-      <dd>User-configurable logging replacement for
-      mod_log_common</dd>
-
-      <dt><a href="mod_log_agent.html">mod_log_agent</a></dt>
-
-      <dd>Logging of User Agents</dd>
-
-      <dt><a href="mod_log_referer.html">mod_log_referer</a></dt>
-
-      <dd>Logging of document references</dd>
-
-      <dt><a href="mod_usertrack.html">mod_usertrack</a> Apache 1.2
-      and up</dt>
-
-      <dd>User tracking using Cookies</dd>
-    </dl>
-
-    <h2>Miscellaneous</h2>
-
-    <dl>
-      <dt><a href="mod_imap.html">mod_imap</a> Apache 1.1 and
-      up</dt>
-
-      <dd>The imagemap file handler</dd>
-
-      <dt><a href="mod_proxy.html">mod_proxy</a> Apache 1.1 and
-      up</dt>
-
-      <dd>Caching proxy abilities</dd>
-
-      <dt><a href="mod_so.html">mod_so</a> Apache 1.3 and up</dt>
-
-      <dd>Support for loading modules (DLLs on Windows) at
-      runtime</dd>
-
-      <dt><a href="mod_mmap_static.html">mod_mmap_static</a> Apache
-      1.3 and up</dt>
-
-      <dd>Experimental file caching, mapping files into memory to
-      improve performace</dd>
-    </dl>
-
-    <h2>Obsolete</h2>
-
-    <dl>
-      <dt><a href="mod_log_common.html">mod_log_common</a> up to
-      Apache 1.1.1</dt>
-
-      <dd>Standard logging in the Common Logfile Format. Replaced
-      by the mod_log_config module in Apache 1.2 and up</dd>
-    </dl>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/index.html b/usr.sbin/httpd/htdocs/manual/mod/index.html
deleted file mode 100644
index 8d56c1c1cd3..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/index.html
+++ /dev/null
@@ -1,230 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache modules</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache modules</h1>
-
-    <p>Below is a list of all of the modules that come as part of
-    the Apache distribution. See also the list of modules <a
-    href="index-bytype.html">sorted by type</a> and the complete
-    alphabetical list of <a href="directives.html">all Apache
-    directives</a>. For Apache modules that are not part of the
-    Apache distribution, please see <a
-    href="http://modules.apache.org/">http://modules.apache.org</a></p>
-
-    <dl>
-      <dt><a href="core.html">Core</a></dt>
-
-      <dd>Core Apache features</dd>
-
-      <dt><a href="mod_access.html">mod_access</a></dt>
-
-      <dd>Access control based on client hostname or IP
-      address</dd>
-
-      <dt><a href="mod_actions.html">mod_actions</a> Apache 1.1 and
-      up</dt>
-
-      <dd>Executing CGI scripts based on media type or request
-      method</dd>
-
-      <dt><a href="mod_alias.html">mod_alias</a></dt>
-
-      <dd>Mapping different parts of the host filesystem in the
-      document tree, and URL redirection</dd>
-
-      <dt><a href="mod_asis.html">mod_asis</a></dt>
-
-      <dd>Sending files which contain their own HTTP headers</dd>
-
-      <dt><a href="mod_auth.html">mod_auth</a></dt>
-
-      <dd>User authentication using text files</dd>
-
-      <dt><a href="mod_auth_anon.html">mod_auth_anon</a> Apache 1.1
-      and up</dt>
-
-      <dd>Anonymous user access to authenticated areas</dd>
-
-      <dt><a href="mod_auth_db.html">mod_auth_db</a> Apache 1.1 and
-      up</dt>
-
-      <dd>User authentication using Berkeley DB files</dd>
-
-      <dt><a href="mod_auth_dbm.html">mod_auth_dbm</a></dt>
-
-      <dd>User authentication using DBM files</dd>
-
-      <dt><a href="mod_auth_digest.html">mod_auth_digest</a> Apache
-      1.3.8 and up</dt>
-
-      <dd>MD5 authentication</dd>
-
-      <dt><a href="mod_autoindex.html">mod_autoindex</a></dt>
-
-      <dd>Automatic directory listings</dd>
-
-      <dt><a href="mod_cern_meta.html">mod_cern_meta</a> Apache 1.1
-      and up</dt>
-
-      <dd>Support for HTTP header metafiles</dd>
-
-      <dt><a href="mod_cgi.html">mod_cgi</a></dt>
-
-      <dd>Invoking CGI scripts</dd>
-
-      <dt><a href="mod_digest.html">mod_digest</a> Apache 1.1 and
-      up</dt>
-
-      <dd>MD5 authentication (deprecated by mod_auth_digest)</dd>
-
-      <dt><a href="mod_dir.html">mod_dir</a></dt>
-
-      <dd>Basic directory handling</dd>
-
-      <dt><a href="mod_env.html">mod_env</a> Apache 1.1 and up</dt>
-
-      <dd>Passing of environments to CGI scripts</dd>
-
-      <dt><a href="mod_expires.html">mod_expires</a> Apache 1.2 and
-      up</dt>
-
-      <dd>Apply Expires: headers to resources</dd>
-
-      <dt><a href="mod_headers.html">mod_headers</a> Apache 1.2 and
-      up</dt>
-
-      <dd>Add arbitrary HTTP headers to resources</dd>
-
-      <dt><a href="mod_imap.html">mod_imap</a> Apache 1.1 and
-      up</dt>
-
-      <dd>The imagemap file handler</dd>
-
-      <dt><a href="mod_include.html">mod_include</a></dt>
-
-      <dd>Server-parsed documents</dd>
-
-      <dt><a href="mod_info.html">mod_info</a> Apache 1.1 and
-      up</dt>
-
-      <dd>Server configuration information</dd>
-
-      <dt><a href="mod_log_agent.html">mod_log_agent</a></dt>
-
-      <dd>Logging of User Agents</dd>
-
-      <dt><a href="mod_log_common.html">mod_log_common</a> up to
-      Apache 1.1.1</dt>
-
-      <dd>Standard logging in the Common Logfile Format. Replaced
-      by the mod_log_config module in Apache 1.2 and up</dd>
-
-      <dt><a href="mod_log_config.html">mod_log_config</a></dt>
-
-      <dd>User-configurable logging replacement for
-      mod_log_common</dd>
-
-      <dt><a href="mod_log_referer.html">mod_log_referer</a></dt>
-
-      <dd>Logging of document references</dd>
-
-      <dt><a href="mod_mime.html">mod_mime</a></dt>
-
-      <dd>Determining document types using file extensions</dd>
-
-      <dt><a href="mod_mime_magic.html">mod_mime_magic</a></dt>
-
-      <dd>Determining document types using "magic numbers"</dd>
-
-      <dt><a href="mod_mmap_static.html">mod_mmap_static</a> Apache
-      1.3 and up</dt>
-
-      <dd>Experimental file caching, mapping files into memory to
-      improve performance</dd>
-
-      <dt><a href="mod_negotiation.html">mod_negotiation</a></dt>
-
-      <dd>Content negotiation</dd>
-
-      <dt><a href="mod_proxy.html">mod_proxy</a> Apache 1.1 and
-      up</dt>
-
-      <dd>Caching proxy abilities</dd>
-
-      <dt><a href="mod_rewrite.html">mod_rewrite</a> Apache 1.2 and
-      up</dt>
-
-      <dd>Powerful URI-to-filename mapping using regular
-      expressions</dd>
-
-      <dt><a href="mod_setenvif.html">mod_setenvif</a> Apache 1.3
-      and up</dt>
-
-      <dd>Set environment variables based on client
-      information</dd>
-
-      <dt><a href="mod_so.html">mod_so</a> Apache 1.3 and up</dt>
-
-      <dd>Support for loading modules (.so's on Unix, .dll's on
-      Win32) at runtime</dd>
-
-      <dt><a href="mod_speling.html">mod_speling</a> Apache 1.3 and
-      up</dt>
-
-      <dd>Automatically correct minor typos in URLs</dd>
-
-      <dt><a href="mod_status.html">mod_status</a> Apache 1.1 and
-      up</dt>
-
-      <dd>Server status display</dd>
-
-      <dt><a href="mod_unique_id.html">mod_unique_id</a> Apache 1.3
-      and up</dt>
-
-      <dd>Generate unique request identifier for every request</dd>
-
-      <dt><a href="mod_userdir.html">mod_userdir</a></dt>
-
-      <dd>User home directories</dd>
-
-      <dt><a href="mod_usertrack.html">mod_usertrack</a> Apache 1.2
-      and up</dt>
-
-      <dd>User tracking using Cookies</dd>
-
-      <dt><a href="mod_vhost_alias.html">mod_vhost_alias</a> Apache
-      1.3.7 and up</dt>
-
-      <dd>Support for dynamically configured mass virtual
-      hosting</dd>
-    </dl>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html
deleted file mode 100644
index 9a5a4eddfac..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html
+++ /dev/null
@@ -1,354 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_access</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_access</h1>
-
-    <p>This module provides access control based on client
-    hostname, IP address, or other characteristics of the client
-    request.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_access.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    access_module</p>
-
-    <h2>Summary</h2>
-
-    <p>The directives provided by mod_access are used in <code><a
-    href="core.html#directory">&lt;Directory&gt;</a>, <a
-    href="core.html#files">&lt;Files&gt;</a>,</code> and <code><a
-    href="core.html#location">&lt;Location&gt;</a></code> sections
-    as well as <code><a
-    href="core.html#accessfilename">.htaccess</a></code> files to
-    control access to particular parts of the server. Access can be
-    controlled based on the client hostname, IP address, or other
-    characteristics of the client request, as captured in <a
-    href="../env.html">environment variables</a>. The
-    <code>Allow</code> and <code>Deny</code> directives are used to
-    specify which clients are or are not allowed access to the
-    server, while the <code>Order</code> directive sets the default
-    access state, and configures how the <code>Allow</code> and
-    <code>Deny</code> directives interact with each other.</p>
-
-    <p>Both host-based access restrictions and password-based
-    authentication may be implemented simultaneously. In that case,
-    the <a href="core.html#satisfy">Satisfy</a> directive is used
-    to determine how the two sets of restrictions interact.</p>
-
-    <p>In general, access restriction directives apply to all
-    access methods (<code>GET</code>, <code>PUT</code>,
-    <code>POST</code>, etc). This is the desired behavior in most
-    cases. However, it is possible to restrict some methods, while
-    leaving other methods unrestricted, by enclosing the directives
-    in a <a href="core.html#limit">&lt;Limit&gt;</a> section.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#allow">Allow</a></li>
-
-      <li><a href="#deny">Deny</a></li>
-
-      <li><a href="#order">Order</a></li>
-    </ul>
-
-    <p>See also <a href="core.html#satisfy">Satisfy</a> and <a
-    href="core.html#require">Require</a>.</p>
-    <hr />
-
-    <h2><a id="allow" name="allow">Allow</a> <a id="allowfromenv"
-    name="allowfromenv">directive</a></h2>
-
-    <p>
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Allow from
-    all|<em>host</em>|env=<em>env-variable</em>
-    [<em>host</em>|env=<em>env-variable</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Limit<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_access</p>
-
-    <p>The <code>Allow</code> directive affects which hosts can
-    access an area of the server. Access can be controlled by
-    hostname, IP Address, IP Address range, or by other
-    characteristics of the client request captured in environment
-    variables.</p>
-
-    <p>The first argument to this directive is always
-    <code>from</code>. The subsequent arguments can take three
-    different forms. If <code>Allow from all</code> is specified,
-    then all hosts are allowed access, subject to the configuration
-    of the <code>Deny</code> and <code>Order</code> directives as
-    discussed below. To allow only particular hosts or groups of
-    hosts to access the server, the <em>host</em> can be specified
-    in any of the following formats:</p>
-
-    <dl>
-      <dt>A (partial) domain-name</dt>
-
-      <dd>Example: <code>Allow from apache.org</code><br />
-       Hosts whose names match, or end in, this string are allowed
-      access. Only complete components are matched, so the above
-      example will match <code>foo.apache.org</code> but it will
-      not match <code>fooapache.org</code>. This configuration will
-      cause the server to perform a double reverse DNS lookup on the
-      client IP address, regardless of the setting of the <a
-      href="core.html#hostnamelookups">HostnameLookups</a>
-      directive.  It will do a reverse DNS lookup on the IP address to
-      find the associated hostname, and then do a forward lookup on
-      the hostname to assure that it matches the original IP address.
-      Only if the forward and reverse DNS are consistent and the
-      hostname matches will access be allowed.</dd>
-
-      <dt>A full IP address</dt>
-
-      <dd>Example: <code>Allow from 10.1.2.3</code><br />
-       An IP address of a host allowed access</dd>
-
-      <dt>A partial IP address</dt>
-
-      <dd>Example: <code>Allow from 10.1</code><br />
-       The first 1 to 3 bytes of an IP address, for subnet
-      restriction.</dd>
-
-      <dt>A network/netmask pair</dt>
-
-      <dd>Example: <code>Allow from
-      10.1.0.0/255.255.0.0</code><br />
-       A network a.b.c.d, and a netmask w.x.y.z. For more
-      fine-grained subnet restriction. (Apache 1.3 and later)</dd>
-
-      <dt>A network/nnn CIDR specification</dt>
-
-      <dd>Example: <code>Allow from 10.1.0.0/16</code><br />
-       Similar to the previous case, except the netmask consists of
-      nnn high-order 1 bits. (Apache 1.3 and later)</dd>
-    </dl>
-
-    <p>Note that the last three examples above match exactly the
-    same set of hosts.</p>
-
-    <p>The third format of the arguments to the <code>Allow</code>
-    directive allows access to the server to be controlled based on
-    the existence of an <a href="../env.html">environment
-    variable</a>. When <code>Allow from
-    env=</code><em>env-variable</em> is specified, then the request
-    is allowed access if the environment variable
-    <em>env-variable</em> exists. The server provides the ability
-    to set environment variables in a flexible way based on
-    characteristics of the client request using the directives
-    provided by <a href="mod_setenvif.html">mod_setenvif</a>.
-    Therefore, this directive can be used to allow access based on
-    such factors as the clients <code>User-Agent</code> (browser
-    type), <code>Referer</code>, or other HTTP request header
-    fields.</p>
-
-    <p>Example:</p>
-
-    <blockquote>
-<pre>
-SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
-&lt;Directory /docroot&gt;
-    Order Deny,Allow
-    Deny from all
-    Allow from env=let_me_in
-&lt;/Directory&gt;
-</pre>
-    </blockquote>
-
-    <p>In this case, browsers with a user-agent string beginning
-    with <tt>KnockKnock/2.0</tt> will be allowed access, and all
-    others will be denied.</p>
-
-    <p>See also <a href="#deny">Deny</a>, <a
-    href="#order">Order</a> and <a
-    href="mod_setenvif.html#setenvif">SetEnvIf</a>.</p>
-    <hr />
-
-    <h2><a id="deny" name="deny">Deny</a> <a id="denyfromenv"
-    name="denyfromenv">directive</a></h2>
-
-    <p>
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Deny from
-    all|<em>host</em>|env=<em>env-variable</em>
-    [<em>host</em>|env=<em>env-variable</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Limit<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_access</p>
-
-    <p>This directive allows access to the server to be restricted
-    based on hostname, IP address, or environment variables. The
-    arguments for the <code>Deny</code> directive are identical to
-    the arguments for the <a href="#allow">Allow</a> directive.</p>
-
-    <p>See also <a href="#allow">Allow</a>, <a
-    href="#order">Order</a> and <a
-    href="mod_setenvif.html#setenvif">SetEnvIf</a>.</p>
-    <hr />
-
-    <h2><a id="order" name="order">Order directive</a></h2>
-
-    <p>
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Order
-    <em>ordering</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>Order
-    Deny,Allow</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Limit<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_access</p>
-
-    <p>The <code>Order</code> directive controls the default access
-    state and the order in which <a href="#allow">Allow</a> and <a
-    href="#deny">Deny</a> directives are evaluated.
-    <em>Ordering</em> is one of</p>
-
-    <dl>
-      <dt>Deny,Allow</dt>
-
-      <dd>The <code>Deny</code> directives are evaluated before the
-      <code>Allow</code> directives. Access is allowed by default.
-      Any client which does not match a <code>Deny</code> directive
-      or does match an <code>Allow</code> directive will be allowed
-      access to the server.</dd>
-
-      <dt>Allow,Deny</dt>
-
-      <dd>The <code>Allow</code> directives are evaluated before
-      the <code>Deny</code> directives. Access is denied by
-      default. Any client which does not match an
-      <code>Allow</code> directive or does match a
-      <code>Deny</code> directive will be denied access to the
-      server.</dd>
-
-      <dt>Mutual-failure</dt>
-
-      <dd>Only those hosts which appear on the <code>Allow</code>
-      list and do not appear on the <code>Deny</code> list are
-      granted access. This ordering has the same effect as
-      <code>Order Allow,Deny</code> and is deprecated in favor of
-      that configuration.</dd>
-    </dl>
-
-    <p>Keywords may only be separated by a comma; no whitespace is
-    allowed between them. Note that in all cases every
-    <code>Allow</code> and <code>Deny</code> statement is
-    evaluated.</p>
-
-    <p>In the following example, all hosts in the apache.org domain
-    are allowed access; all other hosts are denied access.</p>
-
-    <blockquote>
-      <code>Order Deny,Allow<br />
-       Deny from all<br />
-       Allow from apache.org<br />
-      </code>
-    </blockquote>
-
-    <p>In the next example, all hosts in the apache.org domain are
-    allowed access, except for the hosts which are in the
-    foo.apache.org subdomain, who are denied access. All hosts not
-    in the apache.org domain are denied access because the default
-    state is to deny access to the server.</p>
-
-    <blockquote>
-      <code>Order Allow,Deny<br />
-       Allow from apache.org<br />
-       Deny from foo.apache.org<br />
-      </code>
-    </blockquote>
-
-    <p>On the other hand, if the <code>Order</code> in the last
-    example is changed to <code>Deny,Allow</code>, all hosts will
-    be allowed access. This happens because, regardless of the
-    actual ordering of the directives in the configuration file,
-    the <code>Allow from apache.org</code> will be evaluated last
-    and will override the <code>Deny from foo.apache.org</code>.
-    All hosts not in the <code>apache.org</code> domain will also
-    be allowed access because the default state will change to
-    <em>allow</em>.</p>
-
-    <p>The presence of an <code>Order</code> directive can affect
-    access to a part of the server even in the absence of
-    accompanying <code>Allow</code> and <code>Deny</code>
-    directives because of its effect on the default access state.
-    For example,</p>
-
-    <blockquote>
-      <code>&lt;Directory /www&gt;<br />
-       &nbsp;&nbsp;Order Allow,Deny<br />
-       &lt;/Directory&gt;</code>
-    </blockquote>
-
-    <p>will deny all access to the <code>/www</code> directory
-    because the default access state will be set to
-    <em>deny</em>.</p>
-
-    <p>The <code>Order</code> directive controls the order of
-    access directive processing only within each phase of the
-    server's configuration processing. This implies, for example,
-    that an <code>Allow</code> or <code>Deny</code> directive
-    occurring in a &lt;Location&gt; section will always be
-    evaluated after an <code>Allow</code> or <code>Deny</code>
-    directive occurring in a &lt;Directory&gt; section or
-    <code>.htaccess</code> file, regardless of the setting of the
-    <code>Order</code> directive. For details on the merging of
-    configuration sections, see the documentation on <a
-    href="../sections.html">How Directory, Location and Files
-    sections work</a>.</p>
-
-    <p>See also: <a href="#deny">Deny</a> and <a
-    href="#allow">Allow</a>.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html b/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html
deleted file mode 100644
index e813007011f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html
+++ /dev/null
@@ -1,167 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Module mod_actions</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_actions</h1>
-
-    <p>This module provides for executing CGI scripts based on
-    media type or request method.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_actions.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    action_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module has two directives. The Action directive lets
-    you run CGI scripts whenever a file of a certain type is
-    requested. The Script directive lets you run CGI scripts
-    whenever a particular method is used in a request. This makes
-    it much easier to execute scripts that process files.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#action">Action</a></li>
-
-      <li><a href="#script">Script</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="action" name="action">Action directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Action <em>action-type
-    cgi-script</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_actions<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Action is only
-    available in Apache 1.1 and later</p>
-
-    <p>This directive adds an action, which will activate
-    <em>cgi-script</em> when <em>action-type</em> is triggered by the
-    request.  The <i>cgi-script</i> is the URL-path to a resource that
-    has been configured as a CGI script using <code>ScriptAlias</code>
-    or <code>AddHandler</code>. The <em>action-type</em> can be either
-    a <a href="../handler.html">handler</a> or a MIME content type. It
-    sends the URL and file path of the requested document using the
-    standard CGI PATH_INFO and PATH_TRANSLATED environment
-    variables.</p>
-
-    <p>Examples:</p>
-    <pre>
-    # Requests for files of a particular type:
-    Action image/gif /cgi-bin/images.cgi
-
-    # Files of a particular file extension
-    AddHandler my-file-type .xyz
-    Action my-file-type /cgi-bin/program.cgi
-    </pre>
-
-    <p>In the first example, requests for files with a MIME content
-    type of <code>image/gif</code> will instead be handled by the
-    specified cgi script <code>/cgi-bin/images.cgi</code>.</p>
-
-    <p>In the second example, requests for files with a file extension of
-    <code>.xyz</code> are handled instead by the specified cgi script 
-    <code>/cgi-bin/program.cgi</code>.</p>
-
-    <p><strong>See also</strong>: <a 
-        href="mod_mime.html#addhandler">AddHandler</a></p>
-
-    <hr />
-
-    <h2><a id="script" name="script">Script directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Script <em>method
-    cgi-script</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_actions<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Script is only
-    available in Apache 1.1 and later; arbitrary method use is only
-    available with 1.3.10 and later</p>
-
-    <p>This directive adds an action, which will activate
-    <i>cgi-script</i> when a file is requested using the method of
-    <i>method</i>. The <i>cgi-script</i> is the URL-path to a resource
-    that has been configured as a CGI script using
-    <code>ScriptAlias</code> or <code>AddHandler</code>.  The URL and
-    file path of the requested document is sent using the standard CGI
-    PATH_INFO and PATH_TRANSLATED environment variables.</p>
-
-    <blockquote>
-      Prior to Apache 1.3.10, <i>method</i> can only be one of
-      <code>GET</code>, <code>POST</code>, <code>PUT</code>, or
-      <code>DELETE</code>. As of 1.3.10, any arbitrary method name
-      may be used. <b>Method names are case-sensitive</b>, so
-      <code>Script&nbsp;PUT</code> and <code>Script&nbsp;put</code>
-      have two entirely different effects.
-    </blockquote>
-
-    <p>Note that the Script command defines default actions only.
-    If a CGI script is called, or some other resource that is
-    capable of handling the requested method internally, it will do
-    so. Also note that Script with a method of <code>GET</code>
-    will only be called if there are query arguments present
-    (<em>e.g.</em>, foo.html?hi). Otherwise, the request will
-    proceed normally.</p>
-
-    <p>Examples:</p>
-<pre>
-    # For &lt;ISINDEX&gt;-style searching
-    Script GET /cgi-bin/search
-    # A CGI PUT handler
-    Script PUT /~bob/put.cgi
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html b/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html
deleted file mode 100644
index 93ea7d84f78..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html
+++ /dev/null
@@ -1,399 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_alias</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_alias</h1>
-
-    <p>This module provides for mapping different parts of the host
-    filesystem in the document tree, and for URL redirection.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_alias.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    alias_module</p>
-
-    <h2>Summary</h2>
-
-    <p>The directives contained in this module allow for
-    manipulation and control of URLs as requests arrive at the
-    server. The <code>Alias</code> and <code>ScriptAlias</code>
-    directives are used to map between URLs and filesystem paths.
-    This allows for content which is not directly under the <a
-    href="core.html#documentroot"><code>DocumentRoot</code></a> to
-    be served as part of the web document tree. The
-    <code>ScriptAlias</code> directive has the additional effect of
-    marking the target directory as containing only CGI
-    scripts.</p>
-
-    <p>The <code>Redirect</code> directives are used to instruct
-    clients to make a new request with a different URL. They are
-    often used when a resource has moved to a new location.</p>
-
-    <p>A more powerful and flexible set of directives for
-    manipulating URLs is contained in the <a
-    href="mod_rewrite.html"><code>mod_rewrite</code></a>
-    module.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#alias">Alias</a></li>
-
-      <li><a href="#aliasmatch">AliasMatch</a></li>
-
-      <li><a href="#redirect">Redirect</a></li>
-
-      <li><a href="#redirectmatch">RedirectMatch</a></li>
-
-      <li><a href="#redirecttemp">RedirectTemp</a></li>
-
-      <li><a href="#redirectperm">RedirectPermanent</a></li>
-
-      <li><a href="#scriptalias">ScriptAlias</a></li>
-
-      <li><a href="#scriptaliasmatch">ScriptAliasMatch</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="alias" name="alias">Alias directive</a></h2>
-
-    <p>
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Alias <em>URL-path
-    file-path</em>|<em>directory-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_alias</p>
-
-    <p>The Alias directive allows documents to be stored in the
-    local filesystem other than under the <a
-    href="core.html#documentroot">DocumentRoot</a>. URLs with a
-    (%-decoded) path beginning with <em>url-path</em> will be
-    mapped to local files beginning with
-    <em>directory-filename</em>.</p>
-
-    <p>Example:</p>
-
-    <blockquote>
-      <code>Alias /image /ftp/pub/image</code>
-    </blockquote>
-
-    <p>A request for http://myserver/image/foo.gif would cause the
-    server to return the file /ftp/pub/image/foo.gif.</p>
-
-    <p>Note that if you include a trailing / on the
-    <em>url-path</em> then the server will require a trailing / in
-    order to expand the alias. That is, if you use <code>Alias
-    /icons/ /usr/local/apache/icons/</code> then the url
-    <code>/icons</code> will not be aliased.</p>
-
-    <p>Note that you may need to specify additional <a
-    href="core.html#directory"><code>&lt;Directory&gt;</code></a>
-    sections which cover the <em>destination</em> of aliases.
-    Aliasing occurs before <code>&lt;Directory&gt;</code> sections
-    are checked, so only the destination of aliases are affected.
-    (Note however <a
-    href="core.html#location"><code>&lt;Location&gt;</code></a>
-    sections are run through once before aliases are performed, so
-    they will apply.)</p>
-
-    <p>See also <a href="#scriptalias">ScriptAlias</a>.</p>
-    <hr />
-
-    <h2><a id="aliasmatch" name="aliasmatch">AliasMatch</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AliasMatch <em>regex
-    file-path</em>|<em>directory-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later</p>
-
-    <p>This directive is equivalent to <a href="#alias">Alias</a>,
-    but makes use of standard regular expressions, instead of
-    simple prefix matching. The supplied regular expression is
-    matched against the URL-path, and if it matches, the server
-    will substitute any parenthesized matches into the given string
-    and use it as a filename. For example, to activate the
-    <code>/icons</code> directory, one might use:</p>
-<pre>
-    AliasMatch ^/icons(.*) /usr/local/apache/icons$1
-</pre>
-    <hr />
-
-    <h2><a id="redirect" name="redirect">Redirect
-    directive</a></h2>
-
-    <p>
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Redirect
-    [<em>status</em>] <em>URL-path URL</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> The directory
-    and .htaccess context's are only available in versions 1.1 and
-    later. The <em>status</em> argument is only available in Apache
-    1.2 or later.</p>
-
-    <p>The Redirect directive maps an old URL into a new one. The
-    new URL is returned to the client which attempts to fetch it
-    again with the new address. <em>URL-path</em> a (%-decoded)
-    path; any requests for documents beginning with this path will
-    be returned a redirect error to a new (%-encoded) URL beginning
-    with <em>URL</em>.</p>
-
-    <p>Example:</p>
-
-    <blockquote>
-      <code>Redirect /service http://foo2.bar.com/service</code>
-    </blockquote>
-
-    <p>If the client requests http://myserver/service/foo.txt, it
-    will be told to access http://foo2.bar.com/service/foo.txt
-    instead.</p>
-
-    <p><strong>Note:</strong> Redirect directives take precedence
-    over Alias and ScriptAlias directives, irrespective of their
-    ordering in the configuration file. Also, <em>URL-path</em>
-    must be an absolute path, not a relative path, even when used
-    with .htaccess files or inside of &lt;Directory&gt;
-    sections.</p>
-
-    <p>If no <em>status</em> argument is given, the redirect will
-    be "temporary" (HTTP status 302). This indicates to the client
-    that the resource has moved temporarily. The <em>status</em>
-    argument can be used to return other HTTP status codes:</p>
-
-    <dl>
-      <dt>permanent</dt>
-
-      <dd>Returns a permanent redirect status (301) indicating that
-      the resource has moved permanently.</dd>
-
-      <dt>temp</dt>
-
-      <dd>Returns a temporary redirect status (302). This is the
-      default.</dd>
-
-      <dt>seeother</dt>
-
-      <dd>Returns a "See Other" status (303) indicating that the
-      resource has been replaced.</dd>
-
-      <dt>gone</dt>
-
-      <dd>Returns a "Gone" status (410) indicating that the
-      resource has been permanently removed. When this status is
-      used the <em>url</em> argument should be omitted.</dd>
-    </dl>
-
-    <p>Other status codes can be returned by giving the numeric
-    status code as the value of <em>status</em>. If the status is
-    between 300 and 399, the <em>url</em> argument must be present,
-    otherwise it must be omitted. Note that the status must be
-    known to the Apache code (see the function
-    <code>send_error_response</code> in http_protocol.c).</p>
-
-    <p>Example:</p>
-
-    <pre>
-    Redirect permanent /one http://example.com/two<br />
-    Redirect 303 /two http://example.com/other
-    </pre>
-    <hr />
-
-    <h2><a id="redirectmatch"
-    name="redirectmatch">RedirectMatch</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RedirectMatch
-    [<em>status</em>] <em>regex URL</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later</p>
-
-    <p>This directive is equivalent to <a
-    href="#redirect">Redirect</a>, but makes use of standard
-    regular expressions, instead of simple prefix matching. The
-    supplied regular expression is matched against the URL-path,
-    and if it matches, the server will substitute any parenthesized
-    matches into the given string and use it as a filename. For
-    example, to redirect all GIF files to like-named JPEG files on
-    another server, one might use:</p>
-<pre>
-    RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg
-</pre>
-    <hr />
-
-    <h2><a id="redirecttemp" name="redirecttemp">RedirectTemp
-    directive</a></h2>
-
-    <p>
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RedirectTemp
-    <em>URL-path URL</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> This directive
-    is only available in Apache 1.2 and later</p>
-
-    <p>This directive makes the client know that the Redirect is
-    only temporary (status 302). Exactly equivalent to
-    <code>Redirect temp</code>.</p>
-    <hr />
-
-    <h2><a id="redirectperm" name="redirectperm">RedirectPermanent
-    directive</a></h2>
-
-    <p>
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RedirectPermanent
-    <em>URL-path URL</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> This directive
-    is only available in Apache 1.2 and later</p>
-
-    <p>This directive makes the client know that the Redirect is
-    permanent (status 301). Exactly equivalent to <code>Redirect
-    permanent</code>.</p>
-    <hr />
-
-    <h2><a id="scriptalias" name="scriptalias">ScriptAlias
-    directive</a></h2>
-
-    <p>
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ScriptAlias
-    <em>URL-path file-path</em>|<em>directory-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_alias</p>
-
-    <p>The ScriptAlias directive has the same behavior as the <a
-    href="#alias">Alias</a> directive, except that in addition it
-    marks the target directory as containing CGI scripts that will be
-    processed by <a href="mod_cgi.html">mod_cgi</a>'s cgi-script
-    handler. URLs with a (%-decoded) path beginning with
-    <em>URL-path</em> will be mapped to scripts beginning with the
-    second argument which is a full pathname in the local
-    filesystem.</p>
-
-    <p>Example:</p>
-
-    <blockquote>
-      <code>ScriptAlias /cgi-bin/ /web/cgi-bin/</code>
-    </blockquote>
-
-    <p>A request for http://myserver/cgi-bin/foo would cause the
-    server to run the script /web/cgi-bin/foo.</p>
-    <hr />
-
-    <h2><a id="scriptaliasmatch"
-    name="scriptaliasmatch">ScriptAliasMatch</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ScriptAliasMatch
-    <em>regex file-path</em>|<em>directory-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later</p>
-
-    <p>This directive is equivalent to <a
-    href="#scriptalias">ScriptAlias</a>, but makes use of standard
-    regular expressions, instead of simple prefix matching. The
-    supplied regular expression is matched against the URL-path,
-    and if it matches, the server will substitute any parenthesized
-    matches into the given string and use it as a filename. For
-    example, to activate the standard <code>/cgi-bin</code>, one
-    might use:</p>
-<pre>
-    ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_asis.html b/usr.sbin/httpd/htdocs/manual/mod/mod_asis.html
deleted file mode 100644
index 9d93d39f157..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_asis.html
+++ /dev/null
@@ -1,107 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_asis</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_asis</h1>
-
-    <p>This module provides for sending files which contain their
-    own HTTP headers.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_asis.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    asis_module</p>
-
-    <h2>Summary</h2>
-
-    <p>This module provides the handler <code>send-as-is</code>
-    which causes Apache to send the document without adding most of
-    the usual HTTP headers.</p>
-
-    <p>This can be used to send any kind of data from the server,
-    including redirects and other special HTTP responses, without
-    requiring a cgi-script or an nph script.</p>
-
-    <p>For historical reasons, this module will also process any
-    file with the mime type <code>httpd/send-as-is</code>.</p>
-
-    <h2>Directives</h2>
-
-    <p>This module provides no directives.</p>
-
-    <h2>Usage</h2>
-
-    <p>In the server configuration file, associate files with the
-    <code>send-as-is</code> handler <em>e.g.</em></p>
-
-    <blockquote>
-      <code>AddHandler send-as-is asis</code>
-    </blockquote>
-    The contents of any file with a <code>.asis</code> extension
-    will then be sent by Apache to the client with almost no
-    changes. Clients will need HTTP headers to be attached, so do
-    not forget them. A Status: header is also required; the data
-    should be the 3-digit HTTP response code, followed by a textual
-    message. 
-
-    <p>Here's an example of a file whose contents are sent <em>as
-    is</em> so as to tell the client that a file has
-    redirected.</p>
-
-    <blockquote>
-      <code>Status: 301 Now where did I leave that URL<br />
-       Location: http://xyz.abc.com/foo/bar.html<br />
-       Content-type: text/html<br />
-      <br />
-       &lt;HTML&gt;<br />
-       &lt;HEAD&gt;<br />
-       &lt;TITLE&gt;Lame excuses'R'us&lt;/TITLE&gt;<br />
-       &lt;/HEAD&gt;<br />
-       &lt;BODY&gt;<br />
-       &lt;H1&gt;Fred's exceptionally wonderful page has moved
-      to<br />
-       &lt;A
-      HREF="http://xyz.abc.com/foo/bar.html"&gt;Joe's&lt;/A&gt;
-      site.<br />
-       &lt;/H1&gt;<br />
-       &lt;/BODY&gt;<br />
-       &lt;/HTML&gt;</code>
-    </blockquote>
-
-    <p>Notes: the server always adds a Date: and Server: header to
-    the data returned to the client, so these should not be
-    included in the file. The server does <em>not</em> add a
-    Last-Modified header; it probably should. 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html
deleted file mode 100644
index 2789d5bb5e0..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html
+++ /dev/null
@@ -1,326 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_auth</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_auth</h1>
-
-    <p>This module provides for user authentication using text
-    files.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_auth.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    auth_module</p>
-
-    <h2>Summary</h2>
-
-    <p>This module allows the use of HTTP Basic Authentication to
-    restrict access by looking up users in plain text password and
-    group files. Similar functionality and greater scalability is
-    provided by <a href="mod_auth_dbm.html">mod_auth_dbm</a> and <a
-    href="mod_auth_db.html">mod_auth_db</a>. HTTP Digest
-    Authentication is provided by <a
-    href="mod_auth_digest.html">mod_auth_digest</a>.</p>
-
-    <p><b>Note that these credential-based security mechanisms are
-    only as strong as your Web server's security. As a rule, they
-    are <i>not</i> as strong as the operating system's own security
-    system.</b></p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#authgroupfile">AuthGroupFile</a></li>
-
-      <li><a href="#authuserfile">AuthUserFile</a></li>
-
-      <li><a href="#authauthoritative">AuthAuthoritative</a></li>
-    </ul>
-
-    <p>See also: <a href="core.html#require">require</a>, <a
-    href="core.html#satisfy">satisfy</a>, and <a
-    href="#require">mod_auth require keywords</a>.</p>
-    <hr />
-
-    <h2><a id="require" name="require"><code>mod_auth</code>
-    Require Keywords</a></h2>
-
-    <p>The <code>mod_auth</code> module supports the following
-    keywords that can be given to the <a
-    href="core.html#require">Require</a> directive:</p>
-
-    <dl compact="compact">
-      <dt><code>user <i>username</i> [...]</code></dt>
-
-      <dd>The supplied username and password must be in the <a
-      href="#authuserfile">AuthUserFile</a> database, and the
-      username must also be one of those listed on the Require
-      directive.</dd>
-
-      <dt><code>group <i>groupname</i> [...]</code></dt>
-
-      <dd>The supplied username and password must be in the <a
-      href="#authuserfile">AuthUserFile</a> database, and the
-      username must also be a member of one of the named groups in
-      the <a href="#authgroupfile">AuthGroupFile</a> database.</dd>
-
-      <dt><code>valid-user</code></dt>
-
-      <dd>The supplied username and password must be in the <a
-      href="#authuserfile">AuthUserFile</a> database. Any valid
-      username from that file will be allowed.</dd>
-
-      <dt><code>file-owner</code></dt>
-
-      <dd>[Available after Apache 1.3.20] The supplied username and
-      password must be in the <a
-      href="#authuserfile">AuthUserFile</a> database, and the
-      username must also match the system's name for the owner of
-      the file being requested. That is, if the operating system
-      say the requested file is owned by <code>jones</code>, then
-      the username used to access it through the Web must be
-      <code>jones</code> as well.</dd>
-
-      <dt><code>file-group</code></dt>
-
-      <dd>[Available after Apache 1.3.20] The supplied username and
-      password must be in the <a
-      href="#authuserfile">AuthUserFile</a> database, the name of
-      the group that owns the file must be in the <a
-      href="#authgroupfile">AuthGroupFile</a> database, and the
-      username must be a member of that group. For example, if the
-      operating system says the requested file is owned by group
-      <code>accounts</code>, the group <code>accounts</code> must
-      be in the AuthGroupFile database and the username used in the
-      request must be a member of that group.</dd>
-    </dl>
-    <hr />
-
-    <h2><a id="example" name="example">Example of <code>Require
-    file-owner</code></a></h2>
-
-    <p>Consider a multi-user system running the Apache Web server,
-    with each user having his or her own files in
-    <code>~/public_html/private</code>. Assuming that there is a
-    single AuthUserFile database that lists all of their usernames,
-    and that their Web usernames match the ones that actually own
-    the files on the server, then the following stanza would allow
-    only the user himself access to his own files. User
-    <code>jones</code> would not be allowed to access files in
-    <code>/home/smith/public_html/private</code> unless they were
-    owned by <code>jones</code> instead of <code>smith</code>.</p>
-<pre>
-    &lt;Directory /home/*/public_html/private&gt;
-        AuthType Basic
-        AuthName MyPrivateFile
-        AuthUserFile /usr/local/apache/etc/.htpasswd-allusers
-        Satisfy All
-        Require file-owner
-    &lt;/Directory&gt;
-</pre>
-    <hr />
-
-    <h2><a id="authgroupfile"
-    name="authgroupfile">AuthGroupFile</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthGroupFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth 
-
-    <p>The AuthGroupFile directive sets the name of a textual file
-    containing the list of user groups for user authentication.
-    <em>File-path</em> is the path to the group file. If it is not
-    absolute (<em>i.e.</em>, if it doesn't begin with a slash), it
-    is treated as relative to the ServerRoot.</p>
-
-    <p>Each line of the group file contains a groupname followed by
-    a colon, followed by the member usernames separated by spaces.
-    Example:</p>
-
-    <blockquote>
-      <code>mygroup: bob joe anne</code>
-    </blockquote>
-    Note that searching large text files is <em>very</em>
-    inefficient; <a
-    href="mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a>
-    should be used instead. 
-
-    <p>Security: make sure that the AuthGroupFile is stored outside
-    the document tree of the web-server; do <em>not</em> put it in
-    the directory that it protects. Otherwise, clients will be able
-    to download the AuthGroupFile.</p>
-
-    <p>See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authuserfile">AuthUserFile</a>.</p>
-    <hr />
-
-    <h2><a id="authuserfile" name="authuserfile">AuthUserFile</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthUserFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth 
-
-    <p>The AuthUserFile directive sets the name of a textual file
-    containing the list of users and passwords for user
-    authentication. <em>File-path</em> is the path to the user
-    file. If it is not absolute (<em>i.e.</em>, if it doesn't begin
-    with a slash), it is treated as relative to the ServerRoot.</p>
-
-    <p>Each line of the user file contains a username followed by a
-    colon, followed by the <code>crypt()</code> encrypted password.
-    The behavior of multiple occurrences of the same user is
-    undefined.</p>
-
-    <p>The utility <a href="../programs/htpasswd.html">htpasswd</a>
-    which is installed as part of the binary distribution, or which
-    can be found in <code>src/support</code>, is used to maintain
-    this password file. See the <code>man</code> page for more
-    details. In short</p>
-
-    <blockquote>
-      <code>htpasswd -c Filename username</code><br />
-       Create a password file 'Filename' with 'username' as the
-      initial ID. It will prompt for the password. <code>htpasswd
-      Filename username2</code><br />
-       Adds or modifies in password file 'Filename' the 'username'.
-    </blockquote>
-
-    <p>Note that searching large text files is <em>very</em>
-    inefficient; <a
-    href="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</a>
-    should be used instead.</p>
-
-    <dl>
-      <dt><b>Security:</b></dt>
-
-      <dd>Make sure that the AuthUserFile is stored outside the
-      document tree of the web-server; do <em>not</em> put it in
-      the directory that it protects. Otherwise, clients may be
-      able to download the AuthUserFile.</dd>
-
-      <dd>Also be aware that null usernames are permitted, and null
-      passwords as well (through Apache 1.3.20). If your
-      AuthUserFile includes a line containing only a colon (':'), a
-      '<code>Require valid-user</code>' will allow access if both
-      the username and password in the credentials are
-      omitted.</dd>
-    </dl>
-    See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authgroupfile">AuthGroupFile</a>. 
-    <hr />
-
-    <h2><a id="authauthoritative"
-    name="authauthoritative">AuthAuthoritative</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthAuthoritative
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>AuthAuthoritative on</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth 
-
-    <p>Setting the AuthAuthoritative directive explicitly to
-    <strong>'off'</strong> allows for both authentication and
-    authorization to be passed on to lower level modules (as
-    defined in the <code>Configuration</code> and
-    <code>modules.c</code> files) if there is <strong>no
-    userID</strong> or <strong>rule</strong> matching the supplied
-    userID. If there is a userID and/or rule specified; the usual
-    password and access checks will be applied and a failure will
-    give an Authorization Required reply.</p>
-
-    <p>So if a userID appears in the database of more than one
-    module; or if a valid <code>Require</code> directive applies to
-    more than one module; then the first module will verify the
-    credentials; and no access is passed on; regardless of the
-    AuthAuthoritative setting.</p>
-
-    <p>A common use for this is in conjunction with one of the
-    database modules; such as <a
-    href="mod_auth_db.html"><code>mod_auth_db.c</code></a>, <a
-    href="mod_auth_dbm.html"><code>mod_auth_dbm.c</code></a>,
-    <code>mod_auth_msql.c</code>, and <a
-    href="mod_auth_anon.html"><code>mod_auth_anon.c</code></a>.
-    These modules supply the bulk of the user credential checking;
-    but a few (administrator) related accesses fall through to a
-    lower level with a well protected AuthUserFile.</p>
-
-    <p><a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> By default; control is
-    not passed on; and an unknown userID or rule will result in an
-    Authorization Required reply. Not setting it thus keeps the
-    system secure; and forces an NCSA compliant behavior.</p>
-
-    <p>Security: Do consider the implications of allowing a user to
-    allow fall-through in his .htaccess file; and verify that this
-    is really what you want; Generally it is easier to just secure
-    a single .htpasswd file, than it is to secure a database such
-    as mSQL. Make sure that the AuthUserFile is stored outside the
-    document tree of the web-server; do <em>not</em> put it in the
-    directory that it protects. Otherwise, clients will be able to
-    download the AuthUserFile.</p>
-
-    <p>See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authgroupfile">AuthGroupFile</a>.</p>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html
deleted file mode 100644
index 6824322f6b9..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html
+++ /dev/null
@@ -1,296 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_auth_anon.c</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_auth_anon</h1>
-    This module allows "anonymous" user access to authenticated
-    areas. 
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_auth_anon.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    anon_auth_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module does access control in a manner similar to
-    anonymous-ftp sites; <em>i.e.</em> have a 'magic' user id
-    'anonymous' and the email address as a password. These email
-    addresses can be logged.</p>
-
-    <p>Combined with other (database) access control methods, this
-    allows for effective user tracking and customization according
-    to a user profile while still keeping the site open for
-    'unregistered' users. One advantage of using Auth-based user
-    tracking is that, unlike magic-cookies and funny URL
-    pre/postfixes, it is completely browser independent and it
-    allows users to share URLs.</p>
-
-    <h2><a id="Directives" name="Directives">Directives</a></h2>
-
-    <ul>
-      <li><a href="#anonymous">Anonymous</a></li>
-
-      <li><a href="#Authoritative">Anonymous_Authoritative</a></li>
-
-      <li><a href="#LogEmail">Anonymous_LogEmail</a></li>
-
-      <li><a href="#MustGiveEmail">Anonymous_MustGiveEmail</a></li>
-
-      <li><a href="#NoUserID">Anonymous_NoUserID</a></li>
-
-      <li><a href="#VerifyEmail">Anonymous_VerifyEmail</a></li>
-    </ul>
-
-    <h2><a id="Example" name="Example">Example</a></h2>
-    The example below (when combined with the Auth directives of a
-    htpasswd-file based (or GDM, mSQL <em>etc.</em>) base access
-    control system allows users in as 'guests' with the following
-    properties: 
-
-    <ul>
-      <li>It insists that the user enters a userId.
-      (<code>Anonymous_NoUserId</code>)</li>
-
-      <li>It insists that the user enters a password.
-      (<code>Anonymous_MustGiveEmail</code>)</li>
-
-      <li>The password entered must be a valid email address, ie.
-      contain at least one '@' and a '.'.
-      (<code>Anonymous_VerifyEmail</code>)</li>
-
-      <li>The userID must be one of <code>anonymous guest www test
-      welcome</code> and comparison is <strong>not</strong> case
-      sensitive.</li>
-
-      <li>And the Email addresses entered in the passwd field are
-      logged to the error log file
-      (<code>Anonymous_LogEmail</code>)</li>
-    </ul>
-
-    <p>Excerpt of httpd.conf:</p>
-
-    <blockquote>
-<pre>
-Anonymous_NoUserId      off
-Anonymous_MustGiveEmail on
-Anonymous_VerifyEmail    on
-Anonymous_LogEmail      on
-Anonymous        anonymous guest www test welcome
-
-AuthName                "Use 'anonymous' &amp; Email address for guest entry"
-AuthType                basic
-
-# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile
-# directive must be specified, or use
-# Anonymous_Authoritative for public access.
-# In the .htaccess for the public directory, add:
-&lt;Files *&gt;
-Order Deny,Allow          
-Allow from all            
-
-Require valid-user        
-&lt;/Files&gt;
-</pre>
-    </blockquote>
-    <hr />
-
-    <h2><a id="anonymous" name="anonymous">Anonymous
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Anonymous <em>user</em>
-    [<em>user</em>] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> none<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_anon 
-
-    <p>A list of one or more 'magic' userIDs which are allowed
-    access without password verification. The userIDs are space
-    separated. It is possible to use the ' and " quotes to allow a
-    space in a userID as well as the \ escape character.</p>
-
-    <p>Please note that the comparison is
-    <strong>case-IN-sensitive</strong>.<br />
-     I strongly suggest that the magic username
-    '<code>anonymous</code>' is always one of the allowed
-    userIDs.</p>
-
-    <p>Example:<br />
-     <code>Anonymous anonymous "Not Registered" 'I don\'t
-    know'</code></p>
-
-    <p>This would allow the user to enter without password
-    verification by using the userId's 'anonymous',
-    'AnonyMous','Not Registered' and 'I Don't Know'.</p>
-    <hr />
-
-    <h2><a id="Authoritative"
-    name="Authoritative">Anonymous_Authoritative directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Anonymous_Authoritative
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>Anonymous_Authoritative off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_anon 
-
-    <p>When set 'on', there is no fall-through to other
-    authorization methods. So if a userID does not match the values
-    specified in the <code>Anonymous</code> directive, access is
-    denied.</p>
-
-    <p>Be sure you know what you are doing when you decide to
-    switch it on. And remember that it is the linking order of the
-    modules (in the Configuration / Make file) which details the
-    order in which the Authorization modules are queried.</p>
-    <hr />
-
-    <h2><a id="LogEmail" name="LogEmail">Anonymous_LogEmail
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Anonymous_LogEmail
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>Anonymous_LogEmail on</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_anon 
-
-    <p>When set 'on', the default, the 'password' entered (which
-    hopefully contains a sensible email address) is logged in the
-    error log. The message is logged at a level of <code>info</code>,
-    and so you must have <a href="core.html#loglevel">LogLevel</a> set
-    to at least <code>info</code> in order to see this message.</p>
-
-    <p>Log entries will look like the following example:</p>
-
-    <pre>
-[Fri Apr 26 14:49:50 2002] [info] [client 192.168.1.105] Anonymous: Passwd <user@example.com> Accepted
-</pre>
-
-    <hr />
-
-    <h2><a id="MustGiveEmail"
-    name="MustGiveEmail">Anonymous_MustGiveEmail directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Anonymous_MustGiveEmail
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>Anonymous_MustGiveEmail on</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_anon 
-
-    <p>Specifies whether the user must specify an email address as
-    the password. This prohibits blank passwords.</p>
-    <hr />
-
-    <h2><a id="NoUserID" name="NoUserID">Anonymous_NoUserID
-    directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Anonymous_NoUserID
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>Anonymous_NoUserID off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_anon 
-
-    <p>When set 'on', users can leave the userID (and perhaps the
-    password field) empty. This can be very convenient for
-    MS-Explorer users who can just hit return or click directly on
-    the OK button; which seems a natural reaction.</p>
-    <hr />
-
-    <h2><a id="VerifyEmail"
-    name="VerifyEmail">Anonymous_VerifyEmail directive</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Anonymous_VerifyEmail
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>Anonymous_VerifyEmail off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_anon 
-
-    <p>When set 'on' the 'password' entered is checked for at least
-    one '@' and a '.' to encourage users to enter valid email
-    addresses (see the above <code>Auth_LogEmail</code>). 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html
deleted file mode 100644
index 324cbfd870e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html
+++ /dev/null
@@ -1,248 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_auth_db</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_auth_db</h1>
-
-    <p>This module provides for user authentication using Berkeley
-    DB files.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_auth_db.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    db_auth_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module provides an alternative to <a
-    href="mod_auth_dbm.html">DBM</a> files for those systems which
-    support DB and not DBM. It is only available in Apache 1.1 and
-    later.</p>
-
-    <p>On some BSD systems (<em>e.g.</em>, FreeBSD and NetBSD) dbm
-    is automatically mapped to Berkeley DB. You can use either <a
-    href="mod_auth_dbm.html">mod_auth_dbm</a> or mod_auth_db. The
-    latter makes it more obvious that it's Berkeley DB. On other
-    platforms where you want to use the DB library you usually have
-    to install it first. See <a
-    href="http://www.sleepycat.com/">http://www.sleepycat.com/</a>
-    for the distribution. The interface this module uses is the one
-    from DB version 1.85 and 1.86, but DB version 2.x can also be
-    used when compatibility mode is enabled.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#authdbgroupfile">AuthDBGroupFile</a></li>
-
-      <li><a href="#authdbuserfile">AuthDBUserFile</a></li>
-
-      <li><a
-      href="#authdbauthoritative">AuthDBAuthoritative</a></li>
-    </ul>
-
-    <p>See also: <a href="core.html#satisfy">satisfy</a> and <a
-    href="core.html#require">require</a>.</p>
-    <hr />
-
-    <h2><a id="authdbgroupfile"
-    name="authdbgroupfile">AuthDBGroupFile directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDBGroupFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_db 
-
-    <p>The AuthDBGroupFile directive sets the name of a DB file
-    containing the list of user groups for user authentication.
-    <em>File-path</em> is the absolute path to the group file.</p>
-
-    <p>The group file is keyed on the username. The value for a
-    user is a comma-separated list of the groups to which the users
-    belongs. There must be no whitespace within the value, and it
-    must never contain any colons.</p>
-
-    <p>Security: make sure that the AuthDBGroupFile is stored
-    outside the document tree of the web-server; do <em>not</em>
-    put it in the directory that it protects. Otherwise, clients
-    will be able to download the AuthDBGroupFile unless otherwise
-    protected.</p>
-
-    <p>Combining Group and Password DB files: In some cases it is
-    easier to manage a single database which contains both the
-    password and group details for each user. This simplifies any
-    support programs that need to be written: they now only have to
-    deal with writing to and locking a single DBM file. This can be
-    accomplished by first setting the group and password files to
-    point to the same DB file:</p>
-
-    <blockquote>
-      <code>AuthDBGroupFile /www/userbase<br />
-       AuthDBUserFile /www/userbase</code>
-    </blockquote>
-    The key for the single DB record is the username. The value
-    consists of 
-
-    <blockquote>
-      <code>Unix Crypt-ed Password : List of Groups [ : (ignored)
-      ]</code>
-    </blockquote>
-    The password section contains the Unix crypt() password as
-    before. This is followed by a colon and the comma separated
-    list of groups. Other data may optionally be left in the DB
-    file after another colon; it is ignored by the authentication
-    module. 
-
-    <p>See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authdbuserfile">AuthDBUserFile</a>.</p>
-    <hr />
-
-    <h2><a id="authdbuserfile"
-    name="authdbuserfile">AuthDBUserFile</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDBUserFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_db 
-
-    <p>The AuthDBUserFile directive sets the name of a DB file
-    containing the list of users and passwords for user
-    authentication. <em>File-path</em> is the absolute path to the
-    user file.</p>
-
-    <p>The user file is keyed on the username. The value for a user
-    is the crypt() encrypted password, optionally followed by a
-    colon and arbitrary data. The colon and the data following it
-    will be ignored by the server.</p>
-
-    <p>Security: make sure that the AuthDBUserFile is stored
-    outside the document tree of the web-server; do <em>not</em>
-    put it in the directory that it protects. Otherwise, clients
-    will be able to download the AuthDBUserFile.</p>
-
-    <p>Important compatibility note: The implementation of
-    "dbmopen" in the apache modules reads the string length of the
-    hashed values from the DB data structures, rather than relying
-    upon the string being NULL-appended. Some applications, such as
-    the Netscape web server, rely upon the string being
-    NULL-appended, so if you are having trouble using DB files
-    interchangeably between applications this may be a part of the
-    problem.</p>
-
-    <p>A perl script called
-    href="../programs/dbmmanage.html"&gt;dbmmanage is included with
-    Apache. This program can be used to create and update DB format
-    password files for use with this module.</p>
-    See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authdbgroupfile">AuthDBGroupFile</a>. 
-    <hr />
-
-    <h2><a id="authdbauthoritative"
-    name="authdbauthoritative">AuthDBAuthoritative</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDBAuthoritative
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>AuthDBAuthoritative on</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth 
-
-    <p>Setting the AuthDBAuthoritative directive explicitly to
-    <strong>'off'</strong> allows for both authentication and
-    authorization to be passed on to lower level modules (as
-    defined in the <code>Configuration</code> and
-    <code>modules.c</code> file if there is <strong>no
-    userID</strong> or <strong>rule</strong> matching the supplied
-    userID. If there is a userID and/or rule specified; the usual
-    password and access checks will be applied and a failure will
-    give an Authorization Required reply.</p>
-
-    <p>So if a userID appears in the database of more than one
-    module; or if a valid <code>Require</code> directive applies to
-    more than one module; then the first module will verify the
-    credentials; and no access is passed on; regardless of the
-    AuthAuthoritative setting.</p>
-
-    <p>A common use for this is in conjunction with one of the
-    basic auth modules; such as <a
-    href="mod_auth.html"><code>mod_auth.c</code></a>. Whereas this
-    DB module supplies the bulk of the user credential checking; a
-    few (administrator) related accesses fall through to a lower
-    level with a well protected .htpasswd file.</p>
-
-    <p>By default, control is not passed on and an unknown userID
-    or rule will result in an Authorization Required reply. Not
-    setting it thus keeps the system secure and forces an NCSA
-    compliant behavior.</p>
-
-    <p>Security: Do consider the implications of allowing a user to
-    allow fall-through in his .htaccess file; and verify that this
-    is really what you want; Generally it is easier to just secure
-    a single .htpasswd file, than it is to secure a database which
-    might have more access interfaces.</p>
-
-    <p>See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authdbgroupfile">AuthDBGroupFile</a>.</p>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html
deleted file mode 100644
index 7deef8a4fac..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html
+++ /dev/null
@@ -1,235 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_auth_dbm</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_auth_dbm</h1>
-
-    <p>This module provides for user authentication using DBM
-    files.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_auth_dbm.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    dbm_auth_module</p>
-
-    <h2>Summary</h2>
-
-    <p>This module provides for HTTP Basic Authentication, where
-    the usernames and passwords are stored in DBM type database
-    files. It is an alternative to the plain text password files
-    provided by <a href="mod_auth.html">mod_auth</a> and the
-    Berkely DB password files provided by <a
-    href="mod_auth_db.html">mod_auth_db</a>.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#authdbmgroupfile">AuthDBMGroupFile</a></li>
-
-      <li><a href="#authdbmuserfile">AuthDBMUserFile</a></li>
-
-      <li><a
-      href="#authdbmauthoritative">AuthDBMAuthoritative</a></li>
-    </ul>
-
-    <p>See also: <a href="core.html#satisfy">Satisfy</a> and <a
-    href="core.html#require">Require</a>.</p>
-    <hr />
-
-    <h2><a id="authdbmgroupfile"
-    name="authdbmgroupfile">AuthDBMGroupFile</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDBMGroupFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_dbm 
-
-    <p>The AuthDBMGroupFile directive sets the name of a DBM file
-    containing the list of user groups for user authentication.
-    <em>File-path</em> is the absolute path to the group file.</p>
-
-    <p>The group file is keyed on the username. The value for a
-    user is a comma-separated list of the groups to which the users
-    belongs. There must be no whitespace within the value, and it
-    must never contain any colons.</p>
-
-    <p>Security: make sure that the AuthDBMGroupFile is stored
-    outside the document tree of the web-server; do <em>not</em>
-    put it in the directory that it protects. Otherwise, clients
-    will be able to download the AuthDBMGroupFile unless otherwise
-    protected.</p>
-
-    <p>Combining Group and Password DBM files: In some cases it is
-    easier to manage a single database which contains both the
-    password and group details for each user. This simplifies any
-    support programs that need to be written: they now only have to
-    deal with writing to and locking a single DBM file. This can be
-    accomplished by first setting the group and password files to
-    point to the same DBM:</p>
-
-    <blockquote>
-      <code>AuthDBMGroupFile /www/userbase<br />
-       AuthDBMUserFile /www/userbase</code>
-    </blockquote>
-    The key for the single DBM is the username. The value consists
-    of 
-
-    <blockquote>
-      <code>Unix Crypt-ed Password : List of Groups [ : (ignored)
-      ]</code>
-    </blockquote>
-    The password section contains the Unix crypt() password as
-    before. This is followed by a colon and the comma separated
-    list of groups. Other data may optionally be left in the DBM
-    file after another colon; it is ignored by the authentication
-    module. This is what www.telescope.org uses for its combined
-    password and group database. 
-
-    <p>See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authdbmuserfile">AuthDBMUserFile</a>.</p>
-    <hr />
-
-    <h2><a id="authdbmuserfile"
-    name="authdbmuserfile">AuthDBMUserFile</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDBMUserFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_dbm 
-
-    <p>The AuthDBMUserFile directive sets the name of a DBM file
-    containing the list of users and passwords for user
-    authentication. <em>File-path</em> is the absolute path to the
-    user file.</p>
-
-    <p>The user file is keyed on the username. The value for a user
-    is the crypt() encrypted password, optionally followed by a
-    colon and arbitrary data. The colon and the data following it
-    will be ignored by the server.</p>
-
-    <p>Security: make sure that the AuthDBMUserFile is stored
-    outside the document tree of the web-server; do <em>not</em>
-    put it in the directory that it protects. Otherwise, clients
-    will be able to download the AuthDBMUserFile.</p>
-
-    <p>Important compatibility note: The implementation of
-    "dbmopen" in the apache modules reads the string length of the
-    hashed values from the DBM data structures, rather than relying
-    upon the string being NULL-appended. Some applications, such as
-    the Netscape web server, rely upon the string being
-    NULL-appended, so if you are having trouble using DBM files
-    interchangeably between applications this may be a part of the
-    problem.</p>
-
-    <p>A perl script called <a
-    href="../programs/dbmmanage.html">dbmmanage</a> is included
-    with Apache. This program can be used to create and update DBM
-    format password files for use with this module.</p>
-    See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authdbmgroupfile">AuthDBMGroupFile</a>. 
-    <hr />
-
-    <h2><a id="authdbmauthoritative"
-    name="authdbmauthoritative">AuthDBMAuthoritative</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDBMAuthoritative
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>AuthDBMAuthoritative on</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_dbm 
-
-    <p>Setting the AuthDBMAuthoritative directive explicitly to
-    <strong>'off'</strong> allows for both authentication and
-    authorization to be passed on to lower level modules (as
-    defined in the <code>Configuration</code> and
-    <code>modules.c</code> file if there is <strong>no
-    userID</strong> or <strong>rule</strong> matching the supplied
-    userID. If there is a userID and/or rule specified; the usual
-    password and access checks will be applied and a failure will
-    give an Authorization Required reply.</p>
-
-    <p>So if a userID appears in the database of more than one
-    module; or if a valid <code>Require</code> directive applies to
-    more than one module; then the first module will verify the
-    credentials; and no access is passed on; regardless of the
-    AuthAuthoritative setting.</p>
-
-    <p>A common use for this is in conjunction with one of the
-    basic auth modules; such as <a
-    href="mod_auth.html"><code>mod_auth.c</code></a>. Whereas this
-    DBM module supplies the bulk of the user credential checking; a
-    few (administrator) related accesses fall through to a lower
-    level with a well protected .htpasswd file.</p>
-
-    <p>By default, control is not passed on and an unknown userID
-    or rule will result in an Authorization Required reply. Not
-    setting it thus keeps the system secure and forces an NCSA
-    compliant behavior.</p>
-
-    <p>Security: Do consider the implications of allowing a user to
-    allow fall-through in his .htaccess file; and verify that this
-    is really what you want; Generally it is easier to just secure
-    a single .htpasswd file, than it is to secure a database which
-    might have more access interfaces.</p>
-
-    <p>See also <a href="core.html#authname">AuthName</a>, <a
-    href="core.html#authtype">AuthType</a> and <a
-    href="#authdbmgroupfile">AuthDBMGroupFile</a>.</p>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html
deleted file mode 100644
index 9fc1cd3dc69..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html
+++ /dev/null
@@ -1,406 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_auth_digest</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_auth_digest</h1>
-
-    <p>This module provides for user authentication using MD5
-    Digest Authentication.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_auth_digest.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    digest_auth_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.8 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This is an updated version of <a
-    href="mod_digest.html">mod_digest</a>. However, it has not been
-    extensively tested and is therefore marked experimental. If you
-    use this module, you must make sure to <em>not</em> use
-    mod_digest (because they share some of the same configuration
-    directives).</p>
-
-    <p>Digest authentication is described in <a
-    href="http://ftp.ics.uci.edu/pub/ietf/http/rfc2617.txt">RFC 
-    2617.</p>
- 
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#authdigestfile">AuthDigestFile</a></li>
-
-      <li><a
-      href="#authdigestgroupfile">AuthDigestGroupFile</a></li>
-
-      <li><a href="#authdigestqop">AuthDigestQop</a></li>
-
-      <li><a
-      href="#authdigestnoncelifetime">AuthDigestNonceLifetime</a></li>
-
-      <li><a
-      href="#authdigestnonceformat">AuthDigestNonceFormat</a></li>
-
-      <li><a href="#authdigestnccheck">AuthDigestNcCheck</a></li>
-
-      <li><a
-      href="#authdigestalgorithm">AuthDigestAlgorithm</a></li>
-
-      <li><a href="#authdigestdomain">AuthDigestDomain</a></li>
-    </ul>
-
-    <p>See also: <a href="core.html#require">Require</a> and <a
-    href="core.html#satisfy">Satisfy</a>.</p>
-
-    <h3><a id="usingdigest" name="usingdigest">Using Digest
-    Authentication</a></h3>
-
-    <p>Using MD5 Digest authentication is very simple. Simply set
-    up authentication normally, using "AuthType Digest" and
-    "AuthDigestFile" instead of the normal "AuthType Basic" and
-    "AuthUserFile"; also, replace any "AuthGroupFile" with
-    "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive
-    containing at least the root URI(s) for this protection space.
-    Example:</p>
-<pre>
-  &lt;Location /private/&gt;
-  AuthType Digest
-  AuthName "private area"
-  AuthDigestDomain /private/ http://mirror.my.dom/private2/
-  AuthDigestFile /web/auth/.digest_pw
-  Require valid-user
-  &lt;/Location&gt;
-</pre>
-
-    <p><strong>Note:</strong> MD5 authentication provides a more
-    secure password system than Basic authentication, but only
-    works with supporting browsers. As of this writing (October
-    2001), the only major browsers which support digest
-    authentication are <a href="http://www.opera.com/">Opera
-    4.0</a>, <a href="http://www.microsoft.com/windows/ie/">MS
-    Internet Explorer 5.0</a> and <a
-    href="http://www.w3.org/Amaya/">Amaya</a>. Therefore, we do not
-    yet recommend using this feature on a large Internet site.
-    However, for personal and intra-net use, where browser users
-    can be controlled, it is ideal.</p>
-    <hr />
-
-    <h2><a id="authdigestfile"
-    name="authdigestfile">AuthDigestFile</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_digest<br />
-     
-
-    <p>The AuthDigestFile directive sets the name of a textual file
-    containing the list of users and encoded passwords for digest
-    authentication. <em>File-path</em> is the absolute path to the
-    user file.</p>
-
-    <p>The digest file uses a special format. Files in this format
-    can be created using the <a
-    href="../programs/htdigest.html">htdigest</a> utility found in
-    the support/ subdirectory of the Apache distribution.</p>
-    <hr />
-
-    <h2><a id="authdigestgroupfile"
-    name="authdigestgroupfile">AuthDigestGroupFile</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestGroupFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_digest<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.8 and later 
-
-    <p>The AuthDigestGroupFile directive sets the name of a textual
-    file containing the list of groups and their members (user
-    names). <em>File-path</em> is the absolute path to the group
-    file.</p>
-
-    <p>Each line of the group file contains a groupname followed by
-    a colon, followed by the member usernames separated by spaces.
-    Example:</p>
-
-    <blockquote>
-      <code>mygroup: bob joe anne</code>
-    </blockquote>
-    Note that searching large text files is <em>very</em>
-    inefficient. 
-
-    <p>Security: make sure that the AuthGroupFile is stored outside
-    the document tree of the web-server; do <em>not</em> put it in
-    the directory that it protects. Otherwise, clients will be able
-    to download the AuthGroupFile.</p>
-    <hr />
-
-    <h2><a id="authdigestqop"
-    name="authdigestqop">AuthDigestQop</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestQop
-    none|auth|auth-int [auth|auth-int]<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>AuthDigestQop
-    auth</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_digest<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.8 and later 
-
-    <p>The AuthDigestQop directive determines the
-    quality-of-protection to use. <em>auth</em> will only do
-    authentication (username/password); <em>auth-int</em> is
-    authentication plus integrity checking (an MD5 hash of the
-    entity is also computed and checked); <em>none</em> will cause
-    the module to use the old RFC-2069 digest algorithm (which does
-    not include integrity checking). Both <em>auth</em> and
-    <em>auth-int</em> may be specified, in which the case the
-    browser will choose which of these to use. <em>none</em> should
-    only be used if the browser for some reason does not like the
-    challenge it receives otherwise.</p>
-
-    <p><strong><em>auth-int</em> is not implemented
-    yet</strong>.</p>
-    <hr />
-
-    <h2><a id="authdigestnoncelifetime"
-    name="authdigestnoncelifetime">AuthDigestNonceLifetime</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestNonceLifetime
-    <em>seconds</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>AuthDigestNonceLifetime 300</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_digest<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.8 and later 
-
-    <p>The AuthDigestNonceLifetime directive controls how long the
-    server nonce is valid. When the client contacts the server
-    using an expired nonce the server will send back a 401 with
-    <code>stale=true</code>. If <em>seconds</em> is greater than 0
-    then it specifies the amount of time for which the nonce is
-    valid; this should probably never be set to less than 10
-    seconds. If <em>seconds</em> is less than 0 then the nonce
-    never expires. <!-- Not implemented yet
-            If <EM>seconds</EM> is 0 then the nonce may be used exactly once
-            by the client. Note that while one-time-nonces provide higher security
-            against replay attacks, they also have significant performance
-            implications, as the browser cannot pipeline or multiple connections
-            for the requests. Because browsers cannot easily detect that
-            one-time-nonces are being used, this may lead to browsers trying to
-            pipeline requests and receiving 401 responses for all but the first
-            request, requiring the browser to resend the requests. Note also that
-            the protection against reply attacks only makes sense for dynamically
-            generated content and things like POST requests; for static content
-            the attacker may already have the complete response, so one-time-nonces
-            do not make sense here.
-            -->
-    </p>
-    <hr />
-
-    <h2><a id="authdigestnonceformat"
-    name="authdigestnonceformat">AuthDigestNonceFormat</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestNonceFormat
-    <em>???</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>AuthDigestNonceFormat ???</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_digest<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.8 and later 
-
-    <p><strong>Not implemented yet.</strong> <!--
-            <P>The AuthDigestNonceFormat directive determines how the nonce is
-            generated.
-            -->
-    </p>
-    <hr />
-
-    <h2><a id="authdigestnccheck"
-    name="authdigestnccheck">AuthDigestNcCheck</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestNcCheck
-    On|Off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>AuthDigestNcCheck Off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_digest<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.8 and later 
-
-    <p><strong>Not implemented yet.</strong> <!--
-            <P>The AuthDigestNcCheck directive enables or disables the checking of the
-            nonce-count sent by the server.
-
-            <P>While recommended from a security standpoint, turning this directive
-            On has one important performance implication. To check the nonce-count
-            *all* requests (which have an Authorization header, irrespective of
-            whether they require digest authentication) must be serialized through
-            a critical section. If the server is handling a large number of
-            requests which contain the Authorization header then this may noticeably
-            impact performance.
-            -->
-    </p>
-    <hr />
-
-    <h2><a id="authdigestalgorithm"
-    name="authdigestalgorithm">AuthDigestAlgorithm</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestAlgorithm
-    MD5|MD5-sess<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>AuthDigestAlgorithm MD5</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_digest<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.8 and later 
-
-    <p>The AuthDigestAlgorithm directive selects the algorithm used
-    to calculate the challenge and response hashes.</p>
-
-    <p><strong><em>MD5-sess</em> is not correctly implemented
-    yet</strong>. <!--
-            <P>To use <EM>MD5-sess</EM> you must first code up the
-            <VAR>get_userpw_hash()</VAR> function in <VAR>mod_auth_digest.c</VAR> .
-            -->
-    </p>
-    <hr />
-
-    <h2><a id="authdigestdomain"
-    name="authdigestdomain">AuthDigestDomain</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestDomain
-    <em>URI</em> [<em>URI</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_auth_digest<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.8 and later 
-
-    <p>The AuthDigestDomain directive allows you to specify one or
-    more URIs which are in the same protection space (i.e. use the
-    same realm and username/password info). The specified URIs are
-    prefixes, i.e. the client will assume that all URIs "below"
-    these are also protected by the same username/password. The
-    URIs may be either absolute URIs (i.e. inluding a scheme, host,
-    port, etc) or relative URIs.</p>
-
-    <p>This directive <em>should</em> always be specified and
-    contain at least the (set of) root URI(s) for this space.
-    Omitting to do so will cause the client to send the
-    Authorization header for <em>every request</em> sent to this
-    server. Apart from increasing the size of the request, it may
-    also have a detrimental effect on performance if
-    "AuthDigestNcCheck" is on.</p>
-
-    <p>The URIs specified can also point to different servers, in
-    which case clients (which understand this) will then share
-    username/password info across multiple servers without
-    prompting the user each time. 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html
deleted file mode 100644
index 9e85f5d2cdd..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html
+++ /dev/null
@@ -1,488 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-<title>Module mod_auth_msql</title>
-</head>
-<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-<BODY
- BGCOLOR="#FFFFFF"
- TEXT="#000000"
- LINK="#0000FF"
- VLINK="#000080"
- ALINK="#FF0000"
->
-<DIV ALIGN="CENTER">
- <IMG SRC="../images/sub.gif" ALT="[APACHE DOCUMENTATION]">
- <H3>
-  Apache HTTP Server Version 1.2
- </H3>
-</DIV>
-
-<H1 ALIGN="CENTER">Module mod_auth_msql</H1>
-
-This module is contained in the <code>mod_auth_msql.c</code> file and
-is compiled in by default.  It allows access control using the public
-domain mSQL database <code><a
-href="ftp://ftp.bond.edu.au/pub/Minerva/msql">ftp://ftp.bond.edu.au/pub/Minerva/msql</a></code>,
-a fast but limited SQL engine which can be contacted over an internal
-Unix domain protocol as well as over normal TCP/IP socket
-communication. It is only available in Apache 1.1 and later. <p>
-
-<a href="#FullDescription">Full description</a> /
-<a href="#Example">Example</a> /
-<a href="#CompileTimeOptions">Compile time options</a> /
-<a href="#RevisionHistory">RevisionHistory</a> /
-<a href="#Person">Person to blame</a> /
-<a href="#Sourcecode">Sourcecode</a>
-<p>
-
-<hr><h2><a name="FullDescription">Full description of all tokens</a></h2>
-<dl>
-
-<code><dt>
-Auth_MSQLhost &lt; FQHN | IP Address | localhost &gt
-</dt></code><dd>
-        Hostname of the machine running the mSQL demon. The effective uid
-        of the server should be allowed access. If not given, or if it is
-        the magic name <code>localhost</code>, it is passed to the mSQL library as a null
-        pointer. This effectively forces it to use /dev/msql rather than the
-        (slower) socket communication.
-</dd>
-
-<code><dt>
-Auth_MSQLdatabase &lt; mSQL database name &gt
-</dt></code><dd>
-        Name of the database in which the following table(s) are contained (Quick check: use the
-        mSQL command <code>relshow [&lt;hostname&gt dbase]</code> to verify the spelling of the
-        database name).
-</dd>
-
-<code><dt>
-Auth_MSQLpwd_table &lt; mSQL table name &gt
-</dt></code><dd>
-        Contains at least the fields with the username
-        and the (encrypted) password. Each uid should only occur once in this table and
-        for performance reasons should be a primary key.
-        Normally this table is compulsory, but it is
-        possible to use a fall-through to other methods
-        and use the mSQL module for group control only.
-        See the <a href="#Authoritative"><code>Auth_MSQL_Authoritative</code></a>
-        directive below.
-</dd>
-
-<code><dt>
-Auth_MSQLgrp_table &lt; mSQL table name in the above database &gt
-</dt></code><dd>
-        Contains at least the fields with the
-        username and the groupname. A user which
-        is in multiple groups has therefore
-        multiple entries. There might be some performance
-        problems associated with this and one
-        might consider to have separate tables for each
-        group (rather than all groups in one table) if
-        your directory structure allows for it.
-        One only need to specify this table when doing
-        group control.
-</dd>
-
-<code><dt>
-Auth_MSQLuid_field &lt; mSQL field name &gt
-</dt></code><dd>
-        Name of the field containing the username in the <code>
-        Auth_MSQLpwd_table</code> and optionally in the <code>
-        Auth_MSQLgrp_table</code> tables.
-</dd>
-
-<code><dt>
-Auth_MSQLpwd_field &lt; mSQL field name &gt
-</dt></code><dd>
-        Fieldname for the passwords in the <code>
-        Auth_MSQLpwd_table</code> table.
-</dd>
-
-<code><dt>
-Auth_MSQLgrp_field &lt; mSQL field name &gt
-</dt></code><dd>
-        Fieldname for the groupname<br>
-        Only the fields used need to be specified. When this
-        module is compiled with the
-        <a href="#VITEK"><code>BACKWARD_VITEK</code></a> option then
-        the uid and pwd field names default to 'user' and 'password'.
-        However you are strongly encouraged to always specify these values
-        explicitly given the security issues involved.
-</dd>
-
-<code><dt>
-Auth_MSQL_nopasswd &lt; on | off &gt
-</dt></code><dd>
-        Skip password comparison if passwd field is
-        empty, i.e. allow any password. This is 'off'
-        by default to ensure that an empty field
-        in the mSQL table does not allow people in by
-        default with a random password.
-</dd>
-
-<code><dt>
-<a name="Authoritative">Auth_MSQL_Authoritative &lt; on | off &gt</a>
-</dt></code><dd>
-        Default is 'on'. When set 'on', there is no
-        fall-through to other authorization methods. So if a
-        user is not in the mSQL dbase table (and perhaps
-        not in the right group) or has the password wrong, then
-        he or she is denied access. When this directive is set to
-        'off', control is passed on to any other authorization
-        modules, such as the basic auth module with the htpasswd
-        file or the Unix-(g)dbm modules. The default is 'on'
-        to avoid nasty 'fall-through' surprises. Be sure you
-        know what you are doing when you decide to switch it off.
-</dd>
-
-<code><dt>
-Auth_MSQL_EncryptedPasswords &lt; on | off &gt
-</dt></code><dd>
-        Default is 'on'. When set on, the values in the
-        pwd_field are assumed to be crypt-ed using *your*
-        machines 'crypt()' function and the incoming password
-        is 'crypt'ed before comparison. When this function is
-        'off', the comparison is done directly with the plaintext
-        entered password. (Yes, http-basic-auth does send the
-        password as plaintext over the wire :-( ). The default
-        is a sensible 'on', and I personally think that it is
-        a *very-bad-idea* to change this. However a multi
-        vendor or international environment (which sometimes
-        leads to different crypts functions) might force you to.
-</dd>
-</dl>
-
-
-<hr><h2><a name="Example">Example</a></h2>
-
-An example mSQL table could be created with the following commands:
-<pre>
-     % msqladmin create www               <br>
-     % msql www                           <br>
-     -&gt; create table user_records (       <br>
-     -&gt;   User_id  char(32) primary key,  <br>
-     -&gt;   Cpasswd  char(32),              <br>
-     -&gt;   Xgroup   char(32)               <br>
-     -&gt;   ) \g                            <br>
-     query OK                             <br>
-     -&gt; \q                                <br>
-     %                                    <br>
-</pre><br>
-
-The <code>User_id</code> can be as long as desired. However some of the
-popular web browsers truncate names at or stop the user from entering
-names longer than 32 characters. Furthermore the 'crypt' function
-on your platform might impose further limits. Also use of
-the <code>require users uid [uid..]</code> directive in the
-<code>access.conf</code> file where the uid's are separated by
-spaces can possibly prohibit the use of spaces in your usernames.
-Also, please note the <a href="#MAX_FIELD_LEN"><code>MAX_FIELD_LEN</code></a>
-directive somewhere below.
-<p>
-To use the above, the following example could be in your
-<code>access.conf</code> file. Also there is a more elaborate description
-below this example.
-<p>
-
-<code>&lt;directory /web/docs/private&gt;</code>
-<p>
-
-<dl>
-<dt><code>
-Auth_MSQLhost        localhost<br>
-</code></dt>
-    <blockquote>or</blockquote>
-<dt><code>
-Auth_MSQLhost        datab.machine.your.org
-</code></dt><dd>
-                If this directive is omitted or set to <code>localhost</code>,
-                it is assumed that Apache and the mSQL
-                database run on the same (physical) machine and the faster
-                /dev/msql communication channel will be used. Otherwise,
-                it is the machine to contact by TCP/IP. Consult the mSQL
-                documentation for more information.
-</dd>
-<p>
-
-<dt><code>
-Auth_MSQLdatabase    www
-</code></dt><dd>
-                The name of the database on the above machine,
-                which contains *both* the tables for group and
-                for user/passwords. Currently it is not possible
-                to have these split over two databases. Make
-                sure that the <code>msql.acl</code> (access control file) of
-                mSQL does indeed allow the effective uid of the
-                web server read access to this database. Check the
-                httpd.conf file for this uid.
-</dd>
-
-<code><dt>
-Auth_MSQLpwd_table   user_records
-</dt></code><dd>
-                This is the table which contain the uid/password combination
-                is specified.
-</dd>
-
-<code><dt>
-Auth_MSQLuid_field   User_id <br>
-Auth_MSQLpwd_field   Cpasswd
-</dt></code><dd>
-                These two directive specify the field names in the <code>user_record</code>
-                table. If this module is compiled with the <a href="#VITEK"><code>BACKWARD_VITEK</code></a>
-                compatibility switch, the defaults <code>user</code> and <code>password</code> are
-                assumed if you do not specify them. Currently the user_id field
-                *MUST* be a primary key or one must ensure that each user only
-                occurs <b>once</b> in the table. If a uid occurs twice access is
-                denied by default; but see the <code><a href="#ONLY_ONCE">ONLY_ONCE</a></code>
-                compiler directive for more information.
-</dd>
-
-<code><dt>
-Auth_MSQLgrp_table   user_records <br>
-Auth_MSQLgrp_field   Xgroup       <br>
-</dt></code><dd>
-                Optionally one can also specify a table which contains the
-                user/group combinations. This can be the same table which
-                also contains the username/password combinations. However
-                if a user belongs to two or more groups, one will have to
-                use a different table with multiple entries.
-</dd>
-
-<code><dt>
-Auth_MSQL_nopasswd           off <br>
-Auth_MSQL_Authoritative        on  <br>
-Auth_MSQL_EncryptedPasswords on  <br>
-</dt></code><dd>
-                These three optional fields (all set to the sensible defaults,
-                so you really do not have to enter them) are described in more
-                detail below. If you choose to set these to any other values then
-                the above, be very sure you understand the security implications and
-                do verify that Apache does what you expect it to do.
-</dd>
-
-<code><dt>
-AuthName                example mSQL realm <br>
-AuthType                basic
-</dt></code>
-<dd>
-                Normal Apache/NCSA tokens for access control
-                <p>
-                <code>&lt;limit get post head&gt</code><br>
-                <code>order deny,allow          </code><br>
-                <code>allow from all            </code><br>
-                <p>
-                <code>require valid-user        </code><br>
-                    <ul><li><code>valid-user</code>; allow in any user which has a valid uid/passwd
-                    pair in the above pwd_table.
-                    </ul>
-                or<br>
-                <code>require user smith jones  </code><br>
-                    <ul><li>Limit access to users who have a valid uid/passwd pair in the
-                    above pwd_table *and* whose uid is 'smith' or 'jones'. Do note that
-                    the uid's are separated by 'spaces' for historic (NCSA) reasons.
-                    So allowing uids with spaces might cause problems.
-                    </ul>
-                <code>require group has_paid</code><br>
-                    <ul><li>Optionally also ensure that the uid has the value 'has_paid' in
-                    the group field in the group table.
-                    </ul>
-                <code>&lt;limit&gt              </code><br>
-</dd>
-</dl>
-
-
-<hr><h2><a name="CompileTimeOptions">Compile Time Options</a></h2>
-
-<dl>
-<dt><code>
-<a name="ONLY_ONCE">#define ONLY_ONCE 1</a>
-</code></dt><dd>
-   If the mSQL table containing the uid/passwd combination does
-   not have the uid field as a primary key, it is possible for the
-   uid to occur more than once in the table with possibly different
-   passwords. When this module is compiled with the <code>ONLY_ONCE</code>
-   directive set, access is denied if the uid occurs more than once in the
-   uid/passwd table. If you choose not to set it, the software takes
-   the first pair returned and ignores any further pairs. The SQL
-   statement used for this is<br>
-   <p><code>"select password form pwd_table where user='UID'"</code><p>
-   this might lead to unpredictable results. For this reason as well
-   as for performance reasons you are strongly advised to make the
-   uid field a primary key. Use at your own peril :-)
-</dd>
-
-<dt><code>
-<a name="KEEP_MSQL_CONNECTION_OPEN">#define KEEP_MSQL_CONNECTION_OPEN</a>
-</code></dt><dd>
-   Normally the (TCP/IP) connection with the database is opened and
-   closed for each SQL query. When the Apache web-server and the database
-   are on the same machine, and /dev/msql is used this does not
-   cause a serious overhead. However when your platform does not
-   support this (see the mSQL documentation) or when the web server
-   and the database are on different machines the overhead can be
-   considerable. When the above directive is set defined the server leaves
-   the connection open, i.e. no call to <code>msqlClose()</code>.
-   If an error occurs an attempt is made to reopen the connection for
-   the next http request.
-   <p>
-   This has a number of very serious drawbacks
-   <ul><li> It costs 2 already rare file-descriptors for each child.
-       <li> It costs msql-connections, typically one per child. The (compiled in)
-            number of connections mSQL can handle is low, typically 6 or 12.
-            which might prohibit access to the mSQL database for later
-            processes.
-       <li> When a child dies, it might not free that connection properly
-            or quick enough.
-       <li> When errors start to occur, connection/file-descriptor resources
-            might become exhausted very quickly.
-   </ul>
-   <p>
-   In short, use this at your own peril and only in a highly controlled and
-   monitored environment.
-</dd>
-
-<dt><code>
-<a name="VITEK">
-#define BACKWARD_VITEK<br></a>
-#define VITEK_uid_name "user"<br>
-#define VITEK_gid_name "passwd"
-</code></dt><dd>
-   A second mSQL auth module for Apache has also been developed by Vivek Khera
-   &lt<a href="mailto:khera@kciLink.com"><code>khera@kciLink.com</code></a>&gt
-   and was subsequently distributed with some early versions of Apache. It
-   can be obtained from
-   <code><a href="ftp://ftp.kcilink.com/pub/">ftp://ftp.kcilink.com/pub/mod_auth_msql.c*</a></code>.
-   Older 'vitek' versions had the field/table names compiled in. Newer
-   versions, v.1.11 have more <code>access.conf</code> configuration
-   options. However these where chosen not to be in line the 'ewse'
-   version of this module. Also, the 'vitek' module does not give group
-   control or 'empty' password control.
-   <p>
-   To get things slightly more in line this version (0.9) should
-   be backward compatible with the 'vitek' module by:
-   <ul><li> Adding support for the <code>Auth_MSQL_EncryptedPasswords</code> on/off functionality
-       <li> Adding support for the different spelling of the 4 configuration
-            tokens for user-table-name, user/password-field-name and dbase-name.
-       <li> Setting some field names to a default which used to be hard
-            coded in in older 'vitek' modules.
-   </ul>
-   <p>
-   If this troubles you, remove the 'BACKWARD_VITEK' define.
-</dd>
-
-<dt><code>
-<a name="MAX_FIELD_LEN">
-#define MAX_FIELD_LEN (64)<br>
-#define MAX_QUERY_LEN (32+24+MAX_FIELD_LEN*2+3*MSQL_FIELD_NAME_LEN+1*MSQL_TABLE_NAME_LEN)<br></a>
-</code></dt><dd>
-   In order to avoid using the very large <code>HUGE_STRING_LENGTH</code>, the above two compile
-   time directives are supplies. The <code>MAX_FIELD_LEN</code> contains the maximum number of
-   characters in your user, password and group fields. The maximum query length is derived
-   from those values.
-   <p>
-   We only do the following two queries:
-   <ul><li>For the user/passwd combination
-           <p><code>"select PWDFIELD from PWDTABLE where USERFIELD='UID'"</code><br>
-       <li>Optionally for the user/group combination:
-           <p><code>"select GROUPFIELD from GROUPTABLE where USERFIELD='UID' and GROUPFIELD='GID'"</code><br>
-   </ul>
-   <p>
-   This leads to the above limit for the query string. We are ignoring escaping a wee bit here
-   assuming not more than 24 escapes.)
-</dd>
-</dl>
-
-
-<hr><h2><a name="RevisionHistory">Revision History</a></h2>
-
-This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996.
-
-<dl>
-
-<dt>Version 0.0<br></dt>
-    <dd>First release
-    </dd>
-<dt>Version 0.1<br></dt>
-    <dd>Update to Apache 1.00
-    </dd>
-<dt>Version 0.2<br></dt>
-    <dd>Added lines which got missing God knows when
-        and which did the valid-user authentication no good at all !
-    </dd>
-<dt>Version 0.3<br></dt>
-    <dd>Added '<code>Auth_MSQL_nopasswd</code>' option
-    </dd>
-<dt>Version 0.4<br></dt>
-    <dd>Cleaned out the error messages mess.
-    </dd>
-<dt>Version 0.6<br></dt>
-    <dd>Inconsistency with gid/grp in comment/token/source
- Make sure you really use '<code>Auth_MSQLgrp_field</code>'
- as indicated above.
-    </dd>
-<dt>Version 0.7<br></dt>
-    <dd><code>*host</code> to <code>host</code> fixed. Credits
-        go to Rob Stout, &lt;stout@lava.et.tudelft.nl&gt; for
-        spotting this one.
-    </dd>
-<dt>Version 0.8<br></dt>
-    <dd>Authoritative directive added. See above.
-    </dd>
-<dt>Version 0.9<br></dt>
-    <dd><code>palloc</code> return code check(s), should be
-        backward compatible with 1.11 version of Vivek Khera
-        &lt;khera@kciLink.com&gt; msql
-        module, fixed broken err msg in group control, changed
-        command table messages to make more sense when displayed
-        in that new module management tool. Added
-        <code>Auth_MSQL_EncryptedPasswords</code> on/off functionality.
-        msqlClose() statements added upon error. Support for
-        persistent connections with the mSQL database (riscy).
-        Escaping of ' and \. Replaced some
-        <code>MAX_STRING_LENGTH</code> claims.
-    </dd>
-</dl>
-
-
-<hr><h2><a name="Person">Contact/person to blame</a></h2>
-
-This module was written for the
-<a href="http://ewse.ceo.org">European Wide Service Exchange</a> by
-&lt<a href="mailto:Dirk.vanGulik@jrc.it"><code>Dirk.vanGulik@jrc.it</code></a>&gt.
-Feel free to contact me if you have any problems, ice-creams or bugs. This
-documentation, courtesy of Nick Himba, <a href="mailto:himba@cs.utwente.nl">
-<code>&lt;himba@cs.utwente.nl&gt;</code></a>.
-<p>
-
-
-<hr><h2><a NAME="Sourcecode">Sourcecode</a></h2>
-
-The source code can be found at <a href="http://www.apache.org"><code>
-http://www.apache.org</code></a>. A snapshot of a development version
-usually resides at <a href="http://me-www.jrc.it/~dirkx/mod_auth_msql.c"><code>
-http://me-www.jrc.it/~dirkx/mod_auth_msql.c</code></a>. Please make sure
-that you always quote the version you use when filing a bug report.
-<p>
-Furthermore a test/demonstration suite (which assumes that you have
-both mSQL and Apache compiled and installed) is available at the contrib
-section of <a href="ftp://ftp.apache.org/apache/dist/contrib"><code>
-ftp://ftp.apache.org/apache/dist/contrib</code></a> or
-<a href="http://me-www.jrc.it/~dirkx/apache-msql-demo.tar.gz"><code>
-http://me-www.jrc.it/~dirkx/apache-msql-demo.tar.gz</code></a> and
-its <a href="http://me-www.jrc.it/~dirkx/apache-msql-demo"><code>
-README</code></a> file.
-
-<HR>
-<H3 ALIGN="CENTER">
- Apache HTTP Server Version 1.2
-</H3>
-
-<A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A>
-<A HREF="../"><IMG SRC="../images/home.gif" ALT="Home"></A>
-
-</body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html
deleted file mode 100644
index ca00533594e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html
+++ /dev/null
@@ -1,959 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_autoindex</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_autoindex</h1>
-    This module provides for automatic directory indexing. 
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_autoindex.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    autoindex_module</p>
-
-    <h2>Summary</h2>
-    The index of a directory can come from one of two sources: 
-
-    <ul>
-      <li>A file written by the user, typically called
-      <code>index.html</code>. The <a
-      href="mod_dir.html#directoryindex">DirectoryIndex</a>
-      directive sets the name of this file. This is controlled by
-      <a href="mod_dir.html"><code>mod_dir</code></a>.</li>
-
-      <li>Otherwise, a listing generated by the server. The other
-      directives control the format of this listing. The <a
-      href="#addicon">AddIcon</a>, <a
-      href="#addiconbyencoding">AddIconByEncoding</a> and <a
-      href="#addiconbytype">AddIconByType</a> are used to set a
-      list of icons to display for various file types; for each
-      file listed, the first icon listed that matches the file is
-      displayed. These are controlled by
-      <code>mod_autoindex</code>.</li>
-    </ul>
-    The two functions are separated so that you can completely
-    remove (or replace) automatic index generation should you want
-    to. 
-
-    <p>Automatic index generation is enabled with using
-    <code>Options +Indexes</code>. See the <a
-    href="core.html#options"><code>Options</code></a> directive for
-    more details.</p>
-
-    <p>If <a href="#fancyindexing"><samp>FancyIndexing</samp></a>
-    is enabled, or the <samp>FancyIndexing</samp> keyword is
-    present on the <a
-    href="#indexoptions"><samp>IndexOptions</samp></a> directive,
-    the column headers are links that control the order of the
-    display. If you select a header link, the listing will be
-    regenerated, sorted by the values in that column. Selecting the
-    same header repeatedly toggles between ascending and descending
-    order.</p>
-
-    <p>Note that when the display is sorted by "Size", it's the
-    <em>actual</em> size of the files that's used, not the
-    displayed value - so a 1010-byte file will always be displayed
-    before a 1011-byte file (if in ascending order) even though
-    they both are shown as "1K".</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#addalt">AddAlt</a></li>
-
-      <li><a href="#addaltbyencoding">AddAltByEncoding</a></li>
-
-      <li><a href="#addaltbytype">AddAltByType</a></li>
-
-      <li><a href="#adddescription">AddDescription</a></li>
-
-      <li><a href="#addicon">AddIcon</a></li>
-
-      <li><a href="#addiconbyencoding">AddIconByEncoding</a></li>
-
-      <li><a href="#addiconbytype">AddIconByType</a></li>
-
-      <li><a href="#defaulticon">DefaultIcon</a></li>
-
-      <li><a href="#fancyindexing">FancyIndexing</a></li>
-
-      <li><a href="#headername">HeaderName</a></li>
-
-      <li><a href="#indexignore">IndexIgnore</a></li>
-
-      <li><a href="#indexoptions">IndexOptions</a></li>
-
-      <li><a href="#indexorderdefault">IndexOrderDefault</a></li>
-
-      <li><a href="#readmename">ReadmeName</a></li>
-    </ul>
-
-    <p>See also: <a href="core.html#options">Options</a> and <a
-    href="mod_dir.html#directoryindex">DirectoryIndex</a>.</p>
-
-    <h2>Autoindex Request Query Arguments</h2>
-
-    <p>The column sorting headers themselves are self-referencing
-    hyperlinks that add the sort query options to reorder the
-    directory listing. The query options are of the form
-    <samp>X=Y</samp>, where <samp>X</samp> is one of <samp>N</samp>
-    (file <em>N</em>ame), <samp>M</samp> (file last
-    <em>M</em>odified date), <samp>S</samp> (file <em>S</em>ize), or
-    <samp>D</samp> (file <em>D</em>escription), and <samp>Y</samp>
-    is one of <samp>A</samp> (<em>A</em>scending) or <samp>D</samp>
-    (<em>D</em>escending).</p>
-
-    <p>When options other than the file name are used as the
-    sorting key, the secondary key is always the file name. (When
-    the file name is used to sort by, there is no need of a
-    secondary sort key, since file names are guaranteed to be
-    unique, and so the sort order is unambiguous.)</p>
-
-    <p>Example:</p>
-
-    <p>If the URL <samp>http://your.server.name/foo/</samp>
-    produces a directory index, then the following URLs will
-    produce different sort orders:</p>
-
-    <ul>
-      <li><samp>http://your.server.name/foo/?M=D</samp> sorts the
-      directory by last modified date, descending.</li>
-
-      <li><samp>http://your.server.name/foo/?D=A</samp> sorts the
-      directory by file description, ascending.</li>
-
-      <li><samp>http://your.server.name/foo/?S=A</samp> sorts the
-      directory by file size, ascending.</li>
-    </ul>
-
-    <p>See <a
-    href="#indexorderdefault"><samp>IndexOrderDefault</samp></a> to
-    set the default directory ordering.</p>
-
-    <p>Note also that when the directory listing is ordered in one
-    direction (ascending or descending) by a particular column, the
-    link at the top of that column then reverses, to allow sorting
-    in the opposite direction by that same column.</p>
-    <hr />
-
-    <h2><a id="addalt" name="addalt">AddAlt</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddAlt <em>string
-    file</em> [<em>file</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>This sets the alternate text to display for a file, instead
-    of an icon, for <a href="#fancyindexing">FancyIndexing</a>.
-    <em>File</em> is a file extension, partial filename, wild-card
-    expression or full filename for files to describe.
-    <em>String</em> is enclosed in double quotes (<code>"</code>).
-    This alternate text is displayed if the client is
-    image-incapable or has image loading disabled.</p>
-
-    <p>Examples:</p>
-    <pre>
-    AddAlt "PDF" *.pdf
-    AddAlt "Compressed" *.gz *.zip *.Z
-    </pre>
-
-    <hr />
-
-    <h2><a id="addaltbyencoding"
-    name="addaltbyencoding">AddAltByEncoding</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddAltByEncoding
-    <em>string MIME-encoding</em> [<em>MIME-encoding</em>]
-    ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>This sets the alternate text to display for a file, instead
-    of an icon, for <a href="#fancyindexing">FancyIndexing</a>.
-    <em>MIME-encoding</em> is a valid content-encoding, such as
-    <samp>x-compress</samp>. <em>String</em> is enclosed in double
-    quotes (<code>"</code>). This alternate text is displayed if
-    the client is image-incapable or has image loading
-    disabled.</p>
-
-    <p>Example:</p>
-    <pre>
-    AddAltByEncoding "gzip" x-gzip
-    </pre>
-
-    <hr />
-
-    <h2><a id="addaltbytype" name="addaltbytype">AddAltByType</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddAltByType <em>string
-    MIME-type</em> [<em>MIME-type</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>This sets the alternate text to display for a file, instead
-    of an icon, for <a href="#fancyindexing">FancyIndexing</a>.
-    <em>MIME-type</em> is a valid content-type, such as
-    <samp>text/html</samp>. <em>String</em> is enclosed in double
-    quotes (<code>"</code>). This alternate text is displayed if
-    the client is image-incapable or has image loading
-    disabled.</p>
-
-    <p>Example:</p>
-    <pre>
-    AddAltByType "TXT" text/plain
-    </pre>
-    <hr />
-
-    <h2><a id="adddescription"
-    name="adddescription">AddDescription</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddDescription
-    <em>"string" file|directory</em> [<em>file|directory</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>This sets the description to display for a file or directory, for <a
-    href="#indexoptions">IndexOptions FancyIndexing</a>. 
-    <em>file|directory</em> is a file extension, partial filename or 
-    directory name, wild-card expression or full filename or directory name, 
-    for files or directories to describe. <em>String</em> is enclosed in 
-    double quotes (<code>"</code>). Example:</p>
-
-    <blockquote>
-      <code>AddDescription "The planet Mars"
-      /web/pics/mars.gif</code>
-    </blockquote>
-
-    <p>The description field is 23 bytes wide. 7 more bytes may be
-    added if the directory is covered by an
-    <code>IndexOptions&nbsp;SuppressSize</code>, and 19 bytes may
-    be added if <code>IndexOptions&nbsp;SuppressLastModified</code>
-    is in effect. The widest this column can be is therefore 49
-    bytes.</p>
-
-    <blockquote>
-      As of Apache 1.3.10, the <a
-      href="#indexoptions:descriptionwidth">DescriptionWidth</a>
-      <samp>IndexOptions</samp> keyword allows you to adjust this
-      width to any arbitrary size.
-    </blockquote>
-    <b>Caution:</b> Descriptive text defined with
-    <samp>AddDescription</samp> may contain HTML markup, such as
-    tags and character entities. If the width of the description
-    column should happen to truncate a tagged element (such as
-    cutting off the end of a bolded phrase), the results may affect
-    the rest of the directory listing. 
-    <hr />
-
-    <h2><a id="addicon" name="addicon">AddIcon</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddIcon <em>icon
-    name</em> [<em>name</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>This sets the icon to display next to a file ending in
-    <em>name</em> for <a href="#fancyindexing">FancyIndexing</a>.
-    <em>Icon</em> is either a (%-escaped) relative URL to the icon,
-    or of the format (<em>alttext</em>,<em>url</em>) where
-    <em>alttext</em> is the text tag given for an icon for
-    non-graphical browsers.</p>
-
-    <p><em>Name</em> is either ^^DIRECTORY^^ for directories,
-    ^^BLANKICON^^ for blank lines (to format the list correctly), a
-    file extension, a wildcard expression, a partial filename or a
-    complete filename. Examples:</p>
-
-    <blockquote>
-      <code>AddIcon (IMG,/icons/image2.gif) .gif .jpg .png<br />
-       AddIcon /icons/dir.gif ^^DIRECTORY^^<br />
-       AddIcon /icons/backup.gif *~</code>
-    </blockquote>
-    <a href="#addiconbytype">AddIconByType</a> should be used in
-    preference to AddIcon, when possible. 
-    <hr />
-
-    <h2><a id="addiconbyencoding"
-    name="addiconbyencoding">AddIconByEncoding</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddIconByEncoding
-    <em>icon MIME-encoding</em> [<em>MIME-encoding</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>This sets the icon to display next to files with
-    <em>MIME-encoding</em> for <a
-    href="#fancyindexing">FancyIndexing</a>. <em>Icon</em> is
-    either a (%-escaped) relative URL to the icon, or of the format
-    (<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the
-    text tag given for an icon for non-graphical browsers.</p>
-
-    <p><em>Mime-encoding</em> is a wildcard expression matching
-    required the content-encoding. Examples:</p>
-
-    <blockquote>
-      <code>AddIconByEncoding /icons/compressed.gif
-      x-compress</code>
-    </blockquote>
-    <hr />
-
-    <h2><a id="addiconbytype"
-    name="addiconbytype">AddIconByType</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddIconByType <em>icon
-    MIME-type</em> [<em>MIME-type</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>This sets the icon to display next to files of type
-    <em>MIME-type</em> for <a
-    href="#fancyindexing">FancyIndexing</a>. <em>Icon</em> is
-    either a (%-escaped) relative URL to the icon, or of the format
-    (<em>alttext</em>,<em>url</em>) where <em>alttext</em> is the
-    text tag given for an icon for non-graphical browsers.</p>
-
-    <p><em>Mime-type</em> is a wildcard expression matching
-    required the mime types. Examples:</p>
-
-    <blockquote>
-      <code>AddIconByType (IMG,/icons/image3.gif) image/*</code>
-    </blockquote>
-    <hr />
-
-    <h2><a id="defaulticon" name="defaulticon">DefaultIcon</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> DefaultIcon
-    <em>url</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>The DefaultIcon directive sets the icon to display for files
-    when no specific icon is known, for <a
-    href="#fancyindexing">FancyIndexing</a>. <em>Url</em> is a
-    (%-escaped) relative URL to the icon. Examples:</p>
-
-    <blockquote>
-      <code>DefaultIcon /icon/unknown.xbm</code>
-    </blockquote>
-    <hr />
-
-    <h2><a id="fancyindexing"
-    name="fancyindexing">FancyIndexing</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> FancyIndexing
-    on|off<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>The FancyIndexing directive sets the FancyIndexing option
-    for a directory. The <a href="#indexoptions">IndexOptions</a>
-    directive should be used in preference.</p>
-
-    <blockquote>
-      <strong>Note that in versions of Apache prior to 1.3.2, the
-      <samp>FancyIndexing</samp> and <samp>IndexOptions</samp>
-      directives will override each other. You should use
-      <samp>IndexOptions&nbsp;FancyIndexing</samp> in preference to
-      the standalone <samp>FancyIndexing</samp> directive. As of
-      Apache 1.3.2, a standalone <samp>FancyIndexing</samp>
-      directive is combined with any <samp>IndexOptions</samp>
-      directive already specified for the current scope.</strong>
-    </blockquote>
-    <hr />
-
-    <h2><a id="headername" name="headername">HeaderName</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> HeaderName
-    <em>filename</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> some features
-    only available after 1.3.6; see text 
-
-    <p>The HeaderName directive sets the name of the file that will
-    be inserted at the top of the index listing. <em>Filename</em>
-    is the name of the file to include.</p>
-
-    <blockquote>
-      <strong>Apache 1.3.6 and earlier:</strong> The module first
-      attempts to include <em>filename</em><code>.html</code> as an
-      HTML document, otherwise it will try to include
-      <em>filename</em> as plain text. <em>Filename</em> is treated
-      as a filesystem path relative to the directory being indexed.
-      In no case is SSI processing done. Example: 
-
-      <blockquote>
-        <code>HeaderName HEADER</code>
-      </blockquote>
-      when indexing the directory <code>/web</code>, the server
-      will first look for the HTML file
-      <code>/web/HEADER.html</code> and include it if found,
-      otherwise it will include the plain text file
-      <code>/web/HEADER</code>, if it exists.
-    </blockquote>
-
-    <blockquote>
-      <p><strong>Apache versions after 1.3.6:</strong>
-      <em>Filename</em> is treated as a URI path relative to the
-      one used to access the directory being indexed. Note that this
-      means that if <em>Filemame</em> starts with a slash, it will be
-      taken to be relative to the <a
-      href="core.html#documentroot">DocumentRoot</a>.</p>
-      
-      <p><em>Filename</em> must
-      resolve to a document with a major content type of
-      "<samp>text</samp>" (<em>e.g.</em>, <samp>text/html</samp>,
-      <samp>text/plain</samp>, <em>etc.</em>). This means that
-      <em>filename</em> may refer to a CGI script if the script's
-      actual file type (as opposed to its output) is marked as
-      <samp>text/html</samp> such as with a directive like: </p>
-
-<pre>
-    AddType text/html .cgi
-</pre>
-      <a href="../content-negotiation.html">Content negotiation</a>
-      will be performed if the <samp>MultiViews</samp> <a
-      href="core.html#options">option</a> is enabled. If
-      <em>filename</em> resolves to a static <samp>text/html</samp>
-      document (not a CGI script) and the <samp>Includes</samp> <a
-      href="core.html#options">option</a> is enabled, the file will
-      be processed for server-side includes (see the <a
-      href="mod_include.html"><samp>mod_include</samp></a>
-      documentation).
-    </blockquote>
-
-    <p>If the file specified by <samp>HeaderName</samp> contains
-    the beginnings of an HTML document (&lt;HTML&gt;, &lt;HEAD&gt;,
-    etc) then you will probably want to set <a
-    href="#indexoptions:suppresshtmlpreamble"><samp>IndexOptions
-    +SuppressHTMLPreamble</samp></a>, so that these tags are not
-    repeated.</p>
-
-    <p>See also <a href="#readmename">ReadmeName</a>.</p>
-    <hr />
-
-    <h2><a id="indexignore" name="indexignore">IndexIgnore</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> IndexIgnore
-    <em>file</em> [<em>file</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex 
-
-    <p>The IndexIgnore directive adds to the list of files to hide
-    when listing a directory. <em>File</em> is a file extension,
-    partial filename, wildcard expression or full filename for
-    files to ignore. Multiple IndexIgnore directives add to the
-    list, rather than replacing the list of ignored files. By
-    default, the list contains `<code>.</code>'. Example:</p>
-
-    <blockquote>
-      <code>IndexIgnore README .htaccess *~</code>
-    </blockquote>
-    <hr />
-
-    <h2><a id="indexoptions" name="indexoptions">IndexOptions</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> IndexOptions
-    <em>option</em> [<em>option</em>] ... (Apache 1.3.2 and
-    earlier) <br />
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> IndexOptions
-    [+|-]<em>option</em> [[+|-]<em>option</em>] ... (Apache 1.3.3
-    and later) <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> '+/-' syntax and
-    merging of multiple <samp>IndexOptions</samp> directives is
-    only available with Apache 1.3.3 and later; the
-    <samp>FoldersFirst</samp> and <samp>DescriptionWidth</samp>
-    options are only available with Apache 1.3.10 and later; the
-    <samp>TrackModified</samp> option is only available with Apache
-    1.3.15 and later; the <samp>IgnoreCase</samp> option is only
-    available with Apache 1.3.24 and later
-
-    <p>The IndexOptions directive specifies the behavior of the
-    directory indexing. <em>Option</em> can be one of</p>
-
-    <dl>
-      <dt><a id="indexoptions:descriptionwidth"
-      name="indexoptions:descriptionwidth">DescriptionWidth=[<em>n</em>
-      | *] (<em>Apache 1.3.10 and later</em>)</a></dt>
-
-      <dd>The <samp>DescriptionWidth</samp> keyword allows you to
-      specify the width of the description column in characters. If
-      the keyword value is '<samp>*</samp>', then the column is
-      automatically sized to the length of the longest filename in
-      the display. <b>See the section on <a
-      href="#adddescription"><samp>AddDescription</samp></a> for
-      dangers inherent in truncating descriptions.</b></dd>
-
-      <dt><a id="indexoptions:fancyindexing"
-      name="indexoptions:fancyindexing">FancyIndexing</a></dt>
-
-      <dd>
-
-        This turns on fancy indexing of directories. 
-
-        <blockquote>
-          <strong>Note that in versions of Apache prior to 1.3.2,
-          the <samp>FancyIndexing</samp> and
-          <samp>IndexOptions</samp> directives will override each
-          other. You should use
-          <samp>IndexOptions&nbsp;FancyIndexing</samp> in
-          preference to the standalone <samp>FancyIndexing</samp>
-          directive. As of Apache 1.3.2, a standalone
-          <samp>FancyIndexing</samp> directive is combined with any
-          <samp>IndexOptions</samp> directive already specified for
-          the current scope.</strong>
-        </blockquote>
-      </dd>
-
-      <dt><a id="indexoptions:foldersfirst"
-      name="indexoptions:foldersfirst">FoldersFirst (<i>Apache
-      1.3.10 and later</i>)</a></dt>
-
-      <dd>If this option is enabled, subdirectories in a
-      FancyIndexed listing will <i>always</i> appear first,
-      followed by normal files in the directory. The listing is
-      basically broken into two components, the files and the
-      subdirectories, and each is sorted separately and then
-      displayed subdirectories-first. For instance, if the sort
-      order is descending by name, and <samp>FoldersFirst</samp> is
-      enabled, subdirectory <samp>Zed</samp> will be listed before
-      subdirectory <samp>Beta</samp>, which will be listed before
-      normal files <samp>Gamma</samp> and <samp>Alpha</samp>.
-      <b>This option only has an effect if <a
-      href="#indexoptions:fancyindexing"><samp>FancyIndexing</samp></a>
-      is also enabled.</b></dd>
-
-      <dt><a id="indexoptions:iconheight"
-      name="indexoptions:iconheight">IconHeight[=pixels]
-      (<em>Apache 1.3 and later</em>)</a></dt>
-
-      <dd>
-
-      Presence of this option, when used with IconWidth, will cause
-      the server to include <samp>HEIGHT</samp> and
-      <samp>WIDTH</samp> attributes in the <samp>IMG</samp> tag for
-      the file icon. This allows browser to precalculate the page
-      layout without having to wait until all the images have been
-      loaded. If no value is given for the option, it defaults to
-      the standard height of the icons supplied with the Apache
-      software.</dd>
-
-      <dt><a id="indexoptions:iconsarelinks"
-      name="indexoptions:iconsarelinks">IconsAreLinks</a></dt>
-
-      <dd>
-
-      This makes the icons part of the anchor for the filename, for
-      fancy indexing.</dd>
-
-      <dt><a id="indexoptions:iconwidth"
-      name="indexoptions:iconwidth">IconWidth[=pixels] (<em>Apache
-      1.3 and later</em>)</a></dt>
-
-      <dd>
-
-      Presence of this option, when used with IconHeight, will
-      cause the server to include <samp>HEIGHT</samp> and
-      <samp>WIDTH</samp> attributes in the <samp>IMG</samp> tag for
-      the file icon. This allows browser to precalculate the page
-      layout without having to wait until all the images have been
-      loaded. If no value is given for the option, it defaults to
-      the standard width of the icons supplied with the Apache
-      software.</dd>
-
-      <dt><a id="indexoptions:ignorecase"
-      name="indexoptions:ignorecase">IgnoreCase</a>
-      (<em>Apache 1.3.24 and later</em>)</dt>
-
-      <dd>
-      If this option is enabled, names are sorted in case-insensitive
-      manner.  For instance, if the sort order is ascending by name,
-      and <samp>IgnoreCase</samp> is enabled, file <samp>Zeta</samp>
-      will be listed after file <samp>alfa</samp> (Note: file
-      <samp>GAMMA</samp> will always be listed before file
-      <samp>gamma</samp>). <b>This option only has an effect if <a
-      href="#indexoptions:fancyindexing"><samp>FancyIndexing</samp></a>
-      is also enabled.</b></dd>
-
-      <dt><a id="indexoptions:namewidth"
-      name="indexoptions:namewidth">NameWidth=[<em>n</em> | *]
-      (<em>Apache 1.3.2 and later</em>)</a></dt>
-
-      <dd>The NameWidth keyword allows you to specify the width of
-      the filename column in bytes. If the keyword value is
-      '<samp>*</samp>', then the column is automatically sized to
-      the length of the longest filename in the display.</dd>
-
-      <dt><a id="indexoptions:scanhtmltitles"
-      name="indexoptions:scanhtmltitles">ScanHTMLTitles</a></dt>
-
-      <dd>
-
-      This enables the extraction of the title from HTML documents
-      for fancy indexing. If the file does not have a description
-      given by <a href="#adddescription">AddDescription</a> then
-      httpd will read the document for the value of the TITLE tag.
-      This is CPU and disk intensive.</dd>
-
-      <dt><a id="indexoptions:suppresscolumnsorting"
-      name="indexoptions:suppresscolumnsorting">SuppressColumnSorting</a></dt>
-
-      <dd>
-
-      If specified, Apache will not make the column headings in a
-      FancyIndexed directory listing into links for sorting. The
-      default behavior is for them to be links; selecting the
-      column heading will sort the directory listing by the values
-      in that column. <strong>Only available in Apache 1.3 and
-      later.</strong></dd>
-
-      <dt><a id="indexoptions:suppressdescription"
-      name="indexoptions:suppressdescription">SuppressDescription</a></dt>
-
-      <dd>
-
-      This will suppress the file description in fancy indexing
-      listings. By default, no file descriptions are defined, and
-      so the use of this option will regain 23 characters of screen
-      space to use for something else. See <a
-      href="#adddescription"><samp>AddDescription</samp></a> for
-      information about setting the file description. See also the
-      <a
-      href="#indexoptions:descriptionwidth"><samp>DescriptionWidth</samp></a>
-      index option to limit the size of the description
-      column.</dd>
-
-      <dt><a id="indexoptions:suppresshtmlpreamble"
-      name="indexoptions:suppresshtmlpreamble">SuppressHTMLPreamble</a>
-      (<em>Apache 1.3 and later</em>)</dt>
-
-      <dd>
-
-      If the directory actually contains a file specified by the <a
-      href="#headername">HeaderName</a> directive, the module
-      usually includes the contents of the file after a standard
-      HTML preamble (&lt;HTML&gt;, &lt;HEAD&gt;, <em>et
-      cetera</em>). The SuppressHTMLPreamble option disables this
-      behavior, causing the module to start the display with the
-      header file contents. The header file must contain
-      appropriate HTML instructions in this case. If there is no
-      header file, the preamble is generated as usual.</dd>
-
-      <dt><a id="indexoptions:suppresslastmodified"
-      name="indexoptions:suppresslastmodified">SuppressLastModified</a></dt>
-
-      <dd>
-
-      This will suppress the display of the last modification date,
-      in fancy indexing listings.</dd>
-
-      <dt><a id="indexoptions:suppresssize"
-      name="indexoptions:suppresssize">SuppressSize</a></dt>
-
-      <dd>
-
-      This will suppress the file size in fancy indexing
-      listings.</dd>
-
-      <dt><a id="indexoptions:trackmodified"
-      name="indexoptions:trackmodified">TrackModified (<em>Apache
-      1.3.15 and later</em>)</a></dt>
-
-      <dd>
-
-      This returns the Last-Modified and ETag values for the listed
-      directory in the HTTP header. It is only valid if the
-      operating system and file system return legitimate stat()
-      results. Most Unix systems do so, as do OS2's JFS and Win32's
-      NTFS volumes. OS2 and Win32 FAT volumes, for example, do not.
-      Once this feature is enabled, the client or proxy can track
-      changes to the list of files when they perform a HEAD
-      request. Note some operating systems correctly track new and
-      removed files, but do not track changes for sizes or dates of
-      the files within the directory.</dd>
-    </dl>
-
-    <p>There are some noticeable differences in the behavior of
-    this directive in recent (post-1.3.0) versions of Apache.</p>
-
-    <dl>
-      <dt>Apache 1.3.2 and earlier:</dt>
-
-      <dd>
-        <p>The default is that no options are enabled. If multiple
-        IndexOptions could apply to a directory, then the most
-        specific one is taken complete; the options are not merged.
-        For example:</p>
-
-        <blockquote>
-<pre>
-&lt;Directory /web/docs&gt;
-    IndexOptions FancyIndexing
-&lt;/Directory&gt;
-&lt;Directory /web/docs/spec&gt;
-    IndexOptions ScanHTMLTitles
-&lt;/Directory&gt;
-</pre>
-        </blockquote>
-        then only <code>ScanHTMLTitles</code> will be set for the
-        /web/docs/spec directory.
-      </dd>
-
-      <dt>Apache 1.3.3 and later:</dt>
-
-      <dd>
-        <p>Apache 1.3.3 introduced some significant changes in the
-        handling of <samp>IndexOptions</samp> directives. In
-        particular,</p>
-
-        <ul>
-          <li>Multiple <samp>IndexOptions</samp> directives for a
-          single directory are now merged together. The result of
-          the example above will now be the equivalent of
-          <code>IndexOptions&nbsp;FancyIndexing&nbsp;ScanHTMLTitles</code>.</li>
-
-          <li>The addition of the incremental syntax
-          (<em>i.e.</em>, prefixing keywords with '+' or '-').</li>
-        </ul>
-
-        <p>Whenever a '+' or '-' prefixed keyword is encountered,
-        it is applied to the current <samp>IndexOptions</samp>
-        settings (which may have been inherited from an upper-level
-        directory). However, whenever an unprefixed keyword is
-        processed, it clears all inherited options and any
-        incremental settings encountered so far. Consider the
-        following example:</p>
-
-        <blockquote>
-          <code>IndexOptions +ScanHTMLTitles -IconsAreLinks
-          FancyIndexing<br />
-           IndexOptions +SuppressSize<br />
-          </code>
-        </blockquote>
-
-        <p>The net effect is equivalent to
-        <code>IndexOptions&nbsp;FancyIndexing&nbsp;+SuppressSize</code>,
-        because the unprefixed <code>FancyIndexing</code> discarded
-        the incremental keywords before it, but allowed them to
-        start accumulating again afterward.</p>
-
-        <p>To unconditionally set the <code>IndexOptions</code> for
-        a particular directory, clearing the inherited settings,
-        specify keywords without either '+' or '-' prefixes.</p>
-      </dd>
-    </dl>
-    <hr />
-
-    <h2><a id="indexorderdefault"
-    name="indexorderdefault">IndexOrderDefault</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> IndexOrderDefault
-    Ascending|Descending Name|Date|Size|Description <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess <br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes <br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base <br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    IndexOrderDefault is only available in Apache 1.3.4 and later. 
-
-    <p>The <samp>IndexOrderDefault</samp> directive is used in
-    combination with the <a
-    href="#indexoptions:fancyindexing"><samp>FancyIndexing</samp></a>
-    index option. By default, fancyindexed directory listings are
-    displayed in ascending order by filename; the
-    <samp>IndexOrderDefault</samp> allows you to change this
-    initial display order.</p>
-
-    <p><samp>IndexOrderDefault</samp> takes two arguments. The
-    first must be either <samp>Ascending</samp> or
-    <samp>Descending</samp>, indicating the direction of the sort.
-    The second argument must be one of the keywords
-    <samp>Name</samp>, <samp>Date</samp>, <samp>Size</samp>, or
-    <samp>Description</samp>, and identifies the primary key. The
-    secondary key is <em>always</em> the ascending filename.</p>
-
-    <p>You can force a directory listing to only be displayed in a
-    particular order by combining this directive with the <a
-    href="#indexoptions:suppresscolumnsorting"><samp>SuppressColumnSorting</samp></a>
-    index option; this will prevent the client from requesting the
-    directory listing in a different order.</p>
-    <hr />
-
-    <h2><a id="readmename" name="readmename">ReadmeName</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ReadmeName
-    <em>filename</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_autoindex <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> some features
-    only available after 1.3.6; see text 
-
-    <p>The ReadmeName directive sets the name of the file that will
-    be appended to the end of the index listing. <em>Filename</em>
-    is the name of the file to include, and is taken to be relative
-    to the location being indexed.</p>
-
-    <blockquote>
-      <strong>The <em>filename</em> argument is treated as a stub
-      filename in Apache 1.3.6 and earlier, and as a relative URI
-      in later versions. Details of how it is handled may be found
-      under the description of the <a
-      href="#headername">HeaderName</a> directive, which uses the
-      same mechanism and changed at the same time as
-      ReadmeName.</strong>
-    </blockquote>
-
-    <p>See also <a href="#headername">HeaderName</a>.</p>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html
deleted file mode 100644
index 3061b1ea4aa..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html
+++ /dev/null
@@ -1,148 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Module mod_cern_meta</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache module mod_cern_meta</h1>
-
-    <p>This module provides for CERN httpd metafile semantics.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_cern_meta.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    cern_meta_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-    <!-- XXX: Should mention other possibilities in Apache: mod_header -->
-    Emulate the CERN HTTPD Meta file semantics. Meta files are HTTP
-    headers that can be output in addition to the normal range of
-    headers for each file accessed. They appear rather like the
-    Apache .asis files, and are able to provide a crude way of
-    influencing the Expires: header, as well as providing other
-    curiosities. There are many ways to manage meta information,
-    this one was chosen because there is already a large number of
-    CERN users who can exploit this module. 
-
-    <p>More information on the <a
-    href="http://www.w3.org/Daemon/User/Config/General.html#MetaDir">
-    CERN metafile semantics</a> is available.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#metafiles">MetaFiles</a></li>
-
-      <li><a href="#metadir">MetaDir</a></li>
-
-      <li><a href="#metasuffix">MetaSuffix</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="metafiles" name="metafiles">MetaFiles</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MetaFiles on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>MetaFiles
-    off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> per-directory
-    config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_cern_meta<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> MetaFiles is
-    only available in Apache 1.3 and later. 
-
-    <p>Turns on/off Meta file processing on a per-directory basis.
-    This option was introduced in Apache 1.3.</p>
-    <hr />
-
-    <h2><a id="metadir" name="metadir">MetaDir</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MetaDir
-    <em>directory</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>MetaDir
-    .web</code><br />
-     <strong>Context: (Apache prior to 1.3)</strong> server
-    config<br />
-     <strong>Context: (Apache 1.3)</strong> per-directory
-    config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_cern_meta<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> MetaDir is only
-    available in Apache 1.1 and later. 
-
-    <p>Specifies the name of the directory in which Apache can find
-    meta information files. The directory is usually a 'hidden'
-    subdirectory of the directory that contains the file being
-    accessed. Set to "<code>.</code>" to look in the same directory
-    as the file.</p>
-    <hr />
-
-    <h2><a id="metasuffix" name="metasuffix">MetaSuffix</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MetaSuffix
-    <em>suffix</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>MetaSuffix
-    .meta</code><br />
-     <strong>Context: (Apache prior to 1.3)</strong> server
-    config<br />
-     <strong>Context: (Apache 1.3)</strong> per-directory
-    config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_cern_meta<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> MetaSuffix is
-    only available in Apache 1.1 and later. 
-
-    <p>Specifies the file name suffix for the file containing the
-    meta information. For example, the default values for the two
-    directives will cause a request to
-    <code>DOCUMENT_ROOT/somedir/index.html</code> to look in
-    <code>DOCUMENT_ROOT/somedir/.web/index.html.meta</code> and
-    will use its contents to generate additional MIME header
-    information.</p>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html
deleted file mode 100644
index 74435a72ed7..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html
+++ /dev/null
@@ -1,232 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_cgi</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_cgi</h1>
-
-    <p>This module provides for execution of CGI scripts.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_cgi.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    cgi_module</p>
-
-    <h2>Summary</h2>
-    <!-- XXX: Should have references to CGI definition/RFC -->
-    Any file that has the mime type
-    <code>application/x-httpd-cgi</code> or handler
-    <code>cgi-script</code> (Apache 1.1 or later) will be treated
-    as a CGI script, and run by the server, with its output being
-    returned to the client. Files acquire this type either by
-    having a name containing an extension defined by the <a
-    href="mod_mime.html#addtype">AddType</a> directive, or by being
-    in a <a href="mod_alias.html#scriptalias">ScriptAlias</a>
-    directory. Files that are not in a <a
-    href="mod_alias.html#scriptalias">ScriptAlias</a> directory,
-    but which are of type <code>application/x-httpd-cgi</code> by
-    virtue of an <code>AddType</code> directive, will still not be
-    executed by the server unless <code>Options ExecCGI</code> is
-    enabled. See the <a
-    href="core.html#options"><code>Options</code></a> directive for
-    more details. 
-
-    <p>When the server invokes a CGI script, it will add a variable
-    called <code>DOCUMENT_ROOT</code> to the environment. This
-    variable will contain the value of the <a
-    href="core.html#documentroot">DocumentRoot</a> configuration
-    variable.</p>
-
-    <p>For an introduction to using CGI scripts with Apache, see
-    our tutorial on <a href="../howto/cgi.html">Dynamic Content
-    with CGI</a>.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#scriptlog">ScriptLog</a></li>
-
-      <li><a href="#scriptloglength">ScriptLogLength</a></li>
-
-      <li><a href="#scriptlogbuffer">ScriptLogBuffer</a></li>
-    </ul>
-
-    <p>See also: <a href="core.html#options">Options</a>, <a
-    href="mod_alias.html#scriptalias">ScriptAlias</a>, <a
-    href="mod_mime.html#addtype">AddType</a> and <a
-    href="mod_mime.html#addhandler">AddHandler</a>.</p>
-
-    <h2>CGI Environment variables</h2>
-    The server will set the CGI environment variables as described
-    in the <a href="http://hoohoo.ncsa.uiuc.edu/cgi/">CGI
-    specification</a>, with the following provisions: 
-
-    <dl>
-      <dt>REMOTE_HOST</dt>
-
-      <dd>This will only be set if <a
-      href="core.html#hostnamelookups"><code>HostnameLookups</code></a>
-      is set to <code>on</code> (it is off by default), and if a
-      reverse DNS lookup of the accessing host's address indeed
-      finds a host name.</dd>
-
-      <dt>REMOTE_IDENT</dt>
-
-      <dd>This will only be set if <a
-      href="core.html#identitycheck">IdentityCheck</a> is set to
-      <code>on</code> and the accessing host supports the ident
-      protocol. Note that the contents of this variable cannot be
-      relied upon because it can easily be faked, and if there is a
-      proxy between the client and the server, it is usually
-      totally useless.</dd>
-
-      <dt>REMOTE_USER</dt>
-
-      <dd>This will only be set if the CGI script is subject to
-      authentication.</dd>
-    </dl>
-
-    <h2><a id="cgi_debug" name="cgi_debug">CGI Debugging</a></h2>
-    Debugging CGI scripts has traditionally been difficult, mainly
-    because it has not been possible to study the output (standard
-    output and error) for scripts which are failing to run
-    properly. These directives, included in Apache 1.2 and later,
-    provide more detailed logging of errors when they occur. 
-
-    <h2>CGI Logfile Format</h2>
-    When configured, the CGI error log logs any CGI which does not
-    execute properly. Each CGI script which fails to operate causes
-    several lines of information to be logged. The first two lines
-    are always of the format: 
-<pre>
-  %% [<em>time</em>] <em>request-line</em>
-  %% <em>HTTP-status</em> <em>CGI-script-filename</em>
-</pre>
-    If the error is that CGI script cannot be run, the log file
-    will contain an extra two lines: 
-<pre>
-  %%error
-  <em>error-message</em>
-</pre>
-    Alternatively, if the error is the result of the script
-    returning incorrect header information (often due to a bug in
-    the script), the following information is logged: 
-<pre>
-  %request
-  <em>All HTTP request headers received</em>
-  <em>POST or PUT entity (if any)</em>
-  %response
-  <em>All headers output by the CGI script</em>
-  %stdout
-  <em>CGI standard output</em>
-  %stderr
-  <em>CGI standard error</em>
-</pre>
-    (The %stdout and %stderr parts may be missing if the script did
-    not output anything on standard output or standard error). 
-    <hr />
-
-    <h3><a id="scriptlog" name="scriptlog">ScriptLog</a>
-    directive</h3>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ScriptLog
-    <em>filename</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> none<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> mod_cgi 
-
-    <p>The <tt>ScriptLog</tt> directive sets the CGI script error
-    logfile. If no ScriptLog is given, no error log is created. If
-    given, any CGI errors are logged into the filename given as
-    argument. If this is a relative file or path it is taken
-    relative to the server root.</p>
-
-    <p>This log will be opened as the user the child processes run
-    as, ie. the user specified in the main <a
-    href="core.html#user">User</a> directive. This means that
-    either the directory the script log is in needs to be writable
-    by that user or the file needs to be manually created and set
-    to be writable by that user. If you place the script log in
-    your main logs directory, do <strong>NOT</strong> change the
-    directory permissions to make it writable by the user the child
-    processes run as.</p>
-
-    <p>Note that script logging is meant to be a debugging feature
-    when writing CGI scripts, and is not meant to be activated
-    continuously on running servers. It is not optimized for speed
-    or efficiency, and may have security problems if used in a
-    manner other than that for which it was designed.</p>
-    <hr />
-
-    <h3><a id="scriptloglength"
-    name="scriptloglength">ScriptLogLength</a> directive</h3>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ScriptLogLength
-    <em>bytes</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> 10385760<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> mod_cgi 
-
-    <p><tt>ScriptLogLength</tt> can be used to limit the size of
-    the CGI script logfile. Since the logfile logs a lot of
-    information per CGI error (all request headers, all script
-    output) it can grow to be a big file. To prevent problems due
-    to unbounded growth, this directive can be used to set an
-    maximum file-size for the CGI logfile. If the file exceeds this
-    size, no more information will be written to it.</p>
-    <hr />
-
-    <h3><a id="scriptlogbuffer"
-    name="scriptlogbuffer">ScriptLogBuffer</a></h3>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ScriptLogBuffer
-    <em>bytes</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> 1024<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> mod_cgi 
-
-    <p>The size of any PUT or POST entity body that is logged to
-    the file is limited, to prevent the log file growing too big
-    too quickly if large bodies are being received. By default, up
-    to 1024 bytes are logged, but this can be changed with this
-    directive.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_define.html b/usr.sbin/httpd/htdocs/manual/mod/mod_define.html
deleted file mode 100644
index 76c6bec09cb..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_define.html
+++ /dev/null
@@ -1,140 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<!--%hypertext -->
-<!-- mod_define.html                                  -->
-<!-- Documentation for the mod_define Apache module   -->
-<HTML>
-<HEAD>
-<TITLE>Apache module mod_define</TITLE>
-</HEAD>
-
-<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-<BODY
- BGCOLOR="#FFFFFF"
- TEXT="#000000"
- LINK="#0000FF"
- VLINK="#000080"
- ALINK="#FF0000"
->
-<BLOCKQUOTE><!-- page indentation -->
-
-    <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" />
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-<BR>
-<H1 ALIGN="CENTER">Module mod_define</H1>
-<H2 ALIGN="CENTER">Variable Definition For Arbitrary Directives</H2>
-
-This module is contained in the <CODE>mod_define.c</CODE> file.  It provides
-the definition variables for arbitrary directives, i.e. variables which can be
-expanded on any(!) directive line. It needs Extended API (EAPI). It is not
-compiled into the server by default. To use <CODE>mod_define</CODE> you have
-to enable the following line in the server build <CODE>Configuration</CODE>
-file:
-
-<P>
-<PRE>
-    AddModule  modules/extra/mod_define.o
-</PRE>
-
-<P>
-<HR NOSHADE SIZE=1>
-
-<H3><A NAME="Define">Define</A></H3>
-<A
- HREF="directive-dict.html#Syntax"
- REL="Help"
-><STRONG>Syntax:</STRONG></A>
-    <CODE>Define</CODE> <EM>variable</EM> <EM>value</EM><BR>
-<A
- HREF="directive-dict.html#Default"
- REL="Help"
-><STRONG>Default:</STRONG></A>
-    <EM>none</EM><BR>
-<A
- HREF="directive-dict.html#Context"
- REL="Help"
-><STRONG>Context:</STRONG></A>
-    server config, virtual host, directory, .htaccess<BR>
-<A
- HREF="directive-dict.html#Override"
- REL="Help"
-><STRONG>Override:</STRONG></A> none<BR>
-<A
- HREF="directive-dict.html#Status"
- REL="Help"
-><STRONG>Status:</STRONG></A> Extension<BR>
-<A
- HREF="directive-dict.html#Module"
- REL="Help"
-><STRONG>Module:</STRONG></A> mod_define.c<BR>
-<A
- HREF="directive-dict.html#Compatibility"
- REL="Help"
-><STRONG>Compatibility:</STRONG></A> Apache+EAPI<BR>
-
-<P>
-The <CODE>Define</CODE> directive defines a variable which later can be
-expanded with the unsafe but short construct
-``<CODE>$</CODE><EM>variable</EM>'' or the safe but longer construct
-``<CODE>${</CODE><EM>variable</EM><CODE>}</CODE>'' on any configuration line.
-Do not intermix this with the third-party module <CODE>mod_macro</CODE>. The
-<CODE>mod_define</CODE> module doesn't provide a general macro mechanism,
-although one can consider variable substitutions as a special form of macros.
-Because the value of to which ``<CODE>$</CODE><EM>variable</EM>'' expands has
-to fit into one line. When you need macros which can span more lines, you've
-to use <CODE>mod_macro</CODE>. OTOH <CODE>mod_macro</CODE> cannot be used to
-expand a variable/macro on an arbitrary directive line.  So, the typical use
-case of <CODE>mod_define</CODE> is to make strings <EM>variable</EM> (and this
-way easily changeable at one location) and not to <EM>bundle</EM> things
-together (as it's the typical use case for macros).
-
-<P>
-The syntax of the expansion construct (
-``<CODE>${</CODE><EM>variable</EM><CODE>}</CODE>'') follows the Perl and Shell
-syntax, but can be changed via the <CODE>Define</CODE> directive, too. Four
-internal variables can be used for this. The default is:
-
-<BLOCKQUOTE>
-<PRE>
-Define mod_define::escape "\\"
-Define mod_define::dollar "$"
-Define mod_define::open   "{"
-Define mod_define::close  "}"
-</PRE>
-</BLOCKQUOTE>
-
-<P>
-When you need to escape some of the expansion constructs you place the
-mod_define::escape character in front of it.  The default is the backslash as
-in Perl or the Shell.
-
-<P>
-<STRONG>Example:</STRONG>
-<BLOCKQUOTE>
-<PRE>
-Define master     "Joe Average &lt;joe@average.dom&gt;"
-Define docroot    /usr/local/apache/htdocs
-Define hostname   foo
-Define domainname bar.dom
-Define portnumber 80
-  :
-&lt;VirtualHost $hostname.$domainname:$portnumber&gt;
-SetEnv       SERVER_MASTER "$master"
-ServerName   $hostname.$domainname
-ServerAlias  $hostname
-Port         $portnumber
-DocumentRoot $docroot
-&lt;Directory $docroot&gt;
-  :
-&lt;Directory&gt;
-</PRE>
-</BLOCKQUOTE>
-
-<!--#include virtual="footer.html" -->
-</BLOCKQUOTE><!-- page indentation -->
-</BODY>
-</HTML>
-<!--/%hypertext -->
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_digest.html b/usr.sbin/httpd/htdocs/manual/mod/mod_digest.html
deleted file mode 100644
index 5f35e3694af..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_digest.html
+++ /dev/null
@@ -1,111 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_digest</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_digest</h1>
-
-    <p>This module provides for user authentication using MD5
-    Digest Authentication.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_digest.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    digest_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module implements an older version of the MD5 Digest
-    Authentication specification which will probably not work with
-    modern browsers. Please see <a
-    href="mod_auth_digest.html">mod_auth_digest</a> for a module
-    which implements the most recent version of the standard.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#authdigestfile">AuthDigestFile</a></li>
-    </ul>
-
-    <h2>Using Digest Authentication</h2>
-
-    <p>Using MD5 Digest authentication is very simple. Simply set
-    up authentication normally. However, use "AuthType Digest" and
-    "AuthDigestFile" instead of the normal "AuthType Basic" and
-    "AuthUserFile". Everything else should remain the same.</p>
-
-    <p>MD5 authentication provides a more secure password system,
-    but only works with supporting browsers. As of this writing
-    (January 2002), the only major browsers which support digest
-    authentication are <a href="http://www.opera.com/">Opera 4.0</a>,
-    <a href="http://www.microsoft.com/windows/ie/">MS Internet 
-    Explorer 5.0</a> and <a href="http://www.w3.org/Amaya/">Amaya</a>. 
-    Therefore, we do not recommend using this feature on a large 
-    Internet site. However, for personal and intra-net use, where 
-    browser users can be controlled, it is ideal.</p>
-
-    <p>See also <a href="mod_auth_digest.html">mod_auth_digest</a>,
-    which is an updated version of this module, in order to determine
-    whether you want to use that module instead. In either case, if
-    you are using one, you should not use the other, as they share
-    some of the same configuration directives.</p>
-    <hr />
-
-    <h2><a id="authdigestfile"
-    name="authdigestfile">AuthDigestFile</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AuthDigestFile
-    <em>filename</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> AuthConfig<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_digest 
-
-    <p>The AuthDigestFile directive sets the name of a textual file
-    containing the list of users and encoded passwords for digest
-    authentication. <em>Filename</em> is the absolute path to the
-    user file.</p>
-
-    <p>Example</p>
-
-    <code>AuthDigestFile /usr/local/apache/passwords/passwords.digest</code>
-
-    <p>The digest file uses a special format. Files in this format
-    can be created using the "<a href="../programs/htdigest.html">htdigest</a>"
-    utility found in the support/ subdirectory of the Apache distribution.</p>
-
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html b/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html
deleted file mode 100644
index 6ae81e435e2..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html
+++ /dev/null
@@ -1,129 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_dir</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_dir</h1>
-
-    <p>This module provides for "trailing slash" redirects and
-    serving directory index files.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_dir.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    dir_module</p>
-
-    <h2>Summary</h2>
-    The index of a directory can come from one of two sources: 
-
-    <ul>
-      <li>A file written by the user, typically called
-      <code>index.html</code>. The <a
-      href="#directoryindex">DirectoryIndex</a> directive sets the
-      name of this file. This is controlled by
-      <code>mod_dir</code>.</li>
-
-      <li>Otherwise, a listing generated by the server. This is
-      provided by <a
-      href="mod_autoindex.html"><code>mod_autoindex</code></a>.</li>
-    </ul>
-    The two functions are separated so that you can completely
-    remove (or replace) automatic index generation should you want
-    to. 
-
-    <p>A "trailing slash" redirect is issued when the server
-    receives a request for a URL
-    <samp>http://servername/foo/dirname</samp> where
-    <samp>dirname</samp> is a directory. Directories require a
-    trailing slash, so <code>mod_dir</code> issues a redirect to
-    <samp>http://servername/foo/dirname/</samp>.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#directoryindex">DirectoryIndex</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="directoryindex"
-    name="directoryindex">DirectoryIndex</a> directive</h2>
-    <!--%plaintext &lt;?INDEX {\tt DirectoryIndex} directive&gt; -->
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> DirectoryIndex
-    <em>local-url</em> [<em>local-url</em>] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>DirectoryIndex
-    index.html</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_dir 
-
-    <p>The DirectoryIndex directive sets the list of resources to
-    look for, when the client requests an index of the directory by
-    specifying a / at the end of the a directory name.
-    <em>Local-url</em> is the (%-encoded) URL of a document on the
-    server relative to the requested directory; it is usually the
-    name of a file in the directory. Several URLs may be given, in
-    which case the server will return the first one that it finds.
-    If none of the resources exist and the <code>Indexes</code>
-    option is set, the server will generate its own listing of the
-    directory.</p>
-
-    <p>Example:</p>
-
-    <blockquote>
-      <code>DirectoryIndex index.html</code>
-    </blockquote>
-    then a request for <code>http://myserver/docs/</code> would
-    return <code>http://myserver/docs/index.html</code> if it
-    exists, or would list the directory if it did not. 
-
-    <p>Note that the documents do not need to be relative to the
-    directory;</p>
-
-    <blockquote>
-      <code>DirectoryIndex index.html index.txt
-      /cgi-bin/index.pl</code>
-    </blockquote>
-    would cause the CGI script <code>/cgi-bin/index.pl</code> to be
-    executed if neither <code>index.html</code> or
-    <code>index.txt</code> existed in a directory. 
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html b/usr.sbin/httpd/htdocs/manual/mod/mod_env.html
deleted file mode 100644
index 9e03e758c31..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html
+++ /dev/null
@@ -1,146 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_env</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache module mod_env</h1>
-
-    <p>This module provides for modifying the environment which is
-    passed to CGI scripts and SSI pages.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_env.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    env_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module allows for control of the environment that will
-    be provided to CGI scripts and SSI pages. Environment variables
-    may be passed from the shell which invoked the httpd process.
-    Alternatively, environment variables may be set or unset within
-    the configuration process.</p>
-
-    <p>For additional information, we provide a document on <a
-    href="../env.html">Environment Variables in Apache</a>.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#passenv">PassEnv</a></li>
-
-      <li><a href="#setenv">SetEnv</a></li>
-
-      <li><a href="#unsetenv">UnsetEnv</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="passenv" name="passenv">PassEnv</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> PassEnv
-    <em>env-variable</em> [<em>env-variable</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_env<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> PassEnv is only
-    available in Apache 1.1 and later.  Directory and .htaccess context
-    is available in Apache 1.3.7 and later.
-
-    <p>Specifies one or more environment variables to pass to CGI
-    scripts and SSI pages from the environment of the shell which
-    invoked the httpd process. Example:</p>
-<pre>
-    PassEnv LD_LIBRARY_PATH
-</pre>
-    <hr />
-
-    <h2><a id="setenv" name="setenv">SetEnv</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> SetEnv <em>env-variable
-    value</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_env<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> SetEnv is only
-    available in Apache 1.1 and later.  Directory and .htaccess context
-    is available in Apache 1.3.7 and later.
-
-    <p>Sets an environment variable, which is then passed on to CGI
-    scripts and SSI pages. Example:</p>
-<pre>
-    SetEnv SPECIAL_PATH /foo/bin
-</pre>
-    <hr />
-
-    <h2><a id="unsetenv" name="unsetenv">UnsetEnv</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> UnsetEnv
-    <em>env-variable</em> [<em>env-variable</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_env<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> UnsetEnv is only
-    available in Apache 1.1 and later.  Directory and .htaccess context
-    is available in Apache 1.3.7 and later.
-
-    <p>Removes one or more environment variables from those passed
-    on to CGI scripts and SSI pages. Example:</p>
-<pre>
-    UnsetEnv LD_LIBRARY_PATH
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html b/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html
deleted file mode 100644
index 6ae1c73ce8e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html
+++ /dev/null
@@ -1,264 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_expires</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_expires</h1>
-
-    <p>This module provides for the generation of
-    <code>Expires</code> HTTP headers according to user-specified
-    criteria.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_expires.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    expires_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.2 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module controls the setting of the <code>Expires</code>
-    HTTP header in server responses. The expiration date can set to
-    be relative to either the time the source file was last
-    modified, or to the time of the client access.</p>
-
-    <p>The <code>Expires</code> HTTP header is an instruction to
-    the client about the document's validity and persistence. If
-    cached, the document may be fetched from the cache rather than
-    from the source until this time has passed. After that, the
-    cache copy is considered "expired" and invalid, and a new copy
-    must be obtained from the source.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#expiresactive">ExpiresActive</a></li>
-
-      <li><a href="#expiresbytype">ExpiresByType</a></li>
-
-      <li><a href="#expiresdefault">ExpiresDefault</a></li>
-    </ul>
-
-    <h2><a id="AltSyn" name="AltSyn">Alternate Interval
-    Syntax</a></h2>
-
-    <p>The <a
-    href="#expiresdefault"><samp>ExpiresDefault</samp></a> and <a
-    href="#expiresbytype"><samp>ExpiresByType</samp></a> directives
-    can also be defined in a more readable syntax of the form:</p>
-
-    <dl>
-      <dd><code>ExpiresDefault "&lt;base&gt; [plus] {&lt;num&gt;
-      &lt;type&gt;}*"<br />
-       ExpiresByType type/encoding "&lt;base&gt; [plus]
-      {&lt;num&gt; &lt;type&gt;}*"</code></dd>
-    </dl>
-
-    <p>where &lt;base&gt; is one of:</p>
-
-    <ul>
-      <li><samp>access</samp></li>
-
-      <li><samp>now</samp> (equivalent to
-      '<samp>access</samp>')</li>
-
-      <li><samp>modification</samp></li>
-    </ul>
-
-    <p>The '<samp>plus</samp>' keyword is optional. &lt;num&gt;
-    should be an integer value [acceptable to <samp>atoi()</samp>],
-    and &lt;type&gt; is one of:</p>
-
-    <ul>
-      <li><samp>years</samp></li>
-
-      <li><samp>months</samp></li>
-
-      <li><samp>weeks</samp></li>
-
-      <li><samp>days</samp></li>
-
-      <li><samp>hours</samp></li>
-
-      <li><samp>minutes</samp></li>
-
-      <li><samp>seconds</samp></li>
-    </ul>
-
-    <p>For example, any of the following directives can be used to
-    make documents expire 1 month after being accessed, by
-    default:</p>
-
-    <dl>
-      <dd><code>ExpiresDefault "access plus 1 month"<br />
-       ExpiresDefault "access plus 4 weeks"<br />
-       ExpiresDefault "access plus 30 days"</code></dd>
-    </dl>
-
-    <p>The expiry time can be fine-tuned by adding several
-    '&lt;num&gt; &lt;type&gt;' clauses:</p>
-
-    <dl>
-      <dd><code>ExpiresByType text/html "access plus 1 month 15
-      days 2 hours"<br />
-       ExpiresByType image/gif "modification plus 5 hours 3
-      minutes"</code></dd>
-    </dl>
-
-    <p>Note that if you use a modification date based setting, the
-    Expires header will <strong>not</strong> be added to content
-    that does not come from a file on disk. This is due to the fact
-    that there is no modification time for such content.</p>
-    <hr />
-
-    <h2><a id="expiresactive" name="expiresactive">ExpiresActive
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ExpiresActive
-    on|off<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_expires</p>
-
-    <p>This directive enables or disables the generation of the
-    <code>Expires</code> header for the document realm in question.
-    (That is, if found in an <code>.htaccess</code> file, for
-    instance, it applies only to documents generated from that
-    directory.) If set to <em><code>Off</code></em>, no
-    <code>Expires</code> header will be generated for any document
-    in the realm (unless overridden at a lower level, such as an
-    <code>.htaccess</code> file overriding a server config file).
-    If set to <em><code>On</code></em>, the header will be added to
-    served documents according to the criteria defined by the <a
-    href="#expiresbytype">ExpiresByType</a> and <a
-    href="#expiresdefault">ExpiresDefault</a> directives
-    (<em>q.v.</em>).</p>
-
-    <p>Note that this directive does not guarantee that an
-    <code>Expires</code> header will be generated. If the criteria
-    aren't met, no header will be sent, and the effect will be as
-    though this directive wasn't even specified.</p>
-    <hr />
-
-    <h2><a id="expiresbytype" name="expiresbytype">ExpiresByType
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ExpiresByType
-    <em>mime-type &lt;code&gt;seconds</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_expires</p>
-
-    <p>This directive defines the value of the <code>Expires</code>
-    header generated for documents of the specified type
-    (<em>e.g.</em>, <code>text/html</code>). The second argument
-    sets the number of seconds that will be added to a base time to
-    construct the expiration date.</p>
-
-    <p>The base time is either the last modification time of the
-    file, or the time of the client's access to the document. Which
-    should be used is specified by the
-    <code><em>&lt;code&gt;</em></code> field; <strong>M</strong>
-    means that the file's last modification time should be used as
-    the base time, and <strong>A</strong> means the client's access
-    time should be used.</p>
-
-    <p>The difference in effect is subtle. If <em>M</em> is used,
-    all current copies of the document in all caches will expire at
-    the same time, which can be good for something like a weekly
-    notice that's always found at the same URL. If <em>A</em> is
-    used, the date of expiration is different for each client; this
-    can be good for image files that don't change very often,
-    particularly for a set of related documents that all refer to
-    the same images (<em>i.e.</em>, the images will be accessed
-    repeatedly within a relatively short timespan).</p>
-
-    <p><strong>Example:</strong></p>
-<pre>
-   ExpiresActive On                  # enable expirations
-   ExpiresByType image/gif A2592000  # expire GIF images after a month
-                                     #  in the client's cache
-   ExpiresByType text/html M604800   # HTML documents are good for a
-                                     #  week from the time they were
-                                     #  changed, period
- 
-</pre>
-
-    <p>Note that this directive only has effect if
-    <code>ExpiresActive On</code> has been specified. It overrides,
-    for the specified MIME type <em>only</em>, any expiration date
-    set by the <a href="#expiresdefault">ExpiresDefault</a>
-    directive.</p>
-
-    <p>You can also specify the expiration time calculation using
-    an <a href="#AltSyn">alternate syntax</a>, described later in
-    this document.</p>
-    <hr />
-
-    <h2><a id="expiresdefault" name="expiresdefault">ExpiresDefault
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ExpiresDefault
-    <em>&lt;code&gt;seconds</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_expires</p>
-
-    <p>This directive sets the default algorithm for calculating
-    the expiration time for all documents in the affected realm. It
-    can be overridden on a type-by-type basis by the <a
-    href="#expiresbytype">ExpiresByType</a> directive. See the
-    description of that directive for details about the syntax of
-    the argument, and the <a href="#AltSyn">alternate syntax</a>
-    description as well.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html b/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html
deleted file mode 100644
index 663e3b8eea6..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html
+++ /dev/null
@@ -1,204 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_headers</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_headers</h1>
-
-    <p>This module provides for the customization of HTTP response
-    headers.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_headers.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    headers_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.2 and later.</p>
-
-    <h2>Summary</h2>
-    This module provides a directive to control the sending of HTTP
-    headers. Headers can be merged, replaced or removed. 
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#header">Header</a></li>
-      <li><a href="#errorheader">ErrorHeader</a></li>
-      <li><a href="#requestheader">RequestHeader</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="header" name="header">Header</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Header set|append|add
-    <em>header</em> <em>value</em><br />
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> Header unset
-    <em>header</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, access.conf, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_headers 
-
-    <p>This directive can replace, merge or remove HTTP response
-    headers during 1xx and 2xx series replies. For 3xx, 4xx and 5xx
-    use the ErrorHeader directive.
-    </p>
-     <p>
-     The action it performs is determined by the first
-    argument. This can be one of the following values:</p>
-
-    <ul>
-      <li><strong>set</strong><br />
-       The response header is set, replacing any previous header
-      with this name</li>
-
-      <li><strong>append</strong><br />
-       The response header is appended to any existing header of
-      the same name. When a new value is merged onto an existing
-      header it is separated from the existing header with a comma.
-      This is the HTTP standard way of giving a header multiple
-      values.</li>
-
-      <li><strong>add</strong><br />
-       The response header is added to the existing set of headers,
-      even if this header already exists. This can result in two
-      (or more) headers having the same name. This can lead to
-      unforeseen consequences, and in general "append" should be
-      used instead.</li>
-
-      <li><strong>unset</strong><br />
-       The response header of this name is removed, if it exists.
-      If there are multiple headers of the same name, all will be
-      removed.</li>
-    </ul>
-    This argument is followed by a header name, which can include
-    the final colon, but it is not required. Case is ignored. For
-    add, append and set a value is given as the third argument. If
-    this value contains spaces, it should be surrounded by double
-    quotes. For unset, no value should be given. 
-
-    <h3>Order of Processing</h3>
-    The Header directive can occur almost anywhere within the
-    server configuration. It is valid in the main server config and
-    virtual host sections, inside &lt;Directory&gt;,
-    &lt;Location&gt; and &lt;Files&gt; sections, and within
-    .htaccess files. 
-
-    <p>The Header directives are processed in the following
-    order:</p>
-
-    <ol>
-      <li>main server</li>
-
-      <li>virtual host</li>
-
-      <li>&lt;Directory&gt; sections and .htaccess</li>
-
-      <li>&lt;Location&gt;</li>
-
-      <li>&lt;Files&gt;</li>
-    </ol>
-    Order is important. These two headers have a different effect
-    if reversed: 
-<pre>
-Header append Author "John P. Doe"
-Header unset Author
-</pre>
-    This way round, the Author header is not set. If reversed, the
-    Author header is set to "John P. Doe". 
-
-    <p>The Header directives are processed just before the response
-    is sent by its handler. These means that some headers that are
-    added just before the response is sent cannot be unset or
-    overridden. This includes headers such as "Date" and
-    "Server".</p>
-
-    <h2><a id="errorheader" name="errorheader">ErrorHeader</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ErrorHeader set|append|add
-    <em>header</em> <em>value</em><br />
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ErrorHeader unset
-    <em>header</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, access.conf, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_headers 
-
-    <p>This directive can replace, merge or remove HTTP response
-    headers during 3xx, 4xx and 5xx replies. For normal replies
-    use the Header directive.
-    </p>
-    <p>This directive is identical to the <a href="#header">Header</a> 
-    directive in all other respects. Consult this directive for
-    more information on the syntax.
-    </P>
-
-    <h2><a id="requestheader" name="requestheader">RequestHeader</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RequestHeader set|append|add
-    <em>header</em> <em>value</em><br />
-     <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RequestHeader unset
-    <em>header</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, access.conf, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_headers 
-
-    <p>This directive can replace, merge or remove HTTP request
-    headers. As opposed to the <a href="#header">Header</a> directive,
-    this directive modifies incoming request headers instead of outgoing
-    responses.
-    </p>
-    <p>This directive is identical to the <a href="#header">Header</a> 
-    directive in all other respects. Consult this directive for
-    more information on the syntax.
-    </P>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html b/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html
deleted file mode 100644
index c930f62bc24..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html
+++ /dev/null
@@ -1,373 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_imap</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_imap</h1>
-
-    <p>This module provides for server-side imagemap
-    processing.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_imap.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    imap_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module processes <code>.map</code> files, thereby
-    replacing the functionality of the <code>imagemap</code> CGI
-    program. Any directory or document type configured to use the
-    handler <code>imap-file</code> (using either <code><a
-    href="mod_mime.html#addhandler">AddHandler</a></code> or
-    <code><a href="mod_mime.html#sethandler">SetHandler</a></code>)
-    will be processed by this module.</p>
-
-    <p>The following directive will activate files ending with
-    <code>.map</code> as imagemap files:</p>
-
-    <blockquote>
-      <code>AddHandler imap-file map</code>
-    </blockquote>
-    Note that the following is still supported: 
-
-    <blockquote>
-      <code>AddType application/x-httpd-imap map</code>
-    </blockquote>
-    However, we are trying to phase out "magic MIME types" so we
-    are deprecating this method. 
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#imapmenu">ImapMenu</a></li>
-
-      <li><a href="#imapdefault">ImapDefault</a></li>
-
-      <li><a href="#imapbase">ImapBase</a></li>
-    </ul>
-
-    <h2>New Features</h2>
-    The imagemap module adds some new features that were not
-    possible with previously distributed imagemap programs. 
-
-    <ul>
-      <li>URL references relative to the Referer: information.</li>
-
-      <li>Default &lt;BASE&gt; assignment through a new map
-      directive <code>base</code>.</li>
-
-      <li>No need for <code>imagemap.conf</code> file.</li>
-
-      <li>Point references.</li>
-
-      <li>Configurable generation of imagemap menus.</li>
-    </ul>
-
-    <h2>Imagemap File</h2>
-    The lines in the imagemap files can have one of several
-    formats: 
-
-    <blockquote>
-      <code>directive value [x,y ...]</code><br />
-       <code>directive value "Menu text" [x,y ...]</code><br />
-       <code>directive value x,y ... "Menu text"</code><br />
-    </blockquote>
-    The directive is one of <code>base</code>,
-    <code>default</code>, <code>poly</code>, <code>circle</code>,
-    <code>rect</code>, or <code>point</code>. The value is an
-    absolute or relative URL, or one of the special values listed
-    below. The coordinates are <code>x,y</code> pairs separated by
-    whitespace. The quoted text is used as the text of the link if
-    a imagemap menu is generated. Lines beginning with '#' are
-    comments. 
-
-    <h3>Imagemap File Directives</h3>
-    There are six directives allowed in the imagemap file. The
-    directives can come in any order, but are processed in the
-    order they are found in the imagemap file. 
-
-    <dl>
-      <dt><code>base</code> Directive</dt>
-
-      <dd>Has the effect of <code>&lt;BASE HREF="value"&gt;</code>.
-      The non-absolute URLs of the map-file are taken relative to
-      this value. The <code>base</code> directive overrides
-      ImapBase as set in a .htaccess file or in the server
-      configuration files. In the absence of an ImapBase
-      configuration directive, <code>base</code> defaults to
-      <code>http://server_name/</code>.<br />
-       <code>base_uri</code> is synonymous with <code>base</code>.
-      Note that a trailing slash on the URL is significant.</dd>
-
-      <dt><code>default</code> Directive</dt>
-
-      <dd>The action taken if the coordinates given do not fit any
-      of the <code>poly</code>, <code>circle</code> or
-      <code>rect</code> directives, and there are no
-      <code>point</code> directives. Defaults to
-      <code>nocontent</code> in the absence of an ImapDefault
-      configuration setting, causing a status code of <code>204 No
-      Content</code> to be returned. The client should keep the
-      same page displayed.</dd>
-
-      <dt><code>poly</code> Directive</dt>
-
-      <dd>Takes three to one-hundred points, and is obeyed if the
-      user selected coordinates fall within the polygon defined by
-      these points.</dd>
-
-      <dt><code>circle</code></dt>
-
-      <dd>Takes the center coordinates of a circle and a point on
-      the circle. Is obeyed if the user selected point is with the
-      circle.</dd>
-
-      <dt><code>rect</code> Directive</dt>
-
-      <dd>Takes the coordinates of two opposing corners of a
-      rectangle. Obeyed if the point selected is within this
-      rectangle.</dd>
-
-      <dt><code>point</code> Directive</dt>
-
-      <dd>Takes a single point. The point directive closest to the
-      user selected point is obeyed if no other directives are
-      satisfied. Note that <code>default</code> will not be
-      followed if a <code>point</code> directive is present and
-      valid coordinates are given.</dd>
-    </dl>
-
-    <h3>Values</h3>
-    The values for each of the directives can any of the following:
-    
-
-    <dl>
-      <dt>a URL</dt>
-
-      <dd>The URL can be relative or absolute URL. Relative URLs
-      can contain '..' syntax and will be resolved relative to the
-      <code>base</code> value.<br />
-       <code>base</code> itself will not resolved according to the
-      current value. A statement <code>base mailto:</code> will
-      work properly, though.</dd>
-
-      <dt><code>map</code></dt>
-
-      <dd>Equivalent to the URL of the imagemap file itself. No
-      coordinates are sent with this, so a menu will be generated
-      unless ImapMenu is set to 'none'.</dd>
-
-      <dt><code>menu</code></dt>
-
-      <dd>Synonymous with <code>map</code>.</dd>
-
-      <dt><code>referer</code></dt>
-
-      <dd>Equivalent to the URL of the referring document. Defaults
-      to <code>http://servername/</code> if no Referer: header was
-      present.</dd>
-
-      <dt><code>nocontent</code></dt>
-
-      <dd>Sends a status code of <code>204 No Content</code>,
-      telling the client to keep the same page displayed. Valid for
-      all but <code>base</code>.</dd>
-
-      <dt><code>error</code></dt>
-
-      <dd>Fails with a <code>500 Server Error</code>. Valid for all
-      but <code>base</code>, but sort of silly for anything but
-      <code>default</code>.</dd>
-    </dl>
-
-    <h3>Coordinates</h3>
-
-    <dl>
-      <dt><code>0,0 200,200</code></dt>
-
-      <dd>A coordinate consists of an <tt>x</tt> and a <tt>y</tt>
-      value separated by a comma. The coordinates are separated
-      from each other by whitespace. To accommodate the way Lynx
-      handles imagemaps, should a user select the coordinate
-      <code>0,0</code>, it is as if no coordinate had been
-      selected.</dd>
-    </dl>
-
-    <h3>Quoted Text</h3>
-
-    <dl>
-      <dt><code>"Menu Text"</code></dt>
-
-      <dd>After the value or after the coordinates, the line
-      optionally may contain text within double quotes. This string
-      is used as the text for the link if a menu is
-      generated:<br />
-       <code>&lt;a HREF="http://foo.com/"&gt;Menu
-      text&lt;/a&gt;</code><br />
-       If no quoted text is present, the name of the link will be
-      used as the text:<br />
-       <code>&lt;a
-      HREF="http://foo.com/"&gt;http://foo.com&lt;/a&gt;</code><br />
-       If you want to use double quotes within this text, you have to
-       write them as <code>&amp;quot;</code>.</dd>
-    </dl>
-
-    <h2>Example Mapfile</h2>
-
-    <blockquote>
-      <code>#Comments are printed in a 'formatted' or
-      'semiformatted' menu.<br />
-       #And can contain html tags. &lt;hr&gt;<br />
-       base referer<br />
-       poly map "Could I have a menu, please?" 0,0 0,10 10,10
-      10,0<br />
-       rect .. 0,0 77,27 "the directory of the referer"<br />
-       circle http://www.inetnebr.com/lincoln/feedback/ 195,0
-      305,27<br />
-       rect another_file "in same directory as referer" 306,0
-      419,27<br />
-       point http://www.zyzzyva.com/ 100,100<br />
-       point http://www.tripod.com/ 200,200<br />
-       rect mailto:nate@tripod.com 100,150 200,0 "Bugs?"<br />
-      </code>
-    </blockquote>
-
-    <h2>Referencing your mapfile</h2>
-
-    <blockquote>
-      <code>&lt;A HREF="/maps/imagemap1.map"&gt;<br />
-       &lt;IMG ISMAP SRC="/images/imagemap1.gif"&gt;<br />
-       &lt;/A&gt;</code>
-    </blockquote>
-    <hr />
-
-    <h2><a id="imapmenu" name="imapmenu">ImapMenu</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ImapMenu
-    none|formatted|semiformatted|unformatted<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_imap<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ImapMenu is only
-    available in Apache 1.1 and later. 
-
-    <p>The ImapMenu directive determines the action taken if an
-    imagemap file is called without valid coordinates.</p>
-
-    <dl>
-      <dt><code>none</code></dt>
-
-      <dd>If ImapMenu is <code>none</code>, no menu is generated,
-      and the <code>default</code> action is performed.</dd>
-
-      <dt><code>formatted</code></dt>
-
-      <dd>A <code>formatted</code> menu is the simplest menu.
-      Comments in the imagemap file are ignored. A level one header
-      is printed, then an hrule, then the links each on a separate
-      line. The menu has a consistent, plain look close to that of
-      a directory listing.</dd>
-
-      <dt><code>semiformatted</code></dt>
-
-      <dd>In the <code>semiformatted</code> menu, comments are
-      printed where they occur in the imagemap file. Blank lines
-      are turned into HTML breaks. No header or hrule is printed,
-      but otherwise the menu is the same as a
-      <code>formatted</code> menu.</dd>
-
-      <dt><code>unformatted</code></dt>
-
-      <dd>Comments are printed, blank lines are ignored. Nothing is
-      printed that does not appear in the imagemap file. All breaks
-      and headers must be included as comments in the imagemap
-      file. This gives you the most flexibility over the appearance
-      of your menus, but requires you to treat your map files as
-      HTML instead of plaintext.</dd>
-    </dl>
-    <hr />
-
-    <h2><a id="imapdefault" name="imapdefault">ImapDefault</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ImapDefault
-    error|nocontent|map|referer|<em>URL</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_imap<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ImapDefault is
-    only available in Apache 1.1 and later. 
-
-    <p>The ImapDefault directive sets the default
-    <code>default</code> used in the imagemap files. Its value is
-    overridden by a <code>default</code> directive within the
-    imagemap file. If not present, the <code>default</code> action
-    is <code>nocontent</code>, which means that a <code>204 No
-    Content</code> is sent to the client. In this case, the client
-    should continue to display the original page.</p>
-    <hr />
-
-    <h2><a id="imapbase" name="imapbase">ImapBase</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ImapBase
-    map|referer|<em>URL</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Indexes<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_imap<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ImapBase is only
-    available in Apache 1.1 and later. 
-
-    <p>The ImapBase directive sets the default <code>base</code>
-    used in the imagemap files. Its value is overridden by a
-    <code>base</code> directive within the imagemap file. If not
-    present, the <code>base</code> defaults to
-    <code>http://servername/</code>. 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html b/usr.sbin/httpd/htdocs/manual/mod/mod_include.html
deleted file mode 100644
index 905188fcf8d..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html
+++ /dev/null
@@ -1,603 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_include</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_include</h1>
-
-    <p>This module provides for documents with Server Side Includes
-    (SSI).</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_include.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    includes_module</p>
-
-    <h2>Summary</h2>
-
-    <p>This module provides a handler which will process files
-    before they are sent to the client. The processing is
-    controlled by specially formated SGML comments, referred to as
-    <em>elements</em>. These elements allow conditional text, the
-    inclusion other files or programs, as well as the setting and
-    printing of environment variables.</p>
-
-    <p>For an introduction to this topic, we also provide a <a
-    href="../howto/ssi.html">tutorial on Server Side
-    Includes</a>.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#xbithack">XBitHack</a></li>
-    </ul>
-
-    <p>See also: <a href="core.html#options">Options</a> and <a
-    href="mod_mime.html#addhandler">AddHandler</a>.</p>
-
-    <h2>Enabling Server-Side Includes</h2>
-    Any document with handler of "server-parsed" will be parsed by
-    this module, if the <code>Includes</code> option is set. If
-    documents containing server-side include directives are given
-    the extension .shtml, the following directives will make Apache
-    parse them and assign the resulting document the mime type of
-    <code>text/html</code>: 
-<pre>
-AddType text/html .shtml
-AddHandler server-parsed .shtml
-</pre>
-    The following directive must be given for the directories
-    containing the shtml files (typically in a
-    <code>&lt;Directory&gt;</code> section, but this directive is
-    also valid .htaccess files if <code>AllowOverride
-    Options</code> is set): 
-<pre>
-Options +Includes
-</pre>
-    Alternatively the <a href="#xbithack"><code>XBitHack</code></a>
-    directive can be used to parse normal (<code>text/html</code>)
-    files, based on file permissions. 
-
-    <p>For backwards compatibility, documents with mime type
-    <code>text/x-server-parsed-html</code> or
-    <code>text/x-server-parsed-html3</code> will also be parsed
-    (and the resulting output given the mime type
-    <code>text/html</code>).</p>
-
-    <h2>Basic Elements</h2>
-    The document is parsed as an HTML document, with special
-    commands embedded as SGML comments. A command has the syntax: 
-
-    <blockquote>
-      <code>&lt;!--#</code><em>element attribute=value
-      attribute=value ...</em> <code>--&gt;</code>
-    </blockquote>
-    The value will often be enclosed in double quotes; many
-    commands only allow a single attribute-value pair. Note that
-    the comment terminator (<samp>--&gt;</samp>) should be preceded
-    by whitespace to ensure that it isn't considered part of an SSI
-    token. 
-
-    <p>The allowed elements are:</p>
-
-    <dl>
-      <dt><strong>config</strong></dt>
-
-      <dd>
-        This command controls various aspects of the parsing. The
-        valid attributes are: 
-
-        <dl>
-          <dt><strong>errmsg</strong></dt>
-
-          <dd>The value is a message that is sent back to the
-          client if an error occurs whilst parsing the
-          document.</dd>
-
-          <dt><strong>sizefmt</strong></dt>
-
-          <dd>The value sets the format to be used which displaying
-          the size of a file. Valid values are <code>bytes</code>
-          for a count in bytes, or <code>abbrev</code> for a count
-          in Kb or Mb as appropriate.</dd>
-
-          <dt><strong>timefmt</strong></dt>
-
-          <dd>The value is a string to be used by the
-          <code>strftime(3)</code> library routine when printing
-          dates.</dd>
-        </dl>
-      </dd>
-
-      <dt><strong><a id="echo" name="echo">echo</a></strong></dt>
-
-      <dd>
-        This command prints one of the <a href="#includevars">include
-        variables</a>, defined
-        below. If the variable is unset, it is printed as
-        <code>(none)</code>. Any dates printed are subject to the
-        currently configured <code>timefmt</code>. Attributes: 
-
-        <dl>
-          <dt><strong>var</strong></dt>
-
-          <dd>The value is the name of the variable to print.</dd>
-
-          <dt><strong>encoding</strong></dt>
-
-          <dd>Specifies how Apache should encode special characters
-          contained in the variable before outputting them. If set
-          to "none", no encoding will be done. If set to "url",
-          then URL encoding (also known as %-encoding; this is
-          appropriate for use within URLs in links, etc.) will be
-          performed. At the start of an <code>echo</code> element,
-          the default is set to "entity", resulting in entity
-          encoding (which is appropriate in the context of a
-          block-level HTML element, eg. a paragraph of text). This
-          can be changed by adding an <code>encoding</code>
-          attribute, which will remain in effect until the next
-          <code>encoding</code> attribute is encountered or the
-          element ends, whichever comes first. Note that the
-          <code>encoding</code> attribute must <em>precede</em> the
-          corresponding <code>var</code> attribute to be effective,
-          and that only special characters as defined in the
-          ISO-8859-1 character encoding will be encoded. This
-          encoding process may not have the desired result if a
-          different character encoding is in use. Apache 1.3.12 and
-          above; previous versions do no encoding.</dd>
-        </dl>
-      </dd>
-
-      <dt><strong>exec</strong></dt>
-
-      <dd>
-        The exec command executes a given shell command or CGI
-        script. The IncludesNOEXEC <a
-        href="core.html#options">Option</a> disables this command
-        completely. The valid attributes are: 
-
-        <dl>
-          <dt><strong>cgi</strong></dt>
-
-          <dd>
-            The value specifies a (%-encoded) URL relative path to
-            the CGI script. If the path does not begin with a (/),
-            then it is taken to be relative to the current
-            document. The document referenced by this path is
-            invoked as a CGI script, even if the server would not
-            normally recognize it as such. However, the directory
-            containing the script must be enabled for CGI scripts
-            (with <a
-            href="mod_alias.html#scriptalias">ScriptAlias</a> or
-            the ExecCGI <a href="core.html#options">Option</a>). 
-
-            <p>The CGI script is given the PATH_INFO and query
-            string (QUERY_STRING) of the original request from the
-            client; these cannot be specified in the URL path. The
-            include variables will be available to the script in
-            addition to the standard <a href="mod_cgi.html">CGI</a>
-            environment.</p>
-
-            <p>For example:</p>
-
-  <code>&lt;!--#exec cgi="/cgi-bin/example.cgi" --&gt;</code>
-
-            <p>If the script returns a Location: header instead of
-            output, then this will be translated into an HTML
-            anchor.</p>
-
-            <p>The <code><a href="#includevirtual">include
-            virtual</a></code> element should be
-            used in preference to <code>exec cgi</code>. In particular,
-            if you need to pass additional arguments to a CGI program,
-            using the query string, this cannot be done with <code>exec
-            cgi</code>, but can be done with <code>include
-            virtual</code>, as shown here:</p>
-
-  <code>&lt;!--#include virtual="/cgi-bin/example.cgi?argument=value" --&gt;</code>
-          </dd>
-
-          <dt><strong>cmd</strong></dt>
-
-          <dd>
-          <p>The server will execute the given string using
-          <code>/bin/sh</code>. The <a 
-          href="#includevars">include variables</a> are available
-          to the command, in addition to the usual set of CGI 
-          variables.</p>
-
-        <p>The use of <code><a href="#includevirtual">#include 
-        virtual</a></code> is almost always
-        prefered to using either <code>#exec cgi</code> or <code>#exec
-        cmd</code>. The former (<code>#include virtual</code>) used the
-        standard Apache sub-request mechanism to include files or
-        scripts. It is much better tested and maintained.</p>
-
-          <p>In addition, on some platforms, like Win32, and on unix
-          when using suexec, you cannot pass arguments to a command in 
-          an <code>exec</code> directive, or otherwise include spaces in
-          the command. Thus, while the following will work under a
-          non-suexec configuration on unix, it will not produce the
-          desired result under Win32, or when running suexec:</p>
-
-   <code>&lt;!--#exec cmd="perl /path/to/perlscript arg1 arg2" --&gt;</code>
-
-          </dd>
-        </dl>
-      </dd>
-
-      <dt><strong>fsize</strong></dt>
-
-      <dd>
-        This command prints the size of the specified file, subject
-        to the <code>sizefmt</code> format specification.
-        Attributes: 
-
-        <dl>
-          <dt><strong>file</strong></dt>
-
-          <dd>The value is a path relative to the directory
-          containing the current document being parsed.</dd>
-
-          <dt><strong>virtual</strong></dt>
-
-          <dd>The value is a (%-encoded) URL-path relative to the
-          current document being parsed. If it does not begin with
-          a slash (/) then it is taken to be relative to the
-          current document.</dd>
-        </dl>
-      </dd>
-
-      <dt><strong>flastmod</strong></dt>
-
-      <dd>This command prints the last modification date of the
-      specified file, subject to the <code>timefmt</code> format
-      specification. The attributes are the same as for the
-      <code>fsize</code> command.</dd>
-
-      <dt><strong>include</strong></dt>
-
-      <dd>
-        This command inserts the text of another document or file
-        into the parsed file. Any included file is subject to the
-        usual access control. If the directory containing the
-        parsed file has the <a href="core.html#options">Option</a>
-        IncludesNOEXEC set, and the including the document would
-        cause a program to be executed, then it will not be
-        included; this prevents the execution of CGI scripts.
-        Otherwise CGI scripts are invoked as normal using the
-        complete URL given in the command, including any query
-        string. 
-
-        <p>An attribute defines the location of the document; the
-        inclusion is done for each attribute given to the include
-        command. The valid attributes are:</p>
-
-        <dl>
-          <dt><strong>file</strong></dt>
-
-          <dd>The value is a path relative to the directory
-          containing the current document being parsed. It cannot
-          contain <code>../</code>, nor can it be an absolute path.
-          Therefore, you cannot include files that are outside of the
-          document root, or above the current document in the directory
-          structure.
-          The <code>virtual</code> attribute should always be used
-          in preference to this one.</dd>
-
-          <dt><strong><a name="includevirtual">virtual</a></strong></dt>
-
-         <dd>
-          <p>The value is a (%-encoded) URL relative to the
-          current document being parsed. The URL cannot contain a
-          scheme or hostname, only a path and an optional query
-          string. If it does not begin with a slash (/) then it is
-          taken to be relative to the current document.</p>
-
-          <p>A URL is constructed from the attribute, and the output the
-           server would return if the URL were accessed by the client
-           is included in the parsed output. Thus included files can
-           be nested.</p>
-
-           <p>If the specified URL is a CGI program, the program will
-           be executed and its output inserted in place of the directive
-           in the parsed file. You may include a query string in a CGI
-           url:</p>
-     
-     <code>&lt;!--#include virtual="/cgi-bin/example.cgi?argument=value" --&gt;</code>
-           
-           <p><code>include virtual</code> should be used in preference
-           to <code>exec cgi</code> to include the output of CGI
-           programs into an HTML document.
-          </dd>
-        </dl>
-      </dd>
-
-      <dt><strong>printenv</strong></dt>
-
-      <dd>
-      <p>This prints out a listing of all existing variables and
-      their values. Starting with Apache 1.3.12, special characters
-      are entity encoded (see the <a
-      href="#echo"><code>echo</code></a> element for details)
-      before being output. There are no attributes.</p>
-
-      <p>For example:</p>
-      
-      <p><code>&lt;!--#printenv --&gt;</code></p>
-
-      <p>The <strong>printenv</strong> element is available only in
-      Apache 1.2 and above.</p>
-    </dd>
-      <dt><strong>set</strong></dt>
-
-      <dd>
-        This sets the value of a variable. Attributes: 
-
-        <dl>
-          <dt><strong>var</strong></dt>
-
-          <dd>The name of the variable to set.</dd>
-
-          <dt><strong>value</strong></dt>
-
-          <dd>The value to give a variable.</dd>
-        </dl>
-        <p>
-        For example: <code>&lt;!--#set var="category" value="help"
-        --&gt;</code></p>
-
-      <p>The <strong>set</strong> element is available only in
-      Apache 1.2 and above.</p>
-      </dd>
-    </dl>
-
-    <h2><a name="includevars">Include Variables</a></h2>
-    In addition to the variables in the standard CGI environment,
-    these are available for the <code>echo</code> command, for
-    <code>if</code> and <code>elif</code>, and to any program
-    invoked by the document. 
-
-    <dl>
-      <dt>DATE_GMT</dt>
-
-      <dd>The current date in Greenwich Mean Time.</dd>
-
-      <dt>DATE_LOCAL</dt>
-
-      <dd>The current date in the local time zone.</dd>
-
-      <dt>DOCUMENT_NAME</dt>
-
-      <dd>The filename (excluding directories) of the document
-      requested by the user.</dd>
-
-      <dt>DOCUMENT_URI</dt>
-
-      <dd>The (%-decoded) URL path of the document requested by the
-      user. Note that in the case of nested include files, this is
-      <em>not</em> then URL for the current document.</dd>
-
-      <dt>LAST_MODIFIED</dt>
-
-      <dd>The last modification date of the document requested by
-      the user.</dd>
-
-      <dt>USER_NAME</dt>
-    
-      <dd>Contains the owner of the file which included it.</dd>
-
-    </dl>
-
-    <h2>Variable Substitution</h2>
-
-    <p>Variable substitution is done within quoted strings in most
-    cases where they may reasonably occur as an argument to an SSI
-    directive. This includes the <samp>config</samp>,
-    <samp>exec</samp>, <samp>flastmod</samp>, <samp>fsize</samp>,
-    <samp>include</samp>, and <samp>set</samp> directives, as well
-    as the arguments to conditional operators. You can insert a
-    literal dollar sign into the string using backslash
-    quoting:</p>
-<pre>
-    &lt;!--#if expr="$a = \$test" --&gt;
-</pre>
-
-    <p>If a variable reference needs to be substituted in the
-    middle of a character sequence that might otherwise be
-    considered a valid identifier in its own right, it can be
-    disambiguated by enclosing the reference in braces,
-    <em>&agrave; la</em> shell substitution:</p>
-<pre>
-    &lt;!--#set var="Zed" value="${REMOTE_HOST}_${REQUEST_METHOD}" --&gt;
-</pre>
-
-    <p>This will result in the <samp>Zed</samp> variable being set
-    to "<samp>X_Y</samp>" if <samp>REMOTE_HOST</samp> is
-    "<samp>X</samp>" and <samp>REQUEST_METHOD</samp> is
-    "<samp>Y</samp>".</p>
-
-    <p>EXAMPLE: the below example will print "in foo" if the
-    DOCUMENT_URI is /foo/file.html, "in bar" if it is
-    /bar/file.html and "in neither" otherwise:</p>
-<pre>
-    &lt;!--#if expr="\"$DOCUMENT_URI\" = \"/foo/file.html\"" --&gt;
-    in foo
-    &lt;!--#elif expr="\"$DOCUMENT_URI\" = \"/bar/file.html\"" --&gt;
-    in bar
-    &lt;!--#else --&gt;
-    in neither
-    &lt;!--#endif --&gt;
-</pre>
-
-    <h2><a id="flowctrl" name="flowctrl">Flow Control
-    Elements</a></h2>
-    These are available in Apache 1.2 and above. The basic flow
-    control elements are: 
-<pre>
-    &lt;!--#if expr="<em>test_condition</em>" --&gt;
-    &lt;!--#elif expr="<em>test_condition</em>" --&gt;
-    &lt;!--#else --&gt;
-    &lt;!--#endif --&gt;
-</pre>
-
-    <p>The <strong><code>if</code></strong> element works like an
-    if statement in a programming language. The test condition is
-    evaluated and if the result is true, then the text until the
-    next <strong><code>elif</code></strong>,
-    <strong><code>else</code></strong>. or
-    <strong><code>endif</code></strong> element is included in the
-    output stream.</p>
-
-    <p>The <strong><code>elif</code></strong> or
-    <strong><code>else</code></strong> statements are be used the
-    put text into the output stream if the original test_condition
-    was false. These elements are optional.</p>
-
-    <p>The <strong><code>endif</code></strong> element ends the
-    <strong><code>if</code></strong> element and is required.</p>
-
-    <p><em>test_condition</em> is one of the following:</p>
-
-    <dl>
-      <dt><em>string</em></dt>
-
-      <dd>true if <em>string</em> is not empty</dd>
-
-      <dt><em>string1</em> = <em>string2</em><br />
-       <em>string1</em> != <em>string2</em><br />
-       <em>string1</em> &lt; <em>string2</em><br />
-       <em>string1</em> &lt;= <em>string2</em><br />
-       <em>string1</em> &gt; <em>string2</em><br />
-       <em>string1</em> &gt;= <em>string2</em></dt>
-
-      <dd>Compare string1 with string 2. If string2 has the form
-      <em>/string/</em> then it is compared as a regular
-      expression. Regular expressions have the same syntax as those
-      found in the Unix <samp>egrep</samp> command.</dd>
-
-      <dt>( <em>test_condition</em> )</dt>
-
-      <dd>true if <em>test_condition</em> is true</dd>
-
-      <dt>! <em>test_condition</em></dt>
-
-      <dd>true if <em>test_condition</em> is false</dd>
-
-      <dt><em>test_condition1</em> &amp;&amp;
-      <em>test_condition2</em></dt>
-
-      <dd>true if both <em>test_condition1</em> and
-      <em>test_condition2</em> are true</dd>
-
-      <dt><em>test_condition1</em> || <em>test_condition2</em></dt>
-
-      <dd>true if either <em>test_condition1</em> or
-      <em>test_condition2</em> is true</dd>
-    </dl>
-
-    <p>"<em>=</em>" and "<em>!=</em>" bind more tightly than
-    "<em>&amp;&amp;</em>" and "<em>||</em>". "<em>!</em>" binds
-    most tightly. Thus, the following are equivalent:</p>
-<pre>
-    &lt;!--#if expr="$a = test1 &amp;&amp; $b = test2" --&gt;
-    &lt;!--#if expr="($a = test1) &amp;&amp; ($b = test2)" --&gt;
-</pre>
-
-    <p>Anything that's not recognized as a variable or an operator
-    is treated as a string. Strings can also be quoted:
-    <em>'string'</em>. Unquoted strings can't contain whitespace
-    (blanks and tabs) because it is used to separate tokens such as
-    variables. If multiple strings are found in a row, they are
-    concatenated using blanks. So,</p>
-<pre>
-     <em>string1    string2</em>  results in <em>string1 string2</em>
-    <em>'string1    string2'</em> results in <em>string1    string2</em>
-</pre>
-
-    <h2>Using Server Side Includes for ErrorDocuments</h2>
-    There is <a href="../misc/custom_errordocs.html">a document</a>
-    which describes how to use the features of mod_include to offer
-    internationalized customized server error documents. 
-    <hr />
-
-    <h2><a id="xbithack" name="xbithack">XBitHack</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> XBitHack
-    on|off|full<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>XBitHack
-    off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Options<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_include 
-
-    <p>The XBitHack directives controls the parsing of ordinary
-    html documents. This directive only affects files associated
-    with the MIME type <code>text/html</code>. XBitHack can take on
-    the following values:</p>
-
-    <dl>
-      <dt>off</dt>
-
-      <dd>No special treatment of executable files.</dd>
-
-      <dt>on</dt>
-
-      <dd>Any file that has the user-execute bit set will be
-      treated as a server-parsed html document.</dd>
-
-      <dt>full</dt>
-
-      <dd>
-        As for <code>on</code> but also test the group-execute bit.
-        If it is set, then set the Last-modified date of the
-        returned file to be the last modified time of the file. If
-        it is not set, then no last-modified date is sent. Setting
-        this bit allows clients and proxies to cache the result of
-        the request. 
-
-        <p><strong>Note:</strong> you would not want to use this,
-        for example, when you <code>#include</code> a CGI that
-        produces different output on each hit (or potentially
-        depends on the hit).</p>
-      </dd>
-    </dl>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html
deleted file mode 100644
index 9175e2ed4da..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html
+++ /dev/null
@@ -1,125 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_info</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_info</h1>
-
-    <p>This module provides a comprehensive overview of the server
-    configuration including all installed modules and directives in
-    the configuration files.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_info.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    info_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#addmoduleinfo">AddModuleInfo</a></li>
-    </ul>
-
-    <h2>Using mod_info</h2>
-
-    <p>To configure it, add the following to your
-    <code>access.conf</code> file.</p>
-<pre>
-&lt;Location /server-info&gt;
-SetHandler server-info
-&lt;/Location&gt;
-</pre>
-    You may wish to add a <a
-    href="core.html#limit">&lt;Limit&gt;</a> clause inside the <a
-    href="core.html#location">location</a> directive to limit
-    access to your server configuration information. 
-
-    <p>Once configured, the server information is obtained by
-    accessing <tt>http://your.host.dom/server-info</tt></p>
-
-    <blockquote>
-      <p><strong>Note that the configuration files are read by the
-      module at run-time, and therefore the display may
-      <em>not</em> reflect the running server's active
-      configuration if the files have been changed since the server
-      was last reloaded. Also, the configuration files must be
-      readable by the user as which the server is running (see the
-      <a href="core.html#user"><samp>User</samp></a> directive), or
-      else the directive settings will not be listed.</strong></p>
-
-      <p><strong>It should also be noted that if
-      <samp>mod_info</samp> is compiled into the server, its
-      handler capability is available in <em>all</em> configuration
-      files, including <em>per</em>-directory files (<em>e.g.</em>,
-      <samp>.htaccess</samp>). This may have security-related
-      ramifications for your site.</strong></p>
-
-      <p>In particular, this module can leak sensitive information
-      from the configuration directives of other Apache modules such as
-      system paths, usernames/passwords, database names, etc.  Due to
-      the way this module works there is no way to block information
-      from it.  Therefore, this module should ONLY be used in a controlled
-      environment and always with caution.</p>
-
-    </blockquote>
-    <hr />
-
-    <h2><a id="addmoduleinfo"
-    name="addmoduleinfo">AddModuleInfo</a></h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddModuleInfo
-    <em>module-name string</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_info<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.3 and
-    above 
-
-    <p>This allows the content of <em>string</em> to be shown as
-    HTML interpreted, <strong>Additional Information</strong> for
-    the module <em>module-name</em>. Example:</p>
-
-    <blockquote>
-<pre>
-AddModuleInfo mod_auth.c 'See &lt;A HREF="http://www.apache.org/docs/mod/mod_auth.html"&gt;http://www.apache.org/docs/mod/mod_auth.html&lt;/A&gt;'
-</pre>
-    </blockquote>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_agent.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_agent.html
deleted file mode 100644
index 14443e97535..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_agent.html
+++ /dev/null
@@ -1,116 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Module mod_log_agent</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_log_agent</h1>
-
-    <p>This module provides for logging of the client user
-    agents.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_log_agent.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    agent_log_module</p>
-
-    <h2>Summary</h2>
-
-    <p>This module is provided strictly for compatibility with NCSA
-    httpd, and is deprecated. We recommend you use <a
-    href="mod_log_config.html">mod_log_config</a> instead.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#agentlog">AgentLog</a></li>
-    </ul>
-
-    <p>See also: <a
-    href="mod_log_config.html#customlog">CustomLog</a> and <a
-    href="mod_log_config.html#logformat">LogFormat</a>.</p>
-    <hr />
-
-    <h2><a id="agentlog" name="agentlog">AgentLog</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AgentLog
-    <em>file-pipe</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>AgentLog
-    logs/agent_log</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_log_agent 
-
-    <p>The AgentLog directive sets the name of the file to which
-    the server will log the UserAgent header of incoming requests.
-    <em>File-pipe</em> is one of</p>
-
-    <dl>
-      <dt>A filename</dt>
-
-      <dd>A filename relative to the <a
-      href="core.html#serverroot">ServerRoot</a>.</dd>
-
-      <dt>`|' followed by a command</dt>
-
-      <dd>A program to receive the agent log information on its
-      standard input. Note the a new program will not be started
-      for a VirtualHost if it inherits the AgentLog from the main
-      server.</dd>
-    </dl>
-    <strong>Security:</strong> if a program is used, then it will
-    be run under the user who started httpd. This will be root if
-    the server was started by root; be sure that the program is
-    secure. 
-
-    <p><strong>Security:</strong> See the <a
-    href="../misc/security_tips.html">security tips</a> document
-    for details on why your security could be compromised if the
-    directory where logfiles are stored is writable by anyone other
-    than the user that starts the server.</p>
-
-    <p>This directive is provided for compatibility with NCSA
-    1.4. The same result can be obtained by using the <a
-    href="mod_log_config.html#logformat">LogFormat</a> and <a
-    href="mod_log_config.html#customlog">CustomLog</a> directives as
-    shown in the following example:</p>
-
-<pre>
-    LogFormat "%{User-agent}i" agent
-    CustomLog logs/agent_log agent
-</pre>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html
deleted file mode 100644
index 71992b7b0f4..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html
+++ /dev/null
@@ -1,154 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_log_common</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_log_common</h1>
-    This module is contained in the <code>mod_log_common.c</code>
-    file, and is compiled in by default. It provides for logging of
-    the requests made to the server using the Common Logfile
-    Format. This module has been replaced by mod_log_config in
-    Apache 1.2 
-
-    <h2>Log file format</h2>
-    The log file contains a separate line for each request. A line
-    is composed of several tokens separated by spaces: 
-
-    <blockquote>
-      host ident authuser date request status bytes
-    </blockquote>
-    If a token does not have a value then it is represented by a
-    hyphen (-). The meanings and values of these tokens are as
-    follows: 
-
-    <dl>
-      <dt>host</dt>
-
-      <dd>The fully-qualified domain name of the client, or its IP
-      number if the name is not available.</dd>
-
-      <dt>ident</dt>
-
-      <dd>If <a href="core.html#identitycheck">IdentityCheck</a> is
-      enabled and the client machine runs identd, then this is the
-      identity information reported by the client.</dd>
-
-      <dt>authuser</dt>
-
-      <dd>If the request was for a password protected document,
-      then this is the userid used in the request.</dd>
-
-      <dt>date</dt>
-
-      <dd>
-        The date and time of the request, in the following format: 
-
-        <dl>
-          <dd>
-            <blockquote>
-              <code>date = [day/month/year:hour:minute:second
-              zone]<br />
-               day = 2*digit<br />
-               month = 3*letter<br />
-               year = 4*digit<br />
-               hour = 2*digit<br />
-               minute = 2*digit<br />
-               second = 2*digit<br />
-               zone = (`+' | `-') 4*digit</code>
-            </blockquote>
-          </dd>
-        </dl>
-      </dd>
-
-      <dt>request</dt>
-
-      <dd>The request line from the client, enclosed in double
-      quotes (<code>"</code>).</dd>
-
-      <dt>status</dt>
-
-      <dd>The three digit status code returned to the client.</dd>
-
-      <dt>bytes</dt>
-
-      <dd>The number of bytes in the object returned to the client,
-      not including any headers.</dd>
-    </dl>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#transferlog">TransferLog</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="transferlog" name="transferlog">TransferLog</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> TransferLog
-    <em>file-pipe</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>TransferLog
-    logs/transfer_log</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_log_common 
-
-    <p>The TransferLog directive sets the name of the file to which
-    the server will log the incoming requests. <em>File-pipe</em>
-    is one of</p>
-
-    <dl>
-      <dt>A filename</dt>
-
-      <dd>A filename relative to the <a
-      href="core.html#serverroot">ServerRoot</a>.</dd>
-
-      <dt>`|' followed by a command</dt>
-
-      <dd>A program to receive the agent log information on its
-      standard input. Note the a new program will not be started
-      for a VirtualHost if it inherits the TransferLog from the
-      main server. See, just as an example, <a
-      href="http://www.cronolog.org/">cronolog</a>.</dd>
-    </dl>
-    <strong>Security:</strong> if a program is used, then it will
-    be run under the user who started httpd. This will be root if
-    the server was started by root; be sure that the program is
-    secure. 
-
-    <p><strong>Security:</strong> See the <a
-    href="../misc/security_tips.html">security tips</a> document
-    for details on why your security could be compromised if the
-    directory where logfiles are stored is writable by anyone other
-    than the user that starts the server.</p>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html
deleted file mode 100644
index d1ccc9fed1b..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html
+++ /dev/null
@@ -1,420 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_log_config</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_log_config</h1>
-
-    <p>This module provides for logging of the requests made to the
-    server, using the Common Log Format or a user-specified
-    format.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_log_config.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    config_log_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Was an extension
-    module prior to Apache 1.2.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module provides for flexible logging of client
-    requests. Logs are written in a customizable format, and may be
-    written directly to a file, or to an external program.
-    Conditional logging is provided so that individual requests may
-    be included or excluded from the logs based on characteristics
-    of the request.</p>
-
-    <p>Three directives are provided by this module:
-    <code>TransferLog</code> to create a log file,
-    <code>LogFormat</code> to set a custom format, and
-    <code>CustomLog</code> to define a log file and format in one
-    step. The <code>TransferLog</code> and <code>CustomLog</code>
-    directives can be used multiple times in each server to cause
-    each request to be logged to multiple files.</p>
-
-    <p>See also: <a href="../logs.html">Apache Log Files</a>.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#cookielog">CookieLog</a></li>
-
-      <li><a href="#customlog">CustomLog</a></li>
-
-      <li><a href="#logformat">LogFormat</a></li>
-
-      <li><a href="#transferlog">TransferLog</a></li>
-    </ul>
-
-    <h2><a id="formats" name="formats">Custom Log Formats</a></h2>
-
-    <p>The format argument to the <code>LogFormat</code> and
-    <code>CustomLog</code> directives is a string. This string is
-    used to log each request to the log file. It can contain literal
-    characters copied into the log files and the C-style control
-    characters "\n" and "\t" to represent new-lines and tabs.
-    Literal quotes and back-slashes should be escaped with
-    back-slashes.</p>
-
-    <p>The characteristics of the request itself are logged by
-    placing "<code>%</code>" directives in the format string, which are
-    replaced in the log entry by the values as follows:</p>
-<pre>
-%...a:          Remote IP-address
-%...A:          Local IP-address
-%...B:          Bytes sent, excluding HTTP headers.
-%...b:          Bytes sent, excluding HTTP headers. In CLF format
-        i.e. a '-' rather than a 0 when no bytes are sent.
-%...c:          Connection status when response was completed.
-                'X' = connection aborted before the response completed.
-                '+' = connection may be kept alive after the response is sent.
-                '-' = connection will be closed after the response is sent.
-%...{FOOBAR}e:  The contents of the environment variable FOOBAR
-%...f:          Filename
-%...h:          Remote host
-%...H       The request protocol
-%...{Foobar}i:  The contents of Foobar: header line(s) in the request
-                sent to the server.
-%...l:          Remote logname (from identd, if supplied)
-%...m       The request method
-%...{Foobar}n:  The contents of note "Foobar" from another module.
-%...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
-%...p:          The canonical Port of the server serving the request
-%...P:          The process ID of the child that serviced the request.
-%...q       The query string (prepended with a ? if a query string exists,
-        otherwise an empty string)
-%...r:          First line of request
-%...s:          Status.  For requests that got internally redirected, this is
-                the status of the *original* request --- %...&gt;s for the last.
-%...t:          Time, in common log format time format (standard english format)
-%...{format}t:  The time, in the form given by format, which should
-                be in strftime(3) format. (potentially localized)
-%...T:          The time taken to serve the request, in seconds.
-%...u:          Remote user (from auth; may be bogus if return status (%s) is 401)
-%...U:          The URL path requested, not including any query string.
-%...v:          The canonical ServerName of the server serving the request.
-%...V:          The server name according to the UseCanonicalName setting.
-</pre>
-
-    <p>The "..." can be nothing at all (<em>e.g.</em>, <code>"%h %u
-    %r %s %b"</code>), or it can indicate conditions for inclusion
-    of the item (which will cause it to be replaced with "-" if the
-    condition is not met). The forms of condition are a list of
-    HTTP status codes, which may or may not be preceded by "!".
-    Thus, "%400,501{User-agent}i" logs User-agent: on 400 errors
-    and 501 errors (Bad Request, Not Implemented) only;
-    "%!200,304,302{Referer}i" logs Referer: on all requests which
-    did <strong>not</strong> return some sort of normal status.</p>
-
-    <p>Note that in versions previous to 1.3.25 no escaping was performed
-    on the strings from <code>%...r</code>, <code>%...i</code> and
-    <code>%...o</code>. This was mainly to comply with the requirements of
-    the Common Log Format. This implied that clients could insert control
-    characters into the log, so you had to be quite careful when dealing
-    with raw log files.</p>
-
-    <p>For security reasons starting with 1.3.25 non-printable and
-    other special characters are escaped mostly by using
-    <code>\x<var>hh</var></code> sequences, where <var>hh</var> stands for
-    the hexadecimal representation of the raw byte. Exceptions from this
-    rule are <code>"</code> and <code>\</code> which are escaped by prepending
-    a backslash, and all whitespace characters that are written in their
-    C-style notation (<code>\n</code>, <code>\t</code>, etc).</p>
-
-    <p>Some commonly used log format strings are:</p>
-
-    <dl>
-      <dt>Common Log Format (CLF)</dt>
-
-      <dd><code>"%h %l %u %t \"%r\" %&gt;s %b"</code></dd>
-
-      <dt>Common Log Format with Virtual Host</dt>
-
-      <dd><code>"%v %h %l %u %t \"%r\" %&gt;s %b"</code></dd>
-
-      <dt>NCSA extended/combined log format</dt>
-
-      <dd><code>"%h %l %u %t \"%r\" %&gt;s %b \"%{Referer}i\"
-      \"%{User-agent}i\""</code></dd>
-
-      <dt>Referer log format</dt>
-
-      <dd><code>"%{Referer}i -&gt; %U"</code></dd>
-
-      <dt>Agent (Browser) log format</dt>
-
-      <dd><code>"%{User-agent}i"</code></dd>
-    </dl>
-
-    <p>Note that the canonical <a
-    href="core.html#servername">ServerName</a> and <a
-    href="core.html#port">Port</a> of the server serving the
-    request are used for <code>%v</code> and <code>%p</code>
-    respectively. This happens regardless of the <a
-    href="core.html#usecanonicalname">UseCanonicalName</a> setting
-    because otherwise log analysis programs would have to duplicate
-    the entire vhost matching algorithm in order to decide what
-    host really served the request.</p>
-
-    <h2>Security Considerations</h2>
-
-    <p>See the <a
-    href="../misc/security_tips.html#serverroot">security tips</a>
-    document for details on why your security could be compromised
-    if the directory where logfiles are stored is writable by
-    anyone other than the user that starts the server.</p>
-
-    <h2>Compatibility notes</h2>
-
-    <ul>
-      <li>This module is based on mod_log_config distributed with
-      previous Apache releases, now updated to handle multiple
-      logs. There is now no need to rebuild Apache to change
-      configuration log formats.</li>
-
-      <li>The module also implements the <code>CookieLog</code>
-      directive, used to log user-tracking information created by
-      <a href="mod_usertrack.html">mod_usertrack</a>. The use of
-      <code>CookieLog</code> is deprecated, and a
-      <code>CustomLog</code> should be defined to log user-tracking
-      information instead.</li>
-
-      <li>As of Apache 1.3.5, this module allows conditional
-      logging based upon the setting of <a
-      href="../env.html">environment variables</a>. That is, you
-      can control whether a request should be logged or not based
-      upon whether an arbitrary environment variable is defined or
-      not. This is configurable on a per-logfile
-      basis.</li>
-
-      <li>Beginning with Apache 1.3.5, the mod_log_config module
-      has also subsumed the <code>RefererIgnore</code>
-      functionality from <a
-      href="mod_log_referer.html">mod_log_referer</a>. The effect
-      of <code>RefererIgnore</code> can be achieved by combinations
-      of <a href="mod_setenvif.html"><code>SetEnvIf</code></a>
-      directives and conditional <code>CustomLog</code>
-      definitions.</li>
-    </ul>
-    <hr />
-
-    <h2><a id="cookielog" name="cookielog">CookieLog</a>
-    directive</h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CookieLog
-    <em>filename</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_cookies<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Only available
-    in Apache 1.2 and above</p>
-
-    <p>The CookieLog directive sets the filename for logging of
-    cookies. The filename is relative to the <a
-    href="core.html#serverroot">ServerRoot</a>. This directive is
-    included only for compatibility with mod_cookies, and is deprecated.</p>
-    <hr />
-
-    <h2><a id="customlog" name="customlog">CustomLog</a> <a
-    id="customlog-conditional"
-    name="customlog-conditional">directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CustomLog
-    <em>file</em>|<em>pipe</em> <em>format</em>|<em>nickname</em>
-    [env=[!]<em>environment-variable</em>]<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Nickname only
-    available in Apache 1.3 or later. Conditional logging available
-    in 1.3.5 or later.<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_log_config</p>
-
-    <p>The <code>CustomLog</code> directive is used to log requests
-    to the server. A log format is specified, and the logging can
-    optionally be made conditional on request characteristics using
-    environment variables.</p>
-
-    <p>The first argument, which specifies the location to which
-    the logs will be written, can take one of the following two
-    types of values:</p>
-
-    <dl>
-      <dt><em>file</em></dt>
-
-      <dd>A filename, relative to the <a
-      href="core.html#serverroot">ServerRoot</a>.</dd>
-
-      <dt><em>pipe</em></dt>
-
-      <dd>The pipe character "<code>|</code>", followed by the path
-      to a program to receive the log information on its standard
-      input. <strong>Security:</strong> if a program is used, then
-      it will be run as the user who started httpd. This will be
-      root if the server was started by root; be sure that the
-      program is secure.</dd>
-    </dl>
-
-    <p>The second argument specifies what will be written to the
-    log file. It can specify either a <em>nickname</em> defined by
-    a previous <a href="#logformat">LogFormat</a> directive, or it
-    can be an explicit <em>format</em> string as described in the
-    <a href="#formats">log formats</a> section.</p>
-
-    <p>For example, the following two sets of directives have
-    exactly the same effect:</p>
-<pre>
-     # CustomLog with format nickname
-     LogFormat "%h %l %u %t \"%r\" %&gt;s %b" common
-     CustomLog logs/access_log common
-
-     # CustomLog with explicit format string
-     CustomLog logs/access_log "%h %l %u %t \"%r\" %&gt;s %b"
-</pre>
-
-    <p>The third argument is optional and controls
-    whether or not to log a particular request based on the
-    presence or absence of a particular variable in the server
-    environment. If the specified <a href="../env.html">environment
-    variable</a> is set for the request (or is not set, in the case
-    of a '<code>env=!<em>name</em></code>' clause), then the
-    request will be logged.</p>
-
-    <p>Environment variables can be set on a per-request
-    basis using the <a href="mod_setenvif.html">mod_setenvif</a>
-    and/or <a href="mod_rewrite.html">mod_rewrite</a> modules. For
-    example, if you want to record requests for all GIF
-    images on your server in a separate logfile but not in your main
-    log, you can use:</p>
-<pre>
-    SetEnvIf Request_URI \.gif$ gif-image
-    CustomLog gif-requests.log common env=gif-image
-    CustomLog nongif-requests.log common env=!gif-image
-</pre>
-    <hr />
-
-    <h2><a id="logformat" name="logformat">LogFormat</a>
-    directive</h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LogFormat
-    <em>format</em>|<em>nickname</em> [<em>nickname</em>]<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>LogFormat "%h %l
-    %u %t \"%r\" %&gt;s %b"</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Nickname only
-    available in Apache 1.3 or later<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_log_config</p>
-
-    <p>This directive specifies the format of the access log
-    file.</p>
-
-    <p>The <code>LogFormat</code> directive can take one of two
-    forms. In the first form, where only one argument is specified,
-    this directive sets the log format which will be used by logs
-    specified in subsequent <a href="#transferlog">TransferLog</a>
-    directives. The single argument can specify an explicit
-    <em>format</em> as discussed in the <a href="#formats">custom log
-    formats</a> section above. Alternatively, it can use a
-    <em>nickname</em> to refer to a log format defined in a
-    previous <code>LogFormat</code> directive as described
-    below.</p>
-
-    <p>The second form of the <code>LogFormat</code> directive
-    associates an explicit <em>format</em> with a
-    <em>nickname</em>. This <em>nickname</em> can then be used in
-    subsequent <code>LogFormat</code> or <a
-    href="#customlog">CustomLog</a> directives rather than
-    repeating the entire format string. A <samp>LogFormat</samp>
-    directive which defines a nickname <strong>does nothing
-    else</strong> -- that is, it <em>only</em> defines the
-    nickname, it doesn't actually apply the format and make it the
-    default. Therefore, it will not affect subsequent <a
-    href="#transferlog">TransferLog</a> directives.</p>
-
-    <p>For example:</p>
-
-    <code>LogFormat "%v %h %l %u %t \"%r\" %&gt;s %b" vhost_common</code>
-
-    <hr />
-
-    <h2><a id="transferlog" name="transferlog">TransferLog</a>
-    directive</h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> TransferLog
-    <em>file</em>|<em>pipe</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> none<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_log_config</p>
-
-    <p>This directive has exactly the same arguments and effect as
-    the <a href="#customlog">CustomLog</a> directive, with the
-    exception that it does not allow the log format to be specified
-    explicitly or for conditional logging of requests. Instead, the
-    log format is determined by the most recently specified <a
-    href="#logformat">LogFormat</a> directive that does not define
-    a nickname. Common Log Format is used if no other format has
-    been specified.</p>
-
-    <p>Example:</p>
-<pre>
-   LogFormat "%h %l %u %t \"%r\" %&gt;s %b \"%{Referer}i\" \"%{User-agent}i\""
-   TransferLog logs/access_log
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html
deleted file mode 100644
index 31161b56b1f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html
+++ /dev/null
@@ -1,148 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_log_referer</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_log_referer</h1>
-
-    <p>This module provides for logging of the documents which
-    reference documents on the server.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_log_referer.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    referer_log_module</p>
-
-    <h2>Summary</h2>
-
-    <p>This module is provided strictly for compatibility with NCSA
-    httpd, and is deprecated. We recommend you use <a
-    href="mod_log_config.html">mod_log_config</a> instead.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#refererignore">RefererIgnore</a></li>
-
-      <li><a href="#refererlog">RefererLog</a></li>
-    </ul>
-
-    <p>See also: <a
-    href="mod_log_config.html#customlog">CustomLog</a> and <a
-    href="mod_log_config.html#logformat">LogFormat</a>.</p>
-
-    <h2>Log file format</h2>
-    The log file contains a separate line for each refer. Each line
-    has the format 
-
-    <blockquote>
-      <em>uri</em> <code>-&gt;</code> <em>document</em>
-    </blockquote>
-    where <em>uri</em> is the (%-escaped) URI for the document that
-    references the one requested by the client, and
-    <em>document</em> is the (%-decoded) local URL to the document
-    being referred to. 
-    <hr />
-
-    <h2><a id="refererignore"
-    name="refererignore">RefererIgnore</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RefererIgnore
-    <em>string</em> [<em>string</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_log_referer 
-
-    <p>The RefererIgnore directive adds to the list of strings to
-    ignore in Referer headers. If any of the strings in the list is
-    contained in the Referer header, then no referrer information
-    will be logged for the request. Example:</p>
-
-    <blockquote>
-      <code>RefererIgnore www.ncsa.uiuc.edu</code>
-    </blockquote>
-    This avoids logging references from www.ncsa.uiuc.edu. 
-    <hr />
-
-    <h2><a id="refererlog" name="refererlog">RefererLog</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RefererLog
-    <em>file-pipe</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>RefererLog
-    logs/referer_log</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_log_referer 
-
-    <p>The RefererLog directive sets the name of the file to which
-    the server will log the Referer header of incoming requests.
-    <em>File-pipe</em> is one of</p>
-
-    <dl>
-      <dt>A filename</dt>
-
-      <dd>A filename relative to the <a
-      href="core.html#serverroot">ServerRoot</a>.</dd>
-
-      <dt>`|' followed by a command</dt>
-
-      <dd>A program to receive the referrer log information on its
-      standard input. Note that a new program will not be started
-      for a VirtualHost if it inherits the RefererLog from the main
-      server.</dd>
-    </dl>
-    <strong>Security:</strong> if a program is used, then it will
-    be run under the user who started httpd. This will be root if
-    the server was started by root; be sure that the program is
-    secure. 
-
-    <p><strong>Security:</strong> See the <a
-    href="../misc/security_tips.html">security tips</a> document
-    for details on why your security could be compromised if the
-    directory where logfiles are stored is writable by anyone other
-    than the user that starts the server.</p>
-
-    <p>This directive is provided for compatibility with NCSA
-    1.4.</p>
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html
deleted file mode 100644
index 810ee5d3e0f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html
+++ /dev/null
@@ -1,691 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_mime</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Module mod_mime</h1>
-
-    <p>This module provides for determining the types of files from
-    the filename and for association of handlers with files.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_mime.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    mime_module</p>
-
-    <h2>Summary</h2>
-    This module is used to determine various bits of "meta
-    information" about documents. This information relates to the
-    content of the document and is returned to the browser or used
-    in content-negotiation within the server. In addition, a
-    "handler" can be set for a document, which determines how the
-    document will be processed within the server. 
-
-    <p>The directives <a href="#addcharset">AddCharset</a>, <a
-    href="#addencoding">AddEncoding</a>, <a
-    href="#addhandler">AddHandler</a>, <a
-    href="#addlanguage">AddLanguage</a> and <a
-    href="#addtype">AddType</a> are all used to map file extensions
-    onto the meta-information for that file. Respectively they set
-    the character set, content-encoding, handler, content-language,
-    and MIME-type (content-type) of documents. The directive <a
-    href="#typesconfig">TypesConfig</a> is used to specify a file
-    which also maps extensions onto MIME types. The directives <a
-    href="#forcetype">ForceType</a> and <a
-    href="#sethandler">SetHandler</a> are used to associated all
-    the files in a given location (<em>e.g.</em>, a particular
-    directory) onto a particular MIME type or handler.</p>
-
-    <p>Note that changing the type or encoding of a file does not
-    change the value of the <code>Last-Modified</code> header.
-    Thus, previously cached copies may still be used by a client or
-    proxy, with the previous headers.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#addcharset">AddCharset</a></li>
-
-      <li><a href="#addencoding">AddEncoding</a></li>
-
-      <li><a href="#addhandler">AddHandler</a></li>
-
-      <li><a href="#addlanguage">AddLanguage</a></li>
-
-      <li><a href="#addtype">AddType</a></li>
-
-      <li><a href="#defaultlanguage">DefaultLanguage</a></li>
-
-      <li><a href="#forcetype">ForceType</a></li>
-
-      <li><a href="#removeencoding">RemoveEncoding</a></li>
-
-      <li><a href="#removehandler">RemoveHandler</a></li>
-
-      <li><a href="#removetype">RemoveType</a></li>
-
-      <li><a href="#sethandler">SetHandler</a></li>
-
-      <li><a href="#typesconfig">TypesConfig</a></li>
-    </ul>
-
-    <p>See also: <a
-    href="mod_mime_magic.html#mimemagicfile">MimeMagicFile</a>.</p>
-
-    <h2><a id="multipleext" name="multipleext">Files with Multiple
-    Extensions</a></h2>
-    Files can have more than one extension, and the order of the
-    extensions is <em>normally</em> irrelevant. For example, if the
-    file <code>welcome.html.fr</code> maps onto content type
-    text/html and language French then the file
-    <code>welcome.fr.html</code> will map onto exactly the same
-    information. The only exception to this is if an extension is
-    given which Apache does not know how to handle. In this case it
-    will "forget" about any information it obtained from extensions
-    to the left of the unknown extension. So, for example, if the
-    extensions fr and html are mapped to the appropriate language
-    and type but extension xxx is not assigned to anything, then
-    the file <code>welcome.fr.xxx.html</code> will be associated
-    with content-type text/html but <em>no</em> language. 
-
-    <p>If more than one extension is given which maps onto the same
-    type of meta-information, then the one to the right will be
-    used. For example, if ".gif" maps to the MIME-type image/gif
-    and ".html" maps to the MIME-type text/html, then the file
-    <code>welcome.gif.html</code> will be associated with the
-    MIME-type "text/html".</p>
-
-    <p>Care should be taken when a file with multiple extensions
-    gets associated with both a MIME-type and a handler. This will
-    usually result in the request being by the module associated
-    with the handler. For example, if the <code>.imap</code>
-    extension is mapped to the handler "imap-file" (from mod_imap)
-    and the <code>.html</code> extension is mapped to the MIME-type
-    "text/html", then the file <code>world.imap.html</code> will be
-    associated with both the "imap-file" handler and "text/html"
-    MIME-type. When it is processed, the "imap-file" handler will
-    be used, and so it will be treated as a mod_imap imagemap
-    file.</p>
-    <hr />
-
-    <h2><a id="addcharset" name="addcharset">AddCharset</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddCharset <em>charset
-    extension</em> [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> AddCharset is
-    only available in Apache 1.3.10 and later 
-
-    <p>The AddCharset directive maps the given filename extensions
-    to the specified content charset. <i>charset</i> is the MIME
-    charset parameter of filenames containing <i>extension</i>.
-    This mapping is added to any already in force, overriding any
-    mappings that already exist for the same <i>extension</i>.</p>
-
-    <p>Example:</p>
-<pre>
-    AddLanguage ja .ja
-    AddCharset EUC-JP .euc
-    AddCharset ISO-2022-JP .jis
-    AddCharset SHIFT_JIS .sjis
-</pre>
-
-    <p>Then the document <code>xxxx.ja.jis</code> will be treated
-    as being a Japanese document whose charset is ISO-2022-JP (as
-    will the document <code>xxxx.jis.ja</code>). The AddCharset
-    directive is useful for both to inform the client about the
-    character encoding of the document so that the document can be
-    interpreted and displayed appropriately, and for <a
-    href="../content-negotiation.html">content negotiation</a>,
-    where the server returns one from several documents based on
-    the client's charset preference.</p>
-
-    <p>The <em>extension</em> argument is case-insensitive, and can
-    be specified with or without a leading dot.</p>
-
-    <p><strong>See also</strong>: <a
-    href="mod_negotiation.html">mod_negotiation</a></p>
-    <hr />
-
-    <h2><a id="addencoding" name="addencoding">AddEncoding</a>
-    directive</h2>
-    <!--%plaintext &lt;?INDEX {\tt AddEncoding} directive&gt; -->
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddEncoding
-    <em>MIME-enc extension</em> [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime 
-
-    <p>The AddEncoding directive maps the given filename extensions
-    to the specified encoding type. <em>MIME-enc</em> is the MIME
-    encoding to use for documents containing the
-    <em>extension</em>. This mapping is added to any already in
-    force, overriding any mappings that already exist for the same
-    <em>extension</em>. Example:</p>
-
-    <blockquote>
-      <code>AddEncoding x-gzip .gz<br />
-       AddEncoding x-compress .Z</code>
-    </blockquote>
-    This will cause filenames containing the .gz extension to be
-    marked as encoded using the x-gzip encoding, and filenames
-    containing the .Z extension to be marked as encoded with
-    x-compress. 
-
-    <p>Old clients expect <code>x-gzip</code> and
-    <code>x-compress</code>, however the standard dictates that
-    they're equivalent to <code>gzip</code> and
-    <code>compress</code> respectively. Apache does content
-    encoding comparisons by ignoring any leading <code>x-</code>.
-    When responding with an encoding Apache will use whatever form
-    (<em>i.e.</em>, <code>x-foo</code> or <code>foo</code>) the
-    client requested. If the client didn't specifically request a
-    particular form Apache will use the form given by the
-    <code>AddEncoding</code> directive. To make this long story
-    short, you should always use <code>x-gzip</code> and
-    <code>x-compress</code> for these two specific encodings. More
-    recent encodings, such as <code>deflate</code> should be
-    specified without the <code>x-</code>.</p>
-
-    <p>The <em>extension</em> argument is case-insensitive, and can
-    be specified with or without a leading dot.</p>
-
-    <p><strong>See also</strong>: <a href="#multipleext">Files with
-    multiple extensions</a></p>
-    <hr />
-
-    <h2><a id="addhandler" name="addhandler">AddHandler</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddHandler
-    <em>handler-name extension</em> [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> AddHandler is
-    only available in Apache 1.1 and later 
-
-    <p>AddHandler maps the filename extensions <em>extension</em>
-    to the <a href="../handler.html">handler</a>
-    <em>handler-name</em>. This mapping is added to any already in
-    force, overriding any mappings that already exist for the same
-    <em>extension</em>. For example, to activate CGI scripts with
-    the file extension "<code>.cgi</code>", you might use:</p>
-<pre>
-    AddHandler cgi-script .cgi
-</pre>
-
-    <p>Once that has been put into your srm.conf or httpd.conf
-    file, any file containing the "<code>.cgi</code>" extension
-    will be treated as a CGI program.</p>
-
-    <p>The <em>extension</em> argument is case-insensitive, and can
-    be specified with or without a leading dot.</p>
-
-    <p><strong>See also</strong>: <a href="#multipleext">Files with
-    multiple extensions</a>, <a href="#sethandler">SetHandler</a></p>
-    <hr />
-
-    <h2><a id="addlanguage" name="addlanguage">AddLanguage</a>
-    directive</h2>
-    <!--%plaintext &lt;?INDEX {\tt AddLanguage} directive&gt; -->
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddLanguage
-    <em>MIME-lang extension</em> [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime 
-
-    <p>The AddLanguage directive maps the given filename extension
-    to the specified content language. <em>MIME-lang</em> is the
-    MIME language of filenames containing <em>extension</em>. This
-    mapping is added to any already in force, overriding any
-    mappings that already exist for the same
-    <em>extension</em>.</p>
-
-    <p>Example:</p>
-
-    <blockquote>
-      <code>AddEncoding x-compress .Z<br />
-       AddLanguage en .en<br />
-       AddLanguage fr .fr<br />
-      </code>
-    </blockquote>
-
-    <p>Then the document <code>xxxx.en.Z</code> will be treated as
-    being a compressed English document (as will the document
-    <code>xxxx.Z.en</code>). Although the content language is
-    reported to the client, the browser is unlikely to use this
-    information. The AddLanguage directive is more useful for <a
-    href="../content-negotiation.html">content negotiation</a>,
-    where the server returns one from several documents based on
-    the client's language preference.</p>
-
-    <p>If multiple language assignments are made for the same
-    extension, the last one encountered is the one that is used.
-    That is, for the case of:</p>
-<pre>
-    AddLanguage en .en
-    AddLanguage en-uk .en
-    AddLanguage en-us .en
-</pre>
-
-    <p>documents with the extension "<code>.en</code>" would be
-    treated as being "<code>en-us</code>".</p>
-
-    <p>The <em>extension</em> argument is case-insensitive, and can
-    be specified with or without a leading dot.</p>
-
-    <p><strong>See also</strong>: <a href="#multipleext">Files with
-    multiple extensions</a>, <a
-    href="#defaultlanguage">DefaultLanguage</a><br />
-     <strong>See also</strong>: <a
-    href="./mod_negotiation.html">mod_negotiation</a></p>
-    <hr />
-
-    <h2><a id="addtype" name="addtype">AddType</a> directive</h2>
-    <!--%plaintext &lt;?INDEX {\tt AddType} directive&gt; -->
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AddType <em>MIME-type
-    extension</em> [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime 
-
-    <p>The AddType directive maps the given filename extensions
-    onto the specified content type. <em>MIME-type</em> is the MIME
-    type to use for filenames containing <em>extension</em>. This
-    mapping is added to any already in force, overriding any
-    mappings that already exist for the same <em>extension</em>.
-    This directive can be used to add mappings not listed in the
-    MIME types file (see the <code><a
-    href="#typesconfig">TypesConfig</a></code> directive).
-    Example:</p>
-
-    <blockquote>
-      <code>AddType image/gif .gif</code>
-    </blockquote>
-    It is recommended that new MIME types be added using the
-    AddType directive rather than changing the <a
-    href="#typesconfig">TypesConfig</a> file. 
-
-    <p>Note that, unlike the NCSA httpd, this directive cannot be
-    used to set the type of particular files.</p>
-
-    <p>The <em>extension</em> argument is case-insensitive, and can
-    be specified with or without a leading dot.</p>
-
-    <p><strong>See also</strong>: <a href="#multipleext">Files with
-    multiple extensions</a></p>
-    <hr />
-
-    <h2><a id="defaultlanguage"
-    name="defaultlanguage">DefaultLanguage</a> directive</h2>
-    <!--%plaintext &lt;?INDEX {\tt DefaultLanguage} directive&gt; -->
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> DefaultLanguage
-    <em>MIME-lang</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> DefaultLanguage
-    is only available in Apache 1.3.4 and later. 
-
-    <p>The DefaultLanguage directive tells Apache that all files in
-    the directive's scope (<em>e.g.</em>, all files covered by the
-    current <code>&lt;Directory&gt;</code> container) that don't
-    have an explicit language extension (such as <samp>.fr</samp>
-    or <samp>.de</samp> as configured by <samp>AddLanguage</samp>)
-    should be considered to be in the specified <em>MIME-lang</em>
-    language. This allows entire directories to be marked as
-    containing Dutch content, for instance, without having to
-    rename each file. Note that unlike using extensions to specify
-    languages, <samp>DefaultLanguage</samp> can only specify a
-    single language.</p>
-
-    <p>For example:</p>
-
-    <code>DefaultLanguage fr</code>
-
-    <p>If no <samp>DefaultLanguage</samp> directive is in force,
-    and a file does not have any language extensions as configured
-    by <samp>AddLanguage</samp>, then that file will be considered
-    to have no language attribute.</p>
-
-    <p><strong>See also</strong>: <a
-    href="./mod_negotiation.html">mod_negotiation</a><br />
-     <strong>See also</strong>: <a href="#multipleext">Files with
-    multiple extensions</a></p>
-    <hr />
-
-    <h2><a id="forcetype" name="forcetype">ForceType</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ForceType
-    <em>media-type</em>|None<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ForceType is
-    only available in Apache 1.1 and later. 
-
-    <p>When placed into an <code>.htaccess</code> file or a
-    <code>&lt;Directory&gt;</code> or <code>&lt;Location&gt;</code>
-    section, this directive forces all matching files to be served
-    as the content type given by <em>media type</em>. For example,
-    if you had a directory full of GIF files, but did not want to
-    label them all with ".gif", you might want to use:</p>
-<pre>
-    ForceType image/gif
-</pre>
-
-    <p>Note that this will override any filename extensions that
-    might determine the media type.</p>
-
-    <p>You can override any <directive>ForceType</directive> setting
-    by using the value of <code>none</code>:</p>
-
-<pre>
-    # force all files to be image/gif:
-    &lt;Location /images&gt;
-      ForceType image/gif
-    &lt;/Location&gt;
-
-    # but normal mime-type associations here:
-    &lt;Location /images/mixed&gt;
-      ForceType none
-    &lt;/Location&gt;
-</pre>
-
-    <p><strong>See also</strong>: <a
-    href="#addtype">AddType</a></p>
-
-    <hr />
-
-    <h2><a id="removeencoding"
-    name="removeencoding">RemoveEncoding</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RemoveEncoding
-    <em>extension</em> [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> virtual host, directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> RemoveEncoding
-    is only available in Apache 1.3.13 and later. 
-
-    <p>The <samp>RemoveEncoding</samp> directive removes any
-    encoding associations for files with the given extensions. This
-    allows <code>.htaccess</code> files in subdirectories to undo
-    any associations inherited from parent directories or the
-    server config files. An example of its use might be:</p>
-
-    <dl>
-      <dt><code>/foo/.htaccess:</code></dt>
-
-      <dd><code>AddEncoding x-gzip .gz</code><br />
-       <code>AddType text/plain .asc</code><br />
-       <code>&lt;Files *.gz.asc&gt;</code><br />
-       <code>&nbsp;&nbsp;&nbsp;&nbsp;RemoveEncoding
-      .gz</code><br />
-       <code>&lt;/Files&gt;</code></dd>
-    </dl>
-
-    <p>This will cause <code>foo.gz</code> to mark as being encoded
-    with the gzip method, but <code>foo.gz.asc</code> as an
-    unencoded plaintext file.</p>
-
-    <p><b>Note:</b>RemoveEncoding directives are processed
-    <i>after</i> any <a href="#addencoding">AddEncoding</a>
-    directives, so it is possible they
-    may undo the effects of the latter if both occur within the
-    same directory configuration.</p>
-
-    <p>The <em>extension</em> argument is case-insensitive, and can
-    be specified with or without a leading dot.</p>
-    <hr />
-
-    <h2><a id="removehandler"
-    name="removehandler">RemoveHandler</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RemoveHandler
-    <em>extension</em> [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> virtual host, directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> RemoveHandler is
-    only available in Apache 1.3.4 and later. 
-
-    <p>The <samp>RemoveHandler</samp> directive removes any handler
-    associations for files with the given extensions. This allows
-    <code>.htaccess</code> files in subdirectories to undo any
-    associations inherited from parent directories or the server
-    config files. An example of its use might be:</p>
-
-    <dl>
-      <dt><code>/foo/.htaccess:</code></dt>
-
-      <dd><code>AddHandler server-parsed .html</code></dd>
-
-      <dt><code>/foo/bar/.htaccess:</code></dt>
-
-      <dd><code>RemoveHandler .html</code></dd>
-    </dl>
-
-    <p>This has the effect of returning <samp>.html</samp> files in
-    the <samp>/foo/bar</samp> directory to being treated as normal
-    files, rather than as candidates for parsing (see the <a
-    href="mod_include.html"><samp>mod_include</samp></a>
-    module).</p>
-
-    <p>The <em>extension</em> argument is case-insensitive, and can
-    be specified with or without a leading dot.</p>
-    <hr />
-
-    <h2><a id="removetype" name="removetype">RemoveType</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> RemoveType
-    <em>extension</em> [<em>extension</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> virtual host, directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> RemoveType is
-    only available in Apache 1.3.13 and later. 
-
-    <p>The <samp>RemoveType</samp> directive removes any MIME type
-    associations for files with the given extensions. This allows
-    <code>.htaccess</code> files in subdirectories to undo any
-    associations inherited from parent directories or the server
-    config files. An example of its use might be:</p>
-
-    <dl>
-      <dt><code>/foo/.htaccess:</code></dt>
-
-      <dd><code>RemoveType .cgi</code></dd>
-    </dl>
-
-    <p>This will remove any special handling of <code>.cgi</code>
-    files in the <code>/foo/</code> directory and any beneath it,
-    causing the files to be treated as being of the <a
-    href="core.html#defaulttype">default type</a>.</p>
-
-    <p><b>Note:</b><code>RemoveType</code> directives are processed
-    <i>after</i> any <code>AddType</code> directives, so it is
-    possible they may undo the effects of the latter if both occur
-    within the same directory configuration.</p>
-
-    <p>The <em>extension</em> argument is case-insensitive, and can
-    be specified with or without a leading dot.</p>
-    <hr />
-
-    <h2><a id="sethandler" name="sethandler">SetHandler</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> SetHandler
-    <em>handler-name</em>|None<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> SetHandler is
-    only available in Apache 1.1 and later. 
-
-    <p>When placed into an <code>.htaccess</code> file or a
-    <code>&lt;Directory&gt;</code> or <code>&lt;Location&gt;</code>
-    section, this directive forces all matching files to be parsed
-    through the <a href="../handler.html">handler</a> given by
-    <em>handler-name</em>. For example, if you had a directory you
-    wanted to be parsed entirely as imagemap rule files, regardless
-    of extension, you might put the following into an
-    <code>.htaccess</code> file in that directory:</p>
-<pre>
-    SetHandler imap-file
-</pre>
-
-    <p>Another example: if you wanted to have the server display a
-    status report whenever a URL of
-    <code>http://servername/status</code> was called, you might put
-    the following into access.conf: (See <a
-    href="mod_status.html">mod_status</a> for more details.)</p>
-<pre>
-    &lt;Location /status&gt;
-    SetHandler server-status
-    &lt;/Location&gt;
-</pre>
-
-    <p>You can override an earlier defined <code>SetHandler</code>
-    directive by using the value <code>None</code>.</p>
-
-    <p><strong>See also</strong>: <a href="#addhandler">AddHandler</a></p>
-    <hr />
-
-    <h2><a id="typesconfig" name="typesconfig">TypesConfig</a>
-    directive</h2>
-    <!--%plaintext &lt;?INDEX {\tt TypesConfig} directive&gt; -->
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> TypesConfig
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>TypesConfig
-    conf/mime.types</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime 
-
-    <p>The TypesConfig directive sets the location of the MIME
-    types configuration file. <em>Filename</em> is relative to the
-    <a href="core.html#serverroot">ServerRoot</a>. This file sets
-    the default list of mappings from filename extensions to
-    content types; changing this file is not recommended. Use the
-    <a href="#addtype">AddType</a> directive instead. The file
-    contains lines in the format of the arguments to an AddType
-    command:</p>
-
-    <blockquote>
-      <em>MIME-type extension extension ...</em>
-    </blockquote>
-    The extensions are lower-cased. Blank lines, and lines
-    beginning with a hash character (`#') are ignored. 
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html
deleted file mode 100644
index 3a5a76befb7..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html
+++ /dev/null
@@ -1,326 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_mime_magic</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" />
-    </div>
-
-    <h1 align="CENTER">Module mod_mime_magic</h1>
-
-    <p>This module provides for determining the MIME type of a file
-    by looking at a few bytes of its contents.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_mime_magic.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    mime_magic_module</p>
-
-    <h2>Summary</h2>
-
-    <p>This module determines the MIME type of files in the same
-    way the Unix file(1) command works: it looks at the first few
-    bytes of the file. It is intended as a "second line of defense"
-    for cases that <a href="mod_mime.html">mod_mime</a> can't
-    resolve. To assure that mod_mime gets first try at determining
-    a file's MIME type, be sure to list mod_mime_magic
-    <strong>before</strong> mod_mime in the configuration.</p>
-
-    <p>This module is derived from a free version of the
-    <code>file(1)</code> command for Unix, which uses "magic
-    numbers" and other hints from a file's contents to figure out
-    what the contents are. This module is active only if the magic
-    file is specified by the <a
-    href="#mimemagicfile"><code>MimeMagicFile</code></a>
-    directive.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#mimemagicfile">MimeMagicFile</a></li>
-    </ul>
-
-    <h2>Format of the Magic File</h2>
-
-    <p>The contents of the file are plain ASCII text in 4-5
-    columns. Blank lines are allowed but ignored. Commented lines
-    use a hash mark "#". The remaining lines are parsed for the
-    following columns:</p>
-
-    <table border="1">
-      <tr valign="top">
-        <th>Column</th>
-
-        <th>Description</th>
-      </tr>
-
-      <tr valign="top">
-        <td>1</td>
-
-        <td>byte number to begin checking from<br />
-         "&gt;" indicates a dependency upon the previous non-"&gt;"
-        line</td>
-      </tr>
-
-      <tr valign="top">
-        <td>2</td>
-
-        <td>
-          type of data to match 
-
-          <table border="1">
-            <tr>
-              <td>byte</td>
-
-              <td>single character</td>
-            </tr>
-
-            <tr>
-              <td>short</td>
-
-              <td>machine-order 16-bit integer</td>
-            </tr>
-
-            <tr>
-              <td>long</td>
-
-              <td>machine-order 32-bit integer</td>
-            </tr>
-
-            <tr>
-              <td>string</td>
-
-              <td>arbitrary-length string</td>
-            </tr>
-
-            <tr>
-              <td>date</td>
-
-              <td>long integer date (seconds since Unix
-              epoch/1970)</td>
-            </tr>
-
-            <tr>
-              <td>beshort</td>
-
-              <td>big-endian 16-bit integer</td>
-            </tr>
-
-            <tr>
-              <td>belong</td>
-
-              <td>big-endian 32-bit integer</td>
-            </tr>
-
-            <tr>
-              <td>bedate</td>
-
-              <td>big-endian 32-bit integer date</td>
-            </tr>
-
-            <tr>
-              <td>leshort</td>
-
-              <td>little-endian 16-bit integer</td>
-            </tr>
-
-            <tr>
-              <td>lelong</td>
-
-              <td>little-endian 32-bit integer</td>
-            </tr>
-
-            <tr>
-              <td>ledate</td>
-
-              <td>little-endian 32-bit integer date</td>
-            </tr>
-          </table>
-        </td>
-      </tr>
-
-      <tr valign="top">
-        <td>3</td>
-
-        <td>contents of data to match</td>
-      </tr>
-
-      <tr valign="top">
-        <td>4</td>
-
-        <td>MIME type if matched</td>
-      </tr>
-
-      <tr valign="top">
-        <td>5</td>
-
-        <td>MIME encoding if matched (optional)</td>
-      </tr>
-    </table>
-
-    <p>For example, the following magic file lines would recognize
-    some audio formats.</p>
-<pre>
-# Sun/NeXT audio data
-0       string          .snd
-&gt;12     belong          1               audio/basic
-&gt;12     belong          2               audio/basic
-&gt;12     belong          3               audio/basic
-&gt;12     belong          4               audio/basic
-&gt;12     belong          5               audio/basic
-&gt;12     belong          6               audio/basic
-&gt;12     belong          7               audio/basic
-&gt;12     belong          23              audio/x-adpcm
-</pre>
-    Or these would recognize the difference between "*.doc" files
-    containing Microsoft Word or FrameMaker documents. (These are
-    incompatible file formats which use the same file suffix.) 
-<pre>
-# Frame
-0       string          \&lt;MakerFile     application/x-frame
-0       string          \&lt;MIFFile       application/x-frame
-0       string          \&lt;MakerDictionary       application/x-frame
-0       string          \&lt;MakerScreenFon        application/x-frame
-0       string          \&lt;MML           application/x-frame
-0       string          \&lt;Book          application/x-frame
-0       string          \&lt;Maker         application/x-frame
-
-# MS-Word
-0       string          \376\067\0\043                  application/msword
-0       string          \320\317\021\340\241\261        application/msword
-0       string          \333\245-\0\0\0                 application/msword
-</pre>
-    An optional MIME encoding can be included as a fifth column.
-    For example, this can recognize gzipped files and set the
-    encoding for them. 
-<pre>
-# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
-0       string          \037\213        application/octet-stream        x-gzip
-</pre>
-
-    <h2>Performance Issues</h2>
-    This module is not for every system. If your system is barely
-    keeping up with its load or if you're performing a web server
-    benchmark, you may not want to enable this because the
-    processing is not free. 
-
-    <p>However, an effort was made to improve the performance of
-    the original file(1) code to make it fit in a busy web server.
-    It was designed for a server where there are thousands of users
-    who publish their own documents. This is probably very common
-    on intranets. Many times, it's helpful if the server can make
-    more intelligent decisions about a file's contents than the
-    file name allows ...even if just to reduce the "why doesn't my
-    page work" calls when users improperly name their own files.
-    You have to decide if the extra work suits your
-    environment.</p>
-
-    <p>When compiling an Apache server, this module should be at or
-    near the top of the list of modules in the Configuration file.
-    The modules are listed in increasing priority so that will mean
-    this one is used only as a last resort, just like it was
-    designed to.</p>
-
-    <h2><a id="notes" name="notes">Notes</a></h2>
-    The following notes apply to the mod_mime_magic module and are
-    included here for compliance with contributors' copyright
-    restrictions that require their acknowledgment. 
-<pre>
-/*
- * mod_mime_magic: MIME type lookup via file magic numbers
- * Copyright (c) 1996-1997 Cisco Systems, Inc.
- *
- * This software was submitted by Cisco Systems to the Apache Group in July
- * 1997.  Future revisions and derivatives of this source code must
- * acknowledge Cisco Systems as the original contributor of this module.
- * All other licensing and usage conditions are those of the Apache Group.
- *
- * Some of this code is derived from the free version of the file command
- * originally posted to comp.sources.unix.  Copyright info for that program
- * is included below as required.
- * ---------------------------------------------------------------------------
- * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
- *
- * This software is not subject to any license of the American Telephone and
- * Telegraph Company or of the Regents of the University of California.
- *
- * Permission is granted to anyone to use this software for any purpose on any
- * computer system, and to alter it and redistribute it freely, subject to
- * the following restrictions:
- *
- * 1. The author is not responsible for the consequences of use of this
- * software, no matter how awful, even if they arise from flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission.  Since few users ever read sources, credits
- * must appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software.  Since few users ever read
- * sources, credits must appear in the documentation.
- *
- * 4. This notice may not be removed or altered.
- * -------------------------------------------------------------------------
- *
- * For compliance with Mr Darwin's terms: this has been very significantly
- * modified from the free "file" command.
- * - all-in-one file for compilation convenience when moving from one
- *   version of Apache to the next.
- * - Memory allocation is done through the Apache API's pool structure.
- * - All functions have had necessary Apache API request or server
- *   structures passed to them where necessary to call other Apache API
- *   routines.  (<em>i.e.</em>, usually for logging, files, or memory allocation in
- *   itself or a called function.)
- * - struct magic has been converted from an array to a single-ended linked
- *   list because it only grows one record at a time, it's only accessed
- *   sequentially, and the Apache API has no equivalent of realloc().
- * - Functions have been changed to get their parameters from the server
- *   configuration instead of globals.  (It should be reentrant now but has
- *   not been tested in a threaded environment.)
- * - Places where it used to print results to stdout now saves them in a
- *   list where they're used to set the MIME type in the Apache request
- *   record.
- * - Command-line flags have been removed since they will never be used here.
- *
- */
-</pre>
-    <hr />
-
-    <h2><a id="mimemagicfile"
-    name="mimemagicfile">MimeMagicFile</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MimeMagicFile
-    <em>file-path</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> none<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mime_magic</p>
-
-    <p>The <code>MimeMagicFile</code> directive can be used to
-    enable this module, the default file is distributed at
-    <code>conf/magic</code>. Non-rooted paths are relative to the
-    ServerRoot. Virtual hosts will use the same file as the main
-    server unless a more specific setting is used, in which case
-    the more specific setting overrides the main server's file.</p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html
deleted file mode 100644
index 3c8721d73bf..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html
+++ /dev/null
@@ -1,139 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_mmap_static</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_mmap_static</h1>
-
-    <p>This module provides mmap()ing of a statically configured
-    list of frequently requested but not changed files.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_mmap_static.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    mmap_static_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This is an <strong>experimental</strong> module and should
-    be used with care. You can easily create a broken site using
-    this module, read this document carefully.
-    <code>mod_mmap_static</code> maps a list of statically
-    configured files (via <code>MMapFile</code> directives in the
-    main server configuration) into memory through the system call
-    <code>mmap()</code>. This system call is available on most
-    modern Unix derivates, but not on all. There are sometimes
-    system-specific limits on the size and number of files that can
-    be mmap()d, experimentation is probably the easiest way to find
-    out.</p>
-
-    <p>This mmap()ing is done once at server start or restart,
-    only. So whenever one of the mapped files changes on the
-    filesystem you <em>have</em> to restart the server by at least
-    sending it a HUP or USR1 signal (see the <a
-    href="../stopping.html">Stopping and Restarting</a>
-    documentation). To reiterate that point: if the files are
-    modified <em>in place</em> without restarting the server you
-    may end up serving requests that are completely bogus. You
-    should update files by unlinking the old copy and putting a new
-    copy in place. Most tools such as <code>rdist</code> and
-    <code>mv</code> do this. The reason why this modules doesn't
-    take care of changes to the files is that this check would need
-    an extra <code>stat()</code> every time which is a waste and
-    against the intent of I/O reduction.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#mmapfile">MMapFile</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="mmapfile" name="mmapfile">MMapFile</a>
-    directive</h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> MMapFile
-    <em>filename</em> [<em>filename</em>] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server-config<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Experimental<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_mmap_static<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Only available
-    in Apache 1.3 or later</p>
-
-    <p>The <code>MMapFile</code> directive maps one or more files
-    (given as whitespace separated arguments) into memory at server
-    startup time. They are automatically unmapped on a server
-    shutdown. When the files have changed on the filesystem at
-    least a HUP or USR1 signal should be send to the server to
-    re-mmap them.</p>
-
-    <p>Be careful with the <em>filename</em> arguments: They have
-    to literally match the filesystem path Apache's URL-to-filename
-    translation handlers create. We cannot compare inodes or other
-    stuff to match paths through symbolic links <em>etc.</em>
-    because that again would cost extra <code>stat()</code> system
-    calls which is not acceptable. This module may or may not work
-    with filenames rewritten by <code>mod_alias</code> or
-    <code>mod_rewrite</code>... it is an experiment after all.</p>
-
-    <p>Notice: You cannot use this for speeding up CGI programs or
-    other files which are served by special content handlers. It
-    can only be used for regular files which are usually served by
-    the Apache core content handler.</p>
-    Example: 
-<pre>
-  MMapFile /usr/local/apache/htdocs/index.html
- 
-</pre>
-
-    <p><strong>Note</strong>: don't bother asking for a for a
-    <code>MMapDir</code> directive which recursively maps all the
-    files in a directory. Use Unix the way it was meant to be used.
-    For example, see the <a href="core.html#include">Include</a>
-    directive, and consider this command:</p>
-<pre>
-  find /www/htdocs -type f -print \
-  | sed -e 's/.*/mmapfile &amp;/' &gt; /www/conf/mmap.conf
- 
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html b/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html
deleted file mode 100644
index 5240b12b266..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html
+++ /dev/null
@@ -1,234 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_negotiation</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_negotiation</h1>
-
-    <p>This module provides for <a
-    href="../content-negotiation.html">content negotiation</a>.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_negotiation.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    negotiation_module</p>
-
-    <h2>Summary</h2>
-    Content negotiation, or more accurately content selection, is
-    the selection of the document that best matches the clients
-    capabilities, from one of several available documents. There
-    are two implementations of this. 
-
-    <ul>
-      <li>A type map (a file with the handler
-      <code>type-map</code>) which explicitly lists the files
-      containing the variants.</li>
-
-      <li>A MultiViews search (enabled by the MultiViews <a
-      href="core.html#options">Option</a>, where the server does an
-      implicit filename pattern match, and choose from amongst the
-      results.</li>
-    </ul>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a
-      href="#cachenegotiateddocs">CacheNegotiatedDocs</a></li>
-
-      <li><a href="#languagepriority">LanguagePriority</a></li>
-    </ul>
-    <strong>See also</strong>: <a
-    href="./mod_mime.html#defaultlanguage">DefaultLanguage</a>, <a
-    href="./mod_mime.html#addencoding">AddEncoding</a>, <a
-    href="./mod_mime.html#addlanguage">AddLanguage</a>, <a
-    href="./mod_mime.html#addtype">AddType</a>, and <a
-    href="core.html#options">Options</a>. 
-
-    <h2>Type maps</h2>
-    A type map has the same format as RFC822 mail headers. It
-    contains document descriptions separated by blank lines, with
-    lines beginning with a hash character ('#') treated as
-    comments. A document description consists of several header
-    records; records may be continued on multiple lines if the
-    continuation lines start with spaces. The leading space will be
-    deleted and the lines concatenated. A header record consists of
-    a keyword name, which always ends in a colon, followed by a
-    value. Whitespace is allowed between the header name and value,
-    and between the tokens of value. The headers allowed are: 
-
-    <dl>
-      <dt>Content-Encoding:</dt>
-
-      <dd>The encoding of the file. Apache only recognizes
-      encodings that are defined by an <a
-      href="mod_mime.html#addencoding">AddEncoding</a> directive.
-      This normally includes the encodings <code>x-compress</code>
-      for compress'd files, and <code>x-gzip</code> for gzip'd
-      files. The <code>x-</code> prefix is ignored for encoding
-      comparisons.</dd>
-
-      <dt>Content-Language:</dt>
-
-      <dd>The language of the variant, as an Internet standard
-      language tag (RFC 1766). An example is <code>en</code>,
-      meaning English.</dd>
-
-      <dt>Content-Length:</dt>
-
-      <dd>The length of the file, in bytes. If this header is not
-      present, then the actual length of the file is used.</dd>
-
-      <dt>Content-Type:</dt>
-
-      <dd>
-        The MIME media type of the document, with optional
-        parameters. Parameters are separated from the media type
-        and from one another by a semi-colon, with a syntax of
-        <code>name=value</code>. Common parameters include: 
-
-        <dl>
-          <dt>level</dt>
-
-          <dd>an integer specifying the version of the media type.
-          For <code>text/html</code> this defaults to 2, otherwise
-          0.</dd>
-
-          <dt>qs</dt>
-
-          <dd>a floating-point number with a value in the range 0.0
-          to 1.0, indicating the relative 'quality' of this variant
-          compared to the other available variants, independent of
-          the client's capabilities. For example, a jpeg file is
-          usually of higher source quality than an ascii file if it
-          is attempting to represent a photograph. However, if the
-          resource being represented is ascii art, then an ascii
-          file would have a higher source quality than a jpeg file.
-          All qs values are therefore specific to a given
-          resource.</dd>
-        </dl>
-        Example: 
-
-        <blockquote>
-          <code>Content-Type: image/jpeg; qs=0.8</code>
-        </blockquote>
-      </dd>
-
-      <dt>URI:</dt>
-
-      <dd>The path to the file containing this variant, relative to
-      the map file.</dd>
-    </dl>
-
-    <h2>MultiViews</h2>
-    A MultiViews search is enabled by the MultiViews <a
-    href="core.html#options">Option</a>. If the server receives a
-    request for <code>/some/dir/foo</code> and
-    <code>/some/dir/foo</code> does <em>not</em> exist, then the
-    server reads the directory looking for all files named
-    <code>foo.*</code>, and effectively fakes up a type map which
-    names all those files, assigning them the same media types and
-    content-encodings it would have if the client had asked for one
-    of them by name. It then chooses the best match to the client's
-    requirements, and returns that document. 
-    <hr />
-
-    <h2><a id="cachenegotiateddocs"
-    name="cachenegotiateddocs">CacheNegotiatedDocs</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a>
-    CacheNegotiatedDocs<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_negotiation<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    CacheNegotiatedDocs is only available in Apache 1.1 and later. 
-
-    <p>If set, this directive allows content-negotiated documents
-    to be cached by proxy servers. This could mean that clients
-    behind those proxys could retrieve versions of the documents
-    that are not the best match for their abilities, but it will
-    make caching more efficient.</p>
-
-    <p>This directive only applies to requests which come from
-    HTTP/1.0 browsers. HTTP/1.1 provides much better control over
-    the caching of negotiated documents, and this directive has no
-    effect in responses to HTTP/1.1 requests.</p>
-    <hr />
-
-    <h2><a id="languagepriority"
-    name="languagepriority">LanguagePriority</a> directive</h2>
-    <!--%plaintext &lt;?INDEX {\tt LanguagePriority} directive&gt; -->
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LanguagePriority
-    <em>MIME-lang</em> [<em>MIME-lang</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_negotiation 
-
-    <p>The LanguagePriority sets the precedence of language
-    variants for the case where the client does not express a
-    preference, when handling a MultiViews request. The list of
-    <em>MIME-lang</em> are in order of decreasing preference.
-    Example:</p>
-
-    <blockquote>
-      <code>LanguagePriority en fr de</code>
-    </blockquote>
-    For a request for <code>foo.html</code>, where
-    <code>foo.html.fr</code> and <code>foo.html.de</code> both
-    existed, but the browser did not express a language preference,
-    then <code>foo.html.fr</code> would be returned. 
-
-    <p>Note that this directive only has an effect if a 'best'
-    language cannot be determined by any other means. Correctly
-    implemented HTTP/1.1 requests will mean this directive has no
-    effect.</p>
-
-    <p><strong>See also</strong>: <a
-    href="./mod_mime.html#defaultlanguage">DefaultLanguage</a> and
-    <a href="./mod_mime.html#addlanguage">AddLanguage</a> 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html b/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html
deleted file mode 100644
index 4ad9ffb4574..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html
+++ /dev/null
@@ -1,1338 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_proxy</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache module mod_proxy</h1>
-
-    <p>This module provides for an <strong>HTTP 1.1</strong>
-    caching proxy server.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_proxy.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    proxy_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-    This module implements a proxy/cache for Apache. It implements
-    proxying capability for <code>FTP</code>, <code>CONNECT</code>
-    (for SSL), <code>HTTP/0.9</code>, <code>HTTP/1.0</code>, and
-    (as of Apache 1.3.23) <code>HTTP/1.1</code>.
-    The module can be configured to connect to other proxy modules
-    for these and other protocols. 
-
-    <p>This module was experimental in Apache 1.1.x. As of Apache
-    1.2, mod_proxy stability is <em>greatly</em> improved.</p>
-
-    <p><strong>Warning:</strong> Do not enable proxying with <a
-    href="#proxyrequests">ProxyRequests</a> until you have <a
-    href="#access">secured your server</a>.  Open proxy servers are
-    dangerous both to your network and to the Internet at large.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#proxyrequests">ProxyRequests</a></li>
-
-      <li><a href="#proxyremote">ProxyRemote</a></li>
-
-      <li><a href="#proxypass">ProxyPass</a></li>
-
-      <li><a href="#proxypassreverse">ProxyPassReverse</a></li>
-
-      <li><a href="#proxypreservehost">ProxyPreserveHost</a></li>
-
-      <li><a href="#proxyblock">ProxyBlock</a></li>
-
-      <li><a href="#allowconnect">AllowCONNECT</a></li>
-
-      <li><a href="#proxyreceivebuffersize">ProxyReceiveBufferSize</a></li>
-
-      <li><a href="#proxyiobuffersize">ProxyIOBufferSize</a></li>
-
-      <li><a href="#noproxy">NoProxy</a></li>
-
-      <li><a href="#proxydomain">ProxyDomain</a></li>
-
-      <li><a href="#proxyvia">ProxyVia</a></li>
-
-      <li><a href="#cacheroot">CacheRoot</a></li>
-
-      <li><a href="#cachesize">CacheSize</a></li>
-
-      <li><a href="#cachemaxexpire">CacheMaxExpire</a></li>
-
-      <li><a href="#cachedefaultexpire">CacheDefaultExpire</a></li>
-
-      <li><a
-      href="#cachelastmodifiedfactor">CacheLastModifiedFactor</a></li>
-
-      <li><a href="#cachegcinterval">CacheGcInterval</a></li>
-
-      <li><a href="#cachedirlevels">CacheDirLevels</a></li>
-
-      <li><a href="#cachedirlength">CacheDirLength</a></li>
-
-      <li><a
-      href="#cacheforcecompletion">CacheForceCompletion</a></li>
-
-      <li><a href="#nocache">NoCache</a></li>
-    </ul>
-
-    <h2><a id="configs" name="configs">Common configuration
-    topics</a></h2>
-
-    <ul>
-      <li><a href="#forwardreverse">Forward and Reverse Proxies</a></li>
-
-      <li><a href="#examples">Basic Examples</a></li>
-
-      <li><a href="#access">Controlling access to your
-      proxy</a></li>
-
-      <li><a href="#shortname">Using Netscape hostname
-      shortcuts</a></li>
-
-      <li><a href="#mimetypes">Why doesn't file type <em>xxx</em>
-      download via FTP?</a></li>
-
-      <li><a href="#type">How can I force an FTP ASCII
-      download of File <em>xxx</em>?</a></li>
-
-      <li><a href="#percent2fhack">How can I access
-      FTP files outside of my home directory?</a></li>
-
-      <li><a href="#ftppass">How can I hide the
-      FTP cleartext password in my browser's URL line?</a></li>
-
-      <li><a href="#startup">Why does Apache start more slowly when
-      using the proxy module?</a></li>
-
-      <li><a href="#socks">Can I use the Apache proxy module with
-      my SOCKS proxy?</a></li>
-
-      <li><a href="#intranet">What other functions are useful for
-      an intranet proxy server?</a></li>
-    </ul>
-
-<h2><a name="forwardreverse" id="forwardreverse">Forward and Reverse Proxies</a></h2>
-      <p>Apache can be configured in both a <dfn>forward</dfn> and
-      <dfn>reverse</dfn> proxy mode.</p>
-
-      <p>An ordinary <dfn>forward proxy</dfn> is an intermediate
-      server that sits between the client and the <em>origin
-      server</em>.  In order to get content from the origin server,
-      the client sends a request to the proxy naming the origin server
-      as the target and the proxy then requests the content from the
-      origin server and returns it to the client.  The client must be
-      specially configured to use the forward proxy to access other
-      sites.</p>
-
-      <p>A typical usage of a forward proxy is to provide Internet
-      access to internal clients that are otherwise restricted by a
-      firewall.  The forward proxy can also use caching to reduce
-      network usage.</p>
-
-      <p>The forward proxy is activated using the <code><a
-      href="#proxyrequests">ProxyRequests</a></code> directive.
-      Because forward proxys allow clients to access arbitrary sites
-      through your server and to hide their true origin, it is
-      essential that you <a href="#access">secure your server</a> so
-      that only authorized clients can access the proxy before
-      activating a forward proxy.</p>
-
-      <p>A <dfn>reverse proxy</dfn>, by contrast, appears to the
-      client just like an ordinary web server.  No special
-      configuration on the client is necessary.  The client makes
-      ordinary requests for content in the name-space of the reverse
-      proxy.  The reverse proxy then decides where to send those
-      requests, and returns the content as if it was itself the
-      origin.</p>
-
-      <p>A typical usage of a reverse proxy is to provide Internet
-      users access to a server that is behind a firewall.  Reverse
-      proxies can also be used to balance load among several back-end
-      servers, or to provide caching for a slower back-end server.
-      In addition, reverse proxies can be used simply to bring
-      several servers into the same URL space.</p>
-
-      <p>A reverse proxy is activated using the <code><a
-      href="#proxypass">ProxyPass</a></code> directive or the
-      <code>[P]</code> flag to the <code><a
-      href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code>
-      directive.  It is <strong>not</strong> necessary to turn
-      <code><a href="#proxyrequests">ProxyRequests</a></code> on in
-      order to configure a reverse proxy.</p> 
-
-<h2><a name="examples" id="examples">Basic Examples</a></h2>
-
-    <p>The examples below are only a very basic idea to help you
-    get started.  Please read the documentation on the individual
-    directives.</p>
-
-    <h3>Forward Proxy</h3><p><code>
-    ProxyRequests On<br />
-    ProxyVia On<br />
-    <br />
-    &lt;Directory proxy:*&gt;<br />
-    
-      Order deny,allow<br />
-      Deny from all<br />
-      Allow from internal.example.com<br />
-    
-    &lt;/Directory&gt;<br />
-    <br />
-    CacheRoot "/usr/local/apache/proxy"<br />
-    CacheSize 5<br />
-    CacheGcInterval 4<br />
-    CacheMaxExpire 24<br />
-    CacheLastModifiedFactor 0.1<br />
-    CacheDefaultExpire 1<br />
-    NoCache a-domain.com another-domain.edu joes.garage-sale.com
-    </code></p>
-
-    <h3>Reverse Proxy</h3><p><code>
-    ProxyRequests Off<br />
-    <br />
-    ProxyPass /foo http://foo.example.com/bar<br />
-    ProxyPassReverse /foo http://foo.example.com/bar
-    </code></p>
-
-    <h2><a id="access" name="access">Controlling access to your
-    proxy</a></h2>
-    You can control who can access your proxy via the normal
-    &lt;Directory&gt; control block using the following example: 
-<pre>
-&lt;Directory proxy:*&gt;
-Order Deny,Allow
-Deny from all
-Allow from yournetwork.example.com
-&lt;/Directory&gt;
-</pre>
-
-    <p>A &lt;Files&gt; block will also work, and is the only method
-    known to work for all possible URLs in Apache versions earlier
-    than 1.2b10.</p>
-
-    <p>For more information, see <a
-    href="mod_access.html">mod_access</a>.</p>
-
-      <p>Strictly limiting access is essential if you are using a
-      forward proxy (using the <code><a
-      href="#proxyrequests">ProxyRequests</a></code> directive).
-      Otherwise, your server can be used by any client to access
-      arbitrary hosts while hiding his or her true identity.  This is
-      dangerous both for your network and for the Internet at large.
-      When using a reverse proxy (using the <code><a
-      href="#proxypass">ProxyPass</a></code> directive with
-      <code>ProxyRequests Off</code>), access control is less critical
-      because clients can only contact the hosts that you have
-      specifically configured.</p>
-
-    <h2><a id="shortname" name="shortname">Using Netscape hostname
-    shortcuts</a></h2>
-    There is an optional patch to the proxy module to allow
-    Netscape-like hostname shortcuts to be used. It's available
-    from the <a
-    href="http://www.apache.org/dist/httpd/contrib/patches/1.2/netscapehost.patch">
-    <samp>contrib/patches/1.2</samp></a> directory on the Apache
-    Web site. 
-
-    <h2><a id="mimetypes" name="mimetypes">Why doesn't file type
-    <em>xxx</em> download via FTP?</a></h2>
-    You probably don't have that particular file type defined as
-    <em>application/octet-stream</em> in your proxy's mime.types
-    configuration file. A useful line can be 
-<pre>
-application/octet-stream        bin dms lha lzh exe class tgz taz
-</pre>
-
-    <h2><a id="type" name="type">How can I force an FTP ASCII
-    download of File <em>xxx</em>?</a></h2>
-    In the rare situation where you must download a specific file
-    using the FTP <strong>ASCII</strong> transfer method (while the
-    default transfer is in <strong>binary</strong> mode), you can
-    override mod_proxy's default by suffixing the request with
-    <samp>;type=a</samp> to force an ASCII transfer.
-    (FTP Directory listings are always executed in ASCII mode, however.)
-
-    <h2><a id="percent2fhack" name="percent2fhack">How can I access
-    FTP files outside of my home directory?</a></h2>
-    <p>
-     A FTP URI is interpreted relative to the home directory of
-     the user who is logging in. Alas, to reach higher directory
-     levels you cannot use  /../, as the dots are interpreted by the
-     browser and not actually sent to the FTP server. To address
-     this problem, the so called "Squid %2f hack" was implemented in
-     the Apache FTP proxy; it is a solution which is also used by
-     other popular proxy servers like the
-     <a href="http://www.squid-cache.org/">Squid Proxy Cache</a>.
-     By prepending /%2f to the path of your request, you can make
-     such a proxy change the FTP starting directory to / (instead
-     of the home directory). <br />
-     <b>Example:</b> To retrieve the file <code>/etc/motd</code>,
-     you would use the URL <blockquote>
-     <code>ftp://<em>user@host</em>/%2f/etc/motd</code></blockquote>
-    </p>
-
-    <h2><a id="ftppass" name="ftppass">How can I hide the FTP
-    cleartext password in my browser's URL line?</a></h2>
-    <p>
-     To log in to an FTP server by username and password, Apache
-     uses different strategies.
-     In absense of a user name and password in the URL altogether,
-     Apache sends an anonymous login to the FTP server, i.e.,
-     <blockquote><code>
-       user: anonymous<br />
-       password: apache_proxy@
-     </code></blockquote>
-     This works for all popular FTP servers which are configured for
-     anonymous access.<br>
-     For a personal login with a specific username, you can embed
-     the user name into the URL, like in:
-     <code>ftp://<em>username@host</em>/myfile</code>. If the FTP server
-     asks for a password when given this username (which it should),
-     then Apache will reply with a [401 Authorization required] response,
-     which causes the Browser to pop up the username/password dialog.
-     Upon entering the password, the connection attempt is retried,
-     and if successful, the requested resource is presented.
-     The advantage of this procedure is that your browser does not
-     display the password in cleartext (which it would if you had used
-     <code>ftp://<em>username:password@host</em>/myfile</code> in
-     the first place).
-     <br />
-     <b>Note</b> that the password which is transmitted in such a way
-     is not encrypted on its way. It travels between your browser and
-     the Apache proxy server in a base64-encoded cleartext string, and
-     between the Apache proxy and the FTP server as plaintext. You should
-     therefore think twice before accessing your FTP server via HTTP
-     (or before accessing your personal files via FTP at all!) When
-     using unsecure channels, an eavesdropper might intercept your
-     password on its way.
-    </p>
-
-
-    <h2><a id="startup" name="startup">Why does Apache start more
-    slowly when using the proxy module?</a></h2>
-    If you're using the <code>ProxyBlock</code> or
-    <code>NoCache</code> directives, hostnames' IP addresses are
-    looked up and cached during startup for later match test. This
-    may take a few seconds (or more) depending on the speed with
-    which the hostname lookups occur. 
-
-    <h2><a id="socks" name="socks">Can I use the Apache proxy
-    module with my SOCKS proxy?</a></h2>
-    Yes. Just build Apache with the rule <code>SOCKS4=yes</code> in
-    your <em>Configuration</em> file, and follow the instructions
-    there. SOCKS5 capability can be added in a similar way (there's
-    no <code>SOCKS5</code> rule yet), so use the
-    <code>EXTRA_LDFLAGS</code> definition, or build Apache normally
-    and run it with the <em>runsocks</em> wrapper provided with
-    SOCKS5, if your OS supports dynamically linked libraries. 
-
-    <p>Some users have reported problems when using SOCKS version
-    4.2 on Solaris. The problem was solved by upgrading to SOCKS
-    4.3.</p>
-
-    <p>Remember that you'll also have to grant access to your
-    Apache proxy machine by permitting connections on the
-    appropriate ports in your SOCKS daemon's configuration.</p>
-
-    <h2><a id="intranet" name="intranet">What other functions are
-    useful for an intranet proxy server?</a></h2>
-
-    <p>An Apache proxy server situated in an intranet needs to
-    forward external requests through the company's firewall
-    (for this, configure the <a href="#proxyremote">ProxyRemote</a>
-    directive to forward the respective <em>scheme</em> to
-    the firewall proxy).
-    However, when it has to access resources within the intranet,
-    it can bypass the firewall when accessing hosts. The <a
-    href="#noproxy">NoProxy</a> directive is useful for specifying
-    which hosts belong to the intranet and should be accessed
-    directly.</p>
-
-    <p>Users within an intranet tend to omit the local domain name
-    from their WWW requests, thus requesting "http://somehost/"
-    instead of "http://somehost.my.dom.ain/". Some commercial proxy
-    servers let them get away with this and simply serve the
-    request, implying a configured local domain. When the <a
-    href="#proxydomain">ProxyDomain</a> directive is used and the
-    server is <a href="#proxyrequests">configured for proxy
-    service</a>, Apache can return a redirect response and send the
-    client to the correct, fully qualified, server address. This is
-    the preferred method since the user's bookmark files will then
-    contain fully qualified hosts.</p>
-    <hr />
-
-    <h2><a id="proxyrequests"
-    name="proxyrequests">ProxyRequests</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyRequests
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ProxyRequests
-    Off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ProxyRequests is
-    only available in Apache 1.1 and later. 
-
-    <p>This allows or prevents Apache from functioning as a forward proxy
-    server. Setting ProxyRequests to 'off' does not disable use of
-    the <a href="#proxypass">ProxyPass</a> directive.</p>
-
-    <p><strong>Warning:</strong> Do not enable proxying until you have
-    <a href="#access">secured your server</a>.  Open proxy servers are
-    dangerous both to your network and to the Internet at large.</p>
-
-    <hr />
-
-    <h2><a id="proxyremote" name="proxyremote">ProxyRemote</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyRemote <em>match
-    remote-server</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ProxyRemote is
-    only available in Apache 1.1 and later. 
-
-    <p>This defines remote proxies to this proxy. <em>match</em> is
-    either the name of a URL-scheme that the remote server
-    supports, or a partial URL for which the remote server should
-    be used, or '*' to indicate the server should be contacted for
-    all requests. <em>remote-server</em> is a partial URL for the
-    remote server. Syntax:</p>
-<pre>
-  remote-server = protocol://hostname[:port]
-</pre>
-    <em>protocol</em> is the protocol that should be used to
-    communicate with the remote server; only "http" is supported by
-    this module. 
-
-    <p>Example:</p>
-<pre>
-  ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000
-  ProxyRemote * http://cleversite.com
-  ProxyRemote ftp http://ftpproxy.mydomain.com:8080
-</pre>
-    In the last example, the proxy will forward FTP requests,
-    encapsulated as yet another HTTP proxy request, to another
-    proxy which can handle them. 
-    <hr />
-
-    <h2><a id="proxypass" name="proxypass">ProxyPass</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyPass <em>path
-    !|url</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ProxyPass is
-    only available in Apache 1.1 and later. 
-
-    <p>This directive allows remote servers to be mapped into the
-    space of the local server; the local server does not act as a
-    proxy in the conventional sense, but appears to be a mirror of
-    the remote server. <em>path</em> is the name of a local virtual
-    path; <em>url</em> is a partial URL for the remote server.</p>
-
-    <p>Suppose the local server has address
-    <samp>http://wibble.org/</samp>; then</p>
-<pre>
-   ProxyPass /mirror/foo/ http://foo.com/
-</pre>
-    <p>will cause a local request for the
-    &lt;<samp>http://wibble.org/mirror/foo/bar</samp>&gt; to be
-    internally converted into a proxy request to
-    &lt;<samp>http://foo.com/bar</samp>&gt;.</p>
-
-    <p>The <code>!</code> directive is useful when you don't want
-    to reverse-proxy a subdirectory, <em>e.g.</em></p>
-<pre>
-   ProxyPass /mirror/foo/bar !
-   ProxyPass /mirror/foo/ http://foo.com/
-</pre>
-    <p>will proxy all requests to <samp>/mirror/foo</samp> to
-    <samp>foo.com<samp> <em>except</em> requests made to 
-    <samp>/mirror/foo/bar</samp>.</p>
-
-    <p><strong>Note:</strong> Order is important. Exclusions must
-    come <em>before</em> the general ProxyPass directive.</p>
-
-    <p><strong>Warning:</strong> The <code><a
-    href="#proxyrequests">ProxyRequests</a></code> directive should
-    usually be set <strong>off</strong> when using <code
-    class="directive">ProxyPass</code>.
-
-    <hr />
-
-    <h2><a id="proxypassreverse"
-    name="proxypassreverse">ProxyPassReverse</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyPassReverse
-    <em>path url</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ProxyPassReverse
-    is only available in Apache 1.3b6 and later. 
-
-    <p>This directive lets Apache adjust the URL in the
-    <tt>Location</tt> header on HTTP redirect responses. For
-    instance this is essential when Apache is used as a reverse
-    proxy to avoid by-passing the reverse proxy because of HTTP
-    redirects on the backend servers which stay behind the reverse
-    proxy.</p>
-
-    <p><em>path</em> is the name of a local virtual path.<br />
-     <em>url</em> is a partial URL for the remote server - the same
-    way they are used for the <tt>ProxyPass</tt> directive.</p>
-
-    <p>Example:<br />
-     Suppose the local server has address
-    <samp>http://wibble.org/</samp>; then</p>
-<pre>
-   ProxyPass         /mirror/foo/ http://foo.com/
-   ProxyPassReverse  /mirror/foo/ http://foo.com/
-</pre>
-    will not only cause a local request for the
-    &lt;<samp>http://wibble.org/mirror/foo/bar</samp>&gt; to be
-    internally converted into a proxy request to
-    &lt;<samp>http://foo.com/bar</samp>&gt; (the functionality
-    <samp>ProxyPass</samp> provides here). It also takes care of
-    redirects the server foo.com sends: when
-    <samp>http://foo.com/bar</samp> is redirected by him to
-    <samp>http://foo.com/quux</samp> Apache adjusts this to
-    <samp>http://wibble.org/mirror/foo/quux</samp> before
-    forwarding the HTTP redirect response to the client. 
-
-    <p>Note that this <samp>ProxyPassReverse</samp> directive can
-    also be used in conjunction with the proxy pass-through feature
-    ("<samp>RewriteRule ... [P]</samp>") from <a
-    href="mod_rewrite.html#RewriteRule"><tt>mod_rewrite</tt></a>
-    because its doesn't depend on a corresponding
-    <samp>ProxyPass</samp> directive.</p>
-    <hr />
-
-    <h2><a id="proxypreservehost"
-    name="proxypreservehost">ProxyPreserveHost</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyPreserveHost
-    <em>on|off</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <em><samp>ProxyPreserveHost</samp> off</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-
-    <p>When enabled, this option will pass the Host: line from the
-    incoming request to the proxied host, instead of the hostname
-    specified in the proxypass line.<br />
-     This option should normally be turned Off. It is mostly useful
-    in special configurations like proxied mass name-based virtual
-    hosting, where the original Host header needs to be evaluated by
-    the backend server.</p>
-
-    <h2><a id="allowconnect" name="allowconnect">AllowCONNECT</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> AllowCONNECT
-    <em>port</em> [<em>port</em>] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <em><samp>AllowCONNECT</samp> 443 563</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    <samp>AllowCONNECT</samp> is only available in Apache 1.3.2 and
-    later. 
-
-    <p>The <samp>AllowCONNECT</samp> directive specifies a list of
-    port numbers to which the proxy <samp>CONNECT</samp> method may
-    connect. Today's browsers use this method when a <em>https</em>
-    connection is requested and proxy tunneling over <em>http</em>
-    is in effect.<br />
-     By default, only the default https port (443) and the default
-    snews port (563) are enabled. Use the <samp>AllowCONNECT</samp>
-    directive to override this default and allow connections to
-    the listed ports only.</p>
-    <hr />
-
-    <h2><a id="proxyblock" name="proxyblock">ProxyBlock</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyBlock
-    *|<em>word|host|domain</em> [<em>word|host|domain</em>]
-    ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ProxyBlock is
-    only available in Apache 1.2 and later. 
-
-    <p>The ProxyBlock directive specifies a list of words, hosts
-    and/or domains, separated by spaces. HTTP, HTTPS, and FTP
-    document requests to sites whose names contain matched words,
-    hosts or domains are <em>blocked</em> by the proxy server. The
-    proxy module will also attempt to determine IP addresses of
-    list items which may be hostnames during startup, and cache
-    them for match test as well. Example:</p>
-<pre>
-  ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
-</pre>
-    'rocky.wotsamattau.edu' would also be matched if referenced by
-    IP address. 
-
-    <p>Note that 'wotsamattau' would also be sufficient to match
-    'wotsamattau.edu'.</p>
-
-    <p>Note also that</p>
-<pre>
-ProxyBlock *
-</pre>
-    blocks connections to all sites. 
-    <hr />
-
-    <h2><a id="proxyreceivebuffersize"
-    name="proxyreceivebuffersize">ProxyReceiveBufferSize</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyReceiveBufferSize
-    <em>bytes</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    ProxyReceiveBufferSize is only available in Apache 1.3 and
-    later. 
-
-    <p>The ProxyReceiveBufferSize directive specifies an explicit
-    network buffer size for outgoing HTTP and FTP connections, for
-    increased throughput. It has to be greater than 512 or set to 0
-    to indicate that the system's default buffer size should be
-    used.</p>
-
-    <p>Example:</p>
-<pre>
-  ProxyReceiveBufferSize 2048
-</pre>
-    <hr />
-
-    <h2><a id="proxyiobuffersize"
-    name="proxyiobuffersize">ProxyIOBufferSize</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyIOBufferSize
-    <em>bytes</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>8192</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    ProxyIOBufferSize is only available in Apache 1.3.24 and
-    later. 
-
-    <p>The ProxyIOBufferSize directive specifies the number of bytes
-    that will be read from a remote HTTP or FTP server at one time.
-    This directive is different from the ProxyReceiveBufferSize
-    directive, which specifies the low level socket buffer size.
-    </p>
-
-    <p>
-    When a response is received which fits entirely within the IO
-    buffer size, the remote HTTP or FTP server socket will be closed
-    before an attempt is made to write the response to the client.
-    This ensures that the remote server does not remain connected
-    unnecessarily while the response is delivered to a slow client.
-    A high value for the IO buffer decreases the load on remote HTTP
-    and FTP servers, at the expense of greater RAM footprint on the
-    proxy.
-    </p>
-
-    <p>Example:</p>
-<pre>
-  ProxyIOBufferSize 131072
-</pre>
-    <hr />
-
-    <h2><a id="noproxy" name="noproxy">NoProxy</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> NoProxy <a
-    href="#domain"><em>Domain</em></a>|<a
-    href="#subnet"><em>SubNet</em></a>|<a
-    href="#ipaddr"><em>IpAddr</em></a>|<a
-    href="#hostname"><em>Hostname</em></a> [<a
-    href="#domain"><em>Domain</em></a>|<a
-    href="#subnet"><em>SubNet</em></a>|<a
-    href="#ipaddr"><em>IpAddr</em></a>|<a
-    href="#hostname"><em>Hostname</em></a>] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> NoProxy is only
-    available in Apache 1.3 and later. 
-
-    <p>This directive is only useful for Apache proxy servers
-    within intranets. The NoProxy directive specifies a list of
-    subnets, IP addresses, hosts and/or domains, separated by
-    spaces. A request to a host which matches one or more of these
-    is always served directly, without forwarding to the configured
-    ProxyRemote proxy server(s).</p>
-
-    <p>Example:</p>
-<pre>
-  ProxyRemote  *  http://firewall.mycompany.com:81
-  NoProxy         .mycompany.com 192.168.112.0/21 
-</pre>
-    The arguments to the NoProxy directive are one of the following
-    type list: 
-
-    <dl>
-      <!-- ===================== Domain ======================= -->
-
-      <dt><a id="domain" name="domain"><em>Domain</em></a></dt>
-
-      <dd>A <em>Domain</em> is a partially qualified DNS domain
-      name, preceded by a period. It represents a list of hosts
-      which logically belong to the same DNS domain or zone
-      (<em>i.e.</em>, the suffixes of the hostnames are all ending
-      in <em>Domain</em>).<br />
-       Examples: <samp>.com</samp> <samp>.apache.org.</samp><br />
-       To distinguish <em>Domain</em>s from <a
-      href="#hostname"><em>Hostname</em></a>s (both syntactically
-      and semantically; a DNS domain can have a DNS A record,
-      too!), <em>Domain</em>s are always written with a leading
-      period.<br />
-       Note: Domain name comparisons are done without regard to the
-      case, and <em>Domain</em>s are always assumed to be anchored
-      in the root of the DNS tree, therefore two domains
-      <samp>.MyDomain.com</samp> and <samp>.mydomain.com.</samp>
-      (note the trailing period) are considered equal. Since a
-      domain comparison does not involve a DNS lookup, it is much
-      more efficient than subnet comparison. 
-      <!-- ===================== SubNet ======================= -->
-      </dd>
-
-      <dt><a id="subnet" name="subnet"><em>SubNet</em></a></dt>
-
-      <dd>
-        A <em>SubNet</em> is a partially qualified internet address
-        in numeric (dotted quad) form, optionally followed by a
-        slash and the netmask, specified as the number of
-        significant bits in the <em>SubNet</em>. It is used to
-        represent a subnet of hosts which can be reached over a
-        common network interface. In the absence of the explicit
-        net mask it is assumed that omitted (or zero valued)
-        trailing digits specify the mask. (In this case, the
-        netmask can only be multiples of 8 bits wide.)<br />
-         Examples: 
-
-        <dl>
-          <dt><samp>192.168</samp> or <samp>192.168.0.0</samp></dt>
-
-          <dd>the subnet 192.168.0.0 with an implied netmask of 16
-          valid bits (sometimes used in the netmask form
-          <samp>255.255.0.0</samp>)</dd>
-
-          <dt><samp>192.168.112.0/21</samp></dt>
-
-          <dd>the subnet <samp>192.168.112.0/21</samp> with a
-          netmask of 21 valid bits (also used in the form
-          255.255.248.0)</dd>
-        </dl>
-        As a degenerate case, a <em>SubNet</em> with 32 valid bits
-        is the equivalent to an <em>IPAddr</em>, while a
-        <em>SubNet</em> with zero valid bits (<em>e.g.</em>,
-        0.0.0.0/0) is the same as the constant <em>_Default_</em>,
-        matching any IP address. 
-        <!-- ===================== IPAddr ======================= -->
-      </dd>
-
-      <dt><a id="ipaddr" name="ipaddr"><em>IPAddr</em></a></dt>
-
-      <dd>
-        A <em>IPAddr</em> represents a fully qualified internet
-        address in numeric (dotted quad) form. Usually, this
-        address represents a host, but there need not necessarily
-        be a DNS domain name connected with the address.<br />
-         Example: 192.168.123.7<br />
-         Note: An <em>IPAddr</em> does not need to be resolved by
-        the DNS system, so it can result in more effective apache
-        performance. 
-
-        <p><strong>See Also:</strong> <a
-        href="../dns-caveats.html">DNS Issues</a></p>
-        <!-- ===================== Hostname ======================= -->
-      </dd>
-
-      <dt><a id="hostname"
-      name="hostname"><em>Hostname</em></a></dt>
-
-      <dd>
-        A <em>Hostname</em> is a fully qualified DNS domain name
-        which can be resolved to one or more <a
-        href="#ipaddr"><em>IPAddrs</em></a> via the DNS domain name
-        service. It represents a logical host (in contrast to <a
-        href="#domain"><em>Domain</em></a>s, see above) and must be
-        resolvable to at least one <a
-        href="#ipaddr"><em>IPAddr</em></a> (or often to a list of
-        hosts with different <a
-        href="#ipaddr"><em>IPAddr</em></a>'s).<br />
-         Examples: <samp>prep.ai.mit.edu</samp>
-        <samp>www.apache.org.</samp><br />
-         Note: In many situations, it is more effective to specify
-        an <a href="#ipaddr"><em>IPAddr</em></a> in place of a
-        <em>Hostname</em> since a DNS lookup can be avoided. Name
-        resolution in Apache can take a remarkable deal of time
-        when the connection to the name server uses a slow PPP
-        link.<br />
-         Note: <em>Hostname</em> comparisons are done without
-        regard to the case, and <em>Hostname</em>s are always
-        assumed to be anchored in the root of the DNS tree,
-        therefore two hosts <samp>WWW.MyDomain.com</samp> and
-        <samp>www.mydomain.com.</samp> (note the trailing period)
-        are considered equal.<br />
-         
-
-        <p><strong>See Also:</strong> <a
-        href="../dns-caveats.html">DNS Issues</a></p>
-      </dd>
-    </dl>
-    <hr />
-
-    <h2><a id="proxydomain" name="proxydomain">ProxyDomain</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyDomain
-    <em>Domain</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ProxyDomain is
-    only available in Apache 1.3 and later. 
-
-    <p>This directive is only useful for Apache proxy servers
-    within intranets. The ProxyDomain directive specifies the
-    default domain which the apache proxy server will belong to. If
-    a request to a host without a domain name is encountered, a
-    redirection response to the same host with the configured
-    <em>Domain</em> appended will be generated.</p>
-
-    <p>Example:</p>
-<pre>
-  ProxyRemote  *  http://firewall.mycompany.com:81
-  NoProxy         .mycompany.com 192.168.112.0/21 
-  ProxyDomain     .mycompany.com
-</pre>
-    <hr />
-
-    <h2><a id="proxyvia" name="proxyvia">ProxyVia</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ProxyVia
-    on|off|full|block<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>ProxyVia
-    off</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ProxyVia is only
-    available in Apache 1.3.2 and later. 
-
-    <p>This directive controls the use of the <samp>Via:</samp>
-    HTTP header by the proxy. Its intended use is to control the
-    flow of of proxy requests along a chain of proxy servers. See
-    RFC2068 (HTTP/1.1) for an explanation of <samp>Via:</samp>
-    header lines.</p>
-
-    <ul>
-      <li>If set to <em>off</em>, which is the default, no special
-      processing is performed. If a request or reply contains a
-      <samp>Via:</samp> header, it is passed through
-      unchanged.</li>
-
-      <li>If set to <em>on</em>, each request and reply will get a
-      <samp>Via:</samp> header line added for the current
-      host.</li>
-
-      <li>If set to <em>full</em>, each generated <samp>Via:</samp>
-      header line will additionally have the Apache server version
-      shown as a <samp>Via:</samp> comment field.</li>
-
-      <li>If set to <em>block</em>, every proxy request will have
-      all its <samp>Via:</samp> header lines removed. No new
-      <samp>Via:</samp> header will be generated.</li>
-    </ul>
-    <hr />
-
-    <h2><a id="cacheforcecompletion"
-    name="cacheforcecompletion">CacheForceCompletion</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheForceCompletion
-    <em>percentage</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>90</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    CacheForceCompletion is only available in Apache 1.3.1 and
-    later. 
-
-    <p>If an http transfer that is being cached is cancelled, the
-    proxy module will complete the transfer to cache if more than
-    the percentage specified has already been transferred.</p>
-
-    <p>This is a percentage, and must be a number between 1 and
-    100, or 0 to use the default. 100 will cause a document to be
-    cached only if the transfer was allowed to complete. A number
-    between 60 and 90 is recommended.</p>
-    <hr />
-
-    <h2><a id="cacheroot" name="cacheroot">CacheRoot</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheRoot
-    <em>directory</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> CacheRoot is
-    only available in Apache 1.1 and later. 
-
-    <p>Sets the name of the directory to contain cache files; this
-    must be writable by the httpd server. (see the <a
-    href="core.html#user"><code>User</code></a> directive).<br />
-     Setting <code>CacheRoot</code> enables proxy cacheing; without
-    defining a <code>CacheRoot</code>, proxy functionality will be
-    available if <code>ProxyRequests</code> are set to
-    <code>On</code>, but no cacheing will be available.</p>
-    <hr />
-
-    <h2><a id="cachesize" name="cachesize">CacheSize</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheSize
-    <em>kilobytes</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>CacheSize
-    5</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> CacheSize is
-    only available in Apache 1.1 and later. 
-
-    <p>Sets the desired space usage of the cache, in KB (1024-byte
-    units). Although usage may grow above this setting, the garbage
-    collection will delete files until the usage is at or below
-    this setting.<br />
-     Depending on the expected proxy traffic volume and
-    <code>CacheGcInterval</code>, use a value which is at least 20
-    to 40 % lower than the available space.</p>
-    <hr />
-
-    <h2><a id="cachegcinterval"
-    name="cachegcinterval">CacheGcInterval</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheGcInterval
-    <em>hours</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> CacheGcinterval
-    is only available in Apache 1.1 and later. 
-
-    <p>Check the cache after the specified number of
-    <em>hours</em>, and delete files if the space usage is greater
-    than that set by CacheSize. Note that <em>hours</em> accepts a
-    float value, you could for example use <code>CacheGcInterval
-    1.5</code> to check the cache every 90 minutes. (If unset, no
-    garbage collection will be performed, and the cache will grow
-    indefinitely.) Note also that the larger the
-    <code>CacheGcInterval</code>, the more extra space beyond the
-    configured <code>CacheSize</code> will be needed for the cache
-    between garbage collections.<br />
-     <!-- Note that due to a design flaw, Apache
-            does not automatically force a garbage collection when the available
-            space on the file system where the cache resides is exhausted. -->
-    </p>
-    <hr />
-
-    <h2><a id="cachemaxexpire"
-    name="cachemaxexpire">CacheMaxExpire</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheMaxExpire
-    <em>hours</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>CacheMaxExpire
-    24</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> CacheMaxExpire
-    is only available in Apache 1.1 and later. 
-
-    <p>Specifies the maximum number of <em>hours</em> for which
-    cachable HTTP documents will be retained without checking the
-    origin server. Thus, documents will be out of date at most this
-    number of <em>hours</em> This restriction is enforced even if
-    an expiry date was supplied with the document.</p>
-    <hr />
-
-    <h2><a id="cachelastmodifiedfactor"
-    name="cachelastmodifiedfactor">CacheLastModifiedFactor</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheLastModifiedFactor
-    <em>factor</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>CacheLastModifiedFactor 0.1</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    CacheLastModifiedFactor is only available in Apache 1.1 and
-    later. 
-
-    <p>If the origin HTTP server did not supply an expiry date for
-    the document, then estimate one using the formula</p>
-<pre>
-  expiry-period = time-since-last-modification * <em>factor</em>
-</pre>
-    For example, if the document was last modified 10 hours ago,
-    and <em>factor</em> is 0.1, then the expiry period will be set
-    to 10*0.1 = 1 hour. 
-
-    <p>If the expiry-period would be longer than that set by
-    CacheMaxExpire, then the latter takes precedence.</p>
-    <hr />
-
-    <h2><a id="cachedirlevels"
-    name="cachedirlevels">CacheDirLevels</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheDirLevels
-    <em>levels</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>CacheDirLevels
-    3</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> CacheDirLevels
-    is only available in Apache 1.1 and later. 
-
-    <p>CacheDirLevels sets the number of <em>levels</em> of
-    subdirectories in the cache. Cached data will be saved this
-    many directory levels below CacheRoot.</p>
-    <hr />
-
-    <h2><a id="cachedirlength"
-    name="cachedirlength">CacheDirLength</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheDirLength
-    <em>length</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>CacheDirLength
-    1</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> CacheDirLength
-    is only available in Apache 1.1 and later. 
-
-    <p>CacheDirLength sets the number of characters in proxy cache
-    subdirectory names.</p>
-    <hr />
-
-    <h2><a id="cachedefaultexpire"
-    name="cachedefaultexpire">CacheDefaultExpire</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CacheDefaultExpire
-    <em>hours</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a>
-    <code>CacheDefaultExpire 1</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    CacheDefaultExpire is only available in Apache 1.1 and later. 
-
-    <p>If the document is fetched via a protocol that does not
-    support expiry times, then use the specified number of
-    <em>hours</em> as the expiry time. <a
-    href="#cachemaxexpire">CacheMaxExpire</a> does
-    <strong>not</strong> override this setting.</p>
-    <hr />
-
-    <h2><a id="nocache" name="nocache">NoCache</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> NoCache
-    *|<em>word|host|domain</em> [<em>word|host|domain</em>]
-    ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> <em>Not
-    applicable</em><br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_proxy<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> NoCache is only
-    available in Apache 1.1 and later. 
-
-    <p>The NoCache directive specifies a list of words, hosts
-    and/or domains, separated by spaces. HTTP and non-passworded
-    FTP documents from matched words, hosts or domains are
-    <em>not</em> cached by the proxy server. The proxy module will
-    also attempt to determine IP addresses of list items which may
-    be hostnames during startup, and cache them for match test as
-    well. Example:</p>
-<pre>
-  NoCache joes-garage.com some-host.co.uk bullwinkle.wotsamattau.edu
-</pre>
-    'bullwinkle.wotsamattau.edu' would also be matched if
-    referenced by IP address. 
-
-    <p>Note that 'wotsamattau' would also be sufficient to match
-    'wotsamattau.edu'.</p>
-
-    <p>Note also that</p>
-<pre>
-NoCache *
-</pre>
-    disables caching completely. 
-
-    <p>    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html b/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html
deleted file mode 100644
index 3ec00917564..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html
+++ /dev/null
@@ -1,2107 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--%hypertext -->
-<!-- mod_rewrite.html                                 -->
-<!-- Documentation for the mod_rewrite Apache module  -->
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_rewrite</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <blockquote>
-      <!-- page indentation -->
-          <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-      <br />
-       
-
-      <h1 align="CENTER">Module mod_rewrite<br />
-       URL Rewriting Engine</h1>
-
-      <p>This module provides a rule-based rewriting engine to
-      rewrite requested URLs on the fly.</p>
-
-      <p><a href="module-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="module-dict.html#SourceFile"
-      rel="Help"><strong>Source File:</strong></a>
-      mod_rewrite.c<br />
-       <a href="module-dict.html#ModuleIdentifier"
-      rel="Help"><strong>Module Identifier:</strong></a>
-      rewrite_module<br />
-       <a href="module-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Available in
-      Apache 1.2 and later.</p>
-      <hr noshade="noshade" size="1" />
-      <br />
-       
-
-      <h2>Summary</h2>
-
-      <blockquote>
-        <blockquote>
-          <blockquote>
-            <em>``The great thing about mod_rewrite is it gives you
-            all the configurability and flexibility of Sendmail.
-            The downside to mod_rewrite is that it gives you all
-            the configurability and flexibility of Sendmail.''</em>
-            
-
-            <div align="RIGHT">
-              -- Brian Behlendorf<br />
-               Apache Group
-            </div>
-          </blockquote>
-        </blockquote>
-      </blockquote>
-
-      <blockquote>
-        <blockquote>
-          <blockquote>
-            <em>`` Despite the tons of examples and docs,
-            mod_rewrite is voodoo. Damned cool voodoo, but still
-            voodoo. ''</em> 
-
-            <div align="RIGHT">
-              -- Brian Moore<br />
-               bem@news.cmc.net
-            </div>
-          </blockquote>
-        </blockquote>
-      </blockquote>
-      Welcome to mod_rewrite, the Swiss Army Knife of URL
-      manipulation! 
-
-      <p>This module uses a rule-based rewriting engine (based on a
-      regular-expression parser) to rewrite requested URLs on the
-      fly. It supports an unlimited number of rules and an
-      unlimited number of attached rule conditions for each rule to
-      provide a really flexible and powerful URL manipulation
-      mechanism. The URL manipulations can depend on various tests,
-      for instance server variables, environment variables, HTTP
-      headers, time stamps and even external database lookups in
-      various formats can be used to achieve a really granular URL
-      matching.</p>
-
-      <p>This module operates on the full URLs (including the
-      path-info part) both in per-server context
-      (<code>httpd.conf</code>) and per-directory context
-      (<code>.htaccess</code>) and can even generate query-string
-      parts on result. The rewritten result can lead to internal
-      sub-processing, external request redirection or even to an
-      internal proxy throughput.</p>
-
-      <p>But all this functionality and flexibility has its
-      drawback: complexity. So don't expect to understand this
-      entire module in just one day.</p>
-
-      <p>This module was invented and originally written in April
-      1996<br />
-       and gifted exclusively to the The Apache Group in July 1997
-      by</p>
-
-      <blockquote>
-        <a href="http://www.engelschall.com/"><code>Ralf S.
-        Engelschall</code></a><br />
-         <a
-        href="mailto:rse@engelschall.com"><code>rse@engelschall.com</code></a><br />
-         <a
-        href="http://www.engelschall.com/"><code>www.engelschall.com</code></a>
-      </blockquote>
-      <hr noshade="noshade" size="1" />
-
-      <h2>Table Of Contents</h2>
-
-      <p><strong>Internal Processing</strong></p>
-
-      <ul>
-        <li><a href="#InternalAPI">API Phases</a></li>
-
-        <li><a href="#InternalRuleset">Ruleset Processing</a></li>
-
-        <li><a href="#InternalBackRefs">Regex Back-Reference
-        Availability</a></li>
-      </ul>
-
-      <p><strong>Configuration Directives</strong></p>
-
-      <ul>
-        <li><a href="#RewriteEngine">RewriteEngine</a></li>
-
-        <li><a href="#RewriteOptions">RewriteOptions</a></li>
-
-        <li><a href="#RewriteLog">RewriteLog</a></li>
-
-        <li><a href="#RewriteLogLevel">RewriteLogLevel</a></li>
-
-        <li><a href="#RewriteLock">RewriteLock</a></li>
-
-        <li><a href="#RewriteMap">RewriteMap</a></li>
-
-        <li><a href="#RewriteBase">RewriteBase</a></li>
-
-        <li><a href="#RewriteCond">RewriteCond</a></li>
-
-        <li><a href="#RewriteRule">RewriteRule</a></li>
-      </ul>
-      <strong>Miscellaneous</strong> 
-
-      <ul>
-        <li><a href="#EnvVar">Environment Variables</a></li>
-
-        <li><a href="#Solutions">Practical Solutions</a></li>
-      </ul>
-      <hr noshade="noshade" size="1" />
-
-      <center>
-        <h1><a id="Internal" name="Internal">Internal
-        Processing</a></h1>
-      </center>
-      <hr noshade="noshade" size="1" />
-
-      <p>The internal processing of this module is very complex but
-      needs to be explained once even to the average user to avoid
-      common mistakes and to let you exploit its full
-      functionality.</p>
-
-      <h2><a id="InternalAPI" name="InternalAPI">API
-      Phases</a></h2>
-
-      <p>First you have to understand that when Apache processes a
-      HTTP request it does this in phases. A hook for each of these
-      phases is provided by the Apache API. Mod_rewrite uses two of
-      these hooks: the URL-to-filename translation hook which is
-      used after the HTTP request has been read but before any
-      authorization starts and the Fixup hook which is triggered
-      after the authorization phases and after the per-directory
-      config files (<code>.htaccess</code>) have been read, but
-      before the content handler is activated.</p>
-
-      <p>So, after a request comes in and Apache has determined the
-      corresponding server (or virtual server) the rewriting engine
-      starts processing of all mod_rewrite directives from the
-      per-server configuration in the URL-to-filename phase. A few
-      steps later when the final data directories are found, the
-      per-directory configuration directives of mod_rewrite are
-      triggered in the Fixup phase. In both situations mod_rewrite
-      rewrites URLs either to new URLs or to filenames, although
-      there is no obvious distinction between them. This is a usage
-      of the API which was not intended to be this way when the API
-      was designed, but as of Apache 1.x this is the only way
-      mod_rewrite can operate. To make this point more clear
-      remember the following two points:</p>
-
-      <ol>
-        <li>Although mod_rewrite rewrites URLs to URLs, URLs to
-        filenames and even filenames to filenames, the API
-        currently provides only a URL-to-filename hook. In Apache
-        2.0 the two missing hooks will be added to make the
-        processing more clear. But this point has no drawbacks for
-        the user, it is just a fact which should be remembered:
-        Apache does more in the URL-to-filename hook than the API
-        intends for it.</li>
-
-        <li>
-          Unbelievably mod_rewrite provides URL manipulations in
-          per-directory context, <em>i.e.</em>, within
-          <code>.htaccess</code> files, although these are reached
-          a very long time after the URLs have been translated to
-          filenames. It has to be this way because
-          <code>.htaccess</code> files live in the filesystem, so
-          processing has already reached this stage. In other
-          words: According to the API phases at this time it is too
-          late for any URL manipulations. To overcome this chicken
-          and egg problem mod_rewrite uses a trick: When you
-          manipulate a URL/filename in per-directory context
-          mod_rewrite first rewrites the filename back to its
-          corresponding URL (which is usually impossible, but see
-          the <code>RewriteBase</code> directive below for the
-          trick to achieve this) and then initiates a new internal
-          sub-request with the new URL. This restarts processing of
-          the API phases. 
-
-          <p>Again mod_rewrite tries hard to make this complicated
-          step totally transparent to the user, but you should
-          remember here: While URL manipulations in per-server
-          context are really fast and efficient, per-directory
-          rewrites are slow and inefficient due to this chicken and
-          egg problem. But on the other hand this is the only way
-          mod_rewrite can provide (locally restricted) URL
-          manipulations to the average user.</p>
-        </li>
-      </ol>
-
-      <p>Don't forget these two points!</p>
-
-      <h2><a id="InternalRuleset" name="InternalRuleset">Ruleset
-      Processing</a></h2>
-      Now when mod_rewrite is triggered in these two API phases, it
-      reads the configured rulesets from its configuration
-      structure (which itself was either created on startup for
-      per-server context or during the directory walk of the Apache
-      kernel for per-directory context). Then the URL rewriting
-      engine is started with the contained ruleset (one or more
-      rules together with their conditions). The operation of the
-      URL rewriting engine itself is exactly the same for both
-      configuration contexts. Only the final result processing is
-      different. 
-
-      <p>The order of rules in the ruleset is important because the
-      rewriting engine processes them in a special (and not very
-      obvious) order. The rule is this: The rewriting engine loops
-      through the ruleset rule by rule (<code>RewriteRule</code>
-      directives) and when a particular rule matches it optionally
-      loops through existing corresponding conditions
-      (<code>RewriteCond</code> directives). For historical reasons
-      the conditions are given first, and so the control flow is a
-      little bit long-winded. See Figure 1 for more details.</p>
-
-      <div align="CENTER">
-        <table cellspacing="0" cellpadding="2" border="0">
-          <tr>
-            <td bgcolor="#CCCCCC"><img
-            src="../images/mod_rewrite_fig1.gif" width="428"
-            height="385"
-            alt="[Needs graphics capability to display]" /></td>
-          </tr>
-
-          <tr>
-            <td align="CENTER"><strong>Figure 1:</strong> The
-            control flow through the rewriting ruleset</td>
-          </tr>
-        </table>
-      </div>
-
-      <p>As you can see, first the URL is matched against the
-      <em>Pattern</em> of each rule. When it fails mod_rewrite
-      immediately stops processing this rule and continues with the
-      next rule. If the <em>Pattern</em> matches, mod_rewrite looks
-      for corresponding rule conditions. If none are present, it
-      just substitutes the URL with a new value which is
-      constructed from the string <em>Substitution</em> and goes on
-      with its rule-looping. But if conditions exist, it starts an
-      inner loop for processing them in the order that they are
-      listed. For conditions the logic is different: we don't match
-      a pattern against the current URL. Instead we first create a
-      string <em>TestString</em> by expanding variables,
-      back-references, map lookups, <em>etc.</em> and then we try
-      to match <em>CondPattern</em> against it. If the pattern
-      doesn't match, the complete set of conditions and the
-      corresponding rule fails. If the pattern matches, then the
-      next condition is processed until no more conditions are
-      available. If all conditions match, processing is continued
-      with the substitution of the URL with
-      <em>Substitution</em>.</p>
-
-      <h2><a id="quoting" name="quoting">Quoting Special
-      Characters</a></h2>
-
-      <p>As of Apache 1.3.20, special characters in
-      <i>TestString</i> and <i>Substitution</i> strings can be
-      escaped (that is, treated as normal characters without their
-      usual special meaning) by prefixing them with a slosh ('\')
-      character. In other words, you can include an actual
-      dollar-sign character in a <i>Substitution</i> string by
-      using '<code>\$</code>'; this keeps mod_rewrite from trying
-      to treat it as a backreference.</p>
-
-      <h2><a id="InternalBackRefs" name="InternalBackRefs">Regex
-      Back-Reference Availability</a></h2>
-      One important thing here has to be remembered: Whenever you
-      use parentheses in <em>Pattern</em> or in one of the
-      <em>CondPattern</em>, back-references are internally created
-      which can be used with the strings <code>$N</code> and
-      <code>%N</code> (see below). These are available for creating
-      the strings <em>Substitution</em> and <em>TestString</em>.
-      Figure 2 shows to which locations the back-references are
-      transferred for expansion.
-
-      <div align="CENTER">
-        <table cellspacing="0" cellpadding="2" border="0">
-          <tr>
-            <td bgcolor="#CCCCCC"><img
-            src="../images/mod_rewrite_fig2.gif" width="381"
-            height="179"
-            alt="[Needs graphics capability to display]" /></td>
-          </tr>
-
-          <tr>
-            <td align="CENTER"><strong>Figure 2:</strong> The
-            back-reference flow through a rule</td>
-          </tr>
-        </table>
-      </div>
-
-      <p>We know this was a crash course on mod_rewrite's internal
-      processing. But you will benefit from this knowledge when
-      reading the following documentation of the available
-      directives.</p>
-      <hr noshade="noshade" size="1" />
-
-      <center>
-        <h1><a id="Configuration"
-        name="Configuration">Configuration Directives</a></h1>
-      </center>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteEngine"
-      name="RewriteEngine">RewriteEngine</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteEngine
-      on|off<br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a> <code>RewriteEngine
-      off</code><br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> server config,
-      virtual host, directory, .htaccess<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a> FileInfo<br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache
-      1.2<br />
-       
-
-      <p>The <code>RewriteEngine</code> directive enables or
-      disables the runtime rewriting engine. If it is set to
-      <code>off</code> this module does no runtime processing at
-      all. It does not even update the <code>SCRIPT_URx</code>
-      environment variables.</p>
-
-      <p>Use this directive to disable the module instead of
-      commenting out all the <code>RewriteRule</code>
-      directives!</p>
-
-      <p>Note that, by default, rewrite configurations are not
-      inherited. This means that you need to have a
-      <code>RewriteEngine on</code> directive for each virtual host
-      in which you wish to use it.</p>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteOptions"
-      name="RewriteOptions">RewriteOptions</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteOptions
-      <em>Option</em><br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a> <code>RewriteOptions
-      MaxRedirects=10</code><br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> server config,
-      virtual host, directory, .htaccess<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a> FileInfo<br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache
-      1.2; <code>MaxRedirects</code> is available in Apache 1.3.28 and
-      later<br />
-
-
-      <p>The <code>RewriteOptions</code> directive sets some
-      special options for the current per-server or per-directory
-      configuration. The <em>Option</em> strings can be one of the
-      following:</p>
-
-      <dl>
-      <dt><code>inherit</code></dt>
-      <dd>This forces the current configuration to inherit the
-      configuration of the parent. In per-virtual-server context
-      this means that the maps, conditions and rules of the main
-      server are inherited. In per-directory context this means
-      that conditions and rules of the parent directory's
-      <code>.htaccess</code> configuration are inherited.</dd>
-
-      <dt><code>MaxRedirects=<var>number</var></code></dt>
-      <dd>In order to prevent endless loops of internal redirects
-      issued by per-directory <code>RewriteRule</code>s,
-      <code>mod_rewrite</code> aborts the request after reaching a
-      maximum number of such redirects and responds with an 500 Internal
-      Server Error. If you really need more internal redirects than 10
-      per request, you may increase the default to the desired value.</dd>
-      </dl>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteLog" name="RewriteLog">RewriteLog</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteLog
-      <em>file-path</em><br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> server config,
-      virtual host<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a> <em>Not
-      applicable</em><br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache
-      1.2<br />
-       
-
-      <p>The <code>RewriteLog</code> directive sets the name of the
-      file to which the server logs any rewriting actions it
-      performs. If the name does not begin with a slash
-      ('<code>/</code>') then it is assumed to be relative to the
-      <em>Server Root</em>. The directive should occur only once
-      per server config.</p>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Note</strong>: To disable the logging of
-          rewriting actions it is not recommended to set
-          <em>file-path</em> to <code>/dev/null</code>, because
-          although the rewriting engine does not then output to a
-          logfile it still creates the logfile output internally.
-          <strong>This will slow down the server with no advantage
-          to the administrator!</strong> To disable logging either
-          remove or comment out the <code>RewriteLog</code>
-          directive or use <code>RewriteLogLevel 0</code>!</td>
-        </tr>
-      </table>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Security</strong>: See the <a
-          href="../misc/security_tips.html">Apache Security
-          Tips</a> document for details on why your security could
-          be compromised if the directory where logfiles are stored
-          is writable by anyone other than the user that starts the
-          server.</td>
-        </tr>
-      </table>
-
-      <p><strong>Example:</strong></p>
-
-      <blockquote>
-<pre>
-RewriteLog "/usr/local/var/apache/logs/rewrite.log"
-</pre>
-      </blockquote>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteLogLevel"
-      name="RewriteLogLevel">RewriteLogLevel</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteLogLevel
-      <em>Level</em><br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a>
-      <code>RewriteLogLevel 0</code><br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> server config,
-      virtual host<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a> <em>Not
-      applicable</em><br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache
-      1.2<br />
-       
-
-      <p>The <code>RewriteLogLevel</code> directive sets the
-      verbosity level of the rewriting logfile. The default level 0
-      means no logging, while 9 or more means that practically all
-      actions are logged.</p>
-
-      <p>To disable the logging of rewriting actions simply set
-      <em>Level</em> to 0. This disables all rewrite action
-      logs.</p>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Notice:</strong> Using a high value for
-          <em>Level</em> will slow down your Apache server
-          dramatically! Use the rewriting logfile at a
-          <em>Level</em> greater than 2 only for debugging!</td>
-        </tr>
-      </table>
-
-      <p><strong>Example:</strong></p>
-
-      <blockquote>
-<pre>
-RewriteLogLevel 3
-</pre>
-      </blockquote>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteLock"
-      name="RewriteLock">RewriteLock</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteLock
-      <em>file-path</em><br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> server config<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a> <em>Not
-      applicable</em><br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache
-      1.3<br />
-       
-
-      <p>This directive sets the filename for a synchronization
-      lockfile which mod_rewrite needs to communicate with
-      <samp>RewriteMap</samp> <em>programs</em>. Set this lockfile
-      to a local path (not on a NFS-mounted device) when you want
-      to use a rewriting map-program. It is not required for other
-      types of rewriting maps.</p>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteMap" name="RewriteMap">RewriteMap</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteMap
-      <em>MapName</em> <em>MapType</em>:<em>MapSource</em><br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a> not used per
-      default<br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> server config,
-      virtual host<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a> <em>Not
-      applicable</em><br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache 1.2
-      (partially), Apache 1.3<br />
-       
-
-      <p>The <code>RewriteMap</code> directive defines a
-      <em>Rewriting Map</em> which can be used inside rule
-      substitution strings by the mapping-functions to
-      insert/substitute fields through a key lookup. The source of
-      this lookup can be of various types.</p>
-
-      <p>The <a id="mapfunc" name="mapfunc"><em>MapName</em></a> is
-      the name of the map and will be used to specify a
-      mapping-function for the substitution strings of a rewriting
-      rule via one of the following constructs:</p>
-
-      <blockquote>
-        <strong><code>${</code> <em>MapName</em> <code>:</code>
-        <em>LookupKey</em> <code>}</code><br />
-         <code>${</code> <em>MapName</em> <code>:</code>
-        <em>LookupKey</em> <code>|</code> <em>DefaultValue</em>
-        <code>}</code></strong>
-      </blockquote>
-      When such a construct occurs the map <em>MapName</em> is
-      consulted and the key <em>LookupKey</em> is looked-up. If the
-      key is found, the map-function construct is substituted by
-      <em>SubstValue</em>. If the key is not found then it is
-      substituted by <em>DefaultValue</em> or by the empty string
-      if no <em>DefaultValue</em> was specified. 
-
-      <p>The following combinations for <em>MapType</em> and
-      <em>MapSource</em> can be used:</p>
-
-      <ul>
-        <li>
-          <strong>Standard Plain Text</strong><br />
-           MapType: <code>txt</code>, MapSource: Unix filesystem
-          path to valid regular file 
-
-          <p>This is the standard rewriting map feature where the
-          <em>MapSource</em> is a plain ASCII file containing
-          either blank lines, comment lines (starting with a '#'
-          character) or pairs like the following - one per
-          line.</p>
-
-          <blockquote>
-            <strong><em>MatchingKey</em>
-            <em>SubstValue</em></strong>
-          </blockquote>
-
-          <p>Example:</p>
-
-          <table border="0" cellspacing="1" cellpadding="5"
-          bgcolor="#F0F0F0">
-            <tr>
-              <td>
-<pre>
-##
-##  map.txt -- rewriting map
-##
-
-Ralf.S.Engelschall    rse   # Bastard Operator From Hell
-Mr.Joe.Average        joe   # Mr. Average
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table border="0" cellspacing="1" cellpadding="5"
-          bgcolor="#F0F0F0">
-            <tr>
-              <td>
-<pre>
-RewriteMap real-to-user txt:/path/to/file/map.txt
-</pre>
-              </td>
-            </tr>
-          </table>
-        </li>
-
-        <li>
-          <strong>Randomized Plain Text</strong><br />
-           MapType: <code>rnd</code>, MapSource: Unix filesystem
-          path to valid regular file 
-
-          <p>This is identical to the Standard Plain Text variant
-          above but with a special post-processing feature: After
-          looking up a value it is parsed according to contained
-          ``<code>|</code>'' characters which have the meaning of
-          ``or''. In other words they indicate a set of
-          alternatives from which the actual returned value is
-          chosen randomly. Although this sounds crazy and useless,
-          it was actually designed for load balancing in a reverse
-          proxy situation where the looked up values are server
-          names. Example:</p>
-
-          <table border="0" cellspacing="1" cellpadding="5"
-          bgcolor="#F0F0F0">
-            <tr>
-              <td>
-<pre>
-##
-##  map.txt -- rewriting map
-##
-
-static   www1|www2|www3|www4
-dynamic  www5|www6
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table border="0" cellspacing="1" cellpadding="5"
-          bgcolor="#F0F0F0">
-            <tr>
-              <td>
-<pre>
-RewriteMap servers rnd:/path/to/file/map.txt
-</pre>
-              </td>
-            </tr>
-          </table>
-        </li>
-
-        <li>
-          <strong>Hash File</strong><br />
-           MapType: <code>dbm</code>, MapSource: Unix filesystem
-          path to valid regular file 
-
-          <p>Here the source is a binary NDBM format file
-          containing the same contents as a <em>Plain Text</em>
-          format file, but in a special representation which is
-          optimized for really fast lookups. You can create such a
-          file with any NDBM tool or with the following Perl
-          script:</p>
-
-          <table border="0" cellspacing="1" cellpadding="5"
-          bgcolor="#F0F0F0">
-            <tr>
-              <td>
-<pre>
-#!/path/to/bin/perl
-##
-##  txt2dbm -- convert txt map to dbm format
-##
-
-use NDBM_File;
-use Fcntl;
-
-($txtmap, $dbmmap) = @ARGV;
-
-open(TXT, "&lt;$txtmap") or die "Couldn't open $txtmap!\n";
-tie (%DB, 'NDBM_File', $dbmmap,O_RDWR|O_TRUNC|O_CREAT, 0644) or die "Couldn't create $dbmmap!\n";
-
-while (&lt;TXT&gt;) {
-  next if (/^\s*#/ or /^\s*$/);
-  $DB{$1} = $2 if (/^\s*(\S+)\s+(\S+)/);
-}
-
-untie %DB;
-close(TXT);
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table border="0" cellspacing="1" cellpadding="5"
-          bgcolor="#F0F0F0">
-            <tr>
-              <td>
-<pre>
-$ txt2dbm map.txt map.db
-</pre>
-              </td>
-            </tr>
-          </table>
-        </li>
-
-        <li>
-          <strong>Internal Function</strong><br />
-           MapType: <code>int</code>, MapSource: Internal Apache
-          function 
-
-          <p>Here the source is an internal Apache function.
-          Currently you cannot create your own, but the following
-          functions already exists:</p>
-
-          <ul>
-            <li><strong>toupper</strong>:<br />
-             Converts the looked up key to all upper case.</li>
-
-            <li><strong>tolower</strong>:<br />
-             Converts the looked up key to all lower case.</li>
-
-            <li><strong>escape</strong>:<br />
-             Translates special characters in the looked up key to
-            hex-encodings.</li>
-
-            <li><strong>unescape</strong>:<br />
-             Translates hex-encodings in the looked up key back to
-            special characters.</li>
-          </ul>
-        </li>
-
-        <li>
-          <strong>External Rewriting Program</strong><br />
-           MapType: <code>prg</code>, MapSource: Unix filesystem
-          path to valid regular file 
-
-          <p>Here the source is a program, not a map file. To
-          create it you can use the language of your choice, but
-          the result has to be a executable (<em>i.e.</em>, either
-          object-code or a script with the magic cookie trick
-          '<code>#!/path/to/interpreter</code>' as the first
-          line).</p>
-
-          <p>This program is started once at startup of the Apache
-          servers and then communicates with the rewriting engine
-          over its <code>stdin</code> and <code>stdout</code>
-          file-handles. For each map-function lookup it will
-          receive the key to lookup as a newline-terminated string
-          on <code>stdin</code>. It then has to give back the
-          looked-up value as a newline-terminated string on
-          <code>stdout</code> or the four-character string
-          ``<code>NULL</code>'' if it fails (<em>i.e.</em>, there
-          is no corresponding value for the given key). A trivial
-          program which will implement a 1:1 map (<em>i.e.</em>,
-          key == value) could be:</p>
-
-          <table border="0" cellspacing="1" cellpadding="5"
-          bgcolor="#F0F0F0">
-            <tr>
-              <td>
-<pre>
-#!/usr/bin/perl
-$| = 1;
-while (&lt;STDIN&gt;) {
-    # ...put here any transformations or lookups...
-    print $_;
-}
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <p>But be very careful:<br />
-          </p>
-
-          <ol>
-            <li>``<em>Keep it simple, stupid</em>'' (KISS), because
-            if this program hangs it will hang the Apache server
-            when the rule occurs.</li>
-
-            <li>Avoid one common mistake: never do buffered I/O on
-            <code>stdout</code>! This will cause a deadloop! Hence
-            the ``<code>$|=1</code>'' in the above example...</li>
-
-            <li>Use the <samp>RewriteLock</samp> directive to
-            define a lockfile mod_rewrite can use to synchronize
-            the communication to the program. By default no such
-            synchronization takes place.</li>
-          </ol>
-        </li>
-      </ul>
-      The <code>RewriteMap</code> directive can occur more than
-      once. For each mapping-function use one
-      <code>RewriteMap</code> directive to declare its rewriting
-      mapfile. While you cannot <strong>declare</strong> a map in
-      per-directory context it is of course possible to
-      <strong>use</strong> this map in per-directory context. 
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Note:</strong> For plain text and DBM format
-          files the looked-up keys are cached in-core until the
-          <code>mtime</code> of the mapfile changes or the server
-          does a restart. This way you can have map-functions in
-          rules which are used for <strong>every</strong> request.
-          This is no problem, because the external lookup only
-          happens once!</td>
-        </tr>
-      </table>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteBase"
-      name="RewriteBase">RewriteBase</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteBase
-      <em>URL-path</em><br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a> <em>default is the
-      physical directory path</em><br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> directory,
-      .htaccess<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a>
-      <em>FileInfo</em><br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache
-      1.2<br />
-       
-
-      <p>The <code>RewriteBase</code> directive explicitly sets the
-      base URL for per-directory rewrites. As you will see below,
-      <code>RewriteRule</code> can be used in per-directory config
-      files (<code>.htaccess</code>). There it will act locally,
-      <em>i.e.</em>, the local directory prefix is stripped at this
-      stage of processing and your rewriting rules act only on the
-      remainder. At the end it is automatically added back to the
-      path.</p>
-
-      <p>When a substitution occurs for a new URL, this module has
-      to re-inject the URL into the server processing. To be able
-      to do this it needs to know what the corresponding URL-prefix
-      or URL-base is. By default this prefix is the corresponding
-      filepath itself. <strong>But at most websites URLs are NOT
-      directly related to physical filename paths, so this
-      assumption will usually be wrong!</strong> There you have to
-      use the <code>RewriteBase</code> directive to specify the
-      correct URL-prefix.</p>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Notice:</strong> If your webserver's URLs are
-          <strong>not</strong> directly related to physical file
-          paths, you have to use <code>RewriteBase</code> in every
-          <code>.htaccess</code> files where you want to use
-          <code>RewriteRule</code> directives.</td>
-        </tr>
-      </table>
-
-      <p><strong>Example:</strong></p>
-
-      <blockquote>
-        Assume the following per-directory config file: 
-
-        <table border="0" cellspacing="1" cellpadding="5"
-        bgcolor="#F0F0F0">
-          <tr>
-            <td>
-<pre>
-#
-#  /abc/def/.htaccess -- per-dir config file for directory /abc/def
-#  Remember: /abc/def is the physical path of /xyz, <em>i.e.</em>, the server
-#            has a 'Alias /xyz /abc/def' directive <em>e.g.</em>
-#
-
-RewriteEngine On
-
-#  let the server know that we were reached via /xyz and not
-#  via the physical path prefix /abc/def
-RewriteBase   /xyz
-
-#  now the rewriting rules
-RewriteRule   ^oldstuff\.html$  newstuff.html
-</pre>
-            </td>
-          </tr>
-        </table>
-
-        <p>In the above example, a request to
-        <code>/xyz/oldstuff.html</code> gets correctly rewritten to
-        the physical file <code>/abc/def/newstuff.html</code>.</p>
-
-        <table width="70%" border="0" bgcolor="#E0E0F0"
-        cellspacing="0" cellpadding="10">
-          <tr>
-            <td>
-              <font size="-1"><strong>Note - For Apache
-              hackers:</strong><br />
-               The following list gives detailed information about
-              the internal processing steps:</font> 
-<pre>
-<font size="-1">Request:
-  /xyz/oldstuff.html
-
-Internal Processing:
-  /xyz/oldstuff.html     -&gt; /abc/def/oldstuff.html  (per-server Alias)
-  /abc/def/oldstuff.html -&gt; /abc/def/newstuff.html  (per-dir    RewriteRule)
-  /abc/def/newstuff.html -&gt; /xyz/newstuff.html      (per-dir    RewriteBase)
-  /xyz/newstuff.html     -&gt; /abc/def/newstuff.html  (per-server Alias)
-
-Result:
-  /abc/def/newstuff.html
-</font>
-</pre>
-              <font size="-1">This seems very complicated but is
-              the correct Apache internal processing, because the
-              per-directory rewriting comes too late in the
-              process. So, when it occurs the (rewritten) request
-              has to be re-injected into the Apache kernel! BUT:
-              While this seems like a serious overhead, it really
-              isn't, because this re-injection happens fully
-              internally to the Apache server and the same
-              procedure is used by many other operations inside
-              Apache. So, you can be sure the design and
-              implementation is correct.</font> 
-            </td>
-          </tr>
-        </table>
-      </blockquote>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteCond"
-      name="RewriteCond">RewriteCond</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteCond
-      <em>TestString</em> <em>CondPattern</em><br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> server config,
-      virtual host, directory, .htaccess<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a>
-      <em>FileInfo</em><br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache 1.2
-      (partially), Apache 1.3<br />
-       
-
-      <p>The <code>RewriteCond</code> directive defines a rule
-      condition. Precede a <code>RewriteRule</code> directive with
-      one or more <code>RewriteCond</code> directives. The
-      following rewriting rule is only used if its pattern matches
-      the current state of the URI <strong>and</strong> if these
-      additional conditions apply too.</p>
-
-      <p><em>TestString</em> is a string which can contains the
-      following expanded constructs in addition to plain text:</p>
-
-      <ul>
-        <li>
-          <strong>RewriteRule backreferences</strong>: These are
-          backreferences of the form 
-
-          <blockquote>
-            <strong><code>$N</code></strong>
-          </blockquote>
-          (0 &lt;= N &lt;= 9) which provide access to the grouped
-          parts (parenthesis!) of the pattern from the
-          corresponding <code>RewriteRule</code> directive (the one
-          following the current bunch of <code>RewriteCond</code>
-          directives).
-        </li>
-
-        <li>
-          <strong>RewriteCond backreferences</strong>: These are
-          backreferences of the form 
-
-          <blockquote>
-            <strong><code>%N</code></strong>
-          </blockquote>
-          (1 &lt;= N &lt;= 9) which provide access to the grouped
-          parts (parentheses!) of the pattern from the last matched
-          <code>RewriteCond</code> directive in the current bunch
-          of conditions.
-        </li>
-
-        <li>
-          <strong>RewriteMap expansions</strong>: These are
-          expansions of the form 
-
-          <blockquote>
-            <strong><code>${mapname:key|default}</code></strong>
-          </blockquote>
-          See <a href="#mapfunc">the documentation for
-          RewriteMap</a> for more details.
-        </li>
-
-        <li>
-          <strong>Server-Variables</strong>: These are variables of
-          the form 
-
-          <blockquote>
-            <strong><code>%{</code> <em>NAME_OF_VARIABLE</em>
-            <code>}</code></strong>
-          </blockquote>
-          where <em>NAME_OF_VARIABLE</em> can be a string taken
-          from the following list: 
-
-          <table bgcolor="#F0F0F0" cellspacing="0" cellpadding="5">
-            <tr>
-              <td valign="TOP">
-                <strong>HTTP headers:</strong> 
-
-                <p><font size="-1">HTTP_USER_AGENT<br />
-                 HTTP_REFERER<br />
-                 HTTP_COOKIE<br />
-                 HTTP_FORWARDED<br />
-                 HTTP_HOST<br />
-                 HTTP_PROXY_CONNECTION<br />
-                 HTTP_ACCEPT<br />
-                </font></p>
-              </td>
-
-              <td valign="TOP">
-                <strong>connection &amp; request:</strong> 
-
-                <p><font size="-1">REMOTE_ADDR<br />
-                 REMOTE_HOST<br />
-                 REMOTE_USER<br />
-                 REMOTE_IDENT<br />
-                 REQUEST_METHOD<br />
-                 SCRIPT_FILENAME<br />
-                 PATH_INFO<br />
-                 QUERY_STRING<br />
-                 AUTH_TYPE<br />
-                </font></p>
-              </td>
-            </tr>
-
-            <tr>
-              <td valign="TOP">
-                <strong>server internals:</strong> 
-
-                <p><font size="-1">DOCUMENT_ROOT<br />
-                 SERVER_ADMIN<br />
-                 SERVER_NAME<br />
-                 SERVER_ADDR<br />
-                 SERVER_PORT<br />
-                 SERVER_PROTOCOL<br />
-                 SERVER_SOFTWARE<br />
-                </font></p>
-              </td>
-
-              <td valign="TOP">
-                <strong>system stuff:</strong> 
-
-                <p><font size="-1">TIME_YEAR<br />
-                 TIME_MON<br />
-                 TIME_DAY<br />
-                 TIME_HOUR<br />
-                 TIME_MIN<br />
-                 TIME_SEC<br />
-                 TIME_WDAY<br />
-                 TIME<br />
-                </font></p>
-              </td>
-
-              <td valign="TOP">
-                <strong>specials:</strong> 
-
-                <p><font size="-1">API_VERSION<br />
-                 THE_REQUEST<br />
-                 REQUEST_URI<br />
-                 REQUEST_FILENAME<br />
-                 IS_SUBREQ<br />
-                </font></p>
-              </td>
-            </tr>
-          </table>
-
-          <table width="70%" border="0" bgcolor="#E0E0F0"
-          cellspacing="0" cellpadding="10">
-            <tr>
-              <td>
-                <p><strong>Notice:</strong> These variables all
-                correspond to the similarly named HTTP
-                MIME-headers, C variables of the Apache server or
-                <code>struct tm</code> fields of the Unix system.
-                Most are documented elsewhere in the Manual or in
-                the CGI specification. Those that are special to
-                mod_rewrite include:</p>
-
-                <dl>
-                  <dt><code>IS_SUBREQ</code></dt>
-
-                  <dd>Will contain the text "true" if the request
-                  currently being processed is a sub-request,
-                  "false" otherwise. Sub-requests may be generated
-                  by modules that need to resolve additional files
-                  or URIs in order to complete their tasks.</dd>
-
-                  <dt><code>API_VERSION</code></dt>
-
-                  <dd>This is the version of the Apache module API
-                  (the internal interface between server and
-                  module) in the current httpd build, as defined in
-                  include/ap_mmn.h. The module API version
-                  corresponds to the version of Apache in use (in
-                  the release version of Apache 1.3.14, for
-                  instance, it is 19990320:10), but is mainly of
-                  interest to module authors.</dd>
-
-                  <dt><code>THE_REQUEST</code></dt>
-
-                  <dd>The full HTTP request line sent by the
-                  browser to the server (e.g., "<code>GET
-                  /index.html HTTP/1.1</code>"). This does not
-                  include any additional headers sent by the
-                  browser.</dd>
-
-                  <dt><code>REQUEST_URI</code></dt>
-
-                  <dd>The resource requested in the HTTP request
-                  line. (In the example above, this would be
-                  "/index.html".)</dd>
-
-                  <dt><code>REQUEST_FILENAME</code></dt>
-
-                  <dd>The full local filesystem path to the file or
-                  script matching the request.</dd>
-                </dl>
-              </td>
-            </tr>
-          </table>
-        </li>
-      </ul>
-
-      <p>Special Notes:</p>
-
-      <ol>
-        <li>The variables SCRIPT_FILENAME and REQUEST_FILENAME
-        contain the same value, <em>i.e.</em>, the value of the
-        <code>filename</code> field of the internal
-        <code>request_rec</code> structure of the Apache server.
-        The first name is just the commonly known CGI variable name
-        while the second is the consistent counterpart to
-        REQUEST_URI (which contains the value of the
-        <code>uri</code> field of <code>request_rec</code>).</li>
-
-        <li>There is the special format:
-        <code>%{ENV:variable}</code> where <em>variable</em> can be
-        any environment variable. This is looked-up via internal
-        Apache structures and (if not found there) via
-        <code>getenv()</code> from the Apache server process.</li>
-
-        <li>There is the special format:
-        <code>%{HTTP:header}</code> where <em>header</em> can be
-        any HTTP MIME-header name. This is looked-up from the HTTP
-        request. Example: <code>%{HTTP:Proxy-Connection}</code> is
-        the value of the HTTP header
-        ``<code>Proxy-Connection:</code>''.</li>
-
-        <li>There is the special format
-        <code>%{LA-U:variable}</code> for look-aheads which perform
-        an internal (URL-based) sub-request to determine the final
-        value of <em>variable</em>. Use this when you want to use a
-        variable for rewriting which is actually set later in an
-        API phase and thus is not available at the current stage.
-        For instance when you want to rewrite according to the
-        <code>REMOTE_USER</code> variable from within the
-        per-server context (<code>httpd.conf</code> file) you have
-        to use <code>%{LA-U:REMOTE_USER}</code> because this
-        variable is set by the authorization phases which come
-        <em>after</em> the URL translation phase where mod_rewrite
-        operates. On the other hand, because mod_rewrite implements
-        its per-directory context (<code>.htaccess</code> file) via
-        the Fixup phase of the API and because the authorization
-        phases come <em>before</em> this phase, you just can use
-        <code>%{REMOTE_USER}</code> there.</li>
-
-        <li>There is the special format:
-        <code>%{LA-F:variable}</code> which performs an internal
-        (filename-based) sub-request to determine the final value
-        of <em>variable</em>. Most of the time this is the same as
-        LA-U above.</li>
-      </ol>
-
-      <p><em>CondPattern</em> is the condition pattern,
-      <em>i.e.</em>, a regular expression which is applied to the
-      current instance of the <em>TestString</em>, <em>i.e.</em>,
-      <em>TestString</em> is evaluated and then matched against
-      <em>CondPattern</em>.</p>
-
-      <p><strong>Remember:</strong> <em>CondPattern</em> is a
-      standard <em>Extended Regular Expression</em> with some
-      additions:</p>
-
-      <ol>
-        <li>You can prefix the pattern string with a
-        '<code>!</code>' character (exclamation mark) to specify a
-        <strong>non</strong>-matching pattern.</li>
-
-        <li>
-          There are some special variants of <em>CondPatterns</em>.
-          Instead of real regular expression strings you can also
-          use one of the following: 
-
-          <ul>
-            <li>'<strong>&lt;CondPattern</strong>' (is lexically
-            lower)<br />
-             Treats the <em>CondPattern</em> as a plain string and
-            compares it lexically to <em>TestString</em>. True if
-            <em>TestString</em> is lexically lower than
-            <em>CondPattern</em>.</li>
-
-            <li>'<strong>&gt;CondPattern</strong>' (is lexically
-            greater)<br />
-             Treats the <em>CondPattern</em> as a plain string and
-            compares it lexically to <em>TestString</em>. True if
-            <em>TestString</em> is lexically greater than
-            <em>CondPattern</em>.</li>
-
-            <li>'<strong>=CondPattern</strong>' (is lexically
-            equal)<br />
-             Treats the <em>CondPattern</em> as a plain string and
-            compares it lexically to <em>TestString</em>. True if
-            <em>TestString</em> is lexically equal to
-            <em>CondPattern</em>, i.e the two strings are exactly
-            equal (character by character). If <em>CondPattern</em>
-            is just <samp>""</samp> (two quotation marks) this
-            compares <em>TestString</em> to the empty string.</li>
-
-            <li>'<strong>-d</strong>' (is
-            <strong>d</strong>irectory)<br />
-             Treats the <em>TestString</em> as a pathname and tests
-            if it exists and is a directory.</li>
-
-            <li>'<strong>-f</strong>' (is regular
-            <strong>f</strong>ile)<br />
-             Treats the <em>TestString</em> as a pathname and tests
-            if it exists and is a regular file.</li>
-
-            <li>'<strong>-s</strong>' (is regular file with
-            <strong>s</strong>ize)<br />
-             Treats the <em>TestString</em> as a pathname and tests
-            if it exists and is a regular file with size greater
-            than zero.</li>
-
-            <li>'<strong>-l</strong>' (is symbolic
-            <strong>l</strong>ink)<br />
-             Treats the <em>TestString</em> as a pathname and tests
-            if it exists and is a symbolic link.</li>
-
-            <li>'<strong>-F</strong>' (is existing file via
-            subrequest)<br />
-             Checks if <em>TestString</em> is a valid file and
-            accessible via all the server's currently-configured
-            access controls for that path. This uses an internal
-            subrequest to determine the check, so use it with care
-            because it decreases your servers performance!</li>
-
-            <li>'<strong>-U</strong>' (is existing URL via
-            subrequest)<br />
-             Checks if <em>TestString</em> is a valid URL and
-            accessible via all the server's currently-configured
-            access controls for that path. This uses an internal
-            subrequest to determine the check, so use it with care
-            because it decreases your server's performance!</li>
-          </ul>
-
-          <table width="70%" border="0" bgcolor="#E0E0F0"
-          cellspacing="0" cellpadding="10">
-            <tr>
-              <td><strong>Notice:</strong> All of these tests can
-              also be prefixed by an exclamation mark ('!') to
-              negate their meaning.</td>
-            </tr>
-          </table>
-        </li>
-      </ol>
-
-      <p>Additionally you can set special flags for
-      <em>CondPattern</em> by appending</p>
-
-      <blockquote>
-        <strong><code>[</code><em>flags</em><code>]</code></strong>
-      </blockquote>
-      as the third argument to the <code>RewriteCond</code>
-      directive. <em>Flags</em> is a comma-separated list of the
-      following flags: 
-
-      <ul>
-        <li>'<strong><code>nocase|NC</code></strong>'
-        (<strong>n</strong>o <strong>c</strong>ase)<br />
-         This makes the test case-insensitive, <em>i.e.</em>, there
-        is no difference between 'A-Z' and 'a-z' both in the
-        expanded <em>TestString</em> and the <em>CondPattern</em>.
-        This flag is effective only for comparisons between
-        <em>TestString</em> and <em>CondPattern</em>. It has no
-        effect on filesystem and subrequest checks.</li>
-
-        <li>
-          '<strong><code>ornext|OR</code></strong>'
-          (<strong>or</strong> next condition)<br />
-           Use this to combine rule conditions with a local OR
-          instead of the implicit AND. Typical example: 
-
-          <blockquote>
-<pre>
-RewriteCond %{REMOTE_HOST}  ^host1.*  [OR]
-RewriteCond %{REMOTE_HOST}  ^host2.*  [OR]
-RewriteCond %{REMOTE_HOST}  ^host3.*
-RewriteRule ...some special stuff for any of these hosts...
-</pre>
-          </blockquote>
-          Without this flag you would have to write the cond/rule
-          three times.
-        </li>
-      </ul>
-
-      <p><strong>Example:</strong></p>
-
-      <blockquote>
-        To rewrite the Homepage of a site according to the
-        ``<code>User-Agent:</code>'' header of the request, you can
-        use the following: 
-
-        <blockquote>
-<pre>
-RewriteCond  %{HTTP_USER_AGENT}  ^Mozilla.*
-RewriteRule  ^/$                 /homepage.max.html  [L]
-
-RewriteCond  %{HTTP_USER_AGENT}  ^Lynx.*
-RewriteRule  ^/$                 /homepage.min.html  [L]
-
-RewriteRule  ^/$                 /homepage.std.html  [L]
-</pre>
-        </blockquote>
-        Interpretation: If you use Netscape Navigator as your
-        browser (which identifies itself as 'Mozilla'), then you
-        get the max homepage, which includes Frames, <em>etc.</em>
-        If you use the Lynx browser (which is Terminal-based), then
-        you get the min homepage, which contains no images, no
-        tables, <em>etc.</em> If you use any other browser you get
-        the standard homepage.
-      </blockquote>
-      <hr noshade="noshade" size="1" />
-
-      <h3><a id="RewriteRule"
-      name="RewriteRule">RewriteRule</a></h3>
-      <a href="directive-dict.html#Syntax"
-      rel="Help"><strong>Syntax:</strong></a> RewriteRule
-      <em>Pattern</em> <em>Substitution</em><br />
-       <a href="directive-dict.html#Default"
-      rel="Help"><strong>Default:</strong></a> <em>None</em><br />
-       <a href="directive-dict.html#Context"
-      rel="Help"><strong>Context:</strong></a> server config,
-      virtual host, directory, .htaccess<br />
-       <a href="directive-dict.html#Override"
-      rel="Help"><strong>Override:</strong></a>
-      <em>FileInfo</em><br />
-       <a href="directive-dict.html#Status"
-      rel="Help"><strong>Status:</strong></a> Extension<br />
-       <a href="directive-dict.html#Module"
-      rel="Help"><strong>Module:</strong></a> mod_rewrite.c<br />
-       <a href="directive-dict.html#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a> Apache 1.2
-      (partially), Apache 1.3<br />
-       
-
-      <p>The <code>RewriteRule</code> directive is the real
-      rewriting workhorse. The directive can occur more than once.
-      Each directive then defines one single rewriting rule. The
-      <strong>definition order</strong> of these rules is
-      <strong>important</strong>, because this order is used when
-      applying the rules at run-time.</p>
-
-      <p><a id="patterns" name="patterns"><em>Pattern</em></a> can
-      be (for Apache 1.1.x a System V8 and for Apache 1.2.x and
-      later a POSIX) <a id="regexp" name="regexp">regular
-      expression</a> which gets applied to the current URL. Here
-      ``current'' means the value of the URL when this rule gets
-      applied. This may not be the originally requested URL,
-      because any number of rules may already
-      have matched and made alterations to it.</p>
-
-      <p>Some hints about the syntax of regular expressions:</p>
-
-      <table bgcolor="#F0F0F0" cellspacing="0" cellpadding="5">
-        <tr>
-          <td valign="TOP">
-<pre>
-<strong>Text:</strong>
-  <strong><code>.</code></strong>           Any single character
-  <strong><code>[</code></strong>chars<strong><code>]</code></strong>     Character class: One  of chars
-  <strong><code>[^</code></strong>chars<strong><code>]</code></strong>    Character class: None of chars
-  text1<strong><code>|</code></strong>text2 Alternative: text1 or text2
-
-<strong>Quantifiers:</strong>
-  <strong><code>?</code></strong>           0 or 1 of the preceding text
-  <strong><code>*</code></strong>           0 or N of the preceding text (N &gt; 0)
-  <strong><code>+</code></strong>           1 or N of the preceding text (N &gt; 1)
-
-<strong>Grouping:</strong>
-  <strong><code>(</code></strong>text<strong><code>)</code></strong>      Grouping of text
-              (either to set the borders of an alternative or
-              for making backreferences where the <strong>N</strong>th group can 
-              be used on the RHS of a RewriteRule with <code>$</code><strong>N</strong>)
-
-<strong>Anchors:</strong>
-  <strong><code>^</code></strong>           Start of line anchor
-  <strong><code>$</code></strong>           End   of line anchor
-
-<strong>Escaping:</strong>
-  <strong><code>\</code></strong>char       escape that particular char
-              (for instance to specify the chars "<code>.[]()</code>" <em>etc.</em>)
-</pre>
-          </td>
-        </tr>
-      </table>
-
-      <p>For more information about regular expressions either have
-      a look at your local regex(3) manpage or its
-      <code>src/regex/regex.3</code> copy in the Apache 1.3
-      distribution. If you are interested in more detailed
-      information about regular expressions and their variants
-      (POSIX regex, Perl regex, <em>etc.</em>) have a look at the
-      following dedicated book on this topic:</p>
-
-      <blockquote>
-        <em>Mastering Regular Expressions</em><br />
-         Jeffrey E.F. Friedl<br />
-         Nutshell Handbook Series<br />
-         O'Reilly &amp; Associates, Inc. 1997<br />
-         ISBN 1-56592-257-3<br />
-      </blockquote>
-
-      <p>Additionally in mod_rewrite the NOT character
-      ('<code>!</code>') is a possible pattern prefix. This gives
-      you the ability to negate a pattern; to say, for instance:
-      ``<em>if the current URL does <strong>NOT</strong> match this
-      pattern</em>''. This can be used for exceptional cases, where
-      it is easier to match the negative pattern, or as a last
-      default rule.</p>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Notice:</strong> When using the NOT character
-          to negate a pattern you cannot have grouped wildcard
-          parts in the pattern. This is impossible because when the
-          pattern does NOT match, there are no contents for the
-          groups. In consequence, if negated patterns are used, you
-          cannot use <code>$N</code> in the substitution
-          string!</td>
-        </tr>
-      </table>
-
-      <p><a id="rhs" name="rhs"><em>Substitution</em></a> of a
-      rewriting rule is the string which is substituted for (or
-      replaces) the original URL for which <em>Pattern</em>
-      matched. Beside plain text you can use</p>
-
-      <ol>
-        <li>back-references <code>$N</code> to the RewriteRule
-        pattern</li>
-
-        <li>back-references <code>%N</code> to the last matched
-        RewriteCond pattern</li>
-
-        <li>server-variables as in rule condition test-strings
-        (<code>%{VARNAME}</code>)</li>
-
-        <li><a href="#mapfunc">mapping-function</a> calls
-        (<code>${mapname:key|default}</code>)</li>
-      </ol>
-      Back-references are <code>$</code><strong>N</strong>
-      (<strong>N</strong>=0..9) identifiers which will be replaced
-      by the contents of the <strong>N</strong>th group of the
-      matched <em>Pattern</em>. The server-variables are the same
-      as for the <em>TestString</em> of a <code>RewriteCond</code>
-      directive. The mapping-functions come from the
-      <code>RewriteMap</code> directive and are explained there.
-      These three types of variables are expanded in the order of
-      the above list. 
-
-      <p>As already mentioned above, all the rewriting rules are
-      applied to the <em>Substitution</em> (in the order of
-      definition in the config file). The URL is <strong>completely
-      replaced</strong> by the <em>Substitution</em> and the
-      rewriting process goes on until there are no more rules
-      unless explicitly terminated by a
-      <code><strong>L</strong></code> flag - see below.</p>
-
-      <p>There is a special substitution string named
-      '<code>-</code>' which means: <strong>NO
-      substitution</strong>! Sounds silly? No, it is useful to
-      provide rewriting rules which <strong>only</strong> match
-      some URLs but do no substitution, <em>e.g.</em>, in
-      conjunction with the <strong>C</strong> (chain) flag to be
-      able to have more than one pattern to be applied before a
-      substitution occurs.</p>
-
-      <p>One more note: You can even create URLs in the
-      substitution string containing a query string part. Just use
-      a question mark inside the substitution string to indicate
-      that the following stuff should be re-injected into the
-      QUERY_STRING. When you want to erase an existing query
-      string, end the substitution string with just the question
-      mark.</p>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Note</strong>: There is a special feature:
-          When you prefix a substitution field with
-          <code>http://</code><em>thishost</em>[<em>:thisport</em>]
-          then <strong>mod_rewrite</strong> automatically strips it
-          out. This auto-reduction on implicit external redirect
-          URLs is a useful and important feature when used in
-          combination with a mapping-function which generates the
-          hostname part. Have a look at the first example in the
-          example section below to understand this.</td>
-        </tr>
-      </table>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Remember:</strong> An unconditional external
-          redirect to your own server will not work with the prefix
-          <code>http://thishost</code> because of this feature. To
-          achieve such a self-redirect, you have to use the
-          <strong>R</strong>-flag (see below).</td>
-        </tr>
-      </table>
-
-      <p>Additionally you can set special flags for
-      <em>Substitution</em> by appending</p>
-
-      <blockquote>
-        <strong><code>[</code><em>flags</em><code>]</code></strong>
-      </blockquote>
-      as the third argument to the <code>RewriteRule</code>
-      directive. <em>Flags</em> is a comma-separated list of the
-      following flags: 
-
-      <ul>
-        <li>
-          '<strong><code>redirect|R</code>
-          [=<em>code</em>]</strong>' (force <a id="redirect"
-          name="redirect"><strong>r</strong>edirect</a>)<br />
-           Prefix <em>Substitution</em> with
-          <code>http://thishost[:thisport]/</code> (which makes the
-          new URL a URI) to force a external redirection. If no
-          <em>code</em> is given a HTTP response of 302 (MOVED
-          TEMPORARILY) is used. If you want to use other response
-          codes in the range 300-400 just specify them as a number
-          or use one of the following symbolic names:
-          <code>temp</code> (default), <code>permanent</code>,
-          <code>seeother</code>. Use it for rules which should
-          canonicalize the URL and give it back to the client,
-          <em>e.g.</em>, translate ``<code>/~</code>'' into
-          ``<code>/u/</code>'' or always append a slash to
-          <code>/u/</code><em>user</em>, etc.<br />
-           
-
-          <p><strong>Note:</strong> When you use this flag, make
-          sure that the substitution field is a valid URL! If not,
-          you are redirecting to an invalid location! And remember
-          that this flag itself only prefixes the URL with
-          <code>http://thishost[:thisport]/</code>, rewriting
-          continues. Usually you also want to stop and do the
-          redirection immediately. To stop the rewriting you also
-          have to provide the 'L' flag.</p>
-        </li>
-
-        <li>'<strong><code>forbidden|F</code></strong>' (force URL
-        to be <strong>f</strong>orbidden)<br />
-         This forces the current URL to be forbidden,
-        <em>i.e.</em>, it immediately sends back a HTTP response of
-        403 (FORBIDDEN). Use this flag in conjunction with
-        appropriate RewriteConds to conditionally block some
-        URLs.</li>
-
-        <li>'<strong><code>gone|G</code></strong>' (force URL to be
-        <strong>g</strong>one)<br />
-         This forces the current URL to be gone, <em>i.e.</em>, it
-        immediately sends back a HTTP response of 410 (GONE). Use
-        this flag to mark pages which no longer exist as gone.</li>
-
-        <li>
-          '<strong><code>proxy|P</code></strong>' (force
-          <strong>p</strong>roxy)<br />
-           This flag forces the substitution part to be internally
-          forced as a proxy request and immediately (<em>i.e.</em>,
-          rewriting rule processing stops here) put through the <a
-          href="mod_proxy.html">proxy module</a>. You have to make
-          sure that the substitution string is a valid URI
-          (<em>e.g.</em>, typically starting with
-          <code>http://</code><em>hostname</em>) which can be
-          handled by the Apache proxy module. If not you get an
-          error from the proxy module. Use this flag to achieve a
-          more powerful implementation of the <a
-          href="mod_proxy.html#proxypass">ProxyPass</a> directive,
-          to map some remote stuff into the namespace of the local
-          server. 
-
-          <p>Notice: To use this functionality make sure you have
-          the proxy module compiled into your Apache server
-          program. If you don't know please check whether
-          <code>mod_proxy.c</code> is part of the ``<code>httpd
-          -l</code>'' output. If yes, this functionality is
-          available to mod_rewrite. If not, then you first have to
-          rebuild the ``<code>httpd</code>'' program with mod_proxy
-          enabled.</p>
-        </li>
-
-        <li>'<strong><code>last|L</code></strong>'
-        (<strong>l</strong>ast rule)<br />
-         Stop the rewriting process here and don't apply any more
-        rewriting rules. This corresponds to the Perl
-        <code>last</code> command or the <code>break</code> command
-        from the C language. Use this flag to prevent the currently
-        rewritten URL from being rewritten further by following
-        rules. For example, use it to rewrite the root-path URL
-        ('<code>/</code>') to a real one, <em>e.g.</em>,
-        '<code>/e/www/</code>'.</li>
-
-        <li>'<strong><code>next|N</code></strong>'
-        (<strong>n</strong>ext round)<br />
-         Re-run the rewriting process (starting again with the
-        first rewriting rule). Here the URL to match is again not
-        the original URL but the URL from the last rewriting rule.
-        This corresponds to the Perl <code>next</code> command or
-        the <code>continue</code> command from the C language. Use
-        this flag to restart the rewriting process, <em>i.e.</em>,
-        to immediately go to the top of the loop.<br />
-         <strong>But be careful not to create an infinite
-        loop!</strong></li>
-
-        <li>'<strong><code>chain|C</code></strong>'
-        (<strong>c</strong>hained with next rule)<br />
-         This flag chains the current rule with the next rule
-        (which itself can be chained with the following rule,
-        <em>etc.</em>). This has the following effect: if a rule
-        matches, then processing continues as usual, <em>i.e.</em>,
-        the flag has no effect. If the rule does
-        <strong>not</strong> match, then all following chained
-        rules are skipped. For instance, use it to remove the
-        ``<code>.www</code>'' part inside a per-directory rule set
-        when you let an external redirect happen (where the
-        ``<code>.www</code>'' part should not to occur!).</li>
-
-        <li>
-        '<strong><code>type|T</code></strong>=<em>MIME-type</em>'
-        (force MIME <strong>t</strong>ype)<br />
-         Force the MIME-type of the target file to be
-        <em>MIME-type</em>. For instance, this can be used to
-        simulate the <code>mod_alias</code> directive
-        <code>ScriptAlias</code> which internally forces all files
-        inside the mapped directory to have a MIME type of
-        ``<code>application/x-httpd-cgi</code>''.</li>
-
-        <li>
-          '<strong><code>nosubreq|NS</code></strong>' (used only if
-          <strong>n</strong>o internal
-          <strong>s</strong>ub-request)<br />
-           This flag forces the rewriting engine to skip a
-          rewriting rule if the current request is an internal
-          sub-request. For instance, sub-requests occur internally
-          in Apache when <code>mod_include</code> tries to find out
-          information about possible directory default files
-          (<code>index.xxx</code>). On sub-requests it is not
-          always useful and even sometimes causes a failure to if
-          the complete set of rules are applied. Use this flag to
-          exclude some rules.<br />
-           
-
-          <p>Use the following rule for your decision: whenever you
-          prefix some URLs with CGI-scripts to force them to be
-          processed by the CGI-script, the chance is high that you
-          will run into problems (or even overhead) on
-          sub-requests. In these cases, use this flag.</p>
-        </li>
-
-        <li>'<strong><code>nocase|NC</code></strong>'
-        (<strong>n</strong>o <strong>c</strong>ase)<br />
-         This makes the <em>Pattern</em> case-insensitive,
-        <em>i.e.</em>, there is no difference between 'A-Z' and
-        'a-z' when <em>Pattern</em> is matched against the current
-        URL.</li>
-
-        <li>'<strong><code>qsappend|QSA</code></strong>'
-        (<strong>q</strong>uery <strong>s</strong>tring
-        <strong>a</strong>ppend)<br />
-         This flag forces the rewriting engine to append a query
-        string part in the substitution string to the existing one
-        instead of replacing it. Use this when you want to add more
-        data to the query string via a rewrite rule.</li>
-
-        <li>
-          '<strong><code>noescape|NE</code></strong>'
-          (<strong>n</strong>o URI <strong>e</strong>scaping of
-          output)<br />
-           This flag keeps mod_rewrite from applying the usual URI
-          escaping rules to the result of a rewrite. Ordinarily,
-          special characters (such as '%', '$', ';', and so on)
-          will be escaped into their hexcode equivalents ('%25',
-          '%24', and '%3B', respectively); this flag prevents this
-          from being done. This allows percent symbols to appear in
-          the output, as in 
-<pre>
-    RewriteRule /foo/(.*) /bar?arg=P1\%3d$1 [R,NE]
-   
-</pre>
-          which would turn '<code>/foo/zed</code>' into a safe
-          request for '<code>/bar?arg=P1=zed</code>'. 
-
-          <table width="70%" border="0" bgcolor="#E0E0F0"
-          cellspacing="0" cellpadding="10">
-            <tr>
-              <td><strong>Notice:</strong> The
-              <code>noescape</code> flag is only available with
-              Apache 1.3.20 and later versions.</td>
-            </tr>
-          </table>
-        </li>
-
-        <li>
-          '<strong><code>passthrough|PT</code></strong>'
-          (<strong>p</strong>ass <strong>t</strong>hrough to next
-          handler)<br />
-           This flag forces the rewriting engine to set the
-          <code>uri</code> field of the internal
-          <code>request_rec</code> structure to the value of the
-          <code>filename</code> field. This flag is just a hack to
-          be able to post-process the output of
-          <code>RewriteRule</code> directives by
-          <code>Alias</code>, <code>ScriptAlias</code>,
-          <code>Redirect</code>, <em>etc.</em> directives from
-          other URI-to-filename translators. A trivial example to
-          show the semantics: If you want to rewrite
-          <code>/abc</code> to <code>/def</code> via the rewriting
-          engine of <code>mod_rewrite</code> and then
-          <code>/def</code> to <code>/ghi</code> with
-          <code>mod_alias</code>: 
-<pre>
-    RewriteRule ^/abc(.*)  /def$1 [PT]
-    Alias       /def       /ghi
-   
-</pre>
-          If you omit the <code>PT</code> flag then
-          <code>mod_rewrite</code> will do its job fine,
-          <em>i.e.</em>, it rewrites <code>uri=/abc/...</code> to
-          <code>filename=/def/...</code> as a full API-compliant
-          URI-to-filename translator should do. Then
-          <code>mod_alias</code> comes and tries to do a
-          URI-to-filename transition which will not work. 
-
-          <p>Note: <strong>You have to use this flag if you want to
-          intermix directives of different modules which contain
-          URL-to-filename translators</strong>. The typical example
-          is the use of <code>mod_alias</code> and
-          <code>mod_rewrite</code>..</p>
-        </li>
-
-        <li>'<strong><code>skip|S</code></strong>=<em>num</em>'
-        (<strong>s</strong>kip next rule(s))<br />
-         This flag forces the rewriting engine to skip the next
-        <em>num</em> rules in sequence when the current rule
-        matches. Use this to make pseudo if-then-else constructs:
-        The last rule of the then-clause becomes
-        <code>skip=N</code> where N is the number of rules in the
-        else-clause. (This is <strong>not</strong> the same as the
-        'chain|C' flag!)</li>
-
-        <li>
-        '<strong><code>env|E=</code></strong><em>VAR</em>:<em>VAL</em>'
-        (set <strong>e</strong>nvironment variable)<br />
-         This forces an environment variable named <em>VAR</em> to
-        be set to the value <em>VAL</em>, where <em>VAL</em> can
-        contain regexp backreferences <code>$N</code> and
-        <code>%N</code> which will be expanded. You can use this
-        flag more than once to set more than one variable. The
-        variables can be later dereferenced in many situations, but
-        usually from within XSSI (via <code>&lt;!--#echo
-        var="VAR"--&gt;</code>) or CGI (<em>e.g.</em>
-        <code>$ENV{'VAR'}</code>). Additionally you can dereference
-        it in a following RewriteCond pattern via
-        <code>%{ENV:VAR}</code>. Use this to strip but remember
-        information from URLs.</li>
-      </ul>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td>
-            <strong>Note:</strong> Never forget that
-            <em>Pattern</em> is applied to a complete URL in
-            per-server configuration files. <strong>But in
-            per-directory configuration files, the per-directory
-            prefix (which always is the same for a specific
-            directory!) is automatically <em>removed</em> for the
-            pattern matching and automatically <em>added</em> after
-            the substitution has been done.</strong> This feature
-            is essential for many sorts of rewriting, because
-            without this prefix stripping you have to match the
-            parent directory which is not always possible. 
-
-            <p>There is one exception: If a substitution string
-            starts with ``<code>http://</code>'' then the directory
-            prefix will <strong>not</strong> be added and an
-            external redirect or proxy throughput (if flag
-            <strong>P</strong> is used!) is forced!</p>
-          </td>
-        </tr>
-      </table>
-
-      <table width="70%" border="0" bgcolor="#E0E0F0"
-      cellspacing="0" cellpadding="10">
-        <tr>
-          <td><strong>Note:</strong> To enable the rewriting engine
-          for per-directory configuration files you need to set
-          ``<code>RewriteEngine On</code>'' in these files
-          <strong>and</strong> ``<code>Options
-          FollowSymLinks</code>'' must be enabled. If your
-          administrator has disabled override of
-          <code>FollowSymLinks</code> for a user's directory, then
-          you cannot use the rewriting engine. This restriction is
-          needed for security reasons.</td>
-        </tr>
-      </table>
-
-      <p>Here are all possible substitution combinations and their
-      meanings:</p>
-
-      <p><strong>Inside per-server configuration
-      (<code>httpd.conf</code>)<br />
-       for request ``<code>GET
-      /somepath/pathinfo</code>'':</strong><br />
-      </p>
-
-      <table bgcolor="#F0F0F0" cellspacing="0" cellpadding="5">
-        <tr>
-          <td>
-<pre>
-<strong>Given Rule</strong>                                      <strong>Resulting Substitution</strong>
-----------------------------------------------  ----------------------------------
-^/somepath(.*) otherpath$1                      not supported, because invalid!
-
-^/somepath(.*) otherpath$1  [R]                 not supported, because invalid!
-
-^/somepath(.*) otherpath$1  [P]                 not supported, because invalid!
-----------------------------------------------  ----------------------------------
-^/somepath(.*) /otherpath$1                     /otherpath/pathinfo
-
-^/somepath(.*) /otherpath$1 [R]                 http://thishost/otherpath/pathinfo
-                                                via external redirection
-
-^/somepath(.*) /otherpath$1 [P]                 not supported, because silly!
-----------------------------------------------  ----------------------------------
-^/somepath(.*) http://thishost/otherpath$1      /otherpath/pathinfo
-
-^/somepath(.*) http://thishost/otherpath$1 [R]  http://thishost/otherpath/pathinfo
-                                                via external redirection
-
-^/somepath(.*) http://thishost/otherpath$1 [P]  not supported, because silly!
-----------------------------------------------  ----------------------------------
-^/somepath(.*) http://otherhost/otherpath$1     http://otherhost/otherpath/pathinfo
-                                                via external redirection
-
-^/somepath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
-                                                via external redirection
-                                                (the [R] flag is redundant)
-
-^/somepath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
-                                                via internal proxy
-</pre>
-          </td>
-        </tr>
-      </table>
-
-      <p><strong>Inside per-directory configuration for
-      <code>/somepath</code><br />
-       (<em>i.e.</em>, file <code>.htaccess</code> in dir
-      <code>/physical/path/to/somepath</code> containing
-      <code>RewriteBase /somepath</code>)<br />
-       for request ``<code>GET
-      /somepath/localpath/pathinfo</code>'':</strong><br />
-      </p>
-
-      <table bgcolor="#F0F0F0" cellspacing="0" cellpadding="5">
-        <tr>
-          <td>
-<pre>
-<strong>Given Rule</strong>                                      <strong>Resulting Substitution</strong>
-----------------------------------------------  ----------------------------------
-^localpath(.*) otherpath$1                      /somepath/otherpath/pathinfo
-
-^localpath(.*) otherpath$1  [R]                 http://thishost/somepath/otherpath/pathinfo
-                                                via external redirection
-
-^localpath(.*) otherpath$1  [P]                 not supported, because silly!
-----------------------------------------------  ----------------------------------
-^localpath(.*) /otherpath$1                     /otherpath/pathinfo
-
-^localpath(.*) /otherpath$1 [R]                 http://thishost/otherpath/pathinfo
-                                                via external redirection
-
-^localpath(.*) /otherpath$1 [P]                 not supported, because silly!
-----------------------------------------------  ----------------------------------
-^localpath(.*) http://thishost/otherpath$1      /otherpath/pathinfo
-
-^localpath(.*) http://thishost/otherpath$1 [R]  http://thishost/otherpath/pathinfo
-                                                via external redirection
-
-^localpath(.*) http://thishost/otherpath$1 [P]  not supported, because silly!
-----------------------------------------------  ----------------------------------
-^localpath(.*) http://otherhost/otherpath$1     http://otherhost/otherpath/pathinfo
-                                                via external redirection
-
-^localpath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
-                                                via external redirection
-                                                (the [R] flag is redundant)
-
-^localpath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
-                                                via internal proxy
-</pre>
-          </td>
-        </tr>
-      </table>
-
-      <p><strong>Example:</strong></p>
-
-      <blockquote>
-        We want to rewrite URLs of the form 
-
-        <blockquote>
-          <code>/</code> <em>Language</em> <code>/~</code>
-          <em>Realname</em> <code>/.../</code> <em>File</em>
-        </blockquote>
-        into 
-
-        <blockquote>
-          <code>/u/</code> <em>Username</em> <code>/.../</code>
-          <em>File</em> <code>.</code> <em>Language</em>
-        </blockquote>
-
-        <p>We take the rewrite mapfile from above and save it under
-        <code>/path/to/file/map.txt</code>. Then we only have to
-        add the following lines to the Apache server configuration
-        file:</p>
-
-        <blockquote>
-<pre>
-RewriteLog   /path/to/file/rewrite.log
-RewriteMap   real-to-user               txt:/path/to/file/map.txt
-RewriteRule  ^/([^/]+)/~([^/]+)/(.*)$   /u/${real-to-user:$2|nobody}/$3.$1
-</pre>
-        </blockquote>
-      </blockquote>
-      <hr noshade="noshade" size="1" />
-
-      <center>
-        <h1><a id="Miscelleneous"
-        name="Miscelleneous">Miscellaneous</a></h1>
-      </center>
-      <hr noshade="noshade" size="1" />
-
-      <h2><a id="EnvVar" name="EnvVar">Environment
-      Variables</a></h2>
-      This module keeps track of two additional (non-standard)
-      CGI/SSI environment variables named <code>SCRIPT_URL</code>
-      and <code>SCRIPT_URI</code>. These contain the
-      <em>logical</em> Web-view to the current resource, while the
-      standard CGI/SSI variables <code>SCRIPT_NAME</code> and
-      <code>SCRIPT_FILENAME</code> contain the <em>physical</em>
-      System-view. 
-
-      <p>Notice: These variables hold the URI/URL <em>as they were
-      initially requested</em>, <em>i.e.</em>, <em>before</em> any
-      rewriting. This is important because the rewriting process is
-      primarily used to rewrite logical URLs to physical
-      pathnames.</p>
-
-      <p><strong>Example:</strong></p>
-
-      <blockquote>
-<pre>
-SCRIPT_NAME=/sw/lib/w3s/tree/global/u/rse/.www/index.html
-SCRIPT_FILENAME=/u/rse/.www/index.html
-SCRIPT_URL=/u/rse/
-SCRIPT_URI=http://en1.engelschall.com/u/rse/
-</pre>
-      </blockquote>
-      <hr noshade="noshade" size="1" />
-
-      <h2><a id="Solutions" name="Solutions">Practical
-      Solutions</a></h2>
-      We also have an <a href="../misc/rewriteguide.html">URL
-      Rewriting Guide</a> available, which provides a collection of
-      practical solutions for URL-based problems. There you can
-      find real-life rulesets and additional information about
-      mod_rewrite. 
-    </blockquote>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    <!-- page indentation -->
-    <!--/%hypertext -->
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html
deleted file mode 100644
index 2837e4619b9..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html
+++ /dev/null
@@ -1,341 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_setenvif</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_setenvif</h1>
-
-    <p>This module provides the ability to set environment
-    variables based upon attributes of the request.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_setenvif.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    setenvif_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>The <samp>mod_setenvif</samp> module allows you to set
-    environment variables according to whether different aspects of
-    the request match <a href="../misc/FAQ.html#regex">regular
-    expressions</a> you specify. These environment variables can be
-    used by other parts of the server to make decisions about
-    actions to be taken.</p>
-
-    <p>The directives are considered in the order they appear in
-    the configuration files. So more complex sequences can be used,
-    such as this example, which sets <code>netscape</code> if the
-    browser is mozilla but not MSIE.</p>
-
-    <blockquote>
-<pre>
-  BrowserMatch ^Mozilla netscape
-  BrowserMatch MSIE !netscape
- 
-</pre>
-    </blockquote>
-
-    <p>For additional information, we provide a document on <a
-    href="../env.html">Environment Variables in Apache</a>.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#browsermatch">BrowserMatch</a></li>
-
-      <li><a href="#browsermatchnocase">BrowserMatchNoCase</a></li>
-
-      <li><a href="#setenvif">SetEnvIf</a></li>
-
-      <li><a href="#setenvifnocase">SetEnvIfNoCase</a></li>
-    </ul>
-    <hr />
-    <!-- the HR is part of the directive description -->
-
-    <h2><a id="browsermatch" name="browsermatch">BrowserMatch
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> BrowserMatch <em>regex
-    env-variable</em>[=<em>value</em>]
-    [<em>env-variable</em>[=<em>value</em>]] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <i>none</i><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_setenvif<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.2 and
-    above (in Apache 1.2 this directive was found in the
-    now-obsolete mod_browser module); use in .htaccess files only
-    supported with 1.3.13 and later</p>
-
-    <p>The BrowserMatch directive defines environment variables
-    based on the <samp>User-Agent</samp> HTTP request header field.
-    The first argument should be a POSIX.2 extended regular
-    expression (similar to an <samp>egrep</samp>-style regex). The
-    rest of the arguments give the names of variables to set, and
-    optionally values to which they should be set. These take the
-    form of</p>
-
-    <ol>
-      <li><samp><em>varname</em></samp>, or</li>
-
-      <li><samp>!<em>varname</em></samp>, or</li>
-
-      <li><samp><em>varname</em>=<em>value</em></samp></li>
-    </ol>
-
-    <p>In the first form, the value will be set to "1". The second
-    will remove the given variable if already defined, and the
-    third will set the variable to the value given by
-    <samp><em>value</em></samp>. If a <samp>User-Agent</samp>
-    string matches more than one entry, they will be merged.
-    Entries are processed in the order in which they appear, and
-    later entries can override earlier ones.</p>
-
-    <p>For example:</p>
-<pre>
-    BrowserMatch ^Mozilla forms jpeg=yes browser=netscape
-    BrowserMatch "^Mozilla/[2-3]" tables agif frames javascript
-    BrowserMatch MSIE !javascript
- 
-</pre>
-
-    <p>Note that the regular expression string is
-    <strong>case-sensitive</strong>. For case-INsensitive matching,
-    see the <a
-    href="#browsermatchnocase"><samp>BrowserMatchNoCase</samp></a>
-    directive.</p>
-
-    <p>The <samp>BrowserMatch</samp> and
-    <samp>BrowserMatchNoCase</samp> directives are special cases of
-    the <a href="#setenvif"><samp>SetEnvIf</samp></a> and <a
-    href="#setenvifnocase"><samp>SetEnvIfNoCase</samp></a>
-    directives. The following two lines have the same effect:</p>
-<pre>
-   BrowserMatchNoCase Robot is_a_robot
-   SetEnvIfNoCase User-Agent Robot is_a_robot
- 
-</pre>
-    <hr />
-    <!-- the HR is part of the directive description -->
-
-    <h2><a id="browsermatchnocase"
-    name="browsermatchnocase">BrowserMatchNoCase directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> BrowserMatchNoCase
-    <em>regex env-variable</em>[=<em>value</em>]
-    [<em>env-variable</em>[=<em>value</em>]] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>none</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_setenvif<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.2 and
-    above (in Apache 1.2 this directive was found in the
-    now-obsolete mod_browser module)</p>
-
-    <p>The <samp>BrowserMatchNoCase</samp> directive is
-    semantically identical to the <a
-    href="#BrowserMatch"><samp>BrowserMatch</samp></a> directive.
-    However, it provides for case-insensitive matching. For
-    example:</p>
-<pre>
-    BrowserMatchNoCase mac platform=macintosh
-    BrowserMatchNoCase win platform=windows
- 
-</pre>
-
-    <p>The <samp>BrowserMatch</samp> and
-    <samp>BrowserMatchNoCase</samp> directives are special cases of
-    the <a href="#setenvif"><samp>SetEnvIf</samp></a> and <a
-    href="#SetEnvIfNoCase"><samp>SetEnvIfNoCase</samp></a>
-    directives. The following two lines have the same effect:</p>
-<pre>
-   BrowserMatchNoCase Robot is_a_robot
-   SetEnvIfNoCase User-Agent Robot is_a_robot
- 
-</pre>
-    <hr />
-    <!-- the HR is part of the directive description -->
-
-    <h2><a id="setenvif" name="setenvif">SetEnvIf
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> SetEnvIf <em>attribute
-    regex env-variable</em>[=<em>value</em>]
-    [<em>env-variable</em>[=<em>value</em>]] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>none</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_setenvif<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.3 and
-    above; the Request_Protocol keyword and environment-variable
-    matching are only available with 1.3.7 and later; use in
-    .htaccess files only supported with 1.3.13 and later</p>
-
-    <p>The <samp>SetEnvIf</samp> directive defines environment
-    variables based on attributes of the request. These attributes
-    can be the values of various HTTP request header fields (see <a
-    href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC2616</a>
-    for more information about these), or of other aspects of the
-    request, including the following:</p>
-
-    <ul>
-      <li><samp>Remote_Host</samp> - the hostname (if available) of
-      the client making the request</li>
-
-      <li><samp>Remote_Addr</samp> - the IP address of the client
-      making the request</li>
-
-      <li><samp>Remote_User</samp> - the authenticated username (if
-      available)</li>
-
-      <li><samp>Request_Method</samp> - the name of the method
-      being used (<samp>GET</samp>, <samp>POST</samp>, <em>et
-      cetera</em>)</li>
-
-      <li><samp>Request_Protocol</samp> - the name and version of
-      the protocol with which the request was made (<em>e.g.</em>,
-      "HTTP/0.9", "HTTP/1.1", <em>etc.</em>)</li>
-
-      <li><samp>Request_URI</samp> - the portion of the URL
-      following the scheme and host portion</li>
-    </ul>
-
-    <p>Some of the more commonly used request header field names
-    include <samp>Host</samp>, <samp>User-Agent</samp>, and
-    <samp>Referer</samp>.</p>
-
-    <p>If the <em>attribute</em> name doesn't match any of the
-    special keywords, nor any of the request's header field names,
-    it is tested as the name of an environment variable in the list
-    of those associated with the request. This allows
-    <code>SetEnvIf</code> directives to test against the result of
-    prior matches.</p>
-
-    <blockquote>
-      <strong>Only those environment variables defined by earlier
-      <code>SetEnvIf[NoCase]</code> directives are available for
-      testing in this manner. 'Earlier' means that they were
-      defined at a broader scope (such as server-wide) or
-      previously in the current directive's scope.</strong>
-    </blockquote>
-
-    <p>Example:</p>
-<pre>
-   SetEnvIf Request_URI "\.gif$" object_is_image=gif
-   SetEnvIf Request_URI "\.jpg$" object_is_image=jpg
-   SetEnvIf Request_URI "\.xbm$" object_is_image=xbm
-        :
-   SetEnvIf Referer www\.mydomain\.com intra_site_referral
-        :
-   SetEnvIf object_is_image xbm XBIT_PROCESSING=1
- 
-</pre>
-
-    <p>The first three will set the environment variable
-    <samp>object_is_image</samp> if the request was for an image
-    file, and the fourth sets <samp>intra_site_referral</samp> if
-    the referring page was somewhere on the
-    <samp>www.mydomain.com</samp> Web site.</p>
-    <hr />
-    <!-- the HR is part of the directive description -->
-
-    <h2><a id="setenvifnocase" name="setenvifnocase">SetEnvIfNoCase
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> SetEnvIfNoCase
-    <em>attribute regex env-variable</em>[=<em>value</em>]
-    [<em>env-variable</em>[=<em>value</em>]] ...<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>none</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_setenvif<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.3 and
-    above; the Request_Protocol keyword and environment-variable
-    matching are only available with 1.3.7 and later; use in
-    .htaccess files only supported with 1.3.13 and later</p>
-
-    <p>The <samp>SetEnvIfNoCase</samp> is semantically identical to
-    the <a href="#setenvif"><samp>SetEnvIf</samp></a> directive,
-    and differs only in that the regular expression matching is
-    performed in a case-insensitive manner. For example:</p>
-<pre>
-   SetEnvIfNoCase Host Apache\.Org site=apache
- 
-</pre>
-
-    <p>This will cause the <samp>site</samp> environment variable
-    to be set to "<samp>apache</samp>" if the HTTP request header
-    field <samp>Host:</samp> was included and contained
-    <samp>Apache.Org</samp>, <samp>apache.org</samp>, or any other
-    combination.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html
deleted file mode 100644
index 21b2835e39a..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html
+++ /dev/null
@@ -1,205 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_so</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_so</h1>
-
-    <p>This module provides for loading of executable code and
-    modules into the server at start-up or restart time.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base (Windows);
-    Experimental (Unix)<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_so.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    so_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This is an experimental module. On selected operating
-    systems it can be used to load modules into Apache at runtime
-    via the <a href="../dso.html">Dynamic Shared Object</a> (DSO)
-    mechanism, rather than requiring a recompilation.</p>
-
-    <p>On Unix, the loaded code typically comes from shared object
-    files (usually with <samp>.so</samp> extension), whilst on
-    Windows this module loads <samp>DLL</samp> files. This module
-    is only available in Apache 1.3 and up.</p>
-
-    <p>In previous releases, the functionality of this module was
-    provided for Unix by mod_dld, and for Windows by mod_dll. On
-    Windows, mod_dll was used in beta release 1.3b1 through 1.3b5.
-    mod_so combines these two modules into a single module for all
-    operating systems.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#loadfile">LoadFile</a></li>
-
-      <li><a href="#loadmodule">LoadModule</a></li>
-    </ul>
-
-    <h2><a id="creating" name="creating">Creating DLL Modules for
-    Windows</a></h2>
-
-    <p>The Apache module API is unchanged between the Unix and
-    Windows versions. Many modules will run on Windows with no or
-    little change from Unix, although others rely on aspects of the
-    Unix architecture which are not present in Windows, and will
-    not work.</p>
-
-    <p>When a module does work, it can be added to the server in
-    one of two ways. As with Unix, it can be compiled into the
-    server. Because Apache for Windows does not have the
-    <code>Configure</code> program of Apache for Unix, the module's
-    source file must be added to the ApacheCore project file, and
-    its symbols must be added to the
-    <code>os\win32\modules.c</code> file.</p>
-
-    <p>The second way is to compile the module as a DLL, a shared
-    library that can be loaded into the server at runtime, using
-    the <code><a href="#loadmodule">LoadModule</a></code>
-    directive. These module DLLs can be distributed and run on any
-    Apache for Windows installation, without recompilation of the
-    server.</p>
-
-    <p>To create a module DLL, a small change is necessary to the
-    module's source file: The module record must be exported from
-    the DLL (which will be created later; see below). To do this,
-    add the <code>MODULE_VAR_EXPORT</code> (defined in the Apache
-    header files) to your module's module record definition. For
-    example, if your module has:</p>
-<pre>
-    module foo_module;
-</pre>
-
-    <p>Replace the above with:</p>
-<pre>
-    module MODULE_VAR_EXPORT foo_module;
-</pre>
-
-    <p>Note that this will only be activated on Windows, so the
-    module can continue to be used, unchanged, with Unix if needed.
-    Also, if you are familiar with <code>.DEF</code> files, you can
-    export the module record with that method instead.</p>
-
-    <p>Now, create a DLL containing your module. You will need to
-    link this against the ApacheCore.lib export library that is
-    created when the ApacheCore.dll shared library is compiled. You
-    may also have to change the compiler settings to ensure that
-    the Apache header files are correctly located.</p>
-
-    <p>This should create a DLL version of your module. Now simply
-    place it in the <samp>modules</samp> directory of your server
-    root, and use the <code><a
-    href="#loadmodule">LoadModule</a></code> directive to load
-    it.</p>
-    <hr />
-
-    <h2><a id="loadfile" name="loadfile">LoadFile</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LoadFile
-    <em>filename</em> [<em>filename</em>] ...<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_so 
-
-    <p>The LoadFile directive links in the named object files or
-    libraries when the server is started or restarted; this is used
-    to load additional code which may be required for some module
-    to work. <em>Filename</em> is either an absolute path or
-    relative to <a href="core.html#serverroot">ServerRoot</a>.</p>
-
-    <p>For example:</p>
-    <code>LoadFile libexec/libxmlparse.so</code>
-
-    <hr />
-
-    <h2><a id="loadmodule" name="loadmodule">LoadModule</a>
-    directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> LoadModule <em>module
-    filename</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_so 
-
-    <p>The LoadModule directive links in the object file or library
-    <em>filename</em> and adds the module structure named
-    <em>module</em> to the list of active modules. <em>Module</em>
-    is the name of the external variable of type
-    <code>module</code> in the file, and is listed as the <a
-    href="module-dict.html#ModuleIdentifier">Module Identifier</a>
-    in the module documentation. Example (Unix, and for Windows as
-    of Apache 1.3.15):</p>
-
-    <blockquote>
-      <code>LoadModule status_module modules/mod_status.so</code>
-    </blockquote>
-
-    <p>Example (Windows prior to Apache 1.3.15, and some 3rd party
-    modules):</p>
-
-    <blockquote>
-      <code>LoadModule foo_module modules/ApacheModuleFoo.dll<br />
-      </code>
-    </blockquote>
-
-    <p><strong>Note that all modules bundled with the Apache Win32
-    binary distribution were renamed as of Apache version
-    1.3.15</strong>.</p>
-
-    <p>Win32 Apache modules are often distributed with the old
-    style names, or even a name such as libfoo.dll. Whatever the
-    name of the module, the LoadModule directive requires the exact
-    filename, no assumption is made about the filename
-    extension.</p>
-
-    <p><strong>See also</strong>: <a
-    href="core.html#addmodule">AddModule</a> and <a
-    href="core.html#clearmodulelist">ClearModuleList</a></p>
- 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html b/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html
deleted file mode 100644
index 976f046b806..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html
+++ /dev/null
@@ -1,137 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_speling</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_speling</h1>
-
-    <p>This module attempts to correct misspellings of URLs that
-    users might have entered, by ignoring capitalization and by
-    allowing up to one misspelling.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_speling.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    speling_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later. Available as an External module in Apache
-    1.1 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>Requests to documents sometimes cannot be served by the core
-    apache server because the request was misspelled or
-    miscapitalized. This module addresses this problem by trying to
-    find a matching document, even after all other modules gave up.
-    It does its work by comparing each document name in the
-    requested directory against the requested document name
-    <strong>without regard to case</strong>, and allowing
-    <strong>up to one misspelling</strong> (character insertion /
-    omission / transposition or wrong character). A list is built
-    with all document names which were matched using this
-    strategy.</p>
-
-    <p>If, after scanning the directory,</p>
-
-    <ul>
-      <li>no matching document was found, Apache will proceed as
-      usual and return a "document not found" error.</li>
-
-      <li>only one document is found that "almost" matches the
-      request, then it is returned in the form of a redirection
-      response.</li>
-
-      <li>more than one document with a close match was found, then
-      the list of the matches is returned to the client, and the
-      client can select the correct candidate.</li>
-    </ul>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#checkspelling">CheckSpelling</a></li>
-    </ul>
-    <hr />
-    <!-- the HR is part of the directive description -->
-
-    <h2><a id="checkspelling"
-    name="checkspelling">CheckSpelling</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CheckSpelling
-    on|off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>CheckSpelling
-    Off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> Options <br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_speling<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> CheckSpelling
-    was available as a separately available module for Apache 1.1,
-    but was limited to miscapitalizations. As of Apache 1.3, it is
-    part of the Apache distribution. Prior to Apache 1.3.2, the
-    <samp>CheckSpelling</samp> directive was only available in the
-    "server" and "virtual host" contexts. 
-
-    <p>This directive enables or disables the spelling module. When
-    enabled, keep in mind that</p>
-
-    <ul>
-      <li>the directory scan which is necessary for the spelling
-      correction will have an impact on the server's performance
-      when many spelling corrections have to be performed at the
-      same time.</li>
-
-      <li>the document trees should not contain sensitive files
-      which could be matched inadvertently by a spelling
-      "correction".</li>
-
-      <li>the module is unable to correct misspelled user names (as
-      in <code>http://my.host/~apahce/</code>), just file names or
-      directory names.</li>
-
-      <li>spelling corrections apply strictly to existing files, so
-      a request for the <samp>&lt;Location /status&gt;</samp> may
-      get incorrectly treated as the negotiated file
-      "<samp>/stats.html</samp>".</li>
-    </ul>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html
deleted file mode 100644
index fb39a4440b0..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html
+++ /dev/null
@@ -1,223 +0,0 @@
-<html>
-<head>
-<title>mod_ssl: Title Page</title>
-
-<!--
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above
-     copyright notice, this list of conditions and the following
-     disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above
-     copyright notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment: 
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The name "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission.  
-
-  5. Redistributions of any form whatsoever must retain the
-     following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:active {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:visited {
-    text-decoration: none;
-    color: #6666cc;
-}
-#sf {
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H1 {
-    font-weight: bold;
-    font-size: 24pt;
-    line-height: 24pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H2 {
-    font-weight: bold;
-    font-size: 18pt;
-    line-height: 18pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H3 {
-    font-weight: bold;
-    font-size: 14pt;
-    line-height: 14pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H4 {
-    font-weight: bold;
-    font-size: 12pt;
-    line-height: 12pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#H {
-}
-#D {
-    background-color: #f0f0f0;
-}
-#faq {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#howto {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#term {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_n.src');
-        self.status = '';
-    }
-}
-function ro_imgOver(imgName, descript) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_o.src');
-        self.status = descript;
-    }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_unknown1_n = new Image();
-    ro_img_unknown1_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_unknown1_o = new Image();
-    ro_img_unknown1_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-  <td>
-<br>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-    <td>
-        <table cellspacing="0" cellpadding="0" border="0" summary="">
-        <tr>
-        <td>
-        <img
-           src="ssl_cover_title.jpg"
-           alt="User Manual"
-         width="421" height="73">
-        </td>
-        </tr>
-        <tr>
-        <td align="right">
-        <font face="Arial,Helvetica">mod_ssl version 2.8</font> &nbsp;&nbsp;
-        </td>
-        </tr>
-        </table>
-        <br>
-    </td>
-</tr>
-<tr>
-    <td>
-        <a
-           href="http://www.modssl.org/"
-><img
-           src="ssl_cover_logo.jpg"
-           alt="mod_ssl - The Apache Interface to OpenSSL"
-           border="0"
-         width="504" height="231"></a>
-    </td>
-</tr>
-<tr>
-    <td align="right">
-        <table summary="">
-        <tr>
-            <td>
-                <tt>Ralf S. Engelschall</tt><br>
-                <tt>rse@engelschall.com</tt><br>
-                <tt>www.engelschall.com</tt><br>
-            </td>
-            <td>
-                &nbsp;&nbsp;&nbsp;&nbsp;
-            </td>
-            <td align="right" valign="bottom">
-<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_unknown1', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_unknown1'); return true" onfocus="ro_imgOver('ro_img_unknown1', 'next page'); return true" onblur="ro_imgNormal('ro_img_unknown1'); return true"><img name="ro_img_unknown1" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br>Overview
-            </td>
-            <td>
-            <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="30" height="1" align="bottom" border="0">
-            </td>
-        </tr>
-        </table>
-    </td>
-</tr>
-</table>
-  </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.gfont000.gif
deleted file mode 100644
index 3131a672bf9..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.gfont000.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html
deleted file mode 100644
index 391c0668c60..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html
+++ /dev/null
@@ -1,551 +0,0 @@
-<html>
-<head>
-<title>mod_ssl: Compatibility</title>
-
-<!--
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above
-     copyright notice, this list of conditions and the following
-     disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above
-     copyright notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment: 
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The name "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission.  
-
-  5. Redistributions of any form whatsoever must retain the
-     following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:active {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:visited {
-    text-decoration: none;
-    color: #6666cc;
-}
-#sf {
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H1 {
-    font-weight: bold;
-    font-size: 24pt;
-    line-height: 24pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H2 {
-    font-weight: bold;
-    font-size: 18pt;
-    line-height: 18pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H3 {
-    font-weight: bold;
-    font-size: 14pt;
-    line-height: 14pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H4 {
-    font-weight: bold;
-    font-size: 12pt;
-    line-height: 12pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#H {
-}
-#D {
-    background-color: #f0f0f0;
-}
-#faq {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#howto {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#term {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_n.src');
-        self.status = '';
-    }
-}
-function ro_imgOver(imgName, descript) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_o.src');
-        self.status = descript;
-    }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_top_n = new Image();
-    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_top_o = new Image();
-    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_bot_n = new Image();
-    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_bot_o = new Image();
-    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_top_n = new Image();
-    ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_top_o = new Image();
-    ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_bot_n = new Image();
-    ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_bot_o = new Image();
-    ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-  <td>
-      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
-      <table width="600" cellspacing="0" cellpadding="0" summary="">
-      <tr>
-        <td>
-        <table width="600" summary="">
-        <tr>
-            <td align="left" valign="bottom">
-            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
-            </td>
-            <td align="right">
-              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-4.gif" alt="4" width="74" height="89">
-            </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td>
-          <br>
-          <img src="ssl_template.title-compat.gif" alt="Compatibility" width="456" height="60">
-        </td>
-      </tr>
-      </table>
-<div align="right">
-<table cellspacing="0" cellpadding="0" width="200" summary="">
-<tr>
-<td>
-<em>
-All PCs are compatible. But some of
-them are more compatible than others.
-</em>
-</td>
-</tr>
-<tr>
-<td align="right">
-<font size="-1">
-Unknown
-</font>
-</td>
-</tr>
-</table>
-</div>
-<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_compat.gfont000.gif" alt="H" width="40" height="34" border="0" align="left">
-ere we talk about backward compatibility to other SSL solutions. As you
-perhaps know, mod_ssl is not the only existing SSL solution for Apache.
-Actually there are four additional major products available on the market: Ben
-Laurie's freely available <a href="http://www.apache-ssl.org/">Apache-SSL</a>
-(from where mod_ssl were originally derived in 1998), RedHat's commercial <a
-href="http://www.redhat.com/products/product-details.phtml?id=rhsa">Secure Web
-Server</a> (which is based on mod_ssl), Covalent's commercial <a
-href="http://raven.covalent.net/">Raven SSL Module</a> (also based on mod_ssl)
-and finally C2Net's commercial product <a
-href="http://www.c2.net/products/stronghold/">Stronghold</a> (based on a
-different evolution branch named Sioux up to Stronghold 2.x and based on
-mod_ssl since Stronghold 3.x).
-</td>
-<td>
-&nbsp;&nbsp;
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC1"><strong>Configuration Directives</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC2"><strong>Environment Variables</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC3"><strong>Custom Log Functions</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
-<p>
-The idea in mod_ssl is mainly the following: because mod_ssl provides mostly a
-superset of the functionality of all other solutions we can easily provide
-backward compatibility for most of the cases. Actually there are three
-compatibility areas we currently address: configuration directives,
-environment variables and custom log functions.
-<h2><a name="ToC1">Configuration Directives</a></h2>
-For backward compatibility to the configuration directives of other SSL
-solutions we do an on-the-fly mapping: directives which have a direct
-counterpart in mod_ssl are mapped silently while other directives lead to a
-warning message in the logfiles. The currently implemented directive mapping
-is listed in <a href="#table1">Table 1</a>. Currently full backward
-compatibilty is provided only for Apache-SSL 1.x and mod_ssl 2.0.x.
-Compatibility to Sioux 1.x and Stronghold 2.x is only partial because of
-special functionality in these interfaces which mod_ssl (still) doesn't
-provide.
-<p>
-<div align="center">
-<a name="table1"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 1: Configuration Directive Mapping</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
-<tr id="D">
-<td><strong>Old Directive</strong></td>
-<td><strong>mod_ssl Directive</strong></td>
-<td><strong>Comment</strong></td>
-</tr>
-<tr id="H"><td colspan="3"><b>Apache-SSL 1.x &amp; mod_ssl 2.0.x compatibility:</b></td></tr>
-<tr id="D"><td><code>SSLEnable</code></td><td><code>SSLEngine on</code></td><td>compactified</td></tr>
-<tr id="H"><td><code>SSLDisable</code></td><td><code>SSLEngine off</code></td><td>compactified</td></tr>
-<tr id="D"><td><code>SSLLogFile</code> <em>file</em></td><td><code>SSLLog</code> <em>file</em></td><td>compactified</td></tr>
-<tr id="H"><td><code>SSLRequiredCiphers</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSLRequireCipher</code> <em>c1</em> ...</td><td><code>SSLRequire %{SSL_CIPHER} in {"</code><em>c1</em><code>", ...}</code></td><td>generalized</td></tr>
-<tr id="H"><td><code>SSLBanCipher</code> <em>c1</em> ...</td><td><code>SSLRequire not (%{SSL_CIPHER} in {"</code><em>c1</em><code>", ...})</code></td><td>generalized</td></tr>
-<tr id="D"><td><code>SSLFakeBasicAuth</td><td><code>SSLOptions +FakeBasicAuth</code></td><td>merged</td></tr>
-<tr id="H"><td><code>SSLCacheServerPath</code> <em>dir</em></td><td>-</td><td>functionality removed</td></tr>
-<tr id="D"><td><code>SSLCacheServerPort</code> <em>integer</em></td><td>-</td><td>functionality removed</td></tr>
-<tr id="H"><td colspan="3"><b>Apache-SSL 1.x compatibility:</b></td></tr>
-<tr id="D"><td><code>SSLExportClientCertificates</td><td><code>SSLOptions +ExportCertData</code></td><td>merged</td></tr>
-<tr id="H"><td><code>SSLCacheServerRunDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="D"><td colspan="3"><b>Sioux 1.x compatibility:</b></td></tr>
-<tr id="H"><td><code>SSL_CertFile</code> <em>file</em></td><td><code>SSLCertificateFile</code> <em>file</em></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_KeyFile</code> <em>file</em></td><td><code>SSLCertificateKeyFile</code> <em>file</em></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CipherSuite</code> <em>arg</em></td><td><code>SSLCipherSuite</code> <em>arg</em></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_X509VerifyDir</code> <em>arg</em></td><td><code>SSLCACertificatePath</code> <em>arg</em></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_Log</code> <em>file</em></td><td><code>SSLLogFile</code> <em>file</em></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_Connect</code> <em>flag</em></td><td><code>SSLEngine</code> <em>flag</em></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_ClientAuth</code> <em>arg</em></td><td><code>SSLVerifyClient</code> <em>arg</em></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_X509VerifyDepth</code> <em>arg</em></td><td><code>SSLVerifyDepth</code> <em>arg</em></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_FetchKeyPhraseFrom</code> <em>arg</em></td><td>-</td><td>not directly mappable; use SSLPassPhraseDialog</td></tr>
-<tr id="D"><td><code>SSL_SessionDir</code> <em>dir</em></td><td>-</td><td>not directly mappable; use SSLSessionCache</td></tr>
-<tr id="H"><td><code>SSL_Require</code> <em>expr</em></td><td>-</td><td>not directly mappable; use SSLRequire</td></tr>
-<tr id="D"><td><code>SSL_CertFileType</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>SSL_KeyFileType</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="D"><td><code>SSL_X509VerifyPolicy</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>SSL_LogX509Attributes</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="D"><td colspan="3"><b>Stronghold 2.x compatibility:</b></td></tr>
-<tr id="H"><td><code>StrongholdAccelerator</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>StrongholdKey</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>StrongholdLicenseFile</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>SSLFlag</code> <em>flag</em></td><td><code>SSLEngine</code> <em>flag</em></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSLSessionLockFile</code> <em>file</em></td><td><code>SSLMutex</code> <em>file</em></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSLCipherList</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
-<tr id="D"><td><code>RequireSSL</code></td><td><code>SSLRequireSSL</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSLErrorFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>SSLRoot</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="D"><td><code>SSL_CertificateLogDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>AuthCertDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="D"><td><code>SSL_Group</code> <em>name</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>SSLProxyMachineCertPath</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="D"><td><code>SSLProxyMachineCertFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>SSLProxyCACertificatePath</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="D"><td><code>SSLProxyCACertificateFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="H"><td><code>SSLProxyVerifyDepth</code> <em>number</em></td><td>-</td><td>functionality not supported</td></tr>
-<tr id="D"><td><code>SSLProxyCipherList</code> <em>spec</em></td><td>-</td><td>functionality not supported</td></tr>
-</table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-<br>
-<h2><a name="ToC2">Environment Variables</a></h2>
-When you use ``<code>SSLOptions +CompatEnvVars</code>'' additional environment
-variables are generated. They all correspond to existing official mod_ssl
-variables. The currently implemented variable derivation is listed in <a
-href="#table2">Table 2</a>.
-<p>
-<div align="center">
-<a name="table2"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 2: Environment Variable Derivation</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
-<tr id="D">
-<td><strong>Old Variable</strong></td>
-<td><strong>mod_ssl Variable</strong></td>
-<td><strong>Comment</strong></td>
-</tr>
-<tr id="H"><td><code>SSL_PROTOCOL_VERSION</code></td><td><code>SSL_PROTOCOL</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSLEAY_VERSION</code></td><td><code>SSL_VERSION_LIBRARY</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>HTTPS_SECRETKEYSIZE</code></td><td><code>SSL_CIPHER_USEKEYSIZE</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>HTTPS_KEYSIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>HTTPS_CIPHER</code></td><td><code>SSL_CIPHER</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>HTTPS_EXPORT</code></td><td><code>SSL_CIPHER_EXPORT</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_KEY_SIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_CERTIFICATE</code></td><td><code>SSL_SERVER_CERT</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_CERT_START</code></td><td><code>SSL_SERVER_V_START</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_CERT_END</code></td><td><code>SSL_SERVER_V_END</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_CERT_SERIAL</code></td><td><code>SSL_SERVER_M_SERIAL</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_SIGNATURE_ALGORITHM</code></td><td><code>SSL_SERVER_A_SIG</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_DN</code></td><td><code>SSL_SERVER_S_DN</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_CN</code></td><td><code>SSL_SERVER_S_DN_CN</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_EMAIL</code></td><td><code>SSL_SERVER_S_DN_Email</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_O</code></td><td><code>SSL_SERVER_S_DN_O</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_OU</code></td><td><code>SSL_SERVER_S_DN_OU</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_C</code></td><td><code>SSL_SERVER_S_DN_C</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_SP</code></td><td><code>SSL_SERVER_S_DN_SP</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_L</code></td><td><code>SSL_SERVER_S_DN_L</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_IDN</code></td><td><code>SSL_SERVER_I_DN</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_ICN</code></td><td><code>SSL_SERVER_I_DN_CN</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_IEMAIL</code></td><td><code>SSL_SERVER_I_DN_Email</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_IO</code></td><td><code>SSL_SERVER_I_DN_O</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_IOU</code></td><td><code>SSL_SERVER_I_DN_OU</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_IC</code></td><td><code>SSL_SERVER_I_DN_C</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SERVER_ISP</code></td><td><code>SSL_SERVER_I_DN_SP</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_SERVER_IL</code></td><td><code>SSL_SERVER_I_DN_L</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_CERTIFICATE</code></td><td><code>SSL_CLIENT_CERT</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_CERT_START</code></td><td><code>SSL_CLIENT_V_START</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_CERT_END</code></td><td><code>SSL_CLIENT_V_END</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_CERT_SERIAL</code></td><td><code>SSL_CLIENT_M_SERIAL</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_SIGNATURE_ALGORITHM</code></td><td><code>SSL_CLIENT_A_SIG</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_DN</code></td><td><code>SSL_CLIENT_S_DN</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_CN</code></td><td><code>SSL_CLIENT_S_DN_CN</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_EMAIL</code></td><td><code>SSL_CLIENT_S_DN_Email</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_O</code></td><td><code>SSL_CLIENT_S_DN_O</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_OU</code></td><td><code>SSL_CLIENT_S_DN_OU</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_C</code></td><td><code>SSL_CLIENT_S_DN_C</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_SP</code></td><td><code>SSL_CLIENT_S_DN_SP</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_L</code></td><td><code>SSL_CLIENT_S_DN_L</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_IDN</code></td><td><code>SSL_CLIENT_I_DN</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_ICN</code></td><td><code>SSL_CLIENT_I_DN_CN</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_IEMAIL</code></td><td><code>SSL_CLIENT_I_DN_Email</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_IO</code></td><td><code>SSL_CLIENT_I_DN_O</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_IOU</code></td><td><code>SSL_CLIENT_I_DN_OU</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_IC</code></td><td><code>SSL_CLIENT_I_DN_C</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_ISP</code></td><td><code>SSL_CLIENT_I_DN_SP</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_IL</code></td><td><code>SSL_CLIENT_I_DN_L</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_EXPORT</code></td><td><code>SSL_CIPHER_EXPORT</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_KEYSIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SECKEYSIZE</code></td><td><code>SSL_CIPHER_USEKEYSIZE</code></td><td>renamed</td></tr>
-<tr id="H"><td><code>SSL_SSLEAY_VERSION</code></td><td><code>SSL_VERSION_LIBRARY</code></td><td>renamed</td></tr>
-<tr id="D"><td><code>SSL_STRONG_CRYPTO</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="D"><td><code>SSL_SERVER_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="H"><td><code>SSL_SERVER_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="D"><td><code>SSL_SERVER_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="H"><td><code>SSL_SERVER_SESSIONDIR</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="D"><td><code>SSL_SERVER_CERTIFICATELOGDIR</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="H"><td><code>SSL_SERVER_CERTFILE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="D"><td><code>SSL_SERVER_KEYFILE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="H"><td><code>SSL_SERVER_KEYFILETYPE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
-</table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-<br>
-<h2><a name="ToC3">Custom Log Functions</a></h2>
-When mod_ssl is built into Apache or at least loaded (under DSO situation)
-additional functions exist for the <a
-href="../mod_log_config.html#formats">Custom Log Format</a> of <a
-href="../mod_log_config.html">mod_log_config</a> as documented in the Reference
-Chapter. Beside the ``<code>%{</code><em>varname</em><code>}x</code>''
-eXtension format function which can be used to expand any variables provided
-by any module, an additional Cryptography
-``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
-exists for backward compatibility. The currently implemented function calls
-are listed in <a href="#table3">Table 3</a>.
-<p>
-<div align="center">
-<a name="table3"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 3: Custom Log Cryptography Function</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
-<tr id="H">
- <td><strong>Function Call</strong></td>
- <td><strong>Description</strong></td>
-</tr>
-<tr id="D"><td><code>%...{version}c</code></td>   <td>SSL protocol version</td></tr>
-<tr id="H"><td><code>%...{cipher}c</code></td>    <td>SSL cipher</td></tr>
-<tr id="D"><td><code>%...{subjectdn}c</code></td> <td>Client Certificate Subject Distinguished Name</td></tr>
-<tr id="H"><td><code>%...{issuerdn}c</code></td>  <td>Client Certificate Issuer Distinguished Name</td></tr>
-<tr id="D"><td><code>%...{errcode}c</code></td>   <td>Certificate Verification Error (numerical)</td></tr>
-<tr id="H"><td><code>%...{errstr}c</code></td>    <td>Certificate Verification Error (string)</td></tr>
-</table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-      <p>
-      <br>
-      <table summary="">
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td><table width="598" summary="">
-        <tr>
-        <td align="left"><font face="Arial,Helvetica">
-        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
-        The Apache Interface to OpenSSL
-        </font>
-        </td>
-        <td align="right"><font face="Arial,Helvetica">
-        Copyright &copy; 1998-2001
-        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
-        All Rights Reserved<br>
-        </font>
-        </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      </table>
-  </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_logo.jpg b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_logo.jpg
deleted file mode 100644
index 3fcfeb4b237..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_logo.jpg
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_title.jpg b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_title.jpg
deleted file mode 100644
index 1c26232a10b..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_title.jpg
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.gfont000.gif
deleted file mode 100644
index 7fb5db91b00..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.gfont000.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html
deleted file mode 100644
index 8343c41d0c5..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html
+++ /dev/null
@@ -1,1643 +0,0 @@
-<html>
-<head>
-<title>mod_ssl: F.A.Q.</title>
-
-<!--
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above
-     copyright notice, this list of conditions and the following
-     disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above
-     copyright notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment: 
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The name "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission.  
-
-  5. Redistributions of any form whatsoever must retain the
-     following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:active {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:visited {
-    text-decoration: none;
-    color: #6666cc;
-}
-#sf {
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H1 {
-    font-weight: bold;
-    font-size: 24pt;
-    line-height: 24pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H2 {
-    font-weight: bold;
-    font-size: 18pt;
-    line-height: 18pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H3 {
-    font-weight: bold;
-    font-size: 14pt;
-    line-height: 14pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H4 {
-    font-weight: bold;
-    font-size: 12pt;
-    line-height: 12pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#H {
-}
-#D {
-    background-color: #f0f0f0;
-}
-#faq {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#howto {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#term {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_n.src');
-        self.status = '';
-    }
-}
-function ro_imgOver(imgName, descript) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_o.src');
-        self.status = descript;
-    }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_top_n = new Image();
-    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_top_o = new Image();
-    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_bot_n = new Image();
-    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_bot_o = new Image();
-    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_top_n = new Image();
-    ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_top_o = new Image();
-    ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_bot_n = new Image();
-    ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_bot_o = new Image();
-    ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-  <td>
-      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
-      <table width="600" cellspacing="0" cellpadding="0" summary="">
-      <tr>
-        <td>
-        <table width="600" summary="">
-        <tr>
-            <td align="left" valign="bottom">
-            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
-            </td>
-            <td align="right">
-              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-6.gif" alt="6" width="74" height="89">
-            </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_glossary.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Glossary</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td>
-          <br>
-          <img src="ssl_template.title-faq.gif" alt="F.A.Q." width="456" height="60">
-        </td>
-      </tr>
-      </table>
-<div align="right">
-<table cellspacing="0" cellpadding="0" width="200" summary="">
-<tr>
-<td>
-<em>
-``The wise man doesn't give the right answers,
-he poses the right questions.''
-</em>
-</td>
-</tr>
-<tr>
-<td align="right">
-<font size="-1">
-Claude Levi-Strauss
-</font>
-</td>
-</tr>
-</table>
-</div>
-<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_faq.gfont000.gif" alt="T" width="34" height="34" border="0" align="left">
-his chapter is a collection of frequently asked questions (FAQ) and
-corresponding answers following the popular USENET tradition. Most of these
-questions occured on the Newsgroup <a
-href="news:comp.infosystems.www.servers.unix">
-<code>comp.infosystems.www.servers.unix</code></a> or the mod_ssl Support
-Mailing List <a href="mailto:modssl-users@modssl.org">
-<code>modssl-users@modssl.org</code></a>. They are collected at this place
-to avoid answering the same questions over and over.
-<p>
-Please read this chapter at least once when installing mod_ssl or at least
-search for your problem here before submitting a problem report to the
-author.
-</td>
-<td>
-&nbsp;&nbsp;
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="350" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC1"><strong>About the module</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC2"><strong>What is the history of mod_ssl?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC3"><strong>Apache-SSL vs. mod_ssl: differences?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC4"><strong>mod_ssl vs. commercial alternatives?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC5"><strong>mod_ssl/Apache versions?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC6"><strong>mod_ssl and Year 2000?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC7"><strong>mod_ssl and Wassenaar Arrangement?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC8"><strong>About Installation</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC9"><strong>Core dumps for HTTPS requests?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC10"><strong>Core dumps for Apache+mod_ssl+PHP3?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC11"><strong>Undefined symbols on startup?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC12"><strong>Permission problem on SSLMutex</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC13"><strong>Shared memory and process size?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC14"><strong>Shared memory and pathname?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC15"><strong>PRNG and not enough entropy?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC16"><strong>About Configuration</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC17"><strong>HTTP and HTTPS with a single server?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC18"><strong>Where is the HTTPS port?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC19"><strong>How to test HTTPS manually?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC20"><strong>Why does my connection hang?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC21"><strong>Why do I get connection refused?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC22"><strong>Why are the SSL_XXX variables missing?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC23"><strong>How to switch with relative hyperlinks?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC24"><strong>About Certificates</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC25"><strong>What are Keys, CSRs and Certs?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC26"><strong>Difference on startup?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC27"><strong>How to create a dummy cert?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC28"><strong>How to create a real cert?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC29"><strong>How to create my own CA?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC30"><strong>How to change a pass phrase?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC31"><strong>How to remove a pass phrase?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC32"><strong>How to verify a key/cert pair?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC33"><strong>Bad Certificate Error?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC34"><strong>Why does a 2048-bit key not work?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC35"><strong>Why is client auth broken?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC36"><strong>How to convert from PEM to DER?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC37"><strong>Verisign and the magic getca program?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC38"><strong>Global IDs or SGC?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC39"><strong>Global IDs and Cert Chain?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC40"><strong>About SSL Protocol</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC41"><strong>Random SSL errors under heavy load?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC42"><strong>Why has the server a higher load?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC43"><strong>Why are connections horribly slow?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC44"><strong>Which ciphers are supported?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC45"><strong>How to use Anonymous-DH ciphers</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC46"><strong>Why do I get 'no shared ciphers'?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC47"><strong>HTTPS and name-based vhosts</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC48"><strong>The lock icon in Netscape locks very late</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC49"><strong>Why do I get I/O errors with MSIE clients?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC50"><strong>Why do I get I/O errors with NS clients?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC51"><strong>About Support</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC52"><strong>Resources in case of problems?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC53"><strong>Support in case of problems?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC54"><strong>How to write a problem report?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC55"><strong>I got a core dump, can you help me?</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC56"><strong>How to get a backtrace?</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
-<h2><a name="ToC1">About the module</a></h2>
-<ul>
-<p>
-<li><a name="ToC2"></a>
-    <a name="history"></a>
-    <strong id="faq">
-What is the history of mod_ssl?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#history"><b>L</b></a>]
-    <p>
-    The mod_ssl v1 package was initially created in April 1998 by <a
-    href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> via porting <a
-    href="mailto:ben@algroup.co.uk">Ben Laurie</a>'s <a
-    href="http://www.apache-ssl.org/">Apache-SSL</a> 1.17 source patches for
-    Apache 1.2.6 to Apache 1.3b6. Because of conflicts with Ben
-    Laurie's development cycle it then was re-assembled from scratch for
-    Apache 1.3.0 by merging the old mod_ssl 1.x with the newer Apache-SSL
-    1.18. From this point on mod_ssl lived its own life as mod_ssl v2. The
-    first publically released version was mod_ssl 2.0.0 from August 10th,
-    1998. As of this writing (August 1999) the current mod_ssl version is 2.4.0.
-    <p>
-    After one year of very active development with over 1000 working hours and
-    over 40 releases mod_ssl reached its current state. The result is an
-    already very clean source base implementing a very rich functionality.
-    The code size increased by a factor of 4 to currently a total of over
-    10.000 lines of ANSI C consisting of approx. 70% code and 30% code
-    documentation. From the original Apache-SSL code currently approx. 5% is
-    remaining only.
-<p>
-<li><a name="ToC3"></a>
-    <a name="apssl-diff"></a>
-    <strong id="faq">
-What are the functional differences between mod_ssl and Apache-SSL, from where
-it is originally derived?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>]
-    <p>
-    This neither can be answered in short (there were too many code changes)
-    nor can be answered at all by the author (there would immediately be flame
-    wars with no reasonable results at the end). But as you easily can guess
-    from the 5% of remaining Apache-SSL code, a lot of differences exists,
-    although user-visible backward compatibility exists for most things.
-    <p>
-    When you really want a detailed comparison you have to read the entries in
-    the large <code>CHANGES</code> file that is in the mod_ssl
-    distribution. Usually this is much too hard-core. So I recommend you to
-    either believe in the opinion and recommendations of other users (the
-    simplest approach) or do a comparison yourself (the most reasonable
-    approach). For the latter, grab distributions of mod_ssl (from <a
-    href="http://www.modssl.org/">http://www.modssl.org</a>) and Apache-SSL
-    (from <a href="http://www.apache-ssl.org/">http://www.apache-ssl.org</a>),
-    install both packages, read their documentation and try them out yourself.
-    Then choose the one which pleases you most.
-    <p>
-    A few final hints to help direct your comparison: quality of documentation
-    ("can you easily find answers and are they sufficient?"), quality of
-    source code ("is the source code reviewable so you can make sure there
-    aren't any trapdoors or inherent security risks because of bad programming
-    style?"), easy and clean installation ("can the SSL functionality easily
-    added to an Apache source tree without manual editing or patching?"),
-    clean integration into Apache ("is the SSL functionality encapsulated and
-    cleanly separated from the remaining Apache functionality?"), support for
-    Dynamic Shared Object (DSO) facility ("can the SSL functionality built as
-    a separate DSO for maximum flexibility?"), Win32 port ("is the SSL
-    functionality available also under the Win32 platform?"), amount and
-    quality of functionality ("is the provided SSL functionality and control
-    possibilities sufficient for your situation?"), quality of problem tracing
-    ("is it possible for you to easily trace down the problems via logfiles,
-    etc?"), etc. pp.
-<p>
-<li><a name="ToC4"></a>
-    <a name="apssl-diff"></a>
-    <strong id="faq">
-What are the major differences between mod_ssl and
-the commercial alternatives like Raven or Stronghold?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#apssl-diff"><b>L</b></a>]
-    <p>
-    In the past (until September 20th, 2000) the major difference was
-    the RSA license which one received (very cheaply in contrast to
-    a direct licensing from RSA DSI) with the commercial Apache SSL
-    products. On the other hand, one needed this license only in the US,
-    of course. So for non-US citizens this point was useless. But now
-    even for US citizens the situations changed because the RSA patent
-    expired on September 20th, 2000 and RSA DSI also placed the RSA
-    algorithm explicitly into the public domain.
-    <p>
-    Second, there is the point that one has guaranteed support from
-    the commercial vendors. On the other hand, if you monitored the
-    Open Source quality of mod_ssl and the support activities
-    found on <a href="mailto:modssl-users@modssl.org">
-    <code>modssl-users@modssl.org</code></a>, you could ask yourself
-    whether you are really convinced that you can get better support
-    from a commercial vendor.
-    <p>
-    Third, people often think they would receive perhaps at least a
-    better technical SSL solution than mod_ssl from the commercial
-    vendors. But this is not really true, because all commercial
-    alternatives (Raven 1.4.x, Stronghold 3.x, RedHat SWS 2.x, etc.)
-    <i>are</i> actually based on mod_ssl and OpenSSL. The reason for
-    this common misunderstanding is mainly because some vendors make no
-    attempt to make it reasonably clear that their product is actually
-    mod_ssl based. So, do not think, just because the commercial
-    alternatives are usually more expensive, that you are also receiving
-    an alternative <i>technical</i> SSL solution. This is usually not
-    the case. Actually the vendor versions of Apache, mod_ssl and OpenSSL
-    often stay behind the latest free versions and perhaps this way still do not
-    include important bug and security fixes. On the other hand,
-    it sometimes occurs that a vendor version includes useful changes
-    which are not available through the official freely available
-    packages. But most vendors play fair and contribute back those
-    changes to the free software world, of course.
-    <p>
-    So, in short: There are lots of commercial versions of the popular
-    Apache+mod_ssl+OpenSSL server combination available. Every user
-    should decide carefully whether they really need to buy a commercial
-    version or whether it would not be sufficient to directly use the
-    free and official versions of the Apache, mod_ssl and OpenSSL
-    packages.
-<p>
-<li><a name="ToC5"></a>
-    <a name="what-version"></a>
-    <strong id="faq">
-How do I know which mod_ssl version is for which Apache version?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-version"><b>L</b></a>]
-    <p>
-    That's trivial: mod_ssl uses version strings of the syntax
-    <em>&lt;mod_ssl-version&gt;</em>-<em>&lt;apache-version&gt;</em>, for
-    instance <code>2.4.0-1.3.9</code>. This directly indicates that it's
-    mod_ssl version 2.4.0 for Apache version 1.3.9. And this also means you
-    <em>only</em> can apply this mod_ssl version to exactly this Apache
-    version (unless you use the <code>--force</code> option to mod_ssl's
-    <code>configure</code> command ;-).
-<p>
-<li><a name="ToC6"></a>
-    <a name="y2k"></a>
-    <strong id="faq">
-Is mod_ssl Year 2000 compliant?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#y2k"><b>L</b></a>]
-    <p>
-    Yes, mod_ssl is Year 2000 compliant.
-    <p>
-    Because first mod_ssl internally never stores years as two digits.
-    Instead it always uses the ANSI C &amp; POSIX numerical data type
-    <code>time_t</code> type, which on almost all Unix platforms at the moment
-    is a <code>signed long</code> (usually 32-bits) representing seconds since
-    epoch of January 1st, 1970, 00:00 UTC. This signed value overflows in
-    early January 2038 and not in the year 2000. Second, date and time
-    presentations (for instance the variable ``<code>%{TIME_YEAR}</code>'')
-    are done with full year value instead of abbreviating to two digits.
-    <p>
-    Additionally according to a <a
-    href="../../misc/FAQ.html#year2000">Year 2000
-    statement</a> from the Apache Group, the Apache webserver is Year 2000
-    compliant, too. But whether OpenSSL or the underlying Operating System
-    (either a Unix or Win32 platform) is Year 2000 compliant is a different
-    question which cannot be answered here.
-<p>
-<li><a name="ToC7"></a>
-    <a name="wassenaar"></a>
-    <strong id="faq">
-What about mod_ssl and the Wassenaar Arrangement?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#wassenaar"><b>L</b></a>]
-    <p>
-    First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on
-    Export Controls for Conventional Arms and Dual-Use Goods and
-    Technologies</i> is: This is a international regime, established 1995, to
-    control trade in conventional arms and dual-use goods and technology. It
-    replaced the previous <i>CoCom</i> regime. 33 countries are signatories:
-    Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic,
-    Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan,
-    Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic
-    of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden,
-    Switzerland, Turkey, Ukraine, United Kingdom and United States. For more
-    details look at <a
-    href="http://www.wassenaar.org/">http://www.wassenaar.org/</a>.
-    <p>
-    In short: The aim of the Wassenaar Arrangement is to prevent the build up
-    of military capabilities that threaten regional and international security
-    and stability. The Wassenaar Arrangement controls the export of
-    cryptography as a dual-use good, i.e., one that has both military and
-    civilian applications. However, the Wassenaar Arrangement also provides an
-    exemption from export controls for mass-market software and free software.
-    <p>
-    In the current Wassenaar ``<i>List of Dual Use Goods and Technologies And
-    Munitions</i>'', under ``<i>GENERAL SOFTWARE NOTE</i>'' (GSN) it says
-    ``<i>The Lists do not control "software" which is either: 1. [...] 2. "in
-    the public domain".</i>'' And under ``<i>DEFINITIONS OF TERMS USED IN
-    THESE LISTS</i>'' one can find the definition: ``<i>"In the public
-    domain": This means "technology" or "software" which has been made
-    available without restrictions upon its further dissemination. N.B.
-    Copyright restrictions do not remove "technology" or "software" from being
-    "in the public domain".</i>''
-    <p>
-    So, both mod_ssl and OpenSSL are ``in the public domain'' for the purposes
-    of the Wassenaar Agreement and its ``<i>List of Dual Use Goods and
-    Technologies And Munitions List</i>''.
-    <p>
-    Additionally the Wassenaar Agreement itself has no direct consequence for
-    exporting cryptography software. What is actually allowed or forbidden to
-    be exported from the countries has still to be defined in the local laws
-    of each country. And at least according to official press releases from
-    the German BMWi (see <a
-    href="http://www.bmwi.de/presse/1998/1208prm2.html">here</a>) and the
-    Switzerland Bawi (see <a href="http://jya.com/wass-ch.htm">here</a>) there
-    will be no forthcoming export restriction for free cryptography software
-    for their countries. Remember that mod_ssl is created in Germany and
-    distributed from Switzerland.
-    <p>
-    So, mod_ssl and OpenSSL are not affected by the Wassenaar Agreement.
-</ul>
-<p>
-<br>
-<h2><a name="ToC8">About Installation</a></h2>
-<ul>
-<p>
-<li><a name="ToC9"></a>
-    <a name="core-dbm"></a>
-    <strong id="faq">
-When I access my website the first time via HTTPS I get a core dump?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dbm"><b>L</b></a>]
-    <p>
-    There can be a lot of reasons why a core dump can occur, of course.
-    Ranging from buggy third-party modules, over buggy vendor libraries up to
-    a buggy mod_ssl version. But the above situation is often caused by old or
-    broken vendor DBM libraries. To solve it either build mod_ssl with the
-    built-in SDBM library (specify <tt>--enable-rule=SSL_SDBM</tt> at the
-    APACI command line) or switch from ``<tt>SSLSessionCache dbm:</tt>'' to the
-    newer ``<tt>SSLSessionCache shm:</tt>'' variant (after you have rebuilt
-    Apache with MM, of course).
-<p>
-<li><a name="ToC10"></a>
-    <a name="core-php3"></a>
-    <strong id="faq">
-My Apache dumps core when I add both mod_ssl and PHP3?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-php3"><b>L</b></a>]
-    <p>
-    Make sure you add mod_ssl to the Apache source tree first and then do a
-    fresh configuration and installation of PHP3. For SSL support EAPI patches
-    are required which have to change internal Apache structures. PHP3 needs
-    to know about these in order to work correctly. Always make sure that
-    <tt>-DEAPI</tt> is contained in the compiler flags when PHP3 is build.
-<p>
-<li><a name="ToC11"></a>
-    <a name="dso-sym"></a>
-    <strong id="faq">
-When I startup Apache I get errors about undefined symbols like ap_global_ctx?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#dso-sym"><b>L</b></a>]
-    <p>
-    This actually means you installed mod_ssl as a DSO, but without rebuilding
-    Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an
-    extra patched Apache (containing the EAPI patches) and you have to build
-    this Apache with EAPI enabled (explicitly specify
-    <tt>--enable-rule=EAPI</tt> at the APACI command line).
-<p>
-<li><a name="ToC12"></a>
-    <a name="mutex-perm"></a>
-    <strong id="faq">
-When I startup Apache I get permission errors related to SSLMutex?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mutex-perm"><b>L</b></a>]
-    <p>
-    When you receive entries like ``<code>mod_ssl: Child could not open
-    SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows)
-    [...] System: Permission denied (errno: 13)</code>'' this is usually
-    caused by to restrictive permissions on the <i>parent</i> directories.
-    Make sure that all parent directories (here <code>/opt</code>,
-    <code>/opt/apache</code> and <code>/opt/apache/logs</code>) have the x-bit
-    set at least for the UID under which Apache's children are running (see
-    the <code>User</code> directive of Apache).
-<p>
-<li><a name="ToC13"></a>
-    <a name="mm"></a>
-    <strong id="faq">
-When I use the MM library and the shared memory cache each process grows
-1.5MB according to `top' although I specified 512000 as the cache size?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mm"><b>L</b></a>]
-    <p>
-    The additional 1MB are caused by the global shared memory pool EAPI
-    allocates for all modules and which is not used by mod_ssl for
-    various reasons. So the actually allocated shared memory is always
-    1MB more than what you specify on <code>SSLSessionCache</code>.
-    But don't be confused by the display of `top': although is
-    indicates that <i>each</i> process grow, this is not reality, of
-    course. Instead the additional memory consumption is shared by
-    all processes, i.e. the 1.5MB are allocated only once per Apache
-    instance and not once per Apache server process.
-<p>
-<li><a name="ToC14"></a>
-    <a name="mmpath"></a>
-    <strong id="faq">
-Apache creates files in a directory declared by the internal
-EAPI_MM_CORE_PATH define. Is there a way to override the path using a
-configuration directive?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#mmpath"><b>L</b></a>]
-    <p>
-    No, there is not configuration directive, because for technical
-    bootstrapping reasons, a directive not possible at all. Instead
-    use ``<code>CFLAGS='-DEAPI_MM_CORE_PATH="/path/to/wherever/"'
-    ./configure ...</code>'' when building Apache or use option
-    <b>-d</b> when starting <code>httpd</code>.
-<p>
-<li><a name="ToC15"></a>
-    <a name="entropy"></a>
-    <strong id="faq">
-When I fire up the server, mod_ssl stops with the error
-"Failed to generate temporary 512 bit RSA private key", why?
-And a "PRNG not seeded" error occurs if I try "make certificate".
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#entropy"><b>L</b></a>]
-    <p>
-    Cryptographic software needs a source of unpredictable data
-    to work correctly. Many open source operating systems provide
-    a "randomness device" that serves this purpose (usually named
-    <code>/dev/random</code>). On other systems, applications have to
-    seed the OpenSSL Pseudo Random Number Generator (PRNG) manually with
-    appropriate data before generating keys or performing public key
-    encryption. As of version 0.9.5, the OpenSSL functions that need
-    randomness report an error if the PRNG has not been seeded with
-    at least 128 bits of randomness. So mod_ssl has to provide enough
-    entropy to the PRNG to work correctly. For this one has to use the
-    <code>SSLRandomSeed</code> directives (to solve the run-time problem)
-    and create a <code>$HOME/.rnd</code> file to make sure enough
-    entropy is available also for the "<code>make certificate</code>"
-    step (in case the "<code>make certificate</code>" procedure is not
-    able to gather enough entropy theirself by searching for system
-    files).
-</ul>
-<p>
-<br>
-<h2><a name="ToC16">About Configuration</a></h2>
-<ul>
-<p>
-<li><a name="ToC17"></a>
-    <a name="https-parallel"></a>
-    <strong id="faq">
-Is it possible to provide HTTP and HTTPS with a single server?</strong>
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-parallel"><b>L</b></a>]
-    <p>
-    Yes, HTTP and HTTPS use different server ports, so there is no direct
-    conflict between them. Either run two separate server instances (one binds
-    to port 80, the other to port 443) or even use Apache's elegant virtual
-    hosting facility where you can easily create two virtual servers which
-    Apache dispatches: one responding to port 80 and speaking HTTP and one
-    responding to port 443 speaking HTTPS.
-<p>
-<li><a name="ToC18"></a>
-    <a name="https-port"></a>
-    <strong id="faq">
-I know that HTTP is on port 80, but where is HTTPS?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-port"><b>L</b></a>]
-    <p>
-    You can run HTTPS on any port, but the standards specify port 443, which
-    is where any HTTPS compliant browser will look by default. You can force
-    your browser to look on a different port by specifying it in the URL like
-    this (for port 666): <code>https://secure.server.dom:666/</code>
-<p>
-<li><a name="ToC19"></a>
-    <a name="https-test"></a>
-    <strong id="faq">
-How can I speak HTTPS manually for testing purposes?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#https-test"><b>L</b></a>]
-    <p>
-    While you usually just use
-    <p>
-    <code><b>$ telnet localhost 80</b></code><br>
-    <code><b>GET / HTTP/1.0</b></code>
-    <p>
-    for simple testing the HTTP protocol of Apache, it's not such easy for
-    HTTPS because of the SSL protocol between TCP and HTTP. But with the
-    help of OpenSSL's <code>s_client</code> command you can do a similar
-    check even for HTTPS:
-    <p>
-    <code><b>$ openssl s_client -connect localhost:443 -state -debug</b></code><br>
-    <code><b>GET / HTTP/1.0</b></code>
-    <p>
-    Before the actual HTTP response you receive detailed information about the
-    SSL handshake. For a more general command line client which directly
-    understands both the HTTP and HTTPS scheme, can perform GET and POST
-    methods, can use a proxy, supports byte ranges, etc. you should have a
-    look at nifty <a href="http://curl.haxx.nu/">cURL</a>
-    tool. With it you can directly check if your Apache is running fine on
-    Port 80 and 443 as following:
-    <p>
-    <code><b>$ curl http://localhost/</b></code><br>
-    <code><b>$ curl https://localhost/</b></code><br>
-<p>
-<li><a name="ToC20"></a>
-    <a name="hang"></a>
-    <strong id="faq">
-Why does the connection hang when I connect to my SSL-aware Apache server?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>]
-    <p>
-    Because you connected with HTTP to the HTTPS port, i.e. you used an URL of
-    the form ``<code>http://</code>'' instead of ``<code>https://</code>''.
-    This also happens the other way round when you connect via HTTPS to a HTTP
-    port, i.e. when you try to use ``<code>https://</code>'' on a server that
-    doesn't support SSL (on this port). Make sure you are connecting to a
-    virtual server that supports SSL, which is probably the IP associated with
-    your hostname, not localhost (127.0.0.1).
-<p>
-<li><a name="ToC21"></a>
-    <a name="hang"></a>
-    <strong id="faq">
-Why do I get ``Connection Refused'' messages when trying to access my freshly
-installed Apache+mod_ssl server via HTTPS?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hang"><b>L</b></a>]
-    <p>
-    There can be various reasons. Some of the common mistakes is that people
-    start Apache with just ``<tt>apachectl start</tt>'' (or
-    ``<tt>httpd</tt>'') instead of ``<tt>apachectl startssl</tt>'' (or
-    ``<tt>httpd -DSSL</tt>''. Or you're configuration is not correct. At
-    least make sure that your ``<tt>Listen</tt>'' directives match your
-    ``<tt>&lt;VirtualHost&gt;</tt>'' directives. And if all fails, please do
-    yourself a favor and start over with the default configuration mod_ssl
-    provides you.
-<p>
-<li><a name="ToC22"></a>
-    <a name="env-vars"></a>
-    <strong id="faq">
-In my CGI programs and SSI scripts the various documented
-<code>SSL_XXX</code> variables do not exists. Why?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#env-vars"><b>L</b></a>]
-    <p>
-    Just make sure you have ``<code>SSLOptions +StdEnvVars</code>''
-    enabled for the context of your CGI/SSI requests.
-<p>
-<li><a name="ToC23"></a>
-    <a name="relative-links"></a>
-    <strong id="faq">
-How can I use relative hyperlinks to switch between HTTP and HTTPS?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#relative-links"><b>L</b></a>]
-    <p>
-    Usually you have to use fully-qualified hyperlinks because
-    you have to change the URL scheme. But with the help of some URL
-    manipulations through mod_rewrite you can achieve the same effect while
-    you still can use relative URLs:
-    <pre>
-    RewriteEngine on
-    RewriteRule   ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
-    RewriteRule   ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1  [R,L]
-    </pre>
-    This rewrite ruleset lets you use hyperlinks of the form
-    <pre>
-    &lt;a href="document.html:SSL"&gt
-    </pre>
-</ul>
-<p>
-<br>
-<h2><a name="ToC24">About Certificates</a></h2>
-<ul>
-<p>
-<li><a name="ToC25"></a>
-    <a name="what-is"></a>
-    <strong id="faq">
-What are RSA Private Keys, CSRs and Certificates?</strong>
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#what-is"><b>L</b></a>]
-    <p>
-    The RSA private key file is a digital file that you can use to decrypt
-    messages sent to you. It has a public component which you distribute (via
-    your Certificate file) which allows people to encrypt those messages to
-    you. A Certificate Signing Request (CSR) is a digital file which contains
-    your public key and your name. You send the CSR to a Certifying Authority
-    (CA) to be converted into a real Certificate. A Certificate contains your
-    RSA public key, your name, the name of the CA, and is digitally signed by
-    your CA. Browsers that know the CA can verify the signature on that
-    Certificate, thereby obtaining your RSA public key. That enables them to
-    send messages which only you can decrypt.
-    See the <a href="ssl_intro.html">Introduction</a> chapter for a general
-    description of the SSL protocol.
-<p>
-<li><a name="ToC26"></a>
-    <a name="startup"></a>
-    <strong id="faq">
-Seems like there is a difference on startup between the original Apache and an SSL-aware Apache?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#startup"><b>L</b></a>]
-    <p>
-    Yes, in general, starting Apache with a built-in mod_ssl is just like
-    starting an unencumbered Apache, except for the fact that when you have a
-    pass phrase on your SSL private key file. Then a startup dialog pops up
-    asking you to enter the pass phrase.
-    <p>
-    To type in the pass phrase manually when starting the server can be
-    problematic, for instance when starting the server from the system boot
-    scripts. As an alternative to this situation you can follow the steps
-    below under ``How can I get rid of the pass-phrase dialog at Apache
-    startup time?''.
-<p>
-<li><a name="ToC27"></a>
-    <a name="cert-dummy"></a>
-    <strong id="faq">
-How can I create a dummy SSL server Certificate for testing purposes?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy"><b>L</b></a>]
-    <p>
-    A Certificate does not have to be signed by a public CA. You can use your
-    private key to sign the Certificate which contains your public key. You
-    can install this Certificate into your server, and people using Netscape
-    Navigator (not MSIE) will be able to connect after clicking OK to a
-    warning dialogue. You can get MSIE to work, and your customers can
-    eliminate the dialogue, by installing that Certificate manually into their
-    browsers.
-    <p>
-    Just use the ``<code>make certificate</code>'' command at the top-level
-    directory of the Apache source tree right before installing Apache via
-    ``<code>make install</code>''. This creates a self-signed SSL Certificate
-    which expires after 30 days and isn't encrypted (which means you don't
-    need to enter a pass-phrase at Apache startup time).
-    <p>
-    BUT REMEMBER: YOU REALLY HAVE TO CREATE A REAL CERTIFICATE FOR THE LONG
-    RUN! HOW THIS IS DONE IS DESCRIBED IN THE NEXT ANSWER.
-<p>
-<li><a name="ToC28"></a>
-    <a name="cert-real"></a>
-    <strong id="faq">
-Ok, I've got my server installed and want to create a real SSL
-server Certificate for it. How do I do it?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-real"><b>L</b></a>]
-    <p>
-    Here is a step-by-step description:
-    <p>
-    <ol>
-    <li>Make sure OpenSSL is really installed and in your <code>PATH</code>.
-        But some commands even work ok when you just run the
-        ``<code>openssl</code>'' program from within the OpenSSL source tree as
-        ``<code>./apps/openssl</code>''.
-    <p>
-    <li>Create a RSA private key for your Apache server
-       (will be Triple-DES encrypted and PEM formatted):
-       <p>
-       <code><strong>$ openssl genrsa -des3 -out server.key 1024</strong></code>
-       <p>
-       Please backup this <code>server.key</code> file and remember the
-       pass-phrase you had to enter at a secure location.
-       You can see the details of this RSA private key via the command:
-       <p>
-       <code><strong>$ openssl rsa -noout -text -in server.key</strong></code>
-       <p>
-       And you could create a decrypted PEM version (not recommended)
-       of this RSA private key via:
-       <p>
-       <code><strong>$ openssl rsa -in server.key -out server.key.unsecure</strong></code>
-    <p>
-    <li>Create a Certificate Signing Request (CSR) with the server RSA private
-       key (output will be PEM formatted):
-       <p>
-       <code><strong>$ openssl req -new -key server.key -out server.csr</strong></code>
-       <p>
-       Make sure you enter the FQDN ("Fully Qualified Domain Name") of the
-       server when OpenSSL prompts you for the "CommonName", i.e. when you
-       generate a CSR for a website which will be later accessed via
-       <code>https://www.foo.dom/</code>, enter "www.foo.dom" here.
-       You can see the details of this CSR via the command
-       <p>
-       <code><strong>$ openssl req -noout -text -in server.csr</strong></code>
-    <p>
-    <li>You now have to send this Certificate Signing Request (CSR) to
-       a Certifying Authority (CA) for signing. The result is then a real
-       Certificate which can be used for Apache. Here you have two options:
-       First you can let the CSR sign by a commercial CA like Verisign or
-       Thawte. Then you usually have to post the CSR into a web form, pay for
-       the signing and await the signed Certificate you then can store into a
-       server.crt file. For more information about commercial CAs have a look
-       at the following locations:
-       <p>
-       <ul>
-       <li>  Verisign<br>
-             <a href="http://digitalid.verisign.com/server/apacheNotice.htm">
-             http://digitalid.verisign.com/server/apacheNotice.htm
-             </a>
-       <li>  Thawte Consulting<br>
-             <a href="http://www.thawte.com/certs/server/request.html">
-             http://www.thawte.com/certs/server/request.html
-             </a>
-       <li>  CertiSign Certificadora Digital Ltda.<br>
-             <a href="http://www.certisign.com.br">
-             http://www.certisign.com.br
-             </a>
-       <li>  IKS GmbH<br>
-             <a href="http://www.iks-jena.de/produkte/ca/">
-             http://www.iks-jena.de/produkte/ca/
-             </a>
-       <li>  Uptime Commerce Ltd.<br>
-             <a href="http://www.uptimecommerce.com">
-             http://www.uptimecommerce.com
-             </a>
-       <li>  BelSign NV/SA<br>
-             <a href="http://www.belsign.be">
-             http://www.belsign.be
-             </a>
-       </ul>
-       <p>
-       Second you can use your own CA and now have to sign the CSR yourself by
-       this CA. Read the next answer in this FAQ on how to sign a CSR with
-       your CA yourself.
-       You can see the details of the received Certificate via the command:
-       <p>
-       <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code>
-    <p>
-    <li>Now you have two files: <code>server.key</code> and
-    <code>server.crt</code>. These now can be used as following inside your
-    Apache's <code>httpd.conf</code> file:
-       <pre>
-       SSLCertificateFile    /path/to/this/server.crt
-       SSLCertificateKeyFile /path/to/this/server.key
-       </pre>
-       The <code>server.csr</code> file is no longer needed.
-    </ol>
-<p>
-<li><a name="ToC29"></a>
-    <a name="cert-ownca"></a>
-    <strong id="faq">
-How can I create and use my own Certificate Authority (CA)?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cert-ownca"><b>L</b></a>]
-    <p>
-    The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code>
-    script provided by OpenSSL. The long and manual answer is this:
-    <p>
-    <ol>
-    <li>Create a RSA private key for your CA
-       (will be Triple-DES encrypted and PEM formatted):
-       <p>
-       <code><strong>$ openssl genrsa -des3 -out ca.key 1024</strong></code>
-       <p>
-       Please backup this <code>ca.key</code> file and remember the
-       pass-phrase you currently entered at a secure location.
-       You can see the details of this RSA private key via the command
-       <p>
-       <code><strong>$ openssl rsa -noout -text -in ca.key</strong></code>
-       <p>
-       And you can create a decrypted PEM version (not recommended) of this
-       private key via:
-       <p>
-       <code><strong>$ openssl rsa -in ca.key -out ca.key.unsecure</strong></code>
-    <p>
-    <li>Create a self-signed CA Certificate (X509 structure)
-       with the RSA key of the CA (output will be PEM formatted):
-       <p>
-       <code><strong>$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt</strong></code>
-       <p>
-       You can see the details of this Certificate via the command:
-       <p>
-       <code><strong>$ openssl x509 -noout -text -in ca.crt</strong></code>
-    <p>
-    <li>Prepare a script for signing which is needed because
-       the ``<code>openssl ca</code>'' command has some strange requirements
-       and the default OpenSSL config doesn't allow one easily to use
-       ``<code>openssl ca</code>'' directly. So a script named
-       <code>sign.sh</code> is distributed with the mod_ssl distribution
-       (subdir <code>pkg.contrib/</code>). Use this script for signing.
-    <p>
-    <li>Now you can use this CA to sign server CSR's in order to create real
-       SSL Certificates for use inside an Apache webserver (assuming
-       you already have a <code>server.csr</code> at hand):
-       <p>
-       <code><strong>$ ./sign.sh server.csr</strong></code>
-       <p>
-       This signs the server CSR and results in a <code>server.crt</code> file.
-    </ol>
-<p>
-<li><a name="ToC30"></a>
-    <a name="change-passphrase"></a>
-    <strong id="faq">
-How can I change the pass-phrase on my private key file?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#change-passphrase"><b>L</b></a>]
-    <p>
-    You simply have to read it with the old pass-phrase and write it again
-    by specifying the new pass-phrase. You can accomplish this with the following
-    commands:
-    <p>
-    <code><strong>$ openssl rsa -des3 -in server.key -out server.key.new</strong></code><br>
-    <code><strong>$ mv server.key.new server.key</strong></code><br>
-    <p>
-    Here you're asked two times for a PEM pass-phrase. At the first
-    prompt enter the old pass-phrase and at the second prompt
-    enter the new pass-phrase.
-<p>
-<li><a name="ToC31"></a>
-    <a name="remove-passphrase"></a>
-    <strong id="faq">
-How can I get rid of the pass-phrase dialog at Apache startup time?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#remove-passphrase"><b>L</b></a>]
-    <p>
-    The reason why this dialog pops up at startup and every re-start
-    is that the RSA private key inside your server.key file is stored in
-    encrypted format for security reasons. The pass-phrase is needed to be
-    able to read and parse this file. When you can be sure that your server is
-    secure enough you perform two steps:
-    <p>
-    <ol>
-    <li>Remove the encryption from the RSA private key (while
-       preserving the original file):
-       <p>
-       <code><strong>$ cp server.key server.key.org</strong></code><br>
-       <code><strong>$ openssl rsa -in server.key.org -out server.key</strong></code>
-    <p>
-    <li>Make sure the server.key file is now only readable by root:
-       <p>
-       <code><strong>$ chmod 400 server.key</strong></code>
-    </ol>
-    <p>
-    Now <code>server.key</code> will contain an unencrypted copy of the key.
-    If you point your server at this file it will not prompt you for a
-    pass-phrase. HOWEVER, if anyone gets this key they will be able to
-    impersonate you on the net. PLEASE make sure that the permissions on that
-    file are really such that only root or the web server user can read it
-    (preferably get your web server to start as root but run as another
-    server, and have the key readable only by root).
-    <p>
-    As an alternative approach you can use the ``<code>SSLPassPhraseDialog
-    exec:/path/to/program</code>'' facility. But keep in mind that this is
-    neither more nor less secure, of course.
-<p>
-<li><a name="ToC32"></a>
-    <a name="verify-key"></a>
-    <strong id="faq">
-How do I verify that a private key matches its Certificate?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verify-key"><b>L</b></a>]
-    <p>
-    The private key contains a series of numbers. Two of those numbers form
-    the "public key", the others are part of your "private key". The "public
-    key" bits are also embedded in your Certificate (we get them from your
-    CSR). To check that the public key in your cert matches the public
-    portion of your private key, you need to view the cert and the key and
-    compare the numbers. To view the Certificate and the key run the
-    commands:
-    <p>
-    <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br>
-    <code><strong>$ openssl rsa -noout -text -in server.key</strong></code>
-    <p>
-    The `modulus' and the `public exponent' portions in the key and the
-    Certificate must match. But since the public exponent is usually 65537
-    and it's bothering comparing long modulus you can use the following
-    approach:
-    <p>
-    <code><strong>$ openssl x509 -noout -modulus -in server.crt | openssl md5</strong></code><br>
-    <code><strong>$ openssl rsa -noout -modulus -in server.key | openssl md5</strong></code>
-    <p>
-    And then compare these really shorter numbers. With overwhelming
-    probability they will differ if the keys are different. BTW, if I want to
-    check to which key or certificate a particular CSR belongs you can compute
-    <p>
-    <code><strong>$ openssl req -noout -modulus -in server.csr | openssl md5</strong></code>
-<p>
-<li><a name="ToC33"></a>
-    <a name="keysize1"></a>
-    <strong id="faq">
-What does it mean when my connections fail with an "alert bad certificate"
-error?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize1"><b>L</b></a>]
-    <p>
-    Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL
-    routines:SSL3_READ_BYTES:sslv3 alert bad certificate</tt>'' in the SSL
-    logfile, this means that the browser was unable to handle the server
-    certificate/private-key which perhaps contain a RSA-key not equal to 1024
-    bits. For instance Netscape Navigator 3.x is one of those browsers.
-<p>
-<li><a name="ToC34"></a>
-    <a name="keysize2"></a>
-    <strong id="faq">
-Why does my 2048-bit private key not work?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#keysize2"><b>L</b></a>]
-    <p>
-    The private key sizes for SSL must be either 512 or 1024 for compatibility
-    with certain web browsers. A keysize of 1024 bits is recommended because
-    keys larger than 1024 bits are incompatible with some versions of Netscape
-    Navigator and Microsoft Internet Explorer, and with other browsers that
-    use RSA's BSAFE cryptography toolkit.
-<p>
-<li><a name="ToC35"></a>
-    <a name="hash-symlinks"></a>
-    <strong id="faq">
-Why is client authentication broken after upgrading from
-SSLeay version 0.8 to 0.9?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#hash-symlinks"><b>L</b></a>]
-    <p>
-    The CA certificates under the path you configured with
-    <code>SSLCACertificatePath</code> are found by SSLeay through hash
-    symlinks. These hash values are generated by the `<code>openssl x509 -noout
-    -hash</code>' command. But the algorithm used to calculate the hash for a
-    certificate has changed between SSLeay 0.8 and 0.9. So you have to remove
-    all old hash symlinks and re-create new ones after upgrading. Use the
-    <code>Makefile</code> mod_ssl placed into this directory.
-<p>
-<li><a name="ToC36"></a>
-    <a name="pem-to-der"></a>
-    <strong id="faq">
-How can I convert a certificate from PEM to DER format?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#pem-to-der"><b>L</b></a>]
-    <p>
-    The default certificate format for SSLeay/OpenSSL is PEM, which actually
-    is Base64 encoded DER with header and footer lines. For some applications
-    (e.g. Microsoft Internet Explorer) you need the certificate in plain DER
-    format. You can convert a PEM file <code>cert.pem</code> into the
-    corresponding DER file <code>cert.der</code> with the following command:
-    <code><strong>$ openssl x509 -in cert.pem -out cert.der -outform DER</strong></code>
-<p>
-<li><a name="ToC37"></a>
-    <a name="verisign-getca"></a>
-    <strong id="faq">
-I try to install a Verisign certificate. Why can't I find neither the
-<code>getca</code> nor <code>getverisign</code> programs Verisign mentions?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#verisign-getca"><b>L</b></a>]
-    <p>
-    This is because Verisign has never provided specific instructions
-    for Apache+mod_ssl. Rather they tell you what you should do
-    if you were using C2Net's Stronghold (a commercial Apache
-    based server with SSL support). The only thing you have to do
-    is to save the certificate into a file and give the name of
-    that file to the <code>SSLCertificateFile</code> directive.
-    Remember that you need to give the key file in as well (see
-    <code>SSLCertificateKeyFile</code> directive). For a better
-    CA-related overview on SSL certificate fiddling you can look at <a
-    href="http://www.thawte.com/certs/server/keygen/mod_ssl.html">
-    Thawte's mod_ssl instructions</a>.
-<p>
-<li><a name="ToC38"></a>
-    <a name="gid"></a>
-    <strong id="faq">
-Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global
-ID) also with mod_ssl?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>]
-    <p>
-    Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have
-    to configure anything special for this, just use a Global ID as your
-    server certificate. The <i>step up</i> of the clients are then
-    automatically handled by mod_ssl under run-time. For details please read
-    the <tt>README.GlobalID</tt> document in the mod_ssl distribution.
-<p>
-<li><a name="ToC39"></a>
-    <a name="gid"></a>
-    <strong id="faq">
-After I have installed my new Verisign Global ID server certificate, the
-browsers complain that they cannot verify the server certificate?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#gid"><b>L</b></a>]
-    <p>
-    That is because Verisign uses an intermediate CA certificate between
-    the root CA certificate (which is installed in the browsers) and
-    the server certificate (which you installed in the server). You
-    should have received this additional CA certificate from Verisign.
-    If not, complain to them. Then configure this certificate with the
-    <code>SSLCertificateChainFile</code> directive in the server. This
-    makes sure the intermediate CA certificate is send to the browser
-    and this way fills the gap in the certificate chain.
-</ul>
-<p>
-<br>
-<h2><a name="ToC40">About SSL Protocol</a></h2>
-<ul>
-<p>
-<li><a name="ToC41"></a>
-    <a name="random-errors"></a>
-    <strong id="faq">
-Why do I get lots of random SSL protocol errors under heavy server load?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random-errors"><b>L</b></a>]
-    <p>
-    There can be a number of reasons for this, but the main one
-    is problems with the SSL session Cache specified by the
-    <tt>SSLSessionCache</tt> directive. The DBM session cache is most
-    likely the source of the problem, so trying the SHM session cache or
-    no cache at all may help.
-<p>
-<li><a name="ToC42"></a>
-    <a name="load"></a>
-    <strong id="faq">
-Why has my webserver a higher load now that I run SSL there?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#load"><b>L</b></a>]
-    <p>
-    Because SSL uses strong cryptographic encryption and this needs a lot of
-    number crunching. And because when you request a webpage via HTTPS even
-    the images are transferred encrypted. So, when you have a lot of HTTPS
-    traffic the load increases.
-<p>
-<li><a name="ToC43"></a>
-    <a name="random"></a>
-    <strong id="faq">
-Often HTTPS connections to my server require up to 30 seconds for establishing
-the connection, although sometimes it works faster?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#random"><b>L</b></a>]
-    <p>
-    Usually this is caused by using a <code>/dev/random</code> device for
-    <code>SSLRandomSeed</code> which is blocking in read(2) calls if not
-    enough entropy is available. Read more about this problem in the refernce
-    chapter under <code>SSLRandomSeed</code>.
-<p>
-<li><a name="ToC44"></a>
-    <a name="ciphers"></a>
-    <strong id="faq">
-What SSL Ciphers are supported by mod_ssl?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#ciphers"><b>L</b></a>]
-    <p>
-    Usually just all SSL ciphers which are supported by the
-    version of OpenSSL in use (can depend on the way you built
-    OpenSSL). Typically this at least includes the following:
-    <p>
-    <ul>
-    <li>RC4 with MD5
-    <li>RC4 with MD5 (export version restricted to 40-bit key)
-    <li>RC2 with MD5
-    <li>RC2 with MD5 (export version restricted to 40-bit key)
-    <li>IDEA with MD5
-    <li>DES with MD5
-    <li>Triple-DES with MD5
-    </ul>
-    <p>
-    To determine the actual list of supported ciphers you can
-    run the following command:
-    <p>
-    <code><strong>$ openssl ciphers -v</strong></code><br>
-<p>
-<li><a name="ToC45"></a>
-    <a name="cipher-adh"></a>
-    <strong id="faq">
-I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no
-shared cipher'' errors?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-adh"><b>L</b></a>]
-    <p>
-    In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough
-    to just put ``<code>ADH</code>'' into your <code>SSLCipherSuite</code>.
-    Additionally you have to build OpenSSL with
-    ``<code>-DSSL_ALLOW_ADH</code>''. Because per default OpenSSL does not
-    allow ADH ciphers for security reasons. So if you are actually enabling
-    these ciphers make sure you are informed about the side-effects.
-<p>
-<li><a name="ToC46"></a>
-    <a name="cipher-shared"></a>
-    <strong id="faq">
-I always just get a 'no shared ciphers' error if
-I try to connect to my freshly installed server?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#cipher-shared"><b>L</b></a>]
-    <p>
-    Either you have messed up your <code>SSLCipherSuite</code>
-    directive (compare it with the pre-configured example in
-    <code>httpd.conf</code>) or you have choosen the DSA/DH
-    algorithms instead of RSA under "<code>make certificate</code>"
-    and ignored or overseen the warnings. Because if you have choosen
-    DSA/DH, then your server no longer speaks RSA-based SSL ciphers
-    (at least not until you also configure an additional RSA-based
-    certificate/key pair). But current browsers like NS or IE only speak
-    RSA ciphers. The result is the "no shared ciphers" error. To fix
-    this, regenerate your server certificate/key pair and this time
-    choose the RSA algorithm.
-<p>
-<li><a name="ToC47"></a>
-    <a name="vhosts"></a>
-    <strong id="faq">
-Why can't I use SSL with name-based/non-IP-based virtual hosts?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts"><b>L</b></a>]
-    <p>
-    The reason is very technical. Actually it's some sort of a chicken and
-    egg problem: The SSL protocol layer stays below the HTTP protocol layer
-    and encapsulates HTTP. When an SSL connection (HTTPS) is established
-    Apache/mod_ssl has to negotiate the SSL protocol parameters with the
-    client. For this mod_ssl has to consult the configuration of the virtual
-    server (for instance it has to look for the cipher suite, the server
-    certificate, etc.). But in order to dispatch to the correct virtual server
-    Apache has to know the <code>Host</code> HTTP header field. For this the
-    HTTP request header has to be read. This cannot be done before the SSL
-    handshake is finished. But the information is already needed at the SSL
-    handshake phase. Bingo!
-<p>
-<li><a name="ToC48"></a>
-    <a name="lock-icon"></a>
-    <strong id="faq">
-When I use Basic Authentication over HTTPS the lock icon in Netscape browsers
-still show the unlocked state when the dialog pops up. Does this mean the
-username/password is still transmitted unencrypted?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#lock-icon"><b>L</b></a>]
-    <p>
-    No, the username/password is already transmitted encrypted. The icon in
-    Netscape browsers is just not really synchronized with the SSL/TLS layer
-    (it toggles to the locked state when the first part of the actual webpage
-    data is transferred which is not quite correct) and this way confuses
-    people. The Basic Authentication facility is part of the HTTP layer and
-    this layer is above the SSL/TLS layer in HTTPS. And before any HTTP data
-    communication takes place in HTTPS the SSL/TLS layer has already done the
-    handshake phase and switched to encrypted communication. So, don't get
-    confused by this icon.
-<p>
-<li><a name="ToC49"></a>
-    <a name="io-ie"></a>
-    <strong id="faq">
-When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet
-Explorer (MSIE) I get various I/O errors. What is the reason?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie"><b>L</b></a>]
-    <p>
-    The first reason is that the SSL implementation in some MSIE versions has
-    some subtle bugs related to the HTTP keep-alive facility and the SSL close
-    notify alerts on socket connection close. Additionally the interaction
-    between SSL and HTTP/1.1 features are problematic with some MSIE versions,
-    too. You've to work-around these problems by forcing
-    Apache+mod_ssl+OpenSSL to not use HTTP/1.1, keep-alive connections or
-    sending the SSL close notify messages to MSIE clients. This can be done by
-    using the following directive in your SSL-aware virtual host section:
-    <pre>
-    SetEnvIf User-Agent ".*MSIE.*" \
-             <b>nokeepalive ssl-unclean-shutdown \
-             downgrade-1.0 force-response-1.0</b></pre>
-    Additionally it is known some MSIE versions have also problems
-    with particular ciphers. Unfortunately one cannot workaround these
-    bugs only for those MSIE particular clients, because the ciphers
-    are already used in the SSL handshake phase. So a MSIE-specific
-    <tt>SetEnvIf</tt> doesn't work to solve these problems. Instead one
-    has to do more drastic adjustments to the global parameters. But
-    before you decide to do this, make sure your clients really have
-    problems. If not, do not do this, because it affects all(!) your
-    clients, i.e., also your non-MSIE clients.
-    <p>
-    The next problem is that 56bit export versions of MSIE 5.x browsers have a
-    broken SSLv3 implementation which badly interacts with OpenSSL versions
-    greater than 0.9.4. You can either accept this and force your clients to
-    upgrade their browsers, or you downgrade to OpenSSL 0.9.4 (hmmm), or you
-    can decide to workaround it by accepting the drawback that your workaround
-    will horribly affect also other browsers:
-    <pre>
-    SSLProtocol all <b>-SSLv3</b></pre>
-    This completely disables the SSLv3 protocol and lets those browsers work.
-    But usually this is an even less acceptable workaround. A more reasonable
-    workaround is to address the problem more closely and disable only the
-    ciphers which cause trouble.
-    <pre>
-    SSLCipherSuite ALL:!ADH:<b>!EXPORT56</b>:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</pre>
-    This also lets the broken MSIE versions work, but only removes the
-    newer 56bit TLS ciphers.
-    <p>
-    Another problem with MSIE 5.x clients is that they refuse to connect to
-    URLs of the form <tt>https://12.34.56.78/</tt> (IP-addresses are used
-    instead of the hostname), if the server is using the Server Gated
-    Cryptography (SGC) facility. This can only be avoided by using the fully
-    qualified domain name (FQDN) of the website in hyperlinks instead, because
-    MSIE 5.x has an error in the way it handles the SGC negotiation.
-    <p>
-    And finally there are versions of MSIE which seem to require that
-    an SSL session can be reused (a totally non standard-conforming
-    behaviour, of course). Connection with those MSIE versions only work
-    if a SSL session cache is used. So, as a work-around, make sure you
-    are using a session cache (see <tt>SSLSessionCache</tt> directive).
-<p>
-<li><a name="ToC50"></a>
-    <a name="io-ns"></a>
-    <strong id="faq">
-When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I
-get I/O errors and the message "Netscape has encountered bad data from the
-server" What's the reason?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#io-ns"><b>L</b></a>]
-    <p>
-    The problem usually is that you had created a new server certificate with
-    the same DN, but you had told your browser to accept forever the old
-    server certificate. Once you clear the entry in your browser for the old
-    certificate, everything usually will work fine. Netscape's SSL
-    implementation is correct, so when you encounter I/O errors with Netscape
-    Navigator it is most of the time caused by the configured certificates.
-</ul>
-<p>
-<br>
-<h2><a name="ToC51">About Support</a></h2>
-<ul>
-<p>
-<li><a name="ToC52"></a>
-    <a name="resources"></a>
-    <strong id="faq">
-What information resources are available in case of mod_ssl problems?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#resources"><b>L</b></a>]
-    <p>
-The following information resources are available.
-In case of problems you should search here first.
-<p>
-<ol>
-<li><em>Answers in the User Manual's F.A.Q. List (this)</em><br>
-    <a href="http://www.modssl.org/docs/2.8/ssl_faq.html">
-    http://www.modssl.org/docs/2.8/ssl_faq.html</a><br>
-    First look inside the F.A.Q. (this text), perhaps your problem is such
-    popular that it was already answered a lot of times in the past.
-<p>
-<li><em>Postings from the modssl-users Support Mailing List</em>
-    <a href="http://www.modssl.org/support/">
-    http://www.modssl.org/support/</a><br>
-    Second search for your problem in one of the existing archives of the
-    modssl-users mailing list. Perhaps your problem popped up at least once for
-    another user, too.
-<p>
-<li><em>Problem Reports in the Bug Database</em>
-    <a href="http://www.modssl.org/support/bugdb/">
-    http://www.modssl.org/support/bugdb/</a><br>
-    Third look inside the mod_ssl Bug Database. Perhaps
-    someone else already has reported the problem.
-</ol>
-<p>
-<li><a name="ToC53"></a>
-    <a name="contact"></a>
-    <strong id="faq">
-What support contacts are available in case of mod_ssl problems?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#contact"><b>L</b></a>]
-    <p>
-The following lists all support possibilities for mod_ssl, in order of
-preference, i.e. start in this order and do not pick the support possibility
-you just like most, please.
-<p>
-<ol>
-<li><em>Write a Problem Report into the Bug Database</em><br>
-    <a href="http://www.modssl.org/support/bugdb/">
-    http://www.modssl.org/support/bugdb/</a><br>
-    This is the preferred way of submitting your problem report, because this
-    way it gets filed into the bug database (it cannot be lost) <em>and</em>
-    send to the modssl-users mailing list (others see the current problems and
-    learn from answers).
-<p>
-<li><em>Write a Problem Report to the modssl-users Support Mailing List</em><br>
-    <a href="mailto:modssl-users@modssl.org">
-    modssl-users&nbsp;@&nbsp;modssl.org</a><br>
-    This is the second way of submitting your problem report. You have to
-    subscribe to the list first, but then you can easily discuss your problem
-    with both the author and the whole mod_ssl user community.
-<p>
-<li><em>Write a Problem Report to the author</em><br>
-    <a href="mailto:rse@engelschall.com">
-    rse&nbsp;@&nbsp;engelschall.com</a><br>
-    This is the last way of submitting your problem report. Please avoid this
-    in your own interest because the author is really a very busy men. Your
-    mail will always be filed to one of his various mail-folders and is
-    usually not processed as fast as a posting on modssl-users.
-</ol>
-<p>
-<li><a name="ToC54"></a>
-    <a name="report-details"></a>
-    <strong id="faq">
-What information and details I've to provide to
-the author when writing a bug report?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-details"><b>L</b></a>]
-    <p>
-You have to at least always provide the following information:
-<p>
-<ul>
-<li><em>Apache, mod_ssl and OpenSSL version information</em><br>
-    The mod_ssl version you should really know. For instance, it's the version
-    number in the distribution tarball. The Apache version can be determined
-    by running ``<code>httpd -v</code>''. The OpenSSL version can be
-    determined by running ``<code>openssl version</code>''. Alternatively when
-    you have Lynx installed you can run the command ``<code>lynx -mime_header
-    http://localhost/ | grep Server</code>'' to determine all information in a
-    single step.
-<p>
-<li><em>The details on how you built and installed Apache+mod_ssl+OpenSSL</em><br>
-    For this you can provide a logfile of your terminal session which shows
-    the configuration and install steps. Alternatively you can at least
-    provide the author with the APACI `<code>configure</code>'' command line
-    you used (assuming you used APACI, of course).
-<p>
-<li><em>In case of core dumps please include a Backtrace</em><br>
-    In case your Apache+mod_ssl+OpenSSL should really dumped core please attach
-    a stack-frame ``backtrace'' (see the next question on how to get it).
-    Without this information the reason for your core dump cannot be found.
-    So you have to provide the backtrace, please.
-<p>
-<li><em>A detailed description of your problem</em><br>
-    Don't laugh, I'm totally serious. I already got a lot of problem reports
-    where the people not really said what's the actual problem is. So, in your
-    own interest (you want the problem be solved, don't you?) include as much
-    details as possible, please. But start with the essentials first, of
-    course.
-</ul>
-<p>
-<li><a name="ToC55"></a>
-    <a name="core-dumped"></a>
-    <strong id="faq">
-I got a core dump, can you help me?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#core-dumped"><b>L</b></a>]
-    <p>
-    In general no, at least not unless you provide more details about the code
-    location where Apache dumped core. What is usually always required in
-    order to help you is a backtrace (see next question). Without this
-    information it is mostly impossible to find the problem and help you in
-    fixing it.
-<p>
-<li><a name="ToC56"></a>
-    <a name="report-backtrace"></a>
-    <strong id="faq">
-Ok, I got a core dump but how do I get a backtrace to find out the reason for it?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_faq.html#report-backtrace"><b>L</b></a>]
-    <p>
-Follow the following steps:
-<p>
-<ol>
-<li>Make sure you have debugging symbols available in at least
-    Apache and mod_ssl. On platforms where you use GCC/GDB you have to build
-    Apache+mod_ssl with ``<code>OPTIM="-g -ggdb3"</code>'' to achieve this. On
-    other platforms at least ``<code>OPTIM="-g"</code>'' is needed.
-<p>
-<li>Startup the server and try to produce the core-dump. For this you perhaps
-    want to use a directive like ``<code>CoreDumpDirectory /tmp</code>'' to
-    make sure that the core-dump file can be written. You then should get a
-    <code>/tmp/core</code> or <code>/tmp/httpd.core</code> file. When you
-    don't get this, try to run your server under an UID != 0 (root), because
-    most "current" kernels do not allow a process to dump core after it has
-    done a <code>setuid()</code> (unless it does an <code>exec()</code>) for
-    security reasons (there can be privileged information left over in
-    memory). Additionally you can run ``<code>/path/to/httpd -X</code>''
-    manually to force Apache to not fork.
-<p>
-<li>Analyze the core-dump. For this run ``<code>gdb /path/to/httpd
-    /tmp/httpd.core</code>'' or a similar command has to run. In GDB you then
-    just have to enter the ``<code>bt</code>'' command and, voila, you get the
-    backtrace. For other debuggers consult your local debugger manual. Send
-    this backtrace to the author.
-</ol>
-</ul>
-      <p>
-      <br>
-      <table summary="">
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_glossary.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Glossary</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td><table width="598" summary="">
-        <tr>
-        <td align="left"><font face="Arial,Helvetica">
-        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
-        The Apache Interface to OpenSSL
-        </font>
-        </td>
-        <td align="right"><font face="Arial,Helvetica">
-        Copyright &copy; 1998-2001
-        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
-        All Rights Reserved<br>
-        </font>
-        </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      </table>
-  </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html
deleted file mode 100644
index 6c50706867f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html
+++ /dev/null
@@ -1,413 +0,0 @@
-<html>
-<head>
-<title>mod_ssl: Glossary</title>
-
-<!--
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above
-     copyright notice, this list of conditions and the following
-     disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above
-     copyright notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment: 
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The name "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission.  
-
-  5. Redistributions of any form whatsoever must retain the
-     following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:active {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:visited {
-    text-decoration: none;
-    color: #6666cc;
-}
-#sf {
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H1 {
-    font-weight: bold;
-    font-size: 24pt;
-    line-height: 24pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H2 {
-    font-weight: bold;
-    font-size: 18pt;
-    line-height: 18pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H3 {
-    font-weight: bold;
-    font-size: 14pt;
-    line-height: 14pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H4 {
-    font-weight: bold;
-    font-size: 12pt;
-    line-height: 12pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#H {
-}
-#D {
-    background-color: #f0f0f0;
-}
-#faq {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#howto {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#term {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_n.src');
-        self.status = '';
-    }
-}
-function ro_imgOver(imgName, descript) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_o.src');
-        self.status = descript;
-    }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_top_n = new Image();
-    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_top_o = new Image();
-    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_bot_n = new Image();
-    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_bot_o = new Image();
-    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-  <td>
-      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
-      <table width="600" cellspacing="0" cellpadding="0" summary="">
-      <tr>
-        <td>
-        <table width="600" summary="">
-        <tr>
-            <td align="left" valign="bottom">
-            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
-            </td>
-            <td align="right">
-              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-7.gif" alt="7" width="74" height="89">
-            </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
-            </td>
-            <td valign="top" align="right" width="250">
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td>
-          <br>
-          <img src="ssl_template.title-gloss.gif" alt="Glossary" width="456" height="60">
-        </td>
-      </tr>
-      </table>
-<div align="right">
-<table cellspacing="0" cellpadding="0" width="300" summary="">
-<tr>
-<td>
-<em>
-``I know you believe you understand what you think I said, but I am not sure you
-realize that what you heard is not what I meant.''
-</em>
-</td>
-</tr>
-<tr>
-<td align="right">
-<font size="-1">
-Richard Nixon
-</font>
-</td>
-</tr>
-</table>
-</div>
-<dl>
-<dt><div id="term">Authentication</div>
-<dd>The positive identification of a network entity such as a server, a
-    client, or a user. In SSL context the server and client
-    <em>Certificate</em> verification process.
-<p>
-<dt><div id="term">Access Control</div>
-<dd>The restriction of access to network realms. In Apache context
-    usually the restriction of access to certain <em>URLs</em>.
-<p>
-<dt><div id="term">Algorithm</div>
-<dd>An unambiguous formula or set of rules for solving a problem in a finite
-    number of steps. Algorithms for encryption are usually called <em>Ciphers</em>.
-<p>
-<dt><div id="term">Certificate</div>
-<dd>A data record used for authenticating network entities such
-    as a server or a client. A certificate contains X.509 information pieces
-    about its owner (called the subject) and the signing <em>Certificate
-    Authority</em> (called the issuer), plus the owner's public key and the
-    signature made by the CA. Network entities verify these signatures using
-    CA certificates.
-<p>
-<dt><div id="term">Certification Authority (CA)</div>
-<dd>A trusted third party whose purpose is to sign certificates for network
-    entities it has authenticated using secure means. Other network entities
-    can check the signature to verify that a CA has authenticated the bearer
-    of a certificate.
-<p>
-<dt><div id="term">Certificate Signing Request (CSR)</div>
-<dd>An unsigned certificate for submission to a <em>Certification Authority</em>,
-    which signs it with the <em>Private Key</em> of their CA <em>Certificate</em>. Once
-    the CSR is signed, it becomes a real certificate.
-<p>
-<dt><div id="term">Cipher</div>
-<dd>An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc.
-<p>
-<dt><div id="term">Ciphertext</div>
-<dd>The result after a <em>Plaintext</em> passed a <em>Cipher</em>.
-<p>
-<dt><div id="term">Configuration Directive</div>
-<dd>A configuration command that controls one or more aspects of a program's
-    behavior. In Apache context these are all the command names in the first
-    column of the configuration files.
-<p>
-<dt><div id="term">CONNECT</div>
-<dd>A HTTP command for proxying raw data channels over HTTP. It can be used to
-    encapsulate other protocols, such as the SSL protocol.
-<p>
-<dt><div id="term">Digital Signature</div>
-<dd>An encrypted text block that validates a certificate or other file. A
-    <em>Certification Authority</em> creates a signature by generating a
-    hash of the <em>Public Key</em> embedded in a <em>Certificate</em>, then
-    encrypting the hash with its own <em>Private Key</em>. Only the CA's
-    public key can decrypt the signature, verifying that the CA has
-    authenticated the network entity that owns the <em>Certificate</em>.
-<p>
-<dt><div id="term">Export-Crippled</div>
-<dd>Diminished in cryptographic strength (and security) in order to comply
-    with the United States' Export Administration Regulations (EAR).
-    Export-crippled cryptographic software is limited to a small key size,
-    resulting in <em>Ciphertext</em> which usually can be decrypted by brute
-    force.
-<p>
-<dt><div id="term">Fully-Qualified Domain-Name (FQDN)</div>
-<dd>The unique name of a network entity, consisting of a hostname and a domain
-    name that can resolve to an IP address. For example, <code>www</code> is a
-    hostname, <code>whatever.com</code> is a domain name, and
-    <code>www.whatever.com</code> is a fully-qualified domain name.
-<p>
-<dt><div id="term">HyperText Transfer Protocol (HTTP)</div>
-<dd>The HyperText Transport Protocol is the standard transmission protocol used
-    on the World Wide Web.
-<p>
-<dt><div id="term">HTTPS</div>
-<dd>The HyperText Transport Protocol (Secure), the standard encrypted
-    communication mechanism on the World Wide Web. This is actually just HTTP
-    over SSL.
-<p>
-<dt><div id="term">Message Digest</div>
-<dd>A hash of a message, which can be used to verify that the contents of
-    the message have not been altered in transit.
-<p>
-<dt><div id="term">OpenSSL</div>
-<dd>The Open Source toolkit for SSL/TLS;
-    see <a href="http://www.openssl.org/">http://www.openssl.org/</a>
-<p>
-<dt><div id="term">Pass Phrase</div>
-<dd>The word or phrase that protects private key files.
-    It prevents unauthorized users from encrypting them. Usually it's just
-    the secret encryption/decryption key used for <em>Ciphers</em>.
-<p>
-<dt><div id="term">Plaintext</div>
-<dd>The unencrypted text.
-<p>
-<dt><div id="term">Private Key</div>
-<dd>The secret key in a <em>Public Key Cryptography</em> system, used to
-    decrypt incoming messages and sign outgoing ones.
-<p>
-<dt><div id="term">Public Key</div>
-<dd>The publically available key in a <em>Public Key Cryptography</em> system, used to
-    encrypt messages bound for its owner and to decrypt signatures made by its
-    owner.
-<p>
-<dt><div id="term">Public Key Cryptography</div>
-<dd>The study and application of asymmetric encryption systems, which use one
-    key for encryption and another for decryption. A corresponding pair of
-    such keys constitutes a key pair. Also called Asymmetric Crypography.
-<p>
-<dt><div id="term">Secure Sockets Layer (SSL)</div>
-<dd>A protocol created by Netscape Communications Corporation for
-    general communication authentication and encryption over TCP/IP networks.
-    The most popular usage is <em>HTTPS</em>, i.e. the HyperText Transfer
-    Protocol (HTTP) over SSL.
-<p>
-<dt><div id="term">Session</div>
-<dd>The context information of an SSL communication.
-<p>
-<dt><div id="term">SSLeay</div>
-<dd>The original SSL/TLS implementation library developed by
-    Eric A. Young &lt;eay@aus.rsa.com&gt;;
-    see <a href="http://www.ssleay.org/">http://www.ssleay.org/</a>
-<p>
-<dt><div id="term">Symmetric Cryptography</div>
-<dd>The study and application of <em>Ciphers</em> that use a single secret key
-    for both encryption and decryption operations.
-<p>
-<dt><div id="term">Transport Layer Security (TLS)</div>
-<dd>The successor protocol to SSL, created by the Internet Engineering Task
-    Force (IETF) for general communication authentication and encryption over
-    TCP/IP networks. TLS version 1 and is nearly identical with SSL version 3.
-<p>
-<dt><div id="term">Uniform Resource Locator (URL)</div>
-<dd>The formal identifier to locate various resources on the World Wide Web.
-    The most popular URL scheme is <code>http</code>. SSL uses the
-    scheme <code>https</code>
-<p>
-<dt><div id="term">X.509</div>
-<dd>An authentication certificate scheme recommended by the International
-    Telecommunication Union (ITU-T) which is used for SSL/TLS authentication.
-</dl>
-      <p>
-      <br>
-      <table summary="">
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
-            </td>
-            <td valign="top" align="right" width="250">
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td><table width="598" summary="">
-        <tr>
-        <td align="left"><font face="Arial,Helvetica">
-        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
-        The Apache Interface to OpenSSL
-        </font>
-        </td>
-        <td align="right"><font face="Arial,Helvetica">
-        Copyright &copy; 1998-2001
-        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
-        All Rights Reserved<br>
-        </font>
-        </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      </table>
-  </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.gfont000.gif
deleted file mode 100644
index 3131a672bf9..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.gfont000.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html
deleted file mode 100644
index 01ff7a99ac1..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html
+++ /dev/null
@@ -1,929 +0,0 @@
-<html>
-<head>
-<title>mod_ssl: HowTo</title>
-
-<!--
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above
-     copyright notice, this list of conditions and the following
-     disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above
-     copyright notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment: 
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The name "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission.  
-
-  5. Redistributions of any form whatsoever must retain the
-     following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:active {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:visited {
-    text-decoration: none;
-    color: #6666cc;
-}
-#sf {
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H1 {
-    font-weight: bold;
-    font-size: 24pt;
-    line-height: 24pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H2 {
-    font-weight: bold;
-    font-size: 18pt;
-    line-height: 18pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H3 {
-    font-weight: bold;
-    font-size: 14pt;
-    line-height: 14pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H4 {
-    font-weight: bold;
-    font-size: 12pt;
-    line-height: 12pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#H {
-}
-#D {
-    background-color: #f0f0f0;
-}
-#faq {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#howto {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#term {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_n.src');
-        self.status = '';
-    }
-}
-function ro_imgOver(imgName, descript) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_o.src');
-        self.status = descript;
-    }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_top_n = new Image();
-    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_top_o = new Image();
-    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_bot_n = new Image();
-    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_bot_o = new Image();
-    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_top_n = new Image();
-    ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_top_o = new Image();
-    ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_bot_n = new Image();
-    ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_bot_o = new Image();
-    ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-  <td>
-      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
-      <table width="600" cellspacing="0" cellpadding="0" summary="">
-      <tr>
-        <td>
-        <table width="600" summary="">
-        <tr>
-            <td align="left" valign="bottom">
-            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
-            </td>
-            <td align="right">
-              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-5.gif" alt="5" width="74" height="89">
-            </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td>
-          <br>
-          <img src="ssl_template.title-howto.gif" alt="HowTo" width="456" height="60">
-        </td>
-      </tr>
-      </table>
-<div align="right">
-<table cellspacing="0" cellpadding="0" width="200" summary="">
-<tr>
-<td>
-<em>
-``The solution of this problem is trivial
-  and is left as an exercise for the reader.''
-</em>
-</td>
-</tr>
-<tr>
-<td align="right">
-<font size="-1">
-Standard textbook cookie
-</font>
-</td>
-</tr>
-</table>
-</div>
-<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_howto.gfont000.gif" alt="H" width="40" height="34" border="0" align="left">
-ow to solve particular security constraints for an SSL-aware webserver
-is not always obvious because of the coherences between SSL, HTTP and Apache's
-way of processing requests. This chapter gives instructions on how to solve
-such typical situations. Treat is as a first step to find out the final
-solution, but always try to understand the stuff before you use it. Nothing is
-worse than using a security solution without knowing it's restrictions and
-coherences.
-</td>
-<td>
-&nbsp;&nbsp;
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="300" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC1"><strong>Cipher Suites and Enforced Strong Security</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC2"><strong>SSLv2 only server</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC3"><strong>strong encryption only server</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC4"><strong>server gated cryptography</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC5"><strong>stronger per-directory requirements</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC6"><strong>Client Authentication and Access Control</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC7"><strong>simple certificate-based client authentication</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC8"><strong>selective certificate-based client authentication</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC9"><strong>particular certificate-based client authentication</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC10"><strong>intranet vs. internet authentication</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
-<h2><a name="ToC1">Cipher Suites and Enforced Strong Security</a></h2>
-<ul>
-<p>
-<li><a name="ToC2"></a>
-    <a name="cipher-sslv2"></a>
-    <strong id="howto">
-How can I create a real SSLv2-only server?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sslv2"><b>L</b></a>]
-    <p>
-The following creates an SSL server which speaks only the SSLv2 protocol and
-its ciphers.
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-SSLProtocol -all +SSLv2
-SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-<p>
-<li><a name="ToC3"></a>
-    <a name="cipher-strong"></a>
-    <strong id="howto">
-How can I create an SSL server which accepts strong encryption only?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-strong"><b>L</b></a>]
-    <p>
-The following enables only the seven strongest ciphers:
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-SSLProtocol all
-SSLCipherSuite HIGH:MEDIUM
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-<p>
-<li><a name="ToC4"></a>
-    <a name="cipher-sgc"></a>
-    <strong id="howto">
-How can I create an SSL server which accepts strong encryption only,
-but allows export browsers to upgrade to stronger encryption?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-sgc"><b>L</b></a>]
-    <p>
-This facility is called Server Gated Cryptography (SGC) and details you can
-find in the <code>README.GlobalID</code> document in the mod_ssl distribution.
-In short: The server has a Global ID server certificate, signed by a special
-CA certificate from Verisign which enables strong encryption in export
-browsers. This works as following: The browser connects with an export cipher,
-the server sends it's Global ID certificate, the browser verifies it and
-subsequently upgrades the cipher suite before any HTTP communication takes
-place. The question now is: How can we allow this upgrade, but enforce strong
-encryption. Or in other words: Browser either have to initially connect with
-strong encryption or have to upgrade to strong encryption, but are not allowed
-to keep the export ciphers. The following does the trick:
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-#   allow all ciphers for the inital handshake,
-#   so export browsers can upgrade via SGC facility
-SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-&lt;Directory /usr/local/apache/htdocs&gt;
-#   but finally deny all browsers which haven't upgraded
-SSLRequire %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
-&lt;/Directory&gt;
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-<p>
-<li><a name="ToC5"></a>
-    <a name="cipher-perdir"></a>
-    <strong id="howto">
-How can I create an SSL server which accepts all types of ciphers in general,
-but requires a strong ciphers for access to a particular URL?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#cipher-perdir"><b>L</b></a>]
-    <p>
-Obviously you cannot just use a server-wide <code>SSLCipherSuite</code> which
-restricts the ciphers to the strong variants. But mod_ssl allows you to
-reconfigure the cipher suite in per-directory context and automatically forces
-a renegotiation of the SSL parameters to meet the new configuration. So, the
-solution is:
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-#   be liberal in general
-SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-&lt;Location /strong/area&gt;
-#   but https://hostname/strong/area/ and below requires strong ciphers
-SSLCipherSuite HIGH:MEDIUM
-&lt;/Location&gt;
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-</ul>
-<h2><a name="ToC6">Client Authentication and Access Control</a></h2>
-<ul>
-<p>
-<li><a name="ToC7"></a>
-    <a name="auth-simple"></a>
-    <strong id="howto">
-How can I authenticate clients based on certificates when I know all my
-clients?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-simple"><b>L</b></a>]
-    <p>
-When you know your user community (i.e. a closed user group situation), as
-it's the case for instance in an Intranet, you can use plain certificate
-authentication. All you have to do is to create client certificates signed by
-your own CA certificate <code>ca.crt</code> and then verifiy the clients
-against this certificate.
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-#   require a client certificate which has to be directly
-#   signed by our CA certificate in ca.crt
-SSLVerifyClient require
-SSLVerifyDepth 1
-SSLCACertificateFile conf/ssl.crt/ca.crt
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-<p>
-<li><a name="ToC8"></a>
-    <a name="auth-selective"></a>
-    <strong id="howto">
-How can I authenticate my clients for a particular URL based on certificates
-but still allow arbitrary clients to access the remaining parts of the server?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-selective"><b>L</b></a>]
-    <p>
-For this we again use the per-directory reconfiguration feature of mod_ssl:
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-SSLVerifyClient none
-SSLCACertificateFile conf/ssl.crt/ca.crt
-&lt;Location /secure/area&gt;
-SSLVerifyClient require
-SSLVerifyDepth 1
-&lt;/Location&gt;
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-<p>
-<li><a name="ToC9"></a>
-    <a name="auth-particular"></a>
-    <strong id="howto">
-How can I authenticate only particular clients for a some URLs based
-on certificates but still allow arbitrary clients to access the remaining
-parts of the server?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-particular"><b>L</b></a>]
-    <p>
-The key is to check for various ingredients of the client certficate. Usually
-this means to check the whole or part of the Distinguished Name (DN) of the
-Subject. For this two methods exists: The <code>mod_auth</code> based variant
-and the <code>SSLRequire</code> variant. The first method is good when the
-clients are of totally different type, i.e. when their DNs have no common
-fields (usually the organisation, etc.). In this case you've to establish a
-password database containing <em>all</em> clients. The second method is better
-when your clients are all part of a common hierarchy which is encoded into the
-DN. Then you can match them more easily.
-<p>
-The first method:
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">/usr/local/apache/conf/httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-SSLVerifyClient      none
-&lt;Directory /usr/local/apache/htdocs/secure/area&gt;
-SSLVerifyClient      require
-SSLVerifyDepth       5
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
-SSLOptions           +FakeBasicAuth
-SSLRequireSSL
-AuthName             "Snake Oil Authentication"
-AuthType             Basic
-AuthUserFile         /usr/local/apache/conf/httpd.passwd
-require              valid-user
-&lt;/Directory&gt;
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">/usr/local/apache/conf/httpd.passwd</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-/C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA
-/C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA
-/C=US/L=L.A./O=Snake Oil, Ltd./OU=Dev/CN=Quux:xxj31ZMTZzkVA
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-<p>
-The second method:
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-SSLVerifyClient      none
-&lt;Directory /usr/local/apache/htdocs/secure/area&gt;
-SSLVerifyClient      require
-SSLVerifyDepth       5
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
-SSLOptions           +FakeBasicAuth
-SSLRequireSSL
-SSLRequire           %{SSL_CLIENT_S_DN_O}  eq "Snake Oil, Ltd." and \
-                     %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}
-&lt;/Directory&gt;
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-<p>
-<li><a name="ToC10"></a>
-    <a name="auth-intranet"></a>
-    <strong id="howto"> How can
-I require HTTPS with strong ciphers and either basic authentication or client
-certificates for access to a subarea on the Intranet website for clients
-coming from the Internet but still allow plain HTTP access for clients on the
-Intranet?
-</strong>&nbsp;&nbsp;
-    [<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#auth-intranet"><b>L</b></a>]
-    <p>
-Let us assume the Intranet can be distinguished through the IP network
-192.160.1.0/24 and the subarea on the Intranet website has the URL
-<tt>/subarea</tt>. Then configure the following outside your HTTPS virtual
-host (so it applies to both HTTPS and HTTP):
-<p>
-<table border="0" cellpadding="0" cellspacing="0" summary="">
-    <tr>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
-        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
-        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-         <td colspan="3" bgcolor="#ffffff">
-             <table border="0" cellspacing="4" summary="">
-                 <tr>
-                     <td>
-<pre>
-
-SSLCACertificateFile conf/ssl.crt/company-ca.crt
-
-&lt;Directory /usr/local/apache/htdocs&gt;
-#   Outside the subarea only Intranet access is granted
-Order                deny,allow
-Deny                 from all
-Allow                from 192.168.1.0/24
-&lt;/Directory&gt;
-
-&lt;Directory /usr/local/apache/htdocs/subarea&gt;
-#   Inside the subarea any Intranet access is allowed
-#   but from the Internet only HTTPS + Strong-Cipher + Password
-#   or the alternative HTTPS + Strong-Cipher + Client-Certificate
-
-#   If HTTPS is used, make sure a strong cipher is used.
-#   Additionally allow client certs as alternative to basic auth.
-SSLVerifyClient      optional
-SSLVerifyDepth       1
-SSLOptions           +FakeBasicAuth +StrictRequire
-SSLRequire           %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
-
-#   Force clients from the Internet to use HTTPS
-RewriteEngine        on
-RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
-RewriteCond          %{HTTPS} !=on
-RewriteRule          .* - [F]
-
-#   Allow Network Access and/or Basic Auth
-Satisfy              any
-
-#   Network Access Control
-Order                deny,allow
-Deny                 from all
-Allow                192.168.1.0/24
-
-#   HTTP Basic Authentication
-AuthType             basic
-AuthName             "Protected Intranet Area"
-AuthUserFile         conf/protected.passwd
-Require              valid-user
-&lt;/Directory&gt;
-
-</pre>
-</td>
-                 </tr>
-             </table>
-         </td>
-         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-    <tr>
-         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
-    </tr>
-</table>
-</ul>
-      <p>
-      <br>
-      <table summary="">
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td><table width="598" summary="">
-        <tr>
-        <td align="left"><font face="Arial,Helvetica">
-        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
-        The Apache Interface to OpenSSL
-        </font>
-        </td>
-        <td align="right"><font face="Arial,Helvetica">
-        Copyright &copy; 1998-2001
-        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
-        All Rights Reserved<br>
-        </font>
-        </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      </table>
-  </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif
deleted file mode 100644
index c64553fcbe7..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html
deleted file mode 100644
index fae805f07a4..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html
+++ /dev/null
@@ -1,919 +0,0 @@
-<html>
-<head>
-<title>mod_ssl: Introduction</title>
-
-<!--
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above
-     copyright notice, this list of conditions and the following
-     disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above
-     copyright notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment: 
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The name "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission.  
-
-  5. Redistributions of any form whatsoever must retain the
-     following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:active {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:visited {
-    text-decoration: none;
-    color: #6666cc;
-}
-#sf {
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H1 {
-    font-weight: bold;
-    font-size: 24pt;
-    line-height: 24pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H2 {
-    font-weight: bold;
-    font-size: 18pt;
-    line-height: 18pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H3 {
-    font-weight: bold;
-    font-size: 14pt;
-    line-height: 14pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H4 {
-    font-weight: bold;
-    font-size: 12pt;
-    line-height: 12pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#H {
-}
-#D {
-    background-color: #f0f0f0;
-}
-#faq {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#howto {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#term {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_n.src');
-        self.status = '';
-    }
-}
-function ro_imgOver(imgName, descript) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_o.src');
-        self.status = descript;
-    }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_top_n = new Image();
-    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_top_o = new Image();
-    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_bot_n = new Image();
-    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_bot_o = new Image();
-    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_top_n = new Image();
-    ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_top_o = new Image();
-    ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_bot_n = new Image();
-    ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_bot_o = new Image();
-    ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-  <td>
-      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
-      <table width="600" cellspacing="0" cellpadding="0" summary="">
-      <tr>
-        <td>
-        <table width="600" summary="">
-        <tr>
-            <td align="left" valign="bottom">
-            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
-            </td>
-            <td align="right">
-              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-2.gif" alt="2" width="74" height="89">
-            </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td>
-          <br>
-          <img src="ssl_template.title-intro.gif" alt="Introduction" width="456" height="60">
-        </td>
-      </tr>
-      </table>
-<div align="right">
-<table cellspacing="0" cellpadding="0" width="400" summary="">
-<tr>
-<td>
-<em>
-``The nice thing about standards is that there are so many to choose from.
-And if you really don't like all the standards you just have to wait another
-year until the one arises you are looking for.''
-</em>
-</td>
-</tr>
-<tr>
-<td align="right">
-<font size="-1">
-A. Tanenbaum, ``Introduction to Computer Networks''
-</font>
-</td>
-</tr>
-</table>
-</div>
-<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_intro.gfont000.gif" alt="A" width="37" height="35" border="0" align="left">
-s an introduction this chapter is aimed at readers who are familiar
-with the Web, HTTP, and Apache, but are not security experts. It is not
-intended to be a definitive guide to the SSL protocol, nor does it discuss
-specific techniques for managing certificates in an organization, or the
-important legal issues of patents and import and export restrictions. Rather,
-it is intended to provide a common background to mod_ssl users by pulling
-together various concepts, definitions, and examples as a starting point for
-further exploration.
-<p>
-The presented content is mainly derived, with permission by the author, from
-the article <a
-href="http://www.ultranet.com/~fhirsch/Papers/wwwj/index.html"><em>Introducing SSL
-and Certificates using SSLeay</em></a> from <a
-href="http://www.ultranet.com/~fhirsch/">Frederick J. Hirsch</a>, of The Open
-Group Research Institute, which was published in <a
-href="http://www.ora.com/catalog/wjsum97/"><em>Web Security: A Matter of
-Trust</em></a>, World Wide Web Journal, Volume 2, Issue 3, Summer 1997.
-Please send any postive feedback to <a
-href="mailto:fjh@alum.mit.edu">Frederick Hirsch</a> (the original
-article author) and all negative feedback to <a
-href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (the mod_ssl
-author).
-</td>
-<td>
-&nbsp;&nbsp;
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC1"><strong>Cryptographic Techniques</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC2"><strong>Cryptographic Algorithms</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC3"><strong>Message Digests</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC4"><strong>Digital Signatures</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC5"><strong>Certificates</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC6"><strong>Certificate Contents</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC7"><strong>Certificate Authorities</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC8"><strong>Certificate Chains</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC9"><strong>Creating a Root-Level CA</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC10"><strong>Certificate Management</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC11"><strong>Secure Sockets Layer (SSL)</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC12"><strong>Session Establishment</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC13"><strong>Key Exchange Method</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC14"><strong>Cipher for Data Transfer</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC15"><strong>Digest Function</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC16"><strong>Handshake Sequence Protocol</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC17"><strong>Data Transfer</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC18"><strong>Securing HTTP Communication</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC19"><strong>References</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
-<h2><a name="ToC1">Cryptographic Techniques</a></h2>
-Understanding SSL requires an understanding of cryptographic algorithms,
-message digest functions (aka. one-way or hash functions), and digital
-signatures. These techniques are the subject of entire books (see for instance
-[<a href="#AC96">AC96</a>]) and provide the basis for privacy, integrity, and
-authentication.
-<h3><a name="ToC2">Cryptographic Algorithms</a></h3>
-Suppose Alice wants to send a message to her bank to transfer some money.
-Alice would like the message to be private, since it will include information
-such as her account number and transfer amount. One solution is to use a
-cryptographic algorithm, a technique that would transform her message into an
-encrypted form, unreadable except by those it is intended for. Once in this
-form, the message may only be interpreted through the use of a secret key.
-Without the key the message is useless: good cryptographic algorithms make it
-so difficult for intruders to decode the original text that it isn't worth
-their effort.
-<p>
-There are two categories of cryptographic algorithms:
-conventional and public key.
-<ul>
-<li><em>Conventional cryptography</em>, also known as symmetric
-cryptography, requires the sender and receiver to share a key: a secret
-piece of information that may be used to encrypt or decrypt a message.
-If this key is secret, then nobody other than the sender or receiver may
-read the message. If Alice and the bank know a secret key, then they
-may send each other private messages. The task of privately choosing a key
-before communicating, however, can be problematic.
-<p>
-<li><em>Public key cryptography</em>, also known as asymmetric cryptography,
-solves the key exchange problem by defining an algorithm which uses two keys,
-each of which may be used to encrypt a message. If one key is used to encrypt
-a message then the other must be used to decrypt it. This makes it possible
-to receive secure messages by simply publishing one key (the public key) and
-keeping the other secret (the private key).
-<p>
-Anyone may encrypt a message using the public key, but only the owner of the
-private key will be able to read it. In this way, Alice may send private
-messages to the owner of a key-pair (the bank), by encrypting it using their
-public key. Only the bank will be able to decrypt it.
-</ul>
-<h3><a name="ToC3">Message Digests</a></h3>
-Although Alice may encrypt her message to make it private, there is still a
-concern that someone might modify her original message or substitute
-it with a different one, in order to transfer the money to themselves, for
-instance. One way of guaranteeing the integrity of Alice's message is to
-create a concise summary of her message and send this to the bank as well.
-Upon receipt of the message, the bank creates its own summary and compares it
-with the one Alice sent. If they agree then the message was received intact.
-<p>
-A summary such as this is called a <em>message digest</em>, <em>one-way
-function</em> or <em>hash function</em>. Message digests are used to create
-short, fixed-length representations of longer, variable-length messages.
-Digest algorithms are designed to produce unique digests for different
-messages. Message digests are designed to make it too difficult to determine
-the message from the digest, and also impossible to find two different
-messages which create the same digest -- thus eliminating the possibility of
-substituting one message for another while maintaining the same digest.
-<p>
-Another challenge that Alice faces is finding a way to send the digest to the
-bank securely; when this is achieved, the integrity of the associated message
-is assured. One way to to this is to include the digest in a digital
-signature.
-<h3><a name="ToC4">Digital Signatures</a></h3>
-When Alice sends a message to the bank, the bank needs to ensure that the
-message is really from her, so an intruder does not request a transaction
-involving her account. A <em>digital signature</em>, created by Alice and
-included with the message, serves this purpose.
-<p>
-Digital signatures are created by encrypting a digest of the message,
-and other information (such as a sequence number) with the sender's
-private key. Though anyone may <em>decrypt</em> the signature using the public
-key, only the signer knows the private key. This means that only they may
-have signed it. Including the digest in the signature means the signature is
-only good for that message; it also ensures the integrity of the message since
-no one can change the digest and still sign it.
-<p>
-To guard against interception and reuse of the signature by an intruder at a
-later date, the signature contains a unique sequence number. This protects
-the bank from a fraudulent claim from Alice that she did not send the message
--- only she could have signed it (non-repudiation).
-<h2><a name="ToC5">Certificates</a></h2>
-Although Alice could have sent a private message to the bank, signed it, and
-ensured the integrity of the message, she still needs to be sure that she is
-really communicating with the bank. This means that she needs to be sure that
-the public key she is using corresponds to the bank's private key. Similarly,
-the bank also needs to verify that the message signature really corresponds to
-Alice's signature.
-<p>
-If each party has a certificate which validates the other's identity, confirms
-the public key, and is signed by a trusted agency, then they both will be
-assured that they are communicating with whom they think they are. Such a
-trusted agency is called a <em>Certificate Authority</em>, and certificates are
-used for authentication.
-<h3><a name="ToC6">Certificate Contents</a></h3>
-A certificate associates a public key with the real identity of an individual,
-server, or other entity, known as the subject. As shown in <a
-href="#table1">Table 1</a>, information about the subject includes identifying
-information (the distinguished name), and the public key. It also includes
-the identification and signature of the Certificate Authority that issued the
-certificate, and the period of time during which the certificate is valid. It
-may have additional information (or extensions) as well as administrative
-information for the Certificate Authority's use, such as a serial number.
-<p>
-<div align="center">
-<a name="table1"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 1: Certificate Information</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table summary="">
-<tr valign="top"><td><b>Subject:</b></td>
-<td>Distinguished Name, Public Key</td></tr>
-<tr valign="top"><td><b>Issuer:</b></td>
-<td>Distinguished Name, Signature</td></tr>
-<tr><td><b>Period of Validity:</b></td>
-<td>Not Before Date, Not After Date</td></tr>
-<tr><td><b>Administrative Information:</b></td>
-<td>Version, Serial Number</td></TR>
-<tr><td><b>Extended Information:</b></td>
-<td>Basic Contraints, Netscape Flags, etc.</td></TR>
-</table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-A distinguished name is used to provide an identity in a specific context --
-for instance, an individual might have a personal certificate as well as one
-for their identity as an employee. Distinguished names are defined by the
-X.509 standard [<a href="#X509">X509</A>], which defines the fields, field
-names, and abbreviations used to refer to the fields
-(see <a href="#table2">Table 2</a>).
-<p>
-<div align="center">
-<a name="table2"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 2: Distinguished Name Information</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table summary="">
-<tr valign="top"><td><b>DN Field:</b></td><td><b>Abbrev.:</b></td><td><b>Description:</b></td>
-<td><b>Example:</b></td>
-</t>
-<tr valign="top"><td>Common Name</td><td>CN</td>
-<td>Name being certified</td><td>CN=Joe Average</td></tr>
-<tr valign="top"><td>Organization or Company</td><td>O</td>
-<td>Name is associated with this<br>organization</td><td>O=Snake Oil, Ltd.</td></tr>
-<tr valign="top"><td>Organizational Unit</td><td>OU</td>
-<td>Name is associated with this <br>organization unit, such as a department</td><td>OU=Research Institute</td></tr>
-<tr valign="top"><td>City/Locality</td><td>L</td>
-<td>Name is located in this City</td><td>L=Snake City</td></tr>
-<tr valign="top"><td>State/Province</td><td>ST</td>
-<td>Name is located in this State/Province</td><td>ST=Desert</td></tr>
-<tr valign="top"><td>Country</td><td>C</td>
-<td>Name is located in this Country (ISO code)</td><td>C=XZ</td></tr>
-</table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-A Certificate Authority may define a policy specifying which distinguished
-field names are optional, and which are required. It may also place
-requirements upon the field contents, as may users of certificates. As an
-example, a Netscape browser requires that the Common Name for a certificate
-representing a server has a name which matches a wildcard pattern for the
-domain name of that server, such as <code>*.snakeoil.com</code>.
-<p>
-The binary format of a certificate is defined using the ASN.1 notation [ <a
-href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>]. This notation defines how to
-specify the contents, and encoding rules define how this information is
-translated into binary form. The binary encoding of the certificate is
-defined using Distinguished Encoding Rules (DER), which are based on the more
-general Basic Encoding Rules (BER). For those transmissions which cannot
-handle binary, the binary form may be translated into an ASCII form by using
-Base64 encoding [<a href="#MIME">MIME</a>]. This encoded version is called PEM
-encoded (the name comes from "Privacy Enhanced Mail"), when placed between
-begin and end delimiter lines as illustrated in <a href="#table3">Table 3</a>.
-<p>
-<div align="center">
-<a name="table3"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 3: Example of a PEM-encoded certificate (snakeoil.crt)</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table cellspacing="0" cellpadding="0" summary=""><tr><td>
-<div class="code"><pre>
------BEGIN CERTIFICATE-----
-MIIC7jCCAlegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
-FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
-A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
-cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
-bmFrZW9pbC5kb20wHhcNOTgxMDIxMDg1ODM2WhcNOTkxMDIxMDg1ODM2WjCBpzEL
-MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
-a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl
-cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN
-AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDH9Ge/s2zcH+da+rPTx/DPRp3xGjHZ4GG6pCmvADIEtBtKBFAcZ64n+Dy7Np8b
-vKR+yy5DGQiijsH1D/j8HlGE+q4TZ8OFk7BNBFazHxFbYI4OKMiCxdKzdif1yfaa
-lWoANFlAzlSdbxeGVHoT0K+gT5w3UxwZKv2DLbCTzLZyPwIDAQABoyYwJDAPBgNV
-HRMECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQQFAAOB
-gQAZUIHAL4D09oE6Lv2k56Gp38OBDuILvwLg1v1KL8mQR+KFjghCrtpqaztZqcDt
-2q2QoyulCgSzHbEGmi0EsdkPfg6mp0penssIFePYNI+/8u9HT4LuKMJX15hxBam7
-dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==
------END CERTIFICATE-----</pre></div>
-</td></tr></table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<h3><a name="ToC7">Certificate Authorities</a></h3>
-By first verifying the information in a certificate request before granting
-the certificate, the Certificate Authority assures the identity of the private
-key owner of a key-pair. For instance, if Alice requests a personal
-certificate, the Certificate Authority must first make sure that Alice really
-is the person the certificate request claims.
-<h4><a name="ToC8">Certificate Chains</a></h4>
-A Certificate Authority may also issue a certificate for another Certificate
-Authority. When examining a certificate, Alice may need to examine the
-certificate of the issuer, for each parent Certificate Authority, until
-reaching one which she has confidence in. She may decide to trust only
-certificates with a limited chain of issuers, to reduce her risk of a "bad"
-certificate in the chain.
-<h4><a name="ToC9">Creating a Root-Level CA</a></h4>
-As noted earlier, each certificate requires an issuer to assert the validity
-of the identity of the certificate subject, up to the top-level Certificate
-Authority (CA). This presents a problem: Since this is who vouches for the
-certificate of the top-level authority, which has no issuer?
-In this unique case, the certificate is "self-signed", so the issuer of the
-certificate is the same as the subject. As a result, one must exercise extra
-care in trusting a self-signed certificate. The wide publication of a public
-key by the root authority reduces the risk in trusting this key -- it would be
-obvious if someone else publicized a key claiming to be the authority.
-Browsers are preconfigured to trust well-known certificate authorities.
-<p>
-A number of companies, such as <a href="http://www.thawte.com/">Thawte</a> and
-<a href="http://www.verisign.com/">VeriSign</a> have established themselves as
-Certificate Authorities. These companies provide the following services:
-<ul>
-<li>Verifying certificate requests
-<li>Processing certificate requests
-<li>Issuing and managing certificates
-</ul>
-<p>
-It is also possible to create your own Certificate Authority. Although risky
-in the Internet environment, it may be useful within an Intranet where the
-organization can easily verify the identities of individuals and servers.
-<h4><a name="ToC10">Certificate Management</a></h4>
-Establishing a Certificate Authority is a responsibility which requires a
-solid administrative, technical, and management framework.
-Certificate Authorities not only issue certificates, they also manage them --
-that is, they determine how long certificates are valid, they renew them, and
-they keep lists of certificates that have already been issued but are no
-longer valid (Certificate Revocation Lists, or CRLs).
-Say Alice is entitled to a certificate as an employee of a company. Say too,
-that the certificate needs to be revoked when Alice leaves the company. Since
-certificates are objects that get passed around, it is impossible to tell from
-the certificate alone that it has been revoked.
-When examining certificates for validity, therefore, it is necessary to
-contact the issuing Certificate Authority to check CRLs -- this is not usually
-an automated part of the process.
-<p>
-<div align="center"><B>Note:</B></div>
-If you use a Certificate Authority that is not configured into browsers by
-default, it is necessary to load the Certificate Authority certificate into
-the browser, enabling the browser to validate server certificates signed by
-that Certificate Authority. Doing so may be dangerous, since once loaded, the
-browser will accept all certificates signed by that Certificate Authority.
-<h2><a name="ToC11">Secure Sockets Layer (SSL)</a></h2>
-The Secure Sockets Layer protocol is a protocol layer which may be placed
-between a reliable connection-oriented network layer protocol (e.g. TCP/IP)
-and the application protocol layer (e.g. HTTP). SSL provides for secure
-communication between client and server by allowing mutual authentication, the
-use of digital signatures for integrity, and encryption for privacy.
-<p>
-The protocol is designed to support a range of choices for specific algorithms
-used for cryptography, digests, and signatures. This allows algorithm
-selection for specific servers to be made based on legal, export or other
-concerns, and also enables the protocol to take advantage of new algorithms.
-Choices are negotiated between client and server at the start of establishing
-a protocol session.
-<p>
-<div align="center">
-<a name="table4"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 4: Versions of the SSL protocol</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table summary="">
-<tr valign="top">
-<td><b>Version:</b></td>
-<td><b>Source:</b></td>
-<td><b>Description:</b></td>
-<td><b>Browser Support:</b></td>
-</tr>
-<tr valign="top">
-<td>SSL v2.0</td>
-<td>Vendor Standard (from Netscape Corp.) [<a href="#SSL2">SSL2</a>]</td>
-<td>First SSL protocol for which implementations exists</td>
-<td>- NS Navigator 1.x/2.x<br>
-    - MS IE 3.x<br>
-    - Lynx/2.8+OpenSSL
-</td>
-</tr>
-<tr valign="top">
-<td>SSL v3.0</td>
-<td>Expired Internet Draft (from Netscape Corp.) [<a href="#SSL3">SSL3</a>]</td>
-<td>Revisions to prevent specific security attacks, add non-RSA ciphers, and support for certificate chains</td>
-<td>- NS Navigator 2.x/3.x/4.x<br>
-    - MS IE 3.x/4.x<br>
-    - Lynx/2.8+OpenSSL
-</td>
-</tr>
-<tr valign="top">
-<td>TLS v1.0</td>
-<td>Proposed Internet Standard (from IETF) [<a href="#TLS1">TLS1</a>]</td>
-<td>Revision of SSL 3.0 to update the MAC layer to HMAC, add block padding for
-    block ciphers, message order standardization and more alert messages.
-</td>
-<td>- Lynx/2.8+OpenSSL</td>
-</table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-There are a number of versions of the SSL protocol, as shown in <a
-href="#table4">Table 4</a>. As noted there, one of the benefits in SSL 3.0 is
-that it adds support of certificate chain loading. This feature allows a
-server to pass a server certificate along with issuer certificates to the
-browser. Chain loading also permits the browser to validate the server
-certificate, even if Certificate Authority certificates are not installed for
-the intermediate issuers, since they are included in the certificate chain.
-SSL 3.0 is the basis for the Transport Layer Security [<A
-HREF="#TLS1">TLS</A>] protocol standard, currently in development by the
-Internet Engineering Task Force (IETF).
-<h3><a name="ToC12">Session Establishment</a></h3>
-The SSL session is established by following a <I>handshake sequence</I>
-between client and server, as shown in <a href="#figure1">Figure 1</a>. This
-sequence may vary, depending on whether the server is configured to provide a
-server certificate or request a client certificate. Though cases exist where
-additional handshake steps are required for management of cipher information,
-this article summarizes one common scenario: see the SSL specification for the
-full range of possibilities.
-<p>
-<div align="center"><b>Note</b></div>
-Once an SSL session has been established it may be reused, thus avoiding the
-performance penalty of repeating the many steps needed to start a session.
-For this the server assigns each SSL session a unique session identifier which
-is cached in the server and which the client can use on forthcoming
-connections to reduce the handshake (until the session identifer expires in
-the cache of the server).
-<p>
-<div align="center">
-<a name="figure1"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Figure 1: Simplified SSL Handshake Sequence</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<img src="ssl_intro_fig1.gif" alt="" width="423" height="327">
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-The elements of the handshake sequence, as used by the client and server, are
-listed below:
-<ol>
-<li>Negotiate the Cipher Suite to be used during data transfer
-<li>Establish and share a session key between client and server
-<li>Optionally authenticate the server to the client
-<li>Optionally authenticate the client to the server
-</ol>
-<p>
-The first step, Cipher Suite Negotiation, allows the client and server to
-choose a Cipher Suite supportable by both of them. The SSL3.0 protocol
-specification defines 31 Cipher Suites. A Cipher Suite is defined by the
-following components:
-<ul>
-<li>Key Exchange Method
-<li>Cipher for Data Transfer
-<li>Message Digest for creating the Message Authentication Code (MAC)
-</ul>
-These three elements are described in the sections that follow.
-<h3><a name="ToC13">Key Exchange Method</a></h3>
-The key exchange method defines how the shared secret symmetric cryptography
-key used for application data transfer will be agreed upon by client and
-server. SSL 2.0 uses RSA key exchange only, while SSL 3.0 supports a choice of
-key exchange algorithms including the RSA key exchange when certificates are
-used, and Diffie-Hellman key exchange for exchanging keys without certificates
-and without prior communication between client and server.
-<p>
-One variable in the choice of key exchange methods is digital signatures --
-whether or not to use them, and if so, what kind of signatures to use.
-Signing with a private key provides assurance against a
-man-in-the-middle-attack during the information exchange used in generating
-the shared key [<a href="#AC96">AC96</a>, p516].
-<h3><a name="ToC14">Cipher for Data Transfer</a></h3>
-SSL uses the conventional cryptography algorithm (symmetric cryptography)
-described earlier for encrypting messages in a session. There are nine
-choices, including the choice to perform no encryption:
-<ul>
-<li>No encryption
-<li>Stream Ciphers
-    <ul>
-    <li>RC4 with 40-bit keys
-    <li>RC4 with 128-bit keys
-    </ul>
-<li>CBC Block Ciphers
-    <ul>
-    <li>RC2 with 40 bit key
-    <li>DES with 40 bit key
-    <li>DES with 56 bit key
-    <li>Triple-DES with 168 bit key
-    <li>Idea (128 bit key)
-    <li>Fortezza (96 bit key)
-    </ul>
-</ul>
-Here "CBC" refers to Cipher Block Chaining, which means that a portion of the
-previously encrypted cipher text is used in the encryption of the current
-block. "DES" refers to the Data Encryption Standard [<a href="#AC96">AC96</a>,
-ch12], which has a number of variants (including DES40 and 3DES_EDE). "Idea"
-is one of the best and cryptographically strongest available algorithms, and
-"RC2" is a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>,
-ch13].
-<h3><a name="ToC15">Digest Function</a></h3>
-The choice of digest function determines how a digest is created from a record
-unit. SSL supports the following:
-<ul>
-<li>No digest (Null choice)
-<li>MD5, a 128-bit hash
-<li>Secure Hash Algorithm (SHA-1), a 160-bit hash
-</ul>
-The message digest is used to create a Message Authentication Code (MAC) which
-is encrypted with the message to provide integrity and to prevent against
-replay attacks.
-<h3><a name="ToC16">Handshake Sequence Protocol</a></h3>
-The handshake sequence uses three protocols:
-<ul>
-<li>The <em>SSL Handshake Protocol</em>
-    for performing the client and server SSL session establishment.
-<li>The <em>SSL Change Cipher Spec Protocol</em> for actually establishing agreement
-    on the Cipher Suite for the session.
-<li>The <em>SSL Alert Protocol</em> for
-    conveying SSL error messages between client and server.
-</ul>
-These protocols, as well as application protocol data, are encapsulated in the
-<em>SSL Record Protocol</em>, as shown in <a href="#figure2">Figure 2</a>. An
-encapsulated protocol is transferred as data by the lower layer protocol,
-which does not examine the data. The encapsulated protocol has no knowledge of
-the underlying protocol.
-<p>
-<div align="center">
-<a name="figure2"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Figure 2: SSL Protocol Stack</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<img src="ssl_intro_fig2.gif" alt="" width="428" height="217">
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-The encapsulation of SSL control protocols by the record protocol means that
-if an active session is renegotiated the control protocols will be transmitted
-securely. If there were no session before, then the Null cipher suite is
-used, which means there is no encryption and messages have no integrity
-digests until the session has been established.
-<h3><a name="ToC17">Data Transfer</a></h3>
-The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>, is used to
-transfer application and SSL Control data between the client and server,
-possibly fragmenting this data into smaller units, or combining multiple
-higher level protocol data messages into single units. It may compress, attach
-digest signatures, and encrypt these units before transmitting them using the
-underlying reliable transport protocol (Note: currently all major SSL
-implementations lack support for compression).
-<p>
-<div align="center">
-<a name="figure3"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Figure 3: SSL Record Protocol</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<img src="ssl_intro_fig3.gif" alt="" width="423" height="323">
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<h3><a name="ToC18">Securing HTTP Communication</a></h3>
-One common use of SSL is to secure Web HTTP communication between a browser
-and a webserver. This case does not preclude the use of non-secured HTTP. The
-secure version is mainly plain HTTP over SSL (named HTTPS), but with one major
-difference: it uses the URL scheme <code>https</code> rather than
-<code>http</code> and a different server port (by default 443). This mainly
-is what mod_ssl provides to you for the Apache webserver...
-<h2><a name="ToC19">References</a></h2>
-<ul>
-<p>
-<li><a name="AC96"></a>
-[AC96] Bruce Schneier, <em>Applied Cryptography</em>, 2nd Edition, Wiley,
-       1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for
-       various other materials by Bruce Schneier.
-<p>
-<li><a name="X208"></a>
-[X208] ITU-T Recommendation X.208, <em>Specification of Abstract Syntax Notation
-       One (ASN.1)</em>, 1988. See for instance <a
-       href="ftp://ftp.neda.com/pub/itu/x.series/x208.ps">
-       ftp://ftp.neda.com/pub/itu/x.series/x208.ps</a>.
-<p>
-<li><a name="X509"></a>
-[X509] ITU-T Recommendation X.509, <em>The Directory - Authentication
-       Framework</em>, 1988. See for instance <a
-       href="ftp://ftp.bull.com/pub/OSIdirectory/ITUnov96/X.509/97x509final.doc">
-       ftp://ftp.bull.com/pub/OSIdirectory/ITUnov96/X.509/97x509final.doc</a>.
-<p>
-<li><a name="PKCS"></a>
-[PKCS] Kaliski, Burton S., Jr., <em>An Overview of the PKCS Standards</em>, An RSA
-     Laboratories Technical Note, revised November 1, 1993.
-     See <a href="http://www.rsa.com/rsalabs/pubs/PKCS/">
-     http://www.rsa.com/rsalabs/pubs/PKCS/</a>.
-<p>
-<li><a name="MIME"></a>
-[MIME] N. Freed, N. Borenstein, <em>Multipurpose Internet Mail Extensions
-       (MIME) Part One: Format of Internet Message Bodies</em>, RFC2045.
-       See for instance <a href="ftp://ftp.isi.edu/in-notes/rfc2045.txt">
-       ftp://ftp.isi.edu/in-notes/rfc2045.txt</a>.
-<p>
-<li><a name="SSL2"></a>
-[SSL2] Kipp E.B. Hickman, <em>The SSL Protocol</em>, 1995.
-       See <a href="http://www.netscape.com/eng/security/SSL_2.html">
-       http://www.netscape.com/eng/security/SSL_2.html</a>.
-<p>
-<li><a name="SSL3"></a>
-[SSL3] Alan O. Freier, Philip Karlton, Paul C. Kocher, <em>The SSL Protocol
-       Version 3.0</em>, 1996. See <a
-       href="http://www.netscape.com/eng/ssl3/draft302.txt">
-       http://www.netscape.com/eng/ssl3/draft302.txt</a>.
-<p>
-<li><a name="TLS1"></a>
-[TLS1] Tim Dierks, Christopher Allen, <em>The TLS Protocol Version 1.0</em>,
-       1997. See <a
-       href="ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt">
-       ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt</a>.
-</ul>
-      <p>
-      <br>
-      <table summary="">
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td><table width="598" summary="">
-        <tr>
-        <td align="left"><font face="Arial,Helvetica">
-        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
-        The Apache Interface to OpenSSL
-        </font>
-        </td>
-        <td align="right"><font face="Arial,Helvetica">
-        Copyright &copy; 1998-2001
-        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
-        All Rights Reserved<br>
-        </font>
-        </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      </table>
-  </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig1.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig1.gif
deleted file mode 100644
index 3c209864f19..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig2.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig2.gif
deleted file mode 100644
index 26b295a67b0..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig3.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig3.gif
deleted file mode 100644
index 00a975b5a4e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig3.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.gfont000.gif
deleted file mode 100644
index 7fb5db91b00..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.gfont000.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html
deleted file mode 100644
index be48d6c77fd..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html
+++ /dev/null
@@ -1,476 +0,0 @@
-<html>
-<head>
-<title>mod_ssl: Preface</title>
-
-<!--
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above
-     copyright notice, this list of conditions and the following
-     disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above
-     copyright notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment: 
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The name "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission.  
-
-  5. Redistributions of any form whatsoever must retain the
-     following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:active {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:visited {
-    text-decoration: none;
-    color: #6666cc;
-}
-#sf {
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H1 {
-    font-weight: bold;
-    font-size: 24pt;
-    line-height: 24pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H2 {
-    font-weight: bold;
-    font-size: 18pt;
-    line-height: 18pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H3 {
-    font-weight: bold;
-    font-size: 14pt;
-    line-height: 14pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H4 {
-    font-weight: bold;
-    font-size: 12pt;
-    line-height: 12pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#H {
-}
-#D {
-    background-color: #f0f0f0;
-}
-#faq {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#howto {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#term {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_n.src');
-        self.status = '';
-    }
-}
-function ro_imgOver(imgName, descript) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_o.src');
-        self.status = descript;
-    }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_top_n = new Image();
-    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_top_o = new Image();
-    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_bot_n = new Image();
-    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_bot_o = new Image();
-    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_top_n = new Image();
-    ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_top_o = new Image();
-    ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_bot_n = new Image();
-    ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_bot_o = new Image();
-    ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-  <td>
-      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
-      <table width="600" cellspacing="0" cellpadding="0" summary="">
-      <tr>
-        <td>
-        <table width="600" summary="">
-        <tr>
-            <td align="left" valign="bottom">
-            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
-            </td>
-            <td align="right">
-              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-1.gif" alt="1" width="74" height="89">
-            </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="index.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Cover</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td>
-          <br>
-          <img src="ssl_template.title-over.gif" alt="Preface" width="456" height="60">
-        </td>
-      </tr>
-      </table>
-<div align="right">
-<table cellspacing="0" cellpadding="0" width="300" summary="">
-<tr>
-<td>
-<em>
-``Ralf Engelschall has released an
-excellent module that integrates
-Apache and SSLeay.''
-</em>
-</td>
-</tr>
-<tr>
-<td align="right">
-<font size="-1">
-Tim J. Hudson, SSLeay F.A.Q.
-</font>
-</td>
-</tr>
-</table>
-</div>
-<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_overview.gfont000.gif" alt="T" width="34" height="34" border="0" align="left">
-his module provides strong cryptography for the <A
-HREF="http://www.apache.org/">Apache</A> (v1.3) webserver via the <A
-HREF="http://www.netscape.com/newsref/std/SSL.html">Secure Socket Layer</A>
-(SSL v2/v3) and <A HREF="http://www.consensus.com/ietf-tls/">Transport Layer
-Security</A> (TLS v1) protocols by the help of the excellent SSL/TLS
-implementation library <A HREF="http://www.openssl.org/">OpenSSL</A> from <A
-HREF="mailto:eay@aus.rsa.com">Eric A. Young</A> and <A
-HREF="mailto:tjh@cryptsoft.com">Tim Hudson</A>.
-</td>
-<td>
-&nbsp;&nbsp;
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Global Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
-<b>
-<a href="ssl_overview.html">Chapter 1: Preface</a><br>
-<a href="ssl_intro.html">Chapter 2: Introduction</a><br>
-<a href="ssl_reference.html">Chapter 3: Reference</a><br>
-<a href="ssl_compat.html">Chapter 4: Compatibility</a><br>
-<a href="ssl_howto.html">Chapter 5: HowTo</a><br>
-<a href="ssl_faq.html">Chapter 6: F.A.Q. List</a><br>
-<a href="ssl_glossary.html">Chapter 7: Glossary</a><br>
-</b>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
-<p>
-The <A HREF="http://www.modssl.org/">mod_ssl</A> package was
-created in April 1998 by <A HREF="mailto:rse@engelschall.com">Ralf S.
-Engelschall</A> and was originally derived from the <A
-HREF="http://www.apache-ssl.org/">Apache-SSL</A> package developed by <A
-HREF="mailto:ben@algroup.co.uk">Ben Laurie</A>. It stays under a BSD-style
-license which is equivalent to the license used by <A
-HREF="http://www.apache.org/">The Apache Group</a> for the Apache webserver
-itself. This means, in short, that you are free to use it both for commercial
-and non-commercial purposes as long as you retain the authors' copyright
-notices and give the proper credit.
-<h2>Legalese</h2>
-Although the above conditions also apply to Apache and OpenSSL in general (both
-are freely available and useable software packages), you should be aware that
-especially the cryptographic algorithms used inside OpenSSL stay under
-certain patents and perhaps import/export/use restrictions in some countries
-of the world. So whether you can actually use the combination
-Apache+mod_ssl+OpenSSL in your country depends mainly on your local state laws.
-The authors of neither Apache nor mod_ssl nor OpenSSL are liable for any
-violations you make here.
-<p>
-If you're not sure what law details apply to your country you're strongly
-advised to first determine them by consulting an attorney before using this
-module. A lot of hints you can find in the <a
-href="http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm">International Law
-Crypto Survey</a> which is a really comprehensive resource on this topic. At
-least two countries with heavy cryptography restrictions are well known:
-In the United States (USA) it's not allowed to (re-)export mod_ssl
-or OpenSSL And inside France it's not allowed to use any cryptography at all
-when keys with more than 40 bits are used.
-<p>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" cellspacing="0" cellpadding="10" border="0" summary="">
-<tr>
-<td>
-<font face="Arial,Helvetica">
-This software package uses strong cryptography, so while it is created,
-maintained and distributed from Germany and Switzerland (where it is legal to
-do this), it falls under certain export/import and/or use restrictions in some
-other parts of the world.
-<p>
-PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
-SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL
-DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD.
-SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM
-THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE
-AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO
-ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHOR OF MOD_SSL
-IS NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFULLY YOURSELF, IT
-IS YOUR RESPONSIBILITY.
-</font>
-<p>
-<font face="Arial,Helvetica">
-CREDIT INFORMATION:
-This product includes software developed by Ben Laurie for use in the
-Apache-SSL HTTP server project, software developed by Larry Wall and David
-MacKenzie for use in the GNU project of the FSF and software developed by Dr.
-Stephen N. Henson as a companion to OpenSSL.
-</font>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<h2>Module Architecture</h2>
-The mod_ssl package consists of the SSL module (part 1 in <a
-href="#figure1">Figure 1</a>) and a set of source patches for Apache adding the
-Extended API (EAPI) (part 2 in <a href="#figure1">Figure 1</a>) which is an
-essential prerequisite in order to use mod_ssl. In other words: you can only
-use the mod_ssl module when Apache's core code contains the Extended API. But
-because when applying mod_ssl to the Apache source tree the Extended API is
-also automatically added you usually don't have to think about this. It's
-mainly important for package vendors who want to build separate packages for
-Apache and mod_ssl. For more details on how to apply mod_ssl to the Apache
-source tree please follow the <code>INSTALL</code> file in the mod_ssl
-distribution.
-<p>
-<div align="center">
-<a name="figure1"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Figure 1: Module Architecture</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<img src="ssl_overview_fig1.gif" alt="" width="382" height="281">
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<h2>Module Building</h2>
-The SSL module (mod_ssl) resides under the <CODE>src/modules/ssl/</CODE>
-subdirectory inside the Apache source tree and is a regular Apache module. This
-means that you can configure, build and install it like any other Apache module.
-Usually this is done by using the APACI command
-<blockquote>
-<pre>
-$ cd apache_1.3.x/
-$ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl
-</pre>
-</blockquote>
-or by manually editing the <code>SSL_BASE</code> variable,
-uncommenting the corresponding <code>AddModule</code> directive inside the
-<code>src/Configuration</code> file and using the command
-<blockquote>
-<pre>
-$ cd apache_1.3.x/src
-$ ./Configure
-</pre>
-</blockquote>
-for configuring. Additionally you can enable the <a
-href="http://www.apache.org/docs/dso.html">Dynamic Shared Object</a> (DSO)
-support for mod_ssl by either adding the <code>--enable-shared=ssl</code>
-option to the APACI configure command line or by replacing the
-<blockquote>
-<pre>
-AddModule ssl_module modules/ssl/libssl.a
-</pre>
-</blockquote>
-line in <code>src/Configuration</code> with
-<blockquote>
-<pre>
-SharedModule ssl_module modules/ssl/libssl.so
-</pre>
-</blockquote>
-Building mod_ssl as a DSO is especially interesting to achieve more run-time
-flexibility, i.e. you can decide whether to use SSL or not at run-time instead
-of build-time. But notice that building mod_ssl as a DSO requires that your
-OS/compiler supports building DSOs in the first place, and additionally that
-they support linking of a DSO against a static library (libssl.a, libcrypo.a).
-Not all platform support this.
-      <p>
-      <br>
-      <table summary="">
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="index.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Cover</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td><table width="598" summary="">
-        <tr>
-        <td align="left"><font face="Arial,Helvetica">
-        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
-        The Apache Interface to OpenSSL
-        </font>
-        </td>
-        <td align="right"><font face="Arial,Helvetica">
-        Copyright &copy; 1998-2001
-        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
-        All Rights Reserved<br>
-        </font>
-        </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      </table>
-  </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview_fig1.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview_fig1.gif
deleted file mode 100644
index 7d18de05817..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview_fig1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.gfont000.gif
deleted file mode 100644
index 7fb5db91b00..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.gfont000.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html
deleted file mode 100644
index 3ea020662e9..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html
+++ /dev/null
@@ -1,2655 +0,0 @@
-<html>
-<head>
-<title>mod_ssl: Reference</title>
-
-<!--
-  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above
-     copyright notice, this list of conditions and the following
-     disclaimer. 
- 
-  2. Redistributions in binary form must reproduce the above
-     copyright notice, this list of conditions and the following
-     disclaimer in the documentation and/or other materials
-     provided with the distribution.
- 
-  3. All advertising materials mentioning features or use of this
-     software must display the following acknowledgment: 
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  4. The name "mod_ssl" must not be used to endorse or promote
-     products derived from this software without prior written
-     permission.  
-
-  5. Redistributions of any form whatsoever must retain the
-     following acknowledgment:
-     "This product includes software developed by 
-      Ralf S. Engelschall <rse@engelschall.com> for use in the
-      mod_ssl project (http://www.modssl.org/)."
- 
-  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-  OF THE POSSIBILITY OF SUCH DAMAGE.
--->
-<style type="text/css"><!--
-A:link {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:active {
-    text-decoration: none;
-    color: #6666cc;
-}
-A:visited {
-    text-decoration: none;
-    color: #6666cc;
-}
-#sf {
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H1 {
-    font-weight: bold;
-    font-size: 24pt;
-    line-height: 24pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H2 {
-    font-weight: bold;
-    font-size: 18pt;
-    line-height: 18pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H3 {
-    font-weight: bold;
-    font-size: 14pt;
-    line-height: 14pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-H4 {
-    font-weight: bold;
-    font-size: 12pt;
-    line-height: 12pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#H {
-}
-#D {
-    background-color: #f0f0f0;
-}
-#faq {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#howto {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
-#term {
-    font-weight: bold;
-    font-size: 16pt;
-    line-height: 16pt;
-    font-family: arial,helvetica;
-    font-variant: normal;
-    font-style: normal;
-}
---></style>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-function ro_imgNormal(imgName) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_n.src');
-        self.status = '';
-    }
-}
-function ro_imgOver(imgName, descript) {
-    if (document.images) {
-        document[imgName].src = eval(imgName + '_o.src');
-        self.status = descript;
-    }
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_top_n = new Image();
-    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_top_o = new Image();
-    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_prev_bot_n = new Image();
-    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
-    ro_img_prev_bot_o = new Image();
-    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_top_n = new Image();
-    ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_top_o = new Image();
-    ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-<script type="text/javascript" language="JavaScript">
-<!-- Hiding the code
-if (document.images) {
-    ro_img_next_bot_n = new Image();
-    ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
-    ro_img_next_bot_o = new Image();
-    ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
-}
-// done hiding -->
-</script>
-</head>
-<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
-<div align="center">
-<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
-<tr>
-  <td>
-      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
-      <table width="600" cellspacing="0" cellpadding="0" summary="">
-      <tr>
-        <td>
-        <table width="600" summary="">
-        <tr>
-            <td align="left" valign="bottom">
-            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
-            </td>
-            <td align="right">
-              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-3.gif" alt="3" width="74" height="89">
-            </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td>
-          <br>
-          <img src="ssl_template.title-ref.gif" alt="Reference" width="456" height="60">
-        </td>
-      </tr>
-      </table>
-<div align="right">
-<table cellspacing="0" cellpadding="0" width="150" summary="">
-<tr>
-<td>
-<em>
-``Try to understand everything,
-but believe nothing!''
-</em>
-</td>
-</tr>
-<tr>
-<td align="right">
-<font size="-1">
-Unknown
-</font>
-</td>
-</tr>
-</table>
-</div>
-<p>
-<table cellspacing="0" cellpadding="0" border="0" summary="">
-<tr valign="bottom">
-<td>
-<img src="ssl_reference.gfont000.gif" alt="T" width="34" height="34" border="0" align="left">
-his chapter provides a reference to all configuration directives and
-additional user visible features mod_ssl provides. It's intended as the
-official resource when you want to know how a particilar mod_ssl functionality
-is actually configured or activated. Each directive is documented similar to
-the way standard Apache directives are documented in the official Apache
-documentation set, i.e. for each directive especially the syntax, default and
-context where applicable is given.
-<p>
-Notice that there are three major classes of directives which are used by
-mod_ssl: First <em>Global Directives</em> (i.e. directives with context
-``server config''), which can occur inside the server config files but only
-outside of any sectioning commands like &lt;VirtualHost&gt;. Second
-<em>Per-Server Directives</em> (i.e. those with context ``server config,
-virtual host''), which can occur inside the server config files both outside
-(for the main/default server) and inside &lt;VirtualHost&gt; sections.
-</td>
-<td>
-&nbsp;&nbsp;
-</td>
-<td>
-<div align="right">
-<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
-<tr>
-<td bgcolor="#333399">
-<font face="Arial,Helvetica" color="#ccccff">
-<b>Table Of Contents</b>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<font face="Arial,Helvetica" size="-1">
-<a href="#ToC1"><strong>Configuration Directives</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC2"><strong>SSLPassPhraseDialog</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC3"><strong>SSLMutex</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC4"><strong>SSLRandomSeed</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC5"><strong>SSLSessionCache</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC6"><strong>SSLSessionCacheTimeout</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC7"><strong>SSLEngine</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC8"><strong>SSLProtocol</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC9"><strong>SSLCipherSuite</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC9a"><strong>SSLECDHCurve</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC9b"><strong>SSLHonorCipherOrder</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC10"><strong>SSLCertificateFile</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC11"><strong>SSLCertificateKeyFile</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC12"><strong>SSLCertificateChainFile</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC13"><strong>SSLCACertificatePath</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC14"><strong>SSLCACertificateFile</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC15"><strong>SSLCARevocationPath</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC16"><strong>SSLCARevocationFile</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC17"><strong>SSLVerifyClient</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC18"><strong>SSLVerifyDepth</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC19"><strong>SSLLog</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC20"><strong>SSLLogLevel</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC21"><strong>SSLOptions</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC22"><strong>SSLRequireSSL</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC23"><strong>SSLRequire</strong></a><br>
-<a href="#ToC24"><strong>Additional Features</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC25"><strong>Environment Variables</strong></a><br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#ToC26"><strong>Custom Log Formats</strong></a><br>
-</font>
-</td>
-</tr>
-</table>
-</div>
-</td>
-</tr>
-</table>
-<p>
-And third <em>Per-Directory Directives</em> (i.e. those with context ``server
-config, virtual host, directory, .htaccess''), which can pretty much occur
-everywhere. Especially both inside the server config files and the
-per-directory <code>.htaccess</code> files. The three classes are subsets of
-each other, i.e. directives from the per-directory class can also be used in
-the per-server and global context, and directives from the per-server class
-can also be used the in the global context.
-<p>
-Additional directives and environment variables provided by mod_ssl (via
-on-the-fly mapping) for backward compatiblity to other Apache SSL solutions
-are documented in the <a href="ssl_compat.html">Compatibility</a> chapter.
-<h1><a name="ToC1">Configuration Directives</a></h1>
-The most visible and error-prone things of mod_ssl are its configuration
-directives. So we document them in great detail here to assist you in setting
-up the best possible configuration of your SSL-aware webserver.
-<!-- SSLPassPhraseDialog -------------------------------------------->
-<p>
-<br>
-<a name="SSLPassPhraseDialog"></a>
-<h2><a name="ToC2">SSLPassPhraseDialog</a></h2>
-<p>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLPassPhraseDialog</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of pass phrase dialog for encrypted private keys</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLPassPhraseDialog</code> <em>type</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLPassPhraseDialog builtin</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-When Apache starts up it has to read the various Certificate (see <a
-href="#SSLCertificateFile">SSLCertificateFile</a>) and Private Key (see <a
-href="#SSLCertificateKeyFile">SSLCertificateKeyFile</a>) files of the
-SSL-enabled virtual servers. Because for security reasons the Private Key
-files are usually encrypted, mod_ssl needs to query the administrator for a
-Pass Phrase in order to decrypt those files. This query can be done in two ways
-which can be configured by <em>type</em>:
-<ul>
-<li><code>builtin</code>
-    <p>
-    This is the default where an interactive terminal dialog occurs at startup
-    time just before Apache detaches from the terminal. Here the administrator
-    has to manually enter the Pass Phrase for each encrypted Private Key file.
-    Because a lot of SSL-enabled virtual hosts can be configured, the
-    following reuse-scheme is used to minimize the dialog: When a Private Key
-    file is encrypted, all known Pass Phrases (at the beginning there are
-    none, of course) are tried. If one of those known Pass Phrases succeeds no
-    dialog pops up for this particular Private Key file. If none succeeded,
-    another Pass Phrase is queried on the terminal and remembered for the next
-    round (where it perhaps can be reused).
-    <p>
-    This scheme allows mod_ssl to be maximally flexible (because for N encrypted
-    Private Key files you <em>can</em> use N different Pass Phrases - but then
-    you have to enter all of them, of course) while minimizing the terminal
-    dialog (i.e. when you use a single Pass Phrase for all N Private Key files
-    this Pass Phrase is queried only once).
-<p>
-<li><code>exec:/path/to/program</code>
-    <p>
-    Here an external program is configured which is called at startup for each
-    encrypted Private Key file. It is called with two arguments (the first is
-    of the form ``<code>servername:portnumber</code>'', the second is either
-    ``<code>RSA</code>'' or ``<code>DSA</code>''), which indicate for which
-    server and algorithm it has to print the corresponding Pass Phrase to
-    <code>stdout</code>. The intent is that this external program first runs
-    security checks to make sure that the system is not compromised by an
-    attacker, and only when these checks were passed successfully it provides
-    the Pass Phrase.
-    <p>
-    Both these security checks, and the way the Pass Phrase is determined, can
-    be as complex as you like. Mod_ssl just defines the interface: an
-    executable program which provides the Pass Phrase on <code>stdout</code>.
-    Nothing more or less! So, if you're really paranoid about security, here
-    is your interface. Anything else has to be left as an exercise to the
-    administrator, because local security requirements are so different.
-    <p>
-    The reuse-algorithm above is used here, too. In other words: The external
-    program is called only once per unique Pass Phrase.
-</ul>
-<p>
-Example:
-<blockquote>
-<pre>
-SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
-</pre>
-</blockquote>
-<!-- SSLMutex ------------------------------------------------------->
-<p>
-<br>
-<a name="SSLMutex"></a>
-<h2><a name="ToC3">SSLMutex</a></h2>
-<p>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLMutex</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Semaphore for internal mutual exclusion of operations</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLMutex</code> <em>type</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLMutex none</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This configures the SSL engine's semaphore (aka. lock) which is used for mutual
-exclusion of operations which have to be done in a synchronized way between the
-pre-forked Apache server processes. This directive can only be used in the
-global server context because it's only useful to have one global mutex.
-<p>
-The following Mutex <em>types</em> are available:
-<ul>
-<li><code>none</code>
-    <p>
-    This is the default where no Mutex is used at all. Use it at your own
-    risk. But because currently the Mutex is mainly used for synchronizing
-    write access to the SSL Session Cache you can live without it as long
-    as you accept a sometimes garbled Session Cache. So it's not recommended
-    to leave this the default. Instead configure a real Mutex.
-<p>
-<li><code>file:/path/to/mutex</code>
-    <p>
-    This is the portable and (under Unix) always provided Mutex variant where
-    a physical (lock-)file is used as the Mutex. Always use a local disk
-    filesystem for <code>/path/to/mutex</code> and never a file residing on a
-    NFS- or AFS-filesystem. Note: Internally, the Process ID (PID) of the
-    Apache parent process is automatically appended to
-    <code>/path/to/mutex</code> to make it unique, so you don't have to worry
-    about conflicts yourself. Notice that this type of mutex is not available
-    under the Win32 environment. There you <i>have</i> to use the semaphore
-    mutex.
-<p>
-<li><code>sem</code>
-    <p>
-    This is the most elegant but also most non-portable Mutex variant where a
-    SysV IPC Semaphore (under Unix) and a Windows Mutex (under Win32) is used
-    when possible. It is only available when the underlying platform
-    supports it.
-</ul>
-<p>
-Example:
-<blockquote>
-<pre>
-SSLMutex file:/usr/local/apache/logs/ssl_mutex
-</pre>
-</blockquote>
-<!-- SSLRandomSeed -------------------------------------------------->
-<p>
-<br>
-<a name="SSLRandomSeed"></a>
-<h2><a name="ToC4">SSLRandomSeed</a></h2>
-<p>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRandomSeed</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Pseudo Random Number Generator (PRNG) seeding source</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRandomSeed</code> <em>context</em> <em>source</em> [<em>bytes</em>]</td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>none</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.2 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This configures one or more sources for seeding the Pseudo Random Number
-Generator (PRNG) in OpenSSL at startup time (<em>context</em> is
-<code>startup</code>) and/or just before a new SSL connection is established
-(<em>context</em> is <code>connect</code>). This directive can only be used
-in the global server context because the PRNG is a global facility.
-<p>
-The following <em>source</em> variants are available:
-<ul>
-<li><code>builtin</code>
-    <p> This is the always available builtin seeding source. It's usage
-    consumes minimum CPU cycles under runtime and hence can be always used
-    without drawbacks. The source used for seeding the PRNG contains of the
-    current time, the current process id and (when applicable) a randomly
-    choosen 1KB extract of the inter-process scoreboard structure of Apache.
-    The drawback is that this is not really a strong source and at startup
-    time (where the scoreboard is still not available) this source just
-    produces a few bytes of entropy. So you should always, at least for the
-    startup, use an additional seeding source.
-<p>
-<li><code>file:/path/to/source</code>
-    <p>
-    This variant uses an external file <code>/path/to/source</code> as the
-    source for seeding the PRNG. When <em>bytes</em> is specified, only the
-    first <em>bytes</em> number of bytes of the file form the entropy (and
-    <em>bytes</em> is given to <code>/path/to/source</code> as the first
-    argument). When <em>bytes</em> is not specified the whole file forms the
-    entropy (and <code>0</code> is given to <code>/path/to/source</code> as
-    the first argument). Use this especially at startup time, for instance
-    with an available <code>/dev/random</code> and/or
-    <code>/dev/urandom</code> devices (which usually exist on modern Unix
-    derivates like FreeBSD and Linux).
-    <p>
-    <em>But be careful</em>: Usually <code>/dev/random</code> provides only as
-    much entropy data as it actually has, i.e. when you request 512 bytes of
-    entropy, but the device currently has only 100 bytes available two things
-    can happen: On some platforms you receive only the 100 bytes while on
-    other platforms the read blocks until enough bytes are available (which
-    can take a long time). Here using an existing <code>/dev/urandom</code> is
-    better, because it never blocks and actually gives the amount of requested
-    data. The drawback is just that the quality of the received data may not
-    be the best.
-    <p>
-    On some platforms like FreeBSD one can even control how the entropy is
-    actually generated, i.e. by which system interrupts. More details one can
-    find under <i>rndcontrol(8)</i> on those platforms. Alternatively, when
-    your system lacks such a random device, you can use tool
-    like <a href="http://www.lothar.com/tech/crypto/">EGD</a>
-    (Entropy Gathering Daemon) and run it's client program with the
-    <code>exec:/path/to/program/</code> variant (see below) or use
-    <code>egd:/path/to/egd-socket</code> (see below).
-<p>
-<li><code>exec:/path/to/program</code>
-    <p>
-    This variant uses an external executable <code>/path/to/program</code> as
-    the source for seeding the PRNG. When <em>bytes</em> is specified, only the
-    first <em>bytes</em> number of bytes of its <code>stdout</code> contents
-    form the entropy. When <em>bytes</em> is not specified, the entirety of
-    the data produced on <code>stdout</code> form the entropy. Use this only
-    at startup time when you need a very strong seeding with the help of an
-    external program (for instance as in the example above with the
-    <code>truerand</code> utility you can find in the mod_ssl distribution
-    which is based on the AT&amp;T <em>truerand</em> library). Using this in
-    the connection context slows down the server too dramatically, of course.
-    So usually you should avoid using external programs in that context.
-<p>
-<li><code>egd:/path/to/egd-socket</code> (Unix only)
-    <p>
-    This variant uses the Unix domain socket of the
-    external Entropy Gathering Daemon (EGD) (see <a
-    href="http://www.lothar.com/tech/crypto/">http://www.lothar.com/tech
-    /crypto/</a>) to seed the PRNG. Use this if no random device exists
-    on your platform.
-</ul>
-<p>
-Example:
-<blockquote>
-<pre>
-SSLRandomSeed startup builtin
-SSLRandomSeed startup file:/dev/random
-SSLRandomSeed startup file:/dev/urandom 1024
-SSLRandomSeed startup exec:/usr/local/bin/truerand 16
-SSLRandomSeed connect builtin
-SSLRandomSeed connect file:/dev/random
-SSLRandomSeed connect file:/dev/urandom 1024
-</pre>
-</blockquote>
-<!-- SSLSessionCache ------------------------------------------------>
-<p>
-<br>
-<a name="SSLSessionCache"></a>
-<h2><a name="ToC5">SSLSessionCache</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLSessionCache</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of the global/inter-process SSL Session Cache</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLSessionCache</code> <em>type</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLSessionCache none</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This configures the storage type of the global/inter-process SSL Session
-Cache. This cache is an optional facility which speeds up parallel request
-processing. For requests to the same server process (via HTTP keep-alive),
-OpenSSL already caches the SSL session information locally. But because modern
-clients request inlined images and other data via parallel requests (usually
-up to four parallel requests are common) those requests are served by
-<em>different</em> pre-forked server processes. Here an inter-process cache
-helps to avoid unnecessary session handshakes.
-<p>
-The following two storage <em>type</em>s are currently supported:
-<ul>
-<li><code>none</code>
-    <p>
-    This is the default and just disables the global/inter-process Session
-    Cache. There is no drawback in functionality, but a noticeable speed
-    penalty can be observed.
-<p>
-<li><code>dbm:/path/to/datafile</code>
-    <p>
-    This makes use of a DBM hashfile on the local disk to synchronize the
-    local OpenSSL memory caches of the server processes. The slight increase
-    in I/O on the server results in a visible request speedup for your
-    clients, so this type of storage is generally recommended.
-<p>
-<li><code>shm:/path/to/datafile</code>[<code>(</code><i>size</i><code>)</code>]
-    <p>
-    This makes use of a high-performance hash table (approx. <i>size</i> bytes
-    in size) inside a shared memory segment in RAM (established via
-    <code>/path/to/datafile</code>) to synchronize the local OpenSSL memory
-    caches of the server processes. This storage type is not available on all
-    platforms. See the mod_ssl <code>INSTALL</code> document for details on
-    how to build Apache+EAPI with shared memory support.
-</ul>
-<p>
-Examples:
-<blockquote>
-<pre>
-SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data
-SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000)
-</pre>
-</blockquote>
-<!-- SSLSessionCacheTimeout ----------------------------------------->
-<p>
-<br>
-<a name="SSLSessionCacheTimeout"></a>
-<h2><a name="ToC6">SSLSessionCacheTimeout</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLSessionCacheTimeout</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Number of seconds before an SSL session expires in the Session Cache</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLSessionCacheTimeout</code> <em>seconds</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLSessionCacheTimeout 300</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the timeout in seconds for the information stored in the
-global/inter-process SSL Session Cache and the OpenSSL internal memory cache.
-It can be set as low as 15 for testing, but should be set to higher
-values like 300 in real life.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLSessionCacheTimeout 600
-</pre>
-</blockquote>
-<!-- SSLEngine ------------------------------------------------------>
-<p>
-<br>
-<a name="SSLEngine"></a>
-<h2><a name="ToC7">SSLEngine</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLEngine</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> SSL Engine Operation Switch</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLEngine</code> <em>on|off</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLEngine off</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive toggles the usage of the SSL/TLS Protocol Engine. This is
-usually used inside a &lt;VirtualHost&gt; section to enable SSL/TLS for a
-particular virtual host. By default the SSL/TLS Protocol Engine is disabled
-for both the main server and all configured virtual hosts.
-<p>
-Example:
-<blockquote>
-<pre>
-&lt;VirtualHost _default_:443&gt;
-SSLEngine on
-...
-&lt;/VirtualHost&gt;
-</pre>
-</blockquote>
-<!-- SSLProtocol ---------------------------------------------------->
-<p>
-<br>
-<a name="SSLProtocol"></a>
-<h2><a name="ToC8">SSLProtocol</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLProtocol</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Configure usable SSL protocol flavors</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLProtocol</code> [+-]<em>protocol</em> ...</td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLProtocol all</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> Options</td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.2 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive can be used to control the SSL protocol flavors mod_ssl should
-use when establishing its server environment. Clients then can only connect
-with one of the provided protocols.
-<p>
-The available (case-insensitive) <em>protocol</em>s are:
-<ul>
-<li><code>SSLv2</code>
-    <p>
-    This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the
-    original SSL protocol as designed by Netscape Corporation.
-<p>
-<li><code>SSLv3</code>
-    <p>
-    This is the Secure Sockets Layer (SSL) protocol, version 3.0. It is the
-    successor to SSLv2 and the currently (as of February 1999) de-facto
-    standardized SSL protocol from Netscape Corporation. It's supported by
-    almost all popular browsers.
-<p>
-<li><code>TLSv1</code>
-    <p>
-    This is the Transport Layer Security (TLS) protocol, version 1.0. It is the
-    successor to SSLv3 and currently (as of February 1999) still under
-    construction by the Internet Engineering Task Force (IETF). It's still
-    not supported by any popular browsers.
-<p>
-<li><code>All</code>
-    <p>
-    This is a shortcut for ``<code>+SSLv2 +SSLv3 +TLSv1</code>'' and a
-    convinient way for enabling all protocols except one when used in
-    combination with the minus sign on a protocol as the example above shows.
-</ul>
-<p>
-Example:
-<blockquote>
-<pre>
-#   enable SSLv3 and TLSv1, but not SSLv2
-SSLProtocol all -SSLv2
-</pre>
-</blockquote>
-<!-- SSLCipherSuite ------------------------------------------------->
-<p>
-<br>
-<a name="SSLCipherSuite"></a>
-<h2><a name="ToC9">SSLCipherSuite</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCipherSuite</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Cipher Suite available for negotiation in SSL handshake</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCipherSuite</code> <em>cipher-spec</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This complex directive uses a colon-separated <em>cipher-spec</em> string
-consisting of OpenSSL cipher specifications to configure the Cipher Suite the
-client is permitted to negotiate in the SSL handshake phase. Notice that this
-directive can be used both in per-server and per-directory context. In
-per-server context it applies to the standard SSL handshake when a connection
-is established. In per-directory context it forces a SSL renegotiation with the
-reconfigured Cipher Suite after the HTTP request was read but before the HTTP
-response is sent.
-<p>
-An SSL cipher specification in <em>cipher-spec</em> is composed of 4 major
-attributes plus a few extra minor ones:
-<ul>
-<li><em>Key Exchange Algorithm</em>:<br>
-    RSA or Diffie-Hellman variants.
-<p>
-<li><em>Authentication Algorithm</em>:<br>
-    RSA, Diffie-Hellman, DSS or none.
-<p>
-<li><em>Cipher/Encryption Algorithm</em>:<br>
-    DES, Triple-DES, RC4, RC2, IDEA or none.
-<p>
-<li><em>MAC Digest Algorithm</em>:<br>
-    MD5, SHA or SHA1.
-</ul>
-An SSL cipher can also be an export cipher and is either a SSLv2 or SSLv3/TLSv1
-cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use,
-one can either specify all the Ciphers, one at a time, or use aliases to
-specify the preference and order for the ciphers (see <a href="#table1">Table
-1</a>).
-<p>
-<div align="center">
-<a name="table1"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 1: OpenSSL Cipher Specification Tags</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
-<tr id="D"><td><b>Tag</b></td> <td><b>Description</b></td>
-<tr id="H"><td colspan="2"><em>Key Exchange Algorithm:</em></td></tr>
-<tr id="D"><td><code>kRSA</code></td>   <td>RSA key exchange</td></tr>
-<tr id="H"><td><code>kDHr</code></td>   <td>Diffie-Hellman key exchange with RSA key</td></tr>
-<tr id="D"><td><code>kDHd</code></td>   <td>Diffie-Hellman key exchange with DSA key</td></tr>
-<tr id="H"><td><code>kEDH</code></td>   <td>Ephemeral (temp.key) Diffie-Hellman key exchange (no cert)</td>   </tr>
-<tr id="H"><td colspan="2"><em>Authentication Algorithm:</em></td></tr>
-<tr id="D"><td><code>aNULL</code></td>  <td>No authentication</td></tr>
-<tr id="H"><td><code>aRSA</code></td>   <td>RSA authentication</td></tr>
-<tr id="D"><td><code>aDSS</code></td>   <td>DSS authentication</td> </tr>
-<tr id="H"><td><code>aDH</code></td>    <td>Diffie-Hellman authentication</td></tr>
-<tr id="D"><td colspan="2"><em>Cipher Encoding Algorithm:</em></td></tr></tr>
-<tr id="H"><td><code>eNULL</code></td>  <td>No encoding</td>         </tr>
-<tr id="D"><td><code>DES</code></td>    <td>DES encoding</td>        </tr>
-<tr id="H"><td><code>3DES</code></td>   <td>Triple-DES encoding</td> </tr>
-<tr id="D"><td><code>RC4</code></td>    <td>RC4 encoding</td>       </tr>
-<tr id="H"><td><code>RC2</code></td>    <td>RC2 encoding</td>       </tr>
-<tr id="D"><td><code>IDEA</code></td>   <td>IDEA encoding</td>       </tr>
-<tr id="H"><td colspan="2"><em>MAC Digest Algorithm</em>:</td></tr>
-<tr id="D"><td><code>MD5</code></td>    <td>MD5 hash function</td></tr>
-<tr id="H"><td><code>SHA1</code></td>   <td>SHA1 hash function</td></tr>
-<tr id="D"><td><code>SHA</code></td>    <td>SHA hash function</td> </tr>
-<tr id="H"><td colspan="2"><em>Aliases:</em></td></tr>
-<tr id="D"><td><code>SSLv2</code></td>  <td>all SSL version 2.0 ciphers</td></tr>
-<tr id="H"><td><code>SSLv3</code></td>  <td>all SSL version 3.0 ciphers</td> </tr>
-<tr id="D"><td><code>TLSv1</code></td>  <td>all TLS version 1.0 ciphers</td> </tr>
-<tr id="H"><td><code>EXP</code></td>    <td>all export ciphers</td>  </tr>
-<tr id="D"><td><code>EXPORT40</code></td> <td>all 40-bit export ciphers only</td>  </tr>
-<tr id="H"><td><code>EXPORT56</code></td> <td>all 56-bit export ciphers only</td>  </tr>
-<tr id="D"><td><code>LOW</code></td>    <td>all low strength ciphers (no export, single DES)</td></tr>
-<tr id="H"><td><code>MEDIUM</code></td> <td>all ciphers with 128 bit encryption</td> </tr>
-<tr id="D"><td><code>HIGH</code></td>   <td>all ciphers using Triple-DES</td>     </tr>
-<tr id="H"><td><code>RSA</code></td>    <td>all ciphers using RSA key exchange</td> </tr>
-<tr id="D"><td><code>DH</code></td>     <td>all ciphers using Diffie-Hellman key exchange</td> </tr>
-<tr id="H"><td><code>EDH</code></td>    <td>all ciphers using Ephemeral Diffie-Hellman key exchange</td> </tr>
-<tr id="D"><td><code>ADH</code></td>    <td>all ciphers using Anonymous Diffie-Hellman key exchange</td> </tr>
-<tr id="H"><td><code>DSS</code></td>    <td>all ciphers using DSS authentication</td> </tr>
-<tr id="D"><td><code>NULL</code></td>   <td>all ciphers using no encryption</td> </tr>
-</table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-Now where this becomes interesting is that these can be put together
-to specify the order and ciphers you wish to use. To speed this up
-there are also aliases (<code>SSLv2, SSLv3, TLSv1, EXP, LOW, MEDIUM,
-HIGH</code>) for certain groups of ciphers. These tags can be joined
-together with prefixes to form the <em>cipher-spec</em>. Available
-prefixes are:
-<ul>
-<li>none: add cipher to list
-<li><code>+</code>: add ciphers to list and pull them to current location in list
-<li><code>-</code>: remove cipher from list (can be added later again)
-<li><code>!</code>: kill cipher from list completely (can <b>not</b> be added later again)
-</ul>
-A simpler way to look at all of this is to use the ``<code>openssl ciphers
--v</code>'' command which provides a nice way to successively create the
-correct <em>cipher-spec</em> string. The default <em>cipher-spec</em> string
-is ``<code>ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</code>'' which
-means the following: first, remove from consideration any ciphers that do not
-authenticate, i.e. for SSL only the Anonymous Diffie-Hellman ciphers. Next,
-use ciphers using RC4 and RSA. Next include the high, medium and then the low
-security ciphers. Finally <em>pull</em> all SSLv2 and export ciphers to the
-end of the list.
-<blockquote>
-<pre>
-$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
-NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
-NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5
-EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
-...                     ...               ...     ...           ...
-EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
-EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
-EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
-</pre>
-</blockquote>
-The complete list of particular RSA &amp; DH ciphers for SSL is given in <a
-href="#table2">Table 2</a>.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
-</pre>
-</blockquote>
-<p>
-<div align="center">
-<a name="table2"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 2: Particular SSL Ciphers</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
-<tr id="D"><td><b>Cipher-Tag</b></td> <td><b>Protocol</b></td> <td><b>Key Ex.</b></td> <td><b>Auth.</b></td> <td><b>Enc.</b></td> <td><b>MAC</b></td> <td><b>Type</b></td> </tr>
-<tr id="H"><td colspan="7"><em>RSA Ciphers:</em></td></tr>
-<tr id="D"><td><code>DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="H"><td><code>DES-CBC3-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="D"><td><code>IDEA-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>IDEA(128)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="H"><td><code>RC4-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="D"><td><code>RC4-MD5</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="H"><td><code>IDEA-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>IDEA(128)</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="D"><td><code>RC2-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC2(128)</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="H"><td><code>RC4-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC4(128)</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="D"><td><code>DES-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>DES(56)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="H"><td><code>RC4-64-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>RC4(64)</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="D"><td><code>DES-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA</td> <td>RSA</td> <td>DES(56)</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="H"><td><code>EXP-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
-<tr id="D"><td><code>EXP-RC2-CBC-MD5</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>RC2(40)</td> <td>MD5</td> <td>  export</td> </tr>
-<tr id="H"><td><code>EXP-RC4-MD5</code></td> <td>SSLv3</td> <td>RSA(512)</td> <td>RSA</td> <td>RC4(40)</td> <td>MD5</td> <td>  export</td> </tr>
-<tr id="D"><td><code>EXP-RC2-CBC-MD5</code></td> <td>SSLv2</td> <td>RSA(512)</td> <td>RSA</td> <td>RC2(40)</td> <td>MD5</td> <td>  export</td> </tr>
-<tr id="H"><td><code>EXP-RC4-MD5</code></td> <td>SSLv2</td> <td>RSA(512)</td> <td>RSA</td> <td>RC4(40)</td> <td>MD5</td> <td>  export</td> </tr>
-<tr id="D"><td><code>NULL-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>None</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="H"><td><code>NULL-MD5</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>None</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="D"><td colspan="7"><em>Diffie-Hellman Ciphers:</em></td></tr>
-<tr id="H"><td><code>ADH-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>3DES(168)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="D"><td><code>ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>DES(56)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="H"><td><code>ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH</td> <td>None</td> <td>RC4(128)</td> <td>MD5</td> <td>&nbsp; </td> </tr>
-<tr id="D"><td><code>EDH-RSA-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="H"><td><code>EDH-DSS-DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>DSS</td> <td>3DES(168)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="D"><td><code>EDH-RSA-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>RSA</td> <td>DES(56)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="H"><td><code>EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH</td> <td>DSS</td> <td>DES(56)</td> <td>SHA1</td> <td>&nbsp;</td> </tr>
-<tr id="D"><td><code>EXP-EDH-RSA-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>RSA</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
-<tr id="H"><td><code>EXP-EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>DSS</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
-<tr id="D"><td><code>EXP-ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr>
-<tr id="H"><td><code>EXP-ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>RC4(40)</td> <td>MD5</td> <td>  export</td> </tr>
-</table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<!-- SSLECDHCurve --------------------------------------------->
-<p>
-<br>
-<a name="SSLECDHCurve"></a>
-<h2><a name="ToC9a">SSLECDHCurve</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLECDHCurve</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Named curve to use for ephemeral EC keys
-</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLECDHCurve</code> <em>curve</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>prime256v1</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td></td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This option specifies the named curve to use when generating ephemeral EC keys
-for an ECDHE-based cipher suite. Any named curve known by OpenSSL may be
-specified. Setting this to <code>none</code> results in no named curve being
-configured for ECDH, effectively disabling ECDHE-based cipher suites.
-<p>
-<!-- SSLHonorCipherOrder --------------------------------------------->
-<p>
-<br>
-<a name="SSLHonorCipherOrder"></a>
-<h2><a name="ToC9b">SSLHonorCipherOrder</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLHonorCipherOrder</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> User server's order of preference for ciphers</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLHonorCipherOrder</code> <em>on|off</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>Off</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td></td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-By default, the client's order of preference is used when choosing a cipher.
-When switched on, this directive makes the server's order of preference for
-ciphers leading. Applies to SSLv3 and TLS.
-<p>
-<!-- SSLCertificateFile --------------------------------------------->
-<p>
-<br>
-<a name="SSLCertificateFile"></a>
-<h2><a name="ToC10">SSLCertificateFile</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateFile</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Server PEM-encoded X.509 Certificate file</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateFile</code> <em>filename</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive points to the PEM-encoded Certificate file for the server and
-optionally also to the corresponding RSA or DSA Private Key file for it
-(contained in the same file). If the contained Private Key is encrypted the
-Pass Phrase dialog is forced at startup time. This directive can be used up to
-two times (referencing different filenames) when both a RSA and a DSA based
-server certificate is used in parallel.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
-</pre>
-</blockquote>
-<!-- SSLCertificateKeyFile ------------------------------------------>
-<p>
-<br>
-<a name="SSLCertificateKeyFile"></a>
-<h2><a name="ToC11">SSLCertificateKeyFile</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateKeyFile</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Server PEM-encoded Private Key file</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateKeyFile</code> <em>filename</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive points to the PEM-encoded Private Key file for the server. If
-the Private Key is not combined with the Certificate in the
-<code>SSLCertificateFile</code>, use this additional directive to point to the
-file with the stand-alone Private Key. When <code>SSLCertificateFile</code>
-is used and the file contains both the Certificate and the Private Key this
-directive need not be used. But we strongly discourage this practice.
-Instead we recommend you to separate the Certificate and the Private Key. If
-the contained Private Key is encrypted, the Pass Phrase dialog is forced at
-startup time. This directive can be used up to two times (referencing
-different filenames) when both a RSA and a DSA based private key is used in
-parallel.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
-</pre>
-</blockquote>
-<!-- SSLCertificateChainFile ---------------------------------------->
-<p>
-<br>
-<a name="SSLCertificateChainFile"></a>
-<h2><a name="ToC12">SSLCertificateChainFile</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateChainFile</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of PEM-encoded Server CA Certificates</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCertificateChainFile</code> <em>filename</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3.6 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the optional <em>all-in-one</em> file where you can
-assemble the certificates of Certification Authorities (CA) which form the
-certificate chain of the server certificate. This starts with the issuing CA
-certificate of of the server certificate and can range up to the root CA
-certificate. Such a file is simply the concatenation of the various
-PEM-encoded CA Certificate files, usually in certificate chain order.
-<p>
-This should be used alternatively and/or additionally to <a
-href="#SSLCACertificatePath">SSLCACertificatePath</a> for explicitly
-constructing the server certificate chain which is sent to the browser in
-addition to the server certificate. It is especially useful to avoid conflicts
-with CA certificates when using client authentication. Because although
-placing a CA certificate of the server certificate chain into <a
-href="#SSLCACertificatePath">SSLCACertificatePath</a> has the same effect for
-the certificate chain construction, it has the side-effect that client
-certificates issued by this same CA certificate are also accepted on client
-authentication. That's usually not one expect.
-<p>
-But be careful: Providing the certificate chain works only if you are using a
-<i>single</i> (either RSA <i>or</i> DSA) based server certificate. If you are
-using a coupled RSA+DSA certificate pair, this will work only if actually both
-certificates use the <i>same</i> certificate chain. Else the browsers will be
-confused in this situation.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt
-</pre>
-</blockquote>
-<!-- SSLCACertificatePath ------------------------------------------->
-<p>
-<br>
-<a name="SSLCACertificatePath"></a>
-<h2><a name="ToC13">SSLCACertificatePath</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCACertificatePath</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Directory of PEM-encoded CA Certificates for Client Auth.</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCACertificatePath</code> <em>directory</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the directory where you keep the Certificates of
-Certification Authorities (CAs) whose clients you deal with. These are used to
-verify the client certificate on Client Authentication.
-<p>
-The files in this directory have to be PEM-encoded and are accessed through
-hash filenames. So usually you can't just place the Certificate files
-there: you also have to create symbolic links named
-<i>hash-value</i><tt>.N</tt>. And you should always make sure this directory
-contains the appropriate symbolic links. Use the <code>Makefile</code> which
-comes with mod_ssl to accomplish this task.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLCACertificatePath /usr/local/apache/conf/ssl.crt/
-</pre>
-</blockquote>
-<!-- SSLCACertificateFile ------------------------------------------->
-<p>
-<br>
-<a name="SSLCACertificateFile"></a>
-<h2><a name="ToC14">SSLCACertificateFile</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCACertificateFile</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of concatenated PEM-encoded CA Certificates for Client Auth.</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCACertificateFile</code> <em>filename</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the <em>all-in-one</em> file where you can assemble the
-Certificates of Certification Authorities (CA) whose <em>clients</em> you deal
-with. These are used for Client Authentication. Such a file is simply the
-concatenation of the various PEM-encoded Certificate files, in order of
-preference. This can be used alternatively and/or additionally to <a
-href="#SSLCACertificatePath">SSLCACertificatePath</a>.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle-client.crt
-</pre>
-</blockquote>
-<!-- SSLCARevocationPath -------------------------------------------->
-<p>
-<br>
-<a name="SSLCARevocationPath"></a>
-<h2><a name="ToC15">SSLCARevocationPath</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCARevocationPath</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Directory of PEM-encoded CA CRLs for Client Auth.</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCARevocationPath</code> <em>directory</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the directory where you keep the Certificate Revocation
-Lists (CRL) of Certification Authorities (CAs) whose clients you deal with.
-These are used to revoke the client certificate on Client Authentication.
-<p>
-The files in this directory have to be PEM-encoded and are accessed through
-hash filenames. So usually you have not only to place the CRL files there.
-Additionally you have to create symbolic links named
-<i>hash-value</i><tt>.rN</tt>. And you should always make sure this directory
-contains the appropriate symbolic links. Use the <code>Makefile</code> which
-comes with mod_ssl to accomplish this task.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLCARevocationPath /usr/local/apache/conf/ssl.crl/
-</pre>
-</blockquote>
-<!-- SSLCARevocationFile -------------------------------------------->
-<p>
-<br>
-<a name="SSLCARevocationFile"></a>
-<h2><a name="ToC16">SSLCARevocationFile</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCARevocationFile</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> File of concatenated PEM-encoded CA CRLs for Client Auth.</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLCARevocationFile</code> <em>filename</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the <em>all-in-one</em> file where you can assemble the
-Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose
-<em>clients</em> you deal with. These are used for Client Authentication.
-Such a file is simply the concatenation of the various PEM-encoded CRL
-files, in order of preference. This can be used alternatively and/or
-additionally to <a href="#SSLCARevocationPath">SSLCARevocationPath</a>.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca-bundle-client.crl
-</pre>
-</blockquote>
-<!-- SSLVerifyClient ------------------------------------------------->
-<p>
-<br>
-<a name="SSLVerifyClient"></a>
-<h2><a name="ToC17">SSLVerifyClient</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLVerifyClient</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Type of Client Certificate verification</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLVerifyClient</code> <em>level</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLVerifyClient none</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the Certificate verification level for the Client
-Authentication. Notice that this directive can be used both in per-server and
-per-directory context. In per-server context it applies to the client
-authentication process used in the standard SSL handshake when a connection is
-established. In per-directory context it forces a SSL renegotiation with the
-reconfigured client verification level after the HTTP request was read but
-before the HTTP response is sent.
-<p>
-The following levels are available for <em>level</em>:
-<ul>
-<li><strong>none</strong>:
-     no client Certificate is required at all
-<li><strong>optional</strong>:
-     the client <em>may</em> present a valid Certificate
-<li><strong>require</strong>:
-     the client <em>has to</em> present a valid Certificate
-<li><strong>optional_no_ca</strong>:
-     the client may present a valid Certificate<br>
-     but it need not to be (successfully) verifiable.
-</ul>
-In practice only levels <strong>none</strong> and <strong>require</strong> are
-really interesting, because level <strong>optional</strong> doesn't work with
-all browsers and level <strong>optional_no_ca</strong> is actually against the
-idea of authentication (but can be used to establish SSL test pages, etc.)
-<p>
-Example:
-<blockquote>
-<pre>
-SSLVerifyClient require
-</pre>
-</blockquote>
-<!-- SSLVerifyDepth ------------------------------------------------->
-<p>
-<br>
-<a name="SSLVerifyDepth"></a>
-<h2><a name="ToC18">SSLVerifyDepth</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLVerifyDepth</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Maximum depth of CA Certificates in Client Certificate verification</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLVerifyDepth</code> <em>number</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLVerifyDepth 1</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets how deeply mod_ssl should verify before deciding that the
-clients don't have a valid certificate. Notice that this directive can be
-used both in per-server and per-directory context. In per-server context it
-applies to the client authentication process used in the standard SSL
-handshake when a connection is established. In per-directory context it forces
-a SSL renegotiation with the reconfigured client verification depth after the
-HTTP request was read but before the HTTP response is sent.
-<p>
-The depth actually is the maximum number of intermediate certificate issuers,
-i.e. the number of CA certificates which are max allowed to be followed while
-verifying the client certificate. A depth of 0 means that self-signed client
-certificates are accepted only, the default depth of 1 means the client
-certificate can be self-signed or has to be signed by a CA which is directly
-known to the server (i.e. the CA's certificate is under
-<code>SSLCACertificatePath</code>), etc.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLVerifyDepth 10
-</pre>
-</blockquote>
-<!-- SSLLog --------------------------------------------------------->
-<p>
-<br>
-<a name="SSLLog"></a>
-<h2><a name="ToC19">SSLLog</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLLog</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Where to write the dedicated SSL engine logfile</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLLog</code> <em>filename</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the name of the dedicated SSL protocol engine logfile.
-Error type messages are additionally duplicated to the general Apache error
-log file (directive <code>ErrorLog</code>). Put this somewhere where it cannot
-be used for symlink attacks on a real server (i.e. somewhere where only root
-can write). If the <em>filename</em> does not begin with a slash
-('<code>/</code>') then it is assumed to be relative to the <em>Server
-Root</em>. If <em>filename</em> begins with a bar ('<code>|</code>') then the
-following string is assumed to be a path to an executable program to which a
-reliable pipe can be established. The directive should occur only once per
-virtual server config.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLLog /usr/local/apache/logs/ssl_engine_log
-</pre>
-</blockquote>
-<!-- SSLLogLevel ---------------------------------------------------->
-<p>
-<br>
-<a name="SSLLogLevel"></a>
-<h2><a name="ToC20">SSLLogLevel</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLLogLevel</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Logging level for the dedicated SSL engine logfile</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLLogLevel</code> <em>level</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <code>SSLLogLevel none</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> <em>Not applicable</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive sets the verbosity degree of the dedicated SSL protocol engine
-logfile. The <em>level</em> is one of the following (in ascending order where
-higher levels include lower levels):
-<ul>
-<li><code>none</code><br>
-    no dedicated SSL logging is done, but messages of level
-    ``<code>error</code>'' are still written to the general Apache error
-    logfile.
-<p>
-<li><code>error</code><br>
-    log messages of error type only, i.e. messages which show fatal situations
-    (processing is stopped). Those messages are also duplicated to the
-    general Apache error logfile.
-<p>
-<li><code>warn</code><br>
-    log also warning messages, i.e. messages which show non-fatal problems
-    (processing is continued).
-<p>
-<li><code>info</code><br>
-    log also informational messages, i.e. messages which show major
-    processing steps.
-<p>
-<li><code>trace</code><br>
-    log also trace messages, i.e. messages which show minor processing steps.
-<p>
-<li><code>debug</code><br>
-    log also debugging messages, i.e. messages which show development and
-    low-level I/O information.
-</ul>
-<p>
-Example:
-<blockquote>
-<pre>
-SSLLogLevel warn
-</pre>
-</blockquote>
-<!-- SSLOptions ----------------------------------------------------->
-<p>
-<br>
-<a name="SSLOptions"></a>
-<h2><a name="ToC21">SSLOptions</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLOptions</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Configure various SSL engine run-time options</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLOptions</code> [+-]<em>option</em> ...</td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> server config, virtual host, directory, .htaccess</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> Options</td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive can be used to control various run-time options on a
-per-directory basis. Normally, if multiple <code>SSLOptions</code> could
-apply to a directory, then the most specific one is taken completely; the
-options are not merged. However if <em>all</em> the options on the
-<code>SSLOptions</code> directive are preceded by a plus (<code>+</code>) or
-minus (<code>-</code>) symbol, the options are merged. Any options preceded by
-a <code>+</code> are added to the options currently in force, and any options
-preceded by a <code>-</code> are removed from the options currently in force.
-<p>
-The available <em>option</em>s are:
-<ul>
-<li><code>StdEnvVars</code>
-    <p>
-    When this option is enabled, the standard set of SSL related CGI/SSI
-    environment variables are created. This per default is disabled for
-    performance reasons, because the information extraction step is a
-    rather expensive operation. So one usually enables this option for
-    CGI and SSI requests only.
-<p>
-<li><code>CompatEnvVars</code>
-    <p>
-    When this option is enabled, additional CGI/SSI environment variables are
-    created for backward compatibility to other Apache SSL solutions. Look in
-    the <a href="ssl_compat.html">Compatibility</a> chapter for details
-    on the particular variables generated.
-<p>
-<li><code>ExportCertData</code>
-    <p>
-    When this option is enabled, additional CGI/SSI environment variables are
-    created: <code>SSL_SERVER_CERT</code>, <code>SSL_CLIENT_CERT</code> and
-    <code>SSL_CLIENT_CERT_CHAIN</code><i>n</i> (with <i>n</i> = 0,1,2,..).
-    These contain the PEM-encoded X.509 Certificates of server and client for
-    the current HTTPS connection and can be used by CGI scripts for deeper
-    Certificate checking. Additionally all other certificates of the client
-    certificate chain are provided, too. This bloats up the environment a
-    little bit which is why you have to use this option to enable it on
-    demand.
-<p>
-<li><code>FakeBasicAuth</code>
-    <p>
-    When this option is enabled, the Subject Distinguished Name (DN) of the
-    Client X509 Certificate is translated into a HTTP Basic Authorization
-    username. This means that the standard Apache authentication methods can
-    be used for access control. The user name is just the Subject of the
-    Client's X509 Certificate (can be determined by running OpenSSL's
-    <code>openssl x509</code> command: <code>openssl x509 -noout -subject -in
-    </code><em>certificate</em><code>.crt</code>). Note that no password is
-    obtained from the user. Every entry in the user file needs this password:
-    ``<code>xxj31ZMTZzkVA</code>'', which is the DES-encrypted version of the
-    word `<code>password</code>''. Those who live under MD5-based encryption
-    (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5
-    hash of the same word: ``<code>$1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/</code>''.
-<p>
-<li><code>StrictRequire</code>
-    <p>
-    This <i>forces</i> forbidden access when <code>SSLRequireSSL</code> or
-    <code>SSLRequire</code> successfully decided that access should be
-    forbidden. Usually the default is that in the case where a ``<code>Satisfy
-    any</code>'' directive is used, and other access restrictions are passed,
-    denial of access due to <code>SSLRequireSSL</code> or
-    <code>SSLRequire</code> is overridden (because that's how the Apache
-    <tt>Satisfy</tt> mechanism should work.) But for strict access restriction
-    you can use <code>SSLRequireSSL</code> and/or <code>SSLRequire</code> in
-    combination with an ``<code>SSLOptions +StrictRequire</code>''. Then an
-    additional ``<code>Satisfy Any</code>'' has no chance once mod_ssl has
-    decided to deny access.
-<p>
-<li><code>OptRenegotiate</code>
-    <p>
-    This enables optimized SSL connection renegotiation handling when SSL
-    directives are used in per-directory context. By default a strict
-    scheme is enabled where <i>every</i> per-directory reconfiguration of
-    SSL parameters causes a <i>full</i> SSL renegotiation handshake. When this
-    option is used mod_ssl tries to avoid unnecessary handshakes by doing more
-    granular (but still safe) parameter checks. Nevertheless these granular
-    checks sometimes maybe not what the user expects, so enable this on a
-    per-directory basis only, please.
-</ul>
-<p>
-Example:
-<blockquote>
-<pre>
-SSLOptions +FakeBasicAuth -StrictRequire
-&lt;Files ~ "\.(cgi|shtml)$"&gt;
-    SSLOptions +StdEnvVars +CompatEnvVars -ExportCertData
-&lt;Files&gt;
-</pre>
-</blockquote>
-<!-- SSLRequireSSL -------------------------------------------------->
-<p>
-<br>
-<a name="SSLRequireSSL"></a>
-<h2><a name="ToC22">SSLRequireSSL</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRequireSSL</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Deny access when SSL is not used for the HTTP request</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRequireSSL</code></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> directory, .htaccess</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for
-the current connection. This is very handy inside the SSL-enabled virtual
-host or directories for defending against configuration errors that expose
-stuff that should be protected. When this directive is present all requests
-are denied which are not using SSL.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLRequireSSL
-</pre>
-</blockquote>
-<!-- SSLRequire ----------------------------------------------------->
-<p>
-<br>
-<a name="SSLRequire"></a>
-<h2><a name="ToC23">SSLRequire</a></h2>
-<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
-<tr>
-<td>
-<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary="">
-<tr>
-<td>
-<table cellspacing="0" cellpadding="1" border="0" summary="">
-<tr><td>
-<font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRequire</b></td></tr>
-<tr><td>
-<font face="Arial,Helvetica"><b>Description:</b></font></a> </td><td> Allow access only when an arbitrarily complex boolean expression is true</td></tr>
-<tr><td><a
- href="../directive-dict.html#Syntax"
- rel="Help"
-><font face="Arial,Helvetica"><b>Syntax:</b></font></a> </td><td> <code>SSLRequire</code> <em>expression</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Default"
- rel="Help"
-><font face="Arial,Helvetica"><b>Default:</b></font></a> </td><td> <em>None</em></td></tr>
-<tr><td><a
- href="../directive-dict.html#Context"
- rel="Help"
-><font face="Arial,Helvetica"><b>Context:</b></font></a> </td><td> directory, .htaccess</td></tr>
-<tr><td><a
- href="../directive-dict.html#Override"
- rel="Help"
-><font face="Arial,Helvetica"><b>Override:</b></font></a> </td><td> AuthConfig</td></tr>
-<tr><td><a
- href="../directive-dict.html#Status"
- rel="Help"
-><font face="Arial,Helvetica"><b>Status:</b></font></a> </td><td> Extension</td></tr>
-<tr><td><a
- href="../directive-dict.html#Module"
- rel="Help"
-><font face="Arial,Helvetica"><b>Module:</b></font></a> </td><td> mod_ssl</td></tr>
-<tr><td><a
- href="../directive-dict.html#Compatibility"
- rel="Help"
-><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr>
-</table>
-</td>
-</tr>
-</table>
-</td>
-</tr>
-</table>
-<p>
-This directive specifies a general access requirement which has to be
-fulfilled in order to allow access. It's a very powerful directive because the
-requirement specification is an arbitrarily complex boolean expression
-containing any number of access checks.
-<p>
-The <em>expression</em> must match the following syntax (given as a BNF
-grammar notation):
-<blockquote>
-<pre>
-expr     ::= "<b>true</b>" | "<b>false</b>"
-           | "<b>!</b>" expr
-           | expr "<b>&&</b>" expr
-           | expr "<b>||</b>" expr
-           | "<b>(</b>" expr "<b>)</b>"
-           | comp
-
-comp     ::= word "<b>==</b>" word | word "<b>eq</b>" word
-           | word "<b>!=</b>" word | word "<b>ne</b>" word
-           | word "<b>&lt;</b>"  word | word "<b>lt</b>" word
-           | word "<b>&lt;=</b>" word | word "<b>le</b>" word
-           | word "<b>&gt;</b>"  word | word "<b>gt</b>" word
-           | word "<b>&gt;=</b>" word | word "<b>ge</b>" word
-           | word "<b>in</b>" "<b>{</b>" wordlist "<b>}</b>"
-           | word "<b>=~</b>" regex
-           | word "<b>!~</b>" regex
-
-wordlist ::= word
-           | wordlist "<b>,</b>" word
-
-word     ::= digit
-           | cstring
-           | variable
-           | function
-
-digit    ::= [0-9]+
-cstring  ::= "..."
-variable ::= "<b>%{</b>" varname "<b>}</b>"
-function ::= funcname "<b>(</b>" funcargs "<b>)</b>"
-</pre>
-</blockquote>
-while for <code>varname</code> any variable from <a href="#table3">Table 3</a>
-can be used. Finally for <code>funcname</code> the following functions
-are available:
-<ul>
-<li><code>file(</code><em>filename</em><code>)</code>
-    <p>
-    This function takes one string argument and expands to the contents of the
-    file. This is especially useful for matching this contents against a
-    regular expression, etc.
-</ul>
-Notice that <em>expression</em> is first parsed into an internal machine
-representation and then evaluated in a second step. Actually, in Global and
-Per-Server Class context <em>expression</em> is parsed at startup time and
-at runtime only the machine representation is executed. For Per-Directory
-context this is different: here <em>expression</em> has to be parsed and
-immediately executed for every request.
-<p>
-Example:
-<blockquote>
-<pre>
-SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
-            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
-           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-</pre>
-</blockquote>
-<div align="center">
-<a name="table3"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 3: Available Variables for SSLRequire</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table summary=""><tr><td>
-<em>Standard CGI/1.0 and Apache variables:</em>
-<pre>
-HTTP_USER_AGENT        PATH_INFO             AUTH_TYPE
-HTTP_REFERER           QUERY_STRING          SERVER_SOFTWARE
-HTTP_COOKIE            REMOTE_HOST           API_VERSION
-HTTP_FORWARDED         REMOTE_IDENT          TIME_YEAR
-HTTP_HOST              IS_SUBREQ             TIME_MON
-HTTP_PROXY_CONNECTION  DOCUMENT_ROOT         TIME_DAY
-HTTP_ACCEPT            SERVER_ADMIN          TIME_HOUR
-HTTP:headername        SERVER_NAME           TIME_MIN
-THE_REQUEST            SERVER_PORT           TIME_SEC
-REQUEST_METHOD         SERVER_PROTOCOL       TIME_WDAY
-REQUEST_SCHEME         REMOTE_ADDR           TIME
-REQUEST_URI            REMOTE_USER           ENV:<b>variablename</b>
-REQUEST_FILENAME
-</pre>
-<em>SSL-related variables:</em>
-<pre>
-HTTPS                  SSL_CLIENT_M_VERSION   SSL_SERVER_M_VERSION
-                       SSL_CLIENT_M_SERIAL    SSL_SERVER_M_SERIAL
-SSL_PROTOCOL           SSL_CLIENT_V_START     SSL_SERVER_V_START
-SSL_SESSION_ID         SSL_CLIENT_V_END       SSL_SERVER_V_END
-SSL_CIPHER             SSL_CLIENT_S_DN        SSL_SERVER_S_DN
-SSL_CIPHER_EXPORT      SSL_CLIENT_S_DN_C      SSL_SERVER_S_DN_C
-SSL_CIPHER_ALGKEYSIZE  SSL_CLIENT_S_DN_ST     SSL_SERVER_S_DN_ST
-SSL_CIPHER_USEKEYSIZE  SSL_CLIENT_S_DN_L      SSL_SERVER_S_DN_L
-SSL_VERSION_LIBRARY    SSL_CLIENT_S_DN_O      SSL_SERVER_S_DN_O
-SSL_VERSION_INTERFACE  SSL_CLIENT_S_DN_OU     SSL_SERVER_S_DN_OU
-                       SSL_CLIENT_S_DN_CN     SSL_SERVER_S_DN_CN
-                       SSL_CLIENT_S_DN_T      SSL_SERVER_S_DN_T
-                       SSL_CLIENT_S_DN_I      SSL_SERVER_S_DN_I
-                       SSL_CLIENT_S_DN_G      SSL_SERVER_S_DN_G
-                       SSL_CLIENT_S_DN_S      SSL_SERVER_S_DN_S
-                       SSL_CLIENT_S_DN_D      SSL_SERVER_S_DN_D
-                       SSL_CLIENT_S_DN_UID    SSL_SERVER_S_DN_UID
-                       SSL_CLIENT_S_DN_Email  SSL_SERVER_S_DN_Email
-                       SSL_CLIENT_I_DN        SSL_SERVER_I_DN
-                       SSL_CLIENT_I_DN_C      SSL_SERVER_I_DN_C
-                       SSL_CLIENT_I_DN_ST     SSL_SERVER_I_DN_ST
-                       SSL_CLIENT_I_DN_L      SSL_SERVER_I_DN_L
-                       SSL_CLIENT_I_DN_O      SSL_SERVER_I_DN_O
-                       SSL_CLIENT_I_DN_OU     SSL_SERVER_I_DN_OU
-                       SSL_CLIENT_I_DN_CN     SSL_SERVER_I_DN_CN
-                       SSL_CLIENT_I_DN_T      SSL_SERVER_I_DN_T
-                       SSL_CLIENT_I_DN_I      SSL_SERVER_I_DN_I
-                       SSL_CLIENT_I_DN_G      SSL_SERVER_I_DN_G
-                       SSL_CLIENT_I_DN_S      SSL_SERVER_I_DN_S
-                       SSL_CLIENT_I_DN_D      SSL_SERVER_I_DN_D
-                       SSL_CLIENT_I_DN_UID    SSL_SERVER_I_DN_UID
-                       SSL_CLIENT_I_DN_Email  SSL_SERVER_I_DN_Email
-                       SSL_CLIENT_A_SIG       SSL_SERVER_A_SIG
-                       SSL_CLIENT_A_KEY       SSL_SERVER_A_KEY
-                       SSL_CLIENT_CERT        SSL_SERVER_CERT
-                       SSL_CLIENT_CERT_CHAIN<b>n</b>
-                       SSL_CLIENT_VERIFY
-</pre>
-</td></tr></table>
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<br>
-<br>
-<p>
-<h1><a name="ToC24">Additional Features</a></h1>
-<h2><a name="ToC25">Environment Variables</a></h2>
-This module provides a lot of SSL information as additional environment
-variables to the SSI and CGI namespace. The generated variables are listed in
-<a href="#table4">Table 4</a>. For backward compatibility the information can
-be made available under different names, too. Look in the <a
-href="ssl_compat.html">Compatibility</a> chapter for details on the
-compatibility variables.
-<p>
-<div align="center">
-<a name="table4"></a>
-<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
-<caption align="bottom" id="sf">Table 4: SSI/CGI Environment Variables</caption>
-<tr><td bgcolor="#cccccc">
-<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
-<tr><td valign="top" align="center" bgcolor="#ffffff">
-<table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
-<tr id="H">
- <td><b>Variable Name:</b></td>
- <td><b>Value Type:</b></td>
- <td><b>Description:</b></td>
-</tr>
-<tr id="D"><td><code>HTTPS</code></td>                         <td>flag</td>      <td>HTTPS is being used.</td></tr>
-<tr id="H"><td><code>SSL_PROTOCOL</code></td>                  <td>string</td>    <td>The SSL protocol version (SSLv2, SSLv3, TLSv1)</td></tr>
-<tr id="H"><td><code>SSL_SESSION_ID</code></td>                <td>string</td>    <td>The hex-encoded SSL session id</td></tr>
-<tr id="D"><td><code>SSL_CIPHER</code></td>                    <td>string</td>    <td>The cipher specification name</td></tr>
-<tr id="D"><td><code>SSL_CIPHER_EXPORT</code></td>             <td>string</td>    <td><code>true</code> if cipher is an export cipher</td></tr>
-<tr id="H"><td><code>SSL_CIPHER_USEKEYSIZE</code></td>         <td>number</td>    <td>Number of cipher bits (actually used)</td></tr>
-<tr id="D"><td><code>SSL_CIPHER_ALGKEYSIZE</code></td>         <td>number</td>    <td>Number of cipher bits (possible)</td></tr>
-<tr id="H"><td><code>SSL_VERSION_INTERFACE</code></td>         <td>string</td>    <td>The mod_ssl program version</td></tr>
-<tr id="D"><td><code>SSL_VERSION_LIBRARY</code></td>           <td>string</td>    <td>The OpenSSL program version</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_M_VERSION</code></td>          <td>string</td>    <td>The version of the client certificate</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_M_SERIAL</code></td>           <td>string</td>    <td>The serial of the client certificate</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_S_DN</code></td>               <td>string</td>    <td>Subject DN in client's certificate</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_S_DN_</code><em>x509</em></td> <td>string</td>    <td>Component of client's Subject DN</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_I_DN</code></td>               <td>string</td>    <td>Issuer DN of client's certificate</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_I_DN_</code><em>x509</em></td> <td>string</td>    <td>Component of client's Issuer DN</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_V_START</code></td>            <td>string</td>    <td>Validity of client's certificate (start time)</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_V_END</code></td>              <td>string</td>    <td>Validity of client's certificate (end time)</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_A_SIG</code></td>              <td>string</td>    <td>Algorithm used for the signature of client's certificate</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_A_KEY</code></td>              <td>string</td>    <td>Algorithm used for the public key of client's certificate</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_CERT</code></td>               <td>string</td>    <td>PEM-encoded client certificate</td></tr>
-<tr id="D"><td><code>SSL_CLIENT_CERT_CHAIN</code><i>n</i></td> <td>string</td>    <td>PEM-encoded certificates in client certificate chain</td></tr>
-<tr id="H"><td><code>SSL_CLIENT_VERIFY</code></td>             <td>string</td>    <td><tt>NONE</tt>, <tt>SUCCESS</tt>, <tt>GENEROUS</tt> or <tt>FAILED:</tt><i>reason</i></td></tr>
-<tr id="D"><td><code>SSL_SERVER_M_VERSION</code></td>          <td>string</td>    <td>The version of the server certificate</td></tr>
-<tr id="H"><td><code>SSL_SERVER_M_SERIAL</code></td>           <td>string</td>    <td>The serial of the server certificate</td></tr>
-<tr id="D"><td><code>SSL_SERVER_S_DN</code></td>               <td>string</td>    <td>Subject DN in server's certificate</td></tr>
-<tr id="H"><td><code>SSL_SERVER_S_DN_</code><em>x509</em></td> <td>string</td>    <td>Component of server's Subject DN</td></tr>
-<tr id="D"><td><code>SSL_SERVER_I_DN</code></td>               <td>string</td>    <td>Issuer DN of server's certificate</td></tr>
-<tr id="H"><td><code>SSL_SERVER_I_DN_</code><em>x509</em></td> <td>string</td>    <td>Component of server's Issuer DN</td></tr>
-<tr id="D"><td><code>SSL_SERVER_V_START</code></td>            <td>string</td>    <td>Validity of server's certificate (start time)</td></tr>
-<tr id="H"><td><code>SSL_SERVER_V_END</code></td>              <td>string</td>    <td>Validity of server's certificate (end time)</td></tr>
-<tr id="D"><td><code>SSL_SERVER_A_SIG</code></td>              <td>string</td>    <td>Algorithm used for the signature of server's certificate</td></tr>
-<tr id="H"><td><code>SSL_SERVER_A_KEY</code></td>              <td>string</td>    <td>Algorithm used for the public key of server's certificate</td></tr>
-<tr id="D"><td><code>SSL_SERVER_CERT</code></td>               <td>string</td>    <td>PEM-encoded server certificate</td></tr>
-</table>
-[ where <em>x509</em> is a component of a X.509 DN:
-  <code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code> ]
-</td>
-</tr></table>
-</td></tr></table>
-</div>
-<p>
-<br>
-<h2><a name="ToC26">Custom Log Formats</a></h2>
-When mod_ssl is built into Apache or at least loaded (under DSO situation)
-additional functions exist for the <a
-href="../mod_log_config.html#formats">Custom Log Format</a> of <a
-href="../mod_log_config.html">mod_log_config</a>. First there is an additional
-``<code>%{</code><em>varname</em><code>}x</code>'' eXtension format function
-which can be used to expand any variables provided by any module, especially
-those provided by mod_ssl which can you find in <a href="#table4">Table 4</a>.
-<p>
-For backward compatibility there is additionally a special
-``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
-provided. Information about this function is provided in the <a
-href="ssl_compat.html">Compatibility</a> chapter.
-<p>
-Example:
-<blockquote>
-<pre>
-CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-</pre>
-</blockquote>
-      <p>
-      <br>
-      <table summary="">
-      <tr>
-        <td>
-           <table width="600" border="0" summary="">
-           <tr>
-            <td valign="top" align="left" width="250">
-<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
-            </td>
-            <td valign="top" align="right" width="250">
-<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font>
-            </td>
-           </tr>
-           </table>
-         </td>
-      </tr>
-      <tr>
-        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
-      </tr>
-      <tr>
-        <td><table width="598" summary="">
-        <tr>
-        <td align="left"><font face="Arial,Helvetica">
-        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
-        The Apache Interface to OpenSSL
-        </font>
-        </td>
-        <td align="right"><font face="Arial,Helvetica">
-        Copyright &copy; 1998-2001
-        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
-        All Rights Reserved<br>
-        </font>
-        </td>
-        </tr>
-        </table>
-        </td>
-      </tr>
-      </table>
-  </td>
-</tr>
-</table>
-</div>
-</body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-chapter.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-chapter.gif
deleted file mode 100644
index 7d69c96bd29..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-chapter.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-1.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-1.gif
deleted file mode 100644
index b70504e2ec2..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-2.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-2.gif
deleted file mode 100644
index 14aa9f0ae11..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-3.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-3.gif
deleted file mode 100644
index c55def0131a..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-3.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-4.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-4.gif
deleted file mode 100644
index 3a590f51415..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-4.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-5.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-5.gif
deleted file mode 100644
index 6c74e3808f7..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-5.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-6.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-6.gif
deleted file mode 100644
index 95c45409752..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-6.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-7.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-7.gif
deleted file mode 100644
index 3e658aee73b..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-7.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-000000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-000000.gif
deleted file mode 100644
index 8dd81a90202..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-000000.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-transp.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-transp.gif
deleted file mode 100644
index 5bfd67a2d6f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-transp.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-n.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-n.gif
deleted file mode 100644
index ef0e7238be0..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-n.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-s.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-s.gif
deleted file mode 100644
index 8b61339b763..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-s.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-n.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-n.gif
deleted file mode 100644
index 912076efd4b..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-n.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-s.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-s.gif
deleted file mode 100644
index 47b3bb2916d..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-s.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-abstract.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-abstract.gif
deleted file mode 100644
index 126b5849d3f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-abstract.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-compat.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-compat.gif
deleted file mode 100644
index 930aa5f3ad4..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-compat.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-faq.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-faq.gif
deleted file mode 100644
index d5bbc2ee42f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-faq.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-gloss.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-gloss.gif
deleted file mode 100644
index 9c233b8d507..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-gloss.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-howto.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-howto.gif
deleted file mode 100644
index c20402d1a9d..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-howto.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-intro.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-intro.gif
deleted file mode 100644
index 9c0371a2bf1..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-intro.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-over.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-over.gif
deleted file mode 100644
index 3e536598366..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-over.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-preface.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-preface.gif
deleted file mode 100644
index 3189868d92f..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-preface.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-ref.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-ref.gif
deleted file mode 100644
index 606a64a9955..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-ref.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-toc.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-toc.gif
deleted file mode 100644
index 2b096bf58ec..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-toc.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-tutor.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-tutor.gif
deleted file mode 100644
index 67aba321b36..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-tutor.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_status.html b/usr.sbin/httpd/htdocs/manual/mod/mod_status.html
deleted file mode 100644
index cf0f9d6aa3e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_status.html
+++ /dev/null
@@ -1,168 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_status</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_status</h1>
-
-    <p>This module provides information on server activity and
-    performance.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a> mod_status.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    status_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.1 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>The Status module allows a server administrator to find out
-    how well their server is performing. A HTML page is presented
-    that gives the current server statistics in an easily readable
-    form. If required this page can be made to automatically
-    refresh (given a compatible browser). Another page gives a
-    simple machine-readable list of the current server state.</p>
-
-    <p>The details given are:</p>
-
-    <ul>
-      <li>The number of children serving requests</li>
-
-      <li>The number of idle children</li>
-
-      <li>The status of each child, the number of requests that
-      child has performed and the total number of bytes served by
-      the child (*)</li>
-
-      <li>A total number of accesses and byte count served (*)</li>
-
-      <li>The time the server was started/restarted and the time it
-      has been running for</li>
-
-      <li>Averages giving the number of requests per second, the
-      number of bytes served per second and the average number of
-      bytes per request (*)</li>
-
-      <li>The current percentage CPU used by each child and in
-      total by Apache (*)</li>
-
-      <li>The current hosts and requests being processed (*)</li>
-    </ul>
-
-    <p>Details marked "(*)" are only available with
-    <code>ExtendedStatus On</code>.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#extendedstatus">ExtendedStatus</a></li>
-    </ul>
-
-    <h2>Enabling Status Support</h2>
-    To enable status reports only for browsers from the foo.com
-    domain add this code to your <code>httpd.conf</code>
-    configuration file 
-<pre>
-    &lt;Location /server-status&gt;
-    SetHandler server-status
-
-    Order Deny,Allow
-    Deny from all
-    Allow from .foo.com
-    &lt;/Location&gt;
-</pre>
-
-    <p>You can now access server statistics by using a Web browser
-    to access the page
-    <code>http://your.server.name/server-status</code></p>
-
-    <p>Alternatively, if you have <code>lynx</code> installed, you can
-    also get a server statics report from the command line by running
-    the command <code>apachectl status</code>, or, for the extended
-    status report, <code>apachectl fullstatus</code>. See the <a
-    href="../programs/apachectl.html">apachectl</a> documentation for
-    additional details.</a><p>
-
-    <p>Note that mod_status will only work when you are running
-    Apache in <a href="core.html#servertype">standalone</a> mode
-    and not <a href="core.html#servertype">inetd</a> mode.</p>
-
-    <h3>Automatic Updates</h3>
-    You can get the status page to update itself automatically if
-    you have a browser that supports "refresh". Access the page
-    <code>http://your.server.name/server-status?refresh=N</code> to
-    refresh the page every N seconds. 
-
-    <h3>Machine Readable Status File</h3>
-    A machine-readable version of the status file is available by
-    accessing the page
-    <code>http://your.server.name/server-status?auto</code>. This
-    is useful when automatically run, see the Perl program in the
-    <code>/support</code> directory of Apache,
-    <code>log_server_status</code>. 
-
-    <blockquote>
-      <strong>It should be noted that if <samp>mod_status</samp> is
-      compiled into the server, its handler capability is available
-      in <em>all</em> configuration files, including
-      <em>per</em>-directory files (<em>e.g.</em>,
-      <samp>.htaccess</samp>). This may have security-related
-      ramifications for your site.</strong>
-    </blockquote>
-    <hr />
-
-    <h2><a id="extendedstatus" name="extendedstatus">ExtendedStatus
-    directive</a></h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> ExtendedStatus
-    On|Off<br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>ExtendedStatus
-    Off</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config <br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_status<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> ExtendedStatus
-    is only available in Apache 1.3.2 and later. 
-
-    <p>This directive controls whether the server keeps track of
-    extended status information for each request. This is only
-    useful if the status module is enabled on the server.</p>
-
-    <p>This setting applies to the entire server, and cannot be
-    enabled or disabled on a virtualhost-by-virtualhost basis.</p>
-
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_unique_id.html b/usr.sbin/httpd/htdocs/manual/mod/mod_unique_id.html
deleted file mode 100644
index 3f7b31a700a..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_unique_id.html
+++ /dev/null
@@ -1,220 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_unique_id</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_unique_id</h1>
-
-    <p>This module provides an environment variable with a unique
-    identifier for each request.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_unique_id.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    unique_id_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module provides a magic token for each request which is
-    guaranteed to be unique across "all" requests under very
-    specific conditions. The unique identifier is even unique
-    across multiple machines in a properly configured cluster of
-    machines. The environment variable <code>UNIQUE_ID</code> is
-    set to the identifier for each request. Unique identifiers are
-    useful for various reasons which are beyond the scope of this
-    document.</p>
-
-    <h2>Directives</h2>
-
-    <p>This module has no directives.</p>
-
-    <h2>Theory</h2>
-
-    <p>First a brief recap of how the Apache server works on Unix
-    machines. On Unix machines, Apache creates several children,
-    the children process requests one at a time. Each child can
-    serve multiple requests in its lifetime. For the purpose of
-    this discussion, the children don't share any data with each
-    other. We'll refer to the children as httpd processes.</p>
-
-    <p>Your website has one or more machines under your
-    administrative control, together we'll call them a cluster of
-    machines. Each machine can possibly run multiple instances of
-    Apache. All of these collectively are considered "the
-    universe", and with certain assumptions we'll show that in this
-    universe we can generate unique identifiers for each request,
-    without extensive communication between machines in the
-    cluster.</p>
-
-    <p>The machines in your cluster should satisfy these
-    requirements. (Even if you have only one machine you should
-    synchronize its clock with NTP.)</p>
-
-    <ul>
-      <li>The machines' times are synchronized via NTP or other
-      network time protocol.</li>
-
-      <li>The machines' hostnames all differ, such that the module
-      can do a hostname lookup on the hostname and receive a
-      different IP address for each machine in the cluster.</li>
-    </ul>
-
-    <p>As far as operating system assumptions go, we assume that
-    pids (process ids) fit in 32-bits. If the operating system uses
-    more than 32-bits for a pid, the fix is trivial but must be
-    performed in the code.</p>
-
-    <p>Given those assumptions, at a single point in time we can
-    identify any httpd process on any machine in the cluster from
-    all other httpd processes. The machine's IP address and the pid
-    of the httpd process are sufficient to do this. So in order to
-    generate unique identifiers for requests we need only
-    distinguish between different points in time.</p>
-
-    <p>To distinguish time we will use a Unix timestamp (seconds
-    since January 1, 1970 UTC), and a 16-bit counter. The timestamp
-    has only one second granularity, so the counter is used to
-    represent up to 65536 values during a single second. The
-    quadruple <em>( ip_addr, pid, time_stamp, counter )</em> is
-    sufficient to enumerate 65536 requests per second per httpd
-    process. There are issues however with pid reuse over time, and
-    the counter is used to alleviate this issue.</p>
-
-    <p>When an httpd child is created, the counter is initialized
-    with ( current microseconds divided by 10 ) modulo 65536 (this
-    formula was chosen to eliminate some variance problems with the
-    low order bits of the microsecond timers on some systems). When
-    a unique identifier is generated, the time stamp used is the
-    time the request arrived at the web server. The counter is
-    incremented every time an identifier is generated (and allowed
-    to roll over).</p>
-
-    <p>The kernel generates a pid for each process as it forks the
-    process, and pids are allowed to roll over (they're 16-bits on
-    many Unixes, but newer systems have expanded to 32-bits). So
-    over time the same pid will be reused. However unless it is
-    reused within the same second, it does not destroy the
-    uniqueness of our quadruple. That is, we assume the system does
-    not spawn 65536 processes in a one second interval (it may even
-    be 32768 processes on some Unixes, but even this isn't likely
-    to happen).</p>
-
-    <p>Suppose that time repeats itself for some reason. That is,
-    suppose that the system's clock is screwed up and it revisits a
-    past time (or it is too far forward, is reset correctly, and
-    then revisits the future time). In this case we can easily show
-    that we can get pid and time stamp reuse. The choice of
-    initializer for the counter is intended to help defeat this.
-    Note that we really want a random number to initialize the
-    counter, but there aren't any readily available numbers on most
-    systems (<em>i.e.</em>, you can't use rand() because you need
-    to seed the generator, and can't seed it with the time because
-    time, at least at one second resolution, has repeated itself).
-    This is not a perfect defense.</p>
-
-    <p>How good a defense is it? Suppose that one of your machines
-    serves at most 500 requests per second (which is a very
-    reasonable upper bound at this writing, because systems
-    generally do more than just shovel out static files). To do
-    that it will require a number of children which depends on how
-    many concurrent clients you have. But we'll be pessimistic and
-    suppose that a single child is able to serve 500 requests per
-    second. There are 1000 possible starting counter values such
-    that two sequences of 500 requests overlap. So there is a 1.5%
-    chance that if time (at one second resolution) repeats itself
-    this child will repeat a counter value, and uniqueness will be
-    broken. This was a very pessimistic example, and with real
-    world values it's even less likely to occur. If your system is
-    such that it's still likely to occur, then perhaps you should
-    make the counter 32 bits (by editing the code).</p>
-
-    <p>You may be concerned about the clock being "set back" during
-    summer daylight savings. However this isn't an issue because
-    the times used here are UTC, which "always" go forward. Note
-    that x86 based Unixes may need proper configuration for this to
-    be true -- they should be configured to assume that the
-    motherboard clock is on UTC and compensate appropriately. But
-    even still, if you're running NTP then your UTC time will be
-    correct very shortly after reboot.</p>
-
-    <p>The <code>UNIQUE_ID</code> environment variable is
-    constructed by encoding the 112-bit (32-bit IP address, 32 bit
-    pid, 32 bit time stamp, 16 bit counter) quadruple using the
-    alphabet <code>[A-Za-z0-9@-]</code> in a manner similar to MIME
-    base64 encoding, producing 19 characters. The MIME base64
-    alphabet is actually <code>[A-Za-z0-9+/]</code> however
-    <code>+</code> and <code>/</code> need to be specially encoded
-    in URLs, which makes them less desirable. All values are
-    encoded in network byte ordering so that the encoding is
-    comparable across architectures of different byte ordering. The
-    actual ordering of the encoding is: time stamp, IP address,
-    pid, counter. This ordering has a purpose, but it should be
-    emphasized that applications should not dissect the encoding.
-    Applications should treat the entire encoded
-    <code>UNIQUE_ID</code> as an opaque token, which can be
-    compared against other <code>UNIQUE_ID</code>s for equality
-    only.</p>
-
-    <p>The ordering was chosen such that it's possible to change
-    the encoding in the future without worrying about collision
-    with an existing database of <code>UNIQUE_ID</code>s. The new
-    encodings should also keep the time stamp as the first element,
-    and can otherwise use the same alphabet and bit length. Since
-    the time stamps are essentially an increasing sequence, it's
-    sufficient to have a <em>flag second</em> in which all machines
-    in the cluster stop serving and request, and stop using the old
-    encoding format. Afterwards they can resume requests and begin
-    issuing the new encodings.</p>
-
-    <p>This is a relatively portable solution. It is extended to
-    multithreaded systems like Windows NT, which add the thread-id
-    to the ID, producing a 144-bit (including 32-bit tid) quadruple
-    that generates a 24 character UNIQUE_ID value. The identifiers
-    generated have essentially an infinite life-time because future
-    identifiers can be made longer as required. Essentially no
-    communication is required between machines in the cluster (only
-    NTP synchronization is required, which is low overhead), and no
-    communication between httpd processes is required (the
-    communication is implicit in the pid value assigned by the
-    kernel). In very specific situations the identifier can be
-    shortened, but more information needs to be assumed (for
-    example the 32-bit IP address is overkill for any site, but
-    there is no portable shorter replacement for it). This module
-    may be extended to include an entire IPv6 address, but that is
-    overkill for nearly all server configurations. 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html b/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html
deleted file mode 100644
index b896dffb0ef..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html
+++ /dev/null
@@ -1,154 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_userdir</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_userdir</h1>
-
-    <p>This module provides for user-specific directories.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_userdir.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    userdir_module</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#userdir">UserDir</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="userdir" name="userdir">UserDir</a> directive</h2>
-
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> UserDir
-    <em>directory-filename</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <code>UserDir
-    public_html</code><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Base<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_userdir<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> All forms except
-    the <code>UserDir public_html</code> form are only available in
-    Apache 1.1 or above. Use of the <samp>enabled</samp> keyword,
-    or <samp>disabled</samp> with a list of usernames, is only
-    available in Apache 1.3 and above. 
-
-    <p>The UserDir directive sets the real directory in a user's
-    home directory to use when a request for a document for a user
-    is received. <em>Directory-filename</em> is one of the
-    following:</p>
-
-    <ul>
-      <li>The name of a directory or a pattern such as those shown
-      below.</li>
-
-      <li>The keyword <samp>disabled</samp>. This turns off
-      <em>all</em> username-to-directory translations except those
-      explicitly named with the <samp>enabled</samp> keyword (see
-      below).</li>
-
-      <li>The keyword <samp>disabled</samp> followed by a
-      space-delimited list of usernames. Usernames that appear in
-      such a list will <em>never</em> have directory translation
-      performed, even if they appear in an <samp>enabled</samp>
-      clause.</li>
-
-      <li>The keyword <samp>enabled</samp> followed by a
-      space-delimited list of usernames. These usernames will have
-      directory translation performed even if a global disable is
-      in effect, but not if they also appear in a
-      <samp>disabled</samp> clause.</li>
-    </ul>
-
-    <p>If neither the <samp>enabled</samp> nor the
-    <samp>disabled</samp> keywords appear in the
-    <samp>Userdir</samp> directive, the argument is treated as a
-    filename pattern, and is used to turn the name into a directory
-    specification. A request for
-    <code>http://www.foo.com/~bob/one/two.html</code> will be
-    translated to:</p>
-<pre>
-UserDir public_html     -&gt; ~bob/public_html/one/two.html
-UserDir /usr/web        -&gt; /usr/web/bob/one/two.html
-UserDir /home/*/www     -&gt; /home/bob/www/one/two.html
-</pre>
-
-    <p>The following directives will send redirects to the
-    client:</p>
-<pre>
-UserDir http://www.foo.com/users -&gt; http://www.foo.com/users/bob/one/two.html
-UserDir http://www.foo.com/*/usr -&gt; http://www.foo.com/bob/usr/one/two.html
-UserDir http://www.foo.com/~*/   -&gt; http://www.foo.com/~bob/one/two.html
-</pre>
-
-    <blockquote>
-      <strong>Be careful when using this directive; for instance,
-      <samp>"UserDir&nbsp;./"</samp> would map
-      <samp>"/~root"</samp> to <samp>"/"</samp> - which is probably
-      undesirable. If you are running Apache 1.3 or above, it is
-      strongly recommended that your configuration include a
-      "<samp>UserDir&nbsp;disabled&nbsp;root</samp>" declaration.
-      See also the <a
-      href="core.html#directory">&lt;Directory&gt;</a> directive
-      and the <a href="../misc/security_tips.html">Security
-      Tips</a> page for more information.</strong>
-    </blockquote>
-
-<p>Additional examples:</p>
-
-<p>To allow a few users to have <code>UserDir</code> directories, but
-not anyone else, use the following:</p>
-
-<pre>
-UserDir disabled
-UserDir enabled user1 user2 user3
-</pre>
-
-<p>To allow most users to have <code>UserDir</code> directories, but
-deny this to a few, use the following:</p>
-
-<pre>
-UserDir enabled
-UserDir disabled user4 user5 user6
-</pre>
-
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html b/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html
deleted file mode 100644
index 9dbb3fef431..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html
+++ /dev/null
@@ -1,306 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_usertrack</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_usertrack</h1>
-
-    <p>This module uses cookies to provide for a
-    <em>clickstream</em> log of user activity on a site.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_usertrack.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    usertrack_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Known as
-    mod_cookies prior to Apache 1.3.</p>
-
-    <h2>Summary</h2>
-
-    <p>Previous releases of Apache have included a module which
-    generates a 'clickstream' log of user activity on a site using
-    cookies. This was called the "cookies" module, mod_cookies. In
-    Apache 1.2 and later this module has been renamed the "user
-    tracking" module, mod_usertrack. This module has been
-    simplified and new directives added.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a href="#cookiedomain">CookieDomain</a></li>
-
-      <li><a href="#cookieexpires">CookieExpires</a></li>
-
-      <li><a href="#cookieformat">CookieFormat</a></li>
-
-      <li><a href="#cookiename">CookieName</a></li>
-
-      <li><a href="#cookieprefix">CookiePrefix</a></li>
-
-      <li><a href="#cookiestyle">CookieStyle</a></li>
-
-      <li><a href="#cookietracking">CookieTracking</a></li>
-    </ul>
-
-    <h2>Logging</h2>
-
-    <p>Previously, the cookies module (now the user tracking
-    module) did its own logging, using the <tt>CookieLog</tt>
-    directive. In this release, this module does no logging at all.
-    Instead, a configurable log format file should be used to log
-    user click-streams. This is possible because the logging module
-    now allows <a href="../multilogs.html">multiple log files</a>.
-    The cookie itself is logged by using the text
-    <tt>%{cookie}n</tt> in the log file format. For example:</p>
-<pre>
-CustomLog logs/clickstream "%{cookie}n %r %t"
-</pre>
-    For backward compatibility the configurable log module
-    implements the old <tt>CookieLog</tt> directive, but this
-    should be upgraded to the above <tt>CustomLog</tt> directive. 
-
-    <h2>2-digit or 4-digit dates for cookies?</h2>
-    (the following is from message
-    &lt;022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com&gt;
-    in the new-httpd archives) 
-<pre>
-From: "Christian Allen" &lt;christian@sane.com&gt;
-Subject: Re: Apache Y2K bug in mod_usertrack.c
-Date: Tue, 30 Jun 1998 11:41:56 -0400
-
-Did some work with cookies and dug up some info that might be useful.
-
-True, Netscape claims that the correct format NOW is four digit dates, and
-four digit dates do in fact work... for Netscape 4.x (Communicator), that
-is.  However, 3.x and below do NOT accept them.  It seems that Netscape
-originally had a 2-digit standard, and then with all of the Y2K hype and
-probably a few complaints, changed to a four digit date for Communicator.
-Fortunately, 4.x also understands the 2-digit format, and so the best way to
-ensure that your expiration date is legible to the client's browser is to
-use 2-digit dates.
-
-However, this does not limit expiration dates to the year 2000; if you use
-an expiration year of "13", for example, it is interpreted as 2013, NOT
-1913!  In fact, you can use an expiration year of up to "37", and it will be
-understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
-about versions previous to those).  Not sure why Netscape used that
-particular year as its cut-off point, but my guess is that it was in respect
-to UNIX's 2038 problem.  Netscape/MSIE 4.x seem to be able to understand
-2-digit years beyond that, at least until "50" for sure (I think they
-understand up until about "70", but not for sure).
-
-Summary:  Mozilla 3.x and up understands two digit dates up until "37"
-(2037).  Mozilla 4.x understands up until at least "50" (2050) in 2-digit
-form, but also understands 4-digit years, which can probably reach up until
-9999.  Your best bet for sending a long-life cookie is to send it for some
-time late in the year "37".
-</pre>
-    <hr />
-
-    <h2><a id="cookiedomain" name="cookiedomain">CookieDomain</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><b>Syntax:</b></a> CookieDomain <i>domain</i><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><b>Context:</b></a> server config, virtual host,
-    directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><b>Status:</b></a> optional<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><b>Module:</b></a> mod_usertrack <a
-    href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.3.21
-    and later 
-
-    <p>This directive controls the setting of the domain to which
-    the tracking cookie applies. If not present, no domain is
-    included in the cookie header field.</p>
-
-    <p>The domain string <b>must</b> begin with a dot, and
-    <b>must</b> include at least one embedded dot. That is,
-    ".foo.com" is legal, but "foo.bar.com" and ".com" are not.</p>
-    <hr />
-
-    <h2><a id="cookieexpires"
-    name="cookieexpires">CookieExpires</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CookieExpires
-    <em>expiry-period</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> <b>1.3.20 and
-    earlier:</b> server config, virtual host; <b>1.3.21 and
-    later:</b> server config, virtual host, directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> optional<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_usertrack 
-
-    <p>When used, this directive sets an expiry time on the cookie
-    generated by the usertrack module. The <em>expiry-period</em>
-    can be given either as a number of seconds, or in the format
-    such as "2 weeks 3 days 7 hours". Valid denominations are:
-    years, months, weeks, hours, minutes and seconds. If the expiry
-    time is in any format other than one number indicating the
-    number of seconds, it must be enclosed by double quotes.</p>
-
-    <p>If this directive is not used, cookies last only for the
-    current browser session.</p>
-    <hr />
-
-    <h2><a id="cookieformat"
-    name="cookieformat">CookieFormat</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CookieFormat
-    <em>Normal | Compact</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual host, directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> optional<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_usertrack <a
-    href="directive-dict.html#Compatibility" 
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.3.28
-    and later 
-
-    <p>When used, this directive determines whether the cookie
-    used for user tracking is created using the default ("normal")
-    format (eg: decimal values for items like the PID) or
-    using a more compact format (eg: hexidecimal values).</p>
-
-    <hr />
-
-    <h2><a id="cookiename" name="cookiename">CookieName</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CookieName
-    <em>token</em> <br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> <em>Apache</em> <br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> optional<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_usertrack <br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.3.7 and
-    later 
-
-    <p>This directive allows you to change the name of the cookie
-    this module uses for its tracking purposes. By default the
-    cookie is named "<code>Apache</code>".</p>
-
-    <p>You must specify a valid cookie name; results are
-    unpredictable if you use a name containing unusual characters.
-    Valid characters include A-Z, a-z, 0-9, "_", and "-".</p>
-    <hr />
-
-    <h2><a id="cookieprefix"
-    name="cookieprefix">CookiePrefix</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CookiePrefix
-    <em>"string"</em><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual host, directory,
-    .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> optional<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_usertrack <a
-    href="directive-dict.html#Compatibility" 
-    rel="Help"><strong>Compatibility:</strong></a> Apache 1.3.28
-    and later 
-
-    <p>When used, this directive allows for the <em>"string"</em>
-    to be prepended to the user tracking cookie. Care must be
-    taken not to prepend a string that would result in a bogus
-    cookie.</p>
-
-    <hr />
-
-    <h2><a id="cookiestyle" name="cookiestyle">CookieStyle</a>
-    directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><b>Syntax:</b></a> CookieStyle
-    <i>Netscape|Cookie|Cookie2|RFC2109|RFC2965</i><br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><b>Context:</b></a> server config, virtual host,
-    directory, .htaccess<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><b>Status:</b></a> optional<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><b>Module:</b></a> mod_usertrack 
-
-    <p>This directive controls the format of the cookie header
-    field. The three formats allowed are:</p>
-
-    <ul>
-      <li><b>Netscape</b>, which is the original but now deprecated
-      syntax. This is the default, and the syntax Apache has
-      historically used.</li>
-
-      <li><b>Cookie</b> or <b>RFC2109</b>, which is the syntax that
-      superseded the Netscape syntax.</li>
-
-      <li><b>Cookie2</b> or <b>RFC2965</b>, which is the most
-      current cookie syntax.</li>
-    </ul>
-
-    <p>Not all clients can understand all of these formats. but you
-    should use the newest one that is generally acceptable to your
-    users' browsers.</p>
-    <hr />
-
-    <h2><a id="cookietracking"
-    name="cookietracking">CookieTracking</a> directive</h2>
-    <a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CookieTracking
-    on|off<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host, directory, .htaccess<br />
-     <a href="directive-dict.html#Override"
-    rel="Help"><strong>Override:</strong></a> FileInfo<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> optional<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_usertrack 
-
-    <p>When the user track module is compiled in, and
-    "CookieTracking on" is set, Apache will start sending a
-    user-tracking cookie for all new requests. This directive can
-    be used to turn this behavior on or off on a per-server or
-    per-directory basis. By default, compiling mod_usertrack will
-    not activate cookies.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html b/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html
deleted file mode 100644
index c6da22eb0ef..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html
+++ /dev/null
@@ -1,335 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache module mod_vhost_alias</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Module mod_vhost_alias</h1>
-
-    <p>This module provides support for <a
-    href="../vhosts/mass.html">dynamically configured mass virtual
-    hosting</a>.</p>
-
-    <p><a href="module-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="module-dict.html#SourceFile"
-    rel="Help"><strong>Source File:</strong></a>
-    mod_vhost_alias.c<br />
-     <a href="module-dict.html#ModuleIdentifier"
-    rel="Help"><strong>Module Identifier:</strong></a>
-    vhost_alias_module<br />
-     <a href="module-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a> Available in
-    Apache 1.3.7 and later.</p>
-
-    <h2>Summary</h2>
-
-    <p>This module creates dynamically configured virtual hosts, by
-    allowing the IP address and/or the <code>Host:</code> header of
-    the HTTP request to be used as part of the pathname to
-    determine what files to serve. This allows for easy use of a
-    huge number of virtual hosts with similar configurations.</p>
-
-    <h2>Directives</h2>
-
-    <ul>
-      <li><a
-      href="#virtualdocumentroot">VirtualDocumentRoot</a></li>
-
-      <li><a
-      href="#virtualdocumentrootip">VirtualDocumentRootIP</a></li>
-
-      <li><a href="#virtualscriptalias">VirtualScriptAlias</a></li>
-
-      <li><a
-      href="#virtualscriptaliasip">VirtualScriptAliasIP</a></li>
-    </ul>
-
-    <p>See also: <a
-    href="core.html#usecanonicalname">UseCanonicalName</a>.</p>
-
-    <h2>Directory Name Interpolation</h2>
-
-    <p>All the directives in this module interpolate a string into
-    a pathname. The interpolated string (henceforth called the
-    "name") may be either the server name (see the <a
-    href="core.html#usecanonicalname"><code>UseCanonicalName</code></a>
-    directive for details on how this is determined) or the IP
-    address of the virtual host on the server in dotted-quad
-    format. The interpolation is controlled by specifiers inspired
-    by <code>printf</code> which have a number of formats:</p>
-
-    <dl>
-      <dt><code>%%</code></dt>
-
-      <dd>insert a <code>%</code></dd>
-
-      <dt><code>%p</code></dt>
-
-      <dd>insert the port number of the virtual host</dd>
-
-      <dt><code>%N.M</code></dt>
-
-      <dd>insert (part of) the name</dd>
-    </dl>
-
-    <p><code>N</code> and <code>M</code> are used to specify
-    substrings of the name. <code>N</code> selects from the
-    dot-separated components of the name, and <code>M</code>
-    selects characters within whatever <code>N</code> has selected.
-    <code>M</code> is optional and defaults to zero if it isn't
-    present; the dot must be present if and only if <code>M</code>
-    is present. The interpretation is as follows:</p>
-
-    <dl>
-      <dt><code>0</code></dt>
-
-      <dd>the whole name</dd>
-
-      <dt><code>1</code></dt>
-
-      <dd>the first part</dd>
-
-      <dt><code>2</code></dt>
-
-      <dd>the second part</dd>
-
-      <dt><code>-1</code></dt>
-
-      <dd>the last part</dd>
-
-      <dt><code>-2</code></dt>
-
-      <dd>the penultimate part</dd>
-
-      <dt><code>2+</code></dt>
-
-      <dd>the second and all subsequent parts</dd>
-
-      <dt><code>-2+</code></dt>
-
-      <dd>the penultimate and all preceding parts</dd>
-
-      <dt><code>1+</code> and <code>-1+</code></dt>
-
-      <dd>the same as <code>0</code></dd>
-    </dl>
-
-    <p>If <code>N</code> or <code>M</code> is greater than the
-    number of parts available a single underscore is
-    interpolated.</p>
-
-    <h3>Examples</h3>
-
-    <p>For simple name-based virtual hosts you might use the
-    following directives in your server configuration file:</p>
-<pre>
-    UseCanonicalName    Off
-    VirtualDocumentRoot /usr/local/apache/vhosts/%0
-</pre>
-
-    <p>A request for
-    <code>http://www.example.com/directory/file.html</code> will be
-    satisfied by the file
-    <code>/usr/local/apache/vhosts/www.example.com/directory/file.html</code>.</p>
-
-    <p>For a very large number of virtual hosts it is a good idea
-    to arrange the files to reduce the size of the
-    <code>vhosts</code> directory. To do this you might use the
-    following in your configuration file:</p>
-<pre>
-    UseCanonicalName    Off
-    VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2
-</pre>
-    A request for
-    <code>http://www.example.isp.com/directory/file.html</code>
-    will be satisfied by the file
-    <code>/usr/local/apache/vhosts/isp.com/e/x/a/example/directory/file.html</code>.
-    A more even spread of files can be achieved by hashing from the
-    end of the name, for example: 
-<pre>
-    VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.-1/%2.-2/%2.-3/%2
-</pre>
-    The example request would come from
-    <code>/usr/local/apache/vhosts/isp.com/e/l/p/example/directory/file.html</code>.
-    Alternatively you might use: 
-<pre>
-    VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2.4+
-</pre>
-
-    <p>The example request would come from
-    <code>/usr/local/apache/vhosts/isp.com/e/x/a/mple/directory/file.html</code>.</p>
-
-    <p>For IP-based virtual hosting you might use the following in
-    your configuration file:</p>
-<pre>
-    UseCanonicalName DNS
-    VirtualDocumentRootIP   /usr/local/apache/vhosts/%1/%2/%3/%4/docs
-    VirtualScriptAliasIP    /usr/local/apache/vhosts/%1/%2/%3/%4/cgi-bin
-</pre>
-
-    <p>A request for
-    <code>http://www.example.isp.com/directory/file.html</code>
-    would be satisfied by the file
-    <code>/usr/local/apache/vhosts/10/20/30/40/docs/directory/file.html</code>
-    if the IP address of <code>www.example.com</code> were
-    10.20.30.40. A request for
-    <code>http://www.example.isp.com/cgi-bin/script.pl</code> would
-    be satisfied by executing the program
-    <code>/usr/local/apache/vhosts/10/20/30/40/cgi-bin/script.pl</code>.</p>
-
-    <p>If you want to include the <code>.</code> character in a
-    <code>VirtualDocumentRoot</code> directive, but it clashes with
-    a <code>%</code> directive, you can work around the problem in
-    the following way:</p>
-<pre>
-    VirtualDocumentRoot /usr/local/apache/vhosts/%2.0.%3.0
-</pre>
-
-    <p>A request for
-    <code>http://www.example.isp.com/directory/file.html</code>
-    will be satisfied by the file
-    <code>/usr/local/apache/vhosts/example.isp/directory/file.html</code>.</p>
-
-    <p>The <a href="mod_log_config.html#formats">LogFormat
-    directives</a> <code>%V</code> and <code>%A</code> are useful
-    in conjunction with this module.</p>
-    <hr />
-
-    <h2><a id="virtualdocumentroot"
-    name="virtualdocumentroot">VirtualDocumentRoot
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> VirtualDocumentRoot
-    <em>interpolated-directory</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> None<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_vhost_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    VirtualDocumentRoot is only available in 1.3.7 and later.</p>
-
-    <p>The <code>VirtualDocumentRoot</code> directive allows you to
-    determine where Apache will find your documents based on the
-    value of the server name. The result of expanding
-    <em>interpolated-directory</em> is used as the root of the
-    document tree in a similar manner to the <a
-    href="core.html#documentroot"><code>DocumentRoot</code></a>
-    directive's argument. If <em>interpolated-directory</em> is
-    <code>none</code> then <code>VirtualDocumentRoot</code> is
-    turned off. This directive cannot be used in the same context
-    as <a
-    href="#virtualdocumentrootip"><code>VirtualDocumentRootIP</code></a>.</p>
-    <hr />
-
-    <h2><a id="virtualdocumentrootip"
-    name="virtualdocumentrootip">VirtualDocumentRootIP
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> VirtualDocumentRootIP
-    <em>interpolated-directory</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> None<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_vhost_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    VirtualDocumentRootIP is only available in 1.3.7 and later.</p>
-
-    <p>The <code>VirtualDocumentRootIP</code> directive is like the
-    <a
-    href="#virtualdocumentroot"><code>VirtualDocumentRoot</code></a>
-    directive, except that it uses the IP address of the server end
-    of the connection instead of the server name.</p>
-    <hr />
-
-    <h2><a id="virtualscriptalias"
-    name="virtualscriptalias">VirtualScriptAlias directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> VirtualScriptAlias
-    <em>interpolated-directory</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> None<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_vhost_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    VirtualScriptAlias is only available in 1.3.7 and later.</p>
-
-    <p>The <code>VirtualScriptAlias</code> directive allows you to
-    determine where Apache will find CGI scripts in a similar
-    manner to <a
-    href="#virtualdocumentroot"><code>VirtualDocumentRoot</code></a>
-    does for other documents. It matches requests for URIs starting
-    <code>/cgi-bin/</code>, much like <code><a
-    href="mod_alias.html#scriptalias">ScriptAlias</a>
-    /cgi-bin/</code> would.</p>
-    <hr />
-
-    <h2><a id="virtualscriptaliasip"
-    name="virtualscriptaliasip">VirtualScriptAliasIP
-    directive</a></h2>
-
-    <p><a href="directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> VirtualScriptAliasIP
-    <em>interpolated-directory</em><br />
-     <a href="directive-dict.html#Default"
-    rel="Help"><strong>Default:</strong></a> None<br />
-     <a href="directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> Extension<br />
-     <a href="directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_vhost_alias<br />
-     <a href="directive-dict.html#Compatibility"
-    rel="Help"><strong>Compatibility:</strong></a>
-    VirtualScriptAliasIP is only available in 1.3.7 and later.</p>
-
-    <p>The <code>VirtualScriptAliasIP</code> directive is like the
-    <a
-    href="#virtualscriptalias"><code>VirtualScriptAlias</code></a>
-    directive, except that it uses the IP address of the server end
-    of the connection instead of the server name.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/mod/module-dict.html b/usr.sbin/httpd/htdocs/manual/mod/module-dict.html
deleted file mode 100644
index 0d04a540cae..00000000000
--- a/usr.sbin/httpd/htdocs/manual/mod/module-dict.html
+++ /dev/null
@@ -1,129 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Definitions of terms used to describe Apache
-    modules</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Terms Used to Describe Apache Modules</h1>
-
-    <p>Each Apache module is described using a common format that
-    looks like this:</p>
-
-    <dl>
-      <dd><a href="#Status" rel="Help"><strong>Status:</strong></a>
-      <em>status</em><br />
-       <a href="#SourceFile" rel="Help"><strong>Source
-      File:</strong></a> <em>source-file</em><br />
-       <a href="#ModuleIdentifier" rel="Help"><strong>Module
-      Identifier:</strong></a> <em>module-identifier</em><br />
-       <a href="#Compatibility"
-      rel="Help"><strong>Compatibility:</strong></a>
-      <em>compatibility notes</em></dd>
-    </dl>
-
-    <p>Each of the attributes, complete with values where possible,
-    are described in this document.</p>
-
-    <h2>Module Terms</h2>
-
-    <ul>
-      <li><a href="#Status">Status</a></li>
-
-      <li><a href="#SourceFile">Source File</a></li>
-
-      <li><a href="#ModuleIdentifier">Module Identifier</a></li>
-
-      <li><a href="#Compatibility">Compatibility</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="Status" name="Status">Status</a></h2>
-
-    <p>This indicates how tightly bound into the Apache Web server
-    the module is; in other words, you may need to recompile the
-    server in order to gain access to the module and its
-    functionality. Possible values for this attribute are:</p>
-
-    <dl>
-      <dt><strong>Base</strong></dt>
-
-      <dd>A module labeled as having "Base" status is compiled and
-      loaded into the server by default, and is therefore normally
-      available unless you have taken steps to remove the module
-      from your configuration.</dd>
-
-      <dt><strong>Extension</strong></dt>
-
-      <dd>A module with "Extension" status is not normally compiled
-      and loaded into the server. To enable the module and its
-      functionality, you may need to change the server build
-      configuration files and re-compile Apache.</dd>
-
-      <dt><strong>Experimental</strong></dt>
-
-      <dd>"Experimental" status indicates that the module is
-      available as part of the Apache kit, but you are on your own
-      if you try to use it. The module is being documented for
-      completeness, and is not necessarily supported.</dd>
-
-      <dt><strong>External</strong></dt>
-
-      <dd>Modules which are not included with the base Apache
-      distribution ("third-party modules") may use the "External"
-      status. We are not responsible, nor do we support such
-      modules.</dd>
-    </dl>
-    <hr />
-
-    <h2><a id="SourceFile" name="SourceFile">Source File</a></h2>
-
-    <p>This quite simply lists the name of the source file which
-    contains the code for the module. This is also the name used by
-    the <a
-    href="core.html#ifmodule"><code>&lt;IfModule&gt;</code></a>
-    directive.</p>
-    <hr />
-
-    <h2><a id="ModuleIdentifier" name="ModuleIdentifier">Module
-    Identifier</a></h2>
-
-    <p>This is a string which identifies the module for use in the
-    <a href="mod_so.html#loadmodule">LoadModule</a> directive when
-    dynamically loading modules. In particular, it is the name of
-    the external variable of type module in the source file.</p>
-    <hr />
-
-    <h2><a id="Compatibility"
-    name="Compatibility">Compatibility</a></h2>
-
-    <p>If the module was not part of the original Apache version 1
-    distribution, the version in which it was introduced should be
-    listed here.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/multilogs.html b/usr.sbin/httpd/htdocs/manual/multilogs.html
deleted file mode 100644
index a0ea0072d95..00000000000
--- a/usr.sbin/httpd/htdocs/manual/multilogs.html
+++ /dev/null
@@ -1,123 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Multiple Log Files</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Multiple Log Files</h1>
-    It is now possible to specify multiple log files, each with a
-    fully customizable format. This is compatible with existing
-    configurations. Multiple log files are implemented as part of
-    the <a href="mod/mod_log_config.html">mod_log_config</a> module
-    which as of Apache 1.2 is the default log module. 
-    <hr />
-
-    <h2>Using Multiple Log Files</h2>
-    Multiple log files be created with either the
-    <code>TransferLog</code> or <code>CustomLog</code> directive.
-    These directives can be repeated to create more than one log
-    file (in previous releases, only one logfile could be given per
-    server configuration). The <code>TransferLog</code> directive
-    creates a log file in the standard "common log format",
-    although this can be customized with <code>LogFormat</code>.
-    The syntax of these two directives is the same as for the
-    config log module in previous Apache releases. 
-
-    <p>The real power of multiple log files come from the ability
-    to create log files in different formats. For example, as well
-    as a CLF transfer log, the server could log the user agent of
-    each client, or the referrer information, or any other aspect
-    of the request, such as the language preferences of the
-    user.</p>
-
-    <p>The new <code>CustomLog</code> directive takes both a
-    filename to log to, and a log file format.</p>
-    <hr />
-    <a href="mod/directive-dict.html#Syntax"
-    rel="Help"><strong>Syntax:</strong></a> CustomLog <em>filename
-    "format"</em><br />
-     <a href="mod/directive-dict.html#Context"
-    rel="Help"><strong>Context:</strong></a> server config, virtual
-    host<br />
-     <a href="mod/directive-dict.html#Status"
-    rel="Help"><strong>Status:</strong></a> base<br />
-     <a href="mod/directive-dict.html#Module"
-    rel="Help"><strong>Module:</strong></a> mod_log_config 
-
-    <p>The first argument is the filename to log to. This is used
-    exactly like the argument to <code>TransferLog</code>, that is,
-    it is either a file as a full path or relative to the current
-    server root, or |programname. Be aware that anyone who can
-    write to the directory where a log file is written can gain
-    access to the uid that starts the server. See the <a
-    href="misc/security_tips.html">security tips</a> document for
-    details.</p>
-
-    <p>The format argument specifies a format for each line of the
-    log file. The options available for the format are exactly the
-    same as for the argument of the <code>LogFormat</code>
-    directive. If the format includes any spaces (which it will do
-    in almost all cases) it should be enclosed in double
-    quotes.</p>
-
-    <h3>Use with Virtual Hosts</h3>
-    If a &lt;VirtualHost&gt; section does not contain any
-    <code>TransferLog</code> or <code>CustomLog</code> directives,
-    the logs defined for the main server will be used. If it does
-    contain one or more of these directives, requests serviced by
-    this virtual host will only be logged in the log files defined
-    within its definition, not in any of the main server's log
-    files. See the examples below. 
-    <hr />
-
-    <h3>Examples</h3>
-    To create a normal (CLF) format log file in logs/access_log,
-    and a log of user agents: 
-<pre>
-TransferLog logs/access_log
-CustomLog   logs/agents     "%{user-agent}i"
-</pre>
-    To define a CLF transfer log and a referrer log which log all
-    accesses to both the main server and a virtual host: 
-<pre>
-TransferLog logs/access_log
-CustomLog   logs/referer    "%{referer}i"
-
-&lt;VirtualHost&gt;
-  DocumentRoot   /whatever
-  ServerName     my.virtual.host
-&lt;/VirtualHost&gt;
-</pre>
-    Since no TransferLog or CustomLog directives appear inside the
-    &lt;VirtualHost&gt; section, any requests for this virtual host
-    will be logged in the main server's log files. If however the
-    directive 
-<pre>
-TransferLog logs/vhost_access_log
-</pre>
-    was added inside the virtual host definition, then accesses to
-    this virtual host will be logged in vhost_access_log file (in
-    common log format), and <em>not</em> in logs/access_log or
-    logs/referer.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/process-model.html b/usr.sbin/httpd/htdocs/manual/process-model.html
deleted file mode 100644
index d26fe3cee9d..00000000000
--- a/usr.sbin/httpd/htdocs/manual/process-model.html
+++ /dev/null
@@ -1,81 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Server Pool Management</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Server Pool Management</h1>
-    <hr />
-
-    <p>We found that many people were using values for "MaxServers"
-    either too high or too low, and were hanging themselves on it.
-    The model we adopted is still based on long-lived
-    minimal-forking processes, but instead of specifying one number
-    of persistent processes, the web-master specifies a maximum and
-    minimum number of processes to be "spare" - every couple of
-    seconds the parent checks the actual number of spare servers
-    and adjusts accordingly. This should keep the number of servers
-    concurrently running relatively low while still ensuring
-    minimal forking.</p>
-
-    <p>We renamed the current StartServers to MinSpareServers,
-    created separate StartServers parameter which means what it
-    says, and renamed MaxServers to MaxSpareServers (though the old
-    name still works, for NCSA 1.4 back-compatibility). The old
-    names were generally regarded as too confusing.</p>
-
-    <p>The defaults for each variable are:</p>
-<pre>
-MinSpareServers         5
-MaxSpareServers         10
-StartServers            5
-</pre>
-    There is an absolute maximum number of simultaneous children
-    defined by a compile-time limit which defaults to 256 and a
-    "MaxClients" directive which specifies the number of
-    simultaneous children that will be allowed. MaxClients can be
-    adjusted up to the compile-time limit (HARD_SERVER_LIMIT,
-    defined in httpd.h). If you need more than 256 simultaneous
-    children, you need to modify both HARD_SERVER_LIMIT and
-    MaxClients. 
-
-    <p>In versions before 1.2, HARD_SERVER_LIMIT defaulted to
-    150.</p>
-
-    <p>We do not recommend changing either of these values
-    unless:</p>
-
-    <ol>
-      <li>You know you have the server resources to handle
-      more</li>
-
-      <li>You use the machine for other purposes and must limit the
-      amount of memory Apache uses</li>
-    </ol>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/ab.html b/usr.sbin/httpd/htdocs/manual/programs/ab.html
deleted file mode 100644
index b604dba17d2..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/ab.html
+++ /dev/null
@@ -1,158 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: ab - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: ab</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     ab - Apache HTTP server benchmarking tool
-
-<strong>SYNOPSIS</strong>
-     <strong>ab</strong> [ -<strong>k</strong> ] [ -<strong>i</strong> ] [ -<strong>n</strong> <em>requests</em> ] [ -<strong>t</strong> <em>timelimit</em> ] [ -<strong>c</strong>  <em>con-</em>
-     <em>currency</em>   ]   [   -<strong>p</strong>   <em>POST   file</em>   ]  [  -<strong>A</strong>  <em>Authenticate</em>
-     <em>username</em>:<em>password </em>   ]    [    -<strong>P  </strong>   <em>Proxy     Authenticate</em>
-     <em>username</em>:<em>password</em>  ]  [  -<strong>H</strong>  <em>Custom  header</em>  ]  [  -<strong>C</strong> <em>Cookie</em>
-     <em>name</em>=<em>value</em> ] [ -<strong>T</strong> <em>content</em>-<em>type</em> ] [ -<strong>v</strong> <em>verbosity</em>  ]  ]  [  -<strong>w</strong>
-     <em>output HTML</em> ] ] [ -<strong>x</strong> &lt;<em>table</em>&gt; <em>attributes</em> ] ] [ -<strong>y</strong> &lt;<em>tr</em>&gt; <em>attri-</em>
-     <em>butes  </em>   ]     ]     [     -<strong>z  </strong>   &lt;<em>td</em>&gt;     <em>attributes  </em>   ]
-     [<em>http</em>://]<em>hostname</em>[:<em>port</em>]/<em>path</em>
-
-     <strong>ab</strong> [ -<strong>V</strong> ] [ -<strong>h</strong> ]
-
-<strong>DESCRIPTION</strong>
-     <strong>ab</strong> is a tool for benchmarking the performance of your Apache
-     HyperText  Transfer Protocol (HTTP) server.  It does this by
-     giving you an indication of how  many  requests  per  second
-     your Apache installation can serve.
-
-<strong>OPTIONS</strong>
-     -<strong>k       </strong>   Enable the HTTP KeepAlive feature; that is, per-
-                 form  multiple requests within one HTTP session.
-                 Default is no KeepAlive.
-
-     -<strong>i       </strong>   Use an HTTP 'HEAD' instead of  the  GET  method.
-                 Cannot be mixed with POST.
-
-     -<strong>n</strong> <em>requests</em> The number of requests to perform for the bench-
-                 marking session.  The default is to perform just
-                 one  single  request,  which   will   not   give
-                 representative benchmarking results.
-
-     -<strong>t</strong> <em>timelimit</em>
-                 The number of  seconds  to  spend  benchmarking.
-                 Using  this  option automatically set the number
-                 of requests  for  the  benchmarking  session  to
-                 50000.   Use  this to benchmark the server for a
-                 fixed period of time.  By default, there  is  no
-                 timelimit.
-
-     -<strong>c</strong> <em>concurrency</em>
-                 The number of simultaneous requests to  perform.
-                 The default is to perform one HTTP request at a
-                 time, that is, no concurrency.
-
-     -<strong>p</strong> <em>POST file</em>
-                 A file containing data  that  the  program  will
-                 send  to  the  Apache  server  in  any HTTP POST
-                 requests.
-
-     -<strong>A</strong> <em>Authorization username</em>:<em>password</em>
-                 Supply Basic Authentication credentials  to  the
-                 server.  The username and password are separated
-                 by a single ':', and  sent  as  uuencoded  data.
-                 The  string  is  sent  regardless of whether the
-                 server needs it; that is, has sent a 401 Authen-
-                 tication needed.
-
-     -<strong>p</strong> <em>Proxy</em>-<em>Authorization username</em>:<em>password</em>
-                 Supply Basic  Authentication  credentials  to  a
-                 proxy  en-route.  The  username and password are
-                 separated by a single ':', and sent as uuencoded
-                 data.   The string is sent regardless of whether
-                 the proxy needs it; that  is,  has  sent  a  407
-                 Proxy authentication needed.
-
-     -<strong>C</strong> <em>Cookie name</em>=<em>value</em>
-                 Add a 'Cookie:' line to the request.  The  argu-
-                 ment  is  typically  a  'name=value'  pair. This
-                 option may be repeated.
-
-     -<strong>p</strong> <em>Header string</em>
-                 Append extra headers to the request.  The  argu-
-                 ment  is typically in the form of a valid header
-                 line, usually  a  colon  separated  field  value
-                 pair,     for     example,     'Accept-Encoding:
-                 zip/zop;8bit'.
-
-     -<strong>T</strong> <em>content</em>-<em>type</em>
-                 The content-type header to use for POST data.
-
-     -<strong>v       </strong>   Sets the verbosity level.   Level  4  and  above
-                 prints information on headers, level 3 and above
-                 prints response codes (for example,  404,  200),
-                 and level 2 and above prints warnings and infor-
-                 mational messages.
-
-     -<strong>w       </strong>   Print out results in HTML tables.   The  default
-                 table  is  two  columns wide, with a white back-
-                 ground.
-
-     -<strong>x</strong> <em>attributes</em>
-                 The string to use  as  attributes  for  &lt;table&gt;.
-                 Attributes are inserted &lt;table <strong>here</strong> &gt;
-
-     -<strong>y</strong> <em>attributes</em>
-                 The string to use as attributes for &lt;tr&gt;.
-
-     -<strong>z</strong> <em>attributes</em>
-                 The string to use as attributes for &lt;td&gt;.
-
-     -<strong>V       </strong>   Display the version number and exit.
-
-     -<strong>h       </strong>   Display usage information.
-
-<strong>BUGS</strong>
-     There are  various  statically  declared  buffers  of  fixed
-     length.  Combined  with  inefficient  parsing of the command
-     line arguments, the response headers from  the  server,  and
-     other external inputs, these buffers might overflow.
-
-     <strong>Ab</strong> does not  implement  HTTP/1.x  fully;  instead,  it  only
-     accepts some 'expected' forms of responses.
-
-     The rather heavy use of <strong>strstr(3)</strong> by the  program  may  skew
-     performance   results,   since   it   uses  significant  CPU
-     resources.  Make sure that performance limits are not hit by
-     <strong>ab</strong> before your server's limit is reached.
-
-<strong>SEE ALSO</strong>
-     <strong>httpd(8)</strong>
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/apachectl.html b/usr.sbin/httpd/htdocs/manual/programs/apachectl.html
deleted file mode 100644
index ef67f594b81..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/apachectl.html
+++ /dev/null
@@ -1,110 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: apachectl - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: apachectl</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     apachectl - Apache HTTP server control interface
-
-<strong>SYNOPSIS</strong>
-     <strong>apachectl</strong> <em>command</em> [...]
-
-<strong>DESCRIPTION</strong>
-     <strong>apachectl</strong> is a front end to the  Apache  HyperText  Transfer
-     Protocol (HTTP) server.  It is designed to help the adminis-
-     trator control the functioning of the Apache <strong>httpd</strong> daemon.
-
-     <strong>NOTE:</strong> If your Apache installation uses  non-standard  paths,
-     you  will  need  to  edit  the  <strong>apachectl</strong>  script to set the
-     appropriate paths to your PID file and  your  <strong>httpd</strong>  binary.
-     See the comments in the script for details.
-
-     The <strong>apachectl</strong> script returns a 0 exit value on success,  and
-     &gt;0  if an error occurs.  For more details, view the comments
-     in the script.
-
-     Full   documentation   for   Apache    is    available    at
-     <strong>http://www.apache.org/</strong>
-
-<strong>OPTIONS</strong>
-     The <em>command</em> can be any one or more of the following options:
-
-     <strong>start    </strong>   Start the Apache daemon.  Gives an error  if  it
-                 is already running.
-
-     <strong>stop     </strong>   Stops the Apache daemon.
-
-     <strong>restart  </strong>   Restarts the  Apache  daemon  by  sending  it  a
-                 SIGHUP.   If  the  daemon  is not running, it is
-                 started.  This command automatically checks  the
-                 configuration  files  via <strong>configtest</strong> before ini-
-                 tiating the restart to make sure Apache  doesn't
-                 die.
-
-     <strong>fullstatus</strong>  Displays a full status report  from  <strong>mod_status.</strong>
-                 For  this  to  work, you need to have mod_status
-                 enabled on your server and a text-based  browser
-                 such  as <em>lynx</em> available on your system.  The URL
-                 used to access the status report can be  set  by
-                 editing the <strong>STATUSURL</strong> variable in the script.
-
-     <strong>status   </strong>   Displays a brief status report.  Similar to  the
-                 fullstatus  option,  except  that  the  list  of
-                 requests currently being served is omitted.
-
-     <strong>graceful </strong>   Gracefully restarts the Apache daemon by sending
-                 it  a SIGUSR1.  If the daemon is not running, it
-                 is started.  This differs from a normal  restart
-                 in  that  currently  open  connections  are  not
-                 aborted.  A side effect is that  old  log  files
-                 will not be closed immediately.  This means that
-                 if used in a log rotation script, a  substantial
-                 delay  may  be  necessary to ensure that the old
-                 log files are  closed  before  processing  them.
-                 This command automatically checks the configura-
-                 tion files via <strong>configtest</strong> before initiating  the
-                 restart to make sure Apache doesn't die.
-
-     <strong>configtest</strong>  Run a configuration file syntax test. It  parses
-                 the  configuration files and either reports <strong>Syn-</strong>
-                 <strong>tax Ok</strong> or detailed information about the partic-
-                 ular syntax error.
-
-     <strong>help     </strong>   Displays a short help message.
-
-<strong>SEE ALSO</strong>
-     <strong>httpd(8)</strong>
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/apxs.html b/usr.sbin/httpd/htdocs/manual/programs/apxs.html
deleted file mode 100644
index fde51c1c161..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/apxs.html
+++ /dev/null
@@ -1,291 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: apxs - Apache HTTP Server</title>
-  </head>
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: apxs</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     apxs - APache eXtenSion tool
-
-<strong>SYNOPSIS</strong>
-     <strong>apxs</strong> -<strong>g</strong> [ -<strong>S</strong> <em>variable</em>=<em>value</em> ] -<strong>n</strong> <em>name</em>
-
-     <strong>apxs</strong> -<strong>q</strong> [ -<strong>S</strong> <em>variable</em>=<em>value</em> ] <em>query</em> ...
-
-     <strong>apxs</strong> -<strong>c</strong> [ -<strong>S</strong> <em>variable</em>=<em>value</em> ] [ -<strong>o</strong> <em>dsofile</em> ] [ -<strong>I</strong> <em>incdir</em> ] [
-     -<strong>D</strong>  <em>variable</em>[=<em>value</em>]  ]  [  -<strong>L</strong>  <em>libdir</em>  ]  [  -<strong>l</strong> <em>libname</em> ] [
-     -<strong>Wc,</strong><em>compiler</em>-<em>flags</em> ] [ -<strong>Wl,</strong><em>linker</em>-<em>flags</em> ] <em>files</em> ...
-
-     <strong>apxs</strong> -<strong>i</strong> [ -<strong>S</strong> <em>variable</em>=<em>value</em> ] [ -<strong>n</strong> <em>name</em> ] [ -<strong>a</strong> ] [ -<strong>A</strong> ] <em>dso-</em>
-     <em>file</em> ...
-
-     <strong>apxs</strong> -<strong>e</strong> [ -<strong>S</strong> <em>variable</em>=<em>value</em> ] [ -<strong>n</strong> <em>name</em> ] [ -<strong>a</strong> ] [ -<strong>A</strong> ] <em>dso-</em>
-     <em>file</em> ...
-
-<strong>DESCRIPTION</strong>
-     <strong>apxs</strong> is a tool for building and installing extension modules
-     for  the  Apache  HyperText Transfer Protocol (HTTP) server.
-     This is achieved by building a Dynamic Shared  Object  (DSO)
-     from  one  or  more source or object <em>files</em> which then can be
-     loaded into the Apache server under runtime via the  <strong>LoadMo-</strong>
-     <strong>dule</strong> directive from <strong>mod_so.</strong>
-
-     So to use this extension mechanism,  your  platform  has  to
-     support  the DSO feature and your Apache <strong>httpd</strong> binary has to
-     be built with the <strong>mod_so</strong> module.  The  <strong>apxs</strong>  tool  automati-
-     cally complains if this is not the case.  You can check this
-     yourself by manually running the command
-
-       $ httpd -l
-
-     The module <strong>mod_so</strong> should be part of the displayed list.   If
-     these requirements are fulfilled, you can easily extend your
-     Apache server's functionality by installing your own modules
-     with the DSO mechanism by the help of this <strong>apxs</strong> tool:
-
-       $ apxs -i -a -c mod_foo.c
-       gcc -fpic -DSHARED_MODULE -I/path/to/apache/include -c mod_foo.c
-       ld -Bshareable -o mod_foo.so mod_foo.o
-       cp mod_foo.so /path/to/apache/libexec/mod_foo.so
-       chmod 755 /path/to/apache/libexec/mod_foo.so
-       [activating module `foo' in /path/to/apache/etc/httpd.conf]
-       $ apachectl restart
-       /path/to/apache/sbin/apachectl restart: httpd not running, trying to start
-       [Tue Mar 31 11:27:55 1998] [debug] mod_so.c(303): loaded module foo_module
-       /path/to/apache/sbin/apachectl restart: httpd started
-       $ _
-
-     The arguments <em>files</em> can be any C source file (.c), a  object
-     file  (.o)  or  even  a  library archive (.a). The <strong>apxs</strong> tool
-     automatically recognizes these extensions and  automatically
-     uses  the  C source files for compilation while it just uses
-     the object and archive files for the linking phase. But when
-     using such pre-compiled objects, make sure they are compiled
-     for Position Independent Code (PIC) to be able to  use  them
-     for a DSO. For instance with GCC you always just have to use
-     <strong>-fpic</strong>.  For other C compilers please consult its manual page
-     or  watch  for  the  flags  <strong>apxs</strong>  uses to compile the object
-     files.
-
-     For more details about DSO support in Apache, first read the
-     background  information about DSO in htdocs/manual/dso.html,
-     then read the documentation of <strong>mod_so</strong>.
-
-<strong>OPTIONS</strong>
-     Common options:
-
-     -<strong>n</strong> <em>name  </em>   This explicitly sets the module name for the  -<strong>i</strong>
-                 (install)  and  -<strong>g</strong> (template generation) option.
-                 Use this to explicitly specify the module  name.
-                 For  option  -<strong>g</strong>  this is required, for option -<strong>i</strong>
-                 the <strong>apxs</strong> tool tries to determine the  name  from
-                 the source or (as a fallback) at least by guess-
-                 ing it from the filename.
-
-     Query options:
-
-     -<strong>q       </strong>   Performs a query for <strong>apxs</strong>'s knowledge about cer-
-                 tain  settings.  The <em>query</em> parameters can be one
-                 or more of the following variable names:
-                   CC              TARGET
-                   CFLAGS          SBINDIR
-                   CFLAGS_SHLIB    INCLUDEDIR
-                   LD_SHLIB        LIBEXECDIR
-                   LDFLAGS_SHLIB   SYSCONFDIR
-                   LIBS_SHLIB      PREFIX
-                 Use this for manually determining settings.  For
-                 instance use
-                   INC=-I`apxs -q INCLUDEDIR`
-                 inside your own Makefiles  if  you  need  manual
-                 access to Apache's C header files.
-
-     Configuration options:
-
-     -<strong>S</strong> <em>variable</em>=<em>value</em>
-                 This option changes the <strong>apxs</strong> settings  described
-                 above.
-
-     Template Generation options:
-     -<strong>g       </strong>   This generates a subdirectory <em>name</em>  (see  option
-                 -<strong>n</strong>)  and there two files: A sample module source
-                 file named <strong>mod_</strong><em>name</em>.<em>c</em> which can  be  used  as  a
-                 template  for  creating your own modules or as a
-                 quick start for playing with the <strong>apxs</strong> mechanism.
-                 And  a  corresponding  <strong>Makefile</strong>  for even easier
-                 building and installing of this module.
-
-     DSO compilation options:
-
-     -<strong>c       </strong>   This indicates  the  compilation  operation.  It
-                 first  compiles the C source files (.c) of <em>files</em>
-                 into corresponding object files  (.o)  and  then
-                 builds  a DSO in <em>dsofile</em> by linking these object
-                 files plus the remaining object  files  (.o  and
-                 .a)  of  <em>files</em>  If no -<strong>o</strong> option is specified the
-                 output file is guessed from the  first  filename
-                 in   <em>files</em>   and   thus   usually   defaults  to
-                 <strong>mod_</strong><em>name</em>.<em>so</em>
-
-     -<strong>o</strong> <em>dsofile</em>  Explicitly specifies the filename of the created
-                 DSO  file.  If not specified and the name cannot
-                 be guessed from the  <em>files</em>  list,  the  fallback
-                 name <strong>mod_unknown.so</strong> is used.
-
-     -<strong>D</strong> <em>variable</em>[=<em>value</em>]
-                 This option is directly passed  through  to  the
-                 compilation  command(s).   Use  this to add your
-                 own defines to the build process.
-
-     -<strong>I</strong> <em>incdir</em>   This option is directly passed  through  to  the
-                 compilation  command(s).   Use  this to add your
-                 own include directories to search to  the  build
-                 process.
-
-     -<strong>L</strong> <em>libdir</em>   This option is directly passed  through  to  the
-                 linker  command.   Use  this  to  add  your  own
-                 library directories to search to the build  pro-
-                 cess.
-
-     -<strong>l</strong> <em>libname</em>  This option is directly passed  through  to  the
-                 linker  command.   Use  this  to  add  your  own
-                 libraries to search to the build process.
-
-     -<strong>Wc,</strong><em>compiler</em>-<em>flags</em>
-                 This option passes <em>compiler</em>-<em>flags</em> as  additional
-                 flags  to the compiler command.  Use this to add
-                 local compiler-specific options.
-
-     -<strong>Wl,</strong><em>linker</em>-<em>flags</em>
-                 This option passes  <em>linker</em>-<em>flags</em>  as  additional
-                 flags  to  the  linker command.  Use this to add
-                 local linker-specific options.
-
-     DSO installation and configuration options:
-
-     -<strong>i       </strong>   This indicates the  installation  operation  and
-                 installs  one  or  more  DSOs  into the server's
-                 <em>libexec</em> directory.
-
-     -<strong>a       </strong>   This  activates  the  module  by   automatically
-                 adding   a   corresponding  <strong>LoadModule</strong>  line  to
-                 Apache's <strong>httpd.conf</strong> configuration  file,  or  by
-                 enabling it if it already exists.
-
-     -<strong>A       </strong>   Same as option -<strong>a</strong>  but  the  created  <strong>LoadModule</strong>
-                 directive is prefixed with a hash sign (#), i.e.
-                 the module is just prepared for later activation
-                 but initially disabled.
-
-     -<strong>e       </strong>   This indicates the editing operation, which  can
-                 be  used with the -<strong>a</strong> and -<strong>A</strong> options similarly to
-                 the -<strong>i</strong> operation  to  edit  Apache's  <strong>httpd.conf</strong>
-                 configuration file without attempting to install
-                 the module.
-
-<strong>EXAMPLES</strong>
-     Assume you have an Apache module named  mod_foo.c  available
-     which should extend Apache's server functionality. To accom-
-     plish this you first have to compile the C source into a DSO
-     suitable  for  loading  into the Apache server under runtime
-     via the following command:
-
-       $ apxs -c mod_foo.c
-       gcc -fpic -DSHARED_MODULE -I/path/to/apache/include -c mod_foo.c
-       ld -Bshareable -o mod_foo.so mod_foo.o
-       $ _
-
-     Then you have to update the Apache configuration  by  making
-     sure  a <strong>LoadModule</strong> directive is present to load this DSO. To
-     simplify this step <strong>apxs</strong> provides an automatic way to install
-     the   DSO  in  the  "libexec"  directory  and  updating  the
-     <strong>httpd.conf</strong> file accordingly. This can be  achieved  by  run-
-     ning:
-
-       $ apxs -i -a mod_foo.c
-       cp mod_foo.so /path/to/apache/libexec/mod_foo.so
-       chmod 755 /path/to/apache/libexec/mod_foo.so
-       [activating module `foo' in /path/to/apache/etc/httpd.conf]
-       $ _
-
-     This way a line named
-
-       LoadModule foo_module libexec/mod_foo.so
-
-     is added to the configuration file if still not present.  If
-     you  want  to have this operation to be disabled, use the -<strong>A</strong>
-     option, i.e.
-
-       $ apxs -i -A mod_foo.c
-
-     For a quick test of the <strong>apxs</strong> mechanism you can create a sam-
-     ple  Apache  module  template  plus a corresponding <strong>Makefile</strong>
-     via:
-
-       $ apxs -g -n foo
-       Creating [DIR]  foo
-       Creating [FILE] foo/Makefile
-       Creating [FILE] foo/mod_foo.c
-       $ _
-
-     Then you can immediately compile this sample module  into  a
-     DSO and load it into the Apache server:
-
-       $ cd foo
-       $ make all reload
-       apxs -c mod_foo.c
-       gcc -fpic -DSHARED_MODULE -I/path/to/apache/include -c mod_foo.c
-       ld -Bshareable -o mod_foo.so mod_foo.o
-       apxs -i -a -n "foo" mod_foo.so
-       cp mod_foo.so /path/to/apache/libexec/mod_foo.so
-       chmod 755 /path/to/apache/libexec/mod_foo.so
-       [activating module `foo' in /path/to/apache/etc/httpd.conf]
-       apachectl restart
-       /path/to/apache/sbin/apachectl restart: httpd not running, trying to start
-       [Tue Mar 31 11:27:55 1998] [debug] mod_so.c(303): loaded module foo_module
-       /path/to/apache/sbin/apachectl restart: httpd started
-       $ _
-
-     You can even use <strong>apxs</strong> to compile complex modules outside the
-     Apache  source  tree,  like PHP3, because <strong>apxs</strong> automatically
-     recognized C source files and object files.
-
-       $ cd php3
-       $ ./configure --with-shared-apache=../apache-1.3
-       $ apxs -c -o libphp3.so mod_php3.c libmodphp3-so.a
-       gcc -fpic -DSHARED_MODULE -I/tmp/apache/include  -c mod_php3.c
-       ld -Bshareable -o libphp3.so mod_php3.o libmodphp3-so.a
-       $ _
-
-     Only C source files  are  compiled  while  remaining  object
-     files are used for the linking phase.
-
-<strong>SEE ALSO</strong>
-     <strong>apachectl(1), httpd(8).</strong>
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/dbmmanage.html b/usr.sbin/httpd/htdocs/manual/programs/dbmmanage.html
deleted file mode 100644
index ce9e2d4865c..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/dbmmanage.html
+++ /dev/null
@@ -1,126 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: dbmmanage - Apache HTTP Server</title>
-  </head>
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: dbmmanage</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     dbmmanage - Create and update user authentication  files  in
-     DBM format
-
-<strong>SYNOPSIS</strong>
-     <strong>dbmmanage</strong> <em>filename</em> [ <em>command</em> ] [ <em>username</em> [ <em>encpasswd</em> ] ]
-
-<strong>DESCRIPTION</strong>
-     <strong>dbmmanage</strong> is used to create and update the DBM format  files
-     used  to  store usernames and password for basic authentica-
-     tion of HTTP users.   Resources  available  from  the  <strong>httpd</strong>
-     Apache web server can be restricted to just the users listed
-     in the files created by <strong>dbmmanage.</strong> This program can only  be
-     used  when  the usernames are stored in a DBM file. To use a
-     flat-file database see <strong>htpasswd</strong>.
-
-     This manual page only lists the command line arguments.  For
-     details  of  the  directives  necessary  to  configure  user
-     authentication in <strong>httpd</strong> see the Apache manual, which is part
-     of   the   Apache   distribution   or   can   be   found  at
-     http://www.apache.org/.
-
-<strong>OPTIONS</strong>
-     <em>filename</em>
-          The filename of the DBM format  file.  Usually  without
-          the extension .db, .pag, or .dir.
-
-     <em>command</em>
-          This selects the operation to perform:
-
-     <strong>add      </strong>   Adds an entry for <em>username</em> to <em>filename</em> using the
-                 encrypted password <em>encpassword</em>.
-
-     <strong>adduser  </strong>   Asks for a password and then adds an  entry  for
-                 <em>username</em> to <em>filename</em> .
-
-     <strong>check    </strong>   Asks for a password and then checks if  <em>username</em>
-                 is  in <em>filename</em> and if it's password matches the
-                 specified one.
-
-     <strong>delete   </strong>   Deletes the <em>username</em> entry from <em>filename</em>.
-
-     <strong>import   </strong>   Reads username:password entries (one  per  line)
-                 from  STDIN and adds them to <em>filename</em>. The pass-
-                 words already has to be crypted.
-
-     <strong>update   </strong>   Same as the "adduser" command,  except  that  it
-                 makes sure <em>username</em> already exists in <em>filename</em>.
-
-     <strong>view     </strong>   Just displays the complete contents of  the  DBM
-                 file.
-
-     <em>username </em>   The user for which the update operation is  per-
-                 formed.
-
-<strong>BUGS</strong>
-     One should be aware that there are a number of different DBM
-     file   formats   in  existence,  and  with  all  likelihood,
-     libraries for more than one format may exist on your system.
-     The three primary examples are NDBM, the GNU project's GDBM,
-     and Berkeley DB 2.  Unfortunately, all these  libraries  use
-     different file formats, and you must make sure that the file
-     format used by <em>filename</em> is the same  format  that  <strong>dbmmanage</strong>
-     expects  to see. <strong>dbmmanage</strong> currently has no way of determin-
-     ing what type of DBM file it is looking at.  If used against
-     the  wrong format, will simply return nothing, or may create
-     a different DBM file with a different name, or at worst,  it
-     may  corrupt the DBM file if you were attempting to write to
-     it.
-
-     <strong>dbmmanage</strong> has a list of DBM format preferences,  defined  by
-     the  <strong>@AnyDBM::ISA</strong>  array  near the beginning of the program.
-     Since we prefer the Berkeley DB 2 file format, the order  in
-     which  <strong>dbmmanage</strong>  will look for system libraries is Berkeley
-     DB 2, then NDBM, and then GDBM.   The  first  library  found
-     will  be  the  library <strong>dbmmanage</strong> will attempt to use for all
-     DBM file transactions.  This ordering is slightly  different
-     than  the standard <strong>@AnyDBM::ISA</strong> ordering in perl, as well as
-     the ordering used by the simple dbmopen() call in  Perl,  so
-     if  you  use  any  other utilities to manage your DBM files,
-     they must also follow  this  preference  ordering.   Similar
-     care  must  be  taken  if using programs in other languages,
-     like C, to access these files.
-
-     Apache's <strong>mod_auth_db.c</strong> module corresponds to Berkeley  DB  2
-     library,   while  <strong>mod_auth_dbm.c</strong>  corresponds  to  the  NDBM
-     library.  Also, one can usually use the  <strong>file</strong>  program  sup-
-     plied  with  most Unix systems to see what format a DBM file
-     is in.
-
-<strong>SEE ALSO</strong>
-     <strong>httpd(8)</strong>
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/htdigest.html b/usr.sbin/httpd/htdocs/manual/programs/htdigest.html
deleted file mode 100644
index b158b1801ae..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/htdigest.html
+++ /dev/null
@@ -1,74 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: htdigest - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: htdigest</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     htdigest - Create and update user authentication files
-
-<strong>SYNOPSIS</strong>
-     <strong>htdigest</strong> [ -<strong>c</strong> ] <em>passwdfile realm username</em>
-
-<strong>DESCRIPTION</strong>
-     <strong>htdigest</strong> is used to create and update the flat-files used to
-     store  usernames,  realm and password for digest authentica-
-     tion of HTTP users.   Resources  available  from  the  <strong>httpd</strong>
-     Apache web server can be restricted to just the users listed
-     in the files created by <strong>htdigest.</strong>
-
-     This manual page only lists the command line arguments.  For
-     details  of  the  directives  necessary  to configure digest
-     authentication in <strong>httpd</strong> see the Apache manual, which is part
-     of   the   Apache   distribution   or   can   be   found  at
-     http://www.apache.org/.
-
-<strong>OPTIONS</strong>
-     -c   Create the <em>passwdfile</em>. If <em>passwdfile</em> already exists, it
-          is deleted first.
-
-     <em>passwdfile</em>
-          Name of the file to contain  the  username,  realm  and
-          password.  If  -c is specified, this file is created if
-          it does not already exist, or deleted and recreated  if
-          it does exist.
-
-     <em>realm</em>
-          The realm name to which the user name belongs.
-
-     <em>username</em>
-          The user name to create or  update  in  <strong>passwdfile</strong>.  If
-          <em>username</em>  does  not  exist  is  this  file, an entry is
-          added. If it does exist, the password is changed.
-
-<strong>SEE ALSO</strong>
-     <strong>httpd(8)</strong>
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html b/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html
deleted file mode 100644
index 2aef1cb6f5b..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html
+++ /dev/null
@@ -1,189 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: htpasswd - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: htpasswd</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     htpasswd - Create and update user authentication files
-
-<strong>SYNOPSIS</strong>
-     <strong>htpasswd</strong> [ -<strong>c</strong> ] [ -<strong>m</strong> | -<strong>d</strong> | -<strong>s</strong> | -<strong>p</strong> ] <em>passwdfile username</em>
-     <strong>htpasswd</strong> -<strong>b</strong> [ -<strong>c</strong> ] [ -<strong>m</strong> | -<strong>d</strong> | -<strong>s</strong> | -<strong>p</strong> ] <em>passwdfile username</em>
-     <em>password</em>
-     <strong>htpasswd</strong> -<strong>n</strong> [ -<strong>m</strong> | -<strong>d</strong> | -<strong>s</strong> | -<strong>p</strong> ] <em>username</em>
-     <strong>htpasswd</strong> -<strong>nb</strong> [ -<strong>m</strong> | -<strong>d</strong> | -<strong>s</strong> | -<strong>p</strong> ] <em>username password</em>
-
-<strong>DESCRIPTION</strong>
-     <strong>htpasswd</strong> is used to create and update the flat-files used to
-     store  usernames  and  password  for basic authentication of
-     HTTP users.  If <strong>htpasswd</strong> cannot access a file, such  as  not
-     being  able to write to the output file or not being able to
-     read the file in order to update it,  it  returns  an  error
-     status and makes no changes.
-
-     Resources available from the <strong>httpd</strong> Apache web server can  be
-     restricted  to just the users listed in the files created by
-     <strong>htpasswd.</strong> This program can only manage usernames  and  pass-
-     words  stored  in  a  flat-file.  It can encrypt and display
-     password information for use in other types of data  stores,
-     though.  To use a DBM database see <strong>dbmmanage</strong>.
-
-     <strong>htpasswd</strong> encrypts passwords using either a  version  of  MD5
-     modified for Apache, or the system's <em>crypt</em>() routine.  Files
-     managed by <strong>htpasswd</strong> may contain  both  types  of  passwords;
-     some  user  records  may  have MD5-encrypted passwords while
-     others in the same file may have  passwords  encrypted  with
-     <em>crypt</em>().
-
-     This manual page only lists the command line arguments.  For
-     details  of  the  directives  necessary  to  configure  user
-     authentication in <strong>httpd</strong> see the Apache manual, which is part
-     of   the   Apache   distribution   or   can   be   found  at
-     &lt;URL:http://www.apache.org/&gt;.
-
-<strong>OPTIONS</strong>
-     -b   Use batch mode; <em>i</em>.<em>e</em>., get the password from the command
-          line  rather  than prompting for it. <strong>This option should</strong>
-          <strong>be used  with  extreme  care,  since  the  password  is</strong>
-          <strong>clearly visible on the command line.</strong>
-
-     -c   Create the <em>passwdfile</em>. If <em>passwdfile</em> already exists, it
-          is rewritten and truncated.  This option cannot be com-
-          bined with the <strong>-n</strong> option.
-
-     -n   Display the results  on  standard  output  rather  than
-          updating  a  file.  This is useful for generating pass-
-          word records acceptable  to  Apache  for  inclusion  in
-          non-text  data  stores.  This option changes the syntax
-          of the command  line,  since  the  <em>passwdfile</em>  argument
-          (usually  the first one) is omitted.  It cannot be com-
-          bined with the <strong>-c</strong> option.
-
-     -m   Use Apache's  modified  MD5  algorithm  for  passwords.
-          Passwords  encrypted with this algorithm are transport-
-          able to any platform (Windows, Unix, BeOS,  et  cetera)
-          running  Apache  1.3.9  or  later.  On Windows and TPF,
-          this flag is the default.
-
-     -d   Use crypt() encryption for passwords.  The  default  on
-          all platforms but Windows and TPF. Though possibly sup-
-          ported by <strong>htpasswd</strong> on all platforms,  it  is  not  sup-
-          ported by the <strong>httpd</strong> server on Windows and TPF.
-
-     -s   Use SHA encryption for passwords. Faciliates  migration
-          from/to  Netscape  servers  using  the  LDAP  Directory
-          Interchange Format (ldif).
-
-     -p   Use plaintext passwords. Though <strong>htpasswd</strong>  will  support
-          creation  on  all platforms, the <strong>httpd</strong> daemon will only
-          accept plain text passwords on Windows and TPF.
-
-     <em>passwdfile</em>
-          Name of the file to contain the user name and password.
-          If  -c  is  given,  this file is created if it does not
-          already exist, or rewritten and truncated  if  it  does
-          exist.
-
-     <em>username</em>
-          The username to create  or  update  in  <strong>passwdfile</strong>.  If
-          <em>username</em>  does  not  exist  in  this  file, an entry is
-          added. If it does exist, the password is changed.
-
-     <em>password</em>
-          The plaintext password to be encrypted  and  stored  in
-          the file.  Only used with the -<em>b</em> flag.
-
-<strong>EXIT STATUS</strong>
-     <strong>htpasswd</strong> returns a zero status ("true") if the username  and
-     password  have  been  successfully  added  or updated in the
-     <em>passwdfile</em>.  <strong>htpasswd</strong> returns 1 if it encounters some  prob-
-     lem  accessing  files,  2 if there was a syntax problem with
-     the command line, 3 if the  password  was  entered  interac-
-     tively  and  the  verification  entry didn't match, 4 if its
-     operation was interrupted, 5 if a value is too  long  (user-
-     name,  filename,  password, or final computed record), and 6
-     if the username contains illegal characters  (see  the  <strong>RES-</strong>
-     <strong>TRICTIONS</strong> section).
-
-<strong>EXAMPLES</strong>
-     <strong>htpasswd /usr/local/etc/apache/.htpasswd-users jsmith</strong>
-
-          Adds or modifies the password for user <em>jsmith</em>. The user
-          is prompted for the password.  If executed on a Windows
-          system, the password will be encrypted using the  modi-
-          fied  Apache  MD5  algorithm;  otherwise,  the system's
-          <em>crypt</em>() routine will be used.  If  the  file  does  not
-          exist, <strong>htpasswd</strong> will do nothing except return an error.
-
-     <strong>htpasswd -c /home/doe/public_html/.htpasswd jane</strong>
-
-          Creates a new file and stores a record in it  for  user
-          <em>jane</em>.   The  user is prompted for the password.  If the
-          file exists and cannot be read, or cannot  be  written,
-          it  is  not altered and <strong>htpasswd</strong> will display a message
-          and return an error status.
-
-     <strong>htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve</strong>
-
-          Encrypts the password from the command line (<em>Pwd4Steve</em>)
-          using the MD5 algorithm, and stores it in the specified
-          file.
-
-<strong>SECURITY CONSIDERATIONS</strong>
-     Web password files such as those managed by <strong>htpasswd</strong>  should
-     <strong>not</strong>  be  within  the Web server's URI space -- that is, they
-     should not be fetchable with a browser.
-
-     The use of the -<em>b</em> option is discouraged, since  when  it  is
-     used the unencrypted password appears on the command line.
-
-<strong>RESTRICTIONS</strong>
-     On the Windows and MPE platforms, passwords  encrypted  with
-     <strong>htpasswd</strong>  are  limited  to  no  more  than 255 characters in
-     length.  Longer passwords will be truncated to  255  charac-
-     ters.
-
-     The MD5 algorithm used by <strong>htpasswd</strong> is specific to the Apache
-     software;  passwords  encrypted  using it will not be usable
-     with other Web servers.
-
-     Usernames are limited to 255 bytes and may not  include  the
-     character ':'.
-
-<strong>SEE ALSO</strong>
-     <strong>httpd(8)</strong> and the scripts in support/SHA1 which come with the
-     distribution.
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/httpd.html b/usr.sbin/httpd/htdocs/manual/programs/httpd.html
deleted file mode 100644
index 3a98dcd3bd1..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/httpd.html
+++ /dev/null
@@ -1,145 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: httpd - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: httpd</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     httpd - Apache hypertext transfer protocol server
-
-<strong>SYNOPSIS</strong>
-     <strong>httpd</strong> [ -<strong>X</strong> ] [ -<strong>R</strong> <em>libexecdir</em> ] [ -<strong>d</strong> <em>serverroot</em> ] [ -<strong>f</strong> <em>config</em>
-     ] [ -<strong>C</strong> <em>directive</em> ] [ -<strong>c</strong> <em>directive</em> ] [ -<strong>D</strong> <em>parameter</em> ]
-
-     <strong>httpd</strong> [ -<strong>h</strong> ] [ -<strong>l</strong> ] [ -<strong>L</strong> ] [ -<strong>v</strong> ] [ -<strong>V</strong> ] [ -<strong>S</strong> ] [ -<strong>t</strong> ] [  -<strong>T</strong>
-     ]
-
-<strong>DESCRIPTION</strong>
-     <strong>httpd</strong> is  the  Apache  HyperText  Transfer  Protocol  (HTTP)
-     server  program.  It  is  designed to be run as a standalone
-     daemon process. When used like this it will create a pool of
-     child  processes to handle requests. To stop it, send a TERM
-     signal to the initial (parent) process. The PID of this pro-
-     cess  is  written  to  a  file as given in the configuration
-     file.  Alternatively <strong>httpd</strong> may be invoked  by  the  Internet
-     daemon  inetd(8)  each time a connection to the HTTP service
-     is made.
-
-     This manual page only lists the command line arguments.  For
-     details  of  the directives necessary to configure <strong>httpd</strong> see
-     the Apache manual, which is part of the Apache  distribution
-     or  can  be  found  at http://www.apache.org/. Paths in this
-     manual may not reflect those compiled into <strong>httpd.</strong>
-
-<strong>OPTIONS</strong>
-     -<strong>R</strong> <em>libexecdir</em>
-                 This option is  only  available  if  Apache  was
-                 built  with  the  <em>SHARED</em>_<em>CORE</em> rule enabled which
-                 forces the Apache core code to be placed into  a
-                 dynamic  shared  object (DSO) file. This file is
-                 searched in a hardcoded  path  under  ServerRoot
-                 per  default.  Use  this  option  if you want to
-                 override it.
-
-     -<strong>d</strong> <em>serverroot</em>
-                 Set the initial value for the ServerRoot  direc-
-                 tive  to  <em>serverroot</em>.  This can be overridden by
-                 the  ServerRoot  command  in  the  configuration
-                 file. The default is <strong>/usr/local/apache</strong>.
-
-     -<strong>f</strong> <em>config</em>   Execute the  commands  in  the  file  <em>config</em>  on
-                 startup. If <em>config</em> does not begin with a /, then
-                 it is taken to be a path relative to the Server-
-                 Root. The default is <strong>conf/httpd.conf</strong>.
-
-     -<strong>C</strong> <em>directive</em>
-                 Process the configuration <em>directive</em> before read-
-                 ing config files.
-
-     -<strong>c</strong> <em>directive</em>
-                 Process the configuration <em>directive</em> after  read-
-                 ing config files.
-
-     -<strong>D</strong> <em>parameter</em>
-                 Sets a configuration <em>parameter</em> which can be used
-                 with  &lt;IfDefine&gt;...&lt;/IfDefine&gt;  sections  in the
-                 configuration files  to  conditionally  skip  or
-                 process commands.
-
-     -<strong>h       </strong>   Output a short summary of available command line
-                 options.
-
-     -<strong>l       </strong>   Output a  list  of  modules  compiled  into  the
-                 server.
-
-     -<strong>L       </strong>   Output  a  list  of  directives  together   with
-                 expected  arguments  and places where the direc-
-                 tive is valid.
-
-     -<strong>S       </strong>   Show the settings as parsed from the config file
-                 (currently only shows the virtualhost settings).
-
-     -<strong>t       </strong>   Run syntax tests for configuration  files  only.
-                 The program immediately exits after these syntax
-                 parsing with either a return code of  0  (Syntax
-                 OK)  or  return  code  not  equal  to  0 (Syntax
-                 Error).
-
-     -<strong>T       </strong>   Same as option -<strong>t</strong> but does not check the config-
-                 ured document roots.
-
-     -<strong>X       </strong>   Run in single-process mode, for internal  debug-
-                 ging  purposes  only; the daemon does not detach
-                 from the terminal or fork any children.  Do  NOT
-                 use this mode to provide ordinary web service.
-
-     -<strong>v       </strong>   Print the version of <strong>httpd</strong> , and then exit.
-
-     -<strong>V       </strong>   Print the version and build parameters of  <strong>httpd</strong>
-                 , and then exit.
-
-<strong>FILES</strong>
-     <strong>/usr/local/apache/conf/httpd.conf</strong>
-     <strong>/usr/local/apache/conf/srm.conf</strong>
-     <strong>/usr/local/apache/conf/access.conf</strong>
-     <strong>/usr/local/apache/conf/mime.types</strong>
-     <strong>/usr/local/apache/conf/magic</strong>
-     <strong>/usr/local/apache/logs/error_log</strong>
-     <strong>/usr/local/apache/logs/access_log</strong>
-     <strong>/usr/local/apache/logs/httpd.pid</strong>
-
-<strong>SEE ALSO</strong>
-     <strong>inetd</strong>(8).
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/index.html b/usr.sbin/httpd/htdocs/manual/programs/index.html
deleted file mode 100644
index c3bcf6c8f96..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/index.html
+++ /dev/null
@@ -1,86 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache HTTP Server and Supporting Programs</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Server and Supporting Programs</h1>
-
-    <p>This page documents all the executable programs included
-    with the Apache HTTP Server.</p>
-
-    <dl>
-      <dt><a href="httpd.html">httpd</a></dt>
-
-      <dd>Apache hypertext transfer protocol server</dd>
-
-      <dt><a href="apachectl.html">apachectl</a></dt>
-
-      <dd>Apache HTTP server control interface</dd>
-
-      <dt><a href="ab.html">ab</a></dt>
-
-      <dd>Apache HTTP server benchmarking tool</dd>
-
-      <dt><a href="apxs.html">apxs</a></dt>
-
-      <dd>APache eXtenSion tool</dd>
-
-      <dt><a href="dbmmanage.html">dbmmanage</a></dt>
-
-      <dd>Create and update user authentication files in DBM format
-      for basic authentication</dd>
-
-      <dt><a href="htdigest.html">htdigest</a></dt>
-
-      <dd>Create and update user authentication files for digest
-      authentication</dd>
-
-      <dt><a href="htpasswd.html">htpasswd</a></dt>
-
-      <dd>Create and update user authentication files for basic
-      authentication</dd>
-
-      <dt><a href="logresolve.html">logresolve</a></dt>
-
-      <dd>Resolve hostnames for IP-addresses in Apache
-      logfiles</dd>
-
-      <dt><a href="rotatelogs.html">rotatelogs</a></dt>
-
-      <dd>Rotate Apache logs without having to kill the server</dd>
-
-      <dt><a href="suexec.html">suexec</a></dt>
-
-      <dd>Switch User For Exec</dd>
-
-      <dt><a href="other.html">Other Programs</a></dt>
-    </dl>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/logresolve.html b/usr.sbin/httpd/htdocs/manual/programs/logresolve.html
deleted file mode 100644
index 5e270db89c9..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/logresolve.html
+++ /dev/null
@@ -1,59 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: logresolve - Apache HTTP Server</title>
-  </head>
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-    <!-- This document was autogenerated from the man page -->
-
-    <h1 align="center">Manual Page: logresolve</h1>
-<pre>
-<strong>NAME</strong>
-     logresolve - resolve hostnames  for  IP-addresses  in  Apache
-     logfiles
-
-<strong>SYNOPSIS</strong>
-     <strong>logresolve</strong>  [  -<strong>s</strong>  <em>filename</em>  ]  [  -<strong>c</strong>  ]  &lt;   <em>access</em>_<em>log</em>   &gt;
-     <em>access</em>_<em>log</em>.<em>new</em>
-
-<strong>DESCRIPTION</strong>
-     <strong>logresolve</strong> is  a  post-processing  program  to  resolve  IP-
-     addresses in Apache's access logfiles.  To minimize impact on
-     your nameserver, logresolve has its very own internal  hash-
-     table  cache.  This  means  that each IP number will only be
-     looked up the first time it is found in the log file.
-
-<strong>OPTIONS</strong>
-     -<strong>s</strong> <em>filename</em> Specifies a filename to record statistics.
-
-     -<strong>c       </strong>   This causes <strong>logresolve</strong> to apply some DNS checks:
-                 after  finding the hostname from the IP address,
-                 it looks up the IP addresses  for  the  hostname
-                 and  checks that one of these matches the origi-
-                 nal address.
-
-<strong>SEE ALSO</strong>
-     <strong>httpd(8)</strong>
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/other.html b/usr.sbin/httpd/htdocs/manual/programs/other.html
deleted file mode 100644
index 6ced5dc8134..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/other.html
+++ /dev/null
@@ -1,57 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Other Programs - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Other Programs</h1>
-
-    <p>The following programs are simple support programs included
-    with the Apache HTTP Server which do not have their own manual
-    pages.</p>
-
-    <h2><a id="log_server_status"
-    name="log_server_status">log_server_status</a></h2>
-
-    <p>This Perl script is designed to be run at a frequent
-    interval by something like cron. It connects to the server and
-    downloads the status information. It reformats the information
-    to a single line and logs it to a file. Adjust the variables at
-    the top of the script to specify the location of the resulting
-    logfile.</p>
-
-    <h2><a id="split-logfile"
-    name="split-logfile">split-logfile</a></h2>
-
-    <p>This Perl script will take a combined Web server access log
-    file and break its contents into separate files. It assumes
-    that the first field of each line is the virtual host identity
-    (put there by "%v"), and that the logfiles should be named
-    that+".log" in the current directory.</p>
-
-    <p>The combined log file is read from stdin. Records read will
-    be appended to any existing log files.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/rotatelogs.html b/usr.sbin/httpd/htdocs/manual/programs/rotatelogs.html
deleted file mode 100644
index 65d73e4490d..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/rotatelogs.html
+++ /dev/null
@@ -1,65 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: rotatelogs - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: rotatelogs</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     rotatelogs - rotate Apache logs without having to  kill  the
-     server
-
-<strong>SYNOPSIS</strong>
-     <strong>rotatelogs</strong> <em>logfile rotationtime</em>
-
-<strong>DESCRIPTION</strong>
-     <strong>rotatelogs</strong> is a simple program for use in  conjunction  with
-     Apache's piped logfile feature which can be used like this:
-
-        TransferLog "|rotatelogs /path/to/logs/access_log 86400"
-
-     This creates the files  /path/to/logs/access_log.nnnn  where
-     nnnn  is  the  system time at which the log nominally starts
-     (this time will always be a multiple of the  rotation  time,
-     so you can synchronize cron scripts with it).  At the end of
-     each rotation time (here  after  24  hours)  a  new  log  is
-     started.
-
-<strong>OPTIONS</strong>
-     <em>logfile</em>
-          The path plus basename of the logfile. The suffix .nnnn
-          is automatically added.
-
-     <em>rotationtime</em>
-          The rotation time in seconds.
-
-<strong>SEE ALSO</strong>
-     <strong>httpd(8)</strong>
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/programs/suexec.html b/usr.sbin/httpd/htdocs/manual/programs/suexec.html
deleted file mode 100644
index 71698f43667..00000000000
--- a/usr.sbin/httpd/htdocs/manual/programs/suexec.html
+++ /dev/null
@@ -1,56 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Manual Page: suexec - Apache HTTP Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#ffffff" text="#000000" link="#0000ff"
-  vlink="#000080" alink="#ff0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="center">Manual Page: suexec</h1>
-    <!-- This document was autogenerated from the man page -->
-<pre>
-<strong>NAME</strong>
-     suexec - Switch User For Exec
-
-<strong>SYNOPSIS</strong>
-     No synopsis for usage, because this program is  used  inter-
-     nally by Apache only.
-
-<strong>DESCRIPTION</strong>
-     <strong>suexec</strong> is the  "wrapper"  support  program  for  the  suEXEC
-     behavior for Apache.  It is run from within Apache automat-
-     ically to switch the user when an external program has to be
-     run  under  a  different  user.  For  more information about
-     suEXEC  see  the  document  `Apache  suEXEC  Support'  under
-     http://www.apache.org/docs/suexec.html .
-
-<strong>SEE ALSO</strong>
-     <strong>httpd(8)</strong>
-
-</pre>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/sections.html b/usr.sbin/httpd/htdocs/manual/sections.html
deleted file mode 100644
index d6ee901c52c..00000000000
--- a/usr.sbin/httpd/htdocs/manual/sections.html
+++ /dev/null
@@ -1,169 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>How Directory, Location and Files sections work</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">How Directory, Location and Files sections
-    work</h1>
-
-    <p>The sections <a
-    href="mod/core.html#directory"><code>&lt;Directory&gt;</code></a>,
-    <a
-    href="mod/core.html#location"><code>&lt;Location&gt;</code></a>
-    and <a
-    href="mod/core.html#files"><code>&lt;Files&gt;</code></a> can
-    contain directives which only apply to specified directories,
-    URLs or files respectively. Also htaccess files can be used
-    inside a directory to apply directives to that directory. This
-    document explains how these different sections differ and how
-    they relate to each other when Apache decides which directives
-    apply for a particular directory or request URL.</p>
-
-    <h2>Directives allowed in the sections</h2>
-
-    <p>Everything that is syntactically allowed in
-    <code>&lt;Directory&gt;</code> is also allowed in
-    <code>&lt;Location&gt;</code> (except a
-    sub-<code>&lt;Files&gt;</code> section). Semantically, however
-    some things, most notably <code>AllowOverride</code> and the
-    two options <code>FollowSymLinks</code> and
-    <code>SymLinksIfOwnerMatch</code>, make no sense in
-    <code>&lt;Location&gt;</code>,
-    <code>&lt;LocationMatch&gt;</code> or
-    <code>&lt;DirectoryMatch&gt;</code>. The same for
-    <code>&lt;Files&gt;</code> -- syntactically everything is fine,
-    but semantically some things are different.</p>
-
-    <h2>How the sections are merged</h2>
-
-    <p>The order of merging is:</p>
-
-    <ol>
-      <li><code>&lt;Directory&gt;</code> (except regular
-      expressions) and .htaccess done simultaneously (with
-      .htaccess, if allowed, overriding
-      <code>&lt;Directory&gt;</code>)</li>
-
-      <li><code>&lt;DirectoryMatch&gt;</code>, and
-      <code>&lt;Directory&gt;</code> with regular expressions</li>
-
-      <li><code>&lt;Files&gt;</code> and
-      <code>&lt;FilesMatch&gt;</code> done simultaneously</li>
-
-      <li><code>&lt;Location&gt;</code> and
-      <code>&lt;LocationMatch&gt;</code> done simultaneously</li>
-    </ol>
-
-    <p>Apart from <code>&lt;Directory&gt;</code>, each group is
-    processed in the order that they appear in the configuration
-    files. <code>&lt;Directory&gt;</code> (group 1 above) is
-    processed in the order shortest directory component to longest.
-    If multiple <code>&lt;Directory&gt;</code> sections apply to
-    the same directory they are processed in the configuration
-    file order. The configuration files are read in the order
-    httpd.conf, srm.conf and access.conf. Configurations included
-    via the <code>Include</code> directive will be treated as if
-    they were inside the including file at the location of the
-    <code>Include</code> directive.</p>
-
-    <p>Sections inside <code>&lt;VirtualHost&gt;</code> sections
-    are applied <em>after</em> the corresponding sections outside
-    the virtual host definition. This allows virtual hosts to
-    override the main server configuration. (Note: this only works
-    correctly from 1.2.2 and 1.3a2 onwards. Before those releases
-    sections inside virtual hosts were applied <em>before</em> the
-    main server).</p>
-
-    <p>Later sections override earlier ones.</p>
-
-    <h2>Notes about using sections</h2>
-
-    <p>The general guidelines are:</p>
-
-    <ul>
-      <li>If you are attempting to match objects at the filesystem
-      level then you must use <code>&lt;Directory&gt;</code> and/or
-      <code>&lt;Files&gt;</code>.</li>
-
-      <li>If you are attempting to match objects at the URL level
-      then you must use <code>&lt;Location&gt;</code></li>
-    </ul>
-
-    <p>But a notable exception is:</p>
-
-    <ul>
-      <li>proxy control is done via <code>&lt;Directory&gt;</code>.
-      This is a legacy mistake because the proxy existed prior to
-      <code>&lt;Location&gt;</code>. A future version of the config
-      language should probably switch this to
-      <code>&lt;Location&gt;</code>.</li>
-    </ul>
-
-    <p>Note about .htaccess parsing:</p>
-
-    <ul>
-      <li>Modifying .htaccess parsing during Location doesn't do
-      anything because .htaccess parsing has already occurred.</li>
-    </ul>
-
-    <p><code>&lt;Location&gt;</code> and symbolic links:</p>
-
-    <ul>
-      <li>It is not possible to use "<code>Options
-      FollowSymLinks</code>" or "<code>Options
-      SymLinksIfOwnerMatch</code>" inside a
-      <code>&lt;Location&gt;</code>,
-      <code>&lt;LocationMatch&gt;</code> or
-      <code>&lt;DirectoryMatch&gt;</code> section (the options are
-      simply ignored). Using the options in question is only
-      possible inside a <code>&lt;Directory&gt;</code> section (or
-      a <code>.htaccess</code> file).</li>
-    </ul>
-
-    <p><code>&lt;Files&gt;</code> and <code>Options</code>:</p>
-
-    <ul>
-      <li>Apache won't check for it, but using an
-      <code>Options</code> directive inside a
-      <code>&lt;Files&gt;</code> section has no effect.</li>
-    </ul>
-
-    <p>Another note:</p>
-
-    <ul>
-      <li>There is actually a
-      <code>&lt;Location&gt;</code>/<code>&lt;LocationMatch&gt;</code>
-      sequence performed just before the name translation phase
-      (where <code>Aliases</code> and <code>DocumentRoots</code>
-      are used to map URLs to filenames). The results of this
-      sequence are completely thrown away after the translation has
-      completed.</li>
-    </ul>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/server-wide.html b/usr.sbin/httpd/htdocs/manual/server-wide.html
deleted file mode 100644
index 352f800bc8e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/server-wide.html
+++ /dev/null
@@ -1,293 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Server-Wide Configuration</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="center">Server-Wide Configuration</h1>
-
-    <p>This document explains some of the directives provided by
-    the <a href="mod/core.html">core</a> server which are used to
-    configure the basic operations of the server.</p>
-
-    <ul>
-      <li><a href="#identification">Server Identification</a></li>
-
-      <li><a href="#locations">File Locations</a></li>
-
-      <li><a href="#process">Process Creation</a></li>
-
-      <li><a href="#network">Network Configuration</a></li>
-
-      <li><a href="#resource">Limiting Resource Usage</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="identification" name="identification">Server
-    Identification</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="mod/core.html#servername">ServerName</a><br />
-         <a href="mod/core.html#serveradmin">ServerAdmin</a><br />
-         <a
-        href="mod/core.html#serversignature">ServerSignature</a><br />
-         <a
-        href="mod/core.html#servertokens">ServerTokens</a><br />
-         <a
-        href="mod/core.html#usecanonicalname">UseCanonicalName</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>The <code>ServerAdmin</code> and <code>ServerTokens</code>
-    directives control what information about the server will be
-    presented in server-generated documents such as error messages.
-    The <code>ServerTokens</code> directive sets the value of the
-    Server HTTP response header field.</p>
-
-    <p>The <code>ServerName</code> and
-    <code>UseCanonicalName</code> directives are used by the server
-    to determine how to construct self-referential URLs. For
-    example, when a client requests a directory, but does not
-    include the trailing slash in the directory name, Apache must
-    redirect the client to the full name including the trailing
-    slash so that the client will correctly resolve relative
-    references in the document.</p>
-    <hr />
-
-    <h2><a id="locations" name="locations">File Locations</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="mod/core.html#coredumpdirectory">CoreDumpDirectory</a><br />
-         <a
-        href="mod/core.html#documentroot">DocumentRoot</a><br />
-         <a href="mod/core.html#errorlog">ErrorLog</a><br />
-         <a href="mod/core.html#lockfile">Lockfile</a><br />
-         <a href="mod/core.html#pidfile">PidFile</a><br />
-         <a
-        href="mod/core.html#scoreboardfile">ScoreBoardFile</a><br />
-         <a href="mod/core.html#serverroot">ServerRoot</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>These directives control the locations of the various files
-    that Apache needs for proper operation. When the pathname used
-    does not begin with a slash "/", the files are located relative
-    to the <code>ServerRoot</code>. Be careful about locating files
-    in paths which are writable by non-root users. See the <a
-    href="misc/security_tips.html">security tips</a> documentation
-    for more details.</p>
-    <hr />
-
-    <h2><a id="process" name="process">Process Creation</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="mod/core.html#bs2000account">BS2000Account</a><br />
-         <a href="mod/core.html#group">Group</a><br />
-         <a href="mod/core.html#maxclients">MaxClients</a><br />
-         <a
-        href="mod/core.html#maxrequestsperchild">MaxRequestsPerChild</a><br />
-         <a href="mod/core.html#maxfooperchild">MaxCPUPerChild</a><br />
-         <a href="mod/core.html#maxfooperchild">MaxDATAPerChild</a><br />
-         <a href="mod/core.html#maxfooperchild">MaxNOFILEPerChild</a><br />
-         <a href="mod/core.html#maxfooperchild">MaxRSSPerChild</a><br />
-         <a href="mod/core.html#maxfooperchild">MaxSTACKPerChild</a><br />
-         <a
-        href="mod/core.html#maxspareservers">MaxSpareServers</a><br />
-         <a
-        href="mod/core.html#minspareservers">MinSpareServers</a><br />
-         <a href="mod/core.html#servertype">ServerType</a><br />
-         <a
-        href="mod/core.html#startservers">StartServers</a><br />
-         <a
-        href="mod/core.html#threadsperchild">ThreadsPerChild</a><br />
-         <a href="mod/core.html#user">User</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>When <code>ServerType</code> is set to its recommended value
-    of <code>Standalone</code>, Apache 1.3 for Unix is a
-    pre-forking web server. A single control process is responsible
-    for launching child processes which listen for connections and
-    serve them when they arrive. Apache always tries to maintain
-    several <em>spare</em> or idle server processes, which stand
-    ready to serve incoming requests. In this way, clients do not
-    need to wait for a new child processes to be forked before
-    their requests can be served.</p>
-
-    <p>The <code>StartServers</code>, <code>MinSpareServers</code>,
-    <code>MaxSpareServers</code>, and <code>MaxServers</code>
-    regulate how the parent process creates children to serve
-    requests. In general, Apache is very self-regulating, so most
-    sites do not need to adjust these directives from their default
-    values. Sites which need to serve more than 256 simultaneous
-    requests may need to increase <code>MaxClients</code>, while
-    sites with limited memory may need to decrease
-    <code>MaxClients</code> to keep the server from thrashing
-    (swapping memory to disk and back). More information about
-    tuning process creation is provided in the <a
-    href="misc/perf-tuning.html">performance hints</a>
-    documentation.</p>
-
-    <p>While the parent process is usually started as root under
-    Unix in order to bind to port 80, the child processes are
-    launched by Apache as a less-privileged user. The
-    <code>User</code> and <code>Group</code> directives are used to
-    set the privileges of the Apache child processes. The child
-    processes must be able to read all the content that will be
-    served, but should have as few privileges beyond that as
-    possible. In addition, unless <a href="suexec.html">suexec</a>
-    is used, these directives also set the privileges which will be
-    inherited by CGI scripts.</p>
-
-    <p><a href="mod/core.html#maxfooperchild"><code>MaxFOOPerChild</code></a>
-    sets rlimits on a child process to prevent a leaky module from
-    taking down the whole server.</p>
-
-    <p><code>MaxRequestsPerChild</code> controls how frequently the
-    server recycles processes by killing old ones and launching new
-    ones.</p>
-
-    <p>Under Windows, Apache launches one control process and one
-    child process. The child process creates multiple threads to
-    serve requests. The number of threads is controlled by the
-    <code>ThreadsPerChild</code> directive.</p>
-    <hr />
-
-    <h2><a id="network" name="network">Network
-    Configuration</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="mod/core.html#bindaddress">BindAddress</a><br />
-         <a href="mod/core.html#keepalive">KeepAlive</a><br />
-         <a
-        href="mod/core.html#keepalivetimeout">KeepAliveTimeout</a><br />
-         <a href="mod/core.html#listen">Listen</a><br />
-         <a
-        href="mod/core.html#listenbacklog">ListenBackLog</a><br />
-         <a
-        href="mod/core.html#acceptfilter">AcceptFilter</a><br />
-         <a href="mod/core.html#acceptmutex">AcceptMutex</a><br />
-         <a
-        href="mod/core.html#maxkeepaliverequests">MaxKeepAliveRequests</a><br />
-         <a href="mod/core.html#port">Port</a><br />
-         <a
-        href="mod/core.html#sendbuffersize">SendBufferSize</a><br />
-         <a href="mod/core.html#timeout">TimeOut</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>When Apache starts, it connects to some port and address on
-    the local machine and waits for incoming requests. By default,
-    it listens to all addresses on the machine, and to the port as
-    specified by the <code>Port</code> directive in the server
-    configuration. However, it can be told to listen to more than
-    one port, to listen to only selected addresses, or a
-    combination. This is often combined with the <a
-    href="vhosts/">Virtual Host</a> feature which determines how
-    Apache responds to different IP addresses, hostnames and
-    ports.</p>
-
-    <p>There are two directives used to restrict or specify which
-    addresses and ports Apache listens to. The
-    <code>BindAddress</code> directive is used to restrict the
-    server to listening to a single IP address. The
-    <code>Listen</code> directive can be used to specify multiple
-    IP addresses and/or Ports to which Apache will listen.</p>
-
-    <p>The <code>ListenBackLog</code>, <code>SendBufferSize</code>,
-    and <code>TimeOut</code> directives are used to adjust how
-    Apache interacts with the network.<code>AcceptFilter</code>
-    controls a BSD specific filter optimization. See the BSD
-    section on <a href="misc/perf-bsd44.html">performance hints</a>
-    documentation. <code>AcceptMutex</code> controls which accept
-    mutex method will be used. For an explanation of what this is
-    and why it's needed, see the <a
-    href="misc/perf-tuning.html">performance tuning guide</a></p>
-
-    <p>The <code>KeepAlive</code>, <code>KeepAliveTimeout</code>,
-    and <code>MaxKeepAliveRequests</code> directives are used to
-    configure how Apache handles persistent connections.</p>
-    <hr />
-
-    <h2><a id="resource" name="resource">Limiting Resource
-    Usage</a></h2>
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="mod/core.html#limitrequestbody">LimitRequestBody</a><br />
-         <a
-        href="mod/core.html#limitrequestfields">LimitRequestFields</a><br />
-         <a
-        href="mod/core.html#limitrequestfieldsize">LimitRequestFieldsize</a><br />
-         <a
-        href="mod/core.html#limitrequestline">LimitRequestLine</a><br />
-         <a href="mod/core.html#rlimitcpu">RLimitCPU</a><br />
-         <a href="mod/core.html#rlimitmem">RLimitMEM</a><br />
-         <a href="mod/core.html#rlimitnproc">RLimitNPROC</a><br />
-         <a href="mod/core.html#rlimitnofile">RLimitNOFILE</a><br />
-         <a
-        href="mod/core.html#threadstacksize">ThreadStackSize</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <p>The <code>LimitRequest</code>* directives are used to place
-    limits on the amount of resources Apache will use in reading
-    requests from clients. By limiting these values, some kinds of
-    denial of service attacks can be mitigated.</p>
-
-    <p>The <code>RLimit</code>* directives are used to limit the
-    amount of resources which can be used by processes forked off
-    from the Apache children. In particular, this will control
-    resources used by CGI scripts and SSI exec commands.</p>
-
-    <p>The <code>ThreadStackSize</code> directive is used only on
-    Netware to control the stack size.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/sitemap.html b/usr.sbin/httpd/htdocs/manual/sitemap.html
deleted file mode 100644
index 1ac33ed1d72..00000000000
--- a/usr.sbin/httpd/htdocs/manual/sitemap.html
+++ /dev/null
@@ -1,161 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <title>Site Map</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-
-    <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Site Map</h1>
-
-<ul>
-<li><a href="index.html">Apache HTTP Server Version 1.3 Documentation</a>
-<ul>
-
-<li>Using the Apache HTTP Server
-<ul>
-<li><a href="invoking.html">Starting Apache</a></li>
-<li><a href="stopping.html">Stopping and Restarting Apache</a></li>
-<li><a href="configuring.html">Configuration Files</a></li>
-<li><a href="sections.html">How Directory, Location and Files sections work</a></li>
-<li><a href="server-wide.html">Server-Wide Configuration</a></li>
-<li><a href="logs.html">Log Files</a></li>
-<li><a href="urlmapping.html">Mapping URLs to Filesystem Locations</a></li>
-<li><a href="misc/security_tips.html">Security Tips</a></li>
-<li><a href="dso.html">Dynamic Shared Object (DSO) support</a></li>
-<li><a href="content-negotiation.html">Apache Content Negotiation</a></li>
-<li><a href="custom-error.html">Custom error responses</a></li>
-<li><a href="bind.html">Setting which addresses and ports Apache uses</a></li>
-<li><a href="env.html">Environment Variables in Apache</a></li>
-<li><a href="handler.html">Apache's Handler Use</a></li>
-<li><a href="suexec.html">suEXEC Support</a></li>
-<li><a href="misc/perf-tuning.html">Performance Hints</a></li>
-<li><a href="misc/rewriteguide.html">URL Rewriting Guide</a></li>
-</ul></li>
-
-<li><a href="vhosts/">Apache Virtual Host documentation</a>
-<ul>
-<li><a href="vhosts/name-based.html">Name-based Virtual Hosts</a></li>
-<li><a href="vhosts/ip-based.html">IP-based Virtual Host Support</a></li>
-<li><a href="vhosts/mass.html">Dynamically configured mass virtual hosting</a></li>
-<li><a href="vhosts/examples.html">VirtualHost Examples</a></li>
-<li><a href="vhosts/details.html">An In-Depth Discussion of Virtual Host Matching</a></li>
-<li><a href="vhosts/fd-limits.html">File Descriptor Limits with Virtual Hosts</a></li>
-<li><a href="dns-caveats.html">Issues Regarding DNS and Apache</a></li>
-</ul></li>
-
-<li><a href="misc/FAQ.html">Apache Server Frequently Asked Questions</a></li>
-
-<li>Guides, Tutorials, and HowTos
-<ul>
-<li><a href="howto/auth.html">Authentication, Authorization, and Access Control</a></li>
-<li><a href="howto/cgi.html">Apache Tutorial: Dynamic Content with CGI</a></li>
-<li><a href="howto/ssi.html">Apache Tutorial: Introduction to Server
-Side Includes</a></li>
-<li><a href="misc/howto.html">HOWTO documentation</a></li>
-<li><a href="misc/tutorials.html">Apache Tutorials</a></li>
-</ul></li>
-
-<li>Platform-specific Notes
-<ul>
-<li><a href="misc/perf-bsd44.html">Running a High-Performance Web Server for BSD</a></li>
-<li><a href="misc/perf.html">Hints on Running a High-Performance Web Server</a></li>
-</ul></li>
-
-<li><a href="programs/">Apache HTTP Server and Supporting Programs</a>
-<ul>
-<li><a href="programs/httpd.html">Manual Page: httpd - Apache HTTP Server</a></li>
-<li><a href="programs/apxs.html">Manual Page: apxs - Apache HTTP Server</a></li>
-<li><a href="programs/ab.html">Manual Page: ab - Apache HTTP Server</a></li>
-<li><a href="programs/apachectl.html">Manual Page: apachectl - Apache HTTP Server</a></li>
-<li><a href="programs/dbmmanage.html">Manual Page: dbmmanage - Apache HTTP Server</a></li>
-<li><a href="programs/htdigest.html">Manual Page: htdigest - Apache HTTP Server</a></li>
-<li><a href="programs/htpasswd.html">Manual Page: htpasswd - Apache HTTP Server</a></li>
-<li><a href="programs/logresolve.html">Manual Page: logresolve - Apache HTTP Server</a></li>
-<li><a href="programs/rotatelogs.html">Manual Page: rotatelogs - Apache HTTP Server</a></li>
-<li><a href="programs/suexec.html">Manual Page: suexec - Apache HTTP Server</a></li>
-<li><a href="programs/other.html">Other Programs - Apache HTTP Server</a></li>
-</ul></li>
-
-<li><a href="mod/">Apache modules</a>
-<ul>
-<li><a href="mod/index-bytype.html">Apache modules - By Type</a></li>
-<li><a href="mod/directives.html">Apache directives</a></li>
-<li><a href="mod/directive-dict.html">Definitions of terms used to describe Apache directives</a></li>
-<li><a href="mod/module-dict.html">Definitions of terms used to describe Apache modules</a></li>
-<li><a href="mod/core.html">Apache Core Features</a></li>
-<li><a href="mod/mod_access.html">Apache module mod_access</a></li>
-<li><a href="mod/mod_actions.html">Apache module mod_actions</a></li>
-<li><a href="mod/mod_alias.html">Apache module mod_alias</a></li>
-<li><a href="mod/mod_asis.html">Apache module mod_asis</a></li>
-<li><a href="mod/mod_auth.html">Apache module mod_auth</a></li>
-<li><a href="mod/mod_auth_anon.html">Apache module mod_auth_anon.c</a></li>
-<li><a href="mod/mod_auth_db.html">Apache module mod_auth_db</a></li>
-<li><a href="mod/mod_auth_dbm.html">Apache module mod_auth_dbm</a></li>
-<li><a href="mod/mod_auth_digest.html">Apache module mod_auth_digest</a></li>
-<li><a href="mod/mod_autoindex.html">Apache module mod_autoindex</a></li>
-<li><a href="mod/mod_cern_meta.html">Apache module mod_cern_meta</a></li>
-<li><a href="mod/mod_cgi.html">Apache module mod_cgi</a></li>
-<li><a href="mod/mod_digest.html">Apache module mod_digest</a></li>
-<li><a href="mod/mod_dir.html">Apache module mod_dir</a></li>
-<li><a href="mod/mod_env.html">Apache module mod_env</a></li>
-<li><a href="mod/mod_expires.html">Apache module mod_expires</a></li>
-<li><a href="mod/mod_headers.html">Apache module mod_headers</a></li>
-<li><a href="mod/mod_imap.html">Apache module mod_imap</a></li>
-<li><a href="mod/mod_include.html">Apache module mod_include</a></li>
-<li><a href="mod/mod_info.html">Apache module mod_info</a></li>
-<li><a href="mod/mod_log_agent.html">Apache module mod_log_agent</a></li>
-<li><a href="mod/mod_log_config.html">Apache module mod_log_config</a></li>
-<li><a href="mod/mod_log_referer.html">Apache module mod_log_referer</a></li>
-<li><a href="mod/mod_mime.html">Apache module mod_mime</a></li>
-<li><a href="mod/mod_mime_magic.html">Apache module mod_mime_magic</a></li>
-<li><a href="mod/mod_mmap_static.html">Apache module mod_mmap_static</a></li>
-<li><a href="mod/mod_negotiation.html">Apache module mod_negotiation</a></li>
-<li><a href="mod/mod_proxy.html">Apache module mod_proxy</a></li>
-<li><a href="mod/mod_rewrite.html">Apache module mod_rewrite</a></li>
-<li><a href="mod/mod_setenvif.html">Apache module mod_setenvif</a></li>
-<li><a href="mod/mod_so.html">Apache module mod_so</a></li>
-<li><a href="mod/mod_speling.html">Apache module mod_speling</a></li>
-<li><a href="mod/mod_status.html">Apache module mod_status</a></li>
-<li><a href="mod/mod_unique_id.html">Apache module mod_unique_id</a></li>
-<li><a href="mod/mod_userdir.html">Apache module mod_userdir</a></li>
-<li><a href="mod/mod_usertrack.html">Apache module mod_usertrack</a></li>
-<li><a href="mod/mod_vhost_alias.html">Apache module mod_vhost_alias</a></li>
-</ul></li>
-
-<li><a href="misc/API.html">Apache API notes</a></li>
-
-<li><a href="misc/">Older Documentation</a>
-<ul>
-<li><a href="keepalive.html">Apache Keep-Alive Support</a></li>
-<li><a href="multilogs.html">Apache Multiple Log Files</a></li>
-<li><a href="process-model.html">Server Pool Management</a></li>
-<li><a href="misc/custom_errordocs.html">International Customized Server Error Messages</a></li>
-<li><a href="misc/descriptors.html">Descriptors and Apache</a></li>
-<li><a href="misc/fin_wait_2.html">Connections in FIN_WAIT_2 and Apache</a></li>
-<li><a href="misc/known_client_problems.html">Known Client Problems</a></li>
-</ul></li>
-
-</ul></li>
-</ul>
-
-    <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-
-  </body>
-</html>
diff --git a/usr.sbin/httpd/htdocs/manual/stopping.html b/usr.sbin/httpd/htdocs/manual/stopping.html
deleted file mode 100644
index 8b840ced617..00000000000
--- a/usr.sbin/httpd/htdocs/manual/stopping.html
+++ /dev/null
@@ -1,207 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Stopping and Restarting Apache</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Stopping and Restarting Apache</h1>
-
-    <p>You will notice many <code>httpd</code> executables running
-    on your system, but you should not send signals to any of them
-    except the parent, whose pid is in the <a
-    href="mod/core.html#pidfile">PidFile</a>. That is to say you
-    shouldn't ever need to send signals to any process except the
-    parent. There are three signals that you can send the parent:
-    <code>TERM</code>, <code>HUP</code>, and <code>USR1</code>,
-    which will be described in a moment.</p>
-
-    <p>To send a signal to the parent you should issue a command
-    such as:</p>
-
-    <blockquote>
-<pre>
-    kill -TERM `cat /usr/local/apache/logs/httpd.pid`
-</pre>
-    </blockquote>
-    You can read about its progress by issuing: 
-
-    <blockquote>
-<pre>
-    tail -f /usr/local/apache/logs/error_log
-</pre>
-    </blockquote>
-    Modify those examples to match your <a
-    href="mod/core.html#serverroot">ServerRoot</a> and <a
-    href="mod/core.html#pidfile">PidFile</a> settings. 
-
-    <p>As of Apache 1.3 we provide a script called <a
-    href="programs/apachectl.html">apachectl</a> which can be used
-    to start, stop, and restart Apache. It may need a little
-    customization for your system, see the comments at the top of
-    the script.</p>
-
-    <h3>TERM Signal: stop now</h3>
-
-    <p>Sending the <code>TERM</code> signal to the parent causes it
-    to immediately attempt to kill off all of its children. It may
-    take it several seconds to complete killing off its children.
-    Then the parent itself exits. Any requests in progress are
-    terminated, and no further requests are served.</p>
-
-    <h3>HUP Signal: restart now</h3>
-
-    <p>Sending the <code>HUP</code> signal to the parent causes it
-    to kill off its children like in <code>TERM</code> but the
-    parent doesn't exit. It re-reads its configuration files, and
-    re-opens any log files. Then it spawns a new set of children
-    and continues serving hits.</p>
-
-    <p>Users of the <a href="mod/mod_status.html">status module</a>
-    will notice that the server statistics are set to zero when a
-    <code>HUP</code> is sent.</p>
-
-    <p><strong>Note:</strong> If your configuration file has errors
-    in it when you issue a restart then your parent will not
-    restart, it will exit with an error. See below for a method of
-    avoiding this.</p>
-
-    <h3>USR1 Signal: graceful restart</h3>
-
-    <p><strong>Note:</strong> prior to release 1.2b9 this code is
-    quite unstable and shouldn't be used at all.</p>
-
-    <p>The <code>USR1</code> signal causes the parent process to
-    <em>advise</em> the children to exit after their current
-    request (or to exit immediately if they're not serving
-    anything). The parent re-reads its configuration files and
-    re-opens its log files. As each child dies off the parent
-    replaces it with a child from the new <em>generation</em> of
-    the configuration, which begins serving new requests
-    immediately.</p>
-
-    <p>This code is designed to always respect the <a
-    href="mod/core.html#maxclients">MaxClients</a>, <a
-    href="mod/core.html#minspareservers">MinSpareServers</a>, and
-    <a href="mod/core.html#maxspareservers">MaxSpareServers</a>
-    settings. Furthermore, it respects <a
-    href="mod/core.html#startservers">StartServers</a> in the
-    following manner: if after one second at least StartServers new
-    children have not been created, then create enough to pick up
-    the slack. This is to say that the code tries to maintain both
-    the number of children appropriate for the current load on the
-    server, and respect your wishes with the StartServers
-    parameter.</p>
-
-    <p>Users of the <a href="mod/mod_status.html">status module</a>
-    will notice that the server statistics are <strong>not</strong>
-    set to zero when a <code>USR1</code> is sent. The code was
-    written to both minimize the time in which the server is unable
-    to serve new requests (they will be queued up by the operating
-    system, so they're not lost in any event) and to respect your
-    tuning parameters. In order to do this it has to keep the
-    <em>scoreboard</em> used to keep track of all children across
-    generations.</p>
-
-    <p>The status module will also use a <code>G</code> to indicate
-    those children which are still serving requests started before
-    the graceful restart was given.</p>
-
-    <p>At present there is no way for a log rotation script using
-    <code>USR1</code> to know for certain that all children writing
-    the pre-restart log have finished. We suggest that you use a
-    suitable delay after sending the <code>USR1</code> signal
-    before you do anything with the old log. For example if most of
-    your hits take less than 10 minutes to complete for users on
-    low bandwidth links then you could wait 15 minutes before doing
-    anything with the old log.</p>
-
-    <p><strong>Note:</strong> If your configuration file has errors
-    in it when you issue a restart then your parent will not
-    restart, it will exit with an error. In the case of graceful
-    restarts it will also leave children running when it exits.
-    (These are the children which are "gracefully exiting" by
-    handling their last request.) This will cause problems if you
-    attempt to restart the server -- it will not be able to bind to
-    its listening ports. Before doing a restart, you can check the
-    syntax of the configuration files with the <code>-t</code>
-    command line argument (see <a
-    href="programs/httpd.html">httpd</a> ). This still will not
-    guarantee that the server will restart correctly. To check the
-    semantics of the configuration files as well as the syntax, you
-    can try starting httpd as a non-root user. If there are no
-    errors it will attempt to open its sockets and logs and fail
-    because it's not root (or because the currently running httpd
-    already has those ports bound). If it fails for any other
-    reason then it's probably a config file error and the error
-    should be fixed before issuing the graceful restart.</p>
-
-    <h3>Appendix: signals and race conditions</h3>
-
-    <p>Prior to Apache 1.2b9 there were several <em>race
-    conditions</em> involving the restart and die signals (a simple
-    description of race condition is: a time-sensitive problem, as
-    in if something happens at just the wrong time it won't behave
-    as expected). For those architectures that have the "right"
-    feature set we have eliminated as many as we can. But it should
-    be noted that there still do exist race conditions on certain
-    architectures.</p>
-
-    <p>Architectures that use an on disk <a
-    href="mod/core.html#scoreboardfile">ScoreBoardFile</a> have the
-    potential to corrupt their scoreboards. This can result in the
-    "bind: Address already in use" (after <code>HUP</code>) or
-    "long lost child came home!" (after <code>USR1</code>). The
-    former is a fatal error, while the latter just causes the
-    server to lose a scoreboard slot. So it might be advisable to
-    use graceful restarts, with an occasional hard restart. These
-    problems are very difficult to work around, but fortunately
-    most architectures do not require a scoreboard file. See the <a
-    href="mod/core.html#scoreboardfile">ScoreBoardFile</a>
-    documentation for a architecture uses it.</p>
-
-    <p><code>NEXT</code> and <code>MACHTEN</code> (68k only) have
-    small race conditions which can cause a restart/die signal to
-    be lost, but should not cause the server to do anything
-    otherwise problematic. 
-    <!-- they don't have sigaction, or we're not using it -djg -->
-    </p>
-
-    <p>All architectures have a small race condition in each child
-    involving the second and subsequent requests on a persistent
-    HTTP connection (KeepAlive). It may exit after reading the
-    request line but before reading any of the request headers.
-    There is a fix that was discovered too late to make 1.2. In
-    theory this isn't an issue because the KeepAlive client has to
-    expect these events because of network latencies and server
-    timeouts. In practice it doesn't seem to affect anything either
-    -- in a test case the server was restarted twenty times per
-    second and clients successfully browsed the site without
-    getting broken images or empty documents. 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/suexec.html b/usr.sbin/httpd/htdocs/manual/suexec.html
deleted file mode 100644
index a5156ac40f3..00000000000
--- a/usr.sbin/httpd/htdocs/manual/suexec.html
+++ /dev/null
@@ -1,613 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache suEXEC Support</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="CENTER">Apache suEXEC Support</h1>
-
-    <ol>
-      <li><big><strong>CONTENTS</strong></big></li>
-
-      <li><a href="#what">What is suEXEC?</a></li>
-
-      <li><a href="#before">Before we begin.</a></li>
-
-      <li><a href="#model">suEXEC Security Model.</a></li>
-
-      <li><a href="#install">Configuring &amp; Installing
-      suEXEC</a></li>
-
-      <li><a href="#enable">Enabling &amp; Disabling
-      suEXEC</a></li>
-
-      <li><a href="#usage">Using suEXEC</a></li>
-
-      <li><a href="#debug">Debugging suEXEC</a></li>
-
-      <li><a href="#jabberwock">Beware the Jabberwock: Warnings
-      &amp; Examples</a></li>
-    </ol>
-
-    <h3><a id="what" name="what">What is suEXEC?</a></h3>
-
-    <p align="LEFT">The <strong>suEXEC</strong> feature --
-    introduced in Apache 1.2 -- provides Apache users the ability
-    to run <strong>CGI</strong> and <strong>SSI</strong> programs
-    under user IDs different from the user ID of the calling
-    web-server. Normally, when a CGI or SSI program executes, it
-    runs as the same user who is running the web server.</p>
-
-    <p align="LEFT">Used properly, this feature can reduce
-    considerably the security risks involved with allowing users to
-    develop and run private CGI or SSI programs. However, if suEXEC
-    is improperly configured, it can cause any number of problems
-    and possibly create new holes in your computer's security. If
-    you aren't familiar with managing setuid root programs and the
-    security issues they present, we highly recommend that you not
-    consider using suEXEC.</p>
-
-    <p align="CENTER"><strong><a href="suexec.html">BACK TO
-    CONTENTS</a></strong></p>
-
-    <h3><a id="before" name="before">Before we begin.</a></h3>
-
-    <p align="LEFT">Before jumping head-first into this document,
-    you should be aware of the assumptions made on the part of the
-    Apache Group and this document.</p>
-
-    <p align="LEFT">First, it is assumed that you are using a UNIX
-    derivate operating system that is capable of
-    <strong>setuid</strong> and <strong>setgid</strong> operations.
-    All command examples are given in this regard. Other platforms,
-    if they are capable of supporting suEXEC, may differ in their
-    configuration.</p>
-
-    <p align="LEFT">Second, it is assumed you are familiar with
-    some basic concepts of your computer's security and its
-    administration. This involves an understanding of
-    <strong>setuid/setgid</strong> operations and the various
-    effects they may have on your system and its level of
-    security.</p>
-
-    <p align="LEFT">Third, it is assumed that you are using an
-    <strong>unmodified</strong> version of suEXEC code. All code
-    for suEXEC has been carefully scrutinized and tested by the
-    developers as well as numerous beta testers. Every precaution
-    has been taken to ensure a simple yet solidly safe base of
-    code. Altering this code can cause unexpected problems and new
-    security risks. It is <strong>highly</strong> recommended that
-    you do not alter the suEXEC code unless you are well versed in 
-    the particulars of security programming and are willing to share
-    your work with the Apache Group for consideration.</p>
-
-    <p align="LEFT">Fourth, and last, it has been the decision of
-    the Apache Group to <strong>NOT</strong> make suEXEC part of
-    the default installation of Apache. To this end, suEXEC
-    configuration requires careful attention to details from the
-    administrator. After due consideration has been given to the
-    various settings for suEXEC, the administrator may install
-    suEXEC through normal installation methods. The values for
-    these settings need to be carefully determined and specified by
-    the administrator to properly maintain system security during
-    the use of suEXEC functionality. It is through this detailed
-    process that the Apache Group hopes to limit suEXEC
-    installation only to those who are careful and determined
-    enough to use it.</p>
-
-    <p align="LEFT">Still with us? Yes? Good. Let's move on!</p>
-
-    <p align="CENTER"><strong><a href="suexec.html">BACK TO
-    CONTENTS</a></strong></p>
-
-    <h3><a id="model" name="model">suEXEC Security Model</a></h3>
-
-    <p align="LEFT">Before we begin configuring and installing
-    suEXEC, we will first discuss the security model you are about
-    to implement. By doing so, you may better understand what
-    exactly is going on inside suEXEC and what precautions are
-    taken to ensure your system's security.</p>
-
-    <p align="LEFT"><strong>suEXEC</strong> is based on a setuid
-    "wrapper" program that is called by the main Apache web server.
-    This wrapper is called when an HTTP request is made for a CGI
-    or SSI program that the administrator has designated to run as
-    a userid other than that of the main server. When such a
-    request is made, Apache provides the suEXEC wrapper with the
-    program's name and the user and group IDs under which the
-    program is to execute.</p>
-
-    <p align="LEFT">The wrapper then employs the following process
-    to determine success or failure -- if any one of these
-    conditions fail, the program logs the failure and exits with an
-    error, otherwise it will continue:</p>
-
-    <ol>
-      <li>
-        <strong>Was the wrapper called with the proper number of
-        arguments?</strong> 
-
-        <blockquote>
-          The wrapper will only execute if it is given the proper
-          number of arguments. The proper argument format is known
-          to the Apache web server. If the wrapper is not receiving
-          the proper number of arguments, it is either being
-          hacked, or there is something wrong with the suEXEC
-          portion of your Apache binary.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the user executing this wrapper a valid user of
-        this system?</strong> 
-
-        <blockquote>
-          This is to ensure that the user executing the wrapper is
-          truly a user of the system.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is this valid user allowed to run the
-        wrapper?</strong> 
-
-        <blockquote>
-          Is this user the user allowed to run this wrapper? Only
-          one user (the Apache user) is allowed to execute this
-          program.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Does the target program have an unsafe hierarchical
-        reference?</strong> 
-
-        <blockquote>
-          Does the target program contain a leading '/' or have a
-          '..' backreference? These are not allowed; the target
-          program must reside within the Apache webspace.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target user name valid?</strong> 
-
-        <blockquote>
-          Does the target user exist?
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target group name valid?</strong> 
-
-        <blockquote>
-          Does the target group exist?
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target user <em>NOT</em> superuser?</strong>
-        
-
-        <blockquote>
-          Presently, suEXEC does not allow 'root' to execute
-          CGI/SSI programs.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target userid <em>ABOVE</em> the minimum ID
-        number?</strong> 
-
-        <blockquote>
-          The minimum user ID number is specified during
-          configuration. This allows you to set the lowest possible
-          userid that will be allowed to execute CGI/SSI programs.
-          This is useful to block out "system" accounts.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target group <em>NOT</em> the superuser
-        group?</strong> 
-
-        <blockquote>
-          Presently, suEXEC does not allow the 'root' group to
-          execute CGI/SSI programs.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target groupid <em>ABOVE</em> the minimum ID
-        number?</strong> 
-
-        <blockquote>
-          The minimum group ID number is specified during
-          configuration. This allows you to set the lowest possible
-          groupid that will be allowed to execute CGI/SSI programs.
-          This is useful to block out "system" groups.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Can the wrapper successfully become the target user
-        and group?</strong> 
-
-        <blockquote>
-          Here is where the program becomes the target user and
-          group via setuid and setgid calls. The group access list
-          is also initialized with all of the groups of which the
-          user is a member.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Does the directory in which the program resides
-        exist?</strong> 
-
-        <blockquote>
-          If it doesn't exist, it can't very well contain files.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the directory within the Apache
-        webspace?</strong> 
-
-        <blockquote>
-          If the request is for a regular portion of the server, is
-          the requested directory within the server's document
-          root? If the request is for a UserDir, is the requested
-          directory within the user's document root?
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the directory <em>NOT</em> writable by anyone
-        else?</strong> 
-
-        <blockquote>
-          We don't want to open up the directory to others; only
-          the owner user may be able to alter this directories
-          contents.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Does the target program exist?</strong> 
-
-        <blockquote>
-          If it doesn't exists, it can't very well be executed.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target program <em>NOT</em> writable by
-        anyone else?</strong> 
-
-        <blockquote>
-          We don't want to give anyone other than the owner the
-          ability to change the program.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target program <em>NOT</em> setuid or
-        setgid?</strong> 
-
-        <blockquote>
-          We do not want to execute programs that will then change
-          our UID/GID again.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Is the target user/group the same as the program's
-        user/group?</strong> 
-
-        <blockquote>
-          Is the user the owner of the file?
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Can we successfully clean the process environment
-        to ensure safe operations?</strong> 
-
-        <blockquote>
-          suEXEC cleans the process' environment by establishing a
-          safe execution PATH (defined during configuration), as
-          well as only passing through those variables whose names
-          are listed in the safe environment list (also created
-          during configuration).
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Can we successfully become the target program and
-        execute?</strong> 
-
-        <blockquote>
-          Here is where suEXEC ends and the target program begins.
-        </blockquote>
-      </li>
-    </ol>
-
-    <p align="LEFT">This is the standard operation of the
-    suEXEC wrapper's security model. It is somewhat stringent and
-    can impose new limitations and guidelines for CGI/SSI design,
-    but it was developed carefully step-by-step with security in
-    mind.</p>
-
-    <p align="LEFT">For more information as to how this security
-    model can limit your possibilities in regards to server
-    configuration, as well as what security risks can be avoided
-    with a proper suEXEC setup, see the <a
-    href="#jabberwock">"Beware the Jabberwock"</a> section of this
-    document.</p>
-
-    <p align="CENTER"><strong><a href="suexec.html">BACK TO
-    CONTENTS</a></strong></p>
-
-    <h3><a id="install" name="install">Configuring &amp; Installing
-    suEXEC</a></h3>
-
-    <p align="LEFT"><strong>APACI's suEXEC configuration
-    options</strong><br />
-    </p>
-
-    <dl>
-      <dt><code>--enable-suexec</code></dt>
-
-      <dd>This option enables the suEXEC feature which is never
-      installed or activated by default. At least one
-      --suexec-xxxxx option has to be provided together with the
-      --enable-suexec option to let APACI accept your request for
-      using the suEXEC feature.</dd>
-
-      <dt><code>--suexec-caller=<em>UID</em></code></dt>
-
-      <dd>The <a href="mod/core.html#user">username</a> under which
-      Apache normally runs. This is the only user allowed to
-      execute this program.</dd>
-
-      <dt><code>--suexec-docroot=<em>DIR</em></code></dt>
-
-      <dd>Define as the DocumentRoot set for Apache. This will be
-      the only hierarchy (aside from UserDirs) that can be used for
-      suEXEC behavior. The default directory is the --datadir value
-      with the suffix "/htdocs", <em>e.g.</em> if you configure
-      with "<code>--datadir=/home/apache</code>" the directory
-      "/home/apache/htdocs" is used as document root for the suEXEC
-      wrapper.</dd>
-
-      <dt><code>--suexec-logfile=<em>FILE</em></code></dt>
-
-      <dd>This defines the filename to which all suEXEC
-      transactions and errors are logged (useful for auditing and
-      debugging purposes). By default the logfile is named
-      "suexec_log" and located in your standard logfile directory
-      (--logfiledir).</dd>
-
-      <dt><code>--suexec-userdir=<em>DIR</em></code></dt>
-
-      <dd>Define to be the subdirectory under users' home
-      directories where suEXEC access should be allowed. All
-      executables under this directory will be executable by suEXEC
-      as the user so they should be "safe" programs. If you are
-      using a "simple" UserDir directive (ie. one without a "*" in
-      it) this should be set to the same value. suEXEC will not
-      work properly in cases where the UserDir directive points to
-      a location that is not the same as the user's home directory
-      as referenced in the passwd file. Default value is
-      "public_html".<br />
-       If you have virtual hosts with a different UserDir for each,
-      you will need to define them to all reside in one parent
-      directory; then name that parent directory here. <strong>If
-      this is not defined properly, "~userdir" cgi requests will
-      not work!</strong></dd>
-
-      <dt><code>--suexec-uidmin=<em>UID</em></code></dt>
-
-      <dd>Define this as the lowest UID allowed to be a target user
-      for suEXEC. For most systems, 500 or 100 is common. Default
-      value is 100.</dd>
-
-      <dt><code>--suexec-gidmin=<em>GID</em></code></dt>
-
-      <dd>Define this as the lowest GID allowed to be a target
-      group for suEXEC. For most systems, 100 is common and
-      therefore used as default value.</dd>
-
-      <dt><code>--suexec-safepath=<em>PATH</em></code></dt>
-
-      <dd>Define a safe PATH environment to pass to CGI
-      executables. Default value is
-      "/usr/local/bin:/usr/bin:/bin".</dd>
-    </dl>
-
-    <p align="LEFT"><strong>Checking your suEXEC
-    setup</strong><br />
-     Before you compile and install the suEXEC wrapper you can
-    check the configuration with the --layout option.<br />
-     Example output:</p>
-<pre>
-    suEXEC setup:
-            suexec binary: /usr/local/apache/sbin/suexec
-            document root: /usr/local/apache/share/htdocs
-           userdir suffix: public_html
-                  logfile: /usr/local/apache/var/log/suexec_log
-                safe path: /usr/local/bin:/usr/bin:/bin
-                caller ID: www
-          minimum user ID: 100
-         minimum group ID: 100
-</pre>
-
-    <p align="LEFT"><strong>Compiling and installing the suEXEC
-    wrapper</strong><br />
-     If you have enabled the suEXEC feature with the
-    --enable-suexec option the suexec binary (together with Apache
-    itself) is automatically built if you execute the command
-    "make".<br />
-     After all components have been built you can execute the
-    command "make install" to install them. The binary image
-    "suexec" is installed in the directory defined by the --sbindir
-    option. Default location is
-    "/usr/local/apache/sbin/suexec".<br />
-     Please note that you need <strong><em>root
-    privileges</em></strong> for the installation step. In order
-    for the wrapper to set the user ID, it must be installed as
-    owner <code><em>root</em></code> and must have the setuserid
-    execution bit set for file modes.</p>
-
-    <p align="CENTER"><strong><a href="suexec.html">BACK TO
-    CONTENTS</a></strong></p>
-
-    <h3><a id="enable" name="enable">Enabling &amp; Disabling
-    suEXEC</a></h3>
-
-    <p align="LEFT">Upon startup of Apache, it looks for the file
-    "suexec" in the "sbin" directory (default is
-    "/usr/local/apache/sbin/suexec"). If Apache finds a properly
-    configured suEXEC wrapper, it will print the following message
-    to the error log:</p>
-<pre>
-    [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
-</pre>
-
-    <p>If you don't see this message at server startup, the server
-    is most likely not finding the wrapper program where it expects
-    it, or the executable is not installed <em>setuid
-    root</em>.<br />
-     If you want to enable the suEXEC mechanism for the first time
-    and an Apache server is already running you must kill and
-    restart Apache. Restarting it with a simple HUP or USR1 signal
-    will not be enough.<br />
-     If you want to disable suEXEC you should kill and restart
-    Apache after you have removed the "suexec" file.</p>
-
-    <p align="CENTER"><strong><a href="suexec.html">BACK TO
-    CONTENTS</a></strong></p>
-
-    <h3><a id="usage" name="usage">Using suEXEC</a></h3>
-
-    <p align="LEFT"><strong>Virtual Hosts:</strong><br />
-     One way to use the suEXEC wrapper is through the <a
-    href="mod/core.html#user">User</a> and <a
-    href="mod/core.html#group">Group</a> directives in <a
-    href="mod/core.html#virtualhost">VirtualHost</a> definitions.
-    By setting these directives to values different from the main
-    server user ID, all requests for CGI resources will be executed
-    as the <em>User</em> and <em>Group</em> defined for that
-    <code>&lt;VirtualHost&gt;</code>. If only one or neither of
-    these directives are specified for a
-    <code>&lt;VirtualHost&gt;</code> then the main server userid is
-    assumed.</p>
-
-    <p><strong>User directories:</strong><br />
-     The suEXEC wrapper can also be used to execute CGI programs as
-    the user to which the request is being directed. This is
-    accomplished by using the "<strong><code>~</code></strong>"
-    character prefixing the user ID for whom execution is desired.
-    The only requirement needed for this feature to work is for CGI
-    execution to be enabled for the user and that the script must
-    meet the scrutiny of the <a href="#model">security checks</a>
-    above.</p>
-
-    <p align="CENTER"><strong><a href="suexec.html">BACK TO
-    CONTENTS</a></strong></p>
-
-    <h3><a id="debug" name="debug">Debugging suEXEC</a></h3>
-
-    <p align="LEFT">The suEXEC wrapper will write log information
-    to the file defined with the --suexec-logfile option as
-    indicated above. If you feel you have configured and installed
-    the wrapper properly, have a look at this log and the error_log
-    for the server to see where you may have gone astray.</p>
-
-    <p align="CENTER"><strong><a href="suexec.html">BACK TO
-    CONTENTS</a></strong></p>
-
-    <h3><a id="jabberwock" name="jabberwock">Beware the Jabberwock:
-    Warnings &amp; Examples</a></h3>
-
-    <p align="LEFT"><strong>NOTE!</strong> This section may not be
-    complete. For the latest revision of this section of the
-    documentation, see the Apache Group's <a
-    href="http://httpd.apache.org/docs/suexec.html">Online
-    Documentation</a> version.</p>
-
-    <p align="LEFT">There are a few points of interest regarding
-    the wrapper that can cause limitations on server setup. Please
-    review these before submitting any "bugs" regarding suEXEC.</p>
-
-    <ul>
-      <li><strong>suEXEC Points Of Interest</strong></li>
-
-      <li>
-        Hierarchy limitations 
-
-        <blockquote>
-          For security and efficiency reasons, all suexec requests
-          must remain within either a top-level document root for
-          virtual host requests, or one top-level personal document
-          root for userdir requests. For example, if you have four
-          VirtualHosts configured, you would need to structure all
-          of your VHosts' document roots off of one main Apache
-          document hierarchy to take advantage of suEXEC for
-          VirtualHosts. (Example forthcoming.)
-        </blockquote>
-      </li>
-
-      <li>
-        suEXEC's PATH environment variable 
-
-        <blockquote>
-          This can be a dangerous thing to change. Make certain
-          every path you include in this define is a
-          <strong>trusted</strong> directory. You don't want to
-          open people up to having someone from across the world
-          running a trojan horse on them.
-        </blockquote>
-      </li>
-
-      <li>
-        Altering the suEXEC code 
-
-        <blockquote>
-          Again, this can cause <strong>Big Trouble</strong> if you
-          try this without knowing what you are doing. Stay away
-          from it if at all possible.
-        </blockquote>
-      </li>
-    </ul>
-
-    <p align="CENTER"><strong><a href="suexec.html">BACK TO
-    CONTENTS</a></strong></p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/urlmapping.html b/usr.sbin/httpd/htdocs/manual/urlmapping.html
deleted file mode 100644
index 09dd304ec93..00000000000
--- a/usr.sbin/httpd/htdocs/manual/urlmapping.html
+++ /dev/null
@@ -1,307 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Mapping URLs to Filesystem Locations - Apache HTTP
-    Server</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server</h3>
-    </div>
-
-
-
-    <h1 align="center">Mapping URLs to Filesystem Locations</h1>
-
-    <p>This document explains how Apache uses the URL of a request
-    to determine the filesystem location from which to serve a
-    file.</p>
-
-    <ul>
-      <li><a href="#documentroot">DocumentRoot</a></li>
-
-      <li><a href="#outside">Files Outside the
-      DocumentRoot</a></li>
-
-      <li><a href="#user">User Directories</a></li>
-
-      <li><a href="#redirect">URL Redirection</a></li>
-
-      <li><a href="#rewrite">Rewrite Engine</a></li>
-
-      <li><a href="#notfound">File Not Found</a></li>
-    </ul>
-    <hr />
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="mod/mod_alias.html">mod_alias</a><br />
-         <a href="mod/mod_rewrite.html">mod_rewrite</a><br />
-         <a href="mod/mod_userdir.html">mod_userdir</a><br />
-         <a href="mod/mod_speling.html">mod_speling</a><br />
-         <a
-        href="mod/mod_vhost_alias.html">mod_vhost_alias</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a href="mod/mod_alias.html#alias">Alias</a><br />
-         <a
-        href="mod/mod_alias.html#aliasmatch">AliasMatch</a><br />
-         <a
-        href="mod/mod_speling.html#checkspelling">CheckSpelling</a><br />
-         <a
-        href="mod/core.html#documentroot">DocumentRoot</a><br />
-         <a
-        href="mod/core.html#errordocument">ErrorDocument</a><br />
-         <a href="mod/core.html#options">Options</a><br />
-         <a href="mod/mod_alias.html#redirect">Redirect</a><br />
-         <a
-        href="mod/mod_alias.html#redirectmatch">RedirectMatch</a><br />
-         <a
-        href="mod/mod_rewrite.html#RewriteCond">RewriteCond</a><br />
-         <a
-        href="mod/mod_rewrite.html#RewriteRule">RewriteRule</a><br />
-         <a
-        href="mod/mod_alias.html#scriptalias">ScriptAlias</a><br />
-         <a
-        href="mod/mod_alias.html#scriptaliasmatch">ScriptAliasMatch</a><br />
-         <a href="mod/mod_userdir.html#userdir">UserDir</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <h2><a id="documentroot"
-    name="documentroot">DocumentRoot</a></h2>
-
-    <p>In deciding what file to serve for a given request, Apache's
-    default behavior is to take the URL-Path for the request (the
-    part of the URL following the hostname and port) and add it to
-    the end of the <a
-    href="mod/core.html#documentroot">DocumentRoot</a> specified in
-    your configuration files. Therefore, the files and directories
-    underneath the <code>DocumentRoot</code> make up the basic
-    document tree that will be visible from the web.</p>
-
-    <p>Apache is also capable of <a href="vhosts/">Virtual
-    Hosting</a>, where the server receives requests for more than
-    one host. In this case, a different <code>DocumentRoot</code>
-    can be specified for each virtual host, or alternatively, the
-    directives provided by the module <a
-    href="mod/mod_vhost_alias.html">mod_vhost_alias</a> can be used
-    to dynamically determine the appropriate place from which to
-    serve content based on the requested IP address or
-    hostname.</p>
-
-    <h2><a id="outside" name="outside">Files Outside the
-    DocumentRoot</a></h2>
-
-    <p>There are frequently circumstances where it is necessary to
-    allow web access to parts of the filesystem that are not
-    strictly underneath the <a
-    href="mod/core.html#documentroot">DocumentRoot</a>. Apache
-    offers several different ways to accomplish this. On Unix
-    systems, symbolic links can bring other parts of the filesystem
-    under the <code>DocumentRoot</code>. For security reasons,
-    Apache will follow symbolic links only if the <a
-    href="mod/core.html#options">Options</a> setting for the
-    relevant directory includes <code>FollowSymLinks</code> or
-    <code>SymLinksIfOwnerMatch</code>.</p>
-
-    <p>Alternatively, the <a
-    href="mod/mod_alias.html#alias">Alias</a> directive will map
-    any part of the filesystem into the web space. For example,
-    with</p>
-
-    <blockquote>
-      <code>Alias /docs /var/web</code>
-    </blockquote>
-
-    <p>the URL
-    <code>http://www.example.com/docs/dir/file.html</code> will be
-    served from <code>/var/web/dir/file.html</code>. The <a
-    href="mod/mod_alias.html#scriptalias">ScriptAlias</a> directive
-    works the same way, with the additional effect that all content
-    located at the target path is treated as CGI scripts.</p>
-
-    <p>For situations where you require additional flexibility, you
-    can use the <a
-    href="mod/mod_alias.html#aliasmatch">AliasMatch</a> and <a
-    href="mod/mod_alias.html#scriptaliasmatch">ScriptAliasMatch</a>
-    directives to do powerful <a
-    href="misc/FAQ.html#regex">regular-expression</a> based
-    matching and substitution. For example,</p>
-
-    <blockquote>
-      <code>ScriptAliasMatch ^/~([^/]*)/cgi-bin/(.*)
-      /home/$1/cgi-bin/$2</code>
-    </blockquote>
-
-    <p>will map a request to
-    <code>http://example.com/~user/cgi-bin/script.cgi</code> to the
-    path <code>/home/user/cgi-bin/script.cgi</code> and will treat
-    the resulting file as a CGI script.</p>
-
-    <h2><a id="user" name="user">User Directories</a></h2>
-
-    <p>Traditionally on Unix systems, the home directory of a
-    particular <em>user</em> can be referred to as
-    <code>~user/</code>. The module <a
-    href="mod/mod_userdir.html">mod_userdir</a> extends this idea
-    to the web by allowing files under each user's home directory
-    to be accessed using URLs such as the following.</p>
-
-    <blockquote>
-      <code>http://www.example.com/~user/file.html</code>
-    </blockquote>
-
-    <p>For security reasons, it is inappropriate to give direct
-    access to a user's home directory from the web. Therefore, the
-    <a href="mod/mod_userdir.html#userdir">UserDir</a> directive
-    specifies a directory underneath the user's home directory
-    where web files are located. Using the default setting of
-    <code>Userdir public_html</code>, the above URL maps to a file
-    at a directory like
-    <code>/home/user/public_html/file.html</code> where
-    <code>/home/user/</code> is the user's home directory as
-    specified in <code>/etc/passwd</code>.</p>
-
-    <p>There are also several other forms of the
-    <code>Userdir</code> directive which you can use on systems
-    where <code>/etc/passwd</code> does not contain the location of
-    the home directory.</p>
-
-    <p>Some people find the "~" symbol (which is often encoded on
-    the web as <code>%7e</code>) to be awkward and prefer to use an
-    alternate string to represent user directories. This
-    functionality is not supported by mod_userdir. However, if
-    users' home directories are structured in a regular way, then
-    it is possible to use the <a
-    href="mod/mod_alias.html#aliasmatch">AliasMatch</a> directive
-    to achieve the desired effect. For example, to make
-    <code>http://www.example.com/upages/user/file.html</code> map
-    to <code>/home/user/public_html/file.html</code>, use the
-    following <code>AliasMatch</code> directive:</p>
-
-    <blockquote>
-      <code>AliasMatch ^/upages/([^/]*)/?(.*)
-      /home/$1/public_html/$2</code>
-    </blockquote>
-
-    <h2><a id="redirect" name="redirect">URL Redirection</a></h2>
-
-    <p>The configuration directives discussed in the above sections
-    tell Apache to get content from a specific place in the
-    filesystem and return it to the client. Sometimes, it is
-    desirable instead to inform the client that the requested
-    content is located at a different URL, and instruct the client
-    to make a new request with the new URL. This is called
-    <em>redirection</em> and is implemented by the <a
-    href="mod/mod_alias.html#redirect">Redirect</a> directive. For
-    example, if the contents of the directory <code>/foo/</code>
-    under the <code>DocumentRoot</code> are moved to the new
-    directory <code>/bar/</code>, you can instruct clients to
-    request the content at the new location as follows:</p>
-
-    <blockquote>
-      <code>Redirect permanent /foo/
-      http://www.example.com/bar/</code>
-    </blockquote>
-
-    <p>This will redirect any URL-Path starting in
-    <code>/foo/</code> to the same URL path on the
-    <code>www.example.com</code> server with <code>/bar/</code>
-    substituted for <code>/foo/</code>. You can redirect clients to
-    any server, not only the origin server.</p>
-
-    <p>Apache also provides a <a
-    href="mod/mod_alias.html#redirectmatch">RedirectMatch</a>
-    directive for more complicated rewriting problems. For example,
-    to redirect requests for the site home page to a different
-    site, but leave all other requests alone, use the following
-    configuration:</p>
-
-    <blockquote>
-      <code>RedirectMatch permanent ^/$
-      http://www.example.com/startpage.html</code>
-    </blockquote>
-
-    <p>Alternatively, to temporarily redirect all pages on one site
-    to a particular page on another site, use the following:</p>
-
-    <blockquote>
-      <code>RedirectMatch temp .*
-      http://othersite.example.com/startpage.html</code>
-    </blockquote>
-
-    <h2><a id="rewrite" name="rewrite">Rewriting Engine</a></h2>
-
-    <p>When even more powerful substitution is required, the
-    rewriting engine provided by <a
-    href="mod/mod_rewrite.html">mod_rewrite</a> can be useful. The
-    directives provided by this module use characteristics of the
-    request such as browser type or source IP address in deciding
-    from where to serve content. In addition, mod_rewrite can use
-    external database files or programs to determine how to handle
-    a request. Many practical examples employing mod_rewrite are
-    discussed in the <a href="misc/rewriteguide.html">URL Rewriting
-    Guide</a>.</p>
-
-    <h2><a id="notfound" name="notfound">File Not Found</a></h2>
-
-    <p>Inevitably, URLs will be requested for which no matching
-    file can be found in the filesystem. This can happen for
-    several reasons. In some cases, it can be a result of moving
-    documents from one location to another. In this case, it is
-    best to use <a href="#redirect">URL redirection</a> to inform
-    clients of the new location of the resource. In this way, you
-    can assure that old bookmarks and links will continue to work,
-    even though the resource is at a new location.</p>
-
-    <p>Another common cause of "File Not Found" errors is
-    accidental mistyping of URLs, either directly in the browser,
-    or in HTML links. Apache provides the module <a
-    href="mod/mod_speling.html">mod_speling</a> (sic) to help with
-    this problem. When this module is activated, it will intercept
-    "File Not Found" errors and look for a resource with a similar
-    filename. If one such file is found, mod_speling will send an
-    HTTP redirect to the client informing it of the correct
-    location. If several "close" files are found, a list of
-    available alternatives will be presented to the client.</p>
-
-    <p>An especially useful feature of mod_speling, is that it will
-    compare filenames without respect to case. This can help
-    systems where users are unaware of the case-sensitive nature of
-    URLs and the Unix filesystem. But using mod_speling for
-    anything more than the occasional URL correction can place
-    additional load on the server, since each "incorrect" request
-    is followed by a URL redirection and a new request from the
-    client.</p>
-
-    <p>If all attempts to locate the content fail, Apache returns
-    an error page with HTTP status code 404 (file not found). The
-    appearance of this page is controlled with the <a
-    href="mod/core.html#errordocument">ErrorDocument</a> directive
-    and can be customized in a flexible manner as discussed in the
-    <a href="custom-error.html">Custom error responses</a> and <a
-    href="misc/custom_errordocs.html">International Server Error
-    Responses</a> documents.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server</h3>
-    <a href="./"><img src="images/index.gif" alt="Index" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/details.html b/usr.sbin/httpd/htdocs/manual/vhosts/details.html
deleted file mode 100644
index 4d8b277fa89..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/details.html
+++ /dev/null
@@ -1,407 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>An In-Depth Discussion of Virtual Host Matching</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">An In-Depth Discussion of Virtual Host
-    Matching</h1>
-
-    <p>The virtual host code was completely rewritten in
-    <strong>Apache 1.3</strong>. This document attempts to explain
-    exactly what Apache does when deciding what virtual host to
-    serve a hit from. With the help of the new <a
-    href="../mod/core.html#namevirtualhost"><samp>NameVirtualHost</samp></a>
-    directive virtual host configuration should be a lot easier and
-    safer than with versions prior to 1.3.</p>
-
-    <p>If you just want to <cite>make it work</cite> without
-    understanding how, here are <a href="examples.html">some
-    examples</a>.</p>
-
-    <h3>Config File Parsing</h3>
-
-    <p>There is a <em>main_server</em> which consists of all the
-    definitions appearing outside of
-    <code>&lt;VirtualHost&gt;</code> sections. There are virtual
-    servers, called <em>vhosts</em>, which are defined by <a
-    href="../mod/core.html#virtualhost"><samp>&lt;VirtualHost&gt;</samp></a>
-    sections.</p>
-
-    <p>The directives <a
-    href="../mod/core.html#port"><samp>Port</samp></a>, <a
-    href="../mod/core.html#servername"><samp>ServerName</samp></a>,
-    <a
-    href="../mod/core.html#serverpath"><samp>ServerPath</samp></a>,
-    and <a
-    href="../mod/core.html#serveralias"><samp>ServerAlias</samp></a>
-    can appear anywhere within the definition of a server. However,
-    each appearance overrides the previous appearance (within that
-    server).</p>
-
-    <p>The default value of the <code>Port</code> field for
-    main_server is 80. The main_server has no default
-    <code>ServerPath</code>, or <code>ServerAlias</code>. The
-    default <code>ServerName</code> is deduced from the servers IP
-    address.</p>
-
-    <p>The main_server Port directive has two functions due to
-    legacy compatibility with NCSA configuration files. One
-    function is to determine the default network port Apache will
-    bind to. This default is overridden by the existence of any <a
-    href="../mod/core.html#listen"><code>Listen</code></a>
-    directives. The second function is to specify the port number
-    which is used in absolute URIs during redirects.</p>
-
-    <p>Unlike the main_server, vhost ports <em>do not</em> affect
-    what ports Apache listens for connections on.</p>
-
-    <p>Each address appearing in the <code>VirtualHost</code>
-    directive can have an optional port. If the port is unspecified
-    it defaults to the value of the main_server's most recent
-    <code>Port</code> statement. The special port <samp>*</samp>
-    indicates a wildcard that matches any port. Collectively the
-    entire set of addresses (including multiple <samp>A</samp>
-    record results from DNS lookups) are called the vhost's
-    <em>address set</em>.</p>
-
-    <p>Unless a <a
-    href="../mod/core.html#namevirtualhost">NameVirtualHost</a>
-    directive is used for a specific IP address the first vhost
-    with that address is treated as an IP-based vhost. In 1.3.13
-    and later that includes the IP address <code>*</code>.</p>
-
-    <p>If name-based vhosts should be used a
-    <code>NameVirtualHost</code> directive <em>must</em> appear
-    with the IP address set to be used for the name-based vhosts.
-    In other words, you must specify the IP address that holds the
-    hostname aliases (CNAMEs) for your name-based vhosts via a
-    <code>NameVirtualHost</code> directive in your configuration
-    file.</p>
-
-    <p>Multiple <code>NameVirtualHost</code> directives can be used
-    each with a set of <code>VirtualHost</code> directives but only
-    one <code>NameVirtualHost</code> directive should be used for
-    each specific IP:port pair.</p>
-
-    <p>The ordering of <code>NameVirtualHost</code> and
-    <code>VirtualHost</code> directives is not important which
-    makes the following two examples identical (only the order of
-    the <code>VirtualHost</code> directives for <em>one</em>
-    address set is important, see below):</p>
-<pre>
-                                |
-  NameVirtualHost 111.22.33.44  | &lt;VirtualHost 111.22.33.44&gt;
-  &lt;VirtualHost 111.22.33.44&gt;    | # server A
-  # server A                | &lt;/VirtualHost&gt;
-  ...                   | &lt;VirtualHost 111.22.33.55&gt;
-  &lt;/VirtualHost&gt;          | # server C
-  &lt;VirtualHost 111.22.33.44&gt;    | ...
-  # server B                | &lt;/VirtualHost&gt;
-  ...                   | &lt;VirtualHost 111.22.33.44&gt;
-  &lt;/VirtualHost&gt;          | # server B
-                                | ...
-  NameVirtualHost 111.22.33.55  | &lt;/VirtualHost&gt;
-  &lt;VirtualHost 111.22.33.55&gt;    | &lt;VirtualHost 111.22.33.55&gt;
-  # server C                | # server D
-  ...                   | ...
-  &lt;/VirtualHost&gt;          | &lt;/VirtualHost&gt;
-  &lt;VirtualHost 111.22.33.55&gt;    |
-  # server D                | NameVirtualHost 111.22.33.44
-  ...                   | NameVirtualHost 111.22.33.55
-  &lt;/VirtualHost&gt;          |
-                                |
-</pre>
-
-    <p>(To aid the readability of your configuration you should
-    prefer the left variant.)</p>
-
-    <p>After parsing the <code>VirtualHost</code> directive, the
-    vhost server is given a default <code>Port</code> equal to the
-    port assigned to the first name in its <code>VirtualHost</code>
-    directive.</p>
-
-    <p>The complete list of names in the <code>VirtualHost</code>
-    directive are treated just like a <code>ServerAlias</code> (but
-    are not overridden by any <code>ServerAlias</code> statement)
-    if all names resolve to the same address set. Note that
-    subsequent <code>Port</code> statements for this vhost will not
-    affect the ports assigned in the address set.</p>
-
-    <p>During initialization a list for each IP address is
-    generated and inserted into an hash table. If the IP address is
-    used in a <code>NameVirtualHost</code> directive the list
-    contains all name-based vhosts for the given IP address. If
-    there are no vhosts defined for that address the
-    <code>NameVirtualHost</code> directive is ignored and an error
-    is logged. For an IP-based vhost the list in the hash table is
-    empty.</p>
-
-    <p>Due to a fast hashing function the overhead of hashing an IP
-    address during a request is minimal and almost not existent.
-    Additionally the table is optimized for IP addresses which vary
-    in the last octet.</p>
-
-    <p>For every vhost various default values are set. In
-    particular:</p>
-
-    <ol>
-      <li>If a vhost has no <a
-      href="../mod/core.html#serveradmin"><code>ServerAdmin</code></a>,
-      <a
-      href="../mod/core.html#resourceconfig"><code>ResourceConfig</code></a>,
-      <a
-      href="../mod/core.html#accessconfig"><code>AccessConfig</code></a>,
-      <a href="../mod/core.html#timeout"><code>Timeout</code></a>,
-      <a
-      href="../mod/core.html#keepalivetimeout"><code>KeepAliveTimeout</code></a>,
-      <a
-      href="../mod/core.html#keepalive"><code>KeepAlive</code></a>,
-      <a
-      href="../mod/core.html#maxkeepaliverequests"><code>MaxKeepAliveRequests</code></a>,
-      or <a
-      href="../mod/core.html#sendbuffersize"><code>SendBufferSize</code></a>
-      directive then the respective value is inherited from the
-      main_server. (That is, inherited from whatever the final
-      setting of that value is in the main_server.)</li>
-
-      <li>The "lookup defaults" that define the default directory
-      permissions for a vhost are merged with those of the
-      main_server. This includes any per-directory configuration
-      information for any module.</li>
-
-      <li>The per-server configs for each module from the
-      main_server are merged into the vhost server.</li>
-    </ol>
-    Essentially, the main_server is treated as "defaults" or a
-    "base" on which to build each vhost. But the positioning of
-    these main_server definitions in the config file is largely
-    irrelevant -- the entire config of the main_server has been
-    parsed when this final merging occurs. So even if a main_server
-    definition appears after a vhost definition it might affect the
-    vhost definition. 
-
-    <p>If the main_server has no <code>ServerName</code> at this
-    point, then the hostname of the machine that httpd is running
-    on is used instead. We will call the <em>main_server address
-    set</em> those IP addresses returned by a DNS lookup on the
-    <code>ServerName</code> of the main_server.</p>
-
-    <p>For any undefined <code>ServerName</code> fields, a
-    name-based vhost defaults to the address given first in the
-    <code>VirtualHost</code> statement defining the vhost.</p>
-
-    <p>Any vhost that includes the magic <samp>_default_</samp>
-    wildcard is given the same <code>ServerName</code> as the
-    main_server.</p>
-
-    <h3>Virtual Host Matching</h3>
-
-    <p>The server determines which vhost to use for a request as
-    follows:</p>
-
-    <h4>Hash table lookup</h4>
-
-    <p>When the connection is first made by a client, the IP
-    address to which the client connected is looked up in the
-    internal IP hash table.</p>
-
-    <p>If the lookup fails (the IP address wasn't found) the
-    request is served from the <samp>_default_</samp> vhost if
-    there is such a vhost for the port to which the client sent the
-    request. If there is no matching <samp>_default_</samp> vhost
-    the request is served from the main_server.</p>
-
-    <p>In Apache 1.3.13 and later, if the IP address is not found
-    in the hash table then the match against the port number may
-    also result in an entry corresponding to a
-    <code>NameVirtualHost *</code>, which is subsequently handled
-    like other name-based vhosts.</p>
-
-    <p>If the lookup succeeded (a corresponding list for the IP
-    address was found) the next step is to decide if we have to
-    deal with an IP-based or a name-base vhost.</p>
-
-    <h4>IP-based vhost</h4>
-
-    <p>If the entry we found has an empty name list then we have
-    found an IP-based vhost, no further actions are performed and
-    the request is served from that vhost.</p>
-
-    <h4>Name-based vhost</h4>
-
-    <p>If the entry corresponds to a name-based vhost the name list
-    contains one or more vhost structures. This list contains the
-    vhosts in the same order as the <code>VirtualHost</code>
-    directives appear in the config file.</p>
-
-    <p>The first vhost on this list (the first vhost in the config
-    file with the specified IP address) has the highest priority
-    and catches any request to an unknown server name or a request
-    without a <code>Host:</code> header field.</p>
-
-    <p>If the client provided a <code>Host:</code> header field the
-    list is searched for a matching vhost and the first hit on a
-    <code>ServerName</code> or <code>ServerAlias</code> is taken
-    and the request is served from that vhost. A <code>Host:</code>
-    header field can contain a port number, but Apache always
-    matches against the real port to which the client sent the
-    request.</p>
-
-    <p>If the client submitted a HTTP/1.0 request without
-    <code>Host:</code> header field we don't know to what server
-    the client tried to connect and any existing
-    <code>ServerPath</code> is matched against the URI from the
-    request. The first matching path on the list is used and the
-    request is served from that vhost.</p>
-
-    <p>If no matching vhost could be found the request is served
-    from the first vhost with a matching port number that is on the
-    list for the IP to which the client connected (as already
-    mentioned before).</p>
-
-    <h4>Persistent connections</h4>
-    The IP lookup described above is only done <em>once</em> for a
-    particular TCP/IP session while the name lookup is done on
-    <em>every</em> request during a KeepAlive/persistent
-    connection. In other words a client may request pages from
-    different name-based vhosts during a single persistent
-    connection. 
-
-    <h4>Absolute URI</h4>
-
-    <p>If the URI from the request is an absolute URI, and its
-    hostname and port match the main server or one of the
-    configured virtual hosts <em>and</em> match the address and
-    port to which the client sent the request, then the
-    scheme/hostname/port prefix is stripped off and the remaining
-    relative URI is served by the corresponding main server or
-    virtual host. If it does not match, then the URI remains
-    untouched and the request is taken to be a proxy request.</p>
-
-    <h3>Observations</h3>
-
-    <ul>
-      <li>A name-based vhost can never interfere with an IP-base
-      vhost and vice versa. IP-based vhosts can only be reached
-      through an IP address of its own address set and never
-      through any other address. The same applies to name-based
-      vhosts, they can only be reached through an IP address of the
-      corresponding address set which must be defined with a
-      <code>NameVirtualHost</code> directive.</li>
-
-      <li><code>ServerAlias</code> and <code>ServerPath</code>
-      checks are never performed for an IP-based vhost.</li>
-
-      <li>The order of name-/IP-based, the <samp>_default_</samp>
-      vhost and the <code>NameVirtualHost</code> directive within
-      the config file is not important. Only the ordering of
-      name-based vhosts for a specific address set is significant.
-      The one name-based vhosts that comes first in the
-      configuration file has the highest priority for its
-      corresponding address set.</li>
-
-      <li>For security reasons the port number given in a
-      <code>Host:</code> header field is never used during the
-      matching process. Apache always uses the real port to which
-      the client sent the request.</li>
-
-      <li>If a <code>ServerPath</code> directive exists which is a
-      prefix of another <code>ServerPath</code> directive that
-      appears later in the configuration file, then the former will
-      always be matched and the latter will never be matched. (That
-      is assuming that no <code>Host:</code> header field was
-      available to disambiguate the two.)</li>
-
-      <li>If two IP-based vhosts have an address in common, the
-      vhost appearing first in the config file is always matched.
-      Such a thing might happen inadvertently. The server will give
-      a warning in the error logfile when it detects this.</li>
-
-      <li>A <code>_default_</code> vhost catches a request only if
-      there is no other vhost with a matching IP address
-      <em>and</em> a matching port number for the request. The
-      request is only caught if the port number to which the client
-      sent the request matches the port number of your
-      <code>_default_</code> vhost which is your standard
-      <code>Port</code> by default. A wildcard port can be
-      specified (<em>i.e.</em>, <code>_default_:*</code>) to catch
-      requests to any available port. In Apache 1.3.13 and later
-      this also applies to <code>NameVirtualHost *</code>
-      vhosts.</li>
-
-      <li>The main_server is only used to serve a request if the IP
-      address and port number to which the client connected is
-      unspecified and does not match any other vhost (including a
-      <code>_default_</code> vhost). In other words the main_server
-      only catches a request for an unspecified address/port
-      combination (unless there is a <code>_default_</code> vhost
-      which matches that port).</li>
-
-      <li>A <code>_default_</code> vhost or the main_server is
-      <em>never</em> matched for a request with an unknown or
-      missing <code>Host:</code> header field if the client
-      connected to an address (and port) which is used for
-      name-based vhosts, <em>e.g.</em>, in a
-      <code>NameVirtualHost</code> directive.</li>
-
-      <li>You should never specify DNS names in
-      <code>VirtualHost</code> directives because it will force
-      your server to rely on DNS to boot. Furthermore it poses a
-      security threat if you do not control the DNS for all the
-      domains listed. There's <a href="../dns-caveats.html">more
-      information</a> available on this and the next two
-      topics.</li>
-
-      <li><code>ServerName</code> should always be set for each
-      vhost. Otherwise A DNS lookup is required for each
-      vhost.</li>
-    </ul>
-
-    <h3>Tips</h3>
-
-    <p>In addition to the tips on the <a
-    href="../dns-caveats.html#tips">DNS Issues</a> page, here are
-    some further tips:</p>
-
-    <ul>
-      <li>Place all main_server definitions before any
-      <code>VirtualHost</code> definitions. (This is to aid the
-      readability of the configuration -- the post-config merging
-      process makes it non-obvious that definitions mixed in around
-      virtual hosts might affect all virtual hosts.)</li>
-
-      <li>Group corresponding <code>NameVirtualHost</code> and
-      <code>VirtualHost</code> definitions in your configuration to
-      ensure better readability.</li>
-
-      <li>Avoid <code>ServerPaths</code> which are prefixes of
-      other <code>ServerPaths</code>. If you cannot avoid this then
-      you have to ensure that the longer (more specific) prefix
-      vhost appears earlier in the configuration file than the
-      shorter (less specific) prefix (<em>i.e.</em>, "ServerPath
-      /abc" should appear after "ServerPath /abc/def").</li>
-    </ul>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/examples.html b/usr.sbin/httpd/htdocs/manual/vhosts/examples.html
deleted file mode 100644
index 6147e5ffc05..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/examples.html
+++ /dev/null
@@ -1,706 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>VirtualHost Examples</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Virtual Host examples for common setups</h1>
-
-    <h2>Base configuration</h2>
-
-    <ul>
-      <li><a href="#purename">Simple name-based vhosting</a></li>
-
-      <li><a href="#name">More complicated name-based
-      vhosts</a></li>
-
-      <li><a href="#ip">IP-based vhosts</a></li>
-
-      <li><a href="#mixed">Mixed name-/IP-based vhosts</a></li>
-
-      <li><a href="#port">Port-based vhosts</a></li>
-    </ul>
-
-    <h2>Additional features</h2>
-
-    <ul>
-      <li><a href="#default">Using <code>_default_</code>
-      vhosts</a></li>
-
-      <li><a href="#migrate">Migrating a named-based vhost to an
-      IP-based vhost</a></li>
-
-      <li><a href="#serverpath">Using the <code>ServerPath</code>
-      directive</a></li>
-    </ul>
-    <hr />
-
-    <h3><a id="purename" name="purename">Simple name-based
-    vhosting</a></h3>
-
-    <ul>
-      <li><strong>Compatibility:</strong> This syntax was added in
-      Apache 1.3.13.</li>
-
-      <li>
-        <strong>Setup:</strong> The server machine has a primary
-        name <samp>server.domain.tld</samp>. There are two aliases
-        (CNAMEs) <samp>www.domain.tld</samp> and
-        <samp>www.sub.domain.tld</samp> for the address
-        <samp>server.domain.tld</samp>. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Port 80
-    ServerName server.domain.tld
-
-    NameVirtualHost *
-
-    &lt;VirtualHost *&gt;
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    &lt;/VirtualHost&gt;
-    
-    &lt;VirtualHost *&gt;
-    DocumentRoot /www/subdomain
-    ServerName www.sub.domain.tld
-    ...
-    &lt;/VirtualHost&gt; 
-   
-</pre>
-          The asterisks match all addresses, so the main server
-          serves no requests. Due to the fact that
-          <samp>www.domain.tld</samp> is first in the configuration
-          file, it has the highest priority and can be seen as the
-          <cite>default</cite> or <cite>primary</cite> server.
-        </blockquote>
-      </li>
-    </ul>
-    <hr />
-
-    <h3><a id="name" name="name">More complicated name-based
-    vhosts</a></h3>
-
-    <ul>
-      <li>
-        <strong>Setup 1:</strong> The server machine has one IP
-        address (<samp>111.22.33.44</samp>) which resolves to the
-        name <samp>server.domain.tld</samp>. There are two aliases
-        (CNAMEs) <samp>www.domain.tld</samp> and
-        <samp>www.sub.domain.tld</samp> for the address
-        <samp>111.22.33.44</samp>. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Port 80
-    ServerName server.domain.tld
-
-    NameVirtualHost 111.22.33.44 
-
-    &lt;VirtualHost 111.22.33.44&gt;
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    &lt;/VirtualHost&gt;
-    
-    &lt;VirtualHost 111.22.33.44&gt;
-    DocumentRoot /www/subdomain
-    ServerName www.sub.domain.tld
-    ...
-    &lt;/VirtualHost&gt; 
-   
-</pre>
-          Apart from <samp>localhost</samp> there are no
-          unspecified addresses/ports, therefore the main server
-          only serves <samp>localhost</samp> requests. Due to the
-          fact that <samp>www.domain.tld</samp> has the highest
-          priority it can be seen as the <cite>default</cite> or
-          <cite>primary</cite> server.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Setup 2:</strong> The server machine has two IP
-        addresses (<samp>111.22.33.44</samp> and
-        <samp>111.22.33.55</samp>) which resolve to the names
-        <samp>server1.domain.tld</samp> and
-        <samp>server2.domain.tld</samp> respectively. The alias
-        <samp>www.domain.tld</samp> should be used for the main
-        server which should also catch any unspecified addresses.
-        We want to use a virtual host for the alias
-        <samp>www.otherdomain.tld</samp> and another virtual host,
-        with server name <samp>www.sub.domain.tld</samp>, should
-        catch any request to hostnames of the form
-        <samp>*.sub.domain.tld</samp>. The address
-        <samp>111.22.33.55</samp> should be used for the virtual
-        hosts. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Port 80
-    ServerName www.domain.tld
-    DocumentRoot /www/domain
-
-    NameVirtualHost 111.22.33.55
-
-    &lt;VirtualHost 111.22.33.55&gt;
-    DocumentRoot /www/otherdomain
-    ServerName www.otherdomain.tld
-    ...
-    &lt;/VirtualHost&gt;
-   
-    &lt;VirtualHost 111.22.33.55&gt;
-    DocumentRoot /www/subdomain
-    ServerName www.sub.domain.tld
-    ServerAlias *.sub.domain.tld
-    ...
-    &lt;/VirtualHost&gt; 
-   
-</pre>
-          Any request to an address other than
-          <samp>111.22.33.55</samp> will be served from the main
-          server. A request to <samp>111.22.33.55</samp> with an
-          unknown or no <code>Host:</code> header will be served
-          from <samp>www.otherdomain.tld</samp>.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Setup 3:</strong> The server machine has two IP
-        addresses (<samp>192.168.1.1</samp> and
-        <samp>111.22.33.55</samp>). The machine is sitting between
-        an internal (intranet) network and an external (internet)
-        network. Outside of the network, the name
-        <samp>server1.domain.tld</samp> resolves to the external
-        address (<samp>111.22.33.55</samp>), but inside the
-        network, that same name resolves to the internal address
-        (<samp>192.168.1.1</samp>). 
-
-        <p>The server can be made to respond to internal and
-        external requests with the same content, with just one
-        <code>VirtualHost</code> section.</p>
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    NameVirtualHost 192.168.1.1
-    NameVirtualHost 111.22.33.55
-
-    &lt;VirtualHost 192.168.1.1 111.22.33.55&gt;
-    DocumentRoot /www/server1
-    ServerName server1.domain.tld
-    ServerAlias server1
-    ...
-    &lt;/VirtualHost&gt;
-   
-</pre>
-        </blockquote>
-        Now requests from both networks will be served from the
-        same <code>VirtualHost</code>
-      </li>
-
-      <li>
-        <strong>Setup 4:</strong> You have multiple domains going
-        to the same IP and also want to serve multiple ports. By
-        defining the ports in the "NameVirtualHost" tag, you can
-        allow this to work. If you try using &lt;VirtualHost
-        name:port&gt; without the NameVirtualHost name:port or you
-        try to use the Port directive, your configuration will not
-        work. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...   
-    NameVirtualHost 111.22.33.44:80
-    NameVirtualHost 111.22.33.44:8080
-
-    &lt;VirtualHost 111.22.33.44:80&gt;
-    ServerName www.domain.tld
-    DocumentRoot /www/domain-80
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost 111.22.33.44:8080&gt;
-    ServerName www.domain.tld
-    DocumentRoot /www/domain-8080
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost 111.22.33.44:80&gt;
-    ServerName www.otherdomain.tld
-    DocumentRoot /www/otherdomain-80
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost 111.22.33.44:8080&gt;
-    ServerName www.otherdomain.tld
-    DocumentRoot /www/otherdomain-8080
-    &lt;/VirtualHost&gt;
-
-   
-</pre>
-        </blockquote>
-      </li>
-    </ul>
-    <hr />
-
-    <h3><a id="ip" name="ip">IP-based vhosts</a></h3>
-
-    <ul>
-      <li>
-        <strong>Setup 1:</strong> The server machine has two IP
-        addresses (<samp>111.22.33.44</samp> and
-        <samp>111.22.33.55</samp>) which resolve to the names
-        <samp>server.domain.tld</samp> and
-        <samp>www.otherdomain.tld</samp> respectively. The hostname
-        <samp>www.domain.tld</samp> is an alias (CNAME) for
-        <samp>server.domain.tld</samp> and will represent the main
-        server. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Port 80
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-
-    &lt;VirtualHost 111.22.33.55&gt;
-    DocumentRoot /www/otherdomain
-    ServerName www.otherdomain.tld
-    ...
-    &lt;/VirtualHost&gt;
-   
-</pre>
-          <samp>www.otherdomain.tld</samp> can only be reached
-          through the address <samp>111.22.33.55</samp>, while
-          <samp>www.domain.tld</samp> can only be reached through
-          <samp>111.22.33.44</samp> (which represents our main
-          server).
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Setup 2:</strong> Same as setup 1, but we don't
-        want to have a dedicated main server. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Port 80
-    ServerName server.domain.tld
-    
-    &lt;VirtualHost 111.22.33.44&gt;
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost 111.22.33.55&gt;
-    DocumentRoot /www/otherdomain
-    ServerName www.otherdomain.tld
-    ...
-    &lt;/VirtualHost&gt;
-   
-</pre>
-          The main server can never catch a request, because all IP
-          addresses of our machine are in use for IP-based virtual
-          hosts (only <samp>localhost</samp> requests can hit the
-          main server).
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Setup 3:</strong> The server machine has two IP
-        addresses (<samp>111.22.33.44</samp> and
-        <samp>111.22.33.55</samp>) which resolve to the names
-        <samp>server.domain.tld</samp> and
-        <samp>www-cache.domain.tld</samp> respectively. The
-        hostname <samp>www.domain.tld</samp> is an alias (CNAME)
-        for <samp>server.domain.tld</samp> and will represent the
-        main server. <samp>www-cache.domain.tld</samp> will become
-        our proxy-cache listening on port 8080, while the web
-        server itself uses the default port 80. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Port 80
-    Listen 111.22.33.44:80
-    Listen 111.22.33.55:8080
-    ServerName server.domain.tld
-    
-    &lt;VirtualHost 111.22.33.44:80&gt;
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost 111.22.33.55:8080&gt;
-    ServerName www-cache.domain.tld
-    ...
-      &lt;Directory proxy:&gt;
-      Order Deny,Allow
-      Deny from all
-      Allow from 111.22.33
-      &lt;/Directory&gt;
-    &lt;/VirtualHost&gt;
-   
-</pre>
-          The main server can never catch a request, because all IP
-          addresses (apart from <samp>localhost</samp>) of our
-          machine are in use for IP-based virtual hosts. The web
-          server can only be reached on the first address through
-          port 80 and the proxy only on the second address through
-          port 8080.
-        </blockquote>
-      </li>
-    </ul>
-    <hr />
-
-    <h3><a id="mixed" name="mixed">Mixed name-/IP-based
-    vhosts</a></h3>
-
-    <ul>
-      <li>
-        <strong>Setup:</strong> The server machine has three IP
-        addresses (<samp>111.22.33.44</samp>,
-        <samp>111.22.33.55</samp> and <samp>111.22.33.66</samp>)
-        which resolve to the names <samp>server.domain.tld</samp>,
-        <samp>www.otherdomain1.tld</samp> and
-        <samp>www.otherdomain2.tld</samp> respectively. The address
-        <samp>111.22.33.44</samp> should be used for a couple of
-        name-based vhosts and the other addresses for IP-based
-        vhosts. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Port 80
-    ServerName server.domain.tld
-
-    NameVirtualHost 111.22.33.44
-
-    &lt;VirtualHost 111.22.33.44&gt;
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    &lt;/VirtualHost&gt;
-   
-    &lt;VirtualHost 111.22.33.44&gt;
-    DocumentRoot /www/subdomain1
-    ServerName www.sub1.domain.tld
-    ...
-    &lt;/VirtualHost&gt; 
-    
-    &lt;VirtualHost 111.22.33.44&gt;
-    DocumentRoot /www/subdomain2
-    ServerName www.sub2.domain.tld
-    ...
-    &lt;/VirtualHost&gt; 
- 
-    &lt;VirtualHost 111.22.33.55&gt;
-    DocumentRoot /www/otherdomain1
-    ServerName www.otherdomain1.tld
-    ...
-    &lt;/VirtualHost&gt; 
-    
-    &lt;VirtualHost 111.22.33.66&gt;
-    DocumentRoot /www/otherdomain2
-    ServerName www.otherdomain2.tld
-    ...
-    &lt;/VirtualHost&gt;     
-   
-</pre>
-        </blockquote>
-      </li>
-    </ul>
-    <hr />
-
-    <h3><a id="port" name="port">Port-based vhosts</a></h3>
-
-    <ul>
-      <li>
-        <strong>Setup:</strong> The server machine has one IP
-        address (<samp>111.22.33.44</samp>) which resolves to the
-        name <samp>www.domain.tld</samp>. If we don't have the
-        option to get another address or alias for our server we
-        can use port-based vhosts if we need a virtual host with a
-        different configuration. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Listen 80
-    Listen 8080
-    ServerName www.domain.tld
-    DocumentRoot /www/domain
-
-    &lt;VirtualHost 111.22.33.44:8080&gt;
-    DocumentRoot /www/domain2
-    ...
-    &lt;/VirtualHost&gt;
-   
-</pre>
-          A request to <samp>www.domain.tld</samp> on port 80 is
-          served from the main server and a request to port 8080 is
-          served from the virtual host.
-        </blockquote>
-      </li>
-    </ul>
-    <hr />
-
-    <h3><a id="default" name="default">Using <code>_default_</code>
-    vhosts</a></h3>
-
-    <ul>
-      <li>
-        <strong>Setup 1:</strong> Catching <em>every</em> request
-        to any unspecified IP address and port, <em>i.e.</em>, an
-        address/port combination that is not used for any other
-        virtual host. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    &lt;VirtualHost _default_:*&gt;
-    DocumentRoot /www/default
-    ...
-    &lt;/VirtualHost&gt;
-   
-</pre>
-          Using such a default vhost with a wildcard port
-          effectively prevents any request going to the main
-          server.<br />
-           A default vhost never serves a request that was sent to
-          an address/port that is used for name-based vhosts. If
-          the request contained an unknown or no <code>Host:</code>
-          header it is always served from the primary name-based
-          vhost (the vhost for that address/port appearing first in
-          the configuration file).<br />
-           You can use <a
-          href="../mod/mod_alias.html#aliasmatch"><code>AliasMatch</code></a>
-          or <a
-          href="../mod/mod_rewrite.html#RewriteRule"><code>RewriteRule</code></a>
-          to rewrite any request to a single information page (or
-          script).
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Setup 2:</strong> Same as setup 1, but the server
-        listens on several ports and we want to use a second
-        <code>_default_</code> vhost for port 80. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    &lt;VirtualHost _default_:80&gt;
-    DocumentRoot /www/default80
-    ...
-    &lt;/VirtualHost&gt;
-    
-    &lt;VirtualHost _default_:*&gt;
-    DocumentRoot /www/default
-    ...
-    &lt;/VirtualHost&gt;    
-   
-</pre>
-          The default vhost for port 80 (which <em>must</em> appear
-          before any default vhost with a wildcard port) catches
-          all requests that were sent to an unspecified IP address.
-          The main server is never used to serve a request.
-        </blockquote>
-      </li>
-
-      <li>
-        <strong>Setup 3:</strong> We want to have a default vhost
-        for port 80, but no other default vhosts. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    &lt;VirtualHost _default_:80&gt;
-    DocumentRoot /www/default
-    ...
-    &lt;/VirtualHost&gt;
-   
-</pre>
-          A request to an unspecified address on port 80 is served
-          from the default vhost any other request to an
-          unspecified address and port is served from the main
-          server.
-        </blockquote>
-      </li>
-    </ul>
-    <hr />
-
-    <h3><a id="migrate" name="migrate">Migrating a name-based vhost
-    to an IP-based vhost</a></h3>
-
-    <ul>
-      <li>
-        <strong>Setup:</strong> The name-based vhost with the
-        hostname <samp>www.otherdomain.tld</samp> (from our <a
-        href="#name">name-based</a> example, setup 2) should get
-        its own IP address. To avoid problems with name servers or
-        proxies who cached the old IP address for the name-based
-        vhost we want to provide both variants during a migration
-        phase.<br />
-         The solution is easy, because we can simply add the new IP
-        address (<samp>111.22.33.66</samp>) to the
-        <code>VirtualHost</code> directive. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    Port 80
-    ServerName www.domain.tld
-    DocumentRoot /www/domain
-
-    NameVirtualHost 111.22.33.55
-
-    &lt;VirtualHost 111.22.33.55 111.22.33.66&gt;
-    DocumentRoot /www/otherdomain
-    ServerName www.otherdomain.tld
-    ...
-    &lt;/VirtualHost&gt;
-   
-    &lt;VirtualHost 111.22.33.55&gt;
-    DocumentRoot /www/subdomain
-    ServerName www.sub.domain.tld
-    ServerAlias *.sub.domain.tld
-    ...
-    &lt;/VirtualHost&gt;
-   
-</pre>
-          The vhost can now be accessed through the new address (as
-          an IP-based vhost) and through the old address (as a
-          name-based vhost).
-        </blockquote>
-      </li>
-    </ul>
-    <hr />
-
-    <h3><a id="serverpath" name="serverpath">Using the
-    <code>ServerPath</code> directive</a></h3>
-
-    <ul>
-      <li>
-        <strong>Setup:</strong> We have a server with two
-        name-based vhosts. In order to match the correct virtual
-        host a client must send the correct <code>Host:</code>
-        header. Old HTTP/1.0 clients do not send such a header and
-        Apache has no clue what vhost the client tried to reach
-        (and serves the request from the primary vhost). To provide
-        as much backward compatibility as possible we create a
-        primary vhost which returns a single page containing links
-        with an URL prefix to the name-based virtual hosts. 
-
-        <p><strong>Server configuration:</strong></p>
-
-        <blockquote>
-<pre>
-    ...
-    NameVirtualHost 111.22.33.44
-
-    &lt;VirtualHost 111.22.33.44&gt;
-    # primary vhost
-    DocumentRoot /www/subdomain
-    RewriteEngine On
-    RewriteRule ^/.* /www/subdomain/index.html
-    ...
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost 111.22.33.44&gt;
-    DocumentRoot /www/subdomain/sub1
-    ServerName www.sub1.domain.tld
-    ServerPath /sub1/
-    RewriteEngine On
-    RewriteRule ^(/sub1/.*) /www/subdomain$1 
-    ...
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost 111.22.33.44&gt;
-    DocumentRoot /www/subdomain/sub2
-    ServerName www.sub2.domain.tld
-    ServerPath /sub2/
-    RewriteEngine On
-    RewriteRule ^(/sub2/.*) /www/subdomain$1 
-    ...
-    &lt;/VirtualHost&gt;
-   
-</pre>
-          Due to the <a
-          href="../mod/core.html#serverpath"><code>ServerPath</code></a>
-          directive a request to the URL
-          <samp>http://www.sub1.domain.tld/sub1/</samp> is
-          <em>always</em> served from the sub1-vhost.<br />
-           A request to the URL
-          <samp>http://www.sub1.domain.tld/</samp> is only served
-          from the sub1-vhost if the client sent a correct
-          <code>Host:</code> header. If no <code>Host:</code>
-          header is sent the client gets the information page from
-          the primary host.<br />
-           Please note that there is one oddity: A request to
-          <samp>http://www.sub2.domain.tld/sub1/</samp> is also
-          served from the sub1-vhost if the client sent no
-          <code>Host:</code> header.<br />
-           The <code>RewriteRule</code> directives are used to make
-          sure that a client which sent a correct
-          <code>Host:</code> header can use both URL variants,
-          <em>i.e.</em>, with or without URL prefix.
-        </blockquote>
-      </li>
-    </ul>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/fd-limits.html b/usr.sbin/httpd/htdocs/manual/vhosts/fd-limits.html
deleted file mode 100644
index b548c1606b8..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/fd-limits.html
+++ /dev/null
@@ -1,87 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Server Virtual Host Support</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">File Descriptor Limits</h1>
-
-    <p>When using a large number of Virtual Hosts, Apache may run
-    out of available file descriptors (sometimes called <cite>file
-    handles</cite> if each Virtual Host specifies different log
-    files. The total number of file descriptors used by Apache is
-    one for each distinct error log file, one for every other log
-    file directive, plus 10-20 for internal use. Unix operating
-    systems limit the number of file descriptors that may be used
-    by a process; the limit is typically 64, and may usually be
-    increased up to a large hard-limit.</p>
-
-    <p>Although Apache attempts to increase the limit as required,
-    this may not work if:</p>
-
-    <ol>
-      <li>Your system does not provide the setrlimit() system
-      call.</li>
-
-      <li>The setrlimit(RLIMIT_NOFILE) call does not function on
-      your system (such as Solaris 2.3)</li>
-
-      <li>The number of file descriptors required exceeds the hard
-      limit.</li>
-
-      <li>Your system imposes other limits on file descriptors,
-      such as a limit on stdio streams only using file descriptors
-      below 256. (Solaris 2)</li>
-    </ol>
-    In the event of problems you can: 
-
-    <ul>
-      <li>Reduce the number of log files; don't specify log files
-      in the VirtualHost sections, but only log to the main log
-      files.</li>
-
-      <li>
-        If you system falls into 1 or 2 (above), then increase the
-        file descriptor limit before starting Apache, using a
-        script like 
-
-        <blockquote>
-          <code>#!/bin/sh<br />
-           ulimit -S -n 100<br />
-           exec httpd</code>
-        </blockquote>
-      </li>
-    </ul>
-
-    <p>Please see the <a
-    href="../misc/descriptors.html">Descriptors and Apache</a>
-    document containing further details about file descriptor
-    problems and how they can be solved on your operating
-    system.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/host.html b/usr.sbin/httpd/htdocs/manual/vhosts/host.html
deleted file mode 100644
index 4a09c6c5437..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/host.html
+++ /dev/null
@@ -1,183 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache non-IP Virtual Hosts</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache non-IP Virtual Hosts</h1>
-    <strong>See Also:</strong> <a href="virtual-host.html">Virtual
-    Host Support</a> 
-    <hr />
-
-    <h2>What is a Virtual Host</h2>
-
-    <p>The "Virtual Host" refers to the practice of maintaining
-    more than one server on one machine, as differentiated by their
-    apparent hostname. For example, it is often desirable for
-    companies sharing a web server to have their own domains, with
-    web servers accessible as <code>www.company1.com</code> and
-    <code>www.company2.com</code>, without requiring the user to
-    know any extra path information.</p>
-
-    <p>Apache was one of the first servers to support virtual hosts
-    right out of the box, but since the base <code>HTTP</code>
-    (HyperText Transport Protocol) standard does not allow any
-    method for the server to determine the hostname it is being
-    addressed as, Apache's virtual host support has required a
-    separate IP address for each server. Documentation on using
-    this approach (which still works very well) <a
-    href="virtual-host.html">is available</a>.</p>
-
-    <p>While the approach described above works, with the available
-    IP address space growing smaller, and the number of domains
-    increasing, it is not the most elegant solution, and is hard to
-    implement on some machines. The <code>HTTP/1.1</code> protocol
-    contains a method for the server to identify what name it is
-    being addressed as. Apache 1.1 and later support this approach
-    as well as the traditional IP-address-per-hostname method.</p>
-
-    <p>The benefits of using the new virtual host support is a
-    practically unlimited number of servers, ease of configuration
-    and use, and requires no additional hardware or software. The
-    main disadvantage is that the user's browser must support this
-    part of the protocol. The latest versions of many browsers
-    (including Netscape Navigator 2.0 and later) do, but many
-    browsers, especially older ones, do not. This can cause
-    problems, although a possible solution is addressed below.</p>
-
-    <h2>Using non-IP Virtual Hosts</h2>
-
-    <p>Using the new virtual hosts is quite easy, and superficially
-    looks like the old method. You simply add to one of the Apache
-    configuration files (most likely <code>httpd.conf</code> or
-    <code>srm.conf</code>) code similar to the following:</p>
-<pre>
-    &lt;VirtualHost www.apache.org&gt;
-    ServerName www.apache.org
-    DocumentRoot /usr/web/apache
-    &lt;/VirtualHost&gt;
-</pre>
-
-    <p>Of course, any additional directives can (and should) be
-    placed into the <code>&lt;VirtualHost&gt;</code> section. To
-    make this work, all that is needed is to make sure that the
-    <code>www.apache.org</code> DNS entry points to the same IP
-    address as the main server. Optionally, you could simply use
-    that IP address in the &lt;VirtualHost&gt; entry.</p>
-
-    <p>Additionally, many servers may wish to be accessible by more
-    than one name. For example, the Apache server might want to be
-    accessible as <code>apache.org</code>, or
-    <code>ftp.apache.org</code>, assuming the IP addresses pointed
-    to the same server. In fact, one might want it so that all
-    addresses at <code>apache.org</code> were picked up by the
-    server. This is possible with the <code>ServerAlias</code>
-    directive, placed inside the &lt;VirtualHost&gt; section. For
-    example:</p>
-<pre>
-    ServerAlias apache.org *.apache.org
-</pre>
-
-    <p>Note that you can use <code>*</code> and <code>?</code> as
-    wild-card characters.</p>
-
-    <p>You also might need ServerAlias if you are serving local
-    users who do not always include the domain name. For example,
-    if local users are familiar with typing "www" or "www.physics"
-    then you will need to add <code>ServerAlias www
-    www.physics</code>. It isn't possible for the server to know
-    what domain the client uses for their name resolution because
-    the client doesn't provide that information in the request.</p>
-
-    <h2>Security Considerations</h2>
-    Apache allows all virtual hosts to be made accessible via the
-    <code>Host:</code> header through all IP interfaces, even those
-    which are configured to use different IP interfaces. For
-    example, if the configuration for <code>www.foo.com</code>
-    contained a virtual host section for <code>www.bar.com</code>,
-    and <code>www.bar.com</code> was a separate IP interface, such
-    that non-<code>Host:</code>-header-supporting browsers can use
-    it, as before with Apache 1.0. If a request is made to
-    <code>www.foo.com</code> and the request includes the header
-    <code>Host: www.bar.com</code>, a page from
-    <code>www.bar.com</code> will be sent. 
-
-    <p>This is a security concern if you are controlling access to
-    a particular server based on IP-layer controls, such as from
-    within a firewall or router. Let's say <code>www.bar.com</code>
-    in the above example was instead an intra-net server called
-    <code>private.foo.com</code>, and the router used by foo.com
-    only let internal users access <code>private.foo.com</code>.
-    Obviously, <code>Host:</code> header functionality now allows
-    someone who has access to <code>www.foo.com</code> to get
-    <code>private.foo.com</code>, if they send a <code>Host:
-    private.foo.com</code> header. It is important to note that
-    this condition exists only if you only implement this policy at
-    the IP layer - all security controls used by Apache
-    (<em>i.e.</em>, <a href="../mod/mod_access.html">Allow, Deny
-    from,</a> <em>etc.</em>) are consistently respected.</p>
-
-    <h2>Compatibility with Older Browsers</h2>
-
-    <p>As mentioned earlier, a majority of browsers do not send the
-    required data for the new virtual hosts to work properly. These
-    browsers will always be sent to the main server's pages. There
-    is a workaround, albeit a slightly cumbersome one:</p>
-
-    <p>To continue the <code>www.apache.org</code> example (Note:
-    Apache's web server does not actually function in this manner),
-    we might use the new <code>ServerPath</code> directive in the
-    <code>www.apache.org</code> virtual host, for example:</p>
-<pre>
-    ServerPath /apache
-</pre>
-
-    <p>What does this mean? It means that a request for any file
-    beginning with "<code>/apache</code>" will be looked for in the
-    Apache docs. This means that the pages can be accessed as
-    <code>http://www.apache.org/apache/</code> for all browsers,
-    although new browsers can also access it as
-    <code>http://www.apache.org/</code>.</p>
-
-    <p>In order to make this work, put a link on your main server's
-    page to <code>http://www.apache.org/apache/</code> (Note: Do
-    not use <code>http://www.apache.org/</code> - this would create
-    an endless loop). Then, in the virtual host's pages, be sure to
-    use either purely relative links (<em>e.g.</em>,
-    "<code>file.html</code>" or "<code>../icons/image.gif</code>"
-    or links containing the prefacing <code>/apache/</code>
-    (<em>e.g.</em>,
-    "<code>http://www.apache.org/apache/file.html</code>" or
-    "<code>/apache/docs/1.1/index.html</code>").</p>
-
-    <p>This requires a bit of discipline, but adherence to these
-    guidelines will, for the most part, ensure that your pages will
-    work with all browsers, new and old. When a new browser
-    contacts <code>http://www.apache.org/</code>, they will be
-    directly taken to the Apache pages. Older browsers will be able
-    to click on the link from the main server, go to
-    <code>http://www.apache.org/apache/</code>, and then access the
-    pages.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/index.html b/usr.sbin/httpd/htdocs/manual/vhosts/index.html
deleted file mode 100644
index 8d3af61f1bf..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/index.html
+++ /dev/null
@@ -1,98 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Virtual Host documentation</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache Virtual Host documentation</h1>
-
-    <p>The term <cite>Virtual Host</cite> refers to the practice of
-    maintaining more than one server on one machine, as
-    differentiated by their apparent hostname. For example, it is
-    often desirable for companies sharing a web server to have
-    their own domains, with web servers accessible as
-    <samp>www.company1.com</samp> and
-    <samp>www.company2.com</samp>, without requiring the user to
-    know any extra path information.</p>
-
-    <p>Apache was one of the first servers to support IP-based
-    virtual hosts right out of the box. Versions 1.1 and later of
-    Apache support both, IP-based and name-based virtual hosts
-    (vhosts). The latter variant of virtual hosts is sometimes also
-    called host-based or non-IP virtual hosts.</p>
-
-    <p>Below is a list of documentation pages which explain all
-    details of virtual host support in Apache version 1.3 and
-    later.</p>
-    <hr />
-
-    <h2>Virtual Host Support</h2>
-
-    <ul>
-      <li><a href="name-based.html">Name-based Virtual
-      Hosts</a></li>
-
-      <li><a href="ip-based.html">IP-based Virtual Hosts</a></li>
-
-      <li><a href="examples.html">Virtual Host examples for common
-      setups</a></li>
-
-      <li><a href="details.html">In-Depth Discussion of Virtual
-      Host Matching</a></li>
-
-      <li><a href="fd-limits.html">File Descriptor Limits</a></li>
-
-      <li><a href="mass.html">Dynamically Configured Mass Virtual
-      Hosting</a></li>
-    </ul>
-
-    <h2>Configuration directives</h2>
-
-    <ul>
-      <li><a
-      href="../mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></li>
-
-      <li><a
-      href="../mod/core.html#namevirtualhost">NameVirtualHost</a></li>
-
-      <li><a href="../mod/core.html#servername">ServerName</a></li>
-
-      <li><a
-      href="../mod/core.html#serveralias">ServerAlias</a></li>
-
-      <li><a href="../mod/core.html#serverpath">ServerPath</a></li>
-    </ul>
-
-    <p>Folks trying to debug their virtual host configuration may
-    find the Apache <code>-S</code> command line switch useful. It
-    will dump out a description of how Apache parsed the
-    configuration file. Careful examination of the IP addresses and
-    server names may help uncover configuration mistakes. 
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-    </p>
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/ip-based.html b/usr.sbin/httpd/htdocs/manual/vhosts/ip-based.html
deleted file mode 100644
index b08b6e1fd2e..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/ip-based.html
+++ /dev/null
@@ -1,149 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache IP-based Virtual Host Support</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Apache IP-based Virtual Host Support</h1>
-    <strong>See also:</strong> <a href="name-based.html">Name-based
-    Virtual Hosts Support</a> 
-    <hr />
-
-    <h2>System requirements</h2>
-    As the term <cite>IP-based</cite> indicates, the server
-    <strong>must have a different IP address for each IP-based
-    virtual host</strong>. This can be achieved by the machine
-    having several physical network connections, or by use of
-    virtual interfaces which are supported by most modern operating
-    systems (see system documentation for details, these are
-    frequently called "ip aliases", and the "ifconfig" command is
-    most commonly used to set them up). 
-
-    <h2>How to set up Apache</h2>
-    There are two ways of configuring apache to support multiple
-    hosts. Either by running a separate httpd daemon for each
-    hostname, or by running a single daemon which supports all the
-    virtual hosts. 
-
-    <p>Use multiple daemons when:</p>
-
-    <ul>
-      <li>There are security partitioning issues, such as company1
-      does not want anyone at company2 to be able to read their
-      data except via the web. In this case you would need two
-      daemons, each running with different <a
-      href="../mod/core.html#user">User</a>, <a
-      href="../mod/core.html#group">Group</a>, <a
-      href="../mod/core.html#listen">Listen</a>, and <a
-      href="../mod/core.html#serverroot">ServerRoot</a>
-      settings.</li>
-
-      <li>You can afford the memory and <a
-      href="../misc/descriptors.html">file descriptor
-      requirements</a> of listening to every IP alias on the
-      machine. It's only possible to <a
-      href="../mod/core.html#listen">Listen</a> to the "wildcard"
-      address, or to specific addresses. So if you have a need to
-      listen to a specific address for whatever reason, then you
-      will need to listen to all specific addresses. (Although one
-      httpd could listen to N-1 of the addresses, and another could
-      listen to the remaining address.)</li>
-    </ul>
-    Use a single daemon when: 
-
-    <ul>
-      <li>Sharing of the httpd configuration between virtual hosts
-      is acceptable.</li>
-
-      <li>The machine services a large number of requests, and so
-      the performance loss in running separate daemons may be
-      significant.</li>
-    </ul>
-
-    <h2>Setting up multiple daemons</h2>
-    Create a separate httpd installation for each virtual host. For
-    each installation, use the <a
-    href="../mod/core.html#listen">Listen</a> directive in the
-    configuration file to select which IP address (or virtual host)
-    that daemon services. e.g. 
-<pre>
-    Listen www.smallco.com:80
-</pre>
-    It is recommended that you use an IP address instead of a
-    hostname (see <a href="../dns-caveats.html">DNS caveats</a>). 
-
-    <h2>Setting up a single daemon with virtual hosts</h2>
-    For this case, a single httpd will service requests for the
-    main server and all the virtual hosts. The <a
-    href="../mod/core.html#virtualhost">VirtualHost</a> directive
-    in the configuration file is used to set the values of <a
-    href="../mod/core.html#serveradmin">ServerAdmin</a>, <a
-    href="../mod/core.html#servername">ServerName</a>, <a
-    href="../mod/core.html#documentroot">DocumentRoot</a>, <a
-    href="../mod/core.html#errorlog">ErrorLog</a> and <a
-    href="../mod/mod_log_config.html#transferlog">TransferLog</a>
-    or <a href="../mod/mod_log_config.html#customlog">CustomLog</a>
-    configuration directives to different values for each virtual
-    host. e.g. 
-<pre>
-    &lt;VirtualHost www.smallco.com&gt;
-    ServerAdmin webmaster@mail.smallco.com
-    DocumentRoot /groups/smallco/www
-    ServerName www.smallco.com
-    ErrorLog /groups/smallco/logs/error_log
-    TransferLog /groups/smallco/logs/access_log
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost www.baygroup.org&gt;
-    ServerAdmin webmaster@mail.baygroup.org
-    DocumentRoot /groups/baygroup/www
-    ServerName www.baygroup.org
-    ErrorLog /groups/baygroup/logs/error_log
-    TransferLog /groups/baygroup/logs/access_log
-    &lt;/VirtualHost&gt;
-</pre>
-    It is recommended that you use an IP address instead of a
-    hostname (see <a href="../dns-caveats.html">DNS caveats</a>). 
-
-    <p>Almost <strong>any</strong> configuration directive can be
-    put in the VirtualHost directive, with the exception of
-    directives that control process creation and a few other
-    directives. To find out if a directive can be used in the
-    VirtualHost directive, check the <a
-    href="../mod/directive-dict.html#Context">Context</a> using the
-    <a href="../mod/directives.html">directive index</a>.</p>
-
-    <p><a href="../mod/core.html#user">User</a> and <a
-    href="../mod/core.html#group">Group</a> may be used inside a
-    VirtualHost directive if the <a href="../suexec.html">suEXEC
-    wrapper</a> is used.</p>
-
-    <p><em>SECURITY:</em> When specifying where to write log files,
-    be aware of some security risks which are present if anyone
-    other than the user that starts Apache has write access to the
-    directory where they are written. See the <a
-    href="../misc/security_tips.html">security tips</a> document
-    for details.</p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/mass.html b/usr.sbin/httpd/htdocs/manual/vhosts/mass.html
deleted file mode 100644
index 85c50b2846c..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/mass.html
+++ /dev/null
@@ -1,452 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Dynamically configured mass virtual hosting</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Dynamically configured mass virtual
-    hosting</h1>
-
-    <p>This document describes how to efficiently serve an
-    arbitrary number of virtual hosts with Apache 1.3. <!--
-
-                Written by Tony Finch (fanf@demon.net) (dot@dotat.at).
-
-                Some examples were derived from Ralf S. Engleschall's document
-                    http://www.engelschall.com/pw/apache/rewriteguide/
-
-                Some suggestions were made by Brian Behlendorf.
-
-                -->
-    </p>
-
-    <h2><a id="contents" name="contents">Contents:</a></h2>
-
-    <ul>
-      <li><a href="#motivation">Motivation</a></li>
-
-      <li><a href="#overview">Overview</a></li>
-
-      <li><a href="#simple">Simple dynamic virtual hosts</a></li>
-
-      <li><a href="#homepages">A virtually hosted homepages
-      system</a></li>
-
-      <li><a href="#combinations">Using more than one virtual
-      hosting system on the same server</a></li>
-
-      <li><a href="#ipbased">More efficient IP-based virtual
-      hosting</a></li>
-
-      <li><a href="#oldversion">Using older versions of
-      Apache</a></li>
-
-      <li><a href="#simple.rewrite">Simple dynamic virtual hosts
-      using <code>mod_rewrite</code></a></li>
-
-      <li><a href="#homepages.rewrite">A homepages system using
-      <code>mod_rewrite</code></a></li>
-
-      <li><a href="#xtra-conf">Using a separate virtual host
-      configuration file</a></li>
-    </ul>
-    <hr />
-
-    <h2><a id="motivation" name="motivation">Motivation</a></h2>
-
-    <p>The techniques described here are of interest if your
-    <code>httpd.conf</code> contains many
-    <code>&lt;VirtualHost&gt;</code> sections that are
-    substantially the same, for example:</p>
-<pre>
-NameVirtualHost 111.22.33.44
-&lt;VirtualHost 111.22.33.44&gt;
-    ServerName                 www.customer-1.com
-    DocumentRoot        /www/hosts/www.customer-1.com/docs
-    ScriptAlias  /cgi-bin/  /www/hosts/www.customer-1.com/cgi-bin
-&lt;/VirtualHost&gt;
-&lt;VirtualHost 111.22.33.44&gt;
-    ServerName                 www.customer-2.com
-    DocumentRoot        /www/hosts/www.customer-2.com/docs
-    ScriptAlias  /cgi-bin/  /www/hosts/www.customer-2.com/cgi-bin
-&lt;/VirtualHost&gt;
-# blah blah blah
-&lt;VirtualHost 111.22.33.44&gt;
-    ServerName                 www.customer-N.com
-    DocumentRoot        /www/hosts/www.customer-N.com/docs
-    ScriptAlias  /cgi-bin/  /www/hosts/www.customer-N.com/cgi-bin
-&lt;/VirtualHost&gt;
-</pre>
-    <br />
-     <br />
-     
-
-    <p>The basic idea is to replace all of the static
-    <code>&lt;VirtualHost&gt;</code> configuration with a mechanism
-    that works it out dynamically. This has a number of
-    advantages:</p>
-
-    <ol>
-      <li>Your configuration file is smaller so Apache starts
-      faster and uses less memory.</li>
-
-      <li>Adding virtual hosts is simply a matter of creating the
-      appropriate directories in the filesystem and entries in the
-      DNS - you don't need to reconfigure or restart Apache.</li>
-    </ol>
-    <br />
-     <br />
-     
-
-    <p>The main disadvantage is that you cannot have a different
-    log file for each virtual host; however if you have very many
-    virtual hosts then doing this is dubious anyway because it eats
-    file descriptors. It is better to log to a pipe or a fifo and
-    arrange for the process at the other end to distribute the logs
-    to the customers (it can also accumulate statistics, etc.).</p>
-    <hr />
-
-    <h2><a id="overview" name="overview">Overview</a></h2>
-
-    <p>A virtual host is defined by two pieces of information: its
-    IP address, and the contents of the <code>Host:</code> header
-    in the HTTP request. The dynamic mass virtual hosting technique
-    is based on automatically inserting this information into the
-    pathname of the file that is used to satisfy the request. This
-    is done most easily using <a
-    href="../mod/mod_vhost_alias.html"><code>mod_vhost_alias</code></a>,
-    but if you are using a version of Apache up to 1.3.6 then you
-    must use <a
-    href="../mod/mod_rewrite.html"><code>mod_rewrite</code></a>.
-    Both of these modules are disabled by default; you must enable
-    one of them when configuring and building Apache if you want to
-    use this technique.</p>
-
-    <p>A couple of things need to be `faked' to make the dynamic
-    virtual host look like a normal one. The most important is the
-    server name which is used by Apache to generate
-    self-referential URLs, etc. It is configured with the
-    <code>ServerName</code> directive, and it is available to CGIs
-    via the <code>SERVER_NAME</code> environment variable. The
-    actual value used at run time is controlled by the <a
-    href="../mod/core.html#usecanonicalname"><code>UseCanonicalName</code></a>
-    setting. With <code>UseCanonicalName Off</code> the server name
-    comes from the contents of the <code>Host:</code> header in the
-    request. With <code>UseCanonicalName DNS</code> it comes from a
-    reverse DNS lookup of the virtual host's IP address. The former
-    setting is used for name-based dynamic virtual hosting, and the
-    latter is used for IP-based hosting. If Apache cannot work out
-    the server name because there is no <code>Host:</code> header
-    or the DNS lookup fails then the value configured with
-    <code>ServerName</code> is used instead.</p>
-
-    <p>The other thing to `fake' is the document root (configured
-    with <code>DocumentRoot</code> and available to CGIs via the
-    <code>DOCUMENT_ROOT</code> environment variable). In a normal
-    configuration this setting is used by the core module when
-    mapping URIs to filenames, but when the server is configured to
-    do dynamic virtual hosting that job is taken over by another
-    module (either <code>mod_vhost_alias</code> or
-    <code>mod_rewrite</code>) which has a different way of doing
-    the mapping. Neither of these modules is responsible for
-    setting the <code>DOCUMENT_ROOT</code> environment variable so
-    if any CGIs or SSI documents make use of it they will get a
-    misleading value.</p>
-    <hr />
-
-    <h2><a id="simple" name="simple">Simple dynamic virtual
-    hosts</a></h2>
-
-    <p>This extract from <code>httpd.conf</code> implements the
-    virtual host arrangement outlined in the <a
-    href="#motivation">Motivation</a> section above, but in a
-    generic fashion using <code>mod_vhost_alias</code>.</p>
-<pre>
-# get the server name from the Host: header
-UseCanonicalName Off
-
-# this log format can be split per-virtual-host based on the first field
-LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
-CustomLog logs/access_log vcommon
-
-# include the server name in the filenames used to satisfy requests
-VirtualDocumentRoot /www/hosts/%0/docs
-VirtualScriptAlias  /www/hosts/%0/cgi-bin
-</pre>
-
-    <p>This configuration can be changed into an IP-based virtual
-    hosting solution by just turning <code>UseCanonicalName
-    Off</code> into <code>UseCanonicalName DNS</code>. The server
-    name that is inserted into the filename is then derived from
-    the IP address of the virtual host.</p>
-    <hr />
-
-    <h2><a id="homepages" name="homepages">A virtually hosted
-    homepages system</a></h2>
-
-    <p>This is an adjustment of the above system tailored for an
-    ISP's homepages server. Using a slightly more complicated
-    configuration we can select substrings of the server name to
-    use in the filename so that e.g. the documents for
-    <samp>www.user.isp.com</samp> are found in
-    <code>/home/user/</code>. It uses a single <code>cgi-bin</code>
-    directory instead of one per virtual host.</p>
-<pre>
-# all the preliminary stuff is the same as above, then
-
-# include part of the server name in the filenames
-VirtualDocumentRoot /www/hosts/%2/docs
-
-# single cgi-bin directory
-ScriptAlias  /cgi-bin/  /www/std-cgi/
-</pre>
-
-    <p>There are examples of more complicated
-    <code>VirtualDocumentRoot</code> settings in <a
-    href="../mod/mod_vhost_alias.html">the
-    <code>mod_vhost_alias</code> documentation</a>.</p>
-    <hr />
-
-    <h2><a id="combinations" name="combinations">Using more than
-    one virtual hosting system on the same server</a></h2>
-
-    <p>With more complicated setups you can use Apache's normal
-    <code>&lt;VirtualHost&gt;</code> directives to control the
-    scope of the various virtual hosting configurations. For
-    example, you could have one IP address for homepages customers
-    and another for commercial customers with the following setup.
-    This can of course be combined with conventional
-    <code>&lt;VirtualHost&gt;</code> configuration sections.</p>
-<pre>
-UseCanonicalName Off
-
-LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
-
-&lt;Directory /www/commercial&gt;
-    Options FollowSymLinks
-    AllowOverride All
-&lt;/Directory&gt;
-
-&lt;Directory /www/homepages&gt;
-    Options FollowSymLinks
-    AllowOverride None
-&lt;/Directory&gt;
-
-&lt;VirtualHost 111.22.33.44&gt;
-    ServerName www.commercial.isp.com
-
-    CustomLog logs/access_log.commercial vcommon
-
-    VirtualDocumentRoot /www/commercial/%0/docs
-    VirtualScriptAlias  /www/commercial/%0/cgi-bin
-&lt;/VirtualHost&gt;
-
-&lt;VirtualHost 111.22.33.45&gt;
-    ServerName www.homepages.isp.com
-
-    CustomLog logs/access_log.homepages vcommon
-
-    VirtualDocumentRoot /www/homepages/%0/docs
-    ScriptAlias         /cgi-bin/ /www/std-cgi/
-&lt;/VirtualHost&gt;
-</pre>
-    <hr />
-
-    <h2><a id="ipbased" name="ipbased">More efficient IP-based
-    virtual hosting</a></h2>
-
-    <p>After <a href="#simple">the first example</a> I noted that
-    it is easy to turn it into an IP-based virtual hosting setup.
-    Unfortunately that configuration is not very efficient because
-    it requires a DNS lookup for every request. This can be avoided
-    by laying out the filesystem according to the IP addresses
-    themselves rather than the corresponding names and changing the
-    logging similarly. Apache will then usually not need to work
-    out the server name and so incur a DNS lookup.</p>
-<pre>
-# get the server name from the reverse DNS of the IP address
-UseCanonicalName DNS
-
-# include the IP address in the logs so they may be split
-LogFormat "%A %h %l %u %t \"%r\" %s %b" vcommon
-CustomLog logs/access_log vcommon
-
-# include the IP address in the filenames
-VirtualDocumentRootIP /www/hosts/%0/docs
-VirtualScriptAliasIP  /www/hosts/%0/cgi-bin
-</pre>
-    <hr />
-
-    <h2><a id="oldversion" name="oldversion">Using older versions
-    of Apache</a></h2>
-
-    <p>The examples above rely on <code>mod_vhost_alias</code>
-    which appeared after version 1.3.6. If you are using a version
-    of Apache without <code>mod_vhost_alias</code> then you can
-    implement this technique with <code>mod_rewrite</code> as
-    illustrated below, but only for Host:-header-based virtual
-    hosts.</p>
-
-    <p>In addition there are some things to beware of with logging.
-    Apache 1.3.6 is the first version to include the
-    <code>%V</code> log format directive; in versions 1.3.0 - 1.3.3
-    the <code>%v</code> option did what <code>%V</code> does;
-    version 1.3.4 has no equivalent. In all these versions of
-    Apache the <code>UseCanonicalName</code> directive can appear
-    in <code>.htaccess</code> files which means that customers can
-    cause the wrong thing to be logged. Therefore the best thing to
-    do is use the <code>%{Host}i</code> directive which logs the
-    <code>Host:</code> header directly; note that this may include
-    <code>:port</code> on the end which is not the case for
-    <code>%V</code>.</p>
-    <hr />
-
-    <h2><a id="simple.rewrite" name="simple.rewrite">Simple dynamic
-    virtual hosts using <code>mod_rewrite</code></a></h2>
-
-    <p>This extract from <code>httpd.conf</code> does the same
-    thing as <a href="#simple">the first example</a>. The first
-    half is very similar to the corresponding part above but with
-    some changes for backward compatibility and to make the
-    <code>mod_rewrite</code> part work properly; the second half
-    configures <code>mod_rewrite</code> to do the actual work.</p>
-
-    <p>There are a couple of especially tricky bits: By default,
-    <code>mod_rewrite</code> runs before the other URI translation
-    modules (<code>mod_alias</code> etc.) so if they are used then
-    <code>mod_rewrite</code> must be configured to accommodate
-    them. Also, mome magic must be performed to do a
-    per-dynamic-virtual-host equivalent of
-    <code>ScriptAlias</code>.</p>
-<pre>
-# get the server name from the Host: header
-UseCanonicalName Off
-
-# splittable logs
-LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
-CustomLog logs/access_log vcommon
-
-&lt;Directory /www/hosts&gt;
-    # ExecCGI is needed here because we can't force
-    # CGI execution in the way that ScriptAlias does
-    Options FollowSymLinks ExecCGI
-&lt;/Directory&gt;
-
-# now for the hard bit
-
-RewriteEngine On
-
-# a ServerName derived from a Host: header may be any case at all
-RewriteMap  lowercase  int:tolower
-
-## deal with normal documents first:
-# allow Alias /icons/ to work - repeat for other aliases
-RewriteCond  %{REQUEST_URI}  !^/icons/
-# allow CGIs to work
-RewriteCond  %{REQUEST_URI}  !^/cgi-bin/
-# do the magic
-RewriteRule  ^/(.*)$  /www/hosts/${lowercase:%{SERVER_NAME}}/docs/$1
-
-## and now deal with CGIs - we have to force a MIME type
-RewriteCond  %{REQUEST_URI}  ^/cgi-bin/
-RewriteRule  ^/(.*)$  /www/hosts/${lowercase:%{SERVER_NAME}}/cgi-bin/$1  [T=application/x-httpd-cgi]
-
-# that's it!
-</pre>
-    <hr />
-
-    <h2><a id="homepages.rewrite" name="homepages.rewrite">A
-    homepages system using <code>mod_rewrite</code></a></h2>
-
-    <p>This does the same thing as <a href="#homepages">the second
-    example</a>.</p>
-<pre>
-RewriteEngine on
-
-RewriteMap   lowercase  int:tolower
-
-# allow CGIs to work
-RewriteCond  %{REQUEST_URI}  !^/cgi-bin/
-
-# check the hostname is right so that the RewriteRule works
-RewriteCond  ${lowercase:%{SERVER_NAME}}  ^www\.[a-z-]+\.isp\.com$
-
-# concatenate the virtual host name onto the start of the URI
-# the [C] means do the next rewrite on the result of this one
-RewriteRule  ^(.+)  ${lowercase:%{SERVER_NAME}}$1  [C]
-
-# now create the real file name
-RewriteRule  ^www\.([a-z-]+)\.isp\.com/(.*) /home/$1/$2
-
-# define the global CGI directory
-ScriptAlias  /cgi-bin/  /www/std-cgi/
-</pre>
-    <hr />
-
-    <h2><a id="xtra-conf" name="xtra-conf">Using a separate virtual
-    host configuration file</a></h2>
-
-    <p>This arrangement uses more advanced <code>mod_rewrite</code>
-    features to get the translation from virtual host to document
-    root from a separate configuration file. This provides more
-    flexibility but requires more complicated configuration.</p>
-
-    <p>The <code>vhost.map</code> file contains something like
-    this:</p>
-<pre>
-www.customer-1.com  /www/customers/1
-www.customer-2.com  /www/customers/2
-# ...
-www.customer-N.com  /www/customers/N
-</pre>
-    <br />
-     <br />
-     
-
-    <p>The <code>http.conf</code> contains this:</p>
-<pre>
-RewriteEngine on
-
-RewriteMap   lowercase  int:tolower
-
-# define the map file
-RewriteMap   vhost      txt:/www/conf/vhost.map
-
-# deal with aliases as above
-RewriteCond  %{REQUEST_URI}               !^/icons/
-RewriteCond  %{REQUEST_URI}               !^/cgi-bin/
-RewriteCond  ${lowercase:%{SERVER_NAME}}  ^(.+)$
-# this does the file-based remap
-RewriteCond  ${vhost:%1}                  ^(/.*)$
-RewriteRule  ^/(.*)$                      %1/docs/$1
-
-RewriteCond  %{REQUEST_URI}               ^/cgi-bin/
-RewriteCond  ${lowercase:%{SERVER_NAME}}  ^(.+)$
-RewriteCond  ${vhost:%1}                  ^(/.*)$
-RewriteRule  ^/(.*)$                      %1/cgi-bin/$1
-</pre>
-    <br />
-     <br />
-         <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html b/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html
deleted file mode 100644
index 52f9c818764..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html
+++ /dev/null
@@ -1,254 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <title>Name-based Virtual Hosts</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Name-based Virtual Host Support</h1>
-
-<p>This document describes when and how to use name-based virtual hosts.</p>
-
-<ul>
-<li><a href="#namevip">Name-based vs. IP-based Virtual Hosts</a></li>
-<li><a href="#using">Using Name-based Virtual Hosts</a></li>
-<li><a href="#compat">Compatibility With Older Browsers</a></li>
-</ul>
-
-<p>See also: <a href="examples.html">Virtual Host examples for common
-setups</a>, <a href="ip-based.html">IP-based Virtual Host Support</a>,
-<a href="details.html">An In-Depth Discussion of Virtual Host
-Matching</a>, and <a href="mass.html">Dynamically configured mass
-virtual hosting</a>.</p>
-
-<hr />
-
-<h2><a name="namevip">Name-based vs. IP-based Virtual Hosts</a></h2>
-
-<p>IP-based virtual hosts use the IP address of the connection to
-determine the correct virtual host to serve.  Therefore you need to
-have a separate IP address for each host.  With name-based virtual
-hosting, the server relies on the client to report the hostname as
-part of the HTTP headers.  Using this technique, many different hosts
-can share the same IP address.</p>
-
-<p>Name-based virtual hosting is usually simpler, since you need
-only configure your DNS server to map each hostname to the correct
-IP address and then configure the Apache HTTP Server to recognize
-the different hostnames.  Name-based virtual hosting also eases
-the demand for scarce IP addresses.  Therefore you should use
-name-based virtual hosting unless there is a specific reason to
-choose IP-based virtual hosting.  Some reasons why you might consider
-using IP-based virtual hosting:</p>
-
-<ul> 
-
-<li>Some ancient clients are not compatible with name-based virtual
-hosting.  For name-based virtual hosting to work, the client must send
-the HTTP Host header.  This is required by HTTP/1.1, and is
-implemented by all modern HTTP/1.0 browsers as an extension.  If you
-need to support obsolete clients and still use name-based virtual
-hosting, a possible technique is discussed at the end of this
-document.</li>
-
-<li>Name-based virtual hosting cannot be used with SSL secure servers
-because of the nature of the SSL protocol.</li>
-
-<li>Some operating systems and network equipment implement bandwidth
-management techniques that cannot differentiate between hosts unless
-they are on separate IP addresses.</li>
-
-</ul>
-
-<h2><a name="using">Using Name-based Virtual Hosts</a></h2>
-
-<table border="1">
-<tr><td align="top">
-<strong>Related Directives</strong><br><br>
-
-<a href="../mod/core.html#documentroot">DocumentRoot</a><br />
-<a href="../mod/core.html#namevirtualhost">NameVirtualHost</a><br />
-<a href="../mod/core.html#serveralias">ServerAlias</a><br />
-<a href="../mod/core.html#servername">ServerName</a><br />
-<a href="../mod/core.html#serverpath">ServerPath</a><br />
-<a href="../mod/core.html#virtualhost">VirtualHost</a><br />
-</td></tr></table>
-
-<p>To use name-based virtual hosting, you must designate the IP
-address (and possibly port) on the server that will be accepting
-requests for the hosts.  This is configured using the <a
-href="../mod/core.html#namevirtualhost">NameVirtualHost</a> directive.
-In the normal case where any and all IP addresses on the server should
-be used, you can use <code>*</code> as the argument to
-<code>NameVirtualHost</code>.  (<code>NameVirtualHost *</code> will
-work only in version 1.3.13 and later.)  Note that mentioning an IP
-address in a <code>NameVirtualHost</code> directive does not
-automatically make the server listen to that IP address.  See <a
-href="../bind.html">Setting which addresses and ports Apache uses</a>
-for more details.  In addition, any IP address specified here must be
-associated with a network interface on the server.</p>
-
-<p>The next step is to create a <a
-href="../mod/core.html#virtualhost">&lt;VirtualHost&gt;</a> block for
-each different host that you would like to serve.  The argument to the
-<code>&lt;VirtualHost&gt;</code> directive should be the same as the
-argument to the <code>NameVirtualHost</code> directive (ie, an IP
-address, or <code>*</code> for all addresses).  Inside each
-<code>&lt;VirtualHost&gt;</code> block, you will need at minimum a <a
-href="../mod/core.html#servername">ServerName</a> directive to
-designate which host is served and a <a
-href="../mod/core.html#documentroot">DocumentRoot</a> directive to
-show where in the filesystem the content for that host lives.</p>
-
-<p>If you are adding virtual hosts to an existing web server, you
-must also create a &lt;VirtualHost&gt; block for the existing host.
-The <code>ServerName</code> and <code>DocumentRoot</code> included in
-this virtual host should be the same as the global
-<code>ServerName</code> and <code>DocumentRoot</code>.  List this
-virtual host first in the configuration file so that it will act as
-the default host.</p>
-
-<p>For example, suppose that you are serving the domain
-<samp>www.domain.tld</samp> and you wish to add the virtual host
-<samp>www.otherdomain.tld</samp>, which points at the same IP address.
-Then you simply add the following to <code>httpd.conf</code>:</p>
-<pre>
-    NameVirtualHost *
-
-    &lt;VirtualHost *&gt;
-    ServerName www.domain.tld
-    DocumentRoot /www/domain
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost *&gt;
-    ServerName www.otherdomain.tld
-    DocumentRoot /www/otherdomain
-    &lt;/VirtualHost&gt;
-</pre>
-
-<p>You can alternatively specify an explicit IP address in place of
-the * in both the <code>NameVirtualHost</code> and
-<code>&lt;VirtualHost&gt;</code> directives.  The IP address is
-required in version 1.3.12 and earlier.</p>
-
-<p>Many servers want to be accessible by more than one name.  This is
-possible with the <a
-href="../mod/core.html#serveralias"><code>ServerAlias</code></a>
-directive, placed inside the &lt;VirtualHost&gt; section. For
-example if you add this to the first &lt;VirtualHost&gt; block
-above</p> 
-
-<blockquote><code> 
-ServerAlias domain.tld *.domain.tld
-</code></blockquote>
-
-<p>then requests for all hosts in the <code>domain.tld</code> domain
-will be served by the <code>www.domain.tld</code> virtual host.  The
-wildcard characters * and ? can be used to match names.  Of course,
-you can't just make up names and place them in <code>ServerName</code>
-or <code>ServerAlias</code>.  You must first have your DNS server
-properly configured to map those names to an IP address associated
-with your server.</p>
-
-<p>Finally, you can fine-tune the configuration of the virtual hosts
-by placing other directives inside the
-<code>&lt;VirtualHost&gt;</code> containers.  Most directives can be
-placed in these containers and will then change the configuration only
-of the relevant virtual host.  To find out if a particular directive
-is allowed, check the <a
-href="../mod/directive-dict.html#Context">Context</a> of the
-directive.  Configuration directives set in the <em>main server
-context</em> (outside any <code>&lt;VirtualHost&gt;</code> container)
-will be used only if they are not overridden by the virtual host
-settings.</p>
-
-<p>Now when a request arrives, the server will first check if it is
-using an IP address that matches the <code>NameVirtualHost</code>.  If
-it is, then it will look at each <code>&lt;VirtualHost&gt;</code>
-section with a matching IP address and try to find one where the
-<code>ServerName</code> or <code>ServerAlias</code> matches the
-requested hostname.  If it finds one, then it uses the configuration
-for that server.  If no matching virtual host is found, then
-<strong>the first listed virtual host</strong> that matches the IP
-address will be used.</p>
-
-<p>As a consequence, the first listed virtual host is the
-<em>default</em> virtual host.  The <code>DocumentRoot</code> from the
-<em>main server</em> will <strong>never</strong> be used when an IP
-address matches the <code>NameVirtualHost</code> directive.  If you
-would like to have a special configuration for requests that do not
-match any particular virtual host, simply put that configuration in a
-<code>&lt;VirtualHost&gt;</code> container and list it first in the
-configuration file.</p>
-
-<h2><a name="compat">Compatibility with Older Browsers</a></h2>
-
-    <p>As mentioned earlier, there are some clients 
-    who do not send the required data for the name-based virtual
-    hosts to work properly. These clients will always be sent the
-    pages from the first virtual host listed for that IP address
-    (the <cite>primary</cite> name-based virtual host).</p>
-
-    <p>There is a possible workaround with the <a
-    href="../mod/core.html#serverpath"><code>ServerPath</code></a>
-    directive, albeit a slightly cumbersome one:</p>
-
-    <p>Example configuration:</p>
-<pre>
-    NameVirtualHost 111.22.33.44
-
-    &lt;VirtualHost 111.22.33.44&gt;
-    ServerName www.domain.tld
-    ServerPath /domain
-    DocumentRoot /web/domain
-    &lt;/VirtualHost&gt;
-</pre>
-
-    <p>What does this mean? It means that a request for any URI
-    beginning with "<samp>/domain</samp>" will be served from the
-    virtual host <samp>www.domain.tld</samp> This means that the
-    pages can be accessed as
-    <code>http://www.domain.tld/domain/</code> for all clients,
-    although clients sending a <samp>Host:</samp> header can also
-    access it as <code>http://www.domain.tld/</code>.</p>
-
-    <p>In order to make this work, put a link on your primary
-    virtual host's page to
-    <samp>http://www.domain.tld/domain/</samp> Then, in the virtual
-    host's pages, be sure to use either purely relative links
-    (<em>e.g.</em>, "<samp>file.html</samp>" or
-    "<samp>../icons/image.gif</samp>" or links containing the
-    prefacing <samp>/domain/</samp> (<em>e.g.</em>,
-    "<samp>http://www.domain.tld/domain/misc/file.html</samp>" or
-    "<samp>/domain/misc/file.html</samp>").</p>
-
-    <p>This requires a bit of discipline, but adherence to these
-    guidelines will, for the most part, ensure that your pages will
-    work with all browsers, new and old.</p>
-
-    <p>See also: <a href="examples.html#serverpath">ServerPath
-    configuration example</a></p>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
-
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html b/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html
deleted file mode 100644
index f4717d3c5d8..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html
+++ /dev/null
@@ -1,396 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>An In-Depth Discussion of VirtualHost Matching</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">An In-Depth Discussion of VirtualHost
-    Matching</h1>
-
-    <p>This is a very rough document that was probably out of date
-    the moment it was written. It attempts to explain exactly what
-    the code does when deciding what virtual host to serve a hit
-    from. It's provided on the assumption that something is better
-    than nothing. The server version under discussion is Apache
-    1.2.</p>
-
-    <p>If you just want to "make it work" without understanding
-    how, there's a <a href="#whatworks">What Works</a> section at
-    the bottom.</p>
-
-    <h3>Config File Parsing</h3>
-
-    <p>There is a main_server which consists of all the definitions
-    appearing outside of <code>VirtualHost</code> sections. There
-    are virtual servers, called <em>vhosts</em>, which are defined
-    by <a
-    href="../mod/core.html#virtualhost"><samp>VirtualHost</samp></a>
-    sections.</p>
-
-    <p>The directives <a
-    href="../mod/core.html#port"><samp>Port</samp></a>, <a
-    href="../mod/core.html#servername"><samp>ServerName</samp></a>,
-    <a
-    href="../mod/core.html#serverpath"><samp>ServerPath</samp></a>,
-    and <a
-    href="../mod/core.html#serveralias"><samp>ServerAlias</samp></a>
-    can appear anywhere within the definition of a server. However,
-    each appearance overrides the previous appearance (within that
-    server).</p>
-
-    <p>The default value of the <code>Port</code> field for
-    main_server is 80. The main_server has no default
-    <code>ServerName</code>, <code>ServerPath</code>, or
-    <code>ServerAlias</code>.</p>
-
-    <p>In the absence of any <a
-    href="../mod/core.html#listen"><samp>Listen</samp></a>
-    directives, the (final if there are multiple) <code>Port</code>
-    directive in the main_server indicates which port httpd will
-    listen on.</p>
-
-    <p>The <code>Port</code> and <code>ServerName</code> directives
-    for any server main or virtual are used when generating URLs
-    such as during redirects.</p>
-
-    <p>Each address appearing in the <code>VirtualHost</code>
-    directive can have an optional port. If the port is unspecified
-    it defaults to the value of the main_server's most recent
-    <code>Port</code> statement. The special port <samp>*</samp>
-    indicates a wildcard that matches any port. Collectively the
-    entire set of addresses (including multiple <samp>A</samp>
-    record results from DNS lookups) are called the vhost's
-    <em>address set</em>.</p>
-
-    <p>The magic <code>_default_</code> address has significance
-    during the matching algorithm. It essentially matches any
-    unspecified address.</p>
-
-    <p>After parsing the <code>VirtualHost</code> directive, the
-    vhost server is given a default <code>Port</code> equal to the
-    port assigned to the first name in its <code>VirtualHost</code>
-    directive. The complete list of names in the
-    <code>VirtualHost</code> directive are treated just like a
-    <code>ServerAlias</code> (but are not overridden by any
-    <code>ServerAlias</code> statement). Note that subsequent
-    <code>Port</code> statements for this vhost will not affect the
-    ports assigned in the address set.</p>
-
-    <p>All vhosts are stored in a list which is in the reverse
-    order that they appeared in the config file. For example, if
-    the config file is:</p>
-
-    <blockquote>
-<pre>
-    &lt;VirtualHost A&gt;
-    ...
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost B&gt;
-    ...
-    &lt;/VirtualHost&gt;
-
-    &lt;VirtualHost C&gt;
-    ...
-    &lt;/VirtualHost&gt;
-</pre>
-    </blockquote>
-    Then the list will be ordered: main_server, C, B, A. Keep this
-    in mind. 
-
-    <p>After parsing has completed, the list of servers is scanned,
-    and various merges and default values are set. In
-    particular:</p>
-
-    <ol>
-      <li>If a vhost has no <a
-      href="../mod/core.html#serveradmin"><code>ServerAdmin</code></a>,
-      <a
-      href="../mod/core.html#resourceconfig"><code>ResourceConfig</code></a>,
-      <a
-      href="../mod/core.html#accessconfig"><code>AccessConfig</code></a>,
-      <a href="../mod/core.html#timeout"><code>Timeout</code></a>,
-      <a
-      href="../mod/core.html#keepalivetimeout"><code>KeepAliveTimeout</code></a>,
-      <a
-      href="../mod/core.html#keepalive"><code>KeepAlive</code></a>,
-      <a
-      href="../mod/core.html#maxkeepaliverequests"><code>MaxKeepAliveRequests</code></a>,
-      or <a
-      href="../mod/core.html#sendbuffersize"><code>SendBufferSize</code></a>
-      directive then the respective value is inherited from the
-      main_server. (That is, inherited from whatever the final
-      setting of that value is in the main_server.)</li>
-
-      <li>The "lookup defaults" that define the default directory
-      permissions for a vhost are merged with those of the main
-      server. This includes any per-directory configuration
-      information for any module.</li>
-
-      <li>The per-server configs for each module from the
-      main_server are merged into the vhost server.</li>
-    </ol>
-    Essentially, the main_server is treated as "defaults" or a
-    "base" on which to build each vhost. But the positioning of
-    these main_server definitions in the config file is largely
-    irrelevant -- the entire config of the main_server has been
-    parsed when this final merging occurs. So even if a main_server
-    definition appears after a vhost definition it might affect the
-    vhost definition. 
-
-    <p>If the main_server has no <code>ServerName</code> at this
-    point, then the hostname of the machine that httpd is running
-    on is used instead. We will call the <em>main_server address
-    set</em> those IP addresses returned by a DNS lookup on the
-    <code>ServerName</code> of the main_server.</p>
-
-    <p>Now a pass is made through the vhosts to fill in any missing
-    <code>ServerName</code> fields and to classify the vhost as
-    either an <em>IP-based</em> vhost or a <em>name-based</em>
-    vhost. A vhost is considered a name-based vhost if any of its
-    address set overlaps the main_server (the port associated with
-    each address must match the main_server's <code>Port</code>).
-    Otherwise it is considered an IP-based vhost.</p>
-
-    <p>For any undefined <code>ServerName</code> fields, a
-    name-based vhost defaults to the address given first in the
-    <code>VirtualHost</code> statement defining the vhost. Any
-    vhost that includes the magic <samp>_default_</samp> wildcard
-    is given the same <code>ServerName</code> as the main_server.
-    Otherwise the vhost (which is necessarily an IP-based vhost) is
-    given a <code>ServerName</code> based on the result of a
-    reverse DNS lookup on the first address given in the
-    <code>VirtualHost</code> statement.</p>
-
-    <h3>Vhost Matching</h3>
-
-    <p><strong>Apache 1.3 differs from what is documented here, and
-    documentation still has to be written.</strong></p>
-
-    <p>The server determines which vhost to use for a request as
-    follows:</p>
-
-    <p><code>find_virtual_server</code>: When the connection is
-    first made by the client, the local IP address (the IP address
-    to which the client connected) is looked up in the server list.
-    A vhost is matched if it is an IP-based vhost, the IP address
-    matches and the port matches (taking into account
-    wildcards).</p>
-
-    <p>If no vhosts are matched then the last occurrence, if it
-    appears, of a <samp>_default_</samp> address (which if you
-    recall the ordering of the server list mentioned above means
-    that this would be the first occurrence of
-    <samp>_default_</samp> in the config file) is matched.</p>
-
-    <p>In any event, if nothing above has matched, then the
-    main_server is matched.</p>
-
-    <p>The vhost resulting from the above search is stored with
-    data about the connection. We'll call this the <em>connection
-    vhost</em>. The connection vhost is constant over all requests
-    in a particular TCP/IP session -- that is, over all requests in
-    a KeepAlive/persistent session.</p>
-
-    <p>For each request made on the connection the following
-    sequence of events further determines the actual vhost that
-    will be used to serve the request.</p>
-
-    <p><code>check_fulluri</code>: If the requestURI is an
-    absoluteURI, that is it includes <code>http://hostname/</code>,
-    then an attempt is made to determine if the hostname's address
-    (and optional port) match that of the connection vhost. If it
-    does then the hostname portion of the URI is saved as the
-    <em>request_hostname</em>. If it does not match, then the URI
-    remains untouched. <strong>Note</strong>: to achieve this
-    address comparison, the hostname supplied goes through a DNS
-    lookup unless it matches the <code>ServerName</code> or the
-    local IP address of the client's socket.</p>
-
-    <p><code>parse_uri</code>: If the URI begins with a protocol
-    (<em>i.e.</em>, <code>http:</code>, <code>ftp:</code>) then the
-    request is considered a proxy request. Note that even though we
-    may have stripped an <code>http://hostname/</code> in the
-    previous step, this could still be a proxy request.</p>
-
-    <p><code>read_request</code>: If the request does not have a
-    hostname from the earlier step, then any <code>Host:</code>
-    header sent by the client is used as the request hostname.</p>
-
-    <p><code>check_hostalias</code>: If the request now has a
-    hostname, then an attempt is made to match for this hostname.
-    The first step of this match is to compare any port, if one was
-    given in the request, against the <code>Port</code> field of
-    the connection vhost. If there's a mismatch then the vhost used
-    for the request is the connection vhost. (This is a bug, see
-    observations.)</p>
-
-    <p>If the port matches, then httpd scans the list of vhosts
-    starting with the next server <strong>after</strong> the
-    connection vhost. This scan does not stop if there are any
-    matches, it goes through all possible vhosts, and in the end
-    uses the last match it found. The comparisons performed are as
-    follows:</p>
-
-    <ul>
-      <li>Compare the request hostname:port with the vhost
-      <code>ServerName</code> and <code>Port</code>.</li>
-
-      <li>Compare the request hostname against any and all
-      addresses given in the <code>VirtualHost</code> directive for
-      this vhost.</li>
-
-      <li>Compare the request hostname against the
-      <code>ServerAlias</code> given for the vhost.</li>
-    </ul>
-
-    <p><code>check_serverpath</code>: If the request has no
-    hostname (back up a few paragraphs) then a scan similar to the
-    one in <code>check_hostalias</code> is performed to match any
-    <code>ServerPath</code> directives given in the vhosts. Note
-    that the <strong>last match</strong> is used regardless (again
-    consider the ordering of the virtual hosts).</p>
-
-    <h3>Observations</h3>
-
-    <ul>
-      <li>It is difficult to define an IP-based vhost for the
-      machine's "main IP address". You essentially have to create a
-      bogus <code>ServerName</code> for the main_server that does
-      not match the machine's IPs.</li>
-
-      <li>
-        During the scans in both <code>check_hostalias</code> and
-        <code>check_serverpath</code> no check is made that the
-        vhost being scanned is actually a name-based vhost. This
-        means, for example, that it's possible to match an IP-based
-        vhost through another address. But because the scan starts
-        in the vhost list at the first vhost that matched the local
-        IP address of the connection, not all IP-based vhosts can
-        be matched. 
-
-        <p>Consider the config file above with three vhosts A, B,
-        C. Suppose that B is a named-based vhost, and A and C are
-        IP-based vhosts. If a request comes in on B or C's address
-        containing a header "<samp>Host: A</samp>" then it will be
-        served from A's config. If a request comes in on A's
-        address then it will always be served from A's config
-        regardless of any Host: header.</p>
-      </li>
-
-      <li>
-        Unless you have a <samp>_default_</samp> vhost, it doesn't
-        matter if you mix name-based vhosts in amongst IP-based
-        vhosts. During the <code>find_virtual_server</code> phase
-        above no named-based vhost will be matched, so the
-        main_server will remain the connection vhost. Then scans
-        will cover all vhosts in the vhost list. 
-
-        <p>If you do have a <samp>_default_</samp> vhost, then you
-        cannot place named-based vhosts after it in the config.
-        This is because on any connection to the main server IPs
-        the connection vhost will always be the
-        <samp>_default_</samp> vhost since none of the name-based
-        are considered during <code>find_virtual_server</code>.</p>
-      </li>
-
-      <li>You should never specify DNS names in
-      <code>VirtualHost</code> directives because it will force
-      your server to rely on DNS to boot. Furthermore it poses a
-      security threat if you do not control the DNS for all the
-      domains listed. <a href="dns-caveats.html">There's more
-      information available on this and the next two
-      topics</a>.</li>
-
-      <li><code>ServerName</code> should always be set for each
-      vhost. Otherwise A DNS lookup is required for each
-      vhost.</li>
-
-      <li>A DNS lookup is always required for the main_server's
-      <code>ServerName</code> (or to generate that if it isn't
-      specified in the config).</li>
-
-      <li>If a <code>ServerPath</code> directive exists which is a
-      prefix of another <code>ServerPath</code> directive that
-      appears later in the configuration file, then the former will
-      always be matched and the latter will never be matched. (That
-      is assuming that no Host header was available to disambiguate
-      the two.)</li>
-
-      <li>If a vhost that would otherwise be a name-vhost includes
-      a <code>Port</code> statement that doesn't match the
-      main_server <code>Port</code> then it will be considered an
-      IP-based vhost. Then <code>find_virtual_server</code> will
-      match it (because the ports associated with each address in
-      the address set default to the port of the main_server) as
-      the connection vhost. Then <code>check_hostalias</code> will
-      refuse to check any other name-based vhost because of the
-      port mismatch. The result is that the vhost will steal all
-      hits going to the main_server address.</li>
-
-      <li>If two IP-based vhosts have an address in common, the
-      vhost appearing later in the file is always matched. Such a
-      thing might happen inadvertently. If the config has
-      name-based vhosts and for some reason the main_server
-      <code>ServerName</code> resolves to the wrong address then
-      all the name-based vhosts will be parsed as ip-based vhosts.
-      Then the last of them will steal all the hits.</li>
-
-      <li>The last name-based vhost in the config is always matched
-      for any hit which doesn't match one of the other name-based
-      vhosts.</li>
-    </ul>
-
-    <h3><a id="whatworks" name="whatworks">What Works</a></h3>
-
-    <p>In addition to the tips on the <a
-    href="../dns-caveats.html#tips">DNS Issues</a> page, here are some
-    further tips:</p>
-
-    <ul>
-      <li>Place all main_server definitions before any VirtualHost
-      definitions. (This is to aid the readability of the
-      configuration -- the post-config merging process makes it
-      non-obvious that definitions mixed in around virtualhosts
-      might affect all virtualhosts.)</li>
-
-      <li>Arrange your VirtualHosts such that all name-based
-      virtual hosts come first, followed by IP-based virtual hosts,
-      followed by any <samp>_default_</samp> virtual host</li>
-
-      <li>Avoid <code>ServerPaths</code> which are prefixes of
-      other <code>ServerPaths</code>. If you cannot avoid this then
-      you have to ensure that the longer (more specific) prefix
-      vhost appears earlier in the configuration file than the
-      shorter (less specific) prefix (<em>i.e.</em>, "ServerPath
-      /abc" should appear after "ServerPath /abcdef").</li>
-
-      <li>Do not use <em>port-based</em> vhosts in the same server
-      as name-based vhosts. A loose definition for port-based is a
-      vhost which is determined by the port on the server
-      (<em>i.e.</em>, one server with ports 8000, 8080, and 80 -
-      all of which have different configurations).</li>
-    </ul>
-        <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html b/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html
deleted file mode 100644
index 13fd6140acb..00000000000
--- a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html
+++ /dev/null
@@ -1,253 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Server Virtual Host Support</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-        <div align="CENTER">
-      <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
-
-      <h3>Apache HTTP Server Version 1.3</h3>
-    </div>
-
-
-    <h1 align="CENTER">Virtual Host Support</h1>
-    <strong>See Also:</strong> <a href="host.html">Non-IP based
-    virtual hosts</a> 
-
-    <h2>What are virtual hosts?</h2>
-    This is the ability of a single machine to be a web server for
-    multiple domains. For example, an Internet service provider
-    might have a machine called <code>www.serve.com</code> which
-    provides Web space for several organizations including, say,
-    <em>smallco</em> and <em>baygroup</em>. Ordinarily, these
-    groups would be given parts of the Web tree on www.serve.com.
-    So smallco's home page would have the URL 
-
-    <blockquote>
-      http://www.serve.com/smallco/
-    </blockquote>
-    and baygroup's home page would have the URL 
-
-    <blockquote>
-      http://www.serve.com/baygroup/
-    </blockquote>
-
-    <p>For esthetic reasons, however, both organizations would
-    rather their home pages appeared under their own names rather
-    than that of the service provider's; but they do not want to
-    set up their own Internet links and servers.</p>
-
-    <p>Virtual hosts are the solution to this problem. smallco and
-    baygroup would have their own Internet name registrations,
-    <code>www.smallco.com</code> and <code>www.baygroup.org</code>
-    respectively. These hostnames would both correspond to the
-    service provider's machine (www.serve.com). Thus smallco's home
-    page would now have the URL</p>
-
-    <blockquote>
-      http://www.smallco.com/
-    </blockquote>
-    and baygroup's home page would have the URL 
-
-    <blockquote>
-      http://www.baygroup.org/
-    </blockquote>
-
-    <h2>System requirements</h2>
-    Due to limitations in the HTTP/1.0 protocol, the web server
-    <strong>must have a different IP address for each virtual
-    host</strong>. This can be achieved by the machine having
-    several physical network connections, or by use of
-    virtual interface on some operating systems. 
-
-    <h2>How to set up Apache</h2>
-    There are two ways of configuring apache to support multiple
-    hosts. Either by running a separate httpd daemon for each
-    hostname, or by running a single daemon which supports all the
-    virtual hosts. 
-
-    <p>Use multiple daemons when:</p>
-
-    <ul>
-      <li>The different virtual hosts need very different httpd
-      configurations, such as different values for: <a
-      href="../mod/core.html#servertype">ServerType</a>, <a
-      href="../mod/core.html#user">User</a>, <a
-      href="../mod/core.html#group">Group</a>, <a
-      href="../mod/mod_mime.html#typesconfig">TypesConfig</a> or <a
-      href="../mod/core.html#serverroot">ServerRoot</a>.</li>
-
-      <li>The machine does not process a very high request
-      rate.</li>
-    </ul>
-    Use a single daemon when: 
-
-    <ul>
-      <li>Sharing of the httpd configuration between virtual hosts
-      is acceptable.</li>
-
-      <li>The machine services a large number of requests, and so
-      the performance loss in running separate daemons may be
-      significant.</li>
-    </ul>
-
-    <h2>Setting up multiple daemons</h2>
-    Create a separate httpd installation for each virtual host. For
-    each installation, use the <a
-    href="../mod/core.html#bindaddress">BindAddress</a> directive
-    in the configuration file to select which IP address (or
-    virtual host) that daemon services. <em>E.g.</em>, 
-
-    <blockquote>
-      <code>BindAddress www.smallco.com</code>
-    </blockquote>
-    This hostname can also be given as an IP address. 
-
-    <h2>Setting up a single daemon</h2>
-    For this case, a single httpd will service requests for all the
-    virtual hosts. The <a
-    href="../mod/core.html#virtualhost">VirtualHost</a> directive
-    in the configuration file is used to set the values of <a
-    href="../mod/core.html#serveradmin">ServerAdmin</a>, <a
-    href="../mod/core.html#servername">ServerName</a>, <a
-    href="../mod/core.html#documentroot">DocumentRoot</a>, <a
-    href="../mod/core.html#errorlog">ErrorLog</a> and <a
-    href="../mod/mod_log_config.html#transferlog">TransferLog</a>
-    configuration directives to different values for each virtual
-    host. <em>E.g.</em>, 
-
-    <blockquote>
-      <code>&lt;VirtualHost www.smallco.com&gt;<br />
-       ServerAdmin webmaster@mail.smallco.com<br />
-       DocumentRoot /groups/smallco/www<br />
-       ServerName www.smallco.com<br />
-       ErrorLog /groups/smallco/logs/error_log<br />
-       TransferLog /groups/smallco/logs/access_log<br />
-       &lt;/VirtualHost&gt;<br />
-      <br />
-       &lt;VirtualHost www.baygroup.org&gt;<br />
-       ServerAdmin webmaster@mail.baygroup.org<br />
-       DocumentRoot /groups/baygroup/www<br />
-       ServerName www.baygroup.org<br />
-       ErrorLog /groups/baygroup/logs/error_log<br />
-       TransferLog /groups/baygroup/logs/access_log<br />
-       &lt;/VirtualHost&gt;<br />
-      </code>
-    </blockquote>
-    This VirtualHost hostnames can also be given as IP addresses. 
-
-    <p>Almost <strong>ANY</strong> configuration directive can be
-    put in the VirtualHost directive, with the exception of <a
-    href="../mod/core.html#servertype">ServerType</a>, <a
-    href="../mod/core.html#user">User</a>, <a
-    href="../mod/core.html#group">Group</a>, <a
-    href="../mod/core.html#startservers">StartServers</a>, <a
-    href="../mod/core.html#maxspareservers">MaxSpareServers</a>, <a
-    href="../mod/core.html#minspareservers">MinSpareServers</a>, <a
-    href="../mod/core.html#maxrequestsperchild">MaxRequestsPerChild</a>,
-    <a href="../mod/core.html#maxfooperchild">MaxCPUPerChild</a>,
-    <a href="../mod/core.html#maxfooperchild">MaxDATAPerChild</a>,
-    <a href="../mod/core.html#maxfooperchild">MaxNOFILEPerChild</a>,
-    <a href="../mod/core.html#maxfooperchild">MaxRSSPerChild</a>,
-    <a href="../mod/core.html#maxfooperchild">MaxSTACKPerChild</a>,
-    <a href="../mod/core.html#bindaddress">BindAddress</a>, <a
-    href="../mod/core.html#pidfile">PidFile</a>, <a
-    href="../mod/mod_mime.html#typesconfig">TypesConfig</a>, and <a
-    href="../mod/core.html#serverroot">ServerRoot</a>.</p>
-
-    <p><em>SECURITY:</em> When specifying where to write log files,
-    be aware of some security risks which are present if anyone
-    other than the user that starts Apache has write access to the
-    directory where they are written. See the <a
-    href="../misc/security_tips.html">security tips</a> document
-    for details.</p>
-
-    <h2>File Handle/Resource Limits:</h2>
-    When using a large number of Virtual Hosts, Apache may run out
-    of available file descriptors if each Virtual Host specifies
-    different log files. The total number of file descriptors used
-    by Apache is one for each distinct error log file, one for
-    every other log file directive, plus 10-20 for internal use.
-    Unix operating systems limit the number of file descriptors
-    that may be used by a process; the limit is typically 64, and
-    may usually be increased up to a large hard-limit. 
-
-    <p>Although Apache attempts to increase the limit as required,
-    this may not work if:</p>
-
-    <ol>
-      <li>Your system does not provide the setrlimit() system
-      call.</li>
-
-      <li>The setrlimit(RLIMIT_NOFILE) call does not function on
-      your system (such as Solaris 2.3)</li>
-
-      <li>The number of file descriptors required exceeds the hard
-      limit.</li>
-
-      <li>Your system imposes other limits on file descriptors,
-      such as a limit on stdio streams only using file descriptors
-      below 256. (Solaris 2)</li>
-    </ol>
-    In the event of problems you can: 
-
-    <ul>
-      <li>Reduce the number of log files; don't specify log files
-      in the VirtualHost sections, but only log to the main log
-      files.</li>
-
-      <li>
-        If you system falls into 1 or 2 (above), then increase the
-        file descriptor limit before starting Apache, using a
-        script like 
-
-        <blockquote>
-          <code>#!/bin/sh<br />
-           ulimit -S -n 100<br />
-           exec httpd</code>
-        </blockquote>
-      </li>
-    </ul>
-    The have been reports that Apache may start running out of
-    resources allocated for the root process. This will exhibit
-    itself as errors in the error log like "unable to fork". There
-    are two ways you can bump this up: 
-
-    <ol>
-      <li>Have a <code>csh</code> script wrapper around httpd which
-      sets the "rlimit" to some large number, like 512.</li>
-
-      <li>
-        Edit http_main.c to add calls to setrlimit() from main(),
-        along the lines of 
-<pre>
-        struct rlimit rlp;
-
-        rlp.rlim_cur = rlp.rlim_max = 512;
-        if (setrlimit(RLIMIT_NPROC, &amp;rlp)) {
-            fprintf(stderr, "setrlimit(RLIMIT_NPROC) failed.\n");
-            exit(1);
-        }
-</pre>
-        (thanks to "Aaron Gifford &lt;agifford@InfoWest.COM&gt;"
-        for the patch)
-      </li>
-    </ol>
-    The latter will probably manifest itself in a later version of
-    Apache.     <hr />
-
-    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
-    <a href="./"><img src="../images/index.gif" alt="Index" /></a>
-    <a href="../"><img src="../images/home.gif" alt="Home" /></a>
-
-  </body>
-</html>
-
diff --git a/usr.sbin/httpd/htdocs/mod_ssl_sb.gif b/usr.sbin/httpd/htdocs/mod_ssl_sb.gif
deleted file mode 100644
index aecd3c119c6..00000000000
--- a/usr.sbin/httpd/htdocs/mod_ssl_sb.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/openbsd_pb.gif b/usr.sbin/httpd/htdocs/openbsd_pb.gif
deleted file mode 100644
index 8dcdd3ca3db..00000000000
--- a/usr.sbin/httpd/htdocs/openbsd_pb.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/openbsdpower.gif b/usr.sbin/httpd/htdocs/openbsdpower.gif
deleted file mode 100644
index 9875138a68b..00000000000
--- a/usr.sbin/httpd/htdocs/openbsdpower.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/openssl_ics.gif b/usr.sbin/httpd/htdocs/openssl_ics.gif
deleted file mode 100644
index 3d3c90c9f84..00000000000
--- a/usr.sbin/httpd/htdocs/openssl_ics.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/htdocs/smalltitle.gif b/usr.sbin/httpd/htdocs/smalltitle.gif
deleted file mode 100644
index 9c7bbfc18f6..00000000000
--- a/usr.sbin/httpd/htdocs/smalltitle.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/httpd.8 b/usr.sbin/httpd/httpd.8
deleted file mode 100644
index 95f54454660..00000000000
--- a/usr.sbin/httpd/httpd.8
+++ /dev/null
@@ -1,306 +0,0 @@
-.\"	$OpenBSD: httpd.8,v 1.34 2010/05/18 15:09:34 sobrado Exp $
-.\" Copyright (c) 1995-1997 David Robinson. All rights reserved.
-.\" Copyright (c) 1997-1999 The Apache Group. All rights reserved.
-.\" Copyright (c) 1998-1999 Bob Beck. All rights reserved.
-.\" Copyright (c) 2002-2003 Henning Brauer. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the Apache Group
-.\"    for use in the Apache HTTP server project (http://www.apache.org/)."
-.\"
-.\" 4. The names "Apache Server" and "Apache Group" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission.
-.\"
-.\" 5. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the Apache Group
-.\"    for use in the Apache HTTP server project (http://www.apache.org/)."
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Group and was originally based
-.\" on public domain software written at the National Center for
-.\" Supercomputing Applications, University of Illinois, Urbana-Champaign.
-.\" For more information on the Apache Group and the Apache HTTP server
-.\" project, please see <http://www.apache.org/>.
-.Dd $Mdocdate: May 18 2010 $
-.Dt HTTPD 8
-.Os
-.Sh NAME
-.Nm httpd
-.Nd Apache HyperText Transfer Protocol server
-.Sh SYNOPSIS
-.Nm httpd
-.Bk -words
-.Op Fl 46FhLlSTtUuVvX
-.Op Fl C Ar directive
-.Op Fl c Ar directive
-.Op Fl D Ar parameter
-.Op Fl d Ar serverroot
-.Op Fl f Ar config
-.Op Fl R Ar libexecdir
-.Ek
-.Sh DESCRIPTION
-.Nm
-is the Apache HyperText Transfer Protocol (HTTP) server program.
-It is designed to be run as a stand-alone daemon process.
-When used like this it will create a pool of child processes to
-handle requests.
-To stop it, send a
-.Dv TERM
-signal to the initial (parent) process.
-The PID of this process is written to a file as given in the
-configuration file.
-Normally this service can be enabled for startup on
-.Ox
-by editing
-.Pa /etc/rc.conf.local .
-.Pp
-Alternatively,
-.Nm
-may be invoked by the Internet daemon
-.Xr inetd 8
-each
-time a connection to the HTTP service is made.
-.Pp
-.Nm
-can be made to support HTTPS transactions
-if RSA certificates are generated
-and the utility is started with the
-.Va -DSSL
-flag.
-See
-.Xr ssl 8
-for further information.
-.Pp
-By default,
-.Nm
-will
-.Xr chroot 2
-to the
-.Dq ServerRoot
-path,
-serving documents from the
-.Dq DocumentRoot
-path.
-As a result of the default secure behaviour,
-.Nm
-cannot access any objects outside
-.Dq ServerRoot
-\- this security measure is taken in case
-.Nm
-is compromised.
-This is not without drawbacks, though:
-.Pp
-CGI programs may fail due to the limited environment available inside
-this chroot space.
-.Dq UserDir ,
-of course, cannot access files outside the directory space.
-Other modules will also have issues.
-.Dq DocumentRoot
-directories or any other files needed must be inside
-.Dq ServerRoot .
-For this to work,
-pathnames inside the configuration file do not need adjustment relative to
-.Dq ServerRoot .
-For this option to remain secure, it is important that no files or directories
-writable by user
-.Ar www
-or group
-.Ar www
-are created inside the
-.Dq ServerRoot .
-.Pp
-The
-.Fl u
-option
-(see below)
-can be specified to disable
-.Xr chroot 2
-functionality.
-.Pp
-This manual page only lists the command line arguments.
-For details of the directives necessary to configure
-.Nm ,
-see the Apache manual in
-.Pa /usr/share/doc/html/httpd/ .
-Paths in this manual page reflect those
-compiled into
-.Nm
-by default with
-.Ox .
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 4
-Assume IPv4 addresses on ambiguous directives (default).
-Along with
-.Fl 6
-and
-.Fl U ,
-this can be used to remove ambiguities in cases such as "BindAddress *".
-.It Fl 6
-Assume IPv6 addresses on ambiguous directives.
-.It Fl C Ar directive
-Process the configuration
-.Ar directive
-before reading config files.
-.It Fl c Ar directive
-Process the configuration
-.Ar directive
-after reading config files.
-.It Fl D Ar parameter
-Sets a configuration
-.Ar parameter
-which can be used with
-<IfDefine>...</IfDefine> sections in the configuration files
-to conditionally skip or process commands.
-.It Fl d Ar serverroot
-Set the initial value for the
-.Dq ServerRoot
-directive to
-.Ar serverroot .
-This can be overridden by the
-.Dq ServerRoot
-command in the configuration file.
-The default is
-.Pa /var/www .
-.It Fl F
-Run the main process in foreground.
-For process supervisors.
-.It Fl f Ar config
-Execute the commands in the file
-.Ar config
-on startup.
-If
-.Ar config
-does not begin with a /, then it is taken to be a path relative to
-the ServerRoot.
-The default is
-.Pa conf/httpd.conf .
-.It Fl h
-Output a short summary of available command line options.
-.It Fl L
-Output a list of directives together with expected arguments and
-places where the directive is valid.
-.It Fl l
-Output a list of modules compiled into the server.
-.It Fl R Ar libexecdir
-This option is only available if
-.Nm
-was built with the
-.Dv SHARED_CORE
-rule enabled which forces the
-.Nm
-core code to be placed into a dynamic shared object (DSO) file.
-This file is searched in a hardcoded path under ServerRoot per default.
-Use this option to override.
-.It Fl S
-Show the settings as parsed from the config file (currently only shows the
-virtualhost settings).
-.It Fl T
-Run syntax tests for configuration files only, without DocumentRoot checks.
-The program immediately exits after this syntax parsing with either a return
-code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error).
-.It Fl t
-Run syntax tests for configuration files only, including DocumentRoot checks.
-The program immediately exits after this syntax parsing with either a return
-code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error).
-.It Fl U
-Do not assume a specific address family for ambiguous specifications.
-.It Fl u
-By default
-.Nm
-will
-.Xr chroot 2
-to the
-.Dq ServerRoot
-path.
-The
-.Fl u
-option disables this behaviour, and returns
-.Nm
-to the expanded "unsecure" behaviour.
-.It Fl V
-Print the version and build parameters of
-.Nm httpd ,
-and then exit.
-.It Fl v
-Print the version of
-.Nm httpd ,
-and then exit.
-.It Fl X
-Run in single-process mode, for internal debugging purposes only; the daemon
-does not detach from the terminal or fork any children.
-Do NOT use this mode to provide ordinary web service.
-.El
-.Pp
-The documents served by
-.Nm
-should not be owned by the user which
-.Nm
-is running as (usually user
-.Ar www
-and group
-.Ar www ) .
-They must, however, be readable by this user.
-.Sh FILES
-.Bl -tag -width /etc/passwd -compact
-.It Pa /var/www/cgi-bin/
-.It Pa /var/www/conf/httpd.conf
-.It Pa /var/www/conf/magic
-.It Pa /var/www/conf/mime.types
-.It Pa /var/www/icons/
-.It Pa /var/www/logs/access_log
-.It Pa /var/www/logs/error_log
-.It Pa /var/www/logs/etag-state
-.It Pa /var/www/logs/httpd.pid
-.It Pa /var/www/logs/ssl_engine_log
-.It Pa /var/www/logs/ssl_request_log
-.It Pa /var/www/logs/ssl_scache.db
-.It Pa /var/www/users/
-.It Pa /etc/rc.conf.local
-.El
-.Sh SEE ALSO
-.Xr dbmmanage 1 ,
-.Xr htdigest 1 ,
-.Xr htpasswd 1 ,
-.Xr chroot 2 ,
-.Xr apachectl 8 ,
-.Xr apxs 8 ,
-.Xr inetd 8 ,
-.Xr logresolve 8 ,
-.Xr rc.conf.local 8 ,
-.Xr rotatelogs 8 ,
-.Xr ssl 8 ,
-.Xr suexec 8
-.Pp
-The Apache manual:
-.Pa /usr/share/doc/html/httpd/ .
diff --git a/usr.sbin/httpd/icons/README b/usr.sbin/httpd/icons/README
deleted file mode 100644
index 74b2970b9e8..00000000000
--- a/usr.sbin/httpd/icons/README
+++ /dev/null
@@ -1,158 +0,0 @@
-Public Domain Icons
-
-     These icons were originally made for Mosaic for X and have been
-     included in the NCSA httpd and Apache server distributions in the
-     past. They are in the public domain and may be freely included in any
-     application. The originals were done by Kevin Hughes 
-     (kevinh@kevcom.com).
-
-     Many thanks to Andy Polyakov for tuning the icon colors and adding a
-     few new images. If you'd like to contribute additions or ideas to
-     this set, please let me know.
-
-     Almost all of these icons are 20x22 pixels in size.  There are
-     alternative icons in the "small" directory that are 16x16 in size,
-     provided by Mike Brown (mike@hyperreal.org).
-
-Suggested Uses
-
-The following are a few suggestions, to serve as a starting point for ideas.
-Please feel free to tweak and rename the icons as you like.
-
-     a.gif
-          This might be used to represent PostScript or text layout
-          languages.
-
-     alert.black.gif, alert.red.gif
-          These can be used to highlight any important items, such as a
-          README file in a directory.
-
-     back.gif, forward.gif
-          These can be used as links to go to previous and next areas.
-
-     ball.gray.gif, ball.red.gif
-          These might be used as bullets.
-
-     binary.gif
-          This can be used to represent binary files.
-
-     binhex.gif
-          This can represent BinHex-encoded data.
-
-     blank.gif
-          This can be used as a placeholder or a spacing element.
-
-     bomb.gif
-          This can be used to repreesnt core files.
-
-     box1.gif, box2.gif
-          These icons can be used to represent generic 3D applications and
-          related files.
-
-     broken.gif
-          This can represent corrupted data.
-
-     burst.gif
-          This can call attention to new and important items.
-
-     c.gif
-          This might represent C source code.
-
-     comp.blue.gif, comp.red.gif
-          These little computer icons can stand for telnet or FTP
-          sessions.
-
-     compressed.gif
-          This may represent compressed data.
-
-     continued.gif
-          This can be a link to a continued listing of a directory.
-
-     down.gif, up.gif, left.gif, right.gif
-          These can be used to scroll up, down, left and right in a
-          listing or may be used to denote items in an outline.
-
-     dvi.gif
-          This can represent DVI files.
-
-     f.gif
-          This might represent FORTRAN or Forth source code.
-
-     folder.gif, folder.open.gif, folder.sec.gif
-          The folder can represent directories. There is also a version
-          that can represent secure directories or directories that cannot
-          be viewed.
-
-     generic.gif, generic.sec.gif, generic.red.gif
-          These can represent generic files, secure files, and important
-          files, respectively.
-
-     hand.right.gif, hand.up.gif
-          These can point out important items (pun intended).
-
-     image1.gif, image2.gif, image3.gif
-          These can represent image formats of various types.
-
-     index.gif
-          This might represent a WAIS index or search facility.
-
-     layout.gif
-          This might represent files and formats that contain graphics as
-          well as text layout, such as HTML and PDF files.
-
-     link.gif
-          This might represent files that are symbolic links.
-
-     movie.gif
-          This can represent various movie formats.
-
-     p.gif
-          This may stand for Perl or Python source code.
-
-     pie0.gif ... pie8.gif
-          These icons can be used in applications where a list of
-          documents is returned from a search. The little pie chart images
-          can denote how relevant the documents may be to your search
-          query.
-
-     patch.gif
-          This may stand for patches and diff files.
-
-     portal.gif
-          This might be a link to an online service or a 3D world.
-
-     ps.gif, quill.gif
-          These may represent PostScript files.
-
-     screw1.gif, screw2.gif
-          These may represent CAD or engineering data and formats.
-
-     script.gif
-          This can represent any of various interpreted languages, such as
-          Perl, python, TCL, and shell scripts, as well as server
-          configuration files.
-
-     sound1.gif, sound2.gif
-          These can represent sound files.
-
-     sphere1.gif, sphere2.gif
-          These can represent 3D worlds or rendering applications and
-          formats.
-
-     tex.gif
-          This can represent TeX files.
-
-     text.gif
-          This can represent generic (plain) text files.
-
-     transfer.gif
-          This can represent FTP transfers or uploads/downloads.
-
-     unknown.gif
-          This may represent a file of an unknown type.
-
-     uuencoded.gif
-          This can stand for uuencoded data.
-
-     world1.gif, world2.gif
-          These can represent 3D worlds or other 3D formats.
diff --git a/usr.sbin/httpd/icons/a.gif b/usr.sbin/httpd/icons/a.gif
deleted file mode 100644
index bb23d971f4c..00000000000
--- a/usr.sbin/httpd/icons/a.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/a.png b/usr.sbin/httpd/icons/a.png
deleted file mode 100644
index c1840256dcf..00000000000
--- a/usr.sbin/httpd/icons/a.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/alert.black.gif b/usr.sbin/httpd/icons/alert.black.gif
deleted file mode 100644
index eaecd2172a0..00000000000
--- a/usr.sbin/httpd/icons/alert.black.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/alert.black.png b/usr.sbin/httpd/icons/alert.black.png
deleted file mode 100644
index af6b1246ad7..00000000000
--- a/usr.sbin/httpd/icons/alert.black.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/alert.red.gif b/usr.sbin/httpd/icons/alert.red.gif
deleted file mode 100644
index a4238940433..00000000000
--- a/usr.sbin/httpd/icons/alert.red.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/alert.red.png b/usr.sbin/httpd/icons/alert.red.png
deleted file mode 100644
index b9222fd5246..00000000000
--- a/usr.sbin/httpd/icons/alert.red.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/apache_pb.gif b/usr.sbin/httpd/icons/apache_pb.gif
deleted file mode 100644
index 3a1c139fc42..00000000000
--- a/usr.sbin/httpd/icons/apache_pb.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/apache_pb.png b/usr.sbin/httpd/icons/apache_pb.png
deleted file mode 100644
index eb99a8cd393..00000000000
--- a/usr.sbin/httpd/icons/apache_pb.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/back.gif b/usr.sbin/httpd/icons/back.gif
deleted file mode 100644
index a694ae1ec3f..00000000000
--- a/usr.sbin/httpd/icons/back.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/back.png b/usr.sbin/httpd/icons/back.png
deleted file mode 100644
index 2d8d353bbc7..00000000000
--- a/usr.sbin/httpd/icons/back.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/ball.gray.gif b/usr.sbin/httpd/icons/ball.gray.gif
deleted file mode 100644
index eb84268c4cc..00000000000
--- a/usr.sbin/httpd/icons/ball.gray.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/ball.gray.png b/usr.sbin/httpd/icons/ball.gray.png
deleted file mode 100644
index 7b756f2d82d..00000000000
--- a/usr.sbin/httpd/icons/ball.gray.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/ball.red.gif b/usr.sbin/httpd/icons/ball.red.gif
deleted file mode 100644
index a8425cb574b..00000000000
--- a/usr.sbin/httpd/icons/ball.red.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/ball.red.png b/usr.sbin/httpd/icons/ball.red.png
deleted file mode 100644
index 05f3e50629c..00000000000
--- a/usr.sbin/httpd/icons/ball.red.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/binary.gif b/usr.sbin/httpd/icons/binary.gif
deleted file mode 100644
index 9a15cbae04c..00000000000
--- a/usr.sbin/httpd/icons/binary.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/binary.png b/usr.sbin/httpd/icons/binary.png
deleted file mode 100644
index c5119d1e1ea..00000000000
--- a/usr.sbin/httpd/icons/binary.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/binhex.gif b/usr.sbin/httpd/icons/binhex.gif
deleted file mode 100644
index 62d0363108d..00000000000
--- a/usr.sbin/httpd/icons/binhex.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/binhex.png b/usr.sbin/httpd/icons/binhex.png
deleted file mode 100644
index eff532202d3..00000000000
--- a/usr.sbin/httpd/icons/binhex.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/blank.gif b/usr.sbin/httpd/icons/blank.gif
deleted file mode 100644
index 0ccf01e1983..00000000000
--- a/usr.sbin/httpd/icons/blank.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/blank.png b/usr.sbin/httpd/icons/blank.png
deleted file mode 100644
index 3802c03c9c8..00000000000
--- a/usr.sbin/httpd/icons/blank.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/bomb.gif b/usr.sbin/httpd/icons/bomb.gif
deleted file mode 100644
index 270fdb1c064..00000000000
--- a/usr.sbin/httpd/icons/bomb.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/bomb.png b/usr.sbin/httpd/icons/bomb.png
deleted file mode 100644
index 5261a0575e3..00000000000
--- a/usr.sbin/httpd/icons/bomb.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/box1.gif b/usr.sbin/httpd/icons/box1.gif
deleted file mode 100644
index 65dcd002eaf..00000000000
--- a/usr.sbin/httpd/icons/box1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/box1.png b/usr.sbin/httpd/icons/box1.png
deleted file mode 100644
index c55fccf8dc8..00000000000
--- a/usr.sbin/httpd/icons/box1.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/box2.gif b/usr.sbin/httpd/icons/box2.gif
deleted file mode 100644
index c43bc4faecf..00000000000
--- a/usr.sbin/httpd/icons/box2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/box2.png b/usr.sbin/httpd/icons/box2.png
deleted file mode 100644
index 26d14325d97..00000000000
--- a/usr.sbin/httpd/icons/box2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/broken.gif b/usr.sbin/httpd/icons/broken.gif
deleted file mode 100644
index 9f8cbe9f760..00000000000
--- a/usr.sbin/httpd/icons/broken.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/broken.png b/usr.sbin/httpd/icons/broken.png
deleted file mode 100644
index e8fd150a339..00000000000
--- a/usr.sbin/httpd/icons/broken.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/burst.gif b/usr.sbin/httpd/icons/burst.gif
deleted file mode 100644
index fbdcf575f78..00000000000
--- a/usr.sbin/httpd/icons/burst.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/burst.png b/usr.sbin/httpd/icons/burst.png
deleted file mode 100644
index 2329898f2a4..00000000000
--- a/usr.sbin/httpd/icons/burst.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/c.gif b/usr.sbin/httpd/icons/c.gif
deleted file mode 100644
index 7555b6c164f..00000000000
--- a/usr.sbin/httpd/icons/c.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/c.png b/usr.sbin/httpd/icons/c.png
deleted file mode 100644
index 41593b36b36..00000000000
--- a/usr.sbin/httpd/icons/c.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/comp.blue.gif b/usr.sbin/httpd/icons/comp.blue.gif
deleted file mode 100644
index f8d76a8c23f..00000000000
--- a/usr.sbin/httpd/icons/comp.blue.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/comp.blue.png b/usr.sbin/httpd/icons/comp.blue.png
deleted file mode 100644
index 60ff156deb9..00000000000
--- a/usr.sbin/httpd/icons/comp.blue.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/comp.gray.gif b/usr.sbin/httpd/icons/comp.gray.gif
deleted file mode 100644
index 7664cd03649..00000000000
--- a/usr.sbin/httpd/icons/comp.gray.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/comp.gray.png b/usr.sbin/httpd/icons/comp.gray.png
deleted file mode 100644
index 01538f8f316..00000000000
--- a/usr.sbin/httpd/icons/comp.gray.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/compressed.gif b/usr.sbin/httpd/icons/compressed.gif
deleted file mode 100644
index 39e732739f5..00000000000
--- a/usr.sbin/httpd/icons/compressed.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/compressed.png b/usr.sbin/httpd/icons/compressed.png
deleted file mode 100644
index de7276dbc08..00000000000
--- a/usr.sbin/httpd/icons/compressed.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/continued.gif b/usr.sbin/httpd/icons/continued.gif
deleted file mode 100644
index b0ffb7e0cc0..00000000000
--- a/usr.sbin/httpd/icons/continued.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/continued.png b/usr.sbin/httpd/icons/continued.png
deleted file mode 100644
index 8f656e27f24..00000000000
--- a/usr.sbin/httpd/icons/continued.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/dir.gif b/usr.sbin/httpd/icons/dir.gif
deleted file mode 100644
index 48264601ae0..00000000000
--- a/usr.sbin/httpd/icons/dir.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/dir.png b/usr.sbin/httpd/icons/dir.png
deleted file mode 100644
index 6b97905067e..00000000000
--- a/usr.sbin/httpd/icons/dir.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/diskimg.gif b/usr.sbin/httpd/icons/diskimg.gif
deleted file mode 100644
index 49b12a8d1ae..00000000000
--- a/usr.sbin/httpd/icons/diskimg.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/diskimg.png b/usr.sbin/httpd/icons/diskimg.png
deleted file mode 100644
index 11f34e681bd..00000000000
--- a/usr.sbin/httpd/icons/diskimg.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/down.gif b/usr.sbin/httpd/icons/down.gif
deleted file mode 100644
index a354c871cd0..00000000000
--- a/usr.sbin/httpd/icons/down.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/down.png b/usr.sbin/httpd/icons/down.png
deleted file mode 100644
index be3904b0451..00000000000
--- a/usr.sbin/httpd/icons/down.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/dvi.gif b/usr.sbin/httpd/icons/dvi.gif
deleted file mode 100644
index 791be33105d..00000000000
--- a/usr.sbin/httpd/icons/dvi.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/dvi.png b/usr.sbin/httpd/icons/dvi.png
deleted file mode 100644
index 19c417f227b..00000000000
--- a/usr.sbin/httpd/icons/dvi.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/f.gif b/usr.sbin/httpd/icons/f.gif
deleted file mode 100644
index fbe353c2822..00000000000
--- a/usr.sbin/httpd/icons/f.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/f.png b/usr.sbin/httpd/icons/f.png
deleted file mode 100644
index c946f5b3165..00000000000
--- a/usr.sbin/httpd/icons/f.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/folder.gif b/usr.sbin/httpd/icons/folder.gif
deleted file mode 100644
index 48264601ae0..00000000000
--- a/usr.sbin/httpd/icons/folder.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/folder.open.gif b/usr.sbin/httpd/icons/folder.open.gif
deleted file mode 100644
index 30979cb5285..00000000000
--- a/usr.sbin/httpd/icons/folder.open.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/folder.open.png b/usr.sbin/httpd/icons/folder.open.png
deleted file mode 100644
index dd2d7e0cc2d..00000000000
--- a/usr.sbin/httpd/icons/folder.open.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/folder.png b/usr.sbin/httpd/icons/folder.png
deleted file mode 100644
index 6b97905067e..00000000000
--- a/usr.sbin/httpd/icons/folder.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/folder.sec.gif b/usr.sbin/httpd/icons/folder.sec.gif
deleted file mode 100644
index 75332d9e59b..00000000000
--- a/usr.sbin/httpd/icons/folder.sec.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/folder.sec.png b/usr.sbin/httpd/icons/folder.sec.png
deleted file mode 100644
index 833f59ac517..00000000000
--- a/usr.sbin/httpd/icons/folder.sec.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/forward.gif b/usr.sbin/httpd/icons/forward.gif
deleted file mode 100644
index b2959b4c85c..00000000000
--- a/usr.sbin/httpd/icons/forward.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/forward.png b/usr.sbin/httpd/icons/forward.png
deleted file mode 100644
index c5584a4c306..00000000000
--- a/usr.sbin/httpd/icons/forward.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/generic.gif b/usr.sbin/httpd/icons/generic.gif
deleted file mode 100644
index de60b2940f9..00000000000
--- a/usr.sbin/httpd/icons/generic.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/generic.png b/usr.sbin/httpd/icons/generic.png
deleted file mode 100644
index 0227cabb5ce..00000000000
--- a/usr.sbin/httpd/icons/generic.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/generic.red.gif b/usr.sbin/httpd/icons/generic.red.gif
deleted file mode 100644
index 94743981d93..00000000000
--- a/usr.sbin/httpd/icons/generic.red.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/generic.red.png b/usr.sbin/httpd/icons/generic.red.png
deleted file mode 100644
index be63249beb5..00000000000
--- a/usr.sbin/httpd/icons/generic.red.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/generic.sec.gif b/usr.sbin/httpd/icons/generic.sec.gif
deleted file mode 100644
index 88d5240c3c3..00000000000
--- a/usr.sbin/httpd/icons/generic.sec.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/generic.sec.png b/usr.sbin/httpd/icons/generic.sec.png
deleted file mode 100644
index 0bd3d96bdcd..00000000000
--- a/usr.sbin/httpd/icons/generic.sec.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/hand.right.gif b/usr.sbin/httpd/icons/hand.right.gif
deleted file mode 100644
index 5cdbc7206da..00000000000
--- a/usr.sbin/httpd/icons/hand.right.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/hand.right.png b/usr.sbin/httpd/icons/hand.right.png
deleted file mode 100644
index 93035c658ab..00000000000
--- a/usr.sbin/httpd/icons/hand.right.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/hand.up.gif b/usr.sbin/httpd/icons/hand.up.gif
deleted file mode 100644
index 85a5d683177..00000000000
--- a/usr.sbin/httpd/icons/hand.up.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/hand.up.png b/usr.sbin/httpd/icons/hand.up.png
deleted file mode 100644
index 1405a6f1562..00000000000
--- a/usr.sbin/httpd/icons/hand.up.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/icon.sheet.gif b/usr.sbin/httpd/icons/icon.sheet.gif
deleted file mode 100644
index ad1686e4480..00000000000
--- a/usr.sbin/httpd/icons/icon.sheet.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/icon.sheet.png b/usr.sbin/httpd/icons/icon.sheet.png
deleted file mode 100644
index b875cb6b1c1..00000000000
--- a/usr.sbin/httpd/icons/icon.sheet.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/image1.gif b/usr.sbin/httpd/icons/image1.gif
deleted file mode 100644
index 01e442bfa92..00000000000
--- a/usr.sbin/httpd/icons/image1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/image1.png b/usr.sbin/httpd/icons/image1.png
deleted file mode 100644
index c1374fde333..00000000000
--- a/usr.sbin/httpd/icons/image1.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/image2.gif b/usr.sbin/httpd/icons/image2.gif
deleted file mode 100644
index 751faeea364..00000000000
--- a/usr.sbin/httpd/icons/image2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/image2.png b/usr.sbin/httpd/icons/image2.png
deleted file mode 100644
index 606d4fb87e5..00000000000
--- a/usr.sbin/httpd/icons/image2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/image3.gif b/usr.sbin/httpd/icons/image3.gif
deleted file mode 100644
index 4f30484ff64..00000000000
--- a/usr.sbin/httpd/icons/image3.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/image3.png b/usr.sbin/httpd/icons/image3.png
deleted file mode 100644
index 701fb1e1359..00000000000
--- a/usr.sbin/httpd/icons/image3.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/index.gif b/usr.sbin/httpd/icons/index.gif
deleted file mode 100644
index 162478fb3a7..00000000000
--- a/usr.sbin/httpd/icons/index.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/index.png b/usr.sbin/httpd/icons/index.png
deleted file mode 100644
index 9a0de350582..00000000000
--- a/usr.sbin/httpd/icons/index.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/layout.gif b/usr.sbin/httpd/icons/layout.gif
deleted file mode 100644
index c96338a1522..00000000000
--- a/usr.sbin/httpd/icons/layout.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/layout.png b/usr.sbin/httpd/icons/layout.png
deleted file mode 100644
index 0a97c1c475f..00000000000
--- a/usr.sbin/httpd/icons/layout.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/left.gif b/usr.sbin/httpd/icons/left.gif
deleted file mode 100644
index 279e6710d49..00000000000
--- a/usr.sbin/httpd/icons/left.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/left.png b/usr.sbin/httpd/icons/left.png
deleted file mode 100644
index d6e2404a811..00000000000
--- a/usr.sbin/httpd/icons/left.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/link.gif b/usr.sbin/httpd/icons/link.gif
deleted file mode 100644
index c5b6889a76d..00000000000
--- a/usr.sbin/httpd/icons/link.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/link.png b/usr.sbin/httpd/icons/link.png
deleted file mode 100644
index 4714d0ef40a..00000000000
--- a/usr.sbin/httpd/icons/link.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/movie.gif b/usr.sbin/httpd/icons/movie.gif
deleted file mode 100644
index 00351837741..00000000000
--- a/usr.sbin/httpd/icons/movie.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/movie.png b/usr.sbin/httpd/icons/movie.png
deleted file mode 100644
index 5615180de88..00000000000
--- a/usr.sbin/httpd/icons/movie.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/p.gif b/usr.sbin/httpd/icons/p.gif
deleted file mode 100644
index 7b917b4e91e..00000000000
--- a/usr.sbin/httpd/icons/p.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/p.png b/usr.sbin/httpd/icons/p.png
deleted file mode 100644
index 3fbe0e8801e..00000000000
--- a/usr.sbin/httpd/icons/p.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/patch.gif b/usr.sbin/httpd/icons/patch.gif
deleted file mode 100644
index 39bc90e7953..00000000000
--- a/usr.sbin/httpd/icons/patch.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/patch.png b/usr.sbin/httpd/icons/patch.png
deleted file mode 100644
index 808ed7865fe..00000000000
--- a/usr.sbin/httpd/icons/patch.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pdf.gif b/usr.sbin/httpd/icons/pdf.gif
deleted file mode 100644
index c88fd777c4b..00000000000
--- a/usr.sbin/httpd/icons/pdf.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pdf.png b/usr.sbin/httpd/icons/pdf.png
deleted file mode 100644
index 516142bb47b..00000000000
--- a/usr.sbin/httpd/icons/pdf.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie0.gif b/usr.sbin/httpd/icons/pie0.gif
deleted file mode 100644
index 6f7a0ae7a70..00000000000
--- a/usr.sbin/httpd/icons/pie0.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie0.png b/usr.sbin/httpd/icons/pie0.png
deleted file mode 100644
index 12e0200c97f..00000000000
--- a/usr.sbin/httpd/icons/pie0.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie1.gif b/usr.sbin/httpd/icons/pie1.gif
deleted file mode 100644
index 03aa6be71eb..00000000000
--- a/usr.sbin/httpd/icons/pie1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie1.png b/usr.sbin/httpd/icons/pie1.png
deleted file mode 100644
index c44c793ed8b..00000000000
--- a/usr.sbin/httpd/icons/pie1.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie2.gif b/usr.sbin/httpd/icons/pie2.gif
deleted file mode 100644
index b04c5e09086..00000000000
--- a/usr.sbin/httpd/icons/pie2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie2.png b/usr.sbin/httpd/icons/pie2.png
deleted file mode 100644
index e0b7167d913..00000000000
--- a/usr.sbin/httpd/icons/pie2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie3.gif b/usr.sbin/httpd/icons/pie3.gif
deleted file mode 100644
index 4db9d023eda..00000000000
--- a/usr.sbin/httpd/icons/pie3.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie3.png b/usr.sbin/httpd/icons/pie3.png
deleted file mode 100644
index 820a3c35fa9..00000000000
--- a/usr.sbin/httpd/icons/pie3.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie4.gif b/usr.sbin/httpd/icons/pie4.gif
deleted file mode 100644
index 93471fdd885..00000000000
--- a/usr.sbin/httpd/icons/pie4.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie4.png b/usr.sbin/httpd/icons/pie4.png
deleted file mode 100644
index 35490d857c7..00000000000
--- a/usr.sbin/httpd/icons/pie4.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie5.gif b/usr.sbin/httpd/icons/pie5.gif
deleted file mode 100644
index 57aee93f070..00000000000
--- a/usr.sbin/httpd/icons/pie5.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie5.png b/usr.sbin/httpd/icons/pie5.png
deleted file mode 100644
index 359b7d377f4..00000000000
--- a/usr.sbin/httpd/icons/pie5.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie6.gif b/usr.sbin/httpd/icons/pie6.gif
deleted file mode 100644
index 0dc327b5697..00000000000
--- a/usr.sbin/httpd/icons/pie6.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie6.png b/usr.sbin/httpd/icons/pie6.png
deleted file mode 100644
index 4b293eae18c..00000000000
--- a/usr.sbin/httpd/icons/pie6.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie7.gif b/usr.sbin/httpd/icons/pie7.gif
deleted file mode 100644
index 8661337f067..00000000000
--- a/usr.sbin/httpd/icons/pie7.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie7.png b/usr.sbin/httpd/icons/pie7.png
deleted file mode 100644
index 6bfa2d06ae2..00000000000
--- a/usr.sbin/httpd/icons/pie7.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie8.gif b/usr.sbin/httpd/icons/pie8.gif
deleted file mode 100644
index 59ddb34ce0f..00000000000
--- a/usr.sbin/httpd/icons/pie8.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/pie8.png b/usr.sbin/httpd/icons/pie8.png
deleted file mode 100644
index 716cf2822bf..00000000000
--- a/usr.sbin/httpd/icons/pie8.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/portal.gif b/usr.sbin/httpd/icons/portal.gif
deleted file mode 100644
index 0e6e506e004..00000000000
--- a/usr.sbin/httpd/icons/portal.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/portal.png b/usr.sbin/httpd/icons/portal.png
deleted file mode 100644
index 937c0f87cd6..00000000000
--- a/usr.sbin/httpd/icons/portal.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/ps.gif b/usr.sbin/httpd/icons/ps.gif
deleted file mode 100644
index 0f565bc1db7..00000000000
--- a/usr.sbin/httpd/icons/ps.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/ps.png b/usr.sbin/httpd/icons/ps.png
deleted file mode 100644
index ccccf730b6c..00000000000
--- a/usr.sbin/httpd/icons/ps.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/quill.gif b/usr.sbin/httpd/icons/quill.gif
deleted file mode 100644
index 818a5cdc7e0..00000000000
--- a/usr.sbin/httpd/icons/quill.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/quill.png b/usr.sbin/httpd/icons/quill.png
deleted file mode 100644
index b697770a882..00000000000
--- a/usr.sbin/httpd/icons/quill.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/right.gif b/usr.sbin/httpd/icons/right.gif
deleted file mode 100644
index b256e5f75fb..00000000000
--- a/usr.sbin/httpd/icons/right.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/right.png b/usr.sbin/httpd/icons/right.png
deleted file mode 100644
index 41f8529a84e..00000000000
--- a/usr.sbin/httpd/icons/right.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/screw1.gif b/usr.sbin/httpd/icons/screw1.gif
deleted file mode 100644
index af6ba2b097b..00000000000
--- a/usr.sbin/httpd/icons/screw1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/screw1.png b/usr.sbin/httpd/icons/screw1.png
deleted file mode 100644
index 11673ab97dc..00000000000
--- a/usr.sbin/httpd/icons/screw1.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/screw2.gif b/usr.sbin/httpd/icons/screw2.gif
deleted file mode 100644
index 06dccb3e44c..00000000000
--- a/usr.sbin/httpd/icons/screw2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/screw2.png b/usr.sbin/httpd/icons/screw2.png
deleted file mode 100644
index 5d7d2cf65e9..00000000000
--- a/usr.sbin/httpd/icons/screw2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/script.gif b/usr.sbin/httpd/icons/script.gif
deleted file mode 100644
index d8a853bc582..00000000000
--- a/usr.sbin/httpd/icons/script.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/script.png b/usr.sbin/httpd/icons/script.png
deleted file mode 100644
index 2520570a775..00000000000
--- a/usr.sbin/httpd/icons/script.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/README.txt b/usr.sbin/httpd/icons/small/README.txt
deleted file mode 100644
index deb96702b76..00000000000
--- a/usr.sbin/httpd/icons/small/README.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-
-These icons are provided as an alternative to the standard Apache
-icon graphics.  All graphics in this directory, with the exception
-of rainbow.gif, are 16x16 pixels in size, rather than the 20x22
-dimension icons which are the normal defaults for Apache and are
-in the parent directory of this one.
diff --git a/usr.sbin/httpd/icons/small/back.gif b/usr.sbin/httpd/icons/small/back.gif
deleted file mode 100644
index e331454726b..00000000000
--- a/usr.sbin/httpd/icons/small/back.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/back.png b/usr.sbin/httpd/icons/small/back.png
deleted file mode 100644
index 2257df2140d..00000000000
--- a/usr.sbin/httpd/icons/small/back.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/binary.gif b/usr.sbin/httpd/icons/small/binary.gif
deleted file mode 100644
index 995f79b9b10..00000000000
--- a/usr.sbin/httpd/icons/small/binary.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/binary.png b/usr.sbin/httpd/icons/small/binary.png
deleted file mode 100644
index 2e2e1b073d6..00000000000
--- a/usr.sbin/httpd/icons/small/binary.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/binhex.gif b/usr.sbin/httpd/icons/small/binhex.gif
deleted file mode 100644
index 3d54a5458e6..00000000000
--- a/usr.sbin/httpd/icons/small/binhex.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/binhex.png b/usr.sbin/httpd/icons/small/binhex.png
deleted file mode 100644
index 9deab419b61..00000000000
--- a/usr.sbin/httpd/icons/small/binhex.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/blank.gif b/usr.sbin/httpd/icons/small/blank.gif
deleted file mode 100644
index 606787a8399..00000000000
--- a/usr.sbin/httpd/icons/small/blank.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/blank.png b/usr.sbin/httpd/icons/small/blank.png
deleted file mode 100644
index 86f57a504f7..00000000000
--- a/usr.sbin/httpd/icons/small/blank.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/broken.gif b/usr.sbin/httpd/icons/small/broken.gif
deleted file mode 100644
index 1bcc57f25c5..00000000000
--- a/usr.sbin/httpd/icons/small/broken.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/broken.png b/usr.sbin/httpd/icons/small/broken.png
deleted file mode 100644
index 79c998c8c31..00000000000
--- a/usr.sbin/httpd/icons/small/broken.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/burst.gif b/usr.sbin/httpd/icons/small/burst.gif
deleted file mode 100644
index d882ceba9cb..00000000000
--- a/usr.sbin/httpd/icons/small/burst.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/burst.png b/usr.sbin/httpd/icons/small/burst.png
deleted file mode 100644
index 2b21436c78e..00000000000
--- a/usr.sbin/httpd/icons/small/burst.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/comp1.gif b/usr.sbin/httpd/icons/small/comp1.gif
deleted file mode 100644
index 712f36afdb2..00000000000
--- a/usr.sbin/httpd/icons/small/comp1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/comp1.png b/usr.sbin/httpd/icons/small/comp1.png
deleted file mode 100644
index 6d8c3459ed0..00000000000
--- a/usr.sbin/httpd/icons/small/comp1.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/comp2.gif b/usr.sbin/httpd/icons/small/comp2.gif
deleted file mode 100644
index 7759eb11f95..00000000000
--- a/usr.sbin/httpd/icons/small/comp2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/comp2.png b/usr.sbin/httpd/icons/small/comp2.png
deleted file mode 100644
index 57f7ad197b8..00000000000
--- a/usr.sbin/httpd/icons/small/comp2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/compressed.gif b/usr.sbin/httpd/icons/small/compressed.gif
deleted file mode 100644
index d3b156072ac..00000000000
--- a/usr.sbin/httpd/icons/small/compressed.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/compressed.png b/usr.sbin/httpd/icons/small/compressed.png
deleted file mode 100644
index 43acd8b943d..00000000000
--- a/usr.sbin/httpd/icons/small/compressed.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/continued.gif b/usr.sbin/httpd/icons/small/continued.gif
deleted file mode 100644
index e1c9f2cfa68..00000000000
--- a/usr.sbin/httpd/icons/small/continued.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/continued.png b/usr.sbin/httpd/icons/small/continued.png
deleted file mode 100644
index db17c424650..00000000000
--- a/usr.sbin/httpd/icons/small/continued.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/dir.gif b/usr.sbin/httpd/icons/small/dir.gif
deleted file mode 100644
index 7b37b099177..00000000000
--- a/usr.sbin/httpd/icons/small/dir.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/dir.png b/usr.sbin/httpd/icons/small/dir.png
deleted file mode 100644
index 9bd6256bdbb..00000000000
--- a/usr.sbin/httpd/icons/small/dir.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/dir2.gif b/usr.sbin/httpd/icons/small/dir2.gif
deleted file mode 100644
index 425d6e4b77c..00000000000
--- a/usr.sbin/httpd/icons/small/dir2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/dir2.png b/usr.sbin/httpd/icons/small/dir2.png
deleted file mode 100644
index 836daf49ef2..00000000000
--- a/usr.sbin/httpd/icons/small/dir2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/doc.gif b/usr.sbin/httpd/icons/small/doc.gif
deleted file mode 100644
index 0fcf18db2a8..00000000000
--- a/usr.sbin/httpd/icons/small/doc.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/doc.png b/usr.sbin/httpd/icons/small/doc.png
deleted file mode 100644
index c560df21d3c..00000000000
--- a/usr.sbin/httpd/icons/small/doc.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/forward.gif b/usr.sbin/httpd/icons/small/forward.gif
deleted file mode 100644
index 2997466eb4d..00000000000
--- a/usr.sbin/httpd/icons/small/forward.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/forward.png b/usr.sbin/httpd/icons/small/forward.png
deleted file mode 100644
index 4ddbc61e142..00000000000
--- a/usr.sbin/httpd/icons/small/forward.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/generic.gif b/usr.sbin/httpd/icons/small/generic.gif
deleted file mode 100644
index f8da6ff92c3..00000000000
--- a/usr.sbin/httpd/icons/small/generic.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/generic.png b/usr.sbin/httpd/icons/small/generic.png
deleted file mode 100644
index 16374a12bbb..00000000000
--- a/usr.sbin/httpd/icons/small/generic.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/generic2.gif b/usr.sbin/httpd/icons/small/generic2.gif
deleted file mode 100644
index 992f13331bb..00000000000
--- a/usr.sbin/httpd/icons/small/generic2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/generic2.png b/usr.sbin/httpd/icons/small/generic2.png
deleted file mode 100644
index 40d60c1df23..00000000000
--- a/usr.sbin/httpd/icons/small/generic2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/generic3.gif b/usr.sbin/httpd/icons/small/generic3.gif
deleted file mode 100644
index 85aa275e25a..00000000000
--- a/usr.sbin/httpd/icons/small/generic3.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/generic3.png b/usr.sbin/httpd/icons/small/generic3.png
deleted file mode 100644
index aa38963afa2..00000000000
--- a/usr.sbin/httpd/icons/small/generic3.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/image.gif b/usr.sbin/httpd/icons/small/image.gif
deleted file mode 100644
index dc3d95ced76..00000000000
--- a/usr.sbin/httpd/icons/small/image.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/image.png b/usr.sbin/httpd/icons/small/image.png
deleted file mode 100644
index d92f0a5fcc4..00000000000
--- a/usr.sbin/httpd/icons/small/image.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/image2.gif b/usr.sbin/httpd/icons/small/image2.gif
deleted file mode 100644
index a5c40f15508..00000000000
--- a/usr.sbin/httpd/icons/small/image2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/image2.png b/usr.sbin/httpd/icons/small/image2.png
deleted file mode 100644
index 4049bda5619..00000000000
--- a/usr.sbin/httpd/icons/small/image2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/index.gif b/usr.sbin/httpd/icons/small/index.gif
deleted file mode 100644
index 526df6b0645..00000000000
--- a/usr.sbin/httpd/icons/small/index.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/index.png b/usr.sbin/httpd/icons/small/index.png
deleted file mode 100644
index 080453e2151..00000000000
--- a/usr.sbin/httpd/icons/small/index.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/key.gif b/usr.sbin/httpd/icons/small/key.gif
deleted file mode 100644
index 8dfd6c09de3..00000000000
--- a/usr.sbin/httpd/icons/small/key.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/key.png b/usr.sbin/httpd/icons/small/key.png
deleted file mode 100644
index 1a45f67df31..00000000000
--- a/usr.sbin/httpd/icons/small/key.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/movie.gif b/usr.sbin/httpd/icons/small/movie.gif
deleted file mode 100644
index 7b4a42e7a0e..00000000000
--- a/usr.sbin/httpd/icons/small/movie.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/movie.png b/usr.sbin/httpd/icons/small/movie.png
deleted file mode 100644
index 7c126042c9a..00000000000
--- a/usr.sbin/httpd/icons/small/movie.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/patch.gif b/usr.sbin/httpd/icons/small/patch.gif
deleted file mode 100644
index 100484e5982..00000000000
--- a/usr.sbin/httpd/icons/small/patch.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/patch.png b/usr.sbin/httpd/icons/small/patch.png
deleted file mode 100644
index c39f14435a0..00000000000
--- a/usr.sbin/httpd/icons/small/patch.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/ps.gif b/usr.sbin/httpd/icons/small/ps.gif
deleted file mode 100644
index fa4bcfce30f..00000000000
--- a/usr.sbin/httpd/icons/small/ps.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/ps.png b/usr.sbin/httpd/icons/small/ps.png
deleted file mode 100644
index 5c604230d07..00000000000
--- a/usr.sbin/httpd/icons/small/ps.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/rainbow.gif b/usr.sbin/httpd/icons/small/rainbow.gif
deleted file mode 100644
index 8216b89bade..00000000000
--- a/usr.sbin/httpd/icons/small/rainbow.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/rainbow.png b/usr.sbin/httpd/icons/small/rainbow.png
deleted file mode 100644
index 175053cb433..00000000000
--- a/usr.sbin/httpd/icons/small/rainbow.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/sound.gif b/usr.sbin/httpd/icons/small/sound.gif
deleted file mode 100644
index a7a89ffd9ed..00000000000
--- a/usr.sbin/httpd/icons/small/sound.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/sound.png b/usr.sbin/httpd/icons/small/sound.png
deleted file mode 100644
index 6e3e95d3d01..00000000000
--- a/usr.sbin/httpd/icons/small/sound.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/sound2.gif b/usr.sbin/httpd/icons/small/sound2.gif
deleted file mode 100644
index 07706e07b86..00000000000
--- a/usr.sbin/httpd/icons/small/sound2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/sound2.png b/usr.sbin/httpd/icons/small/sound2.png
deleted file mode 100644
index bc46eb48fe5..00000000000
--- a/usr.sbin/httpd/icons/small/sound2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/tar.gif b/usr.sbin/httpd/icons/small/tar.gif
deleted file mode 100644
index 59c3ffb9a5f..00000000000
--- a/usr.sbin/httpd/icons/small/tar.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/tar.png b/usr.sbin/httpd/icons/small/tar.png
deleted file mode 100644
index 12f0347bf9c..00000000000
--- a/usr.sbin/httpd/icons/small/tar.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/text.gif b/usr.sbin/httpd/icons/small/text.gif
deleted file mode 100644
index 66ceefbc8c4..00000000000
--- a/usr.sbin/httpd/icons/small/text.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/text.png b/usr.sbin/httpd/icons/small/text.png
deleted file mode 100644
index b4e30f466d3..00000000000
--- a/usr.sbin/httpd/icons/small/text.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/transfer.gif b/usr.sbin/httpd/icons/small/transfer.gif
deleted file mode 100644
index d460d3fffe6..00000000000
--- a/usr.sbin/httpd/icons/small/transfer.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/transfer.png b/usr.sbin/httpd/icons/small/transfer.png
deleted file mode 100644
index 324048170a8..00000000000
--- a/usr.sbin/httpd/icons/small/transfer.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/unknown.gif b/usr.sbin/httpd/icons/small/unknown.gif
deleted file mode 100644
index 7bf0bbc10a6..00000000000
--- a/usr.sbin/httpd/icons/small/unknown.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/unknown.png b/usr.sbin/httpd/icons/small/unknown.png
deleted file mode 100644
index cad7e7a7aa0..00000000000
--- a/usr.sbin/httpd/icons/small/unknown.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/uu.gif b/usr.sbin/httpd/icons/small/uu.gif
deleted file mode 100644
index 8c793f8a7f9..00000000000
--- a/usr.sbin/httpd/icons/small/uu.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/small/uu.png b/usr.sbin/httpd/icons/small/uu.png
deleted file mode 100644
index ef87c82ee6c..00000000000
--- a/usr.sbin/httpd/icons/small/uu.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/sound1.gif b/usr.sbin/httpd/icons/sound1.gif
deleted file mode 100644
index 8efb49f55d6..00000000000
--- a/usr.sbin/httpd/icons/sound1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/sound1.png b/usr.sbin/httpd/icons/sound1.png
deleted file mode 100644
index 7a766be6cc8..00000000000
--- a/usr.sbin/httpd/icons/sound1.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/sound2.gif b/usr.sbin/httpd/icons/sound2.gif
deleted file mode 100644
index 48e6a7fb2fa..00000000000
--- a/usr.sbin/httpd/icons/sound2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/sound2.png b/usr.sbin/httpd/icons/sound2.png
deleted file mode 100644
index 45112909398..00000000000
--- a/usr.sbin/httpd/icons/sound2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/sphere1.gif b/usr.sbin/httpd/icons/sphere1.gif
deleted file mode 100644
index 7067070da27..00000000000
--- a/usr.sbin/httpd/icons/sphere1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/sphere1.png b/usr.sbin/httpd/icons/sphere1.png
deleted file mode 100644
index 2198ae89ec4..00000000000
--- a/usr.sbin/httpd/icons/sphere1.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/sphere2.gif b/usr.sbin/httpd/icons/sphere2.gif
deleted file mode 100644
index a9e462a377c..00000000000
--- a/usr.sbin/httpd/icons/sphere2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/sphere2.png b/usr.sbin/httpd/icons/sphere2.png
deleted file mode 100644
index 257632ba46d..00000000000
--- a/usr.sbin/httpd/icons/sphere2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/tar.gif b/usr.sbin/httpd/icons/tar.gif
deleted file mode 100644
index 4032c1bd3d4..00000000000
--- a/usr.sbin/httpd/icons/tar.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/tar.png b/usr.sbin/httpd/icons/tar.png
deleted file mode 100644
index 6c40521ff80..00000000000
--- a/usr.sbin/httpd/icons/tar.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/tex.gif b/usr.sbin/httpd/icons/tex.gif
deleted file mode 100644
index 45e43233b84..00000000000
--- a/usr.sbin/httpd/icons/tex.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/tex.png b/usr.sbin/httpd/icons/tex.png
deleted file mode 100644
index 906622d3844..00000000000
--- a/usr.sbin/httpd/icons/tex.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/text.gif b/usr.sbin/httpd/icons/text.gif
deleted file mode 100644
index 4c623909fbf..00000000000
--- a/usr.sbin/httpd/icons/text.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/text.png b/usr.sbin/httpd/icons/text.png
deleted file mode 100644
index 34d0edf86e4..00000000000
--- a/usr.sbin/httpd/icons/text.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/transfer.gif b/usr.sbin/httpd/icons/transfer.gif
deleted file mode 100644
index 33697dbb667..00000000000
--- a/usr.sbin/httpd/icons/transfer.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/transfer.png b/usr.sbin/httpd/icons/transfer.png
deleted file mode 100644
index efaf17b682f..00000000000
--- a/usr.sbin/httpd/icons/transfer.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/unknown.gif b/usr.sbin/httpd/icons/unknown.gif
deleted file mode 100644
index 32b1ea23fb6..00000000000
--- a/usr.sbin/httpd/icons/unknown.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/unknown.png b/usr.sbin/httpd/icons/unknown.png
deleted file mode 100644
index 7c241c383c0..00000000000
--- a/usr.sbin/httpd/icons/unknown.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/up.gif b/usr.sbin/httpd/icons/up.gif
deleted file mode 100644
index 6d6d6d1ebf8..00000000000
--- a/usr.sbin/httpd/icons/up.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/up.png b/usr.sbin/httpd/icons/up.png
deleted file mode 100644
index a69ea00c5b7..00000000000
--- a/usr.sbin/httpd/icons/up.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/uu.gif b/usr.sbin/httpd/icons/uu.gif
deleted file mode 100644
index 4387d529f69..00000000000
--- a/usr.sbin/httpd/icons/uu.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/uu.png b/usr.sbin/httpd/icons/uu.png
deleted file mode 100644
index b1d1a8579d5..00000000000
--- a/usr.sbin/httpd/icons/uu.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/uuencoded.gif b/usr.sbin/httpd/icons/uuencoded.gif
deleted file mode 100644
index 4387d529f69..00000000000
--- a/usr.sbin/httpd/icons/uuencoded.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/uuencoded.png b/usr.sbin/httpd/icons/uuencoded.png
deleted file mode 100644
index b1d1a8579d5..00000000000
--- a/usr.sbin/httpd/icons/uuencoded.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/world1.gif b/usr.sbin/httpd/icons/world1.gif
deleted file mode 100644
index 05b4ec20588..00000000000
--- a/usr.sbin/httpd/icons/world1.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/world1.png b/usr.sbin/httpd/icons/world1.png
deleted file mode 100644
index 3a65c00d846..00000000000
--- a/usr.sbin/httpd/icons/world1.png
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/world2.gif b/usr.sbin/httpd/icons/world2.gif
deleted file mode 100644
index e3203f7a881..00000000000
--- a/usr.sbin/httpd/icons/world2.gif
+++ /dev/null
diff --git a/usr.sbin/httpd/icons/world2.png b/usr.sbin/httpd/icons/world2.png
deleted file mode 100644
index 9f8a3ea4b35..00000000000
--- a/usr.sbin/httpd/icons/world2.png
+++ /dev/null
diff --git a/usr.sbin/httpd/src/.gdbinit b/usr.sbin/httpd/src/.gdbinit
deleted file mode 100644
index 564d9c3a255..00000000000
--- a/usr.sbin/httpd/src/.gdbinit
+++ /dev/null
@@ -1,28 +0,0 @@
-# gdb macros which may be useful for folks using gdb to debug
-# apache.  Delete it if it bothers you.
-
-define dump_table
-    set $t = (table_entry *)((array_header *)$arg0)->elts
-    set $n = ((array_header *)$arg0)->nelts
-    set $i = 0
-    while $i < $n
-	printf "[%u] '%s'='%s'\n", $i, $t[$i].key, $t[$i].val
-	set $i = $i + 1
-    end
-end
-document dump_table
-    Print the key/value pairs in a table.
-end
-
-define dump_string_array
-    set $a = (char **)((array_header *)$arg0)->elts
-    set $n = (int)((array_header *)$arg0)->nelts
-    set $i = 0
-    while $i < $n
-	printf "[%u] '%s'\n", $i, $a[$i]
-	set $i = $i + 1
-    end
-end
-document dump_string_array
-    Print all of the elements in an array of strings.
-end
diff --git a/usr.sbin/httpd/src/.indent.pro b/usr.sbin/httpd/src/.indent.pro
deleted file mode 100644
index 77b65f3d6a7..00000000000
--- a/usr.sbin/httpd/src/.indent.pro
+++ /dev/null
@@ -1 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs
diff --git a/usr.sbin/httpd/src/BUILD.NOTES b/usr.sbin/httpd/src/BUILD.NOTES
deleted file mode 100644
index 5eee75e8d6a..00000000000
--- a/usr.sbin/httpd/src/BUILD.NOTES
+++ /dev/null
@@ -1,39 +0,0 @@
-OS Specific notes for building/compiling Apache
-
--------------
-Introduction:
--------------
-Apache has been ported to a wide variety of platforms, from multiple
-UNIX variants to OS/2 to Windows95/NT. In building and/or compiling
-Apache on some platforms, there are some hints and notes which may
-help you if you run into problems.
-
------
-A/UX:
------
-  Don't even try with cc. Instead, use gcc-2.7.2 and the libUTIL.a
-  function library, both of which are available on jagubox.gsfc.nasa.gov.
-  libUTIL.a includes many basic functions that Apache (and other software)
-  requires as well as fixed versions of functions in libc.a. Contact
-  Jim Jagielski (jim@apache.org) if you need a precompiled build for
-  A/UX 3.1.x.
-
------
-AIX:
------
-  If you compiled Apache on AIX (any version) using the xlC compiler
-  version 3.6.X and you receive an error such as the following when
-  trying to start Apache:
-
-    "Expected </Directory> but saw </Directory>"
-  or
-    "Expected </Files> but saw </Files>"
-
-  then you have encountered a bug in xlC.  This is a problem with the
-  3.6.X versions of xlC, and is not a problem with the Apache code.
-  You need to update your xlC compiler and rebuild the server.  A
-  set of PTFs which correct the problem is available from:
-  http://techsupport.services.ibm.com/rs6k/fixdb.html
-  The PTFs are:  U462005, U462006, U462007, and U462023 through
-  U462030.  The PTFs have been tested and do indeed fix the problem.
-
diff --git a/usr.sbin/httpd/src/CHANGES b/usr.sbin/httpd/src/CHANGES
deleted file mode 100644
index 22f5edc7fa7..00000000000
--- a/usr.sbin/httpd/src/CHANGES
+++ /dev/null
@@ -1,9230 +0,0 @@
-Changes with Apache 1.3.29
-
-  *) SECURITY: CAN-2003-0542 (cve.mitre.org)
-     Fix buffer overflows in mod_alias and mod_rewrite which occurred if
-     one configured a regular expression with more than 9 captures.
-     [Andr� Malo]
-
-  *) Within ap_bclose(), ap_pclosesocket() is now called consistently
-     for sockets and ap_pclosef() for files. Also, closesocket()
-     is used consistenly to close socket fd's. The previous
-     confusion between socket and file fd's would cause problems
-     with some applications now that we proactively close fd's to
-     prevent leakage. PR 22805
-     [Radu Greab <rgreab@fx.ro>, Jim Jagielski]
- 
-  *) If a request fails and the client will be redirected to another URL
-     due to ErrorDocument, see if we need to drop the connection after
-     sending the 302 response.  This fixes a problem where Apache treated
-     the body of the failed request as the next request on a keepalive
-     connection.  The subsequent 501 error sent to the browser prevented 
-     some browsers from fetching the error document.  [Jeff Trawick]
-
-  *) Fixed mod_usertrack to not get false positive matches on the
-     user-tracking cookie's name.  PR 16661.
-     [Manni Wood <manniwood@planet-save.com>]
-
-  *) Enabled RFC1413 ident functionality for both Win32 and
-     NetWare platforms.  This also included an alternate thread safe
-     implementation of the socket timout functionality when querying
-     the identd daemon.
-     [Brad Nicholes, William Rowe]
-     
-  *) Prevent creation of subprocess Zombies when using CGI wrappers
-     such as suExec and cgiwrap. PR 21737. [Numerous]
-
-  *) ab: Overlong credentials given via command line no longer clobber
-     the buffer.  [Andr� Malo]
-
-  *) Fix ProxyPass for ftp requests - the original code was segfaulting since 
-     many of the values were not being filled out in the request_rec.
-     [Tollef Fog Heen <tfheen@debian.org, Thom May]
-
-Changes with Apache 1.3.28
-
-  *) SECURITY: CAN-2003-0460 (cve.mitre.org)
-     Fix the rotatelogs support program on Win32 and OS/2 to ignore
-     special control characters received over the pipe.  Previously
-     such characters could cause rotatelogs to quit logging and exit.
-     [Andr� Malo]
-
-  *) Prevent the server from crashing when entering infinite loops. The
-     new LimitInternalRecursion directive configures limits of subsequent
-     internal redirects and nested subrequests, after which the request
-     will be aborted.  PR 19753 (and probably others).
-     [William Rowe, Jeff Trawick, Jim Jagielski, Andr� Malo]
-
-  *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
-     response. PR 21085. [Glenn Nielsen <glenn@apache.org>, Andr� Malo]
-
-  *) Removed BIND_NOSTART from HP/UX shl_load() logic for loadable
-     Apache modules, so that statics are initialized when the module
-     is loaded (especially critical for c++ modules on HPUX.)
-     [William Rowe, Noah Arliss <narliss@netegrity.com>]
-
-  *) Win32 build system changes; always recompile buildmark.c (used for
-     Apache -v 'server built' messages) even when Apache is built from
-     within the IDE; build test_char.h and uri_delims.h from within the
-     ApacheCore.dsp project.  PR 12706.  [William Rowe]
-
-  *) Introduce Win32 .pdb diagnostic symbols into the Apache 1.3 build
-     (as created in Apache 2.0.45 and later.)  Makes debugging and
-     analysis of crash dumps and Dr. Watson logs trivial.  Requires the
-     Win32 binary builder to set aside the exact .pdb files that match
-     the released binaries (.exe/.so files) for reference by users and 
-     developers.  [William Rowe]
-
-  *) Make sure the accept mutex is released before calling child exit
-     hooks and cleanups.  Otherwise, modules can segfault in such code
-     and, with pthread mutexes, leave the server deadlocked.  Even if
-     the module doesn't segfault, if it performs extensive processing
-     it can temporarily prevent the server from accepting new
-     connections.  [Jeff Trawick]
-
-  *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
-     now work scheme dependent and the query string will only be
-     appended if supported by the particular scheme.  [Andr� Malo]
-
-  *) Use appropriate language codes for Czech (cs) and Traditional Chinese
-     (zh-tw) in default config files. PR 9427.  [Andr� Malo]
-
-  *) Don't block synchronous signals (e.g., SIGSEGV) while waiting for
-     and holding a pthread accept mutex.  [Jeff Trawick]
-
-  *) AIX: Change the default accept mechanism from pthread back to
-     fcntl.  Idle child cleanup doesn't work when the child selected
-     for termination by the parent is waiting on a pthread mutex, and 
-     because the AIX kernel's notion of hot process is apparently the 
-     same as Apache's, it is common for the Apache parent to continually
-     select a child for termination that the kernel will leave waiting
-     on the mutex for extended periods of time.  There are other 
-     concerns with pthread mutexes as well, such as the ability to 
-     deadlock the server if a child process segfaults while holding the 
-     mutex.  [Jeff Trawick]
-
-  *) Fix a pair of potential buffer overflows in htdigest
-     [Martin Schulze <joey@infodrom.org>, Thom May]
-
-  *) A newly created child now has a start_time of 0, to prevent
-     mod_status from displaying a bogus value for the "time to
-     process most recent request" column for freshly-started children
-     in a previously-used scoreboard slot. [Martin Kraemer]
-
-  *) When using Redirect in directory context, append requested query
-     string if there's no one supplied by configuration. PR 10961.
-     [Andr� Malo]
-
-  *) Fix path handling of mod_rewrite, especially on non-unix systems.
-     There was some confusion between local paths and URL paths.
-     PR 12902.  [Andr� Malo]
-
-  *) backport from 2.x series: Prevent endless loops of internal redirects
-     in mod_rewrite by aborting after exceeding a limit of internal redirects.
-     The limit defaults to 10 and can be changed using the RewriteOptions
-     directive. PR 17462.  [Andr� Malo]
-
-  *) Use the correct locations of srm.conf and access.conf when tailoring
-     the httpd.conf during the install process. PR 9446.
-     [Stanislav Brabec <utx@penguin.cz>]
-
-  *) suexec: Be more pedantic when cleaning environment. Clean it
-     immediately after startup. PR 2790, 10449.
-     [Jeff Stewart <jws@purdue.edu>, Andr� Malo]
-
-  *) Fix apxs to insert LoadModule/AddModule directives only outside of
-     sections. PR 8712, 9012.  [Andr� Malo]
-
-  *) Fix suexec compile error under SUNOS4, where strerror() doesn't
-     exist. PR 5913, 9977.
-     [Jonathan W Miner <Jonathan.W.Miner@lmco.com>]
-
-  *) Unix build: Add support for environment variable 
-     EXTRA_LDFLAGS_SHLIB, which allows the user to add to the hard-coded 
-     ld flags specified for DSOs.  Compare with the existing LDFLAGS_SHLIB 
-     environment variable, which allows the user to completely replace the 
-     hard-coded ld flags specified for DSOs.  [Jeff Trawick]
-
-  *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
-     not specified. Now it assumes "/" as already documented. PR 16937.
-     [Andr� Malo]
-
-  *) In configure always assume suexec-umask to be an octal value by
-     prepending a "0". PR 16984.  [Andr� Malo]
-
-  *) Fix typo in suexec -V output. PR 9034.
-     [Youichirou Koga <y-koga@apache.or.jp>]
-
-  *) Fix bug where 'Satisfy Any' without an AuthType resulted in an
-     "Internal Server Error" response. PR 9076.  [Andr� Malo]
-
-  *) mod_rewrite: Allow "RewriteEngine Off" even if no
-     "Options FollowSymlinks" (or SymlinksIfOwnermatch) is set.
-     PR 12395.  [Andr� Malo]
-
-  *) Change the log messages for setsockopt(TCP_NODELAY) and
-     getsockname() failures to log the client IP address and to
-     change the log level to debug.  [Jeff Trawick]
-
-  *) Correction to mod_negotiation for Win32, OS2, Netware etc, where
-     case insensitive requests such as the HEADER or README search
-     from autoindex would fail to match HEADER.html (because the
-     system internally looked for the case-sensitive header.* pattern.)
-     PR 7300 [William Rowe]
-
-  *) Correction to mod_autoindex so that only text/* files (prefering
-     /html, then /plain, then some other flavor) can be recovered
-     from a multiview-based HEADER or README subrequest.
-     [William Rowe]
-
-  *) Improvements to mod_usertrack that allows for a regular (verbose)
-     as well as "compact" version of the tracking cookie (the new
-     'CookieFormat' directive), and the ability to prepend a string
-     to the cookie via the 'CookiePrefix' directive.
-     [P�l L�berg <pallo@initio.no>, with cleanup by Jim Jagielski]
-
-  *) Certain 3rd party modules would bypass the Apache API and not
-     invoke ap_cleanup_for_exec() before creating sub-processes.
-     To such a child process, Apache's file descriptors (lock
-     fd's, log files, sockets) were accessible, allowing them
-     direct access to Apache log file etc.  Where the OS allows,
-     we now add proactive close functions to prevent these file
-     descriptors from leaking to the child processes.
-     [Jim Jagielski, Martin Kraemer]
-
-  *) Prevent obscenely large values of precision in ap_vformatter
-     from clobbering a buffer. [Sander Striker, Jim Jagielski]
-
-  *) NetWare: implemented ap_os_default_port() to resolve the 
-     correct default port based on the request method. This fixes
-     a URL reconstruction problem on a redirect. 
-     [Pavel Novy (novy@feld.cvut.cz)]
-     
-  *) Added new ap_register_cleanup_ex() API function which allows
-     for a "magic" cleanup function to be run at register time
-     rather than at cleanup time. Also added the
-     ap_note_cleanups_for_(socket|fd|file)_ex() API functions
-     which allows for control over whether that magic cleanup
-     should be called or not. This does not change the default
-     behavior of the non-"ex" function (eg: ap_register_cleanup).
-     [Jim Jagielski, concept by Ben Laurie]
-
-  *) PORT: Take advantage of OpenBSD's arc4random() function for the
-     initial secret [Henning Brauer <hb-apache-dev at bsws.de>]
-
-  *) If Listen directive is not a port, but just an IP, emit an
-     error condition as this case is ambiguous.
-     [Rich Bowen, Justin Erenkrantz, Cliff Woolley]
-
-  *) Update timeout algorithm in free_proc_chain. If a subprocess
-     did not exit immediately, the thread would sleep for 3 seconds
-     before checking the subprocess exit status again. In a very
-     common case when the subprocess was an HTTP server CGI script,
-     the CGI script actually exited a fraction of a second into the 3
-     second sleep, which effectively limited the server to serving one 
-     CGI request every 3 seconds across a persistent connection.
-     PRs 6961, 8664 [Bill Stoddard]
-
-  *) mod_setenvif: Add SERVER_ADDR special keyword to allow
-     envariable setting according to the server IP address
-     which received the request.  [Ken Coar]
-
-  *) PORT: Enable SINGLE_LISTEN_UNSERIALIZED_ACCEPT for AIX 4.3.2
-     and above.  Update AIX configure logic to allow higher AIX 
-     release numbers without having to change Apache.
-     [Jeff Trawick]
-
-Changes with Apache 1.3.27
-
-  *) SECURITY: CAN-2002-0840 (cve.mitre.org)
-     Prevent a cross-site scripting vulnerability in the default
-     error page.  The issue could only be exploited if the directive
-     UseCanonicalName is set to Off and a server is being run at
-     a domain that allows wildcard DNS.  [Matthew Murphy]
-
-  *) SECURITY: CAN-2002-0843 (cve.mitre.org)
-     Fix some possible overflows in ab.c that could be exploited by
-     a malicious server. Reported by David Wagner. [Jim Jagielski]
-
-  *) Included a patch submitted by Sander van Zoest (#9181) and
-     written by Michael Radwin whichs is essentially a work around
-     for the adding headers to error responses. As apache does not
-     go through the proper chain for non 2xx responses. This patch
-     adds an ErrorHeader directive; which is for non 2xx replies the
-     direct analog of the existing Header directive. This is usefull
-     during 3xx redirects or more complex 4xx auth schemes. [Dirk-
-     Willem van Gulik]
-
-  *) Included the patch submitted by Sander van Zoest (#12712) which
-     prevents just 'anything' being sucked in when doing gobbeling in
-     complete directories - such as editor backup files and other
-     cruft. This patch allows us to tailor/control this properly by
-     allowing simple wildcards such as *.conf. [Dirk-Willem van Gulik]
-
-  *) SECURITY: CAN-2002-0839 (cve.mitre.org)
-     Add the new directive 'ShmemUIDisUser'. By default, Apache
-     will no longer set the uid/gid of SysV shared memory scoreboard
-     to User/Group, and it will therefore stay the uid/gid of
-     the parent Apache process. This is actually the way it should
-     be, however, some implementations may still require this, which
-     can be enabled by 'ShmemUIDisUser On'.  Reported by iDefense.
-     [Jim Jagielski]
-
-  *) Fix a problem with the definition of union semun which broke
-     System V semaphores on systems where sizeof(int) != sizeof(long).
-     PR 12072  [<winterling@de.ibm.com>]
-
-  *) The protocol version (eg: HTTP/1.1) in the request line parsing
-     is now case insensitive. This closes a few PRs and implies that
-     ProtocolReqCheck will trigger on *true* invalid protocols.
-     [Jim Jagielski]
-
-  *) Relaxed mod_digest its parsing in order to make it work
-     with iCal's "WebDAVFS/1.2 (01208000) Darwin/6.0 (Power Macintosh)"
-     User-Agent. Apache (incorrectly) insisted on a quoted URI's
-     in the uri field of the Authorization client header. Not
-     yet done for EBCDIC plaforms. 
-     [Dirk-Willem van Gulik]
-
-  *) Back out an older patch for PR 9932, which had some incorrect
-     behavior. Instead, use a backport of the APR fix. This has
-     the nice effect that ap_snprintf() can now distinguish between
-     an output which was truncated, and an output which exactly
-     filled the buffer. [Jim Jagielski]
-
-  *) The cache in mod_proxy was incorrectly updating the Content-Length
-     value (to 0) from 304 responses when doing validation. Bugz#10128
-     [Paul Terry <paul.terry@gmx.net>, ast@domdv.de, Jim Jagielski]
-
-  *) Added support for Berkeley-DB/4.x to mod_auth_db.
-     [Martin Kraemer]
-
-  *) PR 10993: add image/x-icon to default httpd.conf files
-     [Ian Holsman, Peter Bieringer <pb@bieringer.de>
-
-  *) Fix a problem in proxy where headers from other modules were
-     added to the response headers when this was already done in the
-     core already. This resulted in header (and therefore cookie)
-     duplication. [Martijn Schoemaker <martijn@osp.nl>]
-
-  *) Fix FileETags none operation.  PR 12202.
-     [Justin Erenkrantz, Andrew Ho <andrew@tellme.com>]
-
-  *) Win32: Fix one byte buffer overflow in ap_get_win32_interpreter
-     when a CGI script's #! line does not contain a \r or \n (i.e.
-     a line feed character) in the first 1023 bytes. The overflow
-     is always a '\0' (string termination) character.
-
-  *) Add new "suppress-error-charset" environment variable to
-     allow a BrowserMatch workaround for clients that incorrectly
-     use the charset of a redirect as the charset of the target.
-     [Ken Coar]
-
-  *) Support Caldera OpenUNIX 8.  [Larry Rosenman <ler@lerctr.org>]
-
-  *) Use SysV semaphores by default on OpenBSD. [Henning Brauer 
-     <hb-apache-dev@bsws.de>]
-
-  *) httpd -V will now also print out the compile time defined
-     HARD_SERVER_LIMIT value. [Dirk-Willem van Gulik].
-
-  *) In 1.3.26, a null or all blank Content-Length field would be
-     triggered as an error; previous versions would silently ignore
-     this and assume 0. As a special case, we now allow this and
-     behave as we previously did. HOWEVER, previous versions would
-     also silently accept bogus C-L values; We do NOT do that. That
-     *is* an invalid value and we treat it as such.
-     [Jim Jagielski]
-
-  *) Add ProtocolReqCheck directive, which determines if Apache will
-     check for a valid protocol string in the request (eg: HTTP/1.1)
-     and return HTTP_BAD_REQUEST if not valid. Versions of Apache
-     prior to 1.3.26 would silently ignore bad protocol strings, but
-     1.3.26 included a more strict check. This makes it runtime
-     configurable. The default is On. This also removes the requirement
-     on an ANSI sscanf() implementation. [Jim Jagielski]
-
-  *) NetWare: implemented file locking in mod_rewrite for the NetWare
-     CLib platform. This fixes a bug that prevented rewrite logging 
-     from working. [Brad Nicholes]
-
-Changes with Apache 1.3.26
-
-  *) Potential NULL referencing fixed in the CGI module. It had
-     been there for 5 years. [Justin Erenkrantz]
-
-  *) Ensure that we set the result value in ap_strtol before
-     we return it. [Justin Erenkrantz, Jim Jagielski]
-
-Changes with Apache 1.3.25
-
-  *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
-     Code changes required to address and close chunked 
-     encoding security issues.  To support this, we utilize the ANSI 
-     functionality of strtol, and provide ap_strtol for completeness.
-     [Aaron Bannert, Justin Erenkrantz, Jim Jagielski, Brian Pane,
-      William Rowe, Cliff Woolley]
-     
-  *) PORT: With OpenBSD 3.1 and up, allow modules to work on their
-     ELF-based architectures. [Brad <brad@openbsd.org>]
-
-  *) Add X-Forwarded-Host and X-Forwarded-Server to X-Forwarded-For
-     to the proxy. [Thomas Eibner <thomas@stderr.net>]
-
-  *) Fix a problem in mod_proxy: it would not set the number of bytes
-     transferred, so other modules could not access the value from
-     the request_rec->bytes_sent field.
-     [Anthony Howe <achowe at snert.com>] PR#6841
-
-  *) Fix a problem in mod_rewrite which would lead to 400 Bad Request
-     responses for rewriting rules which resulted in a local path.
-     Note: This will also reject invalid requests like
-     "HEAD /roaming/martin/IMAP localhost HTTP/1.0" as issued by
-     Netscape-4.x Roaming Profiles (on a DAV-enabled server)
-     [Martin Kraemer]
-
-  *) Disallow anything but whitespace on the request line after the
-     HTTP/x.y protocol string. That prevents arbitrary user input
-     from ending up in the access_log and error_log. Also, special
-     characters (especially control characters) are escaped in the
-     log file now, to make a clear distinction between client-supplied
-     strings (with special characters) and server-side strings.
-     [Martin Kraemer]
-
-  *) Get rid of DEFAULT_XFERLOG as it is not used anywhere. It was
-     preserved by the build system, printed with "httpd -V", but
-     apart from that completely ignored: the default transfer log
-     is to not produce any transfer log.
-     [Martin Kraemer]
-
-  *) Fixed sending of binary files under Cygwin.  PR 9185.
-     [Cliff Woolley]
-
-  *) Added Cygwin directory layout to config.layout file.
-     [Stipe Tolj, <tolj@wapme-systems.de>]
-
-  *) Added a '-F' flag; which causes the mother/supervisor process to
-     no longer fork down and detach. But instead stays attached to
-     the tty - thus making live for automatic restart and exit checking
-     code easier. [ Contributed by Michael Handler <handler@grendel.net>,
-     Jos Backus <jos@catnook.com> [ Dirk-Willem van Gulik ]].
-
-  *) Make apxs.pl more flexible (file extensions like .so or .dll are
-     no longer hardcoded). [Stipe Tolj <tolj@wapme-systems.de>]
-
-  *) Add an intelligent error message should no proxy submodules be
-     valid to handle a request. PR 8407 [Graham Leggett]
-
-  *) Allow child processes sufficient time for cleanups but making
-     ap_select in reclaim_child_processes more "resistant" to
-     signal interrupts. Bugz# 8176
-     [David Winterbourne <davidw@financenter.com>, Jim Jagielski]
-
-  *) Recognize platform specific root directories (other than 
-     leading slash) in mod_rewrite for filename rewrite rules.
-     Bugz# 7492  [William Rowe]
-
-  *) For supported versions of Darwin, place dynamically loaded
-     Apache extensions' public symbols into the global symbol
-     table. This allows dynamically loaded PHP extensions.
-     [Marko Karppinen <markonen@php.net>]
-
-  *) Correct proxy to be able to handle the unexpected 100-continue
-     reponses sent during PUT or POST requests. [Graham Leggett]
-
-  *) Correct a timeout problem within proxy which would force long
-     or slow POST requests to close after 300 seconds.
-     [Martin Lichtin <martin@lichtin.net>, Brian Bothwell
-     <brian.bothwell@wisdomtools.com>]
-
-  *) Add support for dechunking chunked responses in proxy.
-     [Graham Leggett]
-
-  *) Made AB's use of the Host: header rfc2616 compliant
-     by Taisuke Yamada <tai@iij.ad.jp> [Dirl-Willem van Gulik].
-     
-  *) Update the Red Hat Layout to match Red Hat Linux version 7. 
-     PR BZ-7422 [Joe Orton] 
-
-  *) Add some popular types to the mime magic file.  PR 7730.
-     [Linus Walleij <triad@df.lth.se>, Justin Erenkrantz]
-
-  *) Tighten up the overridden-Server-header bugfix in the proxy, by
-     only overriding if the request is a proxy request. It has been
-     pointed out that the previous fix allows CGIs and modules to
-     override the Server header, which is change to previous behavior.
-     [Graham Leggett, Joshua Slive]
-
-  *) Another fix for the multiple-cookie header bug in proxy. With some
-     luck this bug is actually now dead. [Graham Leggett]
-
-Changes with Apache 1.3.24
-
-  *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
-     directives were improperly terminated.  [Cliff Woolley]
-
-  *) Win32 SECURITY: CVE-2002-0061 (cve.mitre.org)
-     Introduce proper escaping of command.com and cmd.exe for Win32.
-     These patches close vulnerability CAN-2002-0061, identified and
-     reported by Ory Segal <ory.segal@sanctuminc>, by which any CGI
-     invocation of .bat or .cmd files could compromise the system 
-     when the .bat or .cmd was parsed the query args as an argument 
-     to either cmd.exe /c or command.com /c.  [William Rowe]
-
-  *) Add % and \r [C/R] to the dangerous Win32 shell character list.
-     Retain the Unix sh escapes list for compatibility.
-     [William Rowe]
-
-  *) Pass the command line to the cmd.exe /c interpreter double quoted.
-     This fixes a bug that CGI args ending in a double-quote would 
-     cause invocation to fail.  Also, treat command.com as a 16-bit 
-     executable.  [William Rowe]
-
-  *) Win32; Never invoke cmd or bat scripts based on the registry, even 
-     for 'ScriptInterpreterSource Registry' enabled.  [William Rowe]
-
-  *) Provide Win32 users a log of the cgi command invoked, to assist
-     in debugging scripts at LogLevel info.  Also provide env vars
-     at LogLevel debug for additional help to admins troubleshooting
-     the ever mysterious "Premature end of script headers" error.
-     [Aaron Bannert]
-
-  *) Added the 'CGICommandArgs off' directive, to allow admins
-     to disable the query argument passing mechanism in Apache,
-     if future CGI argument vulnerabilities should be discovered.
-     This defaults to 'on', meaning isindex-style query arguments
-     are enabled.  [Aaron Bannert]
-
-  *) When a proxied site was being served, Apache was replacing
-     the original site Server header with it's own, which is not
-     allowed by RFC2616. Fixed. [Graham Leggett]
-
-  *) Fixed the previous multiple-cookie fix in the proxy. Cookies
-     are broken in that they contain dates which in turn contain
-     commas - so merging and then unmerging them breaks Set-Cookie
-     headers. Sigh. [Graham Leggett]
-
-  *) Add ap_uuencode to the httpd.exp exports file used by
-     the AIX linker. [Bill Stoddard]
-
-  *) Win32: Ignore AcceptMutex directive if it is present
-     [Bill Stoddard]
-
-  *) mod_rewrite: restored rnd behavior that was broken in 1.3.23.
-     PR 10090, 10185  [Jeroen Boomgaardt <jeroen@swissclue.com>]
-
-  *) NetWare: Added the command line directive -e that forces all
-     fatal configuration error messages to the logger screen rather
-     than the Apache screen before Apache is unloaded.
-     [Brad Nicholes bnicholes@novell.com]
-
-  *) Add the ProxyIOBufferSize option. Previously the size of the
-     buffer used while reading from the remote server in proxy was
-     taken from ProxyReceiveBufferSize. [Graham Leggett]
-
-  *) Fix a NULL variable check in proxy where we were checking the
-     wrong variable. [Geff Hanoian <geff@pier64.com>]
-
-  *) Fix typo in default config files related to Swedish language
-     documents.  PR: 9906, 10040  [Tomas �gren <stric@ing.umu.se>,
-     Dennis Lundberg <dennis.lundberg@mdh.se>]
-
-  *) apxs didn't get rebuilt when options were changed. This must have
-     caused much puzzlement in the past. Fixed.
-     [Ben Laurie]
-
-  *) No idea why an HTTP/1.1 proxy would send an HTTP/1.0 request
-     to a remote server by default. Fixed.
-     [Graham Leggett, Gabriel Russell <g.russell@ieee.org>]
-
-  *) NetWare: Added the module mod_log_nw to handle log rotation.
-     This module adds LogRotateDaily and LogRotateInterval to allow
-     all of the custom logs to be either rotated on a daily basis or
-     on a specific interval. Based on a patch by Bertrand Demiddelaer.
-     [Brad Nicholes bnicholes@novell.com]
-
-  *) Fix typo in rotatelogs.8.  [Will Lowe <harpo@thebackrow.net>]
-
-  *) Clean up warnings in mod_proxy [Chuck Murcko <chuck@topsail.org>]
-
-  *) TPF: Use the correct subpool when opening the error log.
-     This prevents a possible SIGPIPE in standalone_main.
-     [David McCreedy <McCreedy@us.ibm.com>]
-
-  *) When proxy enabled a slow frontend client to read from an
-     expensive backend server, it would wait until it had delivered
-     the response to the slow frontend client completely before
-     closing the backend connection. The backend connection is now
-     closed as soon as the last byte is read from it, freeing up
-     resources that would have been tied up unnecessarily.
-     [Graham Leggett, Igor Sysoev <is@rambler-co.ru>]
-
-  *) The proxy code read chunks from the backend server in a
-     hardcoded amount of 8k. The existing ProxyReceiveBufferSize
-     parameter has been overloaded to specify the size of this buffer.
-     [Graham Leggett, Igor Sysoev <is@rambler-co.ru>]
-
-  *) [Security] Prevent invalid client hostnames from appearing in
-     the log file. If a double-reverse lookup was performed (e.g.,
-     for an "Allow from .my.domain" directive) but failed, then
-     a spoofed dns-reverse-address could appear in the logs. Now
-     the numeric address is logged instead. Note that
-     reverse-address-spoofing did NOT actually allow access
-     to any protected resource!  [Martin Kraemer]
-
-  *) Some browsers ignore cookies that have been merged into a
-     single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
-     are now unmerged in the http proxy before being sent to the
-     client. [Graham Leggett]
-
-  *) Fix a problem with proxy where each entry of a duplicated
-     header such as Set-Cookie would overwrite and obliterate the
-     previous value of the header, resulting in multiple header
-     values (like cookies) going missing.
-     [Graham Leggett, Joshua Slive]
-
-  *) Fix a problem with proxy where X-Cache headers were
-     overwriting and then obliterating upstream X-Cache headers
-     from other proxies.
-     [Graham Leggett, Jacob Rief <jacob.rief@tiscover.com>]
-
-  *) Win32: Work around a bug in Windows XP that caused data
-     corruption on writes to the network. The WinXP bug
-     is tickled by the combined use of WSADuplicateSocket 
-     and blocking send() calls.
-     [Bill Stoddard, Bill Rowe, Allan Edwards, Szabolcs Szakacsits]
-     
-  *) Add 'IgnoreCase' keyword to the IndexOptions directive;
-     if active, upper- and lower-case letters are insignificant
-     in ordering.  In other words, all A* and a* files will be
-     listed together, rather than the a* ones after all the [A-Z]*
-     ones.  [Tullio Andreatta <tullio@logicom.it>]
-
-  *) NetWare: Implemented the real ap_os_case_canonical_filename()
-     function that retrieves the accurately cased path and file
-     name from the file system. [Brad Nicholes bnicholes@novell.com]
-
-  *) Fix the longstanding bug that errors (returned by src/Configure)
-     would not be noticed by the top level configure script.
-     That was bad for automated configurations. [Martin Kraemer]
-
-  *) Link with -lpthread on Solaris since we reference pthread
-     functions for the accept mutex.  Previously, the link step
-     would succeed but we would link to bogus versions of the
-     pthread functions in libc, apparently breaking accept mutex 
-     serialization when "AcceptMutex pthread" was used and 
-     apparently breaking some third-party modules whether
-     or not "AcceptMutex pthread" was used.  [Jeff Trawick]
-
-  *) The Location: response header field, used for external
-     redirect, *must* be an absoluteURI.  The Redirect directive
-     tested for that, but RedirectMatch didn't -- it would allow
-     almost anything through.  Now it will try to turn an abs_path
-     into an absoluteURI, but it will correctly varf like Redirect
-     if the final redirection target isn't an absoluteURI.  [Ken Coar]
-
-  *) apxs: fix bug that prevented -S option from containing quotes.
-     [Ben Laurie]
-
-  *) ftp proxy: various cosmetic and functional improvements
-     - Allow for /%2f hack (to access the root directory / )
-     - properly escape generated links in dir listing
-     - do directory listings in ASCII, to avoid problems with EBCDIC
-       servers
-     - close data & control channels to server properly
-     [Martin Kraemer]
-
-  *) NetWare: Added mod_auth_dbm to the project file.  
-     [Brad Nicholes bnicholes@novell.com]
-
-
-Changes with Apache 1.3.23
- 
-  *) Changed the symbol mapping of the following from API_EXPORT
-     to API_EXPORT_NONSTD:
-         ap_snprintf(), ap_table_do(), ap_bvputs(), ap_log_error(),
-         ap_log_rerror(), ap_log_printf(), ap_rprintf()
-     [William Rowe]
-
-  *) Fixed a number of mismatched int sizes and signedness problems.
-     Still remains, MSVC's 'interesting' declaration of FD_SET still emits
-     (impotent) warnings.  [William Rowe]
-
-  *) mod_proxy changes:
-
-    *) Bug fix for ap_proxy_cache_conditional(), unititialized wetag
-       [Zvi Har'El <rl@math.technion.ac.il>]
-
-    *) Add persistent connection handling
-       The patch changes mod_proxy to write the reply-headers using
-       ap_send_http_header() instead of directly using ap_bvputs(). This not
-       only simplifies mod_proxy, in my opinion at least, but enables it to
-       make use of the features of Apache's normal header and persistent
-       connection machinery.
-       [Christian von Roques <roques@mti.ag>]
-
-    *) Graham Leggett's original 1.3.12 patch, updated for 1.3.19+
-       Original comments:
-
-       HTTP/1.1 support for mod_proxy:
-       - support for Cache-Control
-       - conditional support If-Match, If-None-Match,
-       If-Unmodified-Since, Etag
-       - support for content negotiation using Vary
-       - storing of request headers (for Vary support) in cache file 
-       - storing of updated response headers (with 304 Not Modified) in 
-         cache file
-       - support for 64 bit dates and content-lengths in cache file
-       Fixes:
-       - ProxyPassReverse applied to Content-Location
-       - entity headers no longer stripped from response after cache
-         revalidation 
-       - annotation of mod_proxy cache code
-       [Graham Leggett <minfrin@sharp.fm>]
-
-       changes to preserve binary compatibility with httpd core, clean up
-       [Chuck Murcko <chuck@topsail.org>]
-
-  *) HPUX 11.*: Do not kill the child process when accept() 
-     returns ENOBUFS on HPUX 11.*.
-     [madhusudan_mathihalli@hp.com]
-
-  *) PORT: Numerous additions to Cygwin, including: defaulting
-     to Posix thread accept mutex, excluding the call to
-     pthread_mutexattr_setpshared(), better proxy and DBM support, and
-     allowing the use of native Win32 socket ops instead of
-     Cygwin's Posix wrapper (for better performance). The last
-     item required the addition of a new Configure Rule: CYGWIN_WINSOCK.
-     [Stipe Tolj <tolj@wapme-systems.de>]
-
-  *) Use "httpready" accept filter rather than "dataready" on
-     FreeBSD after 4.1.1-RELEASE where it works correctly.
-     [Tony Finch]
-
-  *) Fix incorrect "Content-Length" header in the 416 "range not
-     satisfiable" response. [Joe Orton <joe@manyfish.co.uk>]
-
-  *) Add FileETag directive to control fields used when constructing
-     an ETag for a file-based resource.  Historically the inode,
-     size, and mtimehave been used, but the inode factor broke
-     caching for systems with content fan-out across multiple
-     back-end servers.  Now the fields used in the construction
-     can be controlled by configuration directives.  Minor MMN
-     bumped; MMN went from 19990320.10 to 19990320.11.
-     [Ken Coar, from a patch by Phil Dietz]
-
-  *) NetWare: Fixed the access forbidden problem when requesting an
-     empty directory rather than showing the empty listing.  
-     [Charles Goldman, Guenter Knauf <gk@gknw.de>]
-
-  *) Cause Win32 to capture all child-worker process errors in
-     Apache to the main server error log, until the child can
-     open it's own error logs.  [William Rowe]
-
-  *) Revert mod_negotiation's handling of path_info and query_args
-     to the 1.3.20 behavior.  PR: 8628, 8582, 8538  [William Rowe]
-
-  *) Modify buff.h and buff.c to enable modules to intercept the
-     output byte stream for dynamic page caching. A pointer to a 
-     'filter callback' function is added to the end of buff.h. 
-     This function, if registered by a module, is called 
-     at the top of buff_write() and writev_it_all().
-     [Kevin Mallory <kmallory@spidercache.com>]
-
-  *) When the default of 'Group #-1' was changed to 'Group "#-1"',
-     the Makefile wasn't updated to recognise the quotation marks.
-     [Owen Boyle <obo@bourse.ch>]
-
-  *) Win32: Do not allow threads to continue handling keepalive
-     requests after a shutdown or restart has ben signaled.
-     [Bill Stoddard]
-
-  *) Win32: Accept OPTIONS * requests.  [Keith Wannamaker]
-
-  *) Unixware 7.0 and later did not have a default locking
-     mechanism defined.  This bug was introduced in apache 1.3.4.
-     [Dean Gaudet]
-
-  *) Prevent an Apache module from being loaded or added twice due
-     to duplicate LoadModule or AddModule directives (or a missing
-     ClearModuleList directive).
-     [William Rowe, Brian Pane <bpane@pacbell.net>]
-
-  *) Add checkgid app to do run-time validation of Group directive
-     values which might cause the server to fall over, but which
-     are syntactically correct.  [Ken Coar]
-
-  *) NetWare: Added mod_unique_id to the project file.  
-     [Brad Nicholes bnicholes@novell.com]
-
-  *) NetWare: Fixed a link problem with mod_vhost_alias so that it
-     exports the correct MODULE structure. PR 8598  
-     [Brad Nicholes bnicholes@novell.com]
-
-  *) Unix: The generated install script for binary distributions,
-     install-bindist.sh, now makes DSO files executable, like
-     make install.  This allows a binary distribution to work on 
-     HP-UX without any manual intervention.  PR 7428  
-     [Jeff Trawick]
-
-  *) Win32: The Apache Win32 developers generally recommend that
-     MaxRequestsPerChild be set to 0 to prevent the child process
-     from ever recycling. However, for those that do require a 
-     non-zero setting, this patch fixes a serious bug that can cause 
-     an apparent 'server-hang' condition where the server stops
-     responding to requests for a period of time. Prior to this
-     fix, when the child process handled MaxRequestsPerChild
-     connnections, the child process would stop accepting new 
-     connections and begin allowing inactive threads to exit. The
-     problem was that a new process would not be created to begin
-     handling requests until the old process fully exited. The old 
-     process can take an indeterminate amount of time to exit because
-     it may be sending large responses to clients connected over slow
-     links, or it may have threads blocked in read awaiting requests
-     (eg, one attack mode of the Nimda worm is to establish a 
-     connection to the server but not send an HTTP request. This 
-     connection will be timed out according to the setting of the
-     Timeout directive, 300 seconds). This fix allows the new process
-     to be immediately started and begin accepting requests when the 
-     old child process reaches MaxRequestsPerChild. 
-     [Bill Stoddard]
-     
-  *) Win32: Emit error message when the server bumps up against the
-     ThreadsPerChild configuration limit. This will be useful for 
-     admins to detect when their server is running out of threads
-     to handle requests. [Bill Stoddard]
-
-  *) Test all directories listed with the UserDir directive for validity.
-     Also resolves the Win32/Netware bug of unparsable quoted paths.
-     PR 8238  [William Rowe]
-
-Changes with Apache 1.3.22
-
-  *) Recognize AIX 5.1.  [Jeff Trawick]
-
-  *) PORT: Support AtheOS (see www.atheos.cx)
-     [Rodrigo Parra Novo <rodarvus@terra.com.br>]
-
-  *) The manual directory is still configurable (as enabled by
-     the 1.3.21 change), but its default setting was reverted to
-     the pre-1.3.21 default as a subdirectory of the DocumentRoot.
-     You can adapt your path in config.layout or with the
-     "configure --manualdir=" switch.      [Martin Kraemer]
-
-  *) Additional correction for the mutex changes on the TPF platform.
-     [David McCreedy <McCreedy@us.ibm.com>]
-
-  *) mod_proxy - remove Explain*; replace with ap_log_*
-     [Chuck Murcko <chuck@topsail.org>]
-
-Changes with Apache 1.3.21
-
-  *) Enable mod_mime_magic (experimental) for Win32.  [William Rowe]
-
-  *) Use an installed Expat library rather than the bundled Expat. This
-     fixes a problem where multiple copies of Expat could be loaded
-     into the process space, thus conflicting and causing strange
-     segfaults. Most notably with mod_perl and XML::Parsers::Expat.
-     [Greg Stein]
-
-  *) Handle user modification of WinNT/2K service display names.  Prior
-     versions of Apache only accepted identical internal and display names
-     (where internal service names were space-stripped.)  [William Rowe]
-
-  *) Introduce Win32 -W option for -k install/config to set up service
-     dependencies on the workstation, snmp and other services that given
-     modules or configurations might depend upon.  [William Rowe]
-
-  *) Update the mime.types file to map video/vnd.mpegurl to mxu
-     and add commonly used audio/x-mpegurl for m3u extensions.
-     [Heiko Recktenwald <uzs106@uni-bonn.de>, Lars Eilebrecht]
-
-  *) Modified mod_mime and mod_negotiation to prevent mod_negotiation 
-     from serving any multiview variant containing one or more 
-     'unknown' filename extensions. In PR #8130, mod_negotiation was 
-     incorrectly serving index.html.zh.Big5 when better variants were 
-     available. The httpd.conf file on the failing server did not have 
-     an AddLanguage directive for .zh, which caused mod_mime to loose
-     the file_type information it gleened from parsing the .html
-     extension. The absence of any language preferences, either in
-     the browser or configured on the server, caused mod_negotiation
-     to consider all the variants equivalent. When that occurs, 
-     mod_negotiation picks the 'smallest' variant available, which
-     just happened to be  index.html.zh.Big5.
-     [Bill Stoddard, Bill Rowe] PR #8130
-
-  *) SECURITY: CVE-2001-0731 (cve.mitre.org)
-     Close autoindex /?M=D directory listing hole reported
-     in bugtraq id 3009.  In some configurations where multiviews and 
-     indexes are enabled for a directory, requesting URI /?M=D could
-     result in a directory listing being returned to the client rather
-     than the negotiated index.html variant that was configured and
-     expected.  The work around for this problem (for pre 1.3.21
-     releases) is to disable Indexes or Multiviews in the affected
-     directories.  [Bill Stoddard, Bill Rowe]
-
-  *) Enabled Win32/OS2/Netware file paths (not / rooted, but c:/ rooted)
-     as arguments for mod_vhost_alias'es directives.  [William Rowe]
-
-  *) Changes for Win32 to assure mod_unique_id's UNIQUE_ID strings really
-     are unique between threads.  [William Rowe]
-
-  *) mod_proxy - fix for Pragma: nocache (HTTP/1.0 only)
-     [Kim Bisgaard <kib@dmi.dk>] PR #5668
-
-  *) PORT: Some Cygwin changes, esp. improvements for dynamic loading,
-     and cleanups. [Stipe Tolj <tolj@wapme-systems.de>]
-
-  *) Win32 SECURITY: CAN-2001-0729 (cve.mitre.org)
-     The default installation could lead to mod_negotiation
-     and mod_dir/mod_autoindex displaying a directory listing instead of
-     the index.html.* files, if a very long path was created artificially
-     by using many slashes. Now a 403 FORBIDDEN is returned. This
-     problem was similar to and in the same area as the problem
-     reported and fixed by Martin Kraemer in 1.3.18, only the scope
-     is much narrower and is specific to Windows.  [Bill Stoddard]
-
-  *) Update the mime.types file to the registered media types as
-     of 2001-09-25, and add xsl, so, dll extensions [Mark Cox]
-
-  *) Resolved the build failure on Win32 using MSVC 5.0 (without the
-     current SDK.)  PRs 7790, 7948.  [William Rowe]
-
-  *) mod_proxy - fix reverse proxy cookie passthrough
-     [Brian Eidelman <beidelman@netegrity.com>] PR#6055
-
-  *) mod_proxy - fix CacheForceCompletion directive
-     [Alexey Panchenko <panchenko@liwest.ru>] PR#8090
-
-  *) mod_proxy - close origin server connection when client aborts
-     [Alexey Panchenko <panchenko@liwest.ru>] PR#8067,7383,6585
-
-  *) ErrorDocument 404 pointing to a parsed html file with a
-     <!--#include virtual="file" --> with a request URI containing
-     %2f would result in a segfault (NULL pointer deref, not a
-     security problem).  [Jeff Moe <tux@themoes.org>, Dean Gaudet] PR#8362
-
-  *) UnsetEnv from main body of httpd.conf file didn't work; backport
-     of bugfix from 2.0 codebase. [Gary Benson <gbenson@redhat.com>] PR#8254
-
-  *) Win32 - add mod_unique_id.so and mod_vhost_alias.so to the build.
-     [William Rowe]
-
-  *) Enhancement of mod_auth to handle 'Require file-owner' and
-     'Require file-group'.  This allows access IFF the authenticated
-     username (from the appropriate AuthUserFile database) matches
-     the username of the UID that owns the document (and equivalent
-     checking for file GID and user's membership in AuthGroupFile).
-     See the mod_auth documentation for examples.  (Not supported
-     on Windows.)  [Ken Coar]
-
-  *) Addition of the AcceptMutex runtime directive. The accept mutex
-     method is now runtime controllable. The suite of available methods
-     per platform is defined at compile time (with HAVE_FOO_SERIALIZED_ACCEPT
-     noting that the method is available and works, and
-     USE_FOO_SERIALIZED_ACCEPT noting that it should be the default
-     method in absense of any AcceptMutex line, or via AcceptMutex default)
-     and selectable at runtime. The full (current) suite is uslock,
-     pthread, sysvsem, fcntl, flock, os2sem, tpfcore and none, but
-     not all platforms accept all methods. [Jim Jagielski]
-
-  *) Parallel to a change in Apache-2.0, the manual directory was
-     moved out of the DocumentRoot tree to simplify the separation
-     of private content&configuration from server's on-line
-     documentation. An "Alias /manual/ ..." projects the manual/
-     directory (which resides now side-by-side with the icons/
-     directory) into the logical DocumentRoot. Note that a request
-     to http://server/manual (without the trailing slash) will now
-     behave different than before (it used to redirect to
-     http://server/manual/ but no longer does).
-     [Martin Kraemer]
-     
-  *) Fixed ap_os_canonical_filename() so that it wouldn't try to
-     canonicalize an invalid file name.  Also fixed 
-     ap_os_is_path_absolute() so that it wouldn't recognize names
-     such as proxy:http://blah as a NetWare volume:pathname.  Both of 
-     these fixes were necessary to fix mod_proxy problems on NetWare.
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Fix a storage leak (a strdup() call) in mod_mime_magic.  
-     [Jeff Trawick]
-
-  *) We have always used the obsolete/deprecated Netscape syntax
-     for our tracking cookies; now the CookieStyle directive
-     allows the Webmaster to choose the Netscape, RFC2109, or
-     RFC2965 format.  The new CookieDomain directive allows the
-     setting of the cookie's Domain= attribute, too.  PR #s 5006,
-     5023, 5920, 6140 [Ken Coar]
-
-  *) The Win32 Makefile.win build script failed if
-     INSTDIR="c:\path\with spaces" was given, this is now fixed.  PR 8184
-     [Jack Tan <jack_s_tan@yahoo.com>]
-
-  *) EBCDIC: The proxy, when used in a proxy chain, "forgot" to
-     convert the "CONNECT host:port HTTP/1.0" request line to ASCII
-     before contacting the next proxy, and was thus unusable for
-     SSL proxying.  [Martin Kraemer]
-
-  *) SECURITY: CVE-2001-0730 (cve.mitre.org)
-     Make support/split-logfile use the default log file if
-     "/" or "\" are present in the virtual host name.  This prevents
-     the possible use of specially crafted virtual host names in
-     some configurations to allow writing to any .log file on the
-     system.  [Daniel Matuschek <daniel.matuschek@swisscom.com>,
-     Marc Slemko] PR#7848
-
-  *) Added a directive: "AcceptFilter <on|off>". To control BSD 
-     acccept filters when at compile time SO_ACCEPT_FILTER is 
-     detected. The default is still 'on' except when, at compile
-     time, AP_ACCEPT_FILTER_OFF is defined. 
-
-     Also downgraded the fatal exit to a warning when the 
-     associated setsocketopt(2) fails for any reason but
-     for ENOPROTOOPT. The latter - which implies that the
-     kernel does not support the filters - now rates only an 
-     info level message. All in all this should make it easier
-     to move httpd binaries and config files across BSD machines 
-     with varying acceptfilter support.
-     [Dirk-Willem van Gulik <dirkx@covalent.net>]
-
-  *) Fix the <Files ~ "^\.ht"> container to *really* deny all access.
-     Without the Satisfy All, .ht* files could still be fetched if
-     they were within the scope of a Satisfy Any directive.
-     [Ken Coar]
-
-  *) Print a warning when an attempt is made to use line-end comments.
-     Apparently they are not detected/handled gracefully by all directives.
-     [Martin Kraemer]
-
-  *) (TPF only) Take advantage of improvements to select(), fork(), and
-     exec() in the TPF operating system.  
-     [David McCreedy <McCreedy@us.ibm.com>]
-
-  *) (Cygwin only) Fix problems with signals sent to child processes;
-     Improve auto-configuration for Cygwin.
-     [Stipe Tolj <tolj@wapme-systems.de>]
-
-  *) Added Mod_Vhost_Alias to the project file so that it builds as an
-     external module (VHOST.NLM). 
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Fix problem with lingering_close() on Windows.  Issuing read() on the
-     socket descriptor on Windows always fails. Should be calling
-     recv() instead of read() on Windows.
-     [Bill Stoddard, Bill Rowe]
-
-  *) Added an abnormal exit clean up routine to make sure that ApacheC NLM
-     is always unloaded cleanly.  This fixes the "Ouch! out of memory"
-     problem when restarting Apache for NetWare after an abnormal exit
-     due to configuration errors. 
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Change the compile switches for ReliantUNIX SVR4 not to use
-     SYSV semaphores, because upon reaching the system limit of
-     semaphores, the whole server exits (not just one child).
-     Apache could be improved to use NO_SEM_UNDO flag (see test/time-sem.c)
-     which is currently implemented only in the time-sem program, but not in
-     apache. Until then, revert to using fcntl() locks.
-     [Martin Kraemer]
-
-  *) Changes to 'ab': fixed int overruns, added statistics, output in
-     csv/gnuplot format, rudimentary SSL support and various other tweaks
-     to make results more true to what is measured. The upshot of this it
-     turns out that 'ab' has often underreported the true performance of
-     apache. Often by a order of magnitude :-) See talk/paper of Sander 
-     Temme at April ApacheCon 2001 for details.
-     [Dirk-Willem van Gulik]
-
-Changes with Apache 1.3.20
-
-  *) Autodetect if platforms have isnan() and/or isinf() for use in
-     ap_snprintf.c. [Jim Jagielski]
-
-  *) SECURITY DoS: CVE-2001-1342 (cve.mitre.org)
-     Correct a vulnerability in the Win32 and OS2 ports, by which a 
-     client submitting a carefully constructed URI could cause a GP
-     (segment) fault in the child process, which would have to be
-     cleared by the operator to resume operation.  This vulnerability
-     introduced no identified means of compromising the server's data.
-     Reported by Auriemma Luigi <kaino3@genie.it>.
-     [William Rowe, Brian Havard]
-
-  *) Resolve the Win32 SSI exec cmd bug, where cmd was not executed
-     appropriately against the shell.  [William Rowe]
-
-  *) Added NOESCAPE (NS) flag to RewriteRule and enabled use of
-     '\' to allow escaping of special characters.  Previously
-     there was no way to embed either '$' or '%' in the output
-     of a RewriteRule; now 'foo\$1' will result in a literal
-     'foo$1' appearing in the result rather than 'foo\<value of $1>'.
-     Note that [NS] disables *all* normal URI escaping, so incautious
-     use can give unexpected results.  [Ken Coar]
-
-  *) Add support for Win32 apxs.  Note that cygwin builders must use a
-     cygwin perl to avoid the MSWin32 handling.  [William Rowe]
-
-  *) Changed the initial screen handling for NetWare so that the -s 
-     parameter will properly destroy the Apache console screen and switch 
-     to the system console screen.  Also removed the call to clrscr() for 
-     NetWare so that any warning messages produced during startup are visible.
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Integrate support for the Cygwin 1.x platform (a POSIX emulation layer
-     for Win32 systems, see http://www.cygwin.com)
-     [Stipe Tolj <tolj@wapme-systems.de>]
-
-  *) Hooked calls to opendir() and readdir() so that we could add '.' and
-     '..' to the entry list.  By default NetWare does not return these
-     entries which caused mod_autoindex not to display the parent directory
-     entry. [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Solved a very serious threading problem with WinNT/2K Services.  The
-     moment master_main told that the shutdown was complete, the parent
-     control thread exited Apache, leaving mod_jserv's Java process running
-     and alternately invoking mod_perl's cleanups from the correct thread
-     or the service control thread. [William Rowe]
-
-  *) Populate the Win32 HKLM\System\CurrentControlSet\Services\[apachesvc]
-     key with the Description value of the running server across all Win32
-     platforms, including NT, ME and 9x.  This value is the server_version
-     string including loaded modules.  [William Rowe]
-
-  *) Fix ndbm.h include problems with various Linux distributions and 
-     brain-dead glibc >= 2.1, which sometimes have ndbm.h in a
-     non-standard db1/ subdir. PR#6929
-     [Victor J. Orlikowski]
-
-  *) Empty headers are allowed by RFC2068 section 4.2.  The presence or
-     absence of an empty header can be significant.  The current mod_proxy
-     of httpd 1.3.x removes empty headers. Change mod_proxy to preserve
-     empty headers. [Christian von Roques <roques@mti.ag>]
-
-  *) Enhance rotatelogs so that a UTC offset can be specified, and
-     the logfile name can be formatted using strftime(3).  [Ken Coar]
-
-  *) Fix a possible NULL pointer dereference in the detection of the
-     default ServerName or IP string (introduced in 1.3.18).
-     [Ignasi Roca, <Ignasi.Roca@fujitsu-siemens.com>]
-
-  *) Make EBCDIC conversion fully configurable. Until now, apache relied
-     on some (incomplete) heuristics, and would fail to correctly serve
-     text files when they had a MIME type of application/anything, like
-     application/x-javascript. The new conversion directives allow
-     defining the conversion based on MIME type or file suffix.
-     [Martin Kraemer]
-
-  *) Add a -V flag to suexec, which causes it to display the
-     compile-time settings with which it was built.  (Only
-     usable by root or the HTTPD_USER username.)  [Ken Coar]
-
-  *) Set the Win32 service description in the Services control panel to 
-     the server_version string from Apache and the loaded modules.
-     [William Rowe]
-
-  *) Added a new API for NetWare, ap_os_dso_unsym(), to allow Apache the 
-     chance to unimport module symbols before it shuts down.  This is 
-     necessary so that Apache on NetWare can shutdown cleanly in an error
-     condition such as a failure while reading the httpd.conf file.
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Introduce NUL device pipes for stdin and stdout for the parent Win32
-     service process.  This solves bugs such as PR7198 that report 
-     "dup2(stdin) failed" when trying to use piped logs.  [William Rowe]
-
-Changes with Apache 1.3.19
-
-  *) Rewrite ap_unparse_uri_components() to make it safer and more readable
-     ["Jeffrey W. Baker" <jwbaker@acm.org>]
-
-  *) Under certain circumstances, Apache did not supply the
-     right response headers when requiring authentication.
-     [Gertjan van Wingerde <Gertjan.van.Wingerde@cmg.nl>] PR#7114
-
-  *) Clean up some end-of-loop not reached warnings [Jim Jagielski,
-     Aris Stathakis <aris@sco.COM>]
-
-  *) Add the correct language tag for interoperation with the Taiwanese
-     versions of MSIE and Netscape. [Clive Lin <clive@CirX.ORG>] PR#7142
-
-  *) Fixed system shutdown on Windows 2000 to assure that the modules have
-     an opportunity to clean up.  Note there is a _very_ limited amount of
-     time in which to execute all cleanups [see MSKB Q146092] so all of
-     the modules may still not be given an opportunity to complete their
-     cleanups if they require more than 20 seconds total.  [William Rowe]
-
-Changes with Apache 1.3.18 [not released]
-
-  *) Workaround enabled for a core dump which appeared in broken
-     NameVirtualHost configurations. [Martin Kraemer]
-
-  *) Sporadic core dump in ap_default_port_for_scheme() with
-     internal requests fixed by [Jeffrey W. Baker <jwbaker@acm.org>]
-
-  *) PORT: Allow for build under latest dev. version of NonStopUX
-     on Compaq. [Tom Bates <tom.bates@compaq.com>]
-
-  *) mod_user on Win32 bug introduced in 1.3.17 is corrected.  The parsing
-     is completely rewritten so all platforms share the same file/redirect
-     logic interpreting UserDir directives.  Specifying a Win32 or Netware
-     relative path or a relative path on any platform using an '*' now
-     emits an error when httpd.conf is first parsed.  [William Rowe]
-
-  *) Apache/Win32 no longer holds open the console on error, unless invoked
-     by a shortcut with the new -w option.  [William Rowe]
-
-  *) The Win32 -t test config now holds the console open on "SYNTAX OK".
-     [William Rowe]
-
-  *) Apache on Win9x now ensures the service is stopped before removal.
-     [William Rowe]
-
-  *) SECURITY: CAN-2001-0925 (cve.mitre.org)
-     The default installation could lead to mod_negotiation
-     and mod_dir/mod_autoindex displaying a directory listing instead of
-     the index.html.* files, if a very long path was created artificially
-     by using many slashes. Now a 403 FORBIDDEN is returned.
-     [Martin Kraemer]
-     
-  *) Trailing slashes (if they exist) are now removed from ServerRoot,
-     because there were known problems with them.
-     ["William A. Rowe, Jr." <wrowe@rowe-clan.net>]
-
-  *) Changed ap_os_is_filename_valid on NetWare to accept 
-     SERVER/VOLUME:/PATH/FILE as a valid filename pattern. 
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Win32/Netware: correct relative paths and eliminate trailing slash
-     in the -d serverroot argument.  -d Serverroot may be relative to 
-     the path of the Apache.exe file.  [William Rowe]
-
-  *) Win32; fix the ServerRoot as the path of the Apache.exe file.
-     Eliminates the requirement of a 'backup' registry key to locate
-     the server root.  [William Rowe]
-
-  *) NetWare MOD_TLS fixes to disable nagles properly when making an SSL
-     connection, and properly detect an SSL connection based on the port
-     and work around the r->server->port 80 bug.  
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) TPF startup/shutdown fixes. [David McCreedy <McCreedy@us.ibm.com>]
-
-  *) Correct a typo in httpd.conf.
-     [Kunihiro Tanaka <tanaka@apache.or.jp>] PR#7154 
-
-  *) Get the correct IP address if ServerName isn't set and we can't
-     find a fully-qualified domain name at startup.
-     [Danek Duvall <dduvall@eng.sun.com>] PR#7170
-
-  *) Fix pointer arithmetic in mod_rewrite map expansion.
-     [Christopher A. Bongaarts <cab@tc.umn.edu>] PR#7157, 7158
-
-  *) Fixed a problem with file extensions being truncated during
-     the call to ap_os_canonical_filename().
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-Changes with Apache 1.3.17
-
-  *) Normalize the Netware path names to close a potential security
-     hole in comparing paths when the adminstrator specifies both
-     sys:foo and sys:/foo formats in the same httpd.conf file.
-     [Brad Nicholes]
-
-  *) Fix an unlikely segfault provided a zero length string in the
-     translate_userdir() call on win32/os2, and accept backslashes
-     in the UserDir directive on those platforms [William Rowe]
-
-  *) Fixed translate_userdir() in MOD_USERDIR.C so that it correctly
-     recognizes NetWare absolute paths.  This fixes the problem where
-     MOD_USERDIR was trying to redirect to an absolute NetWare path
-     rather than opening the file at the specified location.  This 
-     patch fixes PR5826 & 6283. [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Fixed ap_os_is_path_absolute() in OS.H so that it can tell the
-     between a NetWare path (SYS:/path) and a URL (HTTP://path).
-     [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Fixed the sdbm.h bundled in Apache for Win32, bringing it in sync
-     with Perl.  Because it didn't have the same geometry as Perl, 
-     users reported the first user added with dbmmanage was not 
-     recognized.  [William Rowe]
-
-  *) Fixed ap_os_canonical_filename to append a the default volume 
-     name if the the path is a full path and does not include the
-     volume name.  Since NetWare's current working directory always 
-     defaults to the SYS: volume regardless of where the executible 
-     started, the default volume will be the volume that is specified 
-     in ap_server_root.  [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Handle port numbers in Host headers properly again after
-     the code was broken in 1.3.15. [Tony Finch]
-
-Changes with Apache 1.3.16 [not released]
-
-  *) None from 1.3.15 [repository tags were the issue, no code altered]
-
-Changes with Apache 1.3.15 [not released]
-
-  *) Fix a new problem introduced with the -k config syntax, that the
-     service installed with the -i flag would attempt to re-install
-     itself when starting the server.  [William Rowe, Andrew Braund]
-
-  *) Fix the declaration of the module structure in mod_example.
-     [Gururaj Upadhye <gururaj@enertec.com>] PR#7095
-
-  *) Fix the handling of variable expansion look-ahead in mod_rewrite,
-     i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
-     more complicated nested RewriteMap lookups. [Tony Finch] PR#7087
-
-  *) Fix the RFC number mentioned when complaining about a missing
-     Host: header. [Alexey Toptygin <alexeyt@wam.umd.edu>] PR#7079
-
-  *) Fix Range header processing to properly parse the syntax specified
-     in RFC 2616, and properly handle unsatisfiable requests by returning
-     a 416 error. [Tony Finch, William Rowe] PR#6973
-
-  *) Remove some human-readable fluff from the machine-readable mod_status
-     display. [Youichirou Koga <y-koga@apache.or.jp>] PR#7025
-
-  *) The new Win32 command line option, -k config, replaces the default
-     options for the existing, named service with the options given on 
-     the -k config command line.  Apache -n servicename -t now displays
-     the default options before it tests the httpd.conf.  Use the syntax
-     apache -k config -n servicename -f conffile to upgrade an existing
-     1.3.x service to the new 1.3.15 default arguments.  [William Rowe]
-
-  *) All Win32 services now support default command line options when
-     starting an Apache service.  The command line options given with
-     the apache -k install command, including -d, -f, -D, -C and -c, 
-     are all saved in the registry.  This change superceeds the old
-     ConfPath entry, so existing services must be reconfigured when
-     upgrading to 1.3.15.  [William Rowe]
-
-  *) The Win32 build is overhauled to use mod_foo.so for all dynamic
-     Apache modules.  [William Rowe]
-
-  *) The Win32 build scripts (makefile.win, Apache.dsw) now build
-     all the usual targets, including the directories htdocs, include,
-     lib, libexec, and cgi-bin.  [William Rowe]
-
-  *) WinNT/2K service can be started from the command line with any
-     desired args (e.g. Apache -k start -n apache-1.3 -D FOO will
-     start the service with the -D FOO option.)  This extends what
-     Apache on Win9x already does, even running as a service.
-     [William Rowe]
-
-  *) WinNT/2K can be started from the Services control panel adding
-     whatever args are desired (e.g. -D ARG) in the 'Start Parameters'
-     box of the start service dialog.  These will be passed on and
-     recognized by the service as it starts.  [William Rowe]
-
-  *) Support -k install/-k uninstall on Win32 for compatibility with 
-     Apache 2.0.  [William Rowe]
-
-  *) mod_cgi on Win32 and Netware now does a more effective job of
-     capturing all stderr output from user's scripts.  PR6161
-     [Hardy Braunsdorf <hardy.braunsdorf@metechnology.com>, Will Rowe]
-
-  *) mod_status now respects ?refresh=n of 1 or greater.  If the given
-     refresh value is not a number, ?refresh is set to 1 second.
-     [William Rowe, Dirk Ahlers <there@darkride.net> PR5067]
-
-  *) Restore child process consoles to correct 16-bit CGI execution
-     on Windows.  Relies on Win9xConHook.dll for Win9x.  This patch
-     also assures the Apache window remains titled 'Apache', rather
-     than flickering to the cgi app titles.  [William Rowe]
-
-  *) Added Win9xConHook.dll, which uses hidden console spy windows to 
-     handle the shutdown, logoff and Close button events, and dispatch
-     them to Apache just as SetConsoleCtrlHandler does on Win NT/2K.
-     The close button on Win9x now works, and the Win9x service support
-     code moved into this module.  [William Rowe]
-
-  *) Fix messages from the -k start/stop/restart command options on
-     Windows.  [William Rowe]
-
-  *) Allow Win32 users to build mod_isapi, regardless of the age of
-     their Win32 SDK headers.  Warning provided if features must be
-     disabled due to old headers.  [William Rowe]
-
-  *) The ScriptInterpreterSource Registry source will now handle any
-     post-scriptname arguments (e.g. cmd script -q), substitute any
-     environment variables (e.g. "%windir%\sysapp.exe") and use the
-     short or long path name as appropriate (e.g. "doit %1" uses the
-     short form, no spaces, while "doit "%1"" uses the long form of
-     the script name, in quotes.)  Also, passes all script names in
-     backslash delimited format (instead of slashes).  [William Rowe]
-
-  *) Accomodate an out-of-space condition in the piped logs and the
-     rotatelogs.c code, and no longer churn log processes for this
-     condition.  [Victor J. Orlikowski]
-
-  *) Make cgi-bin work as a regular directory when using mod_vhost_alias
-     with no VirtualScriptAlias directives. [Tony Finch] PR#6829
-
-  *) Move the check of the Expect request header field after the hook
-     for ap_post_read_request, since that is the only opportunity for
-     modules to handle Expect extensions.
-     [Justin Erenkrantz <jerenkrantz@eBuilt.com>]
-
-  *) Add default CacheGcInterval of one hour [ Chuck Murcko ]
-
-  *) Each Netware thread is created in its own thread group to ensure 
-     that any context change applies only to the thread in which the 
-     change was made.  [Brad Nicholes <BNICHOLES@novell.com>]
-
-  *) Relax the syntax checking of Host: headers in order to support
-     iDNS. [Tony Finch] PR#6635
-
-  *) Fix Content-Length calculation when doing Range header processing.
-     This makes PDF byteserving work again. [Tony Finch] PR#6711
-
-  *) Link with libresolv on UnixWare 7 so that PHP works.
-     [Larry Rosenman <ler@lerctr.org>] PR#6780
-
-  *) Linux 2.2.x and later do not need a serialised single listener,
-     and sysv semaphores scale better than fcntl.  Updated GuessOS
-     to distinguish 2.0.x from 2.2.x -- 2.0.x will still use fcntl.
-     [Andrew Morton <andrewm@uow.edu.au>, Dean Gaudet]
-
-  *) Eliminate caching problems of mod_autoindex results, so the last
-     modified date of the directory is returned as the Last-Modified 
-     and ETag HTTP header tags are sent if IndexOptions TrackModified
-     directive/option is used. [William Rowe]
-
-  *) Corrected file path arguments from server conf directives to
-     their canonical form (excluding OS2 - which uses alternate 
-     logic.)  Resolves a long list of PRs reporting that Win32 paths
-     of the syntax x:\foo were mis-concatinated to the server root
-     as of release 1.3.14.  [William Rowe]
-
-  *) Correct an issue with Alias and ScriptAlias directives that 
-     file path arguments were not normalized in canonical form.
-     This correction makes no attempt to normalize regular expression
-     forms of Alias or ScriptAlias.  [William Rowe]
-
-  *) Add a new LogFormat directive, %c, that will log connection
-     status at the end of the response as follows:
-     'X' - connection aborted before the response completed.
-     '+' - connection may be kept-alive by the server.
-     '-' - connection will be closed by the server.
-     [Bill Stoddard <stoddard@apache.org>]
-     
-  *) Normalize all NetWare config directive paths and filespecs to
-     their canonical names.  [Brad Nicholes <bnicholes@novell.com>]
-
-  *) Update the mime.types file to the registered media types as
-     of 2000-10-19. [Carsten Klapp <carsten.klapp@home.net>,
-     Tony Finch] PR#6613
-
-  *) Restore functionality broken by the mod_rewrite security fix:
-     rewrite map lookup keys and default values are now expanded
-     so that the lookup can depend on the requested URI etc.
-     [Tony Finch] PR #6671
-
-Changes with Apache 1.3.14
-
-  *) Fixes to allow compilation on NetWare [Brad Nicholes
-     <bnicholes@novell.com>]
-
-Changes with Apache 1.3.13 [not released]
-
-  *) NOTE: A number of Win32 symbols were exported without explicit
-     declaration in the ApacheCore.def file.  These are now exported
-     with the same ordinal export values from 1.3.12, but are now
-     named consistent with Apache's conventions. [William Rowe]
-
-  *) Add support for a "conf directory" which operates similar to
-     /etc/rc.d/init. Basically, if a config file is actually a
-     directory, all the files in that directory will be parsed
-     as conf files. PR #6397 [Jim Jagielski, Lionel Clark
-     <bishop@platypus.bc.ca>]
-
-  *) Initial support added for mod_proxy under MPE/iX.
-     [Mark Bixby <mark_bixby@hp.com>]
-
-  *) Refined UID/GID management and permissions on MPE/iX to deal 
-     with some limitations. [Mark Bixby <mark_bixby@hp.com>]
-
-  *) Updated the MPE DSO code to be compatible with an OS patch that
-     fixed an earlier DSO problem,  #include tweakage required for 
-     using apxs to build modules without access to the full source 
-     tree, and other minor MPE tweaks.  
-     [Mark Bixby <mark_bixby@hp.com>]
-
-  *) SECURITY: Tighten up the syntax checking of Host: headers to fix a
-     security bug in some mass virtual hosting configurations
-     that can allow a remote attacker to retrieve some files
-     on the system that should be inaccessible. [Tony Finch]
-
-  *) Add support for /, //, //servername and //server/sharename 
-     parsing of <Directory > blocks under Win32 and OS2.
-     [Tim Costello, William Rowe, Brian Havard]
-
-  *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5,
-     SHA1 and plaintext password encodings.  Make feature tests a
-     bit more flexible.  [William Rowe]
-
-  *) SECURITY: CVE-2000-0913 (cve.mitre.org)
-     Fix a security problem that affects some configurations of
-     mod_rewrite. If the result of a RewriteRule is a filename that
-     contains expansion specifiers, especially regexp backreferences
-     $0..$9 and %0..%9, then it may have been possible for an attacker
-     to access any file on the web server. [Tony Finch]
-
-  *) Add mod_auth_dbm (sdbm flavor) binary build for Win32.
-     [William Rowe]
-
-  *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2)
-     as well as a comment arg to the add, adduser and update cmds.
-     update allows the user to clear or preserve pw/groups/comment.
-     Fixed a bug in dbmmanage that prevented the check option from 
-     parsing a password followed by :group... text.  Corrected the
-     seed calcualation for Win32 systems, and added -lsdbm support.
-     [William Rowe]
-
-  *) Radical surgery to improve mod_isapi support under Win32.
-     Includes a number of newer ServerSupportFunction calls, support
-     for ReadClient (in order to retrieve POSTs greater than 48KB),
-     and general bug fixes to more reliably load ISAPI .dll's and
-     prevent leaking handle resources.  Note: There are still 
-     discrepancies between IIS's and Apache's ServerVariables, and
-     async calls are still not supported.  Additional warnings are
-     logged to facilitate debugging of unsupported ISAPI calls.
-     [William Rowe]
-
-  *) Update Configure script to allow building Apache on IBM's
-     IA64 version of AIX. [Paul Reder]
-
-  *) NameVirtualHost can now take "*" as an argument instead of
-     an IP address. This allows you to create a purely name-based
-     virtual hosting server that does not have any IP addresses in
-     the configuration file and which ignores the local address
-     of any connections. PR #5595, PR #4455 [Tony Finch]
-
-  *) Fix processing/merging of Remove* MIME directives.
-     PR #5597 [Sander van Zoest <sander@covalent.net>]
-
-  *) Fix merging of AddDefaultCharset directive.
-     PR #5872 [Jun Kuriyama <kuriyama@imgsrc.co.jp>]
-    
-  *) Win32: Work around bug in Win32 select on network reads. Select
-     can indicate a socket has data to read, but the subsequent read
-     can return WSAEWOULDBLOCK. This problem has been observed
-     when running with SSL enabled Apache, specifically, browsers
-     sometimes cannot complete the SSL handshake when an SGC 
-     certificate is used, receiving a network error message.
-     [Richard Scholz richard.scholz@subito.de]
-
-  *) Use "accept filtering" on recent versions of FreeBSD iff the
-     kernel is configured to support them. This allows Apache to avoid
-     having to handle new connections until the request has arrived.
-     [Tony Finch]
-
-  *) Fix error handling in make_sock. [Tony Finch]
-
-  *) The htdocs/ tree has been moved out of the CVS source tree into
-     a separate area for easier development.  This has NO EFFECT on
-     end-users or Apache installations.  [Ken Coar]
-
-  *) Fix problem matching Configure guessos on HP-UX 10.
-     [Victor J. Orlikowski]  PR#6015
-
-  *) Correct the problem where the only local host name that the IP stack
-     can discover are 'undotted' private names.  If no fully qualified
-     domain name can be identified, the default ServerName will be set to
-     the machine's IP address string. A warning is provided if Apache has
-     to assume the IP dotted address string or the localhost/loopback
-     address as the ServerName.  The default ServerName is removed from
-     the default Win32 httpd.conf file.  [William Rowe]
-
-  *) Add new directives RemoveType and  RemoveEncoding to accompany the
-     RemoveHandler directive added in 1.3.4.  AddType, AddEncoding, and
-     AddHandler now all have corresponding 'undo' directives.  This allows
-     things like marking foo.tar.gz.asc as *not* being gzipped, so it will be
-     correctly interpreted as an unzipped signature of a gzipped file.
-     [Ken Coar]
-
-  *) Win32 NT and 2000 services now capture stderr messages that occur
-     before Apache's logs are opened to the Application Event Log.
-     Console and Win9x services now hold the console open for 30 seconds
-     (and may be dismissed with the <ESC> key) if they exit with an error.
-     [William Rowe]
-
-  *) Expand Win32 protection for pathname length, to provide protection
-     from future potential bugs such as that which caused directory index 
-     to be displayed rather than returning an error.
-     [William Rowe, Allan Edwards <ake@raleigh.ibm.com>]
-
-  *) USE_SYSVSEM_SERIALIZED_ACCEPT locking on OS/390
-     [Ovies Brabson]
-
-  *) Change Win32 the isProcessService() routine to compensate for other
-     helper apps that invoke Apache.exe without a console.  Recognize that
-     we are running NT, and use the STARTF_FORCEOFFFEEDBACK flag to be
-     sure that the SCM has invoked the process. [William Rowe,
-       Jim Patterson <jim-patterson@ncf.ca>, Kevin Kiley <TOKILEY@aol.com>]
-
-  *) Export from Win32 the ap_start_shutdown and ap_start_restart symbols 
-     for modules and executables dynamically linked to the core.
-     [William Rowe; Jim Patterson <jim-patterson@ncf.ca>]
-
-  *) SECURITY: CAN-2000-1204 (cve.mitre.org)
-     Prevent the source code for CGIs from being revealed when 
-     using mod_vhost_alias and the CGI directory is under the document root
-     and a user makes a request like http://www.example.com//cgi-bin/cgi
-     as reported in <news:960999105.344321@ernani.logica.co.uk>
-     [Tony Finch]
-
-  *) Under Win32, The console input mode is fixed to ignore mouse events 
-     and always listen for a Ctrl+C interrupt, even if the console window
-     defaults to another mode. [William Rowe]
-
-  *) All Win32 services will now perform a graceful restart when given
-     the -n servicename -k restart signal.  No equivilant control exists
-     in the service control panel applet or through the NET command.
-     There is no useful acknowledgement on Windows 95/98, however.
-     [William Rowe]
-
-  *) Significant overhaul of the Win32 port documentation contained in
-     the README-WIN.TXT, as well as the htdocs/manual pages windows.html,
-     win_compiling.html, and the new win_service.html.
-     [Andrew Braund <abraund@dingoblue.net.au>, William Rowe]
-
-  *) Add 'services' for Windows 95 and 98, including install/uninstall
-     options.  The Apache server therefore can start when the OS loads,
-     and will not stop between logoffs.  This implementation remains 
-     -HIGHLY EXPERIMENTAL-.  Additional changes provide for clean shutdown 
-     of Win95/98 when Apache is running as a 'service' or a console.  
-     [William Rowe, Jan Just Keijser <KEIJSERJJ@logica.com>]
-
-  *) USE_PTHREAD_SERIALIZED_ACCEPT on AIX 4.3 and above. This change
-     provides a substantial performance improvement on multi-CPU
-     machines serving large numbers of concurrent clients.  
-     [Victor J. Orlikowski <vjo@raleigh.ibm.com>]
-
-  *) Brought httpd.conf-dist-win into sync with httpd.conf-dist, and added
-     explicit documentation of many Win32 specific features. [William Rowe]
-
-  *) Convert Win32 build files (.dsp) to MSVC 6.0 format, and add perl
-     scripts cvstodsp5.pl and dsp5tocvs.pl for portability to version 5.0.
-     [William Rowe]
-
-  *) Fix mod_expires to merge its settings for Cache-Control into any
-     existing value for the field.  It was unconditionally setting it,
-     wiping out anything from, say, a 'Header Append Cache-Control'.
-     [Ken Coar] PR#5769
-
-  *) Add Win32 option -k stop as an alias of -k shutdown, to correspond to
-     the NET START/NET STOP syntax. [William Rowe]
-
-  *) Force Apache to test the Win32 config prior to any operation,
-     except the [-k shutdown -n service] and [-u -n service] combinations.
-     [William Rowe]
-
-  *) Add Win32 Ctrl+C/Ctrl+Break/Close/Logoff/Shutdown handler.
-     [William Rowe, Jan Just Keijser <KEIJSERJJ@logica.com>]
-
-  *) Expand mod_setenvif so its directives can be used in <Files> and
-     <Directory> containers, and in .htaccess files when FileInfo
-     overriding is allowed.  [Ken Coar] PR#3000
-
-  *) SECURITY: CVE-2000-0505 (cve.mitre.org)
-     Fix Win32 bug when pathname length exactly equals MAX_PATH. 
-     This bug caused directory index to be displayed rather than
-     returning an error.   [Allan Edwards <ake@raleigh.ibm.com>]
-
-  *) Correct mod_proxy Win95 dynamic link __declspec(thread) bug.
-     David Whitmarsh <david.whitmarsh@dial.pipex.com> 
-     PR: 1462, 2216, 3645
-  
-  *) Changed Apache for NetWare build to link with XDC data which
-     marks the NLMs as being able to run on any processor.
-     [Mike Gardiner <mgardiner@novell.com>]
-
-  *) Ported expat-lite to NetWare and integrated project files into the
-     ApacheNW.mcp. [Mike Gardiner <mgardiner@novell.com>]
-  
-  *) Switched thread storage data mechanism on NetWare to use updated
-     system calls. [Mike Gardiner <mgardiner@novell.com>]
- 
-  *) Fixed problem with multilanguage support that prevented Apache on
-     NetWare from displaying the correct language page.
-     [Mike Gardiner <mgardiner@novell.com>]
-  
-  *) Fixed memory leaks on NetWare port.  When unloading Apache with
-     the developer option turned on NetWare would spew messages
-     complaining about unreleased resources.
-     [Mike Gardiner <mgardiner@novell.com>]   
-  
-  *) Fixed a problem that prevented Apache on NetWare from shutting down
-     correctly when loading multiple instances in individual address
-     spaces. [Mike Gardiner <mgardiner@novell.com>]
-
-  *) Changed threading primitives to use faster more scalable calls.
-     [Mike Gardiner <mgardiner@novell.com>]
-  
-  *) Added -s option for NetWare port to allow Apache to run without a
-     screen. [Mike Gardiner <mgardiner@novell.com>]
-  
-  *) Added code for NetWare port to display the listening ports and loaded
-     DSO modules to the console screen.
-     [Mike Gardiner <mgardiner@novell.com>]
-  
-  *) Removed ugly NetWare specific code from the modules and added libpre.c
-     and libprews.c instead.  These files implement the NLM startup code
-     for shared NLMs (DSOs).  The result of using these files is less
-     obtrusive code, faster load times, and a smaller executable size.
-     libprews.c contains WSAStartup and WSACleanup WinSock calls needed for
-     initialization and termination of DSO modules.
-     [Mike Gardiner <mgardiner@novell.com>]
-  
-  *) Moved htpasswd and htdigest projects files for NetWare into the main
-     ApacheNW.mcp project file. [Mike Gardiner <mgardiner@novell.com>]
- 
-  *) Added mod_tls (SSL/TLS) module for NetWare SSL/TLS support.
-     [Mike Gardiner <mgardiner@novell.com>]
-
-  *) Updated httpd.conf-dist-nw with <IfModule> directives around
-     standard DSO modules. [Mike Gardiner <mgardiner@novell.com>]
-    
-  *) Correct mod_proxy Win32 garbage collection bug (clean failing
-     due to stat() against directory).
-     PR: 1891, 3278, 3640, 4139, 5997
-     [Michael Friedel <mfriedel@lbell.slctnet.com>]
-
-  *) Add '-n' option to htpasswd to make it print its user:pw record
-     on stdout rather than having to frob a text file.  [Ken Coar]
-
-  *) Set default ServerName setting to 127.0.0.1 for the Windows
-     config file (httpd.conf-dist-win)
-     PR: 5509, 5783, 5953, 5903, 5983, 5259, 5515, 5858
-     [Oliver Wendemuth <owendemuth@ko.hbv.de>]
-
-  *) [EBCDIC] Update mod_mmap_static so that an ebcdic box can use 
-     MMapFile for files that shouldn't be converted from ebcdic->ascii.
-     [Greg Ames]
-
-  *) Revamp the Win32 make environment. Apache.dsw created to bring 
-     together all the pieces. Create new file os/win32/BaseAddr.ref 
-     to define module base addresses (to prevent dll relocation at 
-     start-up).  Extraneous compiler files were removed (precompiled
-     headers, incremental link images), and .map files were added
-     for consistent diagnostics of gpfaults of the binary release.
-     [William Rowe, Greg Marr, Tim Costello, Bill Stoddard]
-
-  *) Resolved Win32 mod_info (ApacheModuleInfo.dll) errors.
-     PR1442, PR2472, PR4125, PR1643 and PR2208
-     Jim Patterson, Jan Just Keijser <KEIJSERJJ@logica.com>
-
-  *) Add some more error reporting to htpasswd in the case of problems
-     generating or accessing the temporary file.  Also, pass in a
-     buffer if the implementation knows how to use it (i.e., if L_tmpnam
-     is defined).  [Ken Coar]  PR#3945, 5253, 5383, 5558
-
-  *) PORT: Add recognition of the GNU/Hurd platform.
-     [Adam Farrell <skate111@stampede.org>]
-
-  *) More FAQs and answers from comp.infosystems.www.servers.unix.
-     [Joshua Slive <slive@finance.commerce.ubc.ca>]
-
-  *) Win32: Add dependency checking to the CreateService call to ensure 
-     TCPIP and AFP (winsock) are started before Apache.
-     [William Rowe <wrowe@lnd.com>]
-
-  *) FAQ changes related to tidying up historical documents on the web site.
-     [Joshua Slive <slive@finance.commerce.ubc.ca>]
-
-  *) Various fixes to mod_auth_digest:
-      - Reworked MD5-sess stuff. The semantics of userpw_hash() have been
-	changed for it to return
-            MD5(MD5(username ":" realm ":" password) ":" nonce ":" cnonce)
-	instead of just
-	    MD5(username ":" realm ":" password)
-	because one of the points of MD5-sess is to allow the info to be
-	retrieved from login servers so that the server itself never has
-	the full auth info (after all, MD5(u/r/p) is equivalent to the
-	password for auth purposes).
-      - In order to allow for servers to share a realm the server-name
-	and port have been removed from the nonce-hash. Even so, sharing
-	the realm has problems - see the new comments at the beginning.
-      - Fixed uri-comparison when request-uri isn't identical to uri in
-	Authorization header (some fields were not being initialized).
-      - Handle non-FQDN's (i.e. simple hostnames) in uri parameter in
-	the Authorization header. Thanks to Joe Orton
-	<joe@orton.demon.co.uk> for pointing out the problem.
-      [Ronald Tschal�r]
-
-  *) Add case_preserved_filename field to the request_rec structure.
-     On systems with case insensitive file systems (Windows, OS/2, etc.), 
-     r->filename is case canonicalized (folded to either lower or upper 
-     case, depending on the specific system) to accomodate file access
-     checking. case_preserved_filename is the same as r->filename 
-     except case is preserved. There is at least one instance where Apache 
-     needs access to the case preserved filename: Java class files published 
-     with WebDAV need to preserve filename case to make the Java compiler 
-     happy. [Bill Stoddard]
-
-  *) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
-     which where donated by Lee Kuk Hyun and Lorant Czaran [dirkx].
-
-  *) Modules which load third-party DLLs (ala mod_dav)
-     expect them to be in the path or cwd.  Tweak the
-     service startup code to not only change to correct
-     drive but also correct directory.
-     [Keith Wannamaker <wannamaker@us.ibm.com>]
-
-  *) WinNT: Do a better job at handling spaces in service names.
-     Add the util function ap_remove_spaces and export it on all
-     platforms. Change some Win32 service and registry functions to 
-     make use of this new function. 
-     [Keith Wannamaker <wannamaker@us.ibm.com>]
-
-  *) use send/recv instead of write/read in proxy_connect -- fixes
-     https through proxy on NT.  [willem.vanpelt@philips.com]
-     PR 5963, 5899, 5823, 5107, 4990?, 4885, 4680, 4468, 3801, 2014
-
-  *) [EBCDIC] Make chunked encoding work again; it was broken by the
-     recent CRLF macro changes. An oversight. [Martin Kraemer]
-
-  *) Work around a popular restriction of some sed(1)'s in APACI where
-     "1,/<pattern>/" commands start searching for <pattern> at line 2 only.
-     [Ralf S. Engelschall]
-
-  *) Merged in a small subset of SGI's latest `10x' patchkit for Apache
-     1.3.11. The extracted and merged in parts are entirely cleanup and
-     non-performance related changes only. SGI's remaining changes are
-     not taken over, because they are either cluttering the Apache 1.3
-     sources too much (e.g. the lint(1) related changes) or cause too
-     much internal changes (e.g. the ap_int32 types, etc.) which are not
-     reasonable to do any longer for Apache 1.3 (they should be done for
-     Apache 2.0 instead).
-     [Mike Abbott <mja@sgi.com>, Ralf S. Engelschall]
-
-  *) Fixes to mod_proxy for BeOS support.
-     [David Reid <dreid@jetnet.co.uk>]
-
-  *) Fix return value calculation in APXS' error messages.
-     This should avoid the confusion on APXS errors.
-     [Ralf S. Engelschall]
-
-  *) Make ApacheBench (ab) compile again stand-alone under 
-     -DNO_APACHE_INCLUDES.
-     [Ralf S. Engelschall]
-
-  *) The ServerTokens directive now accepts the 'ProductOnly' keyword,
-     which results in the display of just 'Apache' with no version
-     information.  Additional product tokens are still only visible
-     with ServerTokens Full.  In addition, ServerTokens now complains
-     about bogus keywords (which it used to silently treat as 'Full').
-     [Ken Coar]
-
-Changes with Apache 1.3.12
-
-  *) Only OS/2 requires the addition "t" flag for ap_pfopen()
-     (as therefore fopen() as well). This is handled by the
-     FOPEN_REQUIRES_T macro. [Ian Turner <iant@sequent.com>,
-     Jim Jagielski] PR#5760
-
-  *) The default charset is only added, when enabled, for those
-     Content-types which require it (text/plain, text/html).
-     [Jim Jagielski] PR#5766
-
-  *) Fix handling of multiple queries in APXS commands (e.g. "apxs -q
-     CC CFLAGS") and make sure Perl-related command line options (which
-     can contain the "::" constructs) do no longer cause an incorrect
-     internal parsing of the query result.
-     [Ralf S. Engelschall, Steve Robb <steve@eu.c2.net>]
-
-  *) Avoid infinite looping in APACI's configure script
-     inside Ultrix' /bin/sh5 upgrade step.
-     [Jan Gallo <gallo@viapvt.sk>, Ralf S. Engelschall] PR#4940
-
-  *) PORT: Add support for Amdahl UTS 4.3 and later.
-     [Dave Dykstra <dwd@bell-labs.com>] PR#5654
-
-  *) Make implementation/descriptions of the FLAG directives
-     AuthAuthoritative, MetaFiles and ExtendedStatus consistent with
-     documentation and the standard way of implementation those directives.
-     [David MacKenzie <djm@web.us.uu.net>, Ralf S. Engelschall] PR#5642
-
-  *) Cast integer ap_wait_t values in http_main.c to get rid of compile
-     time errors on platforms where "ap_wait_t" is not defined as "int"
-     (currently only the NEXT and UTS21 platforms).
-     [Gary Bickford <garyb@fxt.com>, Ralf S. Engelschall] PR#5053
-
-  *) The default suexec path was HTTPD_ROOT/sbin/suexec if not
-     configured via APACI. Changed to HTTPD_ROOT/bin/suexec.
-     [Lars Eilebrecht]
-
-  *) Add an explicit charset=iso-8859-1 to pages generated by
-     ap_send_error_response(), such as the default 404 page.
-     [Marc Slemko]
-
-  *) Add the AddDefaultCharset directive. This allows you to specify
-     the given character set on any document that does not have one
-     explicitly specified in the headers.  [Marc Slemko, Jim Jagielski]
-
-  *) SECURITY: CAN-2000-1205 (cve.mitre.org)
-     Properly escape various messages output to the client from a number
-     of modules and places in the core code.  [Marc Slemko]
-
-  *) SECURITY: CAN-2000-1205 (cve.mitre.org)
-     Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
-     not consider any parameters such as charset when making decisions 
-     based on content type.  This does remove some functionality for 
-     some users, but means that when these modules are configured to do 
-     particular things with particular MIME types, the charset should 
-     not be included.  A better way of addressing this for users who 
-     want to set things on a per charset basis is necessary in the future.  
-     [Marc Slemko]
-
-  *) SECURITY: CAN-2000-1205 (cve.mitre.org)
-     mod_include now entity encodes output from "printenv" and "echo var"
-     by default.  The encoding for "echo var" can be set to URL encoding
-     or no encoding using the new "encoding" attribute to the echo tag.
-     [Marc Slemko]
- 
-Changes with Apache 1.3.11
-
-  *) MPE builds are no longer stripped, which caused the executable
-     to not work. [Mark Bixby]
-
-Changes with Apache 1.3.10
-
-  *) Fixed parsing of TAKE13-based configuration directives.
-     [Steffen Roller <sr@daa.de>] PR#5550
-
-  *) rename the lookup() function to hashTableLookup() (in expat-lite)
-     to prevent name clashes with modules / third-party software.
-     [Ralf S. Engelschall, Greg Stein]
-
-  *) Reduce the time that a parent waits for its children to die
-     after SIGKILL has been sent, since there isn't much point in waiting
-     another 16 seconds beyond the initial SIGTERM waiting period.
-     [Ed Korthof]
-
-  *) Add --suexec-umask option to configure, and severity levels
-     to suexec log messages.  Also clarify a couple of those messages,
-     which were perhaps a bit too cryptic.  [Ken Coar] PR#4178
-
-  *) The end_chunk() code forgot to convert the trailing CRLF pair
-     from EBCDIC to ASCII. Fixed. [Martin Kraemer]
-
-  *) An Action set for a Location that didn't correspond to a file didn't
-     work. Fixed.
-     [Manoj Kasichainula, Ben Laurie]
-
-  *) ProxyPass and mod_rewrite's proxy mode erroneously converted 
-     authentication requests to proxy authentication requests.
-     [Ben Laurie]
-
-  *) Reverse a patch which broke HPUX shared builds. Basically
-     we comment out the SHLIB_SUFFIX_NAME=sl line in Configure.
-     [Ryan Bloom]
-
-  *) Added the mod_rewrite `URL Rewriting Guide' to the online
-     documentation (htdocs/manual/misc/rewriteguide.html). This paper
-     provides a large collection of practical solutions to URL based
-     problems a webmaster is often confronted with.
-     [Ralf S. Engelschall]
-
-  *) Add a suexec status report to the '-l' (compiled-in modules)
-     output. [Ken Coar]
-
-  *) Changes to enable server-parsed mod_autoindex Header and
-     Readme files. [Raymond S Brand <rsbx@rsbx.net>]
-
-  *) Add back support for UseCanonicalName in <Directory> containers
-     [Manoj Kasichainula]
-
-  *) SECURITY: CAN-2000-1206 (cve.mitre.org)
-     More rigorous checking of Host: headers to fix security 
-     problems with mass name-based virtual hosting (whether using mod_rewrite
-     or mod_vhost_alias).
-     [Ben Hyde, Tony Finch]
-
-  *) Updated README.config to reflect current APACI state.
-     [Brian Slesinsky <bslesins@best.com>] PR#5397
-
-  *) Added SuSE and BSDI layouts to config.layout for convinience reasons.
-     [Sebastian Helms <sebastian.helms@gmx.de>, Timur Bakeyev
-     <timur@com.bat.ru>] PR#5112 PR#5154
-
-  *) Consistency cleanup of the complete APXS tool and corresponding manpage.
-     [Ralf S. Engelschall]
-
-  *) Add %q logging format directive (logs "?" and the query string part
-     of a query, or the empty string if no query).
-     Can be used in combination with %m, %U and %H: "%m %U%q %H" is the
-     same as "%r".  [Peter Watkins <peterw@usa.net>]
-
-  *) Improve OS390 port to work on older system releases
-     [Paul Gilmartin <pg@sweng.stortek.com>]
-
-  *) Enhance mod_mime with an AddCharset directive to properly handle
-     that negotiation dimension.
-     [Youichirou Koga <y-koga@isoternet.org>]
-
-  *) OS: Added first cut at support for IBM's OS/390.
-     [Ovies Brabson <oviesb@us.ibm.com>]
-
-  *) Replace all occurrences of "\012\015" by a macro CRLF. This makes
-     the code (somewhat) more readable, and improves the portability
-     to character sets other than ASCII (e.g., EBCDIC).
-     This patch results in no functional change whatsoever on ASCII
-     machines, but allows EBCDIC platforms to live without the
-     ebcdic2ascii_strictly() kludge.
-     [Paul Gilmartin <pg@sweng.stortek.com>, slightly modified
-     by Martin Kraemer]
-
-  *) more fixes to mod_auth_digest:
-     - better comparing of request-uri with uri parameter in Authorization
-       header
-     - added a check for a MUST condition in the spec
-     - fixed SEGV
-     [Ronald Tschal�r]
-
-  *) mod_proxy now works on TPF.
-     [Joe Moenich <moenich@us.ibm.com>]
-
-  *) Enhance mod_actions' Script handling to be able to deal with
-     arbitrary methods and not just the well-known ones.  This allows
-     experimental or organisation-private methods to be used without
-     waiting for Apache to catch up.
-     [Ken Coar]
-
-  *) Fix various compile time warnings in hashbang_emul code which
-     prevent successful compilation on OS/390  [Ovies Brabson
-     <oviesb@us.ibm.com>, Paul Gilmartin <pg@sweng.stortek.com>]
-
-  *) EBCDIC: Fixed binary upload capability (plain and chunked) for
-     all methods using the ap_*_client_block() functions, most notably
-     POST and PUT. The functionality to switch input between protocol
-     parts (chunks) and (possibly binary) data had been missing all
-     the time, making chunked PUT impossible until now.
-     [Martin Kraemer]
-
-  *) Fixed a recently introduced off-by-one-character bug in 
-     mod_rewrite's expansion of expression back-references.
-     [Cliff Woolley <jwoolley@wlu.edu>] PR#4766 PR#5389
-
-  *) Add IndexOptions DescriptionWidth so that the width of the
-     description field in fancy-indexed directory listings can
-     be specified.
-     [Ken Coar] PR#2324, plus lots that are closed unsatisfied
-
-  *) EBCDIC: Escaped characters were encoding the ebcdic representation
-     of the special characters, not the latin1 representation. This
-     would result in invalid URI's for, e.g., filenames (with special chars)
-     in mod_autoindex.c [Martin Kraemer]
-
-  *) EBCDIC: Fix Byte Ranges for EBCDIC platforms. The necessary switch
-     between implied conversion for protocol parts and configured
-     conversion for document data was missing. The effect of this was that
-     PDF files could not be read by Acrobat Reader (which sends long
-     lists of byte ranges in each request) when the server was apache
-     on ebcdic machines.
-     [Noted by Oliver Reh <Oliver.Reh@FAEDV-N.Bayern.de>, solved by Martin
-     Kraemer, warnings fixed by Ovies Brabson <oviesb@us.ibm.com>]
-
-  *) Add IndexOptions FoldersFirst to allow fancy-indexed directory
-     listings to have the subdirectories always listed at the top.
-     [Ken Coar]
-
-  *) BS2000: Use send() instead of write() in the core buff routines
-     for better performance and fewer restrictions (max. transfer size)
-     [Martin Kraemer]
-
-  *) If the compiler sanity check fails, force the verbose output
-     for TestCompile so people can have a clue what the problem
-     is. [Jim Jagielski]
-
-  *) Add --iconsdir, --htdocsdir, and --cgidir option to top-level
-     configure script to allow one to override the corresponding 
-     variables from config.layout.
-     [Ralf S. Engelschall]
-
-  *) Fixed `quad integer' (aka `long long') handling in ap_snprintf.c
-     [Jim Jagielski, Ralf S. Engelschall]
-
-  *) Fixed error handling in dbmmanage script.
-     [Andrew McRae <andrew@liquid.com>] PR#4973
-
-  *) Fixed NEXT/OpenStep building by adding an fallback typedef for 
-     rlim_t to ap_config.h.
-     [Mark Miller <markm@swoon.net>] PR#4906
-
-  *) Fix SHARED_CORE feature for HPUX by backing-out a change (comitted
-     between 1.3.7 and 1.3.9) which changed the DSO extension from `sl' to
-     `so'. This worked only for modules (where we load the DSO manually), but
-     horribly fails under HPUX for DSO-based/shared libraries (where our
-     $SHLIB_SUFFIX_NAME is used, too).
-     [Gary Silverman <gary.silverman@abnamro.com>] PR#4974
- 
-  *) Added support for Berkeley-DB/3.x to mod_auth_db.
-     [Steve Atkins <steve@blighty.com>, Ralf S. Engelschall] PR#5382
-
-  *) Fixed mod_auth_digest.c: result of an open() call was being 
-     checked against the wrong failure value.
-     [Rick Ohnemus <rjohnemus@systemware-inc.com>] PR#5292
-
-  *) Removed the variable name "template" from a prototype for SunOS4 
-     in ap_config.h to make C++ compiler happy, too.
-     [SAKAI Kiyotaka <ksakai@netwk.ntt-at.co.jp>] PR#5363
-
-  *) Added missing links to htdocs/manual/mod/directives.html 
-     for AllowCONNECT and ProxyDomain. [Patrik Grip-Jansson 
-     <patrikj@gnulix.org>, Ralf S. Engelschall] PR#5319
-
-  *) Fixed typo in htdocs/manual/install.html.
-     [Chris Pepper <pepper@tgg.com>] PR#5360
-
-  *) Fix $AWK/awk usage in top-level configure script: We confused ourself and
-     replaced the wrong "$AWK" with a plain "awk" in the last releases. So we
-     now both fix this and move the comment which already tried to explain it
-     more closer to the location to which it applies.
-     [Paul Gilmartin <pg@sweng.stortek.com>, Ralf S. Engelschall] PR#5304
- 
-  *) Replaced pipes with commas in GuessOS' fallback output (displayed for not
-     explicitly recognized platforms) to avoid side-effects with APACI's
-     --shadow feature and similar uses where GuessOS' output is used directly
-     on the filesystem (where pipes are meta-characters!).
-     [Paul Gilmartin <pg@sweng.stortek.com>] PR#5303
-
-  *) Made stripping of a trailing slash in directory names in top-level
-     configure script more robust and this way support also a plain `/' 
-     as the argument without resulting in an empty name.
-     [Matthias Lohmann <lohm@lynet.de>, Ralf S. Engelschall] PR#5291
- 
-  *) Made `tr' usage in top-level configure script more portable 
-     by always using square brackets consistently.
-     [Masashi Kizaki <kizaki@cpo.dnp.co.jp>] PR#5230
-
-  *) Fixed ap_config_auto.h generation in src/Configure: there for the ``quad
-     integer'' stuff ``#ifndef+#undef+#endif'' pairs were generated instead of
-     ``#ifdef+#undef+#endif'' pairs.
-     [Greg Siebers <gsiebers@vignette.com>] PR#5231
-  
-  *) EBCDIC: fix the hsregex package to correctly deal with [a-zA-Z] type
-     character ranges (the alphabet is non-contiguous in EBCDIC) and with
-     the special [:cntrl:] range (the control character class is determined
-     dynamically at run time). [Martin Kraemer]
-
-  *) Add --with-port option to APACI. [Ian Kallen <spidaman@salon.com>]
-
-  *) Fixed QUERY_STRING handling for `RewriteRule ... [P]'
-     in per-directory context.
-     [Martin Zeh <martin.zeh@sat1.de>] PR#5073
-
-  *) Overhauled mod_rewrite's general substitution function
-     (expand_backref_inbuffer): 1. The `$0' backreference is now officially
-     allowed and documented and references the while pattern space; 2. the
-     ampersamp (&) backreference (which is equal to $0) is no longer expanded,
-     because it was never documented and only leads to confusion with
-     QUERY_STRINGS; 3. backslashes (\) are honored correctly, that is `\$N'
-     now really forces the dollar to be an ordinary character and $N is
-     not expanded. 
-     [Ralf S. Engelschall] PR#4766 PR#4161
-
-  *) Make sure mod_rewrite escapes QUERY_STRINGS on redirects.
-     [Klaus Johannes Rusch <KlausRusch@atmedia.net>] PR#4734
-
-  *) Make sure mod_rewrite matches URL schemes case-insensitive and also allow
-     additional (commonly used) URL schemes ldap:, news: and mailto:.
-     [Ralf S. Engelschall, Klaus Johannes Rusch <KlausRusch@atmedia.net>] PR#3140
-
-  *) Overhauled ApacheBench (ab) manpage ab.8.
-     [Simon Baldwin <simonb@sco.com>] PR#5139
-
-  *) Made sure ApacheBench (ab) performs no more requests than 
-     specified on command line (option -n).
-     [Jim Cox <jc@superlink.net>] PR#4839
-
-  *) Support DSOs properly on 32-bit HP-UX 11.0
-     [Dilip Khandekar <dilip@cup.hp.com>]
-
-  *) Fix problem with proxy configuration where globally set configuration
-     options were overridden inside virtual hosts.
-     [Graham Leggett <minfrin@sharp.fm>]
-
-  *) Fix ProxyReceiveBufferSize where default value was left uninitialised.
-     [Graham Leggett <minfrin@sharp.fm>]
-
-  *) Added a CLF '-' respecting %B to the log format.
-     Suggested by Ragnar Kj�rstad [dirkx]
-
-  *) Added protocol(%H)/method(%m) logging to the log format.
-     Suggested by Peter W <peterw@usa.net> [dirkx]
-
-  *) Added a HEAD method to 'ab'. [dirkx]
-
-  *) When generating the Location: header, mod_speling forgot
-     to escape the spelling-fixed uri. [Martin Kraemer]
-
-  *) Update for the next release of the TPF OS (PUT11)
-     [David McCreedy <McCreedy@us.ibm.com>]
-
-  *) Add some compile-time flags to the output when -V is used for TPF
-     [David McCreedy <McCreedy@us.ibm.com>]
-
-  *) mod_auth_digest fixes:
-     - Use unix-io instead of stdio to read /dev/random (fixes problems
-       on FreeBSD)
-       [Kano <tomo@crane-inc.co.jp>] PR#4967
-     - Correctly unescape all parts of the request uri and the uri
-       attribute of the Authorization header before doing comparison
-       [Joe Orton <joe@orton.demon.co.uk>, Ronald Tschal�r]
-     - Fixes for MD5-sess
-       [Joe Orton <joe@orton.demon.co.uk>]
-     - Don't send a domain attribute in Proxy-Authenticate
-       [Ronald Tschal�r]
-
-  *) ap_base64decode_binary does not null-terminate the output anymore
-     [Bill Stoddard, Ronald Tschal�r]
-
-  *) WIN32: The following bugs introduced in Apache 1.3.9 have been fixed
-     - CGIs broken if script calls other programs which deliver on stdout
-       (Search this file for "DETACHED")
-     - 16 bit CGIs should work now
-     - Server will not start if passed the -d option with spaces in the
-       argument. [Bill Stoddard]
-
-  *) WIN32: GetExtensionVersion() comparison in mod_isapi fails when
-     using some non-MS compilers [Bill Stoddard]
-     PR#3597, PR#3782, PR#3781, PR#4887
-
-  *) Allow BeOS to use its native closesocket() call
-     [David Reid <abb37@dial.pipex.com>]
-
-  *) More TPF changes. Code reorganization for cleanliness, regex
-     changes for testing, as well as doc and build updates.
-     [David McCreedy <McCreedy@us.ibm.com> and others at IBM]
-
-  *) Add TPF processing for the socket read to the rfc1413 code.
-     [David McCreedy <McCreedy@us.ibm.com> and others at IBM]
-
-  *) Require the batch (-b) option and default to MD5 on TPF in htpasswd.
-     [David McCreedy <McCreedy@us.ibm.com> and others at IBM]
-
-  *) Move "handler not found" warning message to below the check
-     for a wildcard handler.  [Dirk <dirkm@teleport.com>, Roy Fielding]
-     PR#2584, PR#2751, PR#3349, PR#3436, PR#3548, PR#4384, PR#4795, PR#4807
-
-  *) Build errors in src/support stop with an error, just like all the
-     other recursive make calls. [David Harris <dharris@drh.net>]
-
-
-Changes with Apache 1.3.9
-
-  *) Remove bogus error message when a redirect doesn't set Location.
-     Instead, use an empty string to avoid coredump if the error message
-     was supposed to include a location.  [Roy Fielding]
-
-  *) Don't allow configure to include mod_auth_digest unless it is
-     explicitly requested, even if the user asked for all modules.
-     [Roy Fielding]
-
-  *) Translate module names to dll names for OS/2 so that they are no more
-     than 8 characters long and have an extension of "dll" instead of "so".
-     [Brian Havard]
-
-  *) Print out pointer to Rule DEV_RANDOM when truerand lib not found.
-     Fix test-compile check to check for randbyte instead of trand32.
-     Use ap_base64encode_binary/decode instead of copy in mod_auth_digest.c
-     and tweak to make Amaya happier.  [Ronald Tschal�r]
-
-  *) Ensure that the installed expat include files are world readable,
-     just like the other header files.  [Martin Kraemer]
-
-  *) Fixed generated AddModule adjustments in APACI's `configure' script
-     in order to allow (new) modules like mod_vhost_alias to be handled
-     correctly (which was touched by the adjustments for mod_alias).
-     [Ralf S. Engelschall]
-
-  *) For binary builds, add -R flag to apachectl to work around the lack of
-     an absolute path to the ./libexec directory where the libhttp.ep file
-     is needed for SHARED_CORE architectures.  [Randy Terbush]
-
-  *) WIN32: Create the CGI script process as DETACHED.  This may solve the
-     problem observed by some Win95/98 users where they get CGI script
-     output sent to the console.  [Bill Stoddard]
-
-  *) Fix (re)naming in the uuencode/decode section. The ap/ap_
-     routines are now called ap_base64* and are 'plain' (i.e., no 
-     pool access or anything clever). Inside util.c the routines acting
-     like pstrdup are called ap_pbase64encode() and ap_pbase64decode().
-     The oddly named ap_uuencode(), ap_uudecode() are kept around for
-     now but deprecated.  [dirkx]
-
-  *) Clean up the base64 and SHA1 additions and make sure they are
-     represented in the ApacheCore.def, ApacheCoreOS2.def, and httpd.exp
-     files.  [Roy Fielding]
-
-  *) WIN32: Migrate to InstallShield 5.5 and provide a bit more error
-     checking.  Allow compiling on VS 6.0.  [Randy Terbush]
-
-  *) Fixed assumption of absolute paths in binbuild.sh.  [Tony Finch]
-
-  *) Use TestCompile to search for the truerand library (rather than blindly
-     assuming its existence). If it is not found, complain (but do not
-     exit - yet).  [Martin Kraemer]
-
-  *) We forgot to add the new exported function names to
-     src/support/httpd.exp.  [Bill Stoddard, Randy Terbush]
-
-  *) Add description of -T command-line option to usage().
-     [Ralf S. Engelschall]
-
-  *) For "some" platforms (notably, EBCDIC based ones), libos needs to be
-     searched only AFTER libap has been searched, because libap needs
-     some symbols from libos.  [Martin Kraemer]
-
-  *) Fix conflict with original mod_digest related to the symbol of the
-     module dispatch list (which has to be unique for DSO and follow the
-     usual conventions for the installation procedure).
-     [Ralf S. Engelschall]
-
-  *) Add a dbm-library check for the "usual places" (-ldbm, -lndbm, -ldb)
-     for other platforms as well.  [Martin Kraemer]
-
-  *) Make ap_sha1.c compile for EBCDIC platforms: replace remaining LONG
-     types by AP_LONG and replace reference to renamed variable 'ubuf'
-     by 'buffer'.  [Martin Kraemer]
-
-Changes with Apache 1.3.8 [not released]
-
-  *) Flush the output buffer immediately after sending an error or redirect
-     response, since the result may be needed by the client to abort a
-     long data transfer or restart a series of pipelined requests.
-     [Tom Vaughan <tvaughan@aventail.com>, Roy Fielding]
-
-  *) PORT: Improved compilation and DSO support on Sequent DYNIX/ptx.
-     [Ian Turner <iant@sequent.com>] PR#4735
-
-  *) Local struct mmap in http_core.c conflicted with system structure
-     name on DYNIX -- changed to mmap_rec.  [Roy Fielding] PR#4735
-
-  *) Added updated mod_digest as modules/experimental/mod_auth_digest.
-     [Ronald Tschal�r <ronald@innovation.ch>]
-
-  *) Fix a memory leak where the module counts were getting messed
-     up across restarts.  [David Harris <dharris@drh.net>]
-
-  *) CIDR addresses such as a.b.c.d/24 where d != 0 weren't handled
-     properly in mod_access.
-     ["Paul J. Reder" <rederpj@raleigh.ibm.com>] PR#4770
-
-  *) RewriteLock/RewriteMap didn't work properly with virtual hosts.
-     [Dmitry Khrustalev <dima@bog.msu.su>] PR#3874
-
-  *) PORT: Support for compaq/tandem/com.
-     [Michael Ottati <michael.ottati@compaq.com>, dirkx]
-
-  *) Added SHA1 password encryption support to easy migration from 
-     Netscape servers. See support/SHA1 for more information.
-     Caused the separation of ap_md5.c into md5, sha1 and a general
-     ap_checkpass.c with just a validate_passwd routine. Added a
-     couple of flags to support/htpasswd. Some reuse of the to64()
-     function; hence renamed to ap_to64().
-     [Dirk-Willem van Gulik, Clinton Wong <clintdw@netcom.com>]
-
-  *) Change for EBCDIC platforms (TPF and BS2000) to correctly deal
-     with ASCII/EBCDIC conversions in "ident" query.
-     [David McCreedy <McCreedy@us.ibm.com>]
-
-  *) Get rid of redefinition warning on MAC_OS_X_SERVER platform.
-     Change "Power Macintosh" to Power* so if uname prints "Power Book"
-     we're still happy on Rhapsody platforms.  [Wilfredo Sanchez]
-
-  *) Fix SIGSEGV on some systems because the Vary fix below included
-     a call to table_do with a variable argument list that was not
-     NULL terminated.  Replaced with better implementation. [Roy Fielding]
-
-Changes with Apache 1.3.7 [not released]
-
-  *) The "Vary" response header field is now sanitised right before
-     the header is sent back to the client.  Multiple "Vary" fields
-     are combined, and duplicate tokens (e.g., "Vary: host, host" or
-     "Vary: host, negotiate, host, accept-language") are reduced to
-     single instances.  This is a better solution than the force-no-vary
-     one (which is still valid for clients that can't cope with Vary
-     at all).  [Dean Gaudet, Roy Fielding, Ken Coar] PR#3118
-
-  *) Portability changes for BeOS. [David Reid abb37@dial.pipex.com]
-
-  *) Link DSO's with "gcc -shared" instead of "ld -Bshareable" at 
-     least on Linux and FreeBSD for now.  
-     [Rasmus Lerdorf]
-
-  *) Win32: More apache -k restart work. Restarts are now honored
-     immediately and connections in the listen queue are -not- lost.
-     This is made possible by the use of the WSADuplicateSocket()
-     call.  The listeners are opened in the parent, duplicated, then
-     the duplicates are passed to the child. The original listen sockets 
-     are not closed by the parent across a restart, thus the listen queue 
-     is preserved.
-     [Bill Stoddard <stoddard@raleigh.ibm.com>]
-
-  *) Fix handling of case when a client has sent "Expect: 100-continue"
-     and we are going to respond with an error, but get stuck waiting to
-     discard the body in the pointless hope of preserving the connection.
-     [Roy Fielding, Joe Orton <jeo101@york.ac.uk>] PR#4499, PR#3806
-
-  *) Fix 'configure' to work correctly with SysV-based versions of
-     'tr' (consistent with Configure's use as well). [Jim Jagielski]
-
-  *) apxs: Add "-S var=val" option which allows for override of CFG_*
-     built-in values. Add "-e" option which works like -i but doesn't
-     install the DSO; useful for editing httpd.conf with apxs. Fix
-     editing code so that multiple invocations of apxs -a will not
-     create duplicate LoadModule/AddModule entries; apxs can now be
-     used to re- enable/disable a module.  [Wilfredo Sanchez]
-
-  *) Win32: Update the server to use Winsock 2. Specifically, link with
-     ws2_32.lib rather than wsock32.lib.  This gives us access to 
-     WSADuplcateSocket() in addition to some other enhanced comm APIs.
-     Win 95 users may need to update their TCP/IP stack to pick up
-     Winsock 2. (See http://www.microsoft.com/windows95/downloads/)
-     [Bill Stoddard stoddard@raleigh.ibm.com]
-
-  *) Win32: Redirect CGI script stderr (script debug info) into the 
-     error.log when CGI scripts fail. This makes Apache on Win32 
-     behave more like Unix.      
-     [Bill Stoddard stoddard@raleigh.ibm.com]
-
-  *) Fixed `httpd' usage display: -D was missing.
-     [Ralf S. Engelschall] PR#4614
-
-  *) Fix `make r' test procedure in src/regex/: ap_isprint was not found.
-     [Ralf S. Engelschall] PR#4561, PR#4562
-
-  *) OS/2: Fix problem with accept lock semaphores where server would die with
-     "OS2SEM: Error 105 getting accept lock. Exiting!" 
-     [Brian Havard] PR#4505
-
-  *) Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms.
-     [Randy Terbush <randy@covalent.net>]
- 
-  *) Add the new mass-vhost module (mod_vhost_alias.c) developed and
-     used by Demon Internet, Ltd. [Tony Finch <fanf@demon.net>]
-
-  *) Better GCC detection for DSO flags under Solaris 2 where the `cc' 
-     command potentially _is_ GCC. [Ralf S. Engelschall]
-
-  *) Fix apxs build issues on AIX 
-     [Rasmus Lerdorf <rasmus@raleigh.ibm.com>]
-
-  *) DocumentRoot Checking: Under previous versions, when Apache
-     first started up, it used to do a stat of each DocumentRoot to
-     see if it existed and was a directory. If not, then an error
-     message was printed. THIS HAS BEEN DISABLED. If DocumentRoot
-     does not exist, you will get error messages in error_log. If
-     the '-t' command line option is used (to check the configuration)
-     the check of DocumentRoot IS performed. An additional command
-     line option, '-T', has been added if you want to avoid the
-     DocumentRoot check even when checking the configuration.
-     [Jim Jagielski]
-
-  *) Win32: The query switch "apache -S" didn't exit after showing the
-     vhost settings. That was inconsistent with the other query functions.
-     [Bill Stoddard - Fixed by Martin on Unix in 1.3.4]
-
-  *) Win32: Changed behaviour of apache -k restart. 
-     Previously, the server would drain all connections in the stack's
-     listen queue before honoring the restart. On a busy server, this
-     could take hours.  Now, a restart is honored almost immediately. 
-     All connections in Apache's queues are handled but connections in 
-     the stack's listen queue are discarded. Restart triggered by 
-     MaxRequestPerChild is unchanged.
-     [Bill Stoddard <stoddard@raleigh.ibm.com>]
-
-  *) Win32: Eliminated unnecessary call to wait_for_multiple_objects in
-     the accept loop. Good for a 5% performance boost. Cleaned up 
-     parent/child process management code. 
-     [Bill Stoddard <stoddard@raleigh.ibm.com>]
-
-  *) Added ceiling on file size for memory mapped files.
-     [John Giannandrea <jg@meer.net>] PR#4122
-
-  *) Fix ndbm.h include problems with brain-dead glibc >= 2.1 which 
-     has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528
-     [Henri Gomez <gomez@slib.fr>, Ralf S. Engelschall] 
-
-  *) Determine AP_BYTE_ORDER for ap_config_auto.h and already
-     use this at least for Expat. [Ralf S. Engelschall]
-
-  *) Allow .module files to specify libraries with Lib:.
-     [Ben Laurie]
-
-  *) Allow SetEnvIf[NoCase] to test environment variables as well
-     as header fields and request attributes.  [Ken Coar]
-
-  *) Fix mod_autoindex's handling of ScanHTMLTitles when file
-     content-types are "text/html;parameters".  [Ken Coar]  PR#4524
-
-  *) Remove "mxb" support from mod_negotiation -- it was a draft feature
-     never accepted into any standard, and it opens up certain DoS
-     attacks.  [Koen Holtman <Koen.Holtman@cern.ch>]
-
-  *) TestCompile updated. We can now run programs and output the
-     results during the Configure process. [ Jim Jagielski]
-
-  *) The source is now quad (long long) aware as needed. Specifically,
-     the Configure process determines the correct size of off_t and
-     *void. When the OS/platform/compiler supports quads, ap_snprintf()
-     provides for the 'q' format qualifier (if quads are not available,
-     'q' is silently "demoted" to long). [Jim Jagielski]
-
-  *) When the username or password fed to htpasswd is too long, include the
-     size limit in the error message.  Also report illegal characters
-     (currently only ':') in the username.  Add the size restrictions
-     to the man page.  [Ken Coar]
-
-  *) Fixed the configure --without-support option so it doesn't result in
-     an infinite loop.  [Marc Slemko]
-
-  *) Piped error logs could cause a segfault if an error occured
-     during configuration after a restart.
-     [Aidan Cully <aidan@panix.com>] PR#4456
-
-  *) If a "Location" field was stored in r->err_headers_out rather
-     than r->headers_out, redirect processing wouldn't find it and
-     the server would core dump on ap_escape_html(NULL).  Check both
-     tables and raise HTTP_INTERNAL_SERVER_ERROR with a log message
-     if Location isn't set.  [Doug MacEachern, Ken Coar]
-
-  *) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy
-     of the Expat 1.0.2 distribution. [Greg Stein]
-
-  *) Replace regexec() calls with calls to a new API stub function
-     ap_regexec().  This solves problems with DSO modules which use the regex
-     library. [Jens-Uwe Mager <jum@helios.de>, Ralf S. Engelschall]
-
-  *) Add 'Request_Protocol' special keyword to mod_setenvif so that
-     environment variables can be set according to the protocol version
-     (e.g., HTTP/0.9 or HTTP/1.1) of the request.  [Ken Coar]
-
-  *) Add DSO support for OpenStep (Mach 4.2) platform.
-     [Ralf S. Engelschall, Rex Dieter <rdieter@math.unl.edu>] PR#3997
-
-  *) Fix sed regex for generating ap_config_auto.h in src/Configure.
-     [Jan Gallo <gallo@pvt.sk>] PR#3690, PR#4373
- 
-  *) Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with
-     their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372
-
-  *) Better DSO flags recognition on NetBSD platforms using ELF.
-     [Todd Vierling <tv@pobox.com>] PR#4310
-
-  *) Always log months in english format for %t in mod_log_config.
-     [Petr Lampa <lampa@fee.vutbr.cz>] PR#4366, 679
-
-  *) Support for server-parsed and multiview-determined ReadmeName and
-     HeaderName files in mod_autoindex. Removed the restriction on
-     "/"s in ReadmeName and HeaderName directives since the *sub_req*
-     routines will deal with the access issues. (It's now possible to
-     have {site|group|project|customer|...} wide readmes and headers.)
-     [Raymond S Brand <rsbx@rsbx.net>, Ken Coar] PR#1574, 3026, 3529,
-     3569, 4256
-
-  *) When stat() fails, don't assume anything about the contents of
-     the struct stat.  [Ed Korthof <ed@bitmechanic.com>]
-
-  *) It's OK for a semop to return EINTR, just loop around and try
-     again.  [Dean Gaudet]
-
-  *) Fix configuration engine re-entrant hangups, which solve a
-     handful of problems seen with mod_perl <Perl> configuration sections
-     [Salvador Ortiz Garcia <sog@msg.com.mx>]
-
-  *) Mac OS and Mac OS X Server now use the appropriate custom layout
-     by default when building with APACI; allow for platform-specific
-     variable defaults in configure. [Wilfredo Sanchez]
-
-  *) Do setgid() before initgroups() in http_main; some platforms
-     zap the grouplist when setgid() is called.  This was fixed in
-     suexec earlier, but the main httpd code missed the change.
-     [Rob Saccoccio <robs@InfiniteTechnology.com>]  PR#2579
-
-  *) Add recognition of .tgz as a gzipped tarchive.
-     [Bertrand de Singly <bertrand.de-singly@polytechnique.fr>]  PR#2364
-
-  *) mod_include's fsize/flastmod should allow only relative paths, just
-     like "include file".  [Jaroslav Benkovsky <benkovsk@pha.pvt.cz>]
-
-  *) OS/2: Add support for building loadable modules using DLLs.
-     [Brian Havard]
-
-  *) Add iconsdir, htdocsdir, and cgidir to config.layout.
-     [Wilfredo Sanchez]
-
-  *) Fix minor but annoying bug with the test for Configuration.tmpl
-     being newer than Configuration so that it is less likely to fail
-     when using APACI and shadow sources. [Wilfredo Sanchez]
-
-  *) PORT: Add initial support for Mac OS (versions 10.0 and
-     greater). Use Mac OS X Server layout for now. Clean up dyld code
-     in unix/os.c, and don't install the dyld error handlers, which
-     are no longer needed in Mac OS. [Wilfredo Sanchez]
-
-  *) Rename Rhapsody layout to "Mac OS X Server". Change install
-     locations to appropriate ones for user-built (as opposed to
-     system) installs. [Wilfredo Sanchez]
-
-  *) Modify mod_autoindex's handling of AddDescription so that the
-     behaviour matches the documentation.  [Ken Coar] PR#1898, 3072.
-
-  *) Add functionality to the install-bindist.sh script created by
-     binbuild.sh to use tar when copying distribution files to the
-     serverroot. This allows upgrading an existing installation
-     without nesting the new distribution in the old.
-
-     install-bindist.sh now detects the local perl5 path to install
-     apxs and dbmmanage with proper path to perl interpreter.
-
-     Add an install-binsupport target which copies the source files
-     for apxs and dbmmanage to bindist to allow these scripts to
-     be properly installed relative to the destination serverroot.
-     [Randy Terbush, Covalent Technologies, randy@covalent.net]
-
-  *) Fix intermittent SEGV in ap_proxy_cache_error() in
-     src/modules/proxy_util.c where a NULL filepointer and
-     temporary filename were closed and unlinked.
-     [Graham Leggett <minfrin@sharp.fm>,
-     Tim Costello <tjcostel@socs.uts.edu.au>] PR#3178
-
-  *) Fix inconsistent error messages reported by mod_proxy.
-     [Graham Leggett <minfrin@sharp.fm>]
-
-  *) OS/2: Fix terminating CGIs that aren't compiled by EMX GCC when a 
-     connection is aborted.  [Brian Havard]
-
-  *) Force the LANG envariable to the known state of "C" so that we
-     have assurance about how string manipulators (e.g., tr) will
-     function.  [Ken Coar]  PR#1630
-
-  *) Add a directive to allow customising of the tracking cookie name.
-     [Ken Coar]  PR#2921, 4303
-
-  *) Add "force-no-vary" envariable to allow servers to work around
-     clients that choke on "Vary" fields in the response header.
-     [Ken Coar, Dmitry Khrustalev <dima@zippy.machaon.ru>]  PR#4118
-
-  *) Fixed a bug in mod_dir that causes a child process will infinitely
-     recurse when it attemps to handle a request for a directory wnd the
-     value of the DirectoryIndex directive is a single dot. Also likely
-     to happen for anyother values of DirectoryIndex that will map back
-     to the same directory. The handler now only considers regular files
-     as being index candidates. No PR#s found.
-     [Raymond S Brand <rsbx@rsbx.net>]
-
-  *) Ease configuration debugging by making TestCompile fall back to
-     using "make" if the $MAKE variable is unset [Martin Kraemer]
-
-  *) Fixed the ServerSignature directive to work as documented.
-     [Raymond S Brand <rsbx@rsbx.net>] PR#4248
-
-  *) Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand
-     <rsbx@rsbx.net>]
-
-  *) Add APACI --without-execstrip option which can be used to disable the
-     stripping of executables on installation.  This is very important for DSO
-     and debugging situations. [Ralf S. Engelschall]
-
-  *) Add support for OS/2 (case insenstive filesystem, .exe suffix, etc)
-     to APACI files and related scripts. 
-     [Yitzchak Scott-Thoennes <sthoenna@efn.org>, Ralf S. Engelschall] PR#4269
-
-  *) Add support for standalone mode in TPF
-     [Joe Moenich <moenich@us.ibm.com>]
-
-  *) Fix number of bytes copied by read_connection() in src/support/ab.c
-     [Jim Cox <jc@superlink.net>] PR#4271
-
-  *) Fix special RewriteCond "-s" pattern matching.
-     [Bob Finch <bob@nas.com>]
-
-  *) Fix value quoting in src/Configure script for ap_config_auto.h 
-     [Paul Sutton <paul@awe.com>]
-
-  *) Make sure RewriteLock can be used only in the global context, (i.e.
-     outside of any <VirtualHost> sections) because it's a global facility of
-     the rewrite engine. [Ralf S. Engelschall]
-
-  *) Fix the ownership delegation for proxy directory under `make install'.
-     [Ralf S. Engelschall]
-
-  *) APACI would not correctly build suexec. [Maria Verina
-     <mariav@icgeb.trieste.it>] PR#4260
-
-  *) mod_mime_magic passed only the first 4k of a file to
-     uncompress/gzip, but those tools sometimes do not produce
-     any output unless a sufficient portion of the compressed
-     file is input.  Change to pass the entire file -- but
-     only read 4k of output.
-     [Marcin Cieslak <saper@system.pl>] PR#4097
-
-  *) "IndexOptions None" generated extra spaces at the end of each
-     line.  [inkling@firstnethou.com] PR#3770
-
-  *) The "100 Continue" response wasn't being sent after internal
-     redirects. [Jose KAHAN <kahan@w3.org>] PR#3910, 3806, 3575
-
-  *) When padding the name with spaces for display, mod_autoindex would
-     count &, <, and > in their escaped width, messing up the display.
-     [Dean Gaudet] PR#4075, 3758
-
-  *) PORT: fixed a compilation problem on NEXT.
-     [Jacques Distler <distler@golem.ph.utexas.edu>] PR#4130
-
-  *) r->request_time wasn't being set properly in certain error conditions.
-     [Dean Gaudet] PR#4156
-
-  *) PORT: deal with UTS compiler error in http_protocol.c
-     [Dave Dykstra <dwd@bell-labs.com>] PR#4189
-
-  *) Add ap_vrprintf() function.  [John Tobey <jtobey@banta-im.com>] PR#4246
-
-  *) Fix the mod_mime hash table to work properly with locales other
-     than C.  [Dean Gaudet] PR#3427
-
-  *) Fix a memory leak which is exacerbated by certain configurations.
-     [Dean Gaudet] PR#4225
-
-  *) Prevent clobbering saved IFS values in APACI. [Jim Jagielski]
-
-  *) Fix buffer overflows in ap_uuencode and ap_uudecode pointed out
-     by "Peter 'Luna' Altberg <peter@altberg.nu>" and PR#3422
-     [Peter 'Luna' Altberg <peter@altberg.nu>, Ronald Tschal�r]
-
-  *) Make {Set,Unset,Pass}Env per-directory instead of per-server.
-     [Ben Laurie]
-
-  *) Correct an apparent typo: on the Windows and MPE platforms, the
-     htpasswd utility was limiting passwords to only 8 characters.
-     [Ken Coar]
-
-  *) EBCDIC platforms: David submitted patches for two bugs in the
-     MD5 digest port for EBCDIC machines:
-     a) the htdigest utility overwrote the old contents of the digest file
-     b) the Content-MD5 header value (ContentDigest directive) was wrong
-     when the returned file was not converted from EBCDIC, but was a
-     binary (e.g., image file) in the first place.
-     [David McCreedy at IBM]
-
-  *) support/htpasswd now permits the password to be specified on the
-     command line with the '-b' switch.  This is useful when passwords
-     need to be maintained by scripts -- particularly in the Win32
-     environment.  [Ken Coar]
-
-  *) Win32: Win32 multiple services patch. Added capability to install and
-     run multiple copies of apache as individual services.
-
-     Example 1:
-     apache -n apache1 -i -f c:/httpd.conf
-        Installs apache as service 'apache1' and associates c:/httpd.conf
-        with that service.
-     net start apache1
-        Starts apache1 service.
-     net stop apache1
-        Stops apache1 service
-
-     Example 2:
-     apache -n apache2 -i
-        Installs apache as service 'apache2'. httpd.conf is located under
-        the default server root (/apache/conf/httpd.conf).
-     net start apache2
-        Starts apache2 service.
-
-     Example 3:
-     apache -n apache3 -i -d c:/program files/apache
-        Install apache as service 'apache3' and sets server root to
-        c:/program files/apache.
-
-     Example 4:
-     apache -n apache2 -k restart
-        Restart apache2 service 
-
-     [Keith Wannamaker, Ken Parzygnat, Bill Stoddard]
-
-  *) Correct the signed/unsigned character handling for the MD5 routines;
-     mismatches were causing compilation problems with gcc -pedantic and
-     in the TPF cross-compilation.  [Ken Coar]
-
-  *) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving
-     a roughly 5 fold speed up. [Brian Havard]
-
-  *) proxy ftp: instead of using the hardwired string "text/plain" as
-     a fallback type for files served by the ftp proxy, use the
-     ap_default_type() function to determine the configured type.
-     This allows for special configurations like
-	<Directory proxy:ftp://some.host>
-	DefaultType gargle/blurb
-	</Directory>
-     Additionally, add the Content-Encoding: header to FTP proxy replies
-     when the encoding is defined (by the AddEncoding directive).
-     Because it was missing, it was almost impossible to browse compressed
-     files using the FTP proxy (works now perfectly in Communicator).
-     The ftp proxy now also returns the Date: and Server: header lines (if not
-     much else... This code is "somewhat" broken) like normal requests do.
-     [Martin Kraemer]
-
-  *) Be more smart in APACI's configure script when determining the UID/GID
-     for User/Group directives and use the determined UID/GID to initialize
-     the permissions on the proxycachedir.
-     [Dirk-Willem van Gulik, Ralf S. Engelschall]
-
-  *) Changed the forking-prior-to-cleanup in the proxy module to first
-     check wether it actually needs to collect garbage. This reduces 
-     the number of fork()s from one/request to just the odd one an hour.
-     [Dirk-Willem van Gulik]
-
-  *) Added proxy, auth and header support to src/support/ab.c. Added a
-     README file to src/support/
-     [Dirk-Willem van Gulik]
-
-  *) Don't hard-code the path to AWK in --shadow bootstrapping Makefile.
-     [Ralf S. Engelschall] PR#4050
-
-  *) Add support for DSO module compilation on BSD/OS 3.x.
-     [Randy Terbush, Covalent Technologies]
-
-  *) Fix sed-substitutions in `make install': path elements like `httpd/conf'
-     (for instance from an APACI configure --sysconfdir=/etc/httpd/conf
-     option) were substituted with $(TARGET).conf, etc. Same for other strings
-     with dots where the dot wasn't matched as plain text. 
-     [Ralf S. Engelschall]
-
-  *) PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall]
-
-  *) Fix verbose output of APACI configure (option -v) 
-     [Martin Kraemer, Ralf S. Engelschall]
-
-Changes with Apache 1.3.6
-
-  *) Removed new PassAllEnv code due to DSO problems. [Lars Eilebrecht]
-
-Changes with Apache 1.3.5 [not released]
-
-  *) M_INVALID needed a value within the scope of METHODS so that unknown
-     methods can be access controlled.  [Roy Fielding] PR#3821
-
-  *) Added PassAllEnv; makes server's entire environment available
-     to CGIs and SSIs executed within directive's scope.  [Ken Coar]
-
-  *) ap_uuencode() always added two trailing '='s and encoding of
-     8 bit characters on a machine with signed char may produced
-     incorrect results. Additionally ap_uuencode() should now
-     work correctly on EBCDIC platforms.
-     [Ronald Tschal�r <ronald@innovation.ch>] PR#3411
-
-  *) WIN32: Binary installer now runs the configuration DLL before
-     the reboot prompt (which is only given if MSVCRT.DLL system
-     DLL is new or updated). This should avoid the configuration
-     directory being empty after installation. [Paul Sutton]
-     PR#3767, 3800, 3827, 3850, 3900, 3953, 3988
-
-  *) WIN32: Binary installer now creates Start menu options to start
-     and stop Apache as a console application and to uninstall
-     the Apache service on NT. [Paul Sutton] PR#3741
-
-  *) WIN32: Apache.exe now contains an icon. [Paul Sutton]
-
-  *) PORT: Switch back to using fcntl() locking on Linux -- instabilities
-     have been reported with flock() locking (probably related to kernel
-     version).  [Dean Gaudet] PR#2723, 3531
-
-  *) Using APACI, the main config file (usually httpd.conf) was
-     not being adjusted as $(TARGET).conf. [Wilfredo Sanchez
-     <wsanchez@apple.com>]
-
-  *) PORT: AIX does not require the SHARED_CODE "hack"
-     [Ryan Bloom <rbb@raleigh.ibm.com>]
-
-  *) Set-Cookie headers were being doubled up for some CGIs by the O(n^2)
-     avoidance code added in 1.3.3.
-     [Dean Gaudet, Jeff Lewis <lewis@stanford.edu>] PR#3872
-
-  *) ap_isxdigit was somehow neglected when adding the ap_isfoo() macros
-     for 8-bit safeness.  [Dean Gaudet]
-
-  *) PORT: Use -fPIC instead of -fpic on Solaris and SunOS for compiling DSOs
-     because SPARCs have a small machine-specific maximum size for the Global
-     Offset Table which is often exceeded when compiling one of the larger
-     third-party modules with Apache. [Peter Urban <Peter.Urban@epfl.ch>] PR#3977
-
-  *) Move the directive `ExtendedStatus' in httpd.conf-dist-win _after_ the
-     DSO/DLL section because it's a directive from mod_status and isn't
-     available before the DLL of mod_status is loaded.
-     [Martin POESCHL <mpoeschl@gmx.net>] PR#3936
-
-  *) SECURITY: Fix a bug in the calculation of the buffer size for the line 
-     continuation facility in Apache's configuration files which could 
-     lead to a buffer overflow situation.
-     [Thomas Devanneaux <Thomas.Devanneaux@enst.fr>] PR#3617
-
-  *) Make documentation and error messages of APACI's --activate-module=FILE 
-     option more clear. [Jan Wolter <janc@wwnet.net>] PR#3995
-
-  *) Fix the gcc version check (for enabling the `inline' facility) to 
-     really support all future gcc versions >= 2.7 until we know more.
-     [John Tobey <jtobey@banta-im.com>] PR#3983
-
-  *) Let APACI's configure script correctly complain for unknown --enable-XXX
-     and --disable-XXX options. [Ralf S. Engelschall] PR#3958
-
-  *) Link the shared core bootstrap program (``Rule SHARED_CORE=yes'') also
-     against libap.a and use its ap_snprintf() instead of sprintf() to avoid
-     possible buffer overflows. [Ralf S. Engelschall]
-
-  *) Remove no longer used non-API function ap_single_module_init().
-     [Ralf S. Engelschall]
-
-  *) Add Apple's Mac OS X Server Layout "Rhapsody" to config.layout.
-     [Wilfredo Sanchez]
-
-  *) Add cgidir, htdocsdir, iconsdir variables to Makefile.tmpl in order
-     to make platform installations easier.  [Wilfredo Sanchez]
-
-  *) In configure, do not append the target name to the directory path if
-     the path already contains "apache".  [Ralf S. Engelschall]
-
-  *) SIGPIPE is now ignored by the server core.  The request write routines
-     (ap_rputc, ap_rputs, ap_rvputs, ap_rwrite, ap_rprintf, ap_rflush) now
-     correctly check for output errors and mark the connection as aborted.
-     Replaced many direct (unchecked) calls to ap_b* routines with the
-     analogous ap_r* calls.  [Roy Fielding]
-
-  *) Enhanced mod_rewrite's mapfile handling: The in-core cache for text and
-     DBM format mapfiles now uses a 4-way hash table with LRU functionality.
-     Furthermore map lookups for non-existent keys are now cached as well.
-     Additionally "txt" maps are now parsed with simple string functions
-     instead of using ap_pregcomp(). As a side effect a bug that prevented
-     the usage of keys containing the "," character was fixed.
-     The changes drastically improve the performance when large rewrite maps
-     are in use.
-     [Michael van Elst <mlelstv@serpens.swb.de>, Lars Eilebrecht] PR#3160
-
-  *) Added ap_sub_req_method_uri() for doing a subrequest with a method
-     other than GET, and const'd the definition of method in request_rec.
-     [Greg Stein]
-
-  *) Use proper pid_t type for saving PIDs in alloc.c.  [John Bley]
-
-  *) Replaced use of WIN32 define with HAVE_DRIVE_LETTERS to indicate
-     when the OS allows a DOS drive letter within pathnames.  [Brian Havard]
-
-  *) Add %V to mod_log_config, this logs the hostname according to the
-     UseCanonicalName setting (this is the pre-1.3.4 behaviour of
-     %v).  Useful for mass vhosting.  [Tony Finch <dot@dotat.at>]
-
-  *) Add support for \n and \t to mod_log_config, can be used to produce
-     more reliable logs with multiline entries.  [Tony Finch <dot@dotat.at>]
-
-  *) Fixed a few compiler nits.  [John Bley <jbb6@acpub.duke.edu>]
-
-  *) Added informative error messages for failed munmap() and fseek() calls
-     in http_core.c. [John Bley, Roy Fielding]
-
-  *) Added some informative error messages for some failed malloc()
-     calls. [John Bley <jbb6@acpub.duke.edu>, Jim Jagielski]
-
-  *) OS/2 ap_os_canonical_filename()'s behaviour is improved: ap_assert()
-     is removed. This allows <Directory proxy:*> directives to work and
-     prevents invalid requests from killing the process.
-     [Brian Havard <brianh@kheldar.apana.org.au>]
-
-  *) Reorganised FAQ document.
-     [Joshua Slive <slive@finance.commerce.ubc.ca>] PR#2497
-
-  *) src/support/: The ApacheBench benchmark program was overhauled by
-     David N. Welton: you can now have it generate an HTML TABLE, presumably
-     for integration into other HTML sources. David updated the ab man page
-     as well and added some missing descriptions. Thanks!
-     [David N. Welton <davidw@prosa.it>]
-
-  *) Win32: The filename validity checker now allows filenames containing
-     characters in the range 0x80 to 0xff (for example accented characters).
-     [Paul Sutton] PR#3890
-
-  *) Added conditional logging based upon environment variables to
-     mod_log_config.  mod_log_referer and mod_log_agent
-     are now deprecated.  [Ken Coar]
-
-  *) Allow apache acting as a proxy server to relay the real
-     reason of a failure to a client rather than the "internal
-     server error" it does currently. The general exposure mechanism
-     can be triggered by any module by setting the "verbose-error-to"
-     note to "*"; this allows more than just proxy errors to be exposed.
-     [Cliff Skolnick, Roy Fielding, Martin Kraemer] Related to PR#3455, 4086
-
-  *) Moved man pages for ab and apachectrl to section 8.
-     [Wilfredo Sanchez, Roy Fielding]
-
-  *) Added -S option to install.sh so that options can be passed to
-     strip on some platforms. [Ralf S. Engelschall, Wilfredo Sanchez]
-
-  *) Tweak modules Makefile generated by Configure so that it handles
-     the test case of no modules being selected. [chaz@reliant.com]
-
-  *) Added a <LimitExcept method ...> sectioning directive that allows
-     the user to assign authentication control to any HTTP method that
-     is *not* given in the argument list; i.e., the logical negation
-     of the <Limit> directive.  This is particularly useful for controlling
-     access on methods unknown to the Apache core, but perhaps known by
-     some module or CGI script. [Roy Fielding, Tony Finch]
-
-  *) Prevent apachectl from complaining if the PIDFILE exists but
-     does not contain a process id, as might occur if the server is
-     being rapidly restarted. [Wilfredo Sanchez]
-
-  *) Win32: Add global symbols missing from ApacheCore.def. [Carl Olsen]
-
-  *) Entity tag comparisons for If-Match and If-None-Match were not being
-     performed correctly -- weak tags might cause false positives.  Also,
-     strong comparison wasn't properly enforced in all cases.
-     [Roy Fielding, Ken Coar, Dean Gaudet] PR#2065, 3657
-
-  *) OS/2: Supply OS/2 error code instead of errno on semaphore errors.
-     [Brian Havard]
-
-  *) Work around a bug in Lynx regarding its sending "Negotiate: trans"
-     even though it doesn't understand TCN.  [Koen Holtman, Roy Fielding]
-
-  *) Added ap_size_list_item(), ap_get_list_item(), and ap_find_list_item()
-     to util.c for parsing an HTTP header field value to extract the next
-     list item, taking into account the possible presence of nested comments,
-     quoted-pairs, and quoted-strings. ap_get_list_item() also removes
-     insignificant whitespace and lowercases non-quoted tokens.
-     [Roy Fielding] PR#2065
-
-  *) proxy: The various calls to ap_proxyerror() can return HTTP/1.1 status
-     code different from 500. This allows the proxy to, e.g., return
-     "403 Forbidden" for ProxyBlock'ed URL's. [Martin Kraemer] Related to PR#3455
-
-  *) Fix ordering of language variants for the case where the traditional
-     negotiation algorithm is being used with multiple language variants
-     and no Accept-Language. [James Treacy <treacy@debian.org>] PR#3299, 3688
-
-  *) Do not round the TCN quality calculation to 5 decimal places,
-     unlike RFC 2296, because the calculation might need 12 decimal places
-     to get the right result.  [Roy Fielding]
-
-  *) Remove unused code to disable transparent negotiation when
-     negotiating on encoding only, as we now handle encoding too
-     (though this is nonstandard for TCN), remove charset=ISO-8859-1
-     fiddle from the fiddle-averse RVSA comparison, and fix bugs in
-     some debugging statements within mod_negotiation. [Koen Holtman]
-
-  *) Fixed a rare memory corruption possibility in mod_dir if the index
-     file is negotiable and no acceptable variant can be found.
-     [Dean Gaudet, Roy Fielding, Martin Kraemer]
-
-  *) Win32: Add new config directive, ScriptInterpreterSource, to enable
-     searching the Win32 registry for script interpreters.
-     [Bill Stoddard]
-
-  *) Win32: The compiled-in default filename for the error log is now
-     error.log, which matches the default in the distributed httpd.conf.
-     [Paul Sutton]
-
-  *) Win32: Any error messages from -i or -u command line options are now
-     displayed on the console output rather than sent to the error log.
-     Also the "Running Apache..." message is not output unless Apache is
-     going to serve requests. [Paul Sutton]
-
-  *) Rework the MD5 authentication scheme to use FreeBSD's algorithm,
-     and use a private significator ('$apr1$') to mark passwords as
-     being smashed with our own algorithm.  Also abstract the password
-     checking into a new ap_validate_password() routine.  [Ken Coar]
-
-  *) Win32: The filename validity checker now allows "COM" but refuses 
-     access to "COM1" through "COM4". This allows filenames such
-     as "com.name" to be served. [Paul Sutton] PR#3769.
-
-  *) BS2000: Adapt to the new ufork() system call interface which will
-     make subtasking easier on the OSD/POSIX mainframe environment.
-     [Martin Kraemer]
-
-  *) Add a compatibility define for escape_uri() -> ap_escape_uri() to
-     ap_compat.h. [David White <david@persimmon.com>] PR#3725
-
-  *) Make NDBM file suffix determination for mod_rewrite more accurate, i.e.
-     use `.db' instead of `.pag' not only for FreeBSD, but also when
-     the NDBM library looks like Berkeley-DB based.
-     [Ralf S. Engelschall] PR#3773
-
-  *) Add ability to handle DES or MD5 authentication passwords.
-     [Ryan Bloom <rbb@Raleigh.IBM.Com>]
-
-  *) Fix O(n^2) memory consumption in mod_speling.  [Dean Gaudet]
-
-  *) SECURITY: Avoid some buffer overflow problems when escaping
-     quoted strings.  (This overflow was on the heap and we believe
-     impossible to exploit.)  [Rick Perry <perry@ece.vill.edu>]
-
-  *) Let src/Configure be aware of CFLAGS options starting with plus
-     signs as it's the case for the HP/UX compiler.
-     [Doug Yatcilla <yatcilda@umdnj.edu>] PR#3681
-
-  *) Remove the hard-wire of TAR=tar (we now check for gtar and gnutar first)
-     and check to see if the tar we wind up with supports '-h'.
-     [Jim Jagielski] PR#3671
-
-  *) A consistent and conservative style for all shell scripts has been
-     implemented. Basically, all shell string tests use the traditional
-     hack of 'if [ "x$var" != "x" ]' or 'if [ "x$var" = "xstring" ]'
-     to protect against bare null variable strings (ie: wrapping both
-     sides with double quotes and prepending 'x'). 'x' was chosen
-     because it's more universal and hopefully easier for old shell
-     prgrammers, as well as being easier to search for in 'vi' (/x\$) :)
-     [Jim Jagielski]
-
-  *) The status module now prints out both the main server generation as
-     well as the generation of each process. Also, the vhost info is
-     printed with '?notable'. [Jim Jagielski]
-
-  *) Move src/main/md5c.c to src/ap/ap_md5c.c; it's httpd-neutral
-     and this makes its functions available to things in src/support.
-     [Ken Coar]
-
-Changes with Apache 1.3.4
-
-  *) Renamed macros status_drops_connection to ap_status_drops_connection
-     and vestigial scan_script_header to ap_scan_script_header_err,
-     mostly for aesthetic reasons. [Roy Fielding]
-
-  *) The query switch "httpd -S" didn't exit after showing the
-     vhost settings. That was inconsistent with the other query functions.
-     [Martin Kraemer]
-
-  *) Moved the MODULE_MAGIC_COOKIE from before the versions and
-     filename to the end of the STANDARD_MODULE_STUFF.  Its
-     presence at the beginning prevented reporting of the filename
-     for modules compiled before 1 January 1999.  [Ken Coar]
-
-  *) SECURITY: ap_os_is_filename_valid() has been added to Win32
-     to detect and prevent access to special DOS device file names.
-     [Paul Sutton, Ken Parzygnat]
-     
-  *) WIN32: Created new makefiles Makefile_win32.txt (normal build)
-     and Makefile_win32_debug.txt (debug build) that work on Win95.
-     Run each of the following from the src directory:
-        nmake /f Makefile_win32.txt           # compiles normal build
-        nmake /f Makefile_win32.txt install   # compiles and installs
-        nmake /f Makefile_win32.txt clean     # removes compiled junk
-        nmake /f Makefile_win32_debug.txt     # compiles debug build
-        nmake /f Makefile_win32_debug.txt install
-        nmake /f Makefile_win32_debug.txt clean
-     [Roy Fielding]
-
-  *) Added binbuild.sh and findprg.sh helpers to make it easier for us
-     to build binary distributions. [Lars Eilebrecht]
-
-  *) IndexOptions SuppressColumnSorting only turned off making
-     the column headers anchors; you could still change the display
-     order by manually adding a '?N=A' or similar query string to the
-     URL.  Now SuppressColumnSorting locks in the sort order so
-     it can't be overridden this way.  [Ken Coar]
-
-  *) Added IndexOrderDefault directive to supply a default sort order
-     for FancyIndexed directory listings.  [Ken Coar] PR#1699
-
-  *) Change the ap_assert macro to a variant that works on all platforms.
-     [Richard Prinz <richard.prinz@cso.net>] PR#2575
-
-  *) Make sure under ELF-based NetBSD (now) and OpenBSD (future) we don't
-     search for an underscore on dlsym() (as it's already the case
-     for FreeBSD 3.0). [Todd Vierling <tv@pobox.com>] PR#2462
-  
-  *) Small fix for mod_env.html: The module was documented as to be _not_
-     compiled into Apache per default, although it _IS_ compiled into 
-     Apache per default. [Sim Harbert <sim@mindspring.com>] PR#3572
-
-  *) Instead of fixing a bug in the generation procedure for config.status (a
-     backslash was missing) we remove the bug together with it's complete
-     context because the special cases of the past can now no longer occur
-     because of the recent magic for the --with-layout default.
-     [Ralf S. Engelschall] PR#3590
- 
-  *) Make top-level Makefile aware of a parallel build procedures (make -j) by
-     making sure the src/support/ tools are _forced_ to be build last (they
-     depend on other libraries).
-     [Markus Theissinger <markus.theissinger@gmx.de>]
-
-  *) Fix installation procedure: Now that os-inline.c is actually used (a
-     recently fixed bug prevented this) we need to also install os-include.c
-     in addition to os.h into the PREFIX/include/ location or building of
-     module DSOs with APXS fails. [Ralf S. Engelschall] PR#3527
-
-  *) Added MODULE_MAGIC_COOKIE as the first field in a module structure to
-     allow us to distinguish between a garbled DSO (or even a file which isn't
-     an Apache module DSO at all) and a DSO which doesn't match the current
-     Apache API. [Ralf S. Engelschall] PR#3152
- 
-  *) Two minor enhancements to mod_rewrite: First RewriteRule now also
-     supports the ``nocase|NC'' flag (as RewriteCond already does for ages) to
-     match case insensitive (this especially avoids nasty patterns like
-     `[tT][eE][sS][tT]'). Second two additional internal map functions
-     `escape' and `unescape' were added which can be used to escape/unescape
-     to/from hex-encodings in URLs parts (this is especially useful in
-     combination with map lookups). 
-     [Magnus Bodin, Ian Kallen, Ralf S. Engelschall]
-
-  *) Renamed the macro escape_uri() to ap_escape_uri() which was
-     forgotten (because it was a macro) in the symbol renaming process.
-     [Ralf S. Engelschall]
-
-  *) Fix some inconsistencies related to the scopes of directives. The only
-     user visible change is that the directives `UseCanonicalName' and
-     `ContentDigest' now use the (more correct) `Options' scope instead of
-     (less correct) `AuthConfig' scope.  [Ralf S. Engelschall]
-
-  *) Using DSO, the Server token was being mangled. Specifically, the
-     module's token was being added first before the Apache token. This
-     has been fixed. [Jim Jagielski]
-
-  *) Major overhaul of mod_negotiation.c, part 2.
-     - properly handle "identity" within Accept-Encoding.
-     - allow encoded variants in RVSA negotiation and let them appear in
-       the Alternates field using the non-standard "encoding" tag-list.
-     - fixed both negotiation algorithms so that an explicitly accepted
-       encoding is preferred over no encoding if "identity" is not
-       included within Accept-Encoding.
-     - added ap_array_pstrcat() to alloc.c for efficient concatenation
-       of large substring sequences.
-     - replaced O(n^2) memory hogs in mod_negotiation with ap_array_pstrcat.
-     [Roy Fielding]
-
-  *) Major overhaul of mod_negotiation.c, part 1.
-     - cleanups to mod_negotiation comments and code structure
-     - made compliant with HTTP/1.1 proposed standard (rfc2068) and added
-       support for everything in the upcoming HTTP/1.1
-       revision (draft-ietf-http-v11-spec-rev-06.txt).
-         - language tag matching also handles tags with more than 2
-           levels like x-y-z
-         - empty Accept, Accept-Language, Accept-Charset headers are
-           processed correctly; previously an empty header would make all
-           values acceptable instead of unacceptable.
-         - allowed for q values in Accept-Encoding
-     - added support for transparent content negotiation (rfc2295 and
-       rfc2296) (though we do not implement all features in these drafts,
-       e.g. no feature negotiation).  Removed old experimental version.
-     - implemented 'structured entity tags' for better cache correctness
-       (structured entity tags ensure that caches which can deal with Vary
-       will (eventually) be updated if the set of variants on the server
-       is changed)
-         - this involved adding a vlist_validator element to request_rec
-         - this involved adding the ap_make_etag() function to the global API
-     - modified guessing of charsets used by Apache negotiation algorithm 
-       to guess 'no charset' if the variant is not a text/* type
-     - added code to sort multiviews variants into a canonical order so that
-       negotiation results are consistent across backup/restores and mirrors
-     - removed possibility of a type map file resolving to another type map
-       file as its best variant
-     [Koen Holtman, Roy Fielding, Lars Eilebrecht] PR#3451, 3299, 1987
-
-  *) RFC2396 allows the syntax http://host:/path (with no port number)
-     but the proxy disallowed it (ap_proxy_canon_netloc()).
-     [David Kristol <dmk@bell-labs.com>] PR#3530
-
-  *) When modules update/modify the file name in the configfile_t structure,
-     syntax errors will report the updated name, not the original one.
-     [Fabien Coelho <coelho@cri.ensmp.fr>] PR#3573
-
-  *) Correct some filename case assumptions from WIN32 to
-     CASE_BLIND_FILESYSTEM.  [Brian Havard <brianh@kheldar.apana.org.au>]
-
-  *) For %v log ServerName regardless of the UseCanonicalName
-     setting (similarly for %p).  [Dean Gaudet]
-
-  *) Configure was initializing the variables $OSDIR, $INCDIR and $SHELL
-     rather late (too late for some invocations of TestCompile).
-     This improves the make environment available to TestCompile and
-     the *.module scripts. [Martin Kraemer]
-
-  *) The hashbang emulation code in ap_execve.c would interpret
-     #!/hashbang/scripts correctly, but failed to fall back to a
-     standard shell for scripts which did NOT start with #!
-     Now SHELL_PATH is started in these cases. [Martin Kraemer]
-
-  *) PORT: Added the Cyberguard V2 port [Richard Stagg <stagg@lentil.org>]
-     PR#3336
-
-  *) Update APXS manual page: some -q option arguments were missing
-     and another was incorrect. [Mark Anderson <mda@discerning.com>] PR#3553
-
-  *) Cleanup the command line options: `-?' was documented to show
-     the usage list but does it with an error because `?' is not a valid
-     command. OTOH a lot of users expect `-h' to print such a usage list and
-     instead are annoyed for ages by our huge unreadable list of directives.
-     So we now changed the command line options this way:
-     1. `-L' => `-R' 
-        Intent: we need `-L' to be free, and `-R' for the DSO run-time path is
-        very similar to the popular linker option.
-     2. `-h' => `-L'
-        Intent: while -l gives the small list of modules, -L now gives the
-        large list of directives implemented by these modules.  This is also
-        consistent with -v (short version info) and -V (large version info).
-     3. `-?' => `-h' 
-        Intent: it's now the expected option ;-)
-     The manual page was adjusted accordingly. 
-     [Ralf S. Engelschall] PR#2714
-
-  *) Fixed problem of fclose() on an unopened file in suexec if LOG_EXEC
-     wasn't defined.  [Rick Franchuk <rickf@transpect.net>]
-
-  *) Removed recently introduced bugs and disfigurements in APACI:
-     o fixed argument line processing: using $args was broken: It was not
-       initialized and using args="$args $apc_option" and even args="$args
-       \"$apc_option\"" fails in the second processing round for any arguments
-       containing whitespaces. The only correct way is to use the construct
-       "$@" (but not possible here) or iterate _both_ times over the implicit
-       argument line (no argument to for-loop) which is what we now use.
-     o make --with-layout=Apache the default without creating
-       redundancy (copying the --with-layout block in the argument parsing
-       loop).  We achieve this by using the "$@" construct together with the
-       `set' command to prepend --with-layout=Apache to the command line in
-       case --with-layout is not used.
-     o fixed auto-suffix handling now that config.layout exists.
-       Paths which are auto-suffixed are marked with a trailing plus sign in
-       config.layout and every path now can be marked this way (not only the
-       four paths for which we do it currently).  Additionally the suffix is
-       no longer a static one. Instead it's now `/<target>' where <target> is
-       the argument of the --target option or per default `httpd'.
-     o allow also tabs (and only spaces) where we match whitespaces
-     o various fixes and cleanups related to used shell coding style
-     o made Jim happy by replacing `Written by' with `Initially written by' ;-)
-     o trimmed output of --help to fit into 80 columns
-     [Ralf S. Engelschall]
-
-  *) Added two new core API functions, ap_single_module_configure() and
-     ap_single_module_init(), which are now used by mod_so to configure a module
-     after loading. [Ralf S. Engelschall]
-
-  *) PORT: Add defines for USE_FLOCK_SERIALIZED_ACCEPT and
-     SINGLE_LISTEN_UNSERIALIZED_ACCEPT to NetBSD/OpenBSD section
-     of ap_config.h to allow serialized accept for multiport listens.
-     [Roy Fielding, Curt Sampson] PR#3120
-
-  *) PORT: Fixed a misplaced #endif for NetBSD/OpenBSD section
-     of ap_config.h that would skip several defines if DEFAULT_GROUP
-     was overridden. [Roy Fielding]
-
-  *) PORT: The I86 version of DGUX has support for strncasecmp and 
-     strcasecmp, so allow it in ap_config.h. [Amiel Lee Yee] PR#3247
-
-  *) Fix ordering of definitions in ap_config.h so that ap_inline is
-     defined before it might be used. [Victor Khimenko]
-
-  *) PORT: Add Dynamic Shared Object (DSO) support for BSDI (v4.0).
-     [Tom Serkowski <tks@bsdi.com>] PR#3453
-
-  *) Make generation of src/Configuration.apaci more robust: It failed to
-     differenciate between modules when one module name was a postfix of
-     another (e.g. cgi vs. fastcgi). We now check for mod_XXX, libXXX and even
-     just XXX (think about totally non-standard names like "apache_ssl", too).
-     [Ralf S. Engelschall] PR#3380
-
-  *) In src/Configure remove the SERVER_SUBVERSION support (already deprecated
-     since 1.3b7) and make whitespace handling more robust (it failed horrible
-     when whitespaces were present in the arguments of -D options).
-     [Ralf S. Engelschall] PR#3240
-
-  *) Add APACI --shadow=DIR variant (in addition to --shadow). This now first
-     creates an external package shadow tree in DIR before the local build
-     shadow tree is generated under DIR. This way one can have the extracted
-     Apache distribution tree read-only on NFS or CDROM and still build Apache
-     from these sources. An automatically triggered VPATH-like mechanism is
-     provided through the TOP variable, too.
-     [Ralf S. Engelschall, Wilfredo Sanchez <wsanchez@apple.com>]
-
-  *) Fix negotiation so that a Vary response header is correctly 
-     generated when, for a particular dimension, variants only vary
-     in having or not having a value for that dimension. [Paul Sutton]
-
-  *) Fix negotiation so that we prefer an encoded variant over an
-     unencoded variant if the user-agent explicitly says it can
-     accept that encoding. Previously we always preferred the unencoded
-     variant.
-     [Paul Ausbeck <paula@alumni.cse.ucsc.edu>, Paul Sutton] PR#3447
- 
-  *) Fix APXS tool: query variables LIBS_SHLIB and TARGET were not recognized
-     and the usage page was inconsistent with the functionality and manpage.
-     [Ralf S. Engelschall]
-
-  *) Allow special options -Wc,xxx and -Wl,xxx on APXS compile/link command.
-     They can occur multiple times and their arguments (`xxx') are passed AS
-     IS to the compiler/linker command.  [Ralf S. Engelschall]
-
-  *) Fixed possible (but harmless in practice) bug in the DBM lookup
-     procedure of mod_rewrite: very long keys were truncated.
-     [Ralf S. Engelschall]
-
-  *) Added a generic --with-layout=[FILE:]ID option. ID here is a layout
-     identifier, currently "Apache" and "GNU" are pre-defined in the file
-     config.layout.  Custom layouts are possible by using FILE:ID as the
-     argument where the layout ID is taken from FILE.
-
-     The config.layout file consists of <Layout ID>..</Layout> sections
-     where inside those sections "path_variable: path_value" pairs can be
-     specified. These lines are converted to path_variable='path_value'.
-
-  *) Add a DefaultLanguage directive so that files missing a language
-     extension (e.g., .fr, .de) can be labelled as being some other
-     default language. DefaultLanguage can appear in <Directory> and 
-     <Files> containers as well as .htaccess files.  [Paul Sutton]
-     PR#1180
-
-  *) Fix TARGET configuration when configuring and installing using
-     APACI configure. TARGET now defines the basename of the configuration
-     file, startup script, manual page, etc. log_error_core() now reports
-     the server binary name given by argv[0]. TARGET can now also be defined
-     with --target=TARGET parameter passed to APACI configure.
-     [Ralf Engelschall, Randy Terbush]
-
-  *) mod_include.c:handle_perl() now properly tests for OPT_INCNOEXEC
-     rather than OPT_INCLUDES [Rainer Schoepf <schoepf@uni-mainz.de>]
-
-  *) ap_md5_binary() was using sprintf() rather than a table lookup
-     to convert binary bytes to hex digits.
-     [Ronald Tschal�r <ronald@innovation.ch>] PR#3409
-
-  *) Fix SEGV in TCN negotiation if no variants are acceptable.
-     [Martin Plechsmid <plechsmi@karlin.mff.cuni.cz>] PR#1987
-
-  *) API: ap_exists_config_define() function is now "public" [Doug MacEachern]
-
-  *) Fix documentation of `Action' directive: It can activate a CGI script
-     when either a handler or a MIME content type is triggered by the request.
-     [Andrew Pimlott <pimlott@math.harvard.edu>] PR#3340
-
-  *) Document the `add' command of `dbmmanage' in `dbmmanage.1' manpage.
-     [David MacKenzie <djm@uu.net>] PR#3394
-
-  *) Ignore a "ErrorDocument 401" directive with a full URL and write a
-     notice to the error log. It is not possible to send a 401 response
-     and a redirect at the same time.  [Lars Eilebrecht]
-
-  *) Fallback to native compilers for IRIX-32 platform. It seems that
-     a gcc 2.8.1 compiled apache is logging client addresses with all
-     bits set (255.255.255.255). This is the second such problem caused
-     by gcc 2.8.1 compiler. The first being broken semaphore locking.
-     [Randy Terbush]
-
-  *) Updated mime.types to reflect current Internet media types
-     and include a URL to the registry.
-     [Manoj Kasichainula, Roy Fielding] PR#2380, 2286, 2246
-
-  *) SECURITY: Do a more complete check in mod_include to avoid 
-     an infinite loop of recursive SSI includes.  [Marc Slemko] PR#3323
-
-  *) Add APACI --suexec-docroot and --suexec-logfile options which can be
-     used to set the document root directory (DOC_ROOT) and the suexec
-     logfile (LOG_EXEC), respectively. Additionally the --layout option
-     was changed to show more information about the suEXEC setup.
-     [Lars Eilebrecht] PR#3316, 3357, 3361
-
-  *) Added the last two WebDAV status codes of 424 (Failed Dependency)
-     and 507 (Insufficient Storage) for use by third-party modules.
-     [Roy Fielding]
-
-  *) Enabled all of the WebDAV method names for use by third-party
-     modules, Limit, and Script directives.  That includes PATCH,
-     PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK.
-     Improved mod_actions.c so that it can use any of the methods
-     defined in httpd.h.  Added ap_method_number_of(method) for
-     getting the internal method number.  [Roy Fielding]
-
-  *) PORT: Add a port to the TPF OS. [Joe Moenich <moenich@us.ibm.com> and
-     others at IBM]
-
-  *) Fix problems with handling of UNC names (e.g., \\host\path)
-     on Win32.  [Ken Parzygnat <kparz@us.ibm.com>]
-
-  *) Rework os_canonical_*() on Win32 so it's simpler, more
-     robust, and works.  [Ken Parzygnat <kparz@us.ibm.com>]
-     PR#2555, 2915, 3064, 3232
-
-  *) Work around incomplete implementation of strftime on Win32.
-     [Manoj Kasichainula, Ken Parzygnat <kparz@us.ibm.com>]
-
-  *) Move a typedef to fix compile problems on Linux with 1.x kernels.
-     [Manoj Kasichainula] PR#3177
-
-  *) PORT: Add a port to the Concurrent PowerMAX OS. [Tom Horsley
-     <Tom.Horsley@mail.ccur.com>]
-
-  *) WIN32: Log more explicit error messages if spawning an interpreted 
-     script failed, including the command line used to attempt to execute 
-     the interpreter and the Win32 error code returned.  [Marc Slemko]
-
-  *) Disable sending of error-notes on a 500 (Internal Server Error) response
-     since it often includes file path info.  Enable sending of error-notes
-     on a 501 (Method Not Implemented).  [Roy Fielding] PR#3173
-
-  *) http_config.c would respond with 501 (Method Not Implemented) if a
-     content type handler was specified but could not be found, which
-     should have been a 500 response.  Likewise, mod_proxy.c would responsd
-     with a 501 if the URI scheme is unrecognized instead of the correct
-     response of 403 (Forbidden).  [Roy Fielding]
-
-  *) SECURITY: Eliminate DoS attack when a bad URI path contains what
-     looks like a printf format escape.  [Marc Slemko, Studenten Net Twente]
-
-  *) Fix in mod_autoindex: for files where the last modified time stamp was
-     unavailable, an empty string was printed which was 2 bytes short.
-     The size and description columns were therefore not aligned correctly.
-     [Martin Kraemer] (no PR#)
-
-  *) Update BS2000 OS code to work with recent versions. Starting with
-     release A17, the child fork() must be replaced by a _rfork().
-     (BS2000 only) [Martin Kraemer]
-
-  *) Add the actual server_rec structure of the specific Vhost to the
-     scoreboard file and avoid a string copy (as well as allow some
-     further future enhancements). [Harrie Hazewinkel
-     <harrie.hazewinkel@jrc.it>]
-
-  *) Add APACI --permute-module=foo:bar option which can be used to
-     on-the-fly/batch permute the order of two modules (mod_foo and mod_bar)
-     in the Configuration[.apaci] file. Two special and important variants are
-     supported for the option argument: first BEGIN:foo which permutes module
-     mod_foo with the begin of the module list, i.e. it `moves' the module to
-     the begin of the list (gives it lowest priority).  And second foo:END
-     which permutes mod_foo with the end of the module list, i.e. it `moves'
-     the module to the end of the list (gives it highest priority). 
-     [Ralf S. Engelschall]
-
-  *) Fix problem with 'apache -k shutdown' and startup event
-     synchronisation (Win32).  [Ken Parzygnat <kparz@raleigh.ibm.com>]
-     PR#3255
-
-  *) The config parser wasn't correctly noticing a missing '>'
-     on container start lines (e.g., it wouldn't spot
-     "<Directory /" as a syntax error).  [Ryan Bloom <rbbloom@us.ibm.com>]
-     PR#3279
-
-  *) Add a 'RemoveHandler' directive which will selectively remove
-     all handler associations for the specified file extensions.
-     [Ryan Bloom <rbbloom@us.ibm.com>] PR#1799.
-
-  *) Properly handle & allow "nul" and ".*/null" in AccessConfig and
-     ResourceConfig directives on Win32.  Also add a note to the effect
-     of 'useless User directive ignored on Win32' to the errorlog if
-     a User directive is encountered on Win32.
-     [Ken Parzygnat <kparz@raleigh.ibm.com>] PR#2078, 2303.
-
-  *) Fix multiple whitespace handling in imagemaps for mod_imap which was
-     broken since Apache 1.3.1 where we took out compressing of multiple
-     spaces in ap_cfg_getline().
-     [Ivan Richwalski <ivan@seppuku.net>] PR#3249
-
-  *) Fix Berkeley-DB/2.x support in mod_auth_db: The data structures were not
-     initialized correctly and the db_open() call used an invalid mode
-     parameter. [Ron Klatchko <ron@ckm.ucsf.edu>] PR#3171
-
-  *) PORT: DSO support for UnixWare 7
-     [Ralf S. Engelschall, Ron Record <rr@sco.com>]
-
-  *) Merge the contents of the {srm,access}.conf-dist* files into the
-     httpd.conf-dist* files.  The srm and access files now contain
-     only comments, and httpd.conf has all the combined contents in
-     a rational order.  [Ken Coar]
-
-  *) PORT: DSO/ELF support for FreeBSD 3.0.
-     [Ralf S. Engelschall, Dirk Froemberg <ibex@physik.TU-Berlin.DE>]
-  
-  *) Add a "default-handler" handler that calls the default_hander()
-     function which is normally called for static content.  This allows
-     you to override a specific handler.  [Marc Slemko]
-
-  *) Further simplify checking for absolute paths by replacing an
-     hard-coded syntax check with a call to a routine we already created to
-     do this.  [Ken Parzygnat <kparz@raleigh.ibm.com>] PR#2976, 3074
-
-  *) Log an error if we encounter a malformed "require" directive 
-     in mod_auth if we know that we know that no other module can
-     deal with it.  [Marc Slemko]
-
-  *) Remove ap_private_extern method of hiding conflicting symbols
-     on the NEXT platform because it is not correct for all versions,
-     and the versions for which it is correct are unknown.
-     [Wilfredo Sanchez <wsanchez@apple.com>]
-
-  *) Fix inheritance of IndexOptions NameWidth and remove unintended
-     restriction on +NameWidth, +IconHeight, and +IconWidth.  [Ken Coar]
-
-  *) Fix per-directory config merging for cases in which a 500 error
-     is encountered in an .htaccess file somewhere down the tree.
-     [Ken Coar]  PR#2409
-
-  *) Minor performance improvement to ap_escape_html(). [Roy Fielding]
-
-  *) Fixed a segmentation violation in mod_proxy when a response is
-     non-cachable.  [Roy Fielding, traced by Doug Bloebaum]. PR#2950, 3056
-
-Changes with Apache 1.3.3
-
-  *) Added a complete implementation of the Expect header field as
-     specified in rev-05 of HTTP/1.1.  Disabled the 100 Continue
-     response when we already know the final status, which is mighty
-     useful for PUT responses that result in 302 or 401. [Roy Fielding]
-
-  *) Remove extra trailing whitespace from the getline results as part
-     of the protocol processing, which is extra nice because it works
-     between continuation lines, is almost no cost in the normal case
-     of no extra whitespace, and saves memory. [Roy Fielding]
-
-  *) Added new HTTP status codes and default response bodies from the
-     revised HTTP/1.1 (307, 416, 417), WebDAV (102, 207, 422, 423), and 
-     HTTP Extension Framework (510) specifications.  Did not add the
-     WebDAV 424 and 425 codes because they are bogus.  We don't use any
-     of these codes yet, but they are now available to 3rd-party modules.
-     [Roy Fielding]
-
-  *) Fix a possible race condition between timed-out requests and the
-     ap_bhalfduplex select that might result in an infinite loop on
-     platforms that do not validate the descriptor. [Roy Fielding]
-
-  *) WIN32: Add "-k shutdown" and "-k restart" options to signal a
-     running Apache server [Paul Sutton]
-
-  *) Fix mod_autoindex bug where directories got a size of "0k" instead
-     of "-".  [Martin Plechsmid <plechsmi@karlin.mff.cuni.cz>, Marc Slemko]
-     PR#3130
-
-  *) PORT: DRS 6000 machine. [Paul Debleecker <pdebleecker@jetair.be>]
-
-  *) Add the server signature text (from the core ServerSignature directive)
-     to the list of envariables available to scripts, SSI, and the like.
-     [Ken Coar]
-
-  *) PORT: Fix sys/resource.h handling for SCO 3.x platform.
-     [M. Laak <maert@proinv.ee>] PR#3108
- 
-  *) Fallback from sysconf-based to plain HZ-based `ticks per second'
-     calculation in mod_status for all systems which don't have POSIX
-     sysconf() (like UTS 2.1) and not only for the NEXT platform.
-     [Dave Dykstra <dwd@bell-labs.com>] PR#3055
-
-  *) Fix `require ...' directive parsing in mod_auth, mod_auth_dbm and
-     mod_auth_db by using ap_getword_white() (which uses ap_isspace()) 
-     instead of ap_getword(..., ' ') (which parses only according to spaces 
-     but not tabs).  [James Morris <jmorris@intercode.com.au>, 
-     Ralf S. Engelschall] PR#3105
-
-  *) Fix the SERVER_NAME variable under sub-request situations (where
-     `UseCanonicalName off' is used) like CGI's called from SSI pages or
-     RewriteCond variables by adopting r->hostname to sub-requests.
-     [James Grinter <jrg@blodwen.demon.co.uk>] PR#3111
-
-  *) Fix stderr redirection under syslog-based error logging situation.
-     [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#3095
-
-  *) Document `ErrorLog syslog:facility' variant of error logging.
-     [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#3096
-
-  *) Fix http://localhost/ hints in top-level INSTALL document.
-     [Rob Jenson <robjen@spotch.com>, Ralf S. Engelschall] PR#3088
-
-  *) Quote paths in default configuration files.  [Wilfredo Sanchez]
-
-  *) PORT: Remove extra HAVE_SYS_RESOURCE_H define for RHAPSODY since
-     it is now taken care of properly by the header file tests.
-     [Wilfredo Sanchez <wsanchez@apple.com>]
-
-  *) Fix problem with scripts and filehandle inheritance on Win32.
-     [Ken Parzygnat <kparz@raleigh.ibm.com>]  PR#2884, 2910
-
-  *) Win32 name canonicalisation could end up using the server's
-     working directory to fill in some blanks.  [Ken Parzygnat
-     <kparz@raleigh.ibm.com>] PR#3001
-
-  *) Correct invalid assumption by ap_sub_req_lookup_file() that all
-     absolute paths begin with "/" -- because they don't on Win32.
-     [Ken Parzygnat <kparz@raleigh.ibm.com>] PR#2976, 3074
-
-  *) Add [REDIRECT_]VARIANTS environment variable to mod_speling
-     so that ErrorDocument 300 processors can reformat the list
-     if desired.  [Ken Coar] PR#2859
-
-  *) Add +/- incremental prefixes to IndexOptions keywords, and
-     enable merging of multiple IndexOptions directives.  [Ken Coar]
-
-  *) PORT: Allow GuessOS to recognize Unixware 7.0.1 [Steve Cameron
-     <steve.cameron@compaq.com>]
-
-  *) Reconstructed the loop through multiple htaccess file names so
-     that missing files are not confused with unreadable files.
-     [Roy Fielding]
-
-  *) The ap_pfopen and ap_pfdopen routines were failing to protect the
-     errno on an error, which leads to one error being mistaken for
-     another when reading non-existent .htaccess files.
-     [Jim Jagielski]
-
-  *) OS/2: The new header tests get things right, need to update
-     ap_config.h.  [Brian Havard]
-
-  *) The Perl %ENV hash will now be setup by default when using the
-     mod_include `perl' command [Doug MacEachern]
-
-  *) PORT: Add Pyramid DC/OSx support to configuration mechanism.
-     [Earle Ake <akee@wpdiss1.wpafb.af.mil>]
-
-  *) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1
-     [Dave Dykstra <dwd@bell-labs.com>] PR#3054
-
-  *) Correct comment in mod_log_config.c about its internals.
-     [Elf Sternberg <elf@halcyon.com>]
-
-  *) Avoid possible line overflow in Configure: Use an awkfile to
-     handle the creation of modules.c [Jim Jagielski]
-
-Changes with Apache 1.3.2
-
-  *) Fix bug in ap_remove_module(), which caused problems for dso's 
-     who were the top_module.  [Doug MacEachern]
-
-  *) Add support for Berkeley-DB/2.x (in addition to Berkeley-DB/1.x) to
-     mod_auth_db to both be friendly to users who wants to use this version
-     and to avoid problems under platforms where only version 2.x is present.
-     [Dan Jacobowitz <drow@false.org>, Ralf S. Engelschall]
-
-  *) When using ap_log_rerror(), make the error message available to the
-     *ERROR_NOTES envariables by default.  [Ken Coar]
-
-  *) BS2000 platform only: get rid of the nasty BS2000AuthFile.
-     You now must define a BS2000Account name for the server User.
-     This has fewer security implications than the old approach.
-     [Martin Kraemer]
-
-  *) Fix SHARED_CORE feature for HPUX platform: We now use extension `.sl'
-     instead of `.so' and `SHLIB_PATH' instead of `LD_LIBRARY_PATH' on this
-     platform to make the braindead HPUX linker happy. Notice, for the module
-     DSOs we don't have to use this, because these are loaded manually (and
-     not via HPUX' dld). [Ralf S. Engelschall] PR#2905, PR#2968
-
-  *) Remove 64 thread limit on Win32.
-     [Bill Stoddard <stoddard@raleigh.ibm.com>]
-
-  *) Remove redundant substitutions in top-level Makefile.tmpl.
-     [Ralf S. Engelschall]
-
-  *) Fix APACI's `Group' configuration adjustment - especially for Linux
-     platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall]
- 
-  *) Make PrintPath work generically instead of having one version
-     strictly for OS/2. [Jim Jagielski, Brian Havard]
-
-  *) Fix the recently introduced C header file checking: We now use the C
-     pre-processor pass only (and no longer the complete compiler pass) to
-     determine whether a C header file exists or not. Because only this way
-     we're safe against inter-header dependencies (which caused horrible
-     portability problems). The only drawback is that we now have a CPP
-     configuration variable which has to be determined first (we do a similar
-     approach as GNU Autoconf does here). When all fails the user still has
-     the possibility to override it manually via APACI or src/Configuration.
-     As a fallback for the header check itself we can directly check the
-     existance of the file under /usr/include, too.
-     [Ralf S. Engelschall] PR#2777
-
-  *) PORT: Added RHAPSODY (Mac OS X Server) support. MAP_TMPFILE defined
-     as an alternate mechanism for mmap'd shared memory for RHAPSODY.
-     ap_private_extern defined to hide symbols that conflict with loaded
-     dynamic libraries on the NEXT and RHAPSODY platforms.
-     [Wilfredo Sanchez <wsanchez@apple.com>]
-
-  *) Delete PID file on clean shutdowns.
-     [Charles Randall <crandall@matchlogic.com>] PR#2947
-
-  *) Fix mod_auth_*.html documents: NSCA -> NCSA
-     [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#2991
-
-  *) Fix INSTALL document: www.gnu.ai.mit.edu -> www.gnu.org
-     [Karl Berry <karl@gnu.org>] PR#2994
-
-  *) Fix dbmmanage.1 manual page.
-     [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#2992
-     
-  *) Fix possible buffer overflow situation in suexec.c.
-     [Jeff Stewart <jws@purdue.edu>] PR#2790
-
-  *) Add some more LIBS for the SCO5 platform which are needed for the already
-     used -lprot. It's actually a bug in SCO5, of course.
-     [Ronald Record <rr@sco.com>] PR#2533
-
-  *) Fix documentation of ProxyPass/ProxyPassReverse according to the
-     trailing slash problem. [Jon Drukman <jsd@gamespot.com>] PR#2933
-  
-  *) Remove `-msym' option from LDFLAGS_SHLIB for the Digital UNIX (OSF/1)
-     platform, because it's only supported under version 4.0 and higher. But
-     because our GuessOS is still unaware of Digital UNIX versions and the
-     -msym is just to optimize the DSO statup time a little bit it's safe and
-     best when we leave it out now.  [Ralf S. Engelschall] PR#2969
-
-  *) Fix the ap_log_error_old(), ap_log_unixerr() and ap_log_printf()
-     functions: First all three functions no longer fail on strings containing
-     "%" chars and second ap_log_printf() no longer does a double-formatting
-     (instead it directly passes through the message to be formatted to the
-     real internal formatting function). [Ralf S. Engelschall] PR#2941
-
-  *) Allow "Include" directives anywhere in the server config
-     files (but not .htaccess files).  [Ken Coar] PR#2727
-
-  *) The proxy was refusing to serve CONNECT requests except to
-     port 443 (https://) and 563 (snews://). The new AllowCONNECT
-     directive allows the configuration of the ports to which a
-     CONNECT is allowed.  [Sameer Parekh, Martin Kraemer]
-
-  *) mod_expires will now act on content that is not sent from a file
-     on disk.  Previously it would never add an Expires: header to
-     any response that did not come from a file on disk; the only
-     case where it still doesn't (and can't) add one for that type of 
-     content is if you are using a modification date based setting.  
-     [Marc Slemko, Paul Phillips <paulp@go2net.com>]
-
-  *) Problems encountered during .htaccess parsing or CGI execution
-     that lead to a "500 Server Error" condition now provide explanatory
-     text (in the *ERROR_NOTES envariable) to ErrorDocument 500 scripts.
-     [Ken Coar] PR#1291
-
-  *) Add NameWidth keyword to IndexOptions directive so that the
-     width of the filename column is customisable.  [Ken Coar, Dean Gaudet]
-     PR#1949, 2324.
-
-  *) Recognize lowercase _and_ uppercase `uname' results under
-     SCO OpenServer. [David Coelho <drc@ppt.com>]
-
-  *) As duplicate "HTTP/1.0 200 OK" lines within the header seem to be
-     a common problem of (mis-administrated?) IIS servers, make the apache
-     proxy immune to these errors (and ignore the duplicates, but log
-     the fact to error_log). [Martin Kraemer], after the proposal in PR#2914 
-     
-  *) The <IfModule and <IfDefine block starting directives now only
-     allow exactly one argument. Previously, the optional negation
-     character '!' could be separated by whitespace without a syntax
-     error being reported, albeit defeating the IfModule functionality
-     (enclosed directives would ALWAYS be executed). By using the
-     stricter syntax, these hard-to-track errors can be avoided.
-     [Martin Kraemer]
-
-  *) Simplify handling of IndexOptions in mod_autoindex -- and BTW
-     cause the standalone FancyIndexing directive to logically OR
-     into any existing IndexOptions settings rather than wiping
-     them out.  [Ken Coar]
-
-  *) Changes in ftp proxy: make URL parsing simpler by using the
-     parsed_uri stuff.
-     + Add display of the "current directory" in cases where it's
-     different from the supplied path (e.g., ftp://user@host/ lives
-     in /home/user, not in /, therefore clicking on "../" in the
-     starting directory might send us to /home/).
-     + When ftp login fails, (esp. when a user name was part of the
-     URL already), we now return [401 Unauthorized ] to allow the
-     browser to pop up an authorization dialog. This makes passwords
-     slightly less visible (they don't appear in the regular log files)
-     and implements a functionality that other www proxy servers
-     already offered.
-     [Martin Kraemer]
-
-  *) Triggered by the recent "Via:" header changes, the proxy module would
-     dump core for replies with invalid headers (e.g., duplicate
-     "HTTP/1.0 200 OK" lines). These errors are now logged and the
-     core dump is avoided. Also, broken replies are not cached.
-     [Martin Kraemer] PR#2914
-
-  *) new `GprofDir' directive when compiled with -DGPROF, where gprof can
-     plop gmon.out profile data for each child [Doug MacEachern]
-   
-  *) Use the construct ``"$@"'' instead of ``$*'' in the generated
-     config.status script to be immune against arguments with whitespaces.
-     [Yves Arrouye <yves@apple.com>] PR#2866
-
-  *) Replace the inlined information grabbing stuff for the configuration
-     adjustment feature (no --without-confadjust) with calls to a new helper
-     script `buildinfo.sh' which is both more flexible and already proofed to
-     be more robust against platform differences. This mainly fixes the
-     recently occured ``sed: command garbled: ...'' problems.
-     [Ralf S. Engelschall] PR#2776, PR#2848
-
-  *) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align
-     -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''
-     without complains after we recently added the POST feature.
-     [Ralf S. Engelschall]
-
-  *) Renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx() name. They are used inside
-     modules as API functions and we forgot them at the big symbol renaming.
-     [Ralf S. Engelschall]
-
-  *) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html
-     [Youichirou Koga <y-koga@jp.FreeBSD.ORG>] PR#2895
-
-  *) Dynamically size the filename column of mod_autoindex output.
-     [Dean Gaudet]
-
-  *) Add the ability to do POST requests to the ab benchmarking tool.
-     [Kurt Sussman <kls@best.com>] PR#2871
-
-  *) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of
-     5 to 10 because there are some users out there who always have 5 to 8
-     variables in one RewriteRule and had to patch mod_rewrite.h for every
-     release. So 15 should be now more than enough, even for them. (I never
-     needed more than 4 in my RewriteRules ;-)
-     [Ralf S. Engelschall]
-
-  *) Make the proxy generate and understand Via: headers
-     [Martin Kraemer]
-
-  *) Change the proxy to use tables instead of array_headers for
-     the header lines. [Martin Kraemer]
-
-  *) Make sure the config.status file is not overridden when just
-     ``configure --help'' is used. [Ralf S. Engelschall] PR#2844
-
-  *) Split MODULE_MAGIC_NUMBER into _MAJOR/_MINOR numbers. This should
-     provide a way to trace API changes that add functionality but do
-     not create a compatibility issue for precompiled modules, etc.
-     See include/ap_mmn.h for more details.  [Randy Terbush]
-
-  *) Fix suexec installation under `make install root=xxx' situation.
-     [Ralf S. Engelschall]
-
-  *) Extend the output of the -V switch to include the paths of all
-     compiled-in configuration files, if they were overridden at
-     compile time, for least astonishment of the user.
-     [Martin Kraemer]
-
-  *) When READing a request in ExtendedStatus mode, the "old"
-     vhost, request and client information is not displayed.
-     [Jim Jagielski]
-
-  *) STATUS is no longer available. Full status information now
-     run-time configurable using the ExtendedStatus directive.
-     [Jim Jagielski]
-
-  *) SECURITY: CAN-1999-1199 (cve.mitre.org)
-     Eliminate O(n^2) space DoS attacks (and other O(n^2)
-     cpu time attacks) in header parsing.  Add ap_overlap_tables(),
-     a function which can be used to perform bulk update operations
-     on tables in a more efficient manner.  [Dean Gaudet]
-
-  *) SECURITY: Added compile-time and configurable limits for
-     various aspects of reading a client request to avoid some simple
-     denial of service attacks, including limits on maximum request-line
-     size (LimitRequestLine), number of header fields (LimitRequestFields),
-     and size of any one header field (LimitRequestFieldsize).  Also added
-     a configurable directive LimitRequestBody for limiting the size of the
-     request message body.  [Roy Fielding]
-
-  *) Make status module aware of DNS and logging states, even if
-     STATUS not defined.  [Jim Jagielski]
-
-  *) Fix a problem with the new OS/2 mutexes.  [Brian Havard]
-
-  *) Enhance mod_speling so that CheckSpelling can be used in
-     <Directory> containers and .htaccess files.  [Ken Coar]
-
-  *) API: new ap_custom_response() function for hooking into the
-     ErrorDocument mechanism at runtime [Doug MacEachern]
-
-  *) API: new ap_uuencode() function [Doug MacEachern]
-
-  *) API: scan_script_header_err_core() now "public" and renamed
-     ap_scan_script_header_err_core() [Doug MacEachern]
-
-  *) The 'status' module will now show the process pid's and their
-     state even without full STATUS accounting. [Jim Jagielski]
-
-  *) Restore the client IP address to the error log messages, this
-     was lost during the transition from 1.2 to 1.3.  Add a new
-     function ap_log_rerror() which takes a request_rec * and
-     formats it appropriately.  [Dean Gaudet] PR#2661
-
-  *) Cure ap_cfg_getline() of its nasty habit of compressing internal
-     whitespace in input lines -- including within quoted strings.
-     [Ken Coar]
-     but leading and trailing whitespace should continue to be
-     stripped [Martin Kraemer]
-
-  *) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid
-     the ugly use of an env. variable and use command-line args for
-     alternate $PATH. Make more like advanced 'type's as well.
-     [Jim Jagielski]
-
-  *) The IRIXN32 Rule was being ignored. Configure now correctly adds
-     -n32 only if IRIXN32 says to. [Jim Jagielski, Alain St-Denis
-     <alain.st-denis@ec.gc.ca>] PR#2736
-
-  *) Clean up a warning in mod_proxy. [Ralf S. Engelschall]
-
-  *) Renamed __EMX__ (internal define of the gcc port under OS/2) to OS2
-     following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/
-     directory was renamed to src/os/os2/ for consistency.
-     [Brian Havard, Ralf S. Engelschall]
-
-  *) Add new Rule SHARED_CHAIN which can be used to enable linking of DSO
-     files (here modules) against other DSO files (here shared libraries).
-     This is done by determining a subset of LIBS which can be safely used for
-     linking the DSOs, i.e. PIC libs and shared libs.  Currently the rule is
-     disabled for all platforms to avoid problems with this (experimental)
-     rule. But we provide it now for those people how ran into problems and
-     want to came out by forcing linking against DSOs.
-     [Ralf S. Engelschall] PR#2587
-
-  *) Fix suEXEC start message: Has to be of `notice' level to really get
-     printed together with the standard startup message because the `notice'
-     level is handled special inside ap_log_error() for startup messages.
-     [Ralf S. Engelschall] PR#2761 PR#2761 PR#2765
-
-  *) Add correct `model' MIME types from RFC2077 to mime.types file.
-     [Ralf S. Engelschall] PR#2732
-
-  *) Fixed examples in mod_rewrite.html document. 
-     [Youichirou Koga <y-koga@jp.FreeBSD.org>, Ralf S. Engelschall] PR#2756
-
-  *) Allow ap_read_request errors to propagate through the normal request
-     handling loop so that the connection can be properly closed with
-     lingering_close, thus avoiding a potential TCP reset that would
-     cause the client to miss the HTTP error response.  [Roy Fielding]
-
-  *) One more portability fix for APACI shadow tree support: Swap order of awk
-     and sed in top-level configure script to avoid sed fails on some
-     platforms (for instance SunOS 4.1.3 and NCR SysV) because of the
-     non-newline-termined output of Awk. [Ralf S. Engelschall] PR#2729
-
-  *) PORT: NEC EWS4800 support.
-     [MATSUURA Takanori <t-matsuu@protein.osaka-u.ac.jp>]
-
-  *) Fix a segfault in the proxy on OS/2.  [Brian Havard]
-
-  *) Fix Win32 part of ap_spawn_child() by providing a reasonable child_info
-     structure instead of just NULL. This fixes at least the RewriteMap
-     programs under Win32. [Marco De Michele <mdemichele@tin.it>] PR#2483
-
-  *) Add workaround to top-level `configure' script for brain dead 
-     `echo' commands which interpet escape sequences per default.
-     [Ralf S. Engelschall] PR#2654
-
-  *) Make sure that the path to the Perl interpreter is correctly
-     adjusted under `make install' also for the printenv CGI script.
-     [Ralf S. Engelschall] PR#2595
- 
-  *) Update the mod_rewrite.html document to correctly reflect the situation
-     of the `proxy' (`[P]') feature. [Ralf S. Engelschall] PR#2679
-
-  *) Fix `install-includes' sub-target of `install' target in top-level
-     Makefile.tmpl: The umask+cp approach didn't work as expected (especially
-     for users which extracted the distribution under 'umask 077'), so replace
-     it by an explicit cp+chmod approach.
-     [Richard Lloyd, Curt Sampson, Ralf S. Engelschall] PR#2656 PR#2626
- 
-  *) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same
-     behavior and to cleanup correctly even under enabled SHARED_CORE rule.
-     [Ralf S. Engelschall]
-
-  *) Use a more straight forward and thus less problematic Sed command in
-     src/helper/mkdir.sh script.  [Ralf S. Engelschall]
-
-  *) Make sure the `configure' scripts doesn't fail when trying to guess the
-     domainname of the machine and there are multiple `domainname' and
-     `search' entries in /etc/resolv.conf.
-     [Ralf S. Engelschall] PR#2710
-
-  *) Add note about the SHARED_CORE requirement on some platforms also to the
-     INSTALL file because a lot of users don't read htdocs/manual/dso.html
-     first. [Ralf S. Engelschall] PR#2701
-
-  *) Fix document "hyperlink" for dso.html in src/Configuration.tmpl
-     [Knut A.Syed <Knut.Syed@nhh.no>] PR#2674
-
-  *) Modify mod_rewrite to update the Vary response field if the URL rewriting
-     engine does any manipulations or decisions based upon request fields. 
-     [Ken Coar] PR#1644
-
-  *) Document the special APACI behavior for installation paths where
-     ``/apache'' is appended to paths under some (well defined, of course)
-     situations to prevent pollution of system locations with Apache files.
-     [Ralf S. Engelschall] PR#2660
-
-  *) Fixed problem with buffered response message not being sent for
-     the read_request error conditions of URI-too-long (414) and
-     malformed header fields (400).  [Roy Fielding] PR#2646
-
-  *) Add support for the Max-Forwards: header line required by RFC2068 for
-     the TRACE method. This allows apache to TRACE along a chain of proxies
-     up to a predetermined depth. [Martin Kraemer]
-
-  *) Fix SHARED_CORE rule: The CFLAGS_SHLIB variable is no longer doubled
-     (compilers complained) and the .so.V.R.P filename extension was adjusted
-     to correctly reflect the 1.3.2 version.
-     [Ralf S. Engelschall] PR#2644
-
-  *) SECURITY: Plug "..." and other canonicalization holes under OS/2.
-     [Brian Havard]
-  
-  *) PORT: implement serialized accepts for OS/2.  [Brian Havard]
-
-  *) mod_include had problems with the fsize and flastmod directives
-     under WIN32.  Fix also avoids the minor security hole of using
-     ".." paths for fsize and flastmod.
-     [Manoj Kasichainula <manojk@raleigh.ibm.com>] PR#2355
-
-  *) Fixed some Makefile dependency problems.  [Dean Gaudet]
-
-Changes with Apache 1.3.1
-
-  *) Disable the incorrect entry for application/msword in the 
-     mod_mime_magic "magic" file because it also matches other Office
-     documents.  [Ralf S. Engelschall] PR#2608
-
-  *) Fix broken RANLIB handling in src/Configure (the entry from
-     src/Configuration.tmpl was ignored) and additionally force RANLIB to
-     /bin/true under HP/UX where ranlib exists but is deprecated.
-     [Ralf S. Engelschall] PR#2627
-     
-  *) 'apachectl status' failed on some systems.
-     [Steve VanDevender <stevev@darkwing.uoregon.edu>, Lars Eilebrecht] PR#2613
-
-  *) Add new flags for ap_unparse_uri_components() to make it generate
-     the scheme://sitepart string only, or to omit the query string.
-     [Martin Kraemer]
-
-  *) WIN32: Canonicalize ServerRoot before checking to see if it
-     is a valid directory.  The failure to do this caused certain
-     ServerRoot settings (eg. "ServerRoot /apache") to be improperly
-     rejected.  [Marc Slemko]
-
-  *) Global renaming of C header files to both get rid of conflicts with third
-     party packages and to again reach consistency:
-       1. conf.h      -> ap_config.h
-       2. conf_auto.h -> ap_config_auto.h \ these are now merged
-       3. ap_config.h -> ap_config_auto.h / in the config process
-       4. compat.h    -> ap_compat.h
-       5. apctype.h   -> ap_ctype.h
-     Backward compatibility files for conf.h and compat.h were created.
-
-  *) mod_mmap_static will no longer take action on requests unless at 
-     least one "mmapfile" directive is present in the configuration. 
-     This experimental module has to do some black magic to operate 
-     inside the current API and thus creates side-effects for other 
-     modules under some circumstances.
-     [Ralf S. Engelschall]
- 
-  *) Add conservative ticks around more egrep arguments in top-level configure
-     to avoid problems under brain-dead platforms like Digital UNIX (OSF1).
-     [Ralf S. Engelschall] PR#2596
-
-  *) mod_rewrite created RewriteLock files under the UID of the parent
-     process, thus the child processes had no write access to the files.
-     Now a chown() is done on the file to the uid of the children,
-     if applicable.  [Lars Eilebrecht, Ralf S. Engelschall] PR#2341
-
-  *) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via
-     TestCompile) instead of defining them manually in conf.h based on less
-     accurate platform definitions.  This way we no longer have to fiddle with
-     OS-type and/or OS-version identifiers to discover whether a system header
-     file exists or not.  Instead we now directly check for the existence of
-     those esoteric ones. 
-     [Ralf S. Engelschall] PR#2093, PR#2361, PR#2377, PR#2434,
-                           PR#2524, PR#2525, PR#2533, PR#2569
-
-  *) mod_setenvif (BrowserMatch* and friends) will now match a missing
-     field with "^$".  [Ken Coar]
-
-  *) Set the RTLD_GLOBAL dlopen mode parameter to allow dynamically loaded
-     modules to load their own modules dynamically.  This improves mod_perl
-     and mod_php3 when these modules are loaded dynamically into Apache.
-     [Rasmus Lerdorf]
-
-  *) Cache a proxied request in the event that the client cancels the
-     transfer, provided that the configured percentage of the file has
-     already been transferred. It works for HTTP transfers only.  The 
-     new configuration directive is called CacheForceCompletion. 
-     [Glen Parker <glenebob@nwlink.com>] PR#2277
-
-  *) Add the "<!DOCTYPE HTML" magic cookie used by modern documents (and
-     required by HTML 3.2 and later) to mod_mime_magic's conf/magic.
-     [Anna Shergold <anna@inext.co.uk>]
-
-  *) Fix yet another signal-based race condition involving nested timers.
-     Signals suck.  [Dean Gaudet]
-
-  *) suexec's error messages have been clarified a little bit.  [Ken Coar]
-
-  *) Clean up some, but perhaps not all, 8-bit character set problems
-     with config file parsing, and URL parsing.  We now define
-     ap_isdigit(), ap_isupper(), ... which cast to an (unsigned char).
-     This should work on most modern unixes.
-     [Dean Gaudet] PR#800, 2282, 2553  (and others)
-
-  *) The "handler not found" error was issued in cases where the handler
-     really did exist, but was just declining to serve the request.
-     [John Van Essen <jve@gamers.org>] PR#2529
-
-  *) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x).
-     [Ronald Record <rr@sco.com>] PR#2533
-
-  *) The APACI libexecdir was not extended with an "apache/" subdir
-     if the installation prefix didn't already contain "apache", but
-     it should be because the DSO files are Apache-specific.  Now
-     libexecdir is treated the same way sysconfdir, datadir, localstatedir
-     and includedir are already treated.
-     [Charles Levert <charles@comm.polymtl.ca>] PR#2551
-
-  *) The <Limit> parsing routine was incorrectly treating methods as
-     case-insensitive.  [Ken Coar]
-
-  *) The ap_bprintf() code neglected to test if there was an error on
-     the connection.  ap_bflush() misdiagnosed a failure as a success.
-     [Dean Gaudet]
-
-  *) add support for #perl arg interpolation in mod_include
-     [Doug MacEachern]
-
-  *) API: Name changes of table_elts to ap_table_elts, is_table_empty
-     to ap_is_table_empty and bgetflag to ap_bgetflag. [Ben Laurie]
-
-  *) PORT: Add UnixWare 7 support
-     [Vadim Kostoglodoff <vadim@olly.ru>] PR#2463
-
-  *) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was
-     used instead of "$PERL" which contains the correctly determined Perl
-     interpreter (important for instance on systems where "perl" and "perl5"
-     exists, like BSDI or FreeBSD, etc).
-     [Ralf S. Engelschall] PR#2505
-
-  *) Move the initial suEXEC-related startup message from plain
-     fprintf()/stderr to a delayed ap_log_error()-based one to avoid problems
-     when Apache is started from inetd (instead of standalone). Under this
-     situation startup messages on stderr lead to problems (the line is sent
-     to the client in front of the requested document).
-     [Ralf S. Engelschall] PR#871, PR#1318
-
-  *) Add a flag so ap_fnmatch() can be used for case-blind pattern matching.
-     [Ken Coar, Dean Gaudet]
-
-  *) WIN32: Don't collapse multiple slashes in PATH_INFO.
-     [Ben Laurie, Bill Stoddard <wgstodda@us.ibm.com>] PR#2274
-
-  *) WIN32 SECURITY: Eliminate trailing "."s in path components. These are
-     ignored by the Windows filesystem, and so can be used to bypass security.
-     [Ben Laurie, Alexei Kosut].
-
-  *) We now attempt to dump core when we get SIGILL. [Jim Jagielski]
-
-  *) PORT: remove broken test for MAP_FILE in http_main.c.
-     [Wilfredo Sanchez <wsanchez@apple.com>]
-
-  *) PORT: Change support/apachectl to use "kill -0 $pid" to test if the
-     httpd is running.  This should be more portable than figuring out
-     which of three dozen different versions of "ps" are installed.
-     [a cast of dozens]
-
-  *) WIN32: If we can't figure out how to execute a file in a script
-     directory, bail out of the request with an error message.  [W G Stoddard]
-
-  *) WIN32 SECURITY: Eliminate directories consisting of three or more dots;
-     these are treated by Win32 as if they are ".." but are not detected by
-     other machinery within Apache. This is something of a kludge but
-     eliminates a security hole. [Manoj Kasichainula, Ben Laurie]
-
-  *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses
-     pools and thus pollutes libap (until the pool stuff is moved there).
-     [Ken Coar]
-
-  *) IndexIgnore should be case-blind on Win32 (and any other case-aware
-     but case-insensitive platforms).  New #define for this added to conf.h
-     (CASE_BLIND_FILESYSTEM).  [Ken Coar] PR#2455
-
-  *) Enable DSO support for OpenBSD in general, not only for 2.x, because it
-     also works for OpenBSD 1.x. [Ralf S. Engelschall]
-
-  *) PORT: Fix compilation problem on ARM Linux.
-     [Sam Kington <sam@illuminated.co.uk>] PR#2443
-
-  *) Let APACI's configure script determine some configuration parameters
-     (Group, Port, ServerAdmin, ServerName) via some intelligent tests to
-     remove some of the classical hurdles for new users when setting up
-     Apache. This is done per default because it is useful for the average
-     user. Package authors can use the --without-confadjust option to disable
-     these configuration adjustments.
-     [Ralf S. Engelschall]
-
-  *) Added an EXTRA_DEPS configuration parameter which can be used
-     to add an extra Makefile dependency for the httpd target, for instance
-     to external third-party libraries, etc.
-     [Ralf S. Engelschall]
-
-  *) Add <IfDefine>..</IfDefine> sections to the core module (with same spirit
-     as <IfModule>..</IfModule> sections) which can be used to skip or process
-     contained commands dependend of ``-D PARAMETER'' options on the command
-     line. This can be used to achieve logical conditions like <IfDefine
-     ReverseProxy> instead of physically ones (e.g. <IfModule mod_proxy.c>)
-     and thus especially can be used for conditionally loading DSO-based
-     modules via LoadModule, etc. [Ralf S. Engelschall]
-
-  *) PORT: clean up a warning in mod_status for OS/2.  [Brian Havard]
-
-  *) Make table elements const. This may prevent obscure errors. [Ben Laurie]
-
-  *) Fix parsing of FTP `SIZE' responses in proxy module: The newline was not
-     truncated which forced following HTTP headers to be data in the HTTP
-     reponse. [Ralf S. Engelschall, Charles Fu <ccwf@bacchus.com>] 
-     PR#2412, 2367
-
-  *) Portability fix for APACI shadow tree support: Swap order of awk and sed
-     in top-level configure script to avoid sed fails on some platforms (for
-     instance SunOS 4.1.3 and NCR SysV) because of the non-newline-termined
-     output of Awk. [Bill Houle <bhoule@sandiegoca.ncr.com>] PR#2435
-
-  *) Improve performance of directory listings (mod_autoindex) by comparing
-     integer keys (last-modified and size) as integers rather than converting
-     them to strings first.  Also use a set of explicit byte tests rather
-     than strcmp() to check for parent directory-ness of an entry.  Oh, and
-     make sure the parent directory (if displayed) is *always* listed first
-     regardless of the sort key.  Overall performance winnage should be good
-     in CPU time, instruction cache, and memory usage, particularly for large
-     directories.  [Ken Coar]
-
-  *) Add a tiny but useful goody to APACI's configure script: The generation
-     of a config.status script (as GNU Autoconf does) which remembers the used
-     configure command and hence can be used to restore the configuration by
-     just re-running this script or for remembering the configuration between
-     releases.
-     [Ralf S. Engelschall]
-
-  *) Add httpd -t (test) option for running configuration syntax tests only.
-     If something is broken it complains and exits with a return code
-     non-equal to 0. This can be used manually by the user to check the Apache
-     configuration after editing and is also automatically used by apachectl
-     on (graceful) restart command to make sure Apache doesn't die on restarts
-     because of a configuration which is now broken since the last (re)start.
-     This way `apachectl restart' can be used inside cronjobs without having
-     to expect Apache to be falling down. Additionally the httpd -t can be run
-     via `apachectl configtest'.
-     [Ralf S. Engelschall] PR#2393
-  
-  *) Minor display fix for "install" target of top-level Makefile:
-     the displayed installation command was incorrect although the
-     executed command was correct. Now they are in sync.
-     [Ralf S. Engelschall] PR#2402
-
-  *) Correct initialization of variable `allowed_globals' in http_main.c
-     [Justin Bradford <justin@ukans.edu>] PR#2400
-
-  *) Apache would incorrectly downcase the entire Content-Type passed from
-     CGIs.  This affected server-push scripts and such which use
-     multipart/x-mixed-replace;boundary=ThisRandomString.
-     [Dean Gaudet] PR#2394
-
-  *) PORT: QNX update to properly guess 32-bit systems.
-     [Sean Boudreau <seanb@qnx.com>] PR#2390
-
-  *) Make sure the DSO emulation code for HPUX finds the proprietary shl_xxx()
-     functions which are in libdld under HPUX 9/10.
-     [Ralf S. Engelschall] PR#2378
-
-  *) Make sure the "install" target of the top-level Makefile doesn't break
-     because of a return code of 1 from an "if" (for instance under braindead
-     Ultrix the result code of an "if" construct is 1 if the "then" clause
-     didn't match). [Ralf S. Engelschall]
-
-  *) Add an additional "dummy" target to the "$(LIB)" target in generated
-     modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO"
-     situation (no libxxx.a built, only mod_xxx.so's) where LIB and OBJS are
-     empty. [Ralf S. Engelschall, Dean Gaudet, Martin Kraemer]
-
-  *) Replace two bad sprintf() calls with ap_snprintf() variants in
-     mod_rewrite. [Ralf S. Engelschall]
-
-  *) Fix missing usage description for MetaFiles directive.
-     [David MacKenzie <djm@va.pubnix.com>] PR#2384
-
-  *) mod_log_config wouldn't let vhosts use log formats defined in the
-     main server.  [Christof Damian <damian@mediaconsult.com>] PR#2090
-
-  *) mod_usertrack was corrupting the client hostname.  As part of the
-     fix, the cookie values were slightly extended to include the
-     fully qualified hostname of the client.
-     [Dean Gaudet] PR#2190, 2229, 2366
-
-  *) Fix a typo in pool debugging code.  [Alvaro Martinez Echevarria]
-
-  *) mod_unique_id did not work on alpha linux (in general on any
-     architecture that has 64-bit time_t).
-     [Alvaro Martinez Echevarria]
-
-  *) PORT: Make SCO 5 (and probably 3) compile again. [Ben Laurie]
-
-  *) PORT: NCR MPRAS systems have the same bug with SIGHUP restart that
-     Solaris systems experience.  So define WORKAROUND_SOLARIS_BUG.
-     [Klaus Weber <kweber@chephren.germany.ncr.com>] PR#1973
-
-  *) Change "Options None" to "Options FollowSymLinks" in the 
-     <Directory /> section of the default access.conf-dist
-     (and -win even though it doesn't matter there).  This has better
-     performance, and more intuitive semantics.  [Dean Gaudet]
-
-  *) PORT: Updated support for UTS 2.1.2.
-     [Dave Dykstra <dwd@bell-labs.com>] PR#2320
-
-  *) Fix symbol export list (src/support/httpd.exp) after recent
-     API changes in the child spawning area.
-     [Jens-Uwe Mager <jum@helios.de>]
-
-  *) Workaround for configure script and old `test' commands which do not
-     support the -x flag (for instance under platforms like Ultrix). This is
-     solved by another helper script findprg.sh which searches for Perl and
-     Awk like PrintPath but _via different names_.
-     [Ralf S. Engelschall]
-
-  *) Remove the system() call from htpasswd.c, which eliminates a system
-     dependancy.  ["M.D.Parker" <mdpc@netcom.com>] PR#2332
-
-  *) PORT: Fix compilation failures on NEXTSTEP.
-     [Rex Dieter <rdieter@math.unl.edu>] PR#2293, 2316
-
-  *) PORT: F_NDELAY is a typo, should have been FNDELAY.  There's also
-     O_NDELAY on various systems.  [Dave Dykstra <dwd@bell-labs.com>] PR#2313
-
-  *) PORT: helpers/GuessOS updates for various versions for NCR SVR4.
-     [juerg schreiner <j.schreiner@zh.ch>,
-     Bill Houle <Bill.Houle@SanDiegoCA.NCR.COM>] PR#2310
-
-  *) Fix recently introduced Win32 child spawning code in mod_rewrite.c which
-     was broken because of invalid ap_pstrcat() -> strcat() transformation.
-     [Ralf S. Engelschall]
-
-  *) Proxy Cache Fixes: account for directory sizes, fork off garbage collection
-     to continue in background, use predefined types (off_t, size_t, time_t),
-     log the current cache usage percentage at LogLevel debug
-     [Martin Kraemer, based on discussion between Dean Gaudet & Dirk vanGulik]
-
-Changes with Apache 1.3.0
-
-  *) Using a type map file as a custom error document was not possible.
-     [Lars Eilebrecht] PR#1031
-
-  *) Avoid problems with braindead Awks by additionally searching for gawk 
-     and nawk in APACI's configure script.
-     [Dave Dykstra <dwd@bell-labs.com>, Ralf S. Engelschall] PR#2319
-
-  *) Rename md5.h to ap_md5.h to avoid conflicts with native MD5 on
-     some systems. [Randy Terbush]
-
-  *) Change usage of perror()+fprintf(stderr,...) in mod_rewrite to
-     more proper ap_log_error() variants.
-     [Ralf S. Engelschall]
-
-  *) Make sure the argument for the --add-module option to APACI's configure
-     script is of type [path/to/]mod_xxx.c because all calculations inside
-     configure and src/Configure depend on this.
-     [Ralf S. Engelschall] PR#2307
-
-  *) Changes usage of perror/fprintf to stderr to more proper ap_log_error
-     in mod_mime, mod_log_referer, mod_log_agent, and mod_log_config.
-     [Brian Behlendorf]
-
-  *) Various OS/2 cleanups ["Brian Havard" <brianh@kheldar.apana.org.au>]
-
-  *) PORT: QNX needed a #include <sys/mman.h>; and now it uses flock
-     serialized accept to handle multiple sockets.
-     [Rob Saccoccio <robs@InfiniteTechnology.com>] PR#2295, 2296
- 
-  *) Have NT properly set the directory for CGI scripts 
-     (& other spawned children)
-     [W G Stoddard <wgstodda@us.ibm.com>]
-
-  *) Propagate environment to CGI scripts correctly in Win32.
-     [W G Stoddard <wgstodda@us.ibm.com>] PR#2294
-
-  *) Some symbol renaming:
-     ap_spawn_child_err became ap_spawn_child
-     ap_spawn_child_err_buff became ap_bspawn_child
-     spawn_child was obsoleted and moved to compat.h
-     [Brian Behlendorf]
-
-  *) Upgrade the child spawning code in mod_rewrite for the RewriteMap
-     programs: ap_spawn_child_err() is used and the Win32 case now uses
-     CreateProcess() instead of a low-level execl() (which caused problems in
-     the past under Win32).
-     [Ralf S. Engelschall]
-
-  *) A few cosmetics and trivial enhancements to APXS to make the
-     generated Makefile more user friendly. [Ralf S. Engelschall]
-
-  *) Proxy Fix: The proxy special failure routine ap_proxyerror()
-     was updated to use the normal apache error processing, thereby allowing
-     proxy errors to be treated by ErrorDocument's as well. For this
-     purpose, a new module-to-core communication variable "error-notes"
-     was introduced; the proxy (and possibly other modules) communicates
-     its error text using this variable. Its content is copied to a new
-     cgi-env-var REDIRECT_ERROR_NOTES for use by ErrorDocuments.
-     The old proxy special error routine ap_proxy_log_uerror()
-     was replaced by regular ap_log_error() calls, many messages were made
-     more informative. 
-     [Martin Kraemer] PR#494, 1259
-
-  *) SECURITY: A possible buffer overflow in the ftp proxy was fixed.
-     [Martin Kraemer]
-
-  *) Transform the configure message "You need root privileges for suEXEC"
-     from a fatal error into a (more friendly) warning because the building
-     ("make") of Apache we can allow, of course. Root privileges are needed
-     only for the installation step ("make install"). So make sure the
-     user is aware of this fact but let him proceed as long as he can.
-     [Ralf S. Engelschall] PR#2288
-  
-  *) Renamed three more functions to common ap_ prefix which we missed at the
-     Big Symbol Renaming because they're #defines and not real C functions:
-     is_default_port(), default_port(), http_method().
-     [Ralf S. Engelschall]
-
-  *) A zero-length name after a $ in an SSI document should cause
-     just the $ to be in the expansion.  This was broken during the
-     security fixes in 1.2.5.  [Dean Gaudet] PR#1921, 2249
-
-  *) Call ap_destroy_sub_req() in ap_add_cgi_vars() to reclaim some
-     memory.  [Rob Saccoccio <robs@InfiniteTechnology.com>] PR#2252
-
-  *) Fix src/support/httpd.exp (DSO export file which is currently only
-     used under AIX) because of recent changes to function names.
-     [Ralf S. Engelschall]
-
-Changes with Apache 1.3b7
-
-  *) Make sure a MIME-type can be forced via a RewriteRule even when no
-     substitution takes place, for instance via the following rule:
-     ``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often
-     requested by users in the past to force a single script without a .cgi
-     extension and outside any cgi-bin dirs to be executed as a CGI program.
-     [Ralf S. Engelschall] PR#2254
-
-  *) A fix for protocol issues surrounding 400, 408, and
-     414 responses. [Ed Korthof]
-
-  *) Ignore MaxRequestsPerChild on WIN32. [Brian Behlendorf]
-
-  *) Fix discrepancy in proxy_ftp.c which was causing failures when 
-     trying to connect to certain ftpd's, such as anonftpd.  
-     [Rick Ohnemus <rick@ecompcon.com>]
-
-  *) Make mod_rewrite use ap_open_piped_log() for RewriteLog directive's
-     logfile instead of fiddling around itself with child spawning stuff.
-     [Ralf S. Engelschall]
-
-  *) Made RefererIgnore case-insensitive.
-
-  *) Mod_log_agent, mod_log_referer now use ap_open_piped_log for piped logs.
-     [Brian Behlendorf]
-
-  *) Replace use of spawn_child with ap_spawn_child_err_buff, to make everything
-     "safe" under Win32.  In: mod_include.c, mod_mime_magic.c
-     [Brian Behlendorf]
-
-  *) Improve RFC1413 support. [Bob Beck <beck@bofh.ucs.ualberta.ca>]
-
-  *) Fix support script `dbmmanage': It was unable to handle some sort
-     of passwords, especially passwords with "0" chars.
-     [Ralf S. Engelschall] PR#2242
-
-  *) WIN32: Clicking on "Last Modified" in a fancy index caused a crash. Fixed.
-     [Ben Laurie] PR#2238
-
-  *) WIN32: CGIs could cause a hang (because of a deadlock in the standard C
-     library), so CGI handling has been changed to use Win32 native handles
-     instead of C file descriptors.
-     [Ben Laurie and Bill Stoddard <wgstodda@us.ibm.com>] PR#1129, 1607
-
-  *) The proxy cache would store an incorrect content-length in the cached
-     file copy after a cache update. That resulted in repeated fetching
-     of the original copy instead of using the cached copy.
-     [Ernst Kloppenburg <kloppen@isr.uni-stuttgart.de>] PR#2094
-
-  *) The Makefiles assumed that DSO files are build via $(LD). This
-     is broken for two reasons: First we never defined at least LD=ld
-     somewhere to make sure this works (it was silently assumed that most Make
-     provide a built-in LD definition - ARGL!) and second using the generic LD
-     variable is not the truth. Instead a special variable named LD_SHLIB is
-     reasonable because although "ld" is usually the default, the command for
-     building DSO files can be "libtool" or even "cc" on some systems.
-     [Ralf S. Engelschall]
-
-  *) Replace the AddVersionPlatform directive with ServerTokens which
-     provides for more control over the format of the Server:
-     header line. SERVER_SUBVERSION is no longer supported;
-     all module should use the ap_add_version_component()
-     API function instead. [Jim Jagielski]
-
-  *) Support for the NCR MP/RAS 3.0
-     [John Withers <withers@semi.kcsc.mwr.irs.gov>]
-
-  *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was
-     not retrieved in src/Configure and thus was not useable.
-     [Ralf S. Engelschall]
- 
-  *) Various Makefile consistency cleanups:
-     - make OSDIR also automatically be relative to src/ like INCDIR
-     - SUBDIRS is now generated in src/Makefile only and not in
-       Makefile.config because it is a local define for this location.
-     - remove BROKEN_BPRINTF_FLAGS because is it no longer used inside
-       any Makefile but make sure that at least the "-K inline" is kept in
-       CFLAGS for SCO 5.
-     - update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too.
-     - updated the dependencies theirself
-     - removed not existing SHLIB variable from "clean" targets
-     - replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS
-       already exists and OBJS_PIC are also just plain objects and have not
-       directly to do with "shared" things. The only difference is that they
-       contain PIC. So OBJS_PIC is the more canonical name.
-     - Updated the Makefile-dependency lines for OBJS_PIC
-     - Removed the Makefile-dependency line in Configure to avoid double
-       definitions
-     - replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage
-       of xxx.lo as GNU libtool does with its PIC objects
-     - reduce local complexity in modules Makefile.tmpl by moving the last
-       existing target "depend" to the generation section in Configure, too.
-     - removed the historical $(SPACER) which was used in the past together
-       with BROKEN_BPRINTF_FLAGS to avoid zig-zags in the build process. This
-       is no longer needed.
-     - force the build and run of the gen_xxx programs under main/ as the
-       first step before building the objects because it looks cleaner
-     [Ralf S. Engelschall]
-
-  *) WIN32: Make Win32 work again after the /dev/null DoS fix.
-     [Ben Laurie]
-
-  *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
-     [Ben Laurie]
-
-  *) WIN32: Don't force ISAPI headers to finish with \n.
-     [Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie] PR#2060
-
-  *) When opening "configuration" files (like httpd.conf, htaccess
-     and htpasswd), Apache will not allow them to be non-/dev/null
-     device files. This closes a DoS hole. At the same time,
-     we use ap_pfopen to open these files to handle timeouts.
-     [Jim Jagielski, Martin Kraemer]
-
-  *) Apache will now log the reason its httpd children exit if they exit
-     due to an unexpected signal.  (It requires a new porting define,
-     SYS_SIGLIST, which if defined should point to a list of text
-     descriptions of the signals available.  See PORTING.)  [Dean Gaudet]
-
-  *) WIN32: chdir() doesn't make sense in a multithreaded environment 
-     like WIN32.  Before, Win32 CGI's could have had sporadic failures 
-     if a chdir call from one thread was made between another chdir call 
-     and a spawn in another thread.  So, for now don't chdir for CGI scripts 
-     in WIN32.  The current CGI "spec" is unclear as to whether it's 
-     necessary.  Long-term fix is to either serialize the chdir/spawn combo 
-     or use WIN32 native calls to spawn a process.  This temp fix was 
-     necessary to remove this as a showstopper for 1.3's release. 
-     [Brian Behlendorf]
-
-  *) Cleanup the suEXEC support in APACI and make it more safe:
-     1. Add big fat hint in INSTALL about risks and to read the
-        htdocs/manual/suexec.html document before using the suexec-related
-        configure options.
-     2. Make sure the user has at least provided one --suexec-xxxx option
-        (specifies suEXEC parameters) in addition to --enable-suexec option.
-        If only --enable-suexec is given APACI stops with a hint to INSTALL
-        and htdocs/manual/suexec.html documents.
-     3. Provide two additional --suexec-xxxx options to make the suEXEC
-        configuration complete (especially for package maintainers who else
-        had to patch the source tree) by providing ways to configure minimal
-        UID/GID and safe PATH, too.
-     [Ralf S. Engelschall]
-
-  *) Cleanup of the `configure --shadow' process:
-     - make sure the configure script creates its temporary files in the
-       shadow tree to avoid conflicts with parallel configure runs
-     - removed unnecessary option "-r" from "rm" call for Makefiles
-     - make sure the configure scripts creates the shadow-wrapper Makefile
-       only when no shadow trees already exists
-     - make sure "make distclean" removes the shadow-wrapper Makefile but only
-       when no more shadow trees exists
-     - overhauled mkshadow.sh script: now its more IFS-safe and approx. twice
-       as fast (in the past it needed 70sec, now it runs just 38sec)
-     - make sure CVS does not complain about the created files
-       Makefille.<gnutriple> and directories src.<gnutriple>
-     [Ralf S. Engelschall]
-
-  *) Added the ap_add_version_component() API routine and the
-     AddVersionPlatform core directive.  The first allows modules to
-     declare themselves in the Server response header field value,
-     augmenting the SERVER_SUBVERSION define in the Configuration file
-     with run-time settings (more useful in a loadable-module environment).
-     AddVersionPlatform inserts a comment such as "(UNIX)" or "(Win32)"
-     into the server version string.  [Ken Coar] PR#2056
-
-  *) Minor stability tweaks to avoid core dumps in ap_snprintf.
-     [Martin Kraemer]
-
-  *) Emit the "Accept-Range" header for the default handler.
-     [Brian Behlendorf] PR#1464
-
-  *) Add a note to httpd.conf-dist that apache will on some systems fail
-     to start when the Group # is set to a negative or large positive value.
-     [Martin Kraemer]
-
-  *) Make sure the module execution order is correct even when some modules
-     are loaded under runtime (`LoadModule') via the DSO mechanism:
-     1. The list of loaded modules is now a dynamically allocated one
-        and not the original statically list from modules.c
-     2. The loaded modules are now correctly setup by LoadModule for
-        later use by the AddModule command.
-     3. When the DSO mechanism for modules is used APACI's `install'
-        target now enables all created `LoadModule' lines per default because
-        this is both already expected by the user _and_ needed to avoid
-        confusion with the next point and reduces the Makefile.tmpl complexity
-     4. When the DSO mechanism for modules is used, APACI's `install'
-        target now additionally makes sure the module list is reconstructed
-        via a complete `ClearModuleList+AddModule...' entry.
-     5. The support tool `apxs' now also makes sure an AddModule command
-        is added in addition to the LoadModule command.
-     6. The modules.c generation was extended to now contain two
-        comments to make sure no one is confused by the confusing terminology
-        of loading/linking (we use load=link+load & link=activate instead of
-        the obvious load=activate & link=link :-( )
-     This way now there is no longer a difference under execution time between
-     statically and dynamically linked modules.
-     [Ralf S. Engelschall]
-
-  *) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the
-     Big Symbol Renaming. [Ralf S. Engelschall]
-
-  *) Add a comment to mod_example.c showing the format of a FLAG command
-     handler.  [Ken Coar]
-
-  *) Standardized the time format in mod_status to match that of other 
-     places in the code (e.g. DATE_GMT).  PR#1551
-
-  *) Fix handling of %Z in timefmt strings for those platforms with no time
-     zone information in their tm struct. [Paul Eggert <eggert@twinsun.com>]
-     PR#754
-
-  *) Makes mod_rewrite, mod_log_config, mod_status and the ServerSignature 
-     feature compatible with 'UseCanonicalName off' by changing  
-     r->server->server_hostname to ap_get_server_name().  And I changed some 
-     functions which use r->server->port to use ap_get_server_port() instead, 
-     because if there's no Port directive in the config r->server->port is 0.
-     [Lars Eilebrecht]
-
-  *) get/set_module_config are trivial enough to be better off inline.  Worth
-     1.5% performance boost. [Dean Gaudet]
-
-  *) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
-     when ensuring 'x' is at least 30-chars big. [Jim Jagielski,
-     Brian Behlendorf]
-
-  *) [BS2000 security] BS2000 needs an extra authentication to initialize
-     the task environment to the unprivileged User id. Otherwise CGI scripts
-     would have a way to gain super user access. [Martin Kraemer]
-
-  *) Fix debug log messages for BS2000/OSD: instead of logging the whole
-     absolute path, only log base name of logging source as is done
-     in unix. [Martin Kraemer]
-
-  *) Ronald Tschalaer's Accept-Encoding patch - preserve the "x-" in
-     the encoding type from the Accept-Encoding header (if it's there)
-     and use it in the response, as that's probably what it'll be expecting.
-     [Ronald.Tschalaer@psi.ch]
-
-  *) Fix to mod_alias: translate_alias_redir is dealing with
-     a URI, not a filename, so the check for drive letters for win32 
-     and emx is not necessary. [Dean Gaudet]
-
-  *) WIN32: Allow .cmd as an executable extension.
-     [Kari Likovuori <Kari.Likovuori@mol.fi>] PR#2146
-
-  *) Make Apache header files, and some variables, C++ friendly.
-     [Michael Anderson's <mka@redes.int.com.mx>]
-
-  *) Child processes can now "signal" (by exiting with a status
-     of APEXIT_CHILDFATAL) the parent process to abort and
-     shutdown the server if the error in the child process was
-     fatal enough. [Jim Jagielski]
-
-  *) mod_autoindex's find_itme() was sensitive to MIME type case.
-     [Jim Jagielski] PR#2112
-
-  *) Make sure the referer_log and agent_log entries in the default httpd.conf
-     file are also adjusted for the actual relative installation paths.
-     [Ralf S. Engelschall] PR#2175
-
-  *) WIN32: Extensive overhaul of the way UNCs are handled. [Ben Laurie]
-
-  *) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie]
-     PR#1558
-
-  *) PORT: Various porting changes to support AIX 3.2, 4.1.5, 4.2 and 4.3.
-     Additionally the checks for finding the vendor DSO library were moved
-     from mod_so.c to Configure because first it needs $PLAT etc. and second
-     mod_so already uses an abstraction layer and does not fiddle with the
-     vendor functions itself.
-     [Jens-Uwe Mager, Ralf S. Engelschall]
-
-  *) PORT: Some optimization defines for NetBSD
-     [Jaromir Dolecek <dolecek@ics.muni.cz>] PR#2165
-
-  *) PORT: Dynamic Shared Object (DSO) support for NetBSD.
-     [Jaromir Dolecek <dolecek@ics.muni.cz>, Ralf S. Engelschall] PR#2158
-
-  *) Add Dynamic Shared Object (DSO) support for AIX (at least 4.2 but older
-     AIX variants should work fine, too. Even AIX 3.x should work). This is
-     accomplished by using the free DSO emulation code from Jens-Uwe Mager
-     which we put into a os/unix/os-dso-aix.c file.
-     [Ralf S. Engelschall]
-  
-  *) PORT: Fix compiler warnings under AIX >= 4.2 where the manual pages imply
-     that we should use NET_SIZE_T == int but the include files force size_t.
-     [Ralf S. Engelschall]
-
-  *) Fix two bugs in select() handling in http_main.c.
-     [Roy Fielding]
-
-  *) Suppress "error(0)" messages for ap_log_error() when the APLOG_NOERRNO
-     is unset (as it is in situations like timeouts) where it is unclear
-     whether errno is set or not.  [Martin Kraemer]
-
-  *) Just having APACI's localstatedir is too general and not enough for most
-     of the systems. 1.3b6 again required manual APACI patches by package
-     maintainers from Red Hat and FreeBSD because for their filesystem layout a
-     little bit more flexibility in configuring the paths is needed. Hence we
-     provide three additional configure options (--runtimedir, --logfiledir,
-     --proxycachedir) which now can be used for more granular adjustments if
-     --localstatedir is not enough to fit the particular needs. As a nice
-     side-effect this reduces some subdir fiddling in configure+Makefile.tmpl.
-     [Ralf S. Engelschall]
-
-  *) Make the install root for "make install" in APACI's Makefile overrideable
-     by package authors.  This way we are even more friendly to package
-     maintainers (especially Debian and Red Hat) who build for the real prefix
-     via "configure --prefix=/<real>" but use a different local prefix via
-     "make root=/tmp/apache install" for rolling the package without bristling
-     the target location on their system. 
-     [Ralf S. Engelschall]
-
-  *) Workaround sed limitations in APACI's configure script by now
-     substituting in chunks of 50 commands (because for instance HPUX's vendor
-     sed has a limit of max. 98 commands)
-     [Ralf S. Engelschall] PR#2136
-
-  *) Adding SOCKS5 support and fixing existing SOCKS4 support.
-     [Ralf S. Engelschall] PR#2140
-
-  *) Manually fix some symbols which were not renamed to prefix ap_ in the BIG
-     RENAMING process because they are defined as pre-processor macros instead
-     of real functions: bputc, bgetc, piped_log_write_fd, piped_log_read_fd
-     [Ralf S. Engelschall]
-
-  *) Workaround braindead AWK's when generating ap_config.h: The split() and
-     substr() functions cannot be nested under vendor AWK from Solaris 2.6.
-     [Ralf S. Engelschall] PR#2139
-
-  *) Various bugfixes and cleanups for the APACI configure script:
-     o fix IFS handling for _nested_ situation
-     o fix Perl interpreter search: take first one found instead of last one
-     o fix DSO consistency check
-     o print error messages to stderr instead of stdout
-     o add install-quiet for --shadow situation to Makefile stub
-     o reduce complexity by avoiding sed-hacks for rule and module list loops
-     [Ralf S. Engelschall]
-
-  *) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114
-
-  *) Make sure the input field separator (IFS) shell variable is explicitly
-     initialized correctly before _every_ `for' loop and also restored after
-     the loops. [Ralf S. Engelschall]
-
-  *) Make sure that "make install" doesn't overwrite the `mime.types' and
-     `magic' files from an existing Apache installation. Because people often
-     customize these for own MIME and content types.
-     [Ralf S. Engelschall]
-
-  *) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x
-     [Peter Galbavy, Ralf S. Engelschall] PR#2109
-
-  *) Fix the path to the ScoreBoardFile in the install-config target, too.
-     [Ralf S. Engelschall] PR#2105
-
-  *) Let "configure" clear out the users parameters (provided as shell
-     variables) to avoid side-effects in "src/Configure" when the user
-     exported them (which is not needed, but some users do it). 
-     [Ralf S. Engelschall] PR#2101
-
-  *) Provide backward compatibility from some old src/Configuration.tmpl
-     parameter names to the canonical Autoconf-style shell variable names. For
-     instance CFLAGS vs. EXTRA_CFLAGS. The EXTRA_xxx variants are accepted now
-     but a hint message is displayed. [Ralf S. Engelschall]
-  
-  *) Make sure that "make install" doesn't overwrite the DocumentRoot and
-     CGI scripts from an existing Apache installation. 
-     [Ralf S. Engelschall, Jim Jagielski] PR#2084
-
-  *) Make `configure --compat' more "compatible" by first 
-     let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and
-     second by making sure the "avoid-bristling-suffix" /apache is not
-     appended to sysconfdir, datadir, localstatedir and includedir when
-     --compat is used. [Ralf S. Engelschall, Lars Eilebrecht]
-
-  *) NeXT required strdup() in support/logresolve.c
-     [Francisco Tomei <fatomei@sandburg.unm.edu>] PR#2082
-
-  *) AIX required sys/select.h in support/ab.c
-     [Jens Schleusener <Jens.Schleusener@dlr.de>] PR#2081
-
-  *) Fix the path to the MimeMagicFile in the install-config target, too.
-     [Ralf S. Engelschall] PR#2089
-
-  *) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick@colby.edu>]
-
-  *) If you start apache with the -S command line option it will dump
-     out the parsed vhost settings.  This is useful for folks trying
-     to figure out what is wrong with their vhost configuration.
-     (Other dumps may be added in the future.) [Dean Gaudet]
-
-  *) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf,
-     ap_snprintf, and ap_psprintf).  See include/ap.h for docs.
-     [Dean Gaudet]
-
-  *) Because /usr/local/apache is the default prefix the ``configure
-     --compat'' option no longer has to set prefix, again. This way the
-     --compat option honors a leading --prefix option. [Lars Eilebrecht]
-
-  *) PORT: Cast the first argument of dlopen() in ap_os_dso_load()
-     to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
-     to avoid "discard const" warnings. [Ralf S. Engelschall]
-
-  *) If a specific handler is set for a file yet the request still
-     ends up being handled by the default handler, log an error
-     message before handling it.  This catches things such as trying 
-     to use SSIs without mod_include enabled.  [Marc Slemko]
-
-  *) Fix error logging for the startup case where ap_log_error() still uses
-     stderr as the target. Now the default log level is honored here, too.
-     [Ralf S. Engelschall]
-    
-  *) PORT: Make sure some AWK's don't fail in src/Configure with "string too
-     long" errors when generating the MODULES entry for src/Makefile
-     [Ben Hyde, Ralf S. Engelschall]
-
-  *) Make sure src/Configure doesn't complain about the old directory
-     /usr/local/etc/httpd/ when APACI is used.  [Lars Eilebrecht]
-   
-Changes with Apache 1.3b6
-
-  *) PORT: Clean up warnings on Ultrix and HPUX.  [Ben Hyde]
- 
-  *) Adding DSO support for the HP/UX platform by emulating the dlopen-style
-     interface via the similar but proprietary HP/UX shl_xxx-style system
-     calls. [Ralf S. Engelschall]
-
-  *) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made
-     APACI Makefile.tmpl "install" target more robust for sensible UnixWare
-     Make. [Ralf S. Engelschall]
-
-  *) ++++ THE BIG SYMBOL RENAMING ++++
-     To avoid symbol clashes with third-party code compiled into the server,
-     we globally applied the prefix "ap_" to the following classes of
-     functions:
-        - Apache provided general functions (e.g., ap_cpystrn)
-        - Public API functions (e.g., palloc, bgets)
-        - Private functions which we can't make static (because of
-          cross-object usage) but should be (e.g., new_connection)
-     For backward source compatibility a new header file named compat.h was
-     created which provides defines for the old symbol names and can be used
-     by third-party module authors.
-     [The Apache Group]
-
-  *) Added dynamic shared object (DSO) support for SVR4-derivates: The
-     problem under SVR4 is that there is no command flag to force the linker
-     to export the global symbols of the httpd executable therewith they are
-     available to the DSO's. Instead of problematic hacks like creating a
-     dummy.so file (containing dummy references to all global symbols) the
-     httpd binary is linked against, we use a clean trick stolen from Perl 5:
-     Placing the Apache core code itself into a DSO library named libhttpd.so.
-     This way the global symbols _HAVE_ to be exported and thus are available
-     to any manually loaded DSO's under runtime. To reduce the impact to the
-     user to null we go even further and create a stub httpd executable which
-     automatically keeps track of the DSO library loading itself and thus
-     hides the complete mechanism from the user. Although the generation of
-     this DSO library is automatically triggered for platforms which
-     essentially need it (mostly all SVR4-derivates) it can be also enabled
-     manually via the Rule SHARED_CORE. This can be interesting in the future
-     where we perhaps exploit this libhttpd.so mechanism for providing nifty
-     features like graceful upgrades, or whatever. 
-     [Ralf S. Engelschall, Martin Kraemer]
-
-  *) Build the libraries before building the rest of the tools. [Ben Hyde]
-
-  *) Add "distclean" target to src/-Makefiles to provide "make distclean" also
-     inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
-     conventions while "clean" removes only stuff created by "all" targets,
-     "distclean" additionally removes the stuff from the configuration
-     process. This way "make distclean" (hence the name) provides a fresh
-     source tree as it was for distribution.
-     [Ralf S. Engelschall]
-
-  *) Allow top-level (APACI) Makefile to break on build errors
-     the same way the src/ subtree Makefiles breaks on them by replacing the
-     initial APACI sed-subdir-display-kludge with a more clean
-     variable-passing-solution: variable SDP can optionally hold the subdir
-     prefix which is consistently used for displaying the subdir movement.
-     This way even the top-level Makefile can stop correctly on errors as the
-     user expects. [Ralf S. Engelschall]
-
-  *) Fixed ordering of argument checks for RewriteBase directive.
-     [Todd Eigenschink <eigenstr@mixi.net>] PR#2045
-
-  *) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of
-     indicating that a module is being compiled for dynamic loading. Also
-     remove #define IS_MODULE from modules and add SHARED_MODULE define
-     to the mak/dsp files. [Alexei Kosut]
-
-  *) Reduce logging level of "normal" warning messages to APLOG_INFO,
-     since we are now logging APLOG_WARNING by default. [Roy Fielding]
-
-  *) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard]
- 
-  *) Add documentation file and src/Configuration.tmpl entry for the
-     experimental mod_mmap_static module. Because although it is and marked as
-     an experimental one it is distributed and thus should be documented and
-     prepared for configuration the same way as all others modules. 
-     [Ralf S. Engelschall]
-
-  *) Add query (-q) option to apxs support tool to be able to manually query
-     specific settings from apxs. This is needed for instance when you
-     manually want to access Apache's header files and you need to assemble
-     the -I option.  Now you can do -I`apxs -q INCLUDEDIR`.
-     [Ralf S. Engelschall]
-
-  *) Now src/Configure uses a fallback strategy for the shared object support
-     on platforms where no explicit information is available: If a Perl
-     installation exists we ask it about its shared object support and if it's
-     the dlopen-style one we shamelessly guess the compiler and linker flags
-     for creating shared objects from Perls knowledge. Of course, the user is
-     warning about what we are doing and informed that he should send us
-     the guessed flags when they work. [Ralf S. Engelschall]
-
-  *) Provide APACI --without-support option to be able to disable the build
-     and installation of the support tools from the src/support/ area.
-     Although its useful to have these installed per default we should provide
-     a way to compile and install without them for backward-compatibility.
-     [Ralf S. Engelschall]
-
-  *) Add of the new APache eXtenSion (apxs) support tool for building and
-     installing modules into an _already installed_ Apache package through the
-     dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
-     this approach actually doesn't need the Apache source tree.  The
-     (APACI-installed) server package is enough, because this now includes the
-     Apache C header files (PREFIX/include) and the new APXS tool
-     (SBINDIR/apxs).  The intend is to provide a handy tool for third-party
-     module authors to build their Apache modules _OUTSIDE_ the Apache source
-     tree while avoiding them to fiddle around with the totally platform
-     dependend way of compiling DSO files. The tool supports all ranges of
-     modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
-     which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can
-     on-the-fly generate a minimalistic Makefile and sample module for the
-     first step to provide both a quick success event and to demonstrate the
-     APXS mechanism to module authors. [Ralf S. Engelschall]
-
-  *) Fix core dumps in use of CONNECT in proxy.  
-     [Rainer.Scherg@rexroth.de] PR#1326, #1573, #1942
-
-  *) Modify the log directives in httpd.conf-dist files to use CustomLog
-     so that users have examples of how CustomLog can be used.
-     [Lars Eilebrecht]
-
-  *) Add the new Apache Autoconf-style Interface (APACI) for the top-level of
-     the Apache distribution tree.  Until Apache 1.3 there was no real
-     out-of-the-box batch-capable build and installation procedure for the
-     complete Apache package. This is now provided by a top-level "configure"
-     script and a corresponding top-level "Makefile.tmpl" file.  The goal is
-     to provide a GNU Autoconf-style frontend which is capable to both drive
-     the old src/Configure stuff in batch and additionally installs the
-     package with a GNU-conforming directory layout. Any options from the old
-     configuration scheme are available plus a lot of new options for flexibly
-     customizing Apache. [Ralf S. Engelschall]
-
-  *) The floating point ap_snprintf code wasn't threadsafe.
-     Had to remove the HAVE_CVT macro in order to do threadsafe
-     calling of the ?cvt() floating point routines.  [Dean Gaudet]
-
-  *) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962
-
-  *) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler
-     [Jim Jagielski] PR#1901
-
-  *) BUG: Configure was using TCC and CC inconsistently. Make sure
-     Configure knows which CC we are using. [Jim Jagielski]
-
-  *) "Options +Includes" wasn't correctly merged if "+IncludesNoExec"
-     was defined in a parent directory. [Lars Eilebrecht]
-
-  *) API: ap_snprintf() code mutated into ap_vformatter(), which is
-     a generic printf-style routine that can call arbitrary output
-     routines.  Use this to replace http_bprintf.c.  Add new routines
-     psprintf(), pvsprintf() which allocate the exact amount of memory
-     required for a string from a pool.  Use psprintf() to clean up
-     various bits of code which used ap_snprintf()/pstrdup().
-     [Dean Gaudet]
-
-  *) PORT: HAVE_SNPRINTF doesn't do anything any longer.  This is because
-     ap_snprintf() has different semantics and formatting codes than
-     snprintf().  [Dean Gaudet]
-
-  *) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time.  This
-     is necessary on at least Solaris where the /etc/rc?.d scripts
-     are run with these signals ignored, and "SIG_IGN" settings are
-     maintained across exec().
-     [Rein Tollevik <reint@sys.sol.no>] PR#2009
-
-  *) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was
-     used instead of lstat() and thus this flag didn't work as expected.
-     [Rein Tollevik <reint@sys.sol.no>] PR#2010
-
-  *) Fix the proxy pass-through feature of mod_rewrite for the case of
-     existing QUERY_STRING now that mod_proxy was recently changed because of
-     the new URL parsing stuff. [Ralf S. Engelschall]
-
-  *) A few changes to scoreboard definitions which helps gcc generate
-     better code.  [Dean Gaudet]
-
-  *) ANSI C doesn't guarantee that "int foo : 2" in a structure will
-     be a signed bitfield.  So mark a few bitfields as signed to
-     ensure correct code.  [Dean Gaudet]
-
-  *) The default for HostnameLookups was changed to Off, but there
-     was a problem and it wasn't taking effect. [Dean Gaudet]
-
-  *) PORT: Clean up undefined signals on some platforms (SCO, BeOS).
-     [Dean Gaudet]
-
-  *) After a SIGHUP the listening sockets in the parent weren't
-     properly marked for closure on fork().
-     [J�rgen Keil <jk@tools.de>] PR#2000
- 
-  *) Allow %2F in two situations: 1) it is in the query part of the URI,
-     therefore not exposed to %2F -> '/' translations and 2) the request
-     is a proxy request, so we're not dealing with a local resource anyway.
-     Without this, the proxy would fail to work for any URL's with
-     %2f in them (occurs quite often in
-     http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
-
-  *) Protect against FD_SETSIZE mismatches.  [Dean Gaudet]
-
-  *) Make the shared object compilation command more portable by avoiding
-     the direct combination of `-c' & `-o' which is not honored by some
-     compilers like UnixWare's cc. [Ralf S. Engelschall]
-
-  *) WIN32: the proxy was creating filenames missing the last four
-     characters.  While this normally doesn't stop anything from 
-     working, it can result in extra collisions.  
-     [Tim Costello <tjcostel@socs.uts.edu.au>] PR#1890
-
-  *) Now mod_proxy uses the response string (in addition to the response status
-     code) from the already used FTP SIZE command to setup the Content-Length
-     header if available. [Ralf S. Engelschall] PR#1183
-
-  *) Reanimated the (still undocumented) proxy receive buffer size directive:
-     Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old
-     name was really too generic, added documentation for this directive to
-     the mod_proxy.html and corrected the hyperlink to it in the
-     new_features_1.3.html document.  [Ralf S. Engelschall] PR#1348
-
-  *) Fix a bug in the src/helpers/fp2rp script and make it a little bit
-     faster [Martin Kraemer]
-  
-  *) Make Configure die when you give it an unknown command switch.
-     [Ben Hyde]
-
-  *) Add five new and fresh manpages for the support programs: dbmmanage.1,
-     suexec.8, htdigest.1, rotatelogs.8 and logresolve.8.  Now all up-to-date
-     and per default compiled support programs have manual pages - just to
-     document our stuff a little bit more and to be able to do really
-     Unix-like installations ;-) [Ralf S. Engelschall]
-
-  *) Major cleanups to the Configure script to make it and its generated
-     Makefiles again readable and maintainable: add SRCDIR option, removed
-     INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of
-     generated sections, consequently added Makefile headers with inheritance
-     information, added subdir movement messages for easier following where
-     the build process currently stays (more verbose then standard Make, less
-     verbose than GNU make), same style to comments in the Configure script,
-     added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall]
-     
-  *) Add the new ApacheBench program "ab" to src/support/: This is derived
-     from the ZeusBench benchmarking program and can be used to determine the
-     response performance of an Apache installation. This version is
-     officially licensed with Zeus Technology, Ltd. See the license agreement
-     statements in <199803171224.NAA24547@en1.engelschall.com> in apache-core.
-     [Ralf S. Engelschall]
-
-  *) API: Various core functions that are definately not part of the API
-     have been made static, and a few have been marked API_EXPORT.  Still
-     more have been marked CORE_EXPORT and are not intended for general
-     use by modules.  [Doug MacEachern, Dean Gaudet]
-
-  *) mod_proxy was not clearing the Proxy-Connection header from
-     requests; now it does.  This did not violate any spec, however 
-     causes poor interactions when you are talking to remote proxies.  
-     [Marc Slemko] PR#1741
-
-  *) Various cleanups to the command line interface and manual pages.
-     [Ralf S. Engelschall]
-
-  *) cfg_getline() was not properly handling lines that did not end
-     with a line termination character.  [Marc Slemko] PR#1869, 1909
-
-  *) Performance tweak to mod_log_config.  [Dmitry Khrustalev]
-
-  *) Clean up some undocumented behavior of mod_setenvif related to
-     "merging" two SetEnvIf directives when they match the same header
-     and regex.  Document that mod_setenvif will perform comparisons in
-     the order they appear in the config file.  Optimize mod_setenvif by
-     doing more work at config time rather than at runtime.
-     [Dean Gaudet]
-
-  *) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
-     to allow for modules to overrule them and to reduce redefinition
-     warnings [Jim Jagielski]
-
-  *) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
-     [Jim Jagielski]
-
-  *) Making the hard-coded cross-module function call mime_find_ct() (from
-     mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type
-     checking is really called even for proxy requests except for URLs with
-     HTTP schemes (because there we can optimize by not running the type
-     checking hooks due to the fact that the proxy gets the MIME Content-type
-     from the remote host later). This change cleans up mod_mime by removing
-     the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
-     especially unbundles mod_proxy and mod_mime. This way they both now can
-     be compiled as shared objects and are no longer tied together. 
-     [Ralf S. Engelschall]
-
-  *) util.c cleanup and speedup. [Dean Gaudet]
-
-  *) API: Clarification, pstrndup() will always copy n bytes of the source
-     and NUL terminate at the (n+1)st byte.  [Dean Gaudet]
-
-  *) Mark module command_rec and handler_rec structures const so that they
-     end up in the read-only data section (and are friendlier to systems
-     that don't do optimistic memory allocation on fork()). [Dean Gaudet]
-
-  *) Add check to the "Port" directive to make sure the specified 
-     port is in the appropriate range.  [Ben Hyde]
-
-  *) Performance improvements to invoke_handler().
-     [Dmitry Khrustalev <dima@bog.msu.su>]
-
-  *) Added support for building shared objects even for library-style modules
-     (which are built from more than one object file). This now provides the
-     ability to build mod_proxy as a shared object module. Additionally
-     modules like mod_example are now also supported for shared object
-     building because the generated Makefiles now no longer assume there is at
-     least one statically linked module. [Ralf S. Engelschall]
-
-  *) API: Clarify usage of content_type, handler, content_encoding,
-     content_language and content_languages fields in request_rec.  They
-     must always be lowercased; and the strings pointed to shouldn't
-     be modified (you must copy them to modify them).  Fix a few bugs
-     related to this.  [Dean Gaudet]
-
-  *) API: Clarification: except for RAW_ARGS, all command handlers can
-     treat the char * parameters as permanent, and modifiable.  There
-     is no need to pstrdup() them.  Clean up some needless pstrdup().
-     [Dean Gaudet]
-
-  *) Now mod_so keeps track of which module shared objects with which names
-     are loaded and thus avoids multiple loading and unloading and irritating
-     error_log messages. [Ralf S. Engelschall]
-
-  *) Prior to the existence of mod_setenv it was necessary to tweak the TZ
-     environment variable in the apache core.  But that tweaking interferes
-     with mod_setenv.  So don't tweak if the user has specified an explicit
-     TZ variable.  [Jay Soffian <jay@cimedia.com>] PR#1888
-
-  *) rputs() did not calculate r->sent_bodyct properly.
-     [Siegmund Stirnweiss <siegst@kat.ina.de>] PR#1900
-
-  *) The CGI spec says that REMOTE_HOST should be set to the remote hosts's
-     name, or left unset if this value is unavailable.  Apache was setting
-     it to the IP address when unavailable.
-     [Tony Finch <fanf@demon.net>] PR#1925
-
-  *) Various improvements to the configuration and build support for compiling
-     modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
-     OSF1 support with GCC and vendor compilers was added.  This way shared
-     object support is now provided out-of-the-box for FreeBSD, Linux,
-     Solaris, SunOS, IRIX and OSF1. In short: On all major platforms!
-     [Ralf S. Engelschall]
-
-  *) Minor cleanup in http_main -- split QNX and OS2 specific "mmap"
-     scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD
-     and USE_OS2_SCOREBOARD.  [Dean Gaudet]
-
-  *) Fix one more special locking problem for RewriteMap programs in
-     mod_rewrite: According to the documentation of flock(), "Locks are on
-     files, not file descriptors.  That is, file descriptors duplicated
-     through dup(2) or fork(2) do not result in multiple instances of a lock,
-     but rather multiple references to a single lock. If a process holding a
-     lock on a file forks and the child explicitly unlocks the file, the
-     parent will lose its lock.". To overcome this we have to make sure the
-     RewriteLock file is opened _AFTER_ the childs were spawned which is now
-     the case by opening it in the child_init instead of the module_init API
-     hook. [Ralf S. Engelschall] PR#1029
-
-  *) Change to Location and LocationMatch semantics.  LocationMatch no
-     longer lets a single slash match multiple adjacent slashes in the
-     URL.  This change is for consistency with RewriteRule and
-     AliasMatch.  Multiple slashes have meaning in URLs that they do
-     not have in (some) filesystems.  Location on the other hand can
-     be considered a shorthand for a more complicated regex, and it
-     does match multiple slashes with a single slash -- which is
-     also consistent with the Alias directive.
-     [Dean Gaudet] related PR#1440
-
-  *) Fix bug with mod_mime_magic causing certain files, including files
-     of length 0, to result in no response from the server.
-     [Dean Gaudet]
-
-  *) The Configure script now generates src/include/ap_config.h which
-     contains the set of defines used when Apache is compiled on a platform.
-     This file can then be included by external modules before including
-     any Apache header files in case they are being built separately from
-     Apache.  Along with this change, a couple of minor changes were
-     made to make Apache's #defines coexist peacefully with any autoconf
-     defines an external module might have. [Rasmus Lerdorf]
-
-  *) Fix mod_rewrite for the ugly API case where <VirtualHost> sections exist
-     but without any RewriteXXXXX directives. Here mod_rewrite is given no
-     chance by the API to initialize its per-server configuration and thus
-     receives the wrong one from the main server. This is now avoided by
-     remembering the server together with the config structure while
-     configuring and later assuming there is no config when we see a
-     difference between the remembered server and the one calling us. 
-     [Ralf S. Engelschall] PR#1790
-
-  *) Fixed the DBM RewriteMap support for mod_rewrite: First the support now
-     is automatically disabled under configure time when the dbm_xxx functions
-     are not available. Second, two heavy source code errors in the DBM
-     support code were fixed.  This makes DBM RewriteMap's usable again after
-     a long time of brokenness. [Ralf S. Engelschall] PR#1696
-
-  *) Now all configuration files support Unix-style line-continuation via 
-     the trailing backslash ("\") character. This enables us to write down
-     complex or just very long directives in a more readable way.  The
-     backslash character has to be really the last character before the
-     newline and it has not been prefixed by another (escaping) backslash.
-     [Ralf S. Engelschall]
-
-  *) When using ProxyPass the ?querystring was not passed correctly.
-     [Joel Truher <truher@wired.com>]
-
-  *) To deal with modules being compiled and [dynamically] linked
-     at a different time from the core, the SERVER_VERSION and
-     SERVER_BUILT symbols have been abstracted through the new
-     API routines apapi_get_server_version() and apapi_get_server_built().
-     [Ken Coar]  PR#1448
-
-  *) WIN32: Preserve trailing slash in canonical path (and hence
-	   in PATH_INFO). [Paul Sutton, Ben Laurie]
-
-  *) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable
-     depending on the rev of Solaris and what mixture of modules
-     are in use.  So it has been disabled, and Solaris is back to
-     using USE_FCNTL_SERIALIZED_ACCEPT.  Users may experiment with
-     USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed
-     up static content only servers.  Or it may fail unpredictably.
-     [Dean Gaudet] PR#1779, 1854, 1904
-
-  *) mod_test_util_uri.c created which tests the logic in util_uri.c.
-     [Dean Gaudet]
-
-  *) API: Rewrite of absoluteURI handling, and in particular how
-     absoluteURIs match vhosts.  Unless a request is a proxy request, a
-     "http://host" url is treated as if a similar "Host:" header had been
-     supplied.  This change was made to support future HTTP/1.x protocols
-     which may require clients to send absoluteURIs for all requests.
-
-     In order to achieve this change subtle changes were made to the API.  In a
-     request_rec, r->hostlen has been removed.  r->unparsed_uri now exists so
-     that the unmodified uri can be retrieved easily.  r->proxyreq is not set
-     by the core, modules must set it during the post_read_request or
-     translate_names phase.
-
-     Plus changes to the virtualhost test suite for absoluteURI testing.
-
-     This fixes several bugs with the proxy proxying requests to vhosts
-     managed by the same httpd.
-     [Dean Gaudet]
-
-  *) API: Cleanup of code in http_vhost.c, and remove vhost matching
-     code from mod_rewrite.  The vhost matching is now performed by a
-     globally available function matches_request_vhost().  [Dean Gaudet]
-
-  *) Reduce memory usage, and speed up ServerAlias support.  As a
-     side-effect users can list multiple ServerAlias directives
-     and they're all considered.
-     [Chia-liang Kao <clkao@cirx.org>] PR#1531
-
-  *) The "poly" directive in image maps did not include the borders of the
-     polygon, whereas the "rect" directive does.  Fix this inconsistency.
-     [Konstantin Morshnev <moko@design.ru>] PR#1771
-
-  *) Make \\ behave as expected.  [Ronald.Tschalaer@psi.ch]
-
-  *) Add the `%a' construct to LogFormat and CustomLog to log the client IP
-     address. [Todd Eigenschink <eigenstr@mixi.net>] PR#1885
-
-  *) API: A new source module main/util_uri.c; It contains a routine
-     parse_uri_components() and friends which breaks a URI into its component
-     parts.  These parts are stored in a uri_components structure called
-     parsed_uri within each request_rec, and are available to all modules.
-     Additionally, an unparse routine is supplied which re-assembles the URI
-     components back to an URI, optionally hiding the username:password@ part
-     from ftp proxy requests, and other useful routines.  Within the structure,
-     you find on a ready-for-use basis:
-	scheme;     /* scheme ("http"/"ftp"/...) */
-	hostinfo;   /* combined [user[:password]@]host[:port] */
-	user;       /* user name, as in http://user:passwd@host:port/ */
-	password;   /* password, as in http://user:passwd@host:port/ */
-	hostname;   /* hostname from URI (or from Host: header) */
-	port_str;   /* port string (integer representation is in "port") */
-	path;       /* the request path (or "/" if only scheme://host was given) */
-	query;      /* Everything after a '?' in the path, if present */
-	fragment;   /* Trailing "#fragment" string, if present */
-     This is meant to serve as the platform for *BIG* savings in
-     code complexity for the proxy module (and maybe the vhost logic).
-     [Martin Kraemer]
-
-  *) Make all possible meta-construct expansions ($N, %N, %{NAME} and
-     ${map:key}) available for all location where a string is created in
-     mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of
-     RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the
-     possible expansions are consequently usable at all string creation
-     locations. [Ralf S. Engelschall]
-
-  *) Fix initialization of RewriteLogLevel (default now is 0 as documented 
-     and not 1) and the per-virtual-server merging of directives. Now all
-     directives except `RewriteEngine' and `RewriteOption' are either
-     completely overridden (default) or completely inherited (when
-     `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325
-
-  *) Fix `RewriteMap' program lookup in situations where such maps are
-     defined but disabled (`RewriteEngine off') in per-server context. 
-     [Ralf S. Engelschall] PR#1431
-
-  *) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause
-     server to bind to port 0 rather than 80.  [Dean Gaudet]
-
-  *) Fix long-standing problem with RewriteMap _programs_ under Unix derivates
-     (like SunOS and FreeBSD) which don't accept the locking of pipes
-     directly.  A new directive RewriteLock is introduced which can be used to
-     setup a separate locking file which then is used for synchronization.
-     [Ralf S. Engelschall] PR#1029
-
-  *) WIN32: The server root is obtained from the registry key
-     HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently
-     "1.3 beta"), unless overridden by the -d command line flag. The
-     value is stored by running "apache -i -d serverroot". [Paul Sutton]
-
-  *) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support
-     dynamic loading on Win32 and Unix via the same module. [Paul Sutton]
-
-  *) Now mod_rewrite no longer makes problematic assumptions on the characters
-     a username can contain when trying to expand it via /etc/passwd. 
-     [Ralf S. Engelschall]
-
-  *) The mod_setenvif BrowserMatch backwards compatibility command did not
-     work properly with spaces in the regex.  [Ronald Tschalaer] PR#1825
-
-  *) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt'
-     type but with a special post-processing for the looked-up value: It
-     parses it into alternatives according to `|' chars and then only one
-     particular alternative is chosen randomly (this is an essential
-     functionality needed for balancing between backend-servers when using
-     Apache as a Reverse Proxy.  The looked up value here is a list of
-     servers). Second, `int' with the built-in maps named `tolower' and
-     `toupper' which can be used to map URL parts to a fixed case (this is an
-     essential feature to fix the case of server names when doing mass
-     virtual-hosting with the help of mod_rewrite instead of using
-     <VirtualHost> sections). [Ralf S. Engelschall, parts based on code from
-     Jay Soffian <jay@cimedia.com>] PR#1631
-
-  *) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'.
-     This directive lets Apache adjust the URL in Location-headers on HTTP
-     redirect responses sent by the remote server. This way the virtually
-     mapped area is no longer left on redirects and thus by-passed which is
-     especially essential when running Apache as a reverse proxy.  
-     [Ralf S. Engelschall]
-
-  *) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
-     hidden. [Alvaro Martinez Echevarria]
-
-  *) Apache will, when started with the -X (single process) debugging flag,
-     honor the SIGINT or SIGQUIT signals again now. This capability got lost
-     a while ago during OS/2 signal handling changes.
-
-  *) [PORT] Work around the fact that NeXT runs on more than the
-     m68k chips in mod_status [Scott Anguish and Timothy Luoma
-     <luomat@peak.org>]
-
-  *) [PORT] Recognize FreeBSD versions so we can use the OS regex as well
-     as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov
-     <ache@nagual.pp.ru> and Jim] PR#1450
-
-  *) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers.
-     In particular the handlers could trigger themselves into an infinite
-     loop if RLimitMem was used with a small amount of memory -- too small
-     for the signal stack frame to be set up.  [Dean Gaudet]
-
-  *) Fix problems with absoluteURIs introduced during 1.3b4.  [Dean Gaudet,
-     Alvaro Martinez Echevarria <alvaro@lander.es>]
-
-  *) Fix multiple UserDir problem introduced during 1.3b4-dev.
-     [Dean Gaudet] PR#1850
-
-  *) ap_cpystrn() had an off-by-1 error.
-     [Charles Fu <ccwf@klab.caltech.edu>] PR#1847
-
-  *) API: As Ken suggested the check_cmd_context() function and related
-     defines are non-static now so modules can use 'em.  [Martin Kraemer]
-
-  *) mod_info would occasionally produce an unpaired <tt> in its
-     output. Fixed. [Martin Kraemer]
-
-  *) By default AIX binds a process (and it's children) to a single
-     processor.  httpd children now unbind themselves from that cpu
-     and re-bind to one selected at random via bindprocessor()
-     [Doug MacEachern]
-
-  *) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no
-     effect.  Work around it by using RLIMIT_AS for the RLimitMEM
-     directive.  [Enrik Berkhan <enrik@inka.de>] PR#1816
-
-  *) mod_mime_magic error message should indicate the filename when
-     reads fail.  ["M.D.Parker" <mdpc@netcom.com>] PR#1827
-
-  *) Previously Apache would permit </Files> to end <FilesMatch> (and
-     similary for Location and Directory), now this is diagnosed as an
-     error.  Improve error messages for mismatched sections (<Files>,
-     <FilesMatch>, <Directory>, <DirectoryMatch>, ...).
-     [Dean Gaudet, Martin Kraemer]
-
-  *) <Files> is not permitted within <Location> (because of the
-     semantic ordering).  [Dean Gaudet] PR#379
-
-  *) <Files> with wildcards was broken by the change in wildcard
-     semantics (* does not match /).  To fix this, <Files> now
-     apply only to the basename of the request filename.  This
-     fixes some other inconsistencies in <Files> semantics
-     (such as <Files a*b> not working).  [Dean Gaudet] PR#1817
-
-  *) Removed bogus "dist.tar" target from Makefile.tmpl and make sure
-     backup files are removed on "clean" target [Ralf S. Engelschall]
-
-  *) PORT: Add -lm to LIBS for HPUX.  [Dean Gaudet] PR#1639
-
-  *) Various errors from select() and accept() in child_main() would
-     result in an infinite loop.  It seems these two tickle kernel
-     or library bugs occasionally, and result in log spammage and
-     a generally bad scene.  Now the child exits immediately,
-     which seems to be a good workaround.
-     [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588
-
-  *) Cleaned up some race conditions in unix child_main during
-     initialization. [Dean Gaudet]
-
-  *) SECURITY: "UserDir /abspath" without a * in the path would allow
-     remote users to access "/~.." and bypass access restrictions
-     (but note /~../.. was handled properly).
-     [Lauri Jesmin <jesmin@ut.ee>] PR#1701
-
-  *) API: os_is_path_absolute() now takes a const char * instead of a char *.
-     [Dean Gaudet]
-
-Changes with Apache 1.3b5
-
-  *) Source file dependencies in Makefile.tmpl files throughout the
-     source tree were updated to accurately reflect reality.
-     [Dean Gaudet]
-
-  *) Preserve the content encoding given by the AddEncoding directive
-     when the client doesn't otherwise specify an encoding.
-     [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>]
-
-  *) Sort out problems with canonical filename handling happening too late.
-     [Dean Gaudet, Ben Laurie]
-
-Changes with Apache 1.3b4
-
-  *) The module structure was modified to include a *dynamic_load_handle
-     in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER
-     has been bumped accordingly.  [Paul Sutton]
-
-  *) All BrowserMatch directives mentioned in
-     htdocs/manual/known_client_problems.html are in the default
-     configuration files.  [Lars Eilebrecht]
-
-  *) MiNT port update. [Jan Paul Schmidt]
-
-  *) HTTP/1.1 requires x-gzip and gzip encodings be treated
-     equivalent, similarly for x-compress and compress.  Apache
-     now ignores a leading x- when comparing encodings.  It also
-     preserves the encoding the client requests (for example if
-     it requests x-gzip, then Apache will respond with x-gzip
-     in the Content-Encoding header).
-     [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1772
-
-  *) Fix a memory leak on keep-alive connections.  [Igor Tatarinov]
-
-  *) Added mod_so module to support dynamic loading of modules on Unix
-     (like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
-     instead of AddModule in Configuration to build shared modules
-     [Sameer Parekh, Paul Sutton]
-
-  *) Minor cleanups to r->finfo handling in some modules.
-     [Dean Gaudet]
-
-  *) Abstract read()/write() to ap_read()/ap_write().
-     Makes it easier to add other types of IO code such as SFIO.
-     [Randy Terbush]
-
-  *) API: Generalize default_port manipulations to make support of
-     different protocols easier. [Ben Laurie, Randy Terbush]
-
-  *) There are many cases where users do not want Apache to form
-     self-referential urls using the "canonical" ServerName and Port.
-     The new UseCanonicalName directive (default on), if set to off
-     will cause Apache to use the client-supplied hostname and port.
-     API: Part of this change required a change to the construct_url()
-     prototype; and the addition of get_server_name() and
-     get_server_port().
-     [Michael Douglass <mikedoug@texas.net>, Dean Gaudet]
-     PR#315, 459, 485, 1433
-
-  *) Yet another rearrangement of the source tree.. now all the common
-     header files are in the src/include directory.  The -Imain -Iap
-     references in Makefiles have been changed to the simpler -Iinclude
-     instead.  In addition to simplifying the build a little bit, this
-     also makes it clear when a module is referencing something in a
-     other than kosher manner (e.g., the proxy including mod_mime.h).
-     Module-private header files (the proxy, mod_mime, the regex library,
-     and mod_rewrite) have not been moved to src/include; nor have
-     the OS-abstraction files.  [Ken Coar]
-
-  *) Fix a bug where r->hostname didn't have the :port stripped
-     from it.  [Dean Gaudet]
-
-  *) Tweaked the headers_out table size, and the subprocess_env
-     table size guess in rename_original_environment().  Added
-     MAKE_TABLE_PROFILE which can help discover make_table()
-     calls that use too small an initial guess, see alloc.c.
-     [Dean Gaudet]
-
-  *) Options and AllowOverride weren't properly merging in the main
-     server setting inside vhosts (only an issue when you have no
-     <Directory> or other section containing an Options that affects
-     a request).  Options +foo or -foo in the main_server wouldn't
-     affect the main_server's lookup defaults.  [Dean Gaudet]
-
-  *) Variable 'cwd' was being used pointlessly before being set.
-     [Ken Coar] PR#1738
-
-  *) r->allowed handling cleaned up in the standard modules.
-     [Dean Gaudet]
-
-  *) Some case-sensitivity issues cleaned up to be consistent with
-     RFC2068.  [Dean Gaudet]
-
-  *) SIGURG doesn't exist everywhere.
-     [Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
-
-  *) mod_unique_id was erroneously generating a second unique id when
-     an internal redirect occured.  Such redirects occur, for example,
-     when processing a DirectoryIndex match.  [Dean Gaudet]
-
-  *) API: table_add, table_merge, and table_set include implicit pstrdup()
-     of the key and value.  But in many cases this is not required
-     because the key/value is a constant, or the value has been built
-     by pstrcat() or other similar means.  New routines table_addn,
-     table_mergen, and table_setn have been added to the API, these
-     routines do not pstrdup() their arguments.  The core code and
-     standard modules were changed to take advantage of these routines.
-     The resulting server is up to 20% faster in some situations.
-
-     Note that it is easy to get code subtly wrong if you pass a key/value
-     which is in a pool other than the pool of the table.  The only
-     safe thing to do is to pass key/values which are in the pool of
-     the table, or in one of the ancestors of the pool of the table.
-     i.e. if the table is part of a subrequest, a value from the main
-     request's pool is OK since the subrequest pool is a sub_pool of the
-     main request's pool (and therefore has a lifespan at most as long as
-     the main pool).  There is debugging code which can detect improper
-     usage, enabled by defining POOL_DEBUG.  See alloc.c for more details.
-     [Dmitry Khrustalev <dima@bog.msu.su>, Dean Gaudet]
-
-  *) More mod_mime_magic cleanup:  fewer syscalls; should handle "files"
-     which don't exist on disk more gracefully; handles vhosts properly.
-     Update documentation to reflect the code -- if there's no
-     MimeMagicFile directive then the module is not enabled.
-     [Dean Gaudet]
-
-  *) PORT: Some older *nix dialects cannot automatically start scripts
-     which begin with a #! interpreter line (the shell starts the scripts
-     appropriately on these platforms). Apache now supports starting of
-     "hashbang-scripts" when the NEED_HASHBANG_EMUL define is set.
-     [Martin Kraemer, with code from peter@zeus.dialix.oz.au (Peter Wemm)
-     taken from tcsh]
-
-  *) API: "typedef array_header table" removed from alloc.h, folks should
-     have been writing to use table as if it were an opaque type, but even
-     some standard modules got this wrong.  By changing the definition
-     to "typedef struct table table" module authors will receive compile
-     time warnings that they're doing the wrong thing.  This change
-     facilitates future changes with more sophisticated table
-     structures.  Specifically, module authors should be using table_elts()
-     to get access to an array_header * for the table. [Dean Gaudet]
-
-  *) API: Renamed new_connection() to avoid namespace collision with LDAP
-     library routines.  [Ken Coar, Rasmus Lerdorf]
-
-  *) WIN32: mod_speling is now available on the Win32 platform.
-     [Marc Slemko]
-
-  *) For clarity the following compile time definition was changed:
-
-        SAFE_UNSERIALIZED_ACCEPT  ->   SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-
-     Also, for example, HAVE_MMAP would mean to use mmap() scoreboards
-     and not be a general notice that the OS has mmap(). Now the
-     HAVE_MMAP/SHMGET #defines strictly are informational that the
-     OS has that method of shared memory; the type to use for
-     the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD
-     and USE_SHMGET_SCOREBOARD). This allows outside modules to
-     determine if shared memory is available and allows Apache
-     to determine the best method to use for the scoreboard.
-     [Jim Jagielski]
-
-  *) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT,
-     as do various earlier versions.  It should be safe on all versions.
-     Unixware 1.x appears to have the same SIGHUP bug as solaris does with
-     the slack code.  A few other cleanups for Unixware.
-     [Tom Hughes <thh@cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
-
-  *) PORT: A/UX can handle single-listen accepts without mutex
-     locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski]
-
-  *) When die() happens we need to eat any request body if one exists.
-     Otherwise we can't continue with a keepalive session.  This shows up
-     as a POST problem with MSIE 4.0, typically against pages which are
-     authenticated.  [Roy Fielding] PR#1399
-
-  *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization
-     header will be passed to CGIs.  This is generally a security hole, so
-     it's not a default.  [Marc Slemko] PR#549
-
-  *) Fix Y2K problem with date printing in suexec log.
-     [Paul Eggert <eggert@twinsun.com>] PR#1343
-
-  *) WIN32 deserves a pid file.  [Ben Hyde]
-
-  *) suexec errors now include the errno/description.  [Marc Slemko] PR#1543
-
-  *) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467.
-     The choice of flock vs. fcntl was made based on timings which showed that
-     even on non-NFS, non-exported filesystems fcntl() was an order of
-     magnitude slower.  It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so
-     that single socket users will see no difference. [Dean Gaudet] PR#467
-
-  *) "File does not exist" error message was erroneously including the
-     errno.  [Marc Slemko]
-
-  *) Improve the warning message generated when a client drops the
-     connection (hits stop button, etc.) during a send.  [Roy Fielding]
-
-  *) Defining GPROF will disable profiling in the parent and enable it
-     in the children.  If you're profiling under Linux this is pretty much
-     necessary because SIGPROF is lost across a fork(). [Dean Gaudet]
-
-  *) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32.
-     [Brian Havard]
-
-  *) The NeXT cc (which is gcc hacked up) doesn't appear to support some
-     gcc functionality.  Work around it.
-     [Keith Severson <keith@sssd.navy.mil>] PR#1613
-
-  *) Some linkers complain when .o files contain no functions.
-     [Keith Severson <keith@sssd.navy.mil>] PR#1614
-
-  *) Some const declarations in mod_imap.c that were added for debugging
-     purposes caused some compilers heartburn without adding any
-     significant value, so they've been removed.  [Ken Coar]
-
-  *) The src/main/*.h header files have had #ifndef wrappers added to
-     insulate them against duplicate calls if they get included through
-     multiple paths (e.g., in .c files as well as other .h files).
-     [Ken Coar]
-
-  *) The libap routines now have a header file for their prototypes,
-     src/ap/ap.h, to ease their use in non-httpd applications.  [Ken Coar]
-
-  *) mod_autoindex with a plaintext header file would emit the <PRE>
-     start-tag before the HTML preamble, rather than after the preamble
-     but before the header file contents.  [John Van Essen <jve@gamers.org>]
-     PR#1667
-
-  *) SECURITY: Fix a possible buffer overflow in logresolve.  This is
-     only an issue on systems without a MAXDNAME define or where
-     the resolver returns domain names longer than MAXDNAME.  [Marc Slemko]
-
-  *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
-     is used to read various types of files such as htaccess and
-     htpasswd files.  [Marc Slemko]
-
-  *) SECURITY: Ensure that the buffer returned by ht_time is always
-     properly null terminated.  [Marc Slemko]
-
-  *) The "Connection" header could be sent back with multiple "close"
-     tokens.  Not an error, but a waste.
-     [Ronald.Tschalaer@psi.ch] PR#1683
-
-  *) mod_rewrite's RewriteLog should behave like mod_log_config, it
-     shouldn't force hostname lookups.  [Dean Gaudet] PR#1684
-
-  *) "basic" auth needs a case-insensitive comparison.
-     [Ronald.Tschalaer@psi.ch] PR#1666
-
-  *) For maximum portability, the environment passed to CGIs should
-     only contain variables whose names match the regex
-     /[a-zA-Z][a-zA-Z0-9_]*/.  This is now enforced by stamping
-     underscores over any character outside the regex.  This
-     affects HTTP_* variables, in a way that should be backward
-     compatible for all the standard headers; and affects variables
-     set with SetEnv/BrowserMatch and similar directives.
-     [Dean Gaudet]
-
-  *) mod_speling returned incorrect HREF's when an ambiguous match
-     was found. Noticed by <robinton@amtrash.comlink.de> (Soeren Ziehe)
-     [robinton@amtrash.comlink.de (Soeren Ziehe), Martin Kraemer]
-
-  *) PORT: Apache now compiles & runs on an EBCDIC mainframe
-     (the Siemens BS2000/OSD family) in the POSIX subsystem
-     [Martin Kraemer]
-
-  *) PORT: Fix problem killing children when terminating.  Allow ^C
-     to shut down the server.  [Brian Havard]
-
-  *) pstrdup() is implicit in calls to table_* functions, so there's
-     no need to do it before calling.  Clean up a few cases.
-     [Marc Slemko, Dean Gaudet]
-
-  *) new -C and -c command line arguments
-     usage:
-     -C "directive" : process directive before reading config files
-     -c "directive" : process directive after reading config files
-     example:
-     httpd -C "PerlModule Apache::httpd_conf"
-     [Doug MacEachern, Martin Kraemer]
-
-  *) WIN32: Fix the execution of CGIs that are scripts and called 
-     with path info that does not have an '=' in.
-     (eg. http://server/cgi-bin/printenv?foobar)  
-     [Marc Slemko] PR#1591
-
-  *) WIN32: Fix a call to os_canonical_filename so it doesn't try to 
-     mess with fake filenames.  This fixes proxy caching on 
-     win32. PR#1265
-
-  *) SECURITY: General mod_include cleanup, including fixing several
-     possible buffer overflows and a possible infinite loop.
-     [Dean Gaudet, Marc Slemko]
-
-  *) SECURITY: Numerous changes to mod_imap in a general cleanup
-     including fixing a possible buffer overflow.  [Dean Gaudet]
-
-  *) WIN32: overhaul of multithreading code. Shutdowns are now graceful
-     (connections are not dropped). Code can handle graceful restarts
-     (but there is as yet no way to signal this to Apache). Various
-     other cleanups. [Paul Sutton]
-
-  *) The aplog_error changes specific to 1.3 introduced a buffer
-     overrun in the (now legacy) log_printf function.  Fixed.
-     [Dean Gaudet]
-
-  *) mod_digest didn't properly deal with proxy authentication.  It
-     also lacked a case-insensitive comparision of the "Digest"
-     token.  [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1599
-
-  *) A few cleanups in mod_status for efficiency.  [Dean Gaudet]
-
-  *) A few cleanups in mod_info to make it thread-safe, and remove an
-     off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
-
-  *) no2slash() was O(n^2) in the length of the input.  Make it O(n).
-     [Dean Gaudet]
-
-  *) API: migration from strncpy() to our "enhanced" version called
-     ap_cpystrn() for performance and functionality reasons.
-     Located in libap.a.  [Jim Jagielski]
-
-  *) table_set() and table_unset() did not deal correctly with
-     multiple occurrences of the same key. [Stephen Scheck
-	 <sscheck@infonex.net>, Ben Laurie] PR#1604
-
-  *) The AuthName must now be enclosed in quotes if it is to contain
-     spaces.  [Ken Coar] PR#1195
-
-  *) API: new function: ap_escape_quotes(). [Ken Coar] PR#1195
-
-  *) WIN32: Work around optimiser bug that killed ISAPI in release
-     versions. [Ben Laurie] PR#1533
-
-  *) PORT: Update the MPE port [Mark Bixby, Jim Jagielski]
-
-  *) Interim (slow) fix for p->sub_pool critical sections in
-     alloc.c (affects win32 only).  [Ben Hyde]
-
-  *) non-WIN32 was missing destroy_mutex definition.  [Ben Hyde]
-
-  *) send_fd_length() did not calculate total_bytes_sent properly.
-     [Ben Reser <breser@regnow.com>] PR#1366
-
-  *) The bputc() macro was not properly integrated with the chunking
-     code; in many cases modules using bputc() could cause completely
-     bogus chunked output.  (Typically this will show up as problems
-     with Internet Explorer 4.0 reading a page, but other browsers
-     having no problem.) [Dean Gaudet]
-
-  *) Create LARGE_WRITE_THRESHOLD define which determines how many
-     bytes have to be supplied to bwrite() before it will consider
-     doing a writev() to assemble multiple buffers in one system
-     call.  This is critical for modules such as mod_include,
-     mod_autoindex, mod_php3 which all use bputc()/bputs() of smaller
-     strings in some cases.  The result would be extra effort
-     setting up writev(), and in many cases extra effort building
-     chunks.  The default is 31, it can be overriden at compile
-     time. [Dean Gaudet]
-
-  *) Move the gid switching code into the child so that log files
-     and pid files are opened with the root gid.
-     [Gregory A Lundberg <lundberg@vr.net>]
-
-  *) WIN32: Check for binaries by looking for the executable header
-     instead of counting control characters.
-	 [Jim Patterson <Jim.Patterson@Cognos.COM>] PR#1340
-
-  *) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c
-     so the functionality is available to applications other than the
-     server itself (like the src/support tools).  [Ken Coar]
-
-  *) ap_slack() moved out of main/util.c into ap/ap_slack.c as part of
-     the libap consolidation work.  [Ken Coar]
-
-  *) ap_snprintf() with a len of 0 behaved like sprintf().  This is not
-     useful, and isn't what the standards require.  Now it returns 0
-     and writes nothing.  [Dean Gaudet]
-
-  *) When an error occurs in fcntl() locking suggest the user look up
-     the docs for LockFile.  [Dean Gaudet]
-
-  *) Eliminate some dead code from writev_it_all().
-     [Igor Tatarinov <tatarino@prairie.NoDak.edu>]
-
-  *) mod_autoindex had an fread() without checking the result code.
-     It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
-     (note the missing closing paren) properly.  [Dean Gaudet]
-
-  *) It appears the "257th byte" bug (see
-     htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
-     at the 256th byte as well.  Fixed.  [Dean Gaudet]
-
-  *) PORT: Fix mod_mime_magic under OS/2, no support for block devices.
-     [Brian Havard]
-
-  *) Fix memory corruption caused by allocating auth usernames in the
-     wrong pool.  [Dean Gaudet] PR#1500
-
-  *) Fix an off-by-1, and an unterminated string error in
-     mod_mime_magic.  [Dean Gaudet]
-
-  *) Fix a potential SEGV problem in mod_negotiation when dealing
-     with type-maps.  [Dean Gaudet]
-
-  *) Better glibc support under Linux.  [Dean Gaudet] PR#1542
-
-  *) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319
-
-  *) WIN32: avoid overflows during file canonicalisations.
-     [malcolm@mgdev.demon.co.uk] PR#1378
-
-  *) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie]
-     PR#1511, 1508
-
-  *) WIN32: mod_status display header didn't match fields. [Ben Laurie]
-
-  *) The pthread_mutex_* functions return an error code, and don't
-     set errno.  [Igor Tatarinov <tatarino@prairie.NoDak.edu>]
-
-  *) WIN32: Allow spaces to prefix the interpreter in #! lines.
-     [Ben Laurie] PR#1101
-
-  *) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti@net4all.be>] PR#1523
-
-  *) proxy_ftp: the directory listings generated by the proxy ftp module
-     now have a title in which the path components are clickable and allow
-     quick navigation to the clicked-on directory on the currently listed
-     ftp server. This also fixes a bug where the ".." directory links would
-     sometimes refer to the wrong directory.  [Martin Kraemer]
-
-  *) WIN32: Allocate the correct amount of memory for the scoreboard.
-     [Ben Hyde] PR#1387
-
-  *) WIN32: Only lowercase the part of the path that is real. [Ben Laurie]
-     PR#1505
-
-  *) Fix problems with timeouts in inetd mode and -X mode.  [Dean Gaudet]
-
-  *) Fix the spurious "(0)unknown error: mmap_handler: mmap failed"
-     error messages. [Ben Hyde]
-
-Changes with Apache 1.3b3
-
-  *) WIN32: Work around brain-damaged spawn calls that can't deal
-     with spaces and slashes.  [Ben Laurie]
-
-  *) WIN32: Fix the code so CGIs can use socket calls on Windows.  
-     The problem was that certain undocumented environment variables
-	 needed for sockets to work under Win32 were not being passed.
-     [Frank Faubert <frank@sane.com>]
-
-  *) Add a "-V" command line flag to the httpd binary.  This 
-     flag shows some of the defines that Apache was compiled with.
-     It is useful for debugging purposes.  [Martin Kraemer]
-
-  *) Start separating the ap_*() routines into their own library, so they
-     can be used by items in src/support among other things.  
-     [Ken Coar] PR#512, 905, 1252, 1308 
-
-  *) Give a more informative error when no AuthType is set.
-     [Lars Eilebrecht]
-
-  *) Remove strtoul() use from mod_proxy because it isn't available
-     on all platforms.   [Marc Slemko] PR#1214
-
-  *) WIN32: Some Win32 systems terminated all responses after 16 kB. 
-     This turns out to be a bug in Winsock - select() doesn't always 
-     return the correct status.  [Ben Laurie]
-
-  *) Directives owned by http_core can now use the new check_cmd_context()
-     routine to ensure that they're not being used within a container
-     (e.g., <Directory>) where they're invalid.  [Martin Kraemer]
-
-  *) PORT: Recent changes made it necessary to add explicit prototype
-     for fgetc() and fgets() on SunOS 4.x.  [Martin Kraemer, Ben Hyde]
-
-  *) It was necessary to distinguish between resources which are
-     allocated in the parent, for cleanup in the parent, and resources
-     which are allocated in each child, for cleanup in each child.
-     A new pool was created which is passed to the module child_init
-     and child_exit functions; modules are free to register per-child
-     cleanups there.  This fixes a bug with reliable piped logs.
-     [Dean Gaudet]
-
-  *) mod_autoindex wasn't displaying the ReadmeName file at the bottom
-     unless it was also doing FancyIndexes, but it displayed the
-     HeaderName file at the top under all circumstances.  It now shows
-     the ReadmeName file for simple indices, too, as it should.  
-     [Ken Coar] PR#1373
-
-  *) http_core was mmap()ing even in cases where it wasn't going to
-     read the file.  [Ben Hyde <bhyde@gensym.com>]
-
-  *) Complete rewrite ;-) of mod_rewrite's URL rewriting engine:
-     Now the rewriting engine (the heart of mod_rewrite) is organized more
-     straight-forward, first time well documented and reduced to the really
-     essential parts. All redundant cases were stripped off and processing now
-     is the same for both per-server and per-directory context with only a
-     minimum difference (the prefix stripping in per-dir context). As a
-     side-effect some subtle restrictions and two recently discovered problems
-     are gone: Wrong escaping of QUERY_STRING on redirects in per-directory
-     context and restrictions on the substitution URL on redirects.
-     Additionally some minor source cleanups were done. 
-     [Ralf S. Engelschall] 
-
-  *) Lars Eilebrecht wrote a whole new set of Apache Vhost Internals
-     documentation, examples, explanations and caveats. They live in a new
-     subdirectory htdocs/manual/vhost/. [Lars Eilebrecht <sfx@unix-ag.org>]
-
-  *) If ap_slack fails to allocate above the low slack line it's a good
-     indication that further problems will occur; it's a better indication
-     than many external libraries give us when we actually run out of
-     descriptors.  So report it to the user once per restart.
-     [Dean Gaudet] PR#1181
-
-  *) Change mod_include and mod_autoindex to use Y2K-safe date formats
-     by default.  [Ken Coar]
-
-  *) Add a "SuppressColumnSorting" option to the IndexOptions list,
-     which will keep the column heading from being links for sorting
-     the display.  [Ken Coar, suggested by Brian Tiemann <btman@pacific.net>]
-     PR #1261
-
-  *) PORT: Update the LynxOS port.  [Marius Groeger <mag@sysgo.de>]
-
-  *) Fix logic error when issuing a mmap() failed message
-     with a non-zero MMAP_THRESHOLD.
-     [David Chambers <davidc@flosun.salk.edu>] PR#1294
-
-  *) Preserve handler value on ProxyPass'ed requests by not
-     calling find_types on a proxy'd request; fixes problems
-     where some ProxyPass'ed URLs weren't actually passed
-     to the proxy.
-     [Lars Eilebrecht] PR#870
-
-  *) Fix a byte ordering problem in mod_access which prevented
-     the old-style syntax (i.e. "a.b.c." to match a class C)
-     from working properly. [Dean Gaudet] PR#1248, 1328, 1384
-
-  *) Fix problem with USE_FLOCK_SERIALIZED_ACCEPT not working
-     properly. Each child needs to open the lockfile instead
-     of using the passed file-descriptor from the parent. 
-     [Jim Jagielski] PR#1056
-
-  *) Fix the error logging in mod_cgi; the recent error log changes
-     introduced a bug that prevented it from working correctly.
-     [M.D.Parker] PR#1352
-
-  *) Default to USE_FCNTL_SERIALIZED_ACCEPT on HPUX to properly 
-     handle multiple Listen directives.  [Marc Slemko] PR#872
-
-  *) Inherit a bugfix to fnmatch.c from FreeBSD sources.
-     ["[KOI8-R] ������ ������" <ache@nagual.pp.ru>] PR#1311
-
-  *) When a configuration parse complained about a bad directive,
-     the logger would use whatever (unrelated) value was in errno.
-     errno is now forced to EINVAL first in this case.  [Ken Coar]
-
-  *) A sed command in the Configure script pushed the edge of POSIXness,
-     breaking on some systems.  [Bhaba R.Misra <system@vt.edu>] PR#1368
-
-  *) Solaris >= 2.5 was totally broken due to a mess up using pthread
-     mutexes.  [Roy Fielding, Dean Gaudet]
-
-  *) OS/2 Port updated; it should be possible to build OS/2 from the same
-     sources as Unix now.  [Brian Havard <brianh@kheldar.apana.org.au>]
-
-  *) Fix a year formatting bug in mod_usertrack.
-     [Paul Eggert <eggert@twinsun.com>] PR#1342
-
-  *) A mild SIGTERM/SIGALRM race condition was eliminated.
-     [Dean Gaudet] PR#1211
-
-  *) Warn user that default path has changed if /usr/local/etc/httpd
-     is found on the system.  [Lars Eilebrecht]
-
-  *) Various mod_mime_magic bug fixes and cleanups: Uncompression
-     should work, it should work on WIN32, and a few resource
-     leaks and abort conditions are fixed.
-     [Dean Gaudet] PR#1205
-
-  *) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
-     to use '%' instead of '@' in its encodings.
-     [David Schuler <schuld@btv.ibm.com>] PR#1317
-
-  *) Improve the warning message generated when the "server is busy".
-     [Dean Gaudet] PR#1293
-
-  *) PORT: All ports which don't otherwise define DEF_WANTHSREGEX will
-     get Spencer regex by default.  This is to avoid having to
-     discover bugs in operating system libraries.  [Dean Gaudet]
-
-  *) PORT: "Fix" PR#467 by generating warnings on systems which we have
-     not been able to get working USE_*_SERIALIZED_ACCEPT settings for.
-     Document this a bit more in src/PORTING.  [Dean Gaudet] PR#467
-
-  *) Ensure that one copy of config warnings makes it to the
-     error_log.  [Dean Gaudet]
-
-  *) Invent new structure and associated methods to handle config file
-     reading. Add "custom" hook to use config file cfg_getline() on
-     something which is not a FILE*  [Martin Kraemer]
-
-  *) Make single-exe Windows install. [Ben Laurie and Eric Esselink]
-
-  *) WIN32: Make CGI work under Win95. [Ben Laurie and Paul Sutton]
-
-  *) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
-
-  *) PORT: Solaris 2.4 needs Spencer regex, the system regex is broken.
-	[John Line <jml4@cam.ac.uk>] PR#1321
-
-  *) Default pathname has been changed everywhere to /usr/local/apache
-     [Sameer <sameer@c2.net>]
-
-  *) PORT: AIX now uses USE_FCNTL_SERIALIZED_ACCEPT.
-	[David Bronder <David-Bronder@uiowa.edu>] PR#849
-
-  *) PORT: i386 AIX does not have memmove.
-     [David Schuler <schuld@btv.ibm.com>] PR#1267
-
-  *) PORT: HPUX now defaults to using Spencer regex.
-     [Philippe Vanhaesendonck <pvanhaes@be.oracle.com>,
-     Omar Del Rio <al112263@academ01.lag.itesm.mx>] PR#482, 1246
-
-  *) PORT: Some versions of NetBSD don't automatically define
-	    __NetBSD__.  Workaround by defining NETBSD.
-     [Chris Craft <ccraft@cncc.cc.co.us>] PR#977
-
-  *) PORT: UnixWare 2.x requires -lgen for syslog.
-     [Hans Snijder <hs@meganet.nl>] PR#1249
-
-  *) PORT: ULTRIX appears to not have syslog.
-     [Lars Eilebrecht <Lars.Eilebrecht@unix-ag.org>]
-
-  *) PORT: Basic Gemini port (treat it like unixware212).
-     ["Pavel Yakovlev (Paul McHacker)" <hac@tomcat.olly.ru>]
-
-  *) PORT: All SVR4 systems now use NET_SIZE_T = size_t, and
-	    use USE_SHMGET_SCOREBOARD.
-     [Martin Kraemer]
-
-  *) Various improvements in detecting config file errors (missing closing
-     directives for <Directory>, <Files> etc. blocks, prohibiting global
-     server settings in <VirtualHost> blocks, flagging unhandled multiple
-     arguments to <Directory>, <Files> etc.)
-     [Martin Kraemer]
-
-  *) Add support to suexec wrapper program for mod_unique_id's UNIQUE_ID
-     variable to provide this one to suexec'd CGIs, too.
-     [M.D.Parker <mdpc@netcom.com>] PR#1284
-
-  *) New support tool: src/support/split-logfile, a sample Perl script which
-     splits up a combined access log into separate files based on the
-     name of the virtual host (listed first in the log records by "%v").
-     [Ken Coar]
-
-Changes with Apache 1.3b2 (there is no 1.3b1)
-
-  *) TestCompile was not passing $LIBS [Dean Gaudet]
-
-  *) Makefile.tmpl was not using $CFLAGS in the link phase. 
-     [Martin Kraemer]
-
-  *) Add debugging code to alloc.c.  Defining ALLOC_DEBUG provides a
-     rudimentary memory debugger which can be used on live servers with
-     low impact -- it sets all allocated and freed memory bytes to 0xa5.
-     Defining ALLOC_USE_MALLOC will cause the alloc code to use malloc()
-     and free() for each object.  This is far more expensive and should
-     only be used for testing with tools such as Electric Fence and
-     Purify.  See main/alloc.c for more details.  [Dean Gaudet]
-
-  *) Configure uses a sh trap and didn't set its exitcode properly.
-     [Dean Gaudet] PR#1159
-
-  *) Yet another vhost revamp.  Add the NameVirtualHost directive which
-     explicitly lists the ip:port pairs that are to be used for name-vhosts.
-     From a given ip:port, regardless what the Host: header is, you can
-     only reach the vhosts defined on that ip:port.  The precedence of
-     vhosts was reversed to match other precedences in the config --
-     the earlier vhosts override the later vhosts.  All vhost matching was
-     moved into http_vhost.[ch].  [Dean Gaudet]
-
-  *) ap_inline can be used to force inlining.  GNUC __attribute__() can
-     be used for whatever reason is appropriate (i.e. format() warnings
-     for printf style functions).  Both are enabled only with
-     gcc >= 2.7.x (so that we have fewer support issues with older
-     versions).  [Dean Gaudet]
-
-  *) Fix support for Proxy Authentication (we were testing the response
-     status too early). [Marc Slemko]
-
-  *) CoreDumpDirectory directive directs where the core file is
-     written when a SIGSEGV, SIGBUS, SIGABORT or SIGABRT are
-     received.  [Marc Slemko, Dean Gaudet]
-
-  *) PORT: Support for Atari MINT.
-     [Jan Paul Schmidt <Jan.P.Schmidt@mni.fh-giessen.de>]
-
-  *) When booting, apache will now detach itself from stdin, stdout,
-     and stderr.  stderr will not be detached until after the config
-     files have been read so you will be able to see initial error
-     messages.  After that all errors are logged in the error_log.
-     This makes it more convenient to start apache via rsh, ssh,
-     or crontabs.  [Dean Gaudet] PR#523
-
-  *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
-     Also removed the auto-generated link to www.apache.org that was the
-     source of so many misdirected bug reports.  [Roy Fielding, Marc Slemko]
-
-  *) send_fb would not detect aborted connections in some situations.
-     [Dean Gaudet]
-
-  *) mod_include would use uninitialized data when parsing certain
-     expressions involving && and ||. [Brian Slesinsky] PR#1139
-
-  *) mod_imap should only handle GET methods.  [Jay Bloodworth]
-
-  *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
-
-  *) mod_autoindex improperly counted &escapes; as more than one
-     character in the description.  It also improperly truncated
-     descriptions that were exactly the maximum length.
-     [Martin Kraemer]
-
-  *) RedirectMatch was not properly escaping the result (PR#1155).  Also
-     "RedirectMatch /advertiser/(.*) $1" is now permitted.
-     [Dean Gaudet]
-
-  *) mod_include now uses symbolic names to check for request success
-     and return HTTP errors, and correctly handles all types of
-     redirections (previously it only did temporary redirect correctly).
-     [Ken Coar, Roy Fielding]
-
-  *) mod_userdir was modifying r->finfo in cases where it wasn't setting
-     r->filename.  Since those two are meant to be in sync with each other
-     this is a bug.  ["Paul B. Henson" <henson@intranet.csupomona.edu>]
-
-  *) PORT: Support Unisys SVR4, whose uname returns mostly useless data.
-     ["Kaufman, Steven E" <Steven.Kaufman@unisys.com>]
-
-  *) Inetd mode (which is buggy) uses timeouts without having setup the
-     jmpbuffer. [Dean Gaudet] PR#1064
-
-  *) Work around problem under Linux where a child will start looping
-     reporting a select error over and over.
-     [Rick Franchuk <rickf@transpect.net>] PR#1107, 987, 588
-
-  *) Fixed error in proxy_util.c when looping through multiple host IP
-     addresses. [Lars Eilebrecht] PR#974
-
-  *) If BUFFERED_LOGS is defined then mod_log_config will do atomic
-     buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
-     bytes before writing, but it will never split a log entry across a
-     buffer boundary.  [Dean Gaudet]
-
-  *) API: the short_score record has been split into two pieces, one which
-     the parent writes on, and one which the child writes on.  As part of
-     this change the get_scoreboard_info() function was removed, and
-     scoreboard_image was exported.  This change fixes a race condition
-     in file based scoreboard systems, and speeds up changes involving the
-     scoreboard in earlier 1.3 development.  [Dean Gaudet]
-
-  *) API: New register_other_child() API (see http_main.h) which allows
-     modules to register children with the parent for maintenance.  It
-     is disabled by defining NO_OTHER_CHILD.  [Dean Gaudet]
-
-  *) API: New piped_log API (see http_log.h) which implements piped logs,
-     and will use register_other_child to implement reliable piped logs
-     when it is available.  The reliable piped logs part can be disabled
-     by defining NO_RELIABLE_PIPED_LOGS.  At the moment reliable piped
-     logs is only available on Unix. [Dean Gaudet]
-
-  *) API: set_last_modified() broken into set_last_modified(), set_etag(), and
-     meets_conditions().  This allows conditional HTTP selection to be
-     handled separately from the storing of the header fields, and provides
-     the ability for CGIs to set their own ETags for conditional checking.
-     [Ken Coar, Roy Fielding]  PR#895
-
-  *) Changes to mod_log_config to allow naming of format strings.
-     Format nicknames are defined with "LogFormat fmt nickname", and can
-     be used with "LogFormat nickname" and "CustomLog logtarget nickname".
-     [Ken Coar]
-
-  *) New module, "mod_speling", which can help find files even when 
-     the URL is slightly misspelled. [Martin Kraemer, Alexei Kosut]
-
-  *) API: New function child_terminate() triggers the child process to
-     exit, while allowing the child finish what it needs to for the
-     current request first.  
-     [Doug MacEachern, Alexei Kosut]
-
-  *) Windows now defaults to using full status reports with mod_status.
-     [Alexei Kosut] PR #1094
-
-  *) *Really* disable all mod_rewrite operations if the engine is off.
-     Some things (like RewriteMaps) were checked/performed even if they
-     weren't supposed to be.  [Ken Coar] PR #991
-
-  *) Implement a new timer scheme which eliminates the need to call alarm() all
-     the time.  Instead a counter in the scoreboard for each child is used to
-     show when the child has made forward progress.  The parent samples this
-     counter every scoreboard maintenance cycle, and issues SIGALRM if no
-     progress has been made in the timeout period.  This reduces the static
-     request best-case syscall count to 22 from 29.  This scheme is only
-     used by systems with memory-based scoreboards.  [Dean Gaudet]
-
-  *) The proxy now properly handles CONNECT requests which are sent
-     to proxy servers when using ProxyRemote.  [Marc Slemko] PR#1024
-
-  *) A script called apachectl has been added to the support 
-     directory.  This script allows you to do things such as 
-     "apachectl start" and "apachectl restart" from the command
-     line.  [Marc Slemko]
-
-  *) Modules and core routines are now put into libraries, which
-     simplifies the link line tremendously (among other advantages).
-     [Paul Sutton]
-
-  *) Some of the MD5 names defined in Apache have been renamed to have
-     an `ap_' prefix to avoid conflicts with routines supplied by
-     external libraries.  [Ken Coar]
-
-  *) Removal of mod_auth_msql.c from the distribution. There are many
-     other options for databases today. Rather than offer one option,
-     offer none at this time. mod_auth_msql and other SQL database
-     authentication modules can be found at the Apache Module Registry.
-     http://modules.apache.org/ It would be nice to offer a generic
-     mod_auth_sql option in the near future.
-
-  *) PORT: BeOS support added [Alexei Kosut]
-
-  *) Configure no longer accepts the -make option, since it creates
-     Makefile on the fly based on Makefile.tmpl and Configuration.
-
-  *) Apache now gracefully shuts down when it receives a SIGTERM, instead
-     of forcibly killing off all its processes and exiting without
-     cleaning up. [Alexei Kosut]
-
-  *) API: A new field in the request_rec, r->mtime, has been added to
-     avoid gratuitous parsing of date strings.  It is intended to hold
-     the last-modified date of the resource (if applicable).  An
-     update_mtime() routine has also been added to advance it if
-     appropriate.  [Roy Fielding, Ken Coar]
-
-  *) SECURITY: If a htaccess file can not be read due to bad permissions,
-     deny access to the directory with a HTTP_FORBIDDEN.  The previous
-     behavior was to ignore the htaccess file if it could not be read.
-     This change may make some setups with unreadable htaccess files
-     stop working.  [Marc Slemko] PR#817
-
-  *) Add aplog_error() providing a mechanism to define levels of
-     verbosity to the server error logging. This addition also provides
-     the ability to log errors using syslogd. Error logging is configurable
-     on a per-server basis using the LogLevel directive. Conversion
-     of log_*() in progress. [Randy Terbush]
-
-  *) Further enhance aplog_error() to not log filename, line number, and
-     errno information when it isn't applicable. [Ken Coar, Dean Gaudet]
-
-  *) WIN32: Canonicalise filenames under Win32. Short filenames are
-     converted to long ones. Backslashes are converted to forward
-     slashes. Case is converted to lower. Parts of URLs that do not
-     correspond to files are left completely alone. [Ben Laurie]
-
-  *) PORT: 2 new OSs added to the list of ports:
-      Encore's UMAX V: Arieh Markel <amarkel@encore.com>
-      Acorn RISCiX: Stephen Borrill <sborrill@xemplar.co.uk>
-
-  *) Add the server version (SERVER_VERSION macro) to the "server
-     configured and running" entry in the error_log.  Also build an
-     object file at link-time that contains the current time
-     (SERVER_BUILT global const char[]), and include that in the
-     message.  [Ken Coar]
-
-  *) Set r->headers_out when sending responses from the proxy.
-     This fixes things such as the logging of headers sent from
-     the proxy.  [Marc Slemko] PR#659
-
-  *) support/httpd_monitor is no longer distributed because the 
-     scoreboard should not be file based if at all possible. Use
-     mod_status to see current server snapshot.
-
-  *) (set_file_slot): New function, allowing auth directives to be
-     independent of the server root, so the server documents can be
-     moved to a different directory or machine more easily.
-     [David J. MacKenzie]
-
-  *) If no TransferLog is given explicitly, decline
-     to log.  This supports coexistence with other logging modules,
-     such as the custom one that UUNET uses. [David J. MacKenzie]
-
-  *) Check for titles in server-parsed HTML files.
-     Ignore leading newlines and returns in titles.  The old behavior
-     of replacing a newline after <title> with a space causes the
-     title to be misaligned in the listing. [David J. MacKenzie]
-
-  *) Change mod_cern_meta to be configurable on a per-directory basis.
-     [David J. MacKenzie]
-
-  *) Add 'Include' directive to allow inclusion of configuration
-     files within configuration files. [Randy Terbush]
-
-  *) Proxy errors on connect() are logged to the error_log (nothing
-     new); now they include the IP address and port that failed
-     (*that's* new).   [Ken Coar, Marc Slemko] PR#352
-
-  *) Various architectures now define USE_MMAP_FILES which causes
-     the server to use mmap() for static files.  There are two
-     compile-time tunables MMAP_THRESHOLD (minimum number of bytes
-     required to use mmap(), default is 0), and MMAP_SEGMENT_SIZE (maximum
-     number of bytes written in one cycle from a single mmap()d object,
-     default 32768).  [Dean Gaudet]
-
-  *) API: Added post_read_request API phase which is run right after reading
-     the request from a client, or right after an internal redirect.  It is
-     useful for modules setting environment variables that depend only on
-     the headers/contents of the request.  It does not run during subrequests
-     because subrequests inherit pretty much everything from the main
-     request. [Dean Gaudet]
-
-  *) Added mod_unique_id which is used to generate a unique identifier for
-     each hit, available in the environment variable UNIQUE_ID.
-     [Dean Gaudet]
-
-  *) init_modules is now called after the error logs have been opened.  This
-     allows modules to emit information messages into the error logs.
-     [Dean Gaudet]
-
-  *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
-     information for case where proxy module is not available. [Marc Slemko]
-
-  *) PORT: Apache has need for mutexes to serialize its children around
-     accept.  In prior versions either fcntl file locking or flock file
-     locking were used.  The method is chosen by the definition of
-     USE_xxx_SERIALIZED_ACCEPT in conf.h.  xxx is FCNTL for fcntl(),
-     and FLOCK for flock().  New options have been added:
-	- SYSVSEM to use System V style semaphores
-	- PTHREAD to use POSIX threads (appears to work on Solaris only)
-	- USLOCK to use IRIX uslock
-     Based on timing various techniques, the following changes were made
-     to the defaults:
-	- Linux 2.x uses flock instead of fcntl
-	- Solaris 2.x uses pthreads
-	- IRIX uses SysV semaphores -- however multiprocessor IRIX boxes
-	    work far faster if you -DUSE_USLOCK_SERIALIZED_ACCEPT
-     [Dean Gaudet, Pierre-Yves Kerembellec <Pierre-Yves.Kerembellec@vtcom.fr>,
-     Martijn Koster <m.koster@pobox.com>]
-
-  *) PORT: The semantics of accept/select make it very desirable to use
-     mutexes to serialize accept when multiple Listens are in use.  But
-     in the case where only a single socket is open it is sometimes
-     redundant to serialize accept().  Not all unixes do a good job with
-     potentially dozens of children blocked on accept() on the same
-     socket.  It's now possible to define SINGLE_LISTEN_UNSERIALIZED_ACCEPT and
-     the server will avoid serialization when listening on only one socket,
-     and use serialization when listening on multiple sockets.
-     [Dean Gaudet] PR#467
-
-  *) Configure changes: TestLib replaced by TestCompile, which has
-     some additional capability (such as doing a sanity check of
-     the compiler and flags selected); the version of Solaris is now
-     available via the #define value of SOLARIS2; IRIX n32bit libs
-     now supported and selectable by new Configuration Rule: IRIXN32;
-     We no longer default to -O2 optimization.  [Jim Jagielski]
-
-  *) Updated Configure: Configuration now uses AddModule to specify
-     module source or binary file location, relative to src directory.
-     Modules can be dropped into modules/extra, or in their own 
-     directory, and modules can come with a Makefile or Configure can 
-     create one.  Modules can add compiler or library information to 
-     generated Makefiles. [Paul Sutton]
-
-  *) Source core re-organisation: distributed modules are now in 
-     modules/standard. All other source code is in main. OS-specific
-     code is in os/{unix,emx,win32} directories. [Paul Sutton]
-
-  *) mod_browser has been removed, since it's replaced by mod_setenvif.
-     [Ken Coar]
-
-  *) Fix another long-standing bug in sub_req_lookup_file where it would
-     happily skip past access checks on subdirectories looked up with
-     relative paths.  (It's used by mod_dir, mod_negotiation,
-     and mod_include.) [Dean Gaudet]
-
-  *) directory_walk optimization to reduce an O(N*M) loop to O(N+M) where
-     N is the number of <Directory> sections, and M is the number of
-     components in the filename of an object.
-
-     To achieve this optimization the following config changes were made:
-	- Wildcards (* and ?, not the regex forms) in <Directory>s,
-	  <Files>s, and <Location>s now treat a slash as a special
-	  character.  For example "/home/*/public_html" previously would
-	  match "/home/a/andrew/public_html", now it only matches things
-	  like "/home/bob/public_html".  This mimics /bin/sh behaviour.
-	- It's possible now to use [] wildcarding in <Directory>, <Files>
-	  or <Location>.
-	- Regex <Directory>s are applied after all non-regex <Directory>s.
-
-    [Dean Gaudet]
-
-  *) Fix a bug introduced in 1.3a1 directory_walk regarding .htaccess files
-     and corrupted paths.  [Dean Gaudet]
-
-  *) Enhanced and cleaned up the URL rewriting engine of mod_rewrite:
-     First the grouped parts of RewriteRule pattern matches (parenthesis!) can
-     be accessed now via backreferences $1..$9 in RewriteConds test-against
-     strings in addition to RewriteRules subst string. Second the grouped
-     parts of RewriteCond pattern matches (parenthesis!) can be accessed now
-     via backreferences %1..%9 both in following RewriteCond test-against
-     strings and RewriteRules subst string. This provides maximum flexibility
-     through the use of backreferences.
-     Additionally the rewriting engine was cleaned up by putting common
-     code to the new expand_backrefs_inbuffer() function. 
-     [Ralf S. Engelschall]
-
-  *) When merging the main server's <Directory> and <Location> sections into
-     a vhost, put the main server's first and the vhost's second.  Otherwise
-     the vhost can't override the main server.  [Dean Gaudet] PR#717
-
-  *) The <Directory> code would merge and re-merge the same section after
-     a match was found, possibly causing problems with some modules.
-     [Dean Gaudet]
-
-  *) ip-based vhosts are stored and queried using a hashing function, which
-     has been shown to improve performance on servers with many ip-vhosts.
-     Some other changes had to be made to accommodate this:
-	- the * address for vhosts now behaves like _default_
-	- the matching process now is:
-	    - match an ip-vhost directly via hash (possibly matches main
-		server)
-	    - if that fails, just pretend it matched the main server
-	    - if so far only the main server has been matched, perform
-		name-based lookups (ServerName, ServerAlias, ServerPath)
-		*only on name-based vhosts*
-	    - if they fail, look for _default_ vhosts
-     [Dean Gaudet, Dave Hankins <dhankins@sugarat.net>]
-
-  *) dbmmanage overhaul:
-     - merge dbmmanage and dbmmanage.new functionality, remove dbmmanage.new 
-     - tie() to AnyDBM_File which will use one of DB_File, NDBM_File or
-       GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order)
-     - provide better seed for rand
-     - prompt for password as per getpass(3) (turn off echo, read from
-       /dev/tty, etc.)
-     - use "newstyle" crypt based on $Config{osname} ($^O)
-     - will not add a user if already in database, use new `update' command
-       instead
-     - added `check' command to check a users' password
-     - added `import' command to convert existing password text-files or 
-       dbm files exported with `view'
-     - more descriptive usage, general cleanup, 'use strict' clean, etc.
-     [Doug MacEachern]
-
-  *) Added psocket() which is a pool form of socket(), various places within
-     the proxy weren't properly blocking alarms while registering the cleanup
-     for its sockets.  bclose() now uses pclose() and pclosesocket().  There
-     was a bug where the client socket was being close()d twice due a still
-     registered cleanup.  [Dean Gaudet]
-
-  *) A few cleanups were made to reduce time(), getpid(), and signal() calls.
-     [Dean Gaudet]
-
-  *) PORT: AIX >= 4.2 requires -lm due to libc changes.
-     [Jason Venner <jason@idiom.com>] PR#667
-
-  *) Enable ``=""'' for RewriteCond directives to match against
-     the empty string. This is the preferred way instead of ``^$''.
-     [Ralf S. Engelschall]
-
-  *) Fixed an infinite loop in mod_imap for references above the server root
-     [Dean Gaudet] PR#748
-
-  *) mod_proxy now has a ReceiveBufferSize directive, similar to
-     SendBufferSize, so that the TCP window can be set appropriately
-     for LFNs. [Phillip A. Prindeville]
-
-  *) mod_browser has been replaced by the more general mod_setenvif
-     (courtesy of Paul Sutton).  BrowserMatch* directives are still
-     available, but are now joined by SetEnvIf*, UnSetEnvIf*, and
-     UnSetEnvIfZero directives.  [Ken Coar]
-
-  *) "HostnameLookups double" forces double-reverse DNS to succeed in
-     order for remote_host to be set (for logging, or for the env var
-     REMOTE_HOST).  The old define MAXIMUM_DNS has been deprecated.
-     [Dean Gaudet]
-
-  *) mod_access overhaul:
-     - Now understands network/netmask syntax (i.e.  10.1.0.0/255.255.0.0)
-	and cidr syntax (i.e. 10.1.0.0/16).  PR#762
-     - Critical path was sped up by pre-computing a few things at config
-	time.
-     - The undocumented syntax "allow user-agents" was removed,
-	the replacement is "allow from env=foobar" combined with mod_browser.
-     - When used with hostnames it now forces a double-reverse lookup
-	no matter what the directory settings are.  This double-reverse
-	doesn't affect any of the other routines that use the remote
-	hostname.  In particular it's still passed to CGIs and the log
-	without the double-reverse check.  Related PR#860.
-     [Dean Gaudet]
-
-  *) When a large bwrite() occurs (larger than the internal buffer size),
-     while there is already something in the buffer, apache will combine
-     the large write and the buffer into a single writev().  (This is
-     in anticipation of using mmap() for reading files.)
-     [Dean Gaudet]
-
-  *) In obscure cases where a partial socket write occurred while chunking,
-     Apache would omit the chunk header/footer on the next block.  Cleaned
-     up other bugs/inconsistencies in error conditions in buff.c.  Fixed
-     a bug where a long pause in DNS lookups could cause the last packet
-     of a response to be unduly delayed.  [Roy Fielding, Dean Gaudet]
-
-  *) API: Added child_exit function to module structure.  This is called
-     once per "heavy-weight process" just before a server child exit()'s 
-     e.g. when max_requests_per_child is reached, etc.
-     [Doug MacEachern, Dean Gaudet]
-
-  *) mod_include cleanup showed that handle_else was being used to handle
-     endif.  It didn't cause problems, but it was cleaned up too.
-     [Howard Fear]
-
-  *) mod_cern_meta would attempt to find meta files for the directory itself
-     in some cases, but not in others.  It now avoids it in all cases.
-     [Dean Gaudet]
-
-  *) mod_mime_magic would core dump if there was a decompression error.
-     [Martin Kraemer <Martin.Kraemer@mch.sni.de>] PR#904
-
-  *) PORT: some variants of DGUX require -lsocket -lnsl
-     [Alexander L Jones <alex@systems-options.co.uk>] PR#732
-
-  *) mod_autoindex now allows sorting of FancyIndexed directory listings
-     by the various fields (name, size, et cetera), either in ascending
-     or descending order.  Just click on the column header.  [Ken Coar]
-
-  *) PORT: Various tweaks to eliminate pointer-int casting warnings on 64-bit
-     CPUs like the Alpha.  Apache still stores ints in pointers, but that's
-     the relatively safe direction.  [Dean Gaudet] PR#344
-
-  *) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
-     [Igor N Kovalenko <infoh@mail.wplus.net>] PR#683
-
-  *) child_main avoids an unneeded call to select() when there is only one
-     listening socket.  [Dean Gaudet]
-
-  *) In the event that the server is starved for idle servers it will
-     spawn 1, then 2, then 4, ..., then 32 servers each second,
-     doubling each second.  It'll also give a warning in the errorlog
-     since the most common reason for this is a poor StartServers
-     setting.  The define MAX_SPAWN_RATE can be used to raise/lower
-     the maximum.  [Dean Gaudet]
-
-  *) Apache now provides an effectively unbuffered connection for
-     CGI scripts.  This means that data will be sent to the client
-     as soon as the CGI pauses or stops output; previously, Apache would
-     buffer the output up to a fixed buffer size before sending, which
-     could result in the user viewing an empty page until the CGI finished
-     or output a complete buffer.  It is no longer necessary to use an
-     "nph-" CGI to get unbuffered output.  Given that most CGIs are written
-     in a language that by default does buffering (e.g. perl) this
-     shouldn't have a detrimental effect on performance.
-
-     "nph-" CGIs, which formerly provided a direct socket to the client
-     without any server post-processing, were not fully compatible with
-     HTTP/1.1 or SSL support.  As such they would have had to implement
-     the transport details, such as encryption or chunking, in order
-     to work properly in certain situations.  Now, the only difference
-     between nph and non-nph scripts is "non-parsed headers".
-     [Dean Gaudet, Sameer Parekh, Roy Fielding]
-
-  *) If a BUFF is switched from buffered to unbuffered reading the first
-     bread() will return whatever remained in the buffer prior to the
-     switch. [Dean Gaudet]
-
-Changes with Apache 1.3a1
-
-  *) Added another Configure helper script: TestLib. It determines
-     if a specified library exists.  [Jim Jagielski]
-
-  *) PORT: Allow for use of n32bit libraries under IRIX 6.x
-     [derived from patch from Jeff Hayes <jhayes@aw.sgi.com>]
-     PR#721
-
-  *) PORT: Some architectures use size_t for various lengths in network
-     functions such as accept(), and getsockname().  The definition
-     NET_SIZE_T is used to control this. [Dean Gaudet]
-
-  *) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
-     and -lcrypt.  Test for various db libraries (dbm, ndbm, db) when
-     mod_auth_dbm or mod_auth_db are included.  [Dean Gaudet]
-
-  *) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
-     [Igor N Kovalenko <infoh@mail.wplus.net>]
-
-  *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
-     begin with.  "nokeepalive" now works for HTTP/1.1 clients.  Added
-     "downgrade-1.0" which causes Apache to pretend it received a 1.0.
-     [Dean Gaudet] related PR#875
-
-  *) API: Correct child_init() slot declaration from int to void, to
-     match the init() declaration.  Update mod_example to use the new
-     hook.  [Ken Coar]
-
-  *) added transport handle slot (t_handle) to the BUFF structure
-     [Doug MacEachern]
-
-  *) get_client_block() returns wrong length if policy is
-     REQUEST_CHUNKED_DECHUNK.
-     [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
-
-  *) Support the image map format of FrontPage.  For example:
-        rect /url.hrm 10 20 30 40
-     ["Chris O'Byrne" <obyrne@iol.ie>] PR#807
-
-  *) PORT: -lresolv and -lsocks were in the wrong order for Solaris.
-     ["Darren O'Shaughnessy" <darren@aaii.oz.au>] PR#846
-
-  *) AddModuleInfo directive for mod_info which allows you to annotate
-     the output of mod_info.  ["Lou D. Langholtz" <ldl@usi.utah.edu>]
-
-  *) Added NoProxy directive to avoid using ProxyRemote for selected
-     addresses.  Added ProxyDomain directive to cause unqualified
-     names to be qualified by redirection.
-     [Martin Kraemer <Martin.Kraemer@mch.sni.de>]
-
-  *) Support Proxy Authentication, and don't pass the Proxy-Authorize
-     header to the remote host in the proxy. [Sameer Parekh and
-     Wallace]
-
-  *) Upgraded mod_rewrite from 3.0.6+ to latest officially available version
-     3.0.9. This upgrade includes: fixed deadlooping on rewriting to same
-     URLs, fixed rewritelog(), fixed forced response code handling on
-     redirects from within .htaccess files, disabled pipe locking under
-     braindead SunOS 4.1.x, allow env variables to be set even on rules with
-     no substitution, bugfixed situations where HostnameLookups is off, made
-     mod_rewrite more thread-safe for NT port and fixed problem when creating
-     an empty query string via "xxx?".
-         This update also removes the copyright of Ralf S. Engelschall,
-     i.e. now mod_rewrite no longer has a shared copyright. Instead is is
-     exclusively copyrighted by the Apache Group now. This happened because
-     the author now has gifted mod_rewrite exclusively to the Apache Group and 
-     no longer maintains an external version.
-     [Ralf S. Engelschall]
-
-  *) API: Added child_init function to module structure.  This is called
-     once per "heavy-weight process" before any requests are handled.
-     See http_config.h for more details.  [Dean Gaudet]
-
-  *) Anonymous_LogEmail was logging on each subrequest.
-     [Dean Gaudet] PR#421, 868
-
-  *) API: Added is_initial_req() which tests if the request being
-     processed is the initial request, or a subrequest.
-     [Doug MacEachern]
-
-  *) Extended SSI (mod_include) now handles additional relops for
-     string comparisons (<, >, <=, and >=).  [Bruno Wolff III] PR#41
-
-  *) Configure fixed to correctly propagate user-selected options and
-     settings (such as CC and OPTIM) to Makefiles other than
-     src/Makefile (notably support/Makefile).  [Ken Coar] PR#666, #834
-
-  *) IndexOptions SuppressHTMLPreamble now causes the actual HTML of
-     directory indices to start with the contents of the HeaderName file
-     if there is one.  If there isn't one, the behaviour is unchanged.
-     [Ken Coar, Roy Fielding, Andrey A. Chernov]
-
-  *) WIN32: Modules can now be dynamically loaded DLLs using the
-     LoadModule/LoadFile directives. Note that module DLLs must be
-     compiled with the multithreaded DLL version of the runtime library.
-     [Alexei Kosut and Ben Laurie]
-
-  *) Automatic indexing removed from mod_dir and placed into mod_autoindex.
-     This allows the admin to completely remove automatic indexing
-     from the server, while still supporting the basic functions of
-     trailing-slash redirects and DirectoryIndex files.  Note that if
-     you're carrying over an old Configuration file and you use directory
-     indexing then you'll want to add:
-
-     Module autoindex_module    mod_autoindex.o
-
-     before mod_dir in your Configuration.  [Dean Gaudet]
-
-  *) popendir/pclosedir created to properly protect directory scanning.
-     [Dean Gaudet] PR#525
-
-  *) AliasMatch, ScriptAliasMatch and RedirectMatch directives added,
-     giving regex support to mod_alias. <DirectoryMatch>, <LocationMatch>
-     and <FilesMatch> sections added to succeed <DirectoryMatch ~>, etc...
-     [Alexei Kosut]
-
-  *) The AccessFileName directive can now take more than one filename.
-     ["Lou D. Langholtz" <ldl@usi.utah.edu>]
-
-  *) The new mod_mime_magic can be used to "magically" determine the type
-     of a file if the extension is unknown.  Based on the unix file(1)
-     command.  [Ian Kluft <ikluft@cisco.com>]
-
-  *) We now determine and display the time spent processing a
-     request if desired.  [Jim Jagielski]
-
-  *) mod_status: PID field of "dead" child slots no longer displays
-     main httpd process's PID.  [Jim Jagielski]
-
-  *) Makefile.nt added - to build all the bits from the command line:
-        nmake -f Makefile.nt
-         Doesn't yet work properly. [Ben Laurie]
-
-  *) Default text of 404 error is now "Not Found" rather than the
-     potentially misleading "File Not Found".  [Ken Coar]
-
-  *) CONFIG: "HostnameLookups" now defaults to off because it is far better
-     for the net if we require people that actually need this data to
-     enable it.  [Linus Torvalds]
-
-  *) directory_walk() is an expensive function, keep a little more state to
-     avoid needless string counting.  Add two new functions make_dirstr_parent
-     and make_dirstr_prefix which replace all existing uses of make_dirstr.
-     The new functions are a little less general than make_dirstr, but
-     work more efficiently (less memory, less string counting).
-     [Dean Gaudet]
-
-  *) EXTRA_LFLAGS was changed to EXTRA_LDFLAGS (and LFLAGS was changed
-     to LDFLAGS) to avoid complications with lex rules in make files.
-     [Dean Gaudet] PR#372
-
-  *) run_method optimized to avoid needless scanning over NULLs in the
-     module list.  [Dean Gaudet]
-
-  *) Revamp of (unix) scoreboard management code such that it avoids
-     unnecessary traversals of the scoreboard on each hit.  This is
-     particularly important for high volume sites with a large
-     HARD_SERVER_LIMIT.  Some of the previous operations were O(n^2),
-     and are now O(n).  See also SCOREBOARD_MAINTENANCE_INTERVAL in
-     httpd.h. [Dean Gaudet]
-
-  *) In configurations using multiple Listen statements it was possible for
-     busy sockets to starve other sockets of service.  [Dean Gaudet]
-
-  *) Added hook so standalone_main can be replaced at compile time
-     (define STANDALONE_MAIN)
-     [Doug MacEachern]
-
-  *) Lowest-level read/write functions in buff.c will be replaced with
-     the SFIO library calls sfread/sfwrite if B_SFIO is defined at
-     compile time.  The default sfio discipline will behave as apache
-     would without sfio compiled in.
-     [Doug MacEachern]
-
-  *) Enhance UserDir directive (mod_userdir) to accept a list of
-     usernames for the 'disable' keyword, and add 'enable user...' to
-     selectively *en*able userdirs if they're globally disabled.
-     [Ken Coar]
-
-  *) If NETSCAPE_DBM_COMPAT is defined in EXTRA_CFLAGS then Apache
-     will work with Netscape dbm files.  (dbmmanage will probably not
-     work however.) [Alexander Spohr <aspohr@netmatic.com>] PR#444
-
-  *) Add a ListenBacklog directive to control the backlog parameter
-     passed to listen().  Also change the default to 511 from 512.
-     [Marc Slemko]
-
-  *) API: A new handler response DONE which informs apache that the
-     request has been handled and it can finish off quickly, similar to
-     how it handles errors. [Rob Hartill]
-
-  *) Turn off chunked encoding after sending terminating chunk/footer
-     so that we can't do it twice by accident. [Roy Fielding]
-
-  *) mod_expire also issues Cache-Control: max-age headers.
-     [Rob Hartill]
-
-  *) API: Added kill_only_once option for free_proc_chain so that it won't
-     aggressively try to kill off specific children.  For fastcgi.
-     [Stanley Gambarin <gambarin@OpenMarket.com>]
-
-  *) mod_auth deals with extra ':' delimited fields.  [Marc Slemko]
-
-  *) Added IconHeight and IconWidth to mod_dir's IndexOptions directive.
-     When used together, these cause mod_dir to emit HEIGHT and WIDTH
-     attributes in the FancyIndexing IMG tags.  [Ken Coar]
-
-  *) PORT: Sequent and SONY NEWS-OS support added.  [Jim Jagielski]
-
-  *) PORT: Added Windows NT support
-     [Ben Laurie and Ambarish Malpani <ambarish@valicert.com>]
-
-Changes with Apache 1.2.6
-
-  *) mod_include when using XBitHack Full would send ETags in addition to
-     sending Last-Modifieds.  This is incorrect HTTP/1.1 behaviour.
-     [Dean Gaudet] PR#1133
-
-  *) SECURITY: When a client connects to a particular port/addr, and
-     gives a Host: header ensure that the virtual host requested can
-     actually be reached via that port/addr.  [Ed Korthof <ed@organic.com>]
-
-  *) Support virtual hosts with wildcard port and/or multiple ports
-     properly.  [Ed Korthof <ed@organic.com>]
-
-  *) Fixed some case-sensitivity issues according to RFC2068.
-     [Dean Gaudet]
-
-  *) Set r->allowed properly in mod_asis.c, mod_dir.c, mod_info.c,
-     and mod_include.c.  [Dean Gaudet]
-
-  *) Variable 'cwd' was being used pointlessly before being set.
-     [Ken Coar] PR#1738
-
-  *) SIGURG doesn't exist on all platforms.
-     [Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
-
-  *) When an error occurs during a POST, or other operation with a
-     request body, the body has to be read from the net before allowing
-     a keepalive session to continue.  [Roy Fielding] PR#1399
-
-  *) When an error occurs in fcntl() locking suggest the user look up
-     the docs for LockFile.  [Dean Gaudet]
-
-  *) table_set() and table_unset() did not deal correctly with
-     multiple occurrences of the same key. [Stephen Scheck
-     <sscheck@infonex.net>, Ben Laurie] PR#1604
-
-  *) send_fd_length() did not calculate total_bytes_sent properly in error
-     cases.  [Ben Reser <breser@regnow.com>] PR#1366
-
-  *) r->connection->user was allocated in the wrong pool causing corruption
-     in some cases when used with mod_cern_meta.  [Dean Gaudet] PR#1500
-
-  *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
-     Also removed the auto-generated link to www.apache.org that was the
-     source of so many misdirected bug reports.  [Roy Fielding, Marc Slemko]
-
-  *) Multiple "close" tokens may have been set in the "Connection"
-     header, not an error, but a waste.
-     [Ronald.Tschalaer@psi.ch] PR#1683
-
-  *) "basic" and "digest" auth tokens should be tested case-insensitive.
-     [Ronald.Tschalaer@psi.ch] PR#1599, PR#1666
-
-  *) It appears the "257th byte" bug (see
-     htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
-     at the 256th byte as well.  Fixed.  [Dean Gaudet]
-
-  *) mod_rewrite would not handle %3f properly in some situations.
-     [Ralf Engelschall]
-
-  *) Apache could generate improperly chunked HTTP/1.1 responses when
-     the bputc() or rputc() functions were used by modules (such as
-     mod_include).  [Dean Gaudet]
-
-  *) #ifdef wrap a few #defines in httpd.h to make life easier on
-     some ports.  [Ralf Engelschall]
-
-  *) Fix MPE compilation error in mod_usertrack.c.  [Mark Bixby]
-
-  *) Quote CC='$(CC)' to improve recurse make calls.  [Martin Kraemer]
-
-  *) Avoid B_ERROR redeclaration on sysvr4 systems.  [Martin Kraemer]
-
-Changes with Apache 1.2.5
-
-  *) SECURITY: Fix a possible buffer overflow in logresolve.  This is
-     only an issue on systems without a MAXDNAME define or where 
-     the resolver returns domain names longer than MAXDNAME.  [Marc Slemko]
-
-  *) Fix an improper length in an ap_snprintf call in proxy_date_canon().
-     [Marc Slemko]
-
-  *) Fix core dump in the ftp proxy when reading incorrectly formatted
-     directory listings.  [Marc Slemko]
-
-  *) SECURITY: Fix possible minor buffer overflow in the proxy cache.
-     [Marc Slemko]
-
-  *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
-     is used to read various types of files such as htaccess and 
-     htpasswd files.  [Marc Slemko]
-
-  *) SECURITY: Ensure that the buffer returned by ht_time is always
-     properly null terminated.  [Marc Slemko]
-
-  *) SECURITY: General mod_include cleanup, including fixing several
-     possible buffer overflows and a possible infinite loop.  This cleanup
-     was done against 1.3 code and then backported to 1.2, the result
-     is a large difference (due to indentation cleanup in 1.3 code).
-     Users interested in seeing a smaller set of relevant differences
-     should consider comparing against src/modules/standard/mod_include.c
-     from the 1.3b3 release.  Non-indentation changes to mod_include
-     between 1.2 and 1.3 were minimal.  [Dean Gaudet, Marc Slemko]
-
-  *) SECURITY: Numerous changes to mod_imap in a general cleanup
-     including fixing a possible buffer overflow.  This cleanup also
-     was done with 1.3 code as a basis, see the the previous note
-     about mod_include.  [Dean Gaudet]
-
-  *) SECURITY: If a htaccess file can not be read due to bad 
-     permissions, deny access to the directory with a HTTP_FORBIDDEN.  
-     The previous behavior was to ignore the htaccess file if it could not
-     be read.  This change may make some setups with unreadable
-     htaccess files stop working.  [Marc Slemko]  PR#817
-
-  *) SECURITY: no2slash() was O(n^2) in the length of the input.  
-     Make it O(n).  This inefficiency could be used to mount a denial 
-     of service attack against the Apache server.  Thanks to 
-     Michal Zalewski <lcamtuf@boss.staszic.waw.pl> for reporting
-     this.  [Dean Gaudet]
-
-  *) mod_include used uninitialized data for some uses of && and ||.
-     [Brian Slesinsky <bslesins@wired.com>] PR#1139
-
-  *) mod_imap should decline all non-GET methods.
-     [Jay Bloodworth <jay@pathways.sde.state.sc.us>]
-
-  *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
-
-  *) mod_userdir was modifying r->finfo in cases where it wasn't setting
-     r->filename.  Since those two are meant to be in sync with each other
-     this is a bug.  ["Paul B. Henson" <henson@intranet.csupomona.edu>]
-
-  *) mod_include did not properly handle all possible redirects from sub-
-     requests.  [Ken Coar]
-
-  *) Inetd mode (which is buggy) uses timeouts without having setup the
-     jmpbuffer. [Dean Gaudet] PR#1064
-
-  *) Work around problem under Linux where a child will start looping
-     reporting a select error over and over.
-     [Rick Franchuk <rickf@transpect.net>] PR#1107
-
-Changes with Apache 1.2.4
-
-  *) The ProxyRemote change in 1.2.3 introduced a bug resulting in the proxy
-     always making requests with the full-URI instead of just the URI path.
-     [Marc Slemko, Roy Fielding]
-
-  *) Add -lm for AIX versions >= 4.2 to allow Apache to link properly
-     on this platform.  [Marc Slemko]
-
-Changes with Apache 1.2.3
-
-  *) The request to a remote proxy was mangled if it was generated as the
-     result of a ProxyPass directive. URL schemes other than http:// were not
-     supported when ProxyRemote was used. [Lars Eilebrecht] PR#260, PR#656,
-     PR#699, PR#713, PR#812
-
-  *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
-     information for case where proxy module is not available. [Marc Slemko]
-
-  *) Force proxy to always respond as HTTP/1.0, which it was failing to
-     do for errors and cached responses.  [Roy Fielding]
-
-  *) PORT: Improved support for ConvexOS 11.  [Jeff Venters]
-
-Changes with Apache 1.2.2 [not released]
-
-  *) Fixed another long-standing bug in sub_req_lookup_file where it would
-     happily skip past access checks on subdirectories looked up with relative
-     paths.  (It's used by mod_dir, mod_negotiation, and mod_include.)
-     [Dean Gaudet]
-
-  *) Add lockfile name to error message printed out when
-     USE_FLOCK_SERIALIZED_ACCEPT is defined.
-     [Marc Slemko]
-
-  *) Enhanced the chunking and error handling inside the buffer functions.
-     [Dean Gaudet, Roy Fielding]
-
-  *) When merging the main server's <Directory> and <Location> sections into
-     a vhost, put the main server's first and the vhost's second.  Otherwise
-     the vhost can't override the main server.  [Dean Gaudet] PR#717
-
-  *) The <Directory> code would merge and re-merge the same section after
-     a match was found, possibly causing problems with some modules.
-     [Dean Gaudet]
-
-  *) Fixed an infinite loop in mod_imap for references above the server root.
-     [Dean Gaudet] PR#748
-
-  *) mod_include cleanup showed that handle_else was being used to handle
-     endif.  It didn't cause problems, but it was cleaned up too.
-     [Howard Fear]
-
-  *) Last official synchronization of mod_rewrite with author version (because
-     mod_rewrite is now directly developed by the author at the Apache Group):
-     o added diff between mod_rewrite 3.0.6+ and 3.0.9
-       minus WIN32/NT stuff, but plus copyright removement.
-       In detail:
-       - workaround for detecting infinite rewriting loops
-       - fixed setting of env vars when "-" is used as subst string
-       - fixed forced response code on redirects (PR#777)
-       - fixed cases where r->args is ""
-       - kludge to disable locking on pipes under braindead SunOS
-       - fix for rewritelog in cases where remote hostname is unknown
-       - fixed totally damaged request_rec walk-back loop
-     o remove static from local data and add static to global ones.
-     o replaced ugly proxy finding stuff by simple
-       find_linked_module("mod_proxy") call.
-     o added missing negation char on rewritelog()
-     o fixed a few comment typos
-     [Ralf S. Engelschall]
-
-  *) Anonymous_LogEmail was logging on each subrequest.
-     [Dean Gaudet] PR#421, PR#868
-
-  *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
-     begin with.  "nokeepalive" now works for HTTP/1.1 clients.  Added
-     "downgrade-1.0" which causes Apache to pretend it received a 1.0.
-     Additionally mod_browser now triggers during translate_name to workaround
-     a deficiency in the header_parse phase.
-     [Dean Gaudet] PR#875
-
-  *) get_client_block() returns wrong length if policy is 
-     REQUEST_CHUNKED_DECHUNK.
-     [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
-
-  *) Properly treat <files> container like other containers in mod_info.
-     [Marc Slemko] PR#848
-
-  *) The proxy didn't treat the "Host:" keyword of the host header as case-
-     insensitive.  The proxy would corrupt the first line of a response from
-     an HTTP/0.9 server.  [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#813,814
-
-  *) mod_include would log some bogus values occasionally.
-     [Skip Montanaro <skip@calendar.com>, Marc Slemko] PR#797
-
-  *) PORT: The slack fd changes in 1.2.1 introduced a problem with SIGHUP
-     under Solaris 2.x (up through 2.5.1).  It has been fixed.
-     [Dean Gaudet] PR#832
-
-  *) API: In HTTP/1.1, whether or not a request message contains a body
-     is independent of the request method and based solely on the presence
-     of a Content-Length or Transfer-Encoding.  Therefore, our default
-     handlers need to be prepared to read a body even if they don't know
-     what to do with it; otherwise, the body would be mistaken for the
-     next request on a persistent connection.  discard_request_body()
-     has been added to take care of that.  [Roy Fielding] PR#378
-
-  *) API: Symbol APACHE_RELEASE provides a numeric form of the Apache
-     release version number, such that it always increases along the
-     same lines as our source code branching.  [Roy Fielding]
-
-  *) Minor oversight on multiple variants fixed.  [Paul Sutton] PR#94
-
-Changes with Apache 1.2.1
-
-  *) SECURITY: Don't serve file system objects unless they are plain files,
-     symlinks, or directories.  This prevents local users from using pipes
-     or named sockets to invoke programs for an extremely crude form of
-     CGI.  [Dean Gaudet]
-
-  *) SECURITY: HeaderName and ReadmeName were settable in .htaccess and
-     could contain "../" allowing a local user to "publish" any file on
-     the system.  No slashes are allowed now.  [Dean Gaudet]
-
-  *) SECURITY: It was possible to violate the symlink Options using mod_dir
-     (headers, readmes, titles), mod_negotiation (type maps), or
-     mod_cern_meta (meta files).  [Dean Gaudet]
-
-  *) SECURITY: Apache will refuse to run as "User root" unless
-     BIG_SECURITY_HOLE is defined at compile time.  [Dean Gaudet]
-
-  *) CONFIG: If a symlink pointed to a directory then it would be disallowed
-     if it contained a .htaccess disallowing symlinks.  This is contrary
-     to the rule that symlink permissions are tested with the symlink
-     options of the parent directory.  [Dean Gaudet] PR#353
-
-  *) CONFIG: The LockFile directive can be used to place the serializing
-     lockfile in any location.  It previously defaulted to /usr/tmp/htlock.
-     [Somehow it took four of us: Randy Terbush, Jim Jagielski, Dean Gaudet,
-     Marc Slemko]
-
-  *) Request processing now retains state of whether or not the request
-     body has been read, so that internal redirects and subrequests will
-     not try to read it twice (and block). [Roy Fielding]
-
-  *) Add a placeholder in modules/Makefile to avoid errors with certain
-     makes. [Marc Slemko]
-
-  *) QUERY_STRING was unescaped in mod_include, it shouldn't be.
-     [Dean Gaudet] PR#644
-
-  *) mod_include was not properly changing the current directory.
-     [Marc Slemko] PR#742
-
-  *) Attempt to work around problems with third party libraries that do not
-     handle high numbered descriptors (examples include bind, and
-     solaris libc).  On all systems apache attempts to keep all permanent
-     descriptors above 15 (called the low slack line).  Solaris users
-     can also benefit from adding -DHIGH_SLACK_LINE=256 to EXTRA_CFLAGS
-     which keeps all non-FILE * descriptors above 255.  On all systems
-     this should make supporting large numbers of vhosts with many open
-     log files more feasible.  If this causes trouble please report it,
-     you can disable this workaround by adding -DNO_SLACK to EXTRA_CFLAGS.
-     [Dean Gaudet] various PRs
-
-  *) Related to the last entry, network sockets are now opened before
-     log files are opened.  The only known case where this can cause
-     problems is under Solaris with many virtualhosts and many Listen
-     directives.  But using -DHIGH_SLACK_LINE=256 described above will
-     work around this problem.  [Dean Gaudet]
-
-  *) USE_FLOCK_SERIALIZED_ACCEPT is now default for FreeBSD, A/UX, and
-     SunOS 4.
-
-  *) Improved unix error response logging.  [Marc Slemko]
-
-  *) Update mod_rewrite from 3.0.5 to 3.0.6.  New ruleflag
-     QSA=query_string_append.  Also fixed a nasty bug in per-dir context:
-     when a URL http://... was used in conjunction with a special
-     redirect flag, e.g. R=permanent, the permanent status was lost.
-     [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>, Ralf S. Engelschall]
-
-  *) If an object has multiple variants that are otherwise equal Apache
-     would prefer the last listed variant rather than the first.
-     [Paul Sutton] PR#94
-
-  *) "make clean" at the top level now removes *.o.  [Dean Gaudet] PR#752
-
-  *) mod_status dumps core in inetd mode.  [Marc Slemko and Roy Fielding]
-     PR#566
-
-  *) pregsub had an off-by-1 in its error checking code. [Alexei Kosut]
-
-  *) PORT: fix rlim_t problems with AIX 4.2. [Marc Slemko] PR#333
-
-  *) PORT: Update UnixWare support for 2.1.2.
-     [Lawrence Rosenman <ler@lerctr.org>] PR#511
-
-  *) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim@tandem.com>] PR#327
-
-  *) PORT: Update ConvexOS support for 11.5.
-     [David DeSimone <fox@convex.com>] PR#399
-
-  *) PORT: Support for DEC cc compiler under ULTRIX.
-     ["P. Alejandro Lopez-Valencia" <alejolo@ideam.gov.co>] PR#388
-
-  *) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383
-
-  *) PORT: Workaround for AIX 3.x compiler bug in http_bprintf.c.  
-     [Marc Slemko] PR#725
-
-  *) PORT: fix problem compiling http_bprintf.c with gcc under SCO
-     [Marc Slemko] PR#695
-
-Changes with Apache 1.2
-
-Changes with Apache 1.2b11
-
-  *) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko]
-
-  *) Added undocumented perl SSI mechanism for -DUSE_PERL_SSI and mod_perl.
-     [Doug MacEachern, Rob Hartill]
-
-  *) Proxy needs to use hard_timeout instead of soft_timeout when it is
-     reading from one buffer and writing to another, at least until it has
-     a custom timeout handler.  [Roy Fielding and Petr Lampa]
-
-  *) Fixed problem on IRIX with servers hanging in IdentityCheck,
-     apparently due to a mismatch between sigaction and setjmp.
-     [Roy Fielding] PR#502
-
-  *) Log correct status code if we timeout before receiving a request (408)
-     or if we received a request-line that was too long to process (414).
-     [Ed Korthof and Roy Fielding] PR#601
-
-  *) Virtual hosts with the same ServerName, but on different ports, were
-     not being selected properly.  [Ed Korthof]
-
-  *) Added code to return the requested IP address from proxy_host2addr()
-     if gethostbyaddr() fails due to reverse DNS lookup problems. Original
-     change submitted by Jozsef Hollosi <hollosi@sbcm.com>.
-     [Chuck Murcko] PR#614
-
-  *) If multiple requests on a single connection are used to retrieve
-     data from different virtual hosts, the virtual host list would be
-     scanned starting with the most recently used VH instead of the first,
-     causing most virtual hosts to be ignored.
-     [Paul Sutton and Martin Mares] PR#610
-
-  *) The OS/2 handling of process group was broken by a porting patch for
-     MPE, so restored prior code for OS/2.  [Roy Fielding and Garey Smiley]
-
-  *) Inherit virtual server port from main server if none (or "*") is
-     given for VirtualHost.  [Dean Gaudet] PR#576
-
-  *) If the lookup for a DirectoryIndex name with content negotiation
-     has found matching variants, but none are acceptable, return the
-     negotiation result if there are no more DirectoryIndex names to lookup.
-     [Petr Lampa and Roy Fielding]
-
-  *) If a soft_timeout occurs after keepalive is set, then the main child
-     loop would try to read another request even though the connection
-     has been aborted.  [Roy Fielding]
-
-  *) Configure changes: Allow for whitespace at the start of a
-     Module declaration. Also, be more understanding about the
-     CC=/OPTIM= format in Configuration. Finally, fix compiler
-     flags if using HP-UX's cc compiler. [Jim Jagielski]
-
-  *) Subrequests and internal redirects now inherit the_request from the
-     original request-line. [Roy Fielding]
-
-  *) Test for error conditions before creating output header fields, since
-     we don't want the error message to include those fields.  Likewise,
-     reset the content_language(s) and content_encoding of the response
-     before generating or redirecting to an error message, since the new
-     message will have its own Content-* definitions. [Dean Gaudet]
-
-  *) Restored the semantics of headers_out (headers sent only with 200..299
-     and 304 responses) and err_headers_out (headers sent with all responses).
-     Avoid the overhead of copying tables if err_headers_out is empty
-     (the usual case).  [Roy Fielding]
-
-  *) Fixed a couple places where a check for the default Content-Type was
-     not properly checking both the value configured by the DefaultType
-     directive and the DEFAULT_TYPE symbol in httpd.h.  Changed the value
-     of DEFAULT_TYPE to match the documented default (text/plain).
-     [Dean Gaudet] PR#506
-
-  *) Escape the HTML-sensitive characters in the Request-URI that is
-     output for each child by mod_status. [Dean Gaudet and Ken Coar] PR#501
-
-  *) Properly initialize the flock structures used by the mutex locking
-     around accept() when USE_FCNTL_SERIALIZED_ACCEPT is defined.
-     [Marc Slemko]
-
-  *) The method for determining PATH_INFO has been restored to the pre-1.2b
-     (and NCSA httpd) definition wherein it was the extra path info beyond
-     the CGI script filename.  The environment variable FILEPATH_INFO has
-     been removed, and instead we supply the original REQUEST_URI to any
-     script that wants to be Apache-specific and needs the real URI path.
-     This solves a problem with existing scripts that use extra path info
-     in the ScriptAlias directive to pass options to the CGI script.
-     [Roy Fielding]
-
-  *) The _default_ change in 1.2b10 will change the behaviour on configs
-     that use multiple Listen statements for listening on multiple ports.
-     But that change is necessary to make _default_ consistent with other
-     forms of <VirtualHost>.  It requires such configs to be modified
-     to use <VirtualHost _default_:*>.  The documentation has been
-     updated.  [Dean Gaudet] PR#530
-
-  *) If an ErrorDocument CGI script is used to respond to an error
-     generated by another CGI script which has already read the message
-     body of the request, the server would block trying to read the
-     message body again.  [Rob Hartill]
-
-  *) signal() replacement conflicted with a define on QNX (and potentially
-     other platforms). Fixed. [Ben Laurie] PR#512
-
-Changes with Apache 1.2b10
-
-  *) Allow HTTPD_ROOT, SERVER_CONFIG_FILE, DEFAULT_PATH, and SHELL_PATH
-     to be configured via -D in Configuration.  [Dean Gaudet] PR#449
-
-  *) <VirtualHost _default_:portnum> didn't work properly.  [Dean Gaudet]
-
-  *) Added prototype for mktemp() for SUNOS4 [Marc Slemko]
-
-  *) In mod_proxy.c, check return values for proxy_host2addr() when reading
-     config, in case the hostent struct returned is trash.
-     [Chuck Murcko] PR #491
-
-  *) Fixed the fix in 1.2b9 for parsing URL query info into args for CGI
-     scripts.  [Dean Gaudet, Roy Fielding, Marc Slemko]
-
-Changes with Apache 1.2b9  [never announced]
-
-  *) Reset the MODULE_MAGIC_NUMBER to account for the unsigned port
-     changes and in anticipation of 1.2 final release.  [Roy Fielding]
-
-  *) Fix problem with scripts not receiving a SIGPIPE when client drops
-     the connection (e.g., when user presses Stop).  Apache will now stop
-     trying to send a message body immediately after an error from write.
-     [Roy Fielding and Nathan Kurz] PR#335
-
-  *) Rearrange Configuration.tmpl so that mod_rewrite has higher priority
-     than mod_alias, and mod_alias has higher priority than mod_proxy;
-     rearranged other modules to enhance understanding of their purpose
-     and relative order (and maybe even reduce some overhead).
-     [Roy Fielding and Sameer Parekh]
-
-  *) Fix graceful restart.  Eliminate many signal-related race
-     conditions in both forms of restart, and in SIGTERM.  See
-     htdocs/manual/stopping.html for details on stopping and
-     restarting the parent.  [Dean Gaudet]
-
-  *) Fix memory leaks in mod_rewrite, mod_browser, mod_include.  Tune
-     memory allocator to avoid a behaviour that required extra blocks to
-     be allocated.  [Dean Gaudet]
-
-  *) Allow suexec to access files relative to current directory but not
-     above.  (Excluding leading / or any .. directory.)  [Ken Coar]
-     PR#269, 319, 395
-
-  *) Fix suexec segfault when group doesn't exist. [Gregory Neil Shapiro]
-     PR#367, 368, 354, 453
-
-  *) Fix the above fix: if suexec is enabled, avoid destroying r->url
-     while obtaining the /~user and save the username in a separate data
-     area so that it won't be overwritten by the call to getgrgid(), and
-     fix some misuse of the pool string allocation functions.  Also fixes
-     a general problem with parsing URL query info into args for CGI scripts.
-     [Roy Fielding] PR#339, 367, 354, 453
-
-  *) Fix IRIX warning about bzero undefined. [Marc Slemko]
-
-  *) Fix problem with <Directory proxy:...>. [Martin Kraemer] PR#271
-
-  *) Corrected spelling of "authoritative".  AuthDBAuthoratative became
-     AuthDBAuthoritative. [Marc Slemko] PR#420
-
-  *) MaxClients should be at least 1. [Lars Eilebrecht] PR#375
-
-  *) The default handler now logs invalid methods or URIs (i.e. PUT on an
-     object that can't be PUT, or FOOBAR for some method FOOBAR that
-     apache doesn't know about at all).  Log 404s that occur in mod_include.
-     [Paul Sutton, John Van Essen]
-
-  *) If a soft timeout (or lingerout) occurs while trying to flush a
-     buffer or write inside buff.c or fread'ing from a CGI's output,
-     then the timeout would be ignored. [Roy Fielding] PR#373
-
-  *) Work around a bug in Netscape Navigator versions 2.x, 3.x and 4.0b2's
-     parsing of headers.  If the terminating empty-line CRLF occurs starting
-     at the 256th or 257th byte of output, then Navigator will think a normal
-     image is invalid.  We are guessing that this is because their initial
-     read of a new request uses a 256 byte buffer. We check the bytes written
-     so far and, if we are about to tickle the bug, we instead insert a
-     padding header of eminent bogosity. [Roy Fielding and Dean Gaudet] PR#232
-
-  *) Fixed SIGSEGV problem when a DirectoryIndex file is also the source
-     of an external redirection.  [Roy Fielding and Paul Sutton]
-
-  *) Configure would create a broken Makefile if the configuration file
-     contained a commented-out Rule.  [Roy Fielding]
-
-  *) Promote per_dir_config and subprocess_env from the subrequest to the
-     main request in mod_negotiation.  In particular this fixes a bug
-     where <Files> sections wouldn't properly apply to negotiated content.
-     [Dean Gaudet]
-
-  *) Fix a potential deadlock in mod_cgi script_err handling.
-     [Ralf S. Engelschall]
-
-  *) rotatelogs zero-pads the logfile names to improve alphabetic sorting.
-     [Mitchell Blank Jr]
-
-  *) Updated mod_rewrite to 3.0.4: Fixes HTTP redirects from within
-     .htaccess files because the RewriteBase was not replaced correctly.
-     Updated mod_rewrite to 3.0.5: Fixes problem with rewriting inside
-     <Directory> sections missing a trailing /.  [Ralf S. Engelschall]
-
-  *) Clean up Linux settings in conf.h by detecting 2.x versus 1.x.  For
-     1.x the settings are those of pre-1.2b8.  For 2.x we include
-     USE_SHMGET_SCOREBOARD (scoreboard in shared memory rather than file) and
-     HAVE_SYS_RESOURCE_H (enable the RLimit commands).
-     [Dean Gaudet] PR#336, PR#340
-
-  *) Redirect did not preserve ?query_strings when present in the client's
-     request.  [Dean Gaudet]
-
-  *) Configure was finding non-modules on EXTRA_LIBS. [Frank Cringle] PR#380
-
-  *) Use /bin/sh5 on ULTRIX.  [P. Alejandro Lopez-Valencia] PR#369
-
-  *) Add UnixWare compile/install instructions.  [Chuck Murcko]
-
-  *) Add mod_example (illustration of API techniques).  [Ken Coar]
-
-  *) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko]
-
-  *) Improve handling of directories when filenames have spaces in them.
-     [Chuck Murcko]
-
-  *) For hosts with multiple IP addresses, try all additional addresses if
-     necessary to get a connect. Fail only if hostent address list is
-     exhausted. [Chuck Murcko]
-
-  *) More signed/unsigned port fixes.  [Dean Gaudet]
-
-  *) HARD_SERVER_LIMIT can be defined in the Configuration file now.
-     [Dean Gaudet]
-
-Changes with Apache 1.2b8
-
-  *) suexec.c doesn't close the log file, allowing CGIs to continue writing
-     to it.  [Marc Slemko]
-
-  *) The addition of <Location> and <File> directives made the
-     sub_req_lookup_simple() function bogus, so we now handle
-     the special cases directly.  [Dean Gaudet]
-
-  *) We now try to log where the server is dumping core when a fatal
-     signal is received.  [Ken Coar]
-
-  *) Improved lingering_close by adding a special timeout, removing the
-     spurious log messages, removing the nonblocking settings (they
-     are not needed with the better timeout), and adding commentary
-     about the NO_LINGCLOSE and USE_SO_LINGER issues.  NO_LINGCLOSE is
-     now the default for SunOS4, UnixWare, NeXT, and IRIX.  [Roy Fielding]
-
-  *) Send error messages about setsockopt failures to the server error
-     log instead of stderr.  [Roy Fielding]
-
-  *) Fix loopholes in proxy cache expiry vis a vis alarms. [Brian Moore]
-
-  *) Stopgap solution for CGI 3-second delay with server-side includes: if
-     processing a subrequest, allocate memory from r->main->pool instead
-     of r->pool so that we can avoid waiting for free_proc_chain to cleanup
-     in the middle of an SSI request.  [Dean Gaudet] PR #122
-
-  *) Fixed status of response when POST is received for a nonexistent URL
-     (was sending 405, now 404) and when any method is sent with a
-     full-URI that doesn't match the server and the server is not acting
-     as a proxy (was sending 501, now 403).  [Roy Fielding]
-
-  *) Host port changed to unsigned short. [Ken Coar] PR #276
-
-  *) Fix typo in command definition of AuthAuthoritative. [Ken Coar] PR #246
-
-  *) Defined USE_SHMGET_SCOREBOARD for shared memory on Linux.  [Dean Gaudet]
-
-  *) Report extra info from errno with many errors that cause httpd to exit.
-     spawn_child, popenf, and pclosef now have valid errno returns in the
-     event of an error.  Correct problems where errno was stomped on
-     before being reported.  [Dean Gaudet]
-
-  *) In the proxy, if the cache filesystem was full, garbage_coll() was
-     never called, and thus the filesystem would remain full indefinitely.
-     We now also remove incomplete cache files left if the origin server
-     didn't send a Content-Length header and either the client has aborted
-     transfer or bwrite() to client has failed. [Petr Lampa]
-
-  *) Fixed the handling of module and script-added header fields.
-     Improved the interface for sending header fields and reduced
-     the duplication of code between sending okay responses and errors.
-     We now always send both headers_out and err_headers_out, and
-     ensure that the server-reserved fields are not being overridden,
-     while not overriding those that are not reserved.  [Roy Fielding]
-
-  *) Moved transparent content negotiation fields to err_headers_out
-     to reflect above changes.  [Petr Lampa]
-
-  *) Fixed the determination of whether or not we should make the
-     connection persistent for all of the cases where some other part
-     of the server has already indicated that we should not.  Also
-     improved the ordering of the test so that chunked encoding will
-     be set whenever it is desired instead of only when KeepAlive
-     is enabled. Added persistent connection capability for most error
-     responses (those that do not indicate a bad input stream) when
-     accessed by an HTTP/1.1 client. [Roy Fielding]
-
-  *) Added missing timeouts for sending header fields, error responses,
-     and the last chunk of chunked encoding, each of which could have
-     resulted in a process being stuck in write forever.  Using soft_timeout
-     requires that the sender check for an aborted connection rather than
-     continuing after an EINTR.  Timeouts that used to be initiated before
-     send_http_header (and never killed) are now initiated only within or
-     around the routines that actually do the sending, and not allowed to
-     propagate above the caller.  [Roy Fielding]
-
-  *) mod_auth_anon required an @ or a . in the email address, not both.
-     [Dirk vanGulik]
-
-  *) per_dir_defaults weren't set correctly until directory_walk for
-     name-based vhosts.  This fixes an obscure bug with the wrong config
-     info being used for vhosts that share the same ip as the server.
-     [Dean Gaudet]
-
-  *) Improved generation of modules/Makefile to be more generic for
-     new module directories. [Ken Coar, Chuck Murcko, Roy Fielding]
-
-  *) Generate makefile dependency for Configuration based on the actual
-     name given when running the Configure process.  [Dean Gaudet]
-
-  *) Fixed problem with vhost error log not being set prior to
-     initializing virtual hosts. [Dean Gaudet]
-
-  *) Fixed infinite loop when a trailing slash is included after a type map
-     file URL (extra path info). [Petr Lampa]
-
-  *) Fixed server status updating of per-connection counters. [Roy Fielding]
-
-  *) Add documentation for DNS issues (reliability and security), and try
-     to explain the virtual host matching process.  [Dean Gaudet]
-
-  *) Try to continue gracefully by disabling the vhost if a DNS lookup
-     fails while parsing the configuration file.  [Dean Gaudet]
-
-  *) Improved calls to setsockopt.  [Roy Fielding]
-
-  *) Negotiation changes: Don't output empty content-type in variant list;
-     Output charset in variant list; Return sooner from handle_multi() if
-     no variants found; Add handling of '*' wildcard in Accept-Charset.
-     [Petr Lampa and Paul Sutton]
-
-  *) Fixed overlaying of request/sub-request notes and headers in
-     mod_negotiation.  [Dean Gaudet]
-
-  *) If two variants' charset quality are equal and one is the default
-     charset (iso-8859-1), then prefer the variant that was specifically
-     listed in Accept-Charset instead of the default.  [Petr Lampa]
-
-  *) Memory allocation problem in push_array() -- it would corrupt memory
-     when nalloc==0.  [Kai Risku <krisku@tf.hut.fi> and Roy Fielding]
-
-  *) invoke_handler() doesn't handle mime arguments in content-type
-     [Petr Lampa] PR#160
-
-  *) Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum.
-     [Ken Coar]
-
-  *) Fixed problem with ErrorDocument not working for virtual hosts
-     due to one of the performance changes in 1.2b7. [Dean Gaudet]
-
-  *) Log an error message if we get a request header that is too long,
-     since it may indicate a buffer overflow attack. [Marc Slemko]
-
-  *) Made is_url() allow "[-.+a-zA-Z0-9]+:" as a valid scheme and
-     not reject URLs without a double-slash, as per RFC2068 section 3.2.
-     [Ken Coar] PR #146, #187
-
-  *) Added table entry placeholder for new header_parser callback
-     in all of the distributed modules. [Ken Coar] PR #191
-
-  *) Allow for cgi files without the .EXE extension on them under OS/2.
-     [Garey Smiley] PR #59
-
-  *) Fixed error message when resource is not found and URL contains
-     path info. [Petr Lampa and Dean Gaudet] PR #40
-
-  *) Fixed user and server confusion over what should be a virtual host
-     and what is the main server, resulting in access to something
-     other than the name defined in the virtualhost directive (but
-     with the same IP address) failing. [Dean Gaudet]
-
-  *) Updated mod_rewrite to version 3.0.2, which: fixes compile error on
-     AIX; improves the redirection stuff to enable the users to generally
-     redirect to http, https, gopher and ftp; added TIME variable for
-     RewriteCond which expands to YYYYMMDDHHMMSS strings and added the
-     special patterns >STRING, <STRING and =STRING to RewriteCond, which
-     can be used in conjunction with %{TIME} or other variables to create
-     time-dependent rewriting rules. [Ralf S. Engelschall]
-
-  *) bpushfd() no longer notes cleanups for the file descriptors it is handed.
-     Module authors may need to adjust their code for proper cleanup to take
-     place (that is, call note_cleanups_for_fd()). This change fixes problems
-     with file descriptors being erroneously closed when the proxy module was
-     in use. [Ben Laurie]
-
-  *) Fix bug in suexec reintroduced by changes in 1.2b7 which allows
-     initgroups() to hose the group information needed for later
-     comparisons. [Randy Terbush]
-
-  *) Remove unnecessary call to va_end() in create_argv() which
-     caused a SEGV on some systems.
-
-  *) Use proper MAXHOSTNAMELEN symbol for limiting length of server name.
-     [Dean Gaudet]
-
-  *) Clear memory allocated for listeners. [Randy Terbush]
-
-  *) Improved handling of IP address as a virtualhost address and
-     introduced "_default_" as a synonym for the default vhost config.
-     [Dean Gaudet] PR #212
-
-Changes with Apache 1.2b7
-
-  *) Port to  UXP/DS(V20) [Toshiaki Nomura <nom@yk.fujitsu.co.jp>]
-
-  *) unset Content-Length if chunked (RFC-2068) [Petr Lampa]
-
-  *) mod_negotiation fixes [Petr Lampa] PR#157, PR#158, PR#159
-     - replace protocol response numbers with symbols
-     - save variant-list into main request notes
-     - free allocated memory from subrequests
-     - merge notes, headers_out and err_headers_out
-
-  *) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to
-     "HTTP/#.# ###*" to be more lenient about what we accept.
-     [Chuck Murcko]
-
-  *) more proxy FTP bug fixes:
-     - Changed send_dir() to remove user/passwd from displayed URL.
-     - Changed login error messages to be more descriptive.
-     - remove setting of SO_DEBUG socket option
-     - Make ftp_getrc() more lenient about multiline responses,
-       specifically, 230 responses which don't have continuation 230-
-       on each line). These seem to be all NT FTP servers, and while
-       perhaps questionable, they appear to be legal by RFC 959.
-     - Add missing kill_timeout() after transfer to user completes.
-     [Chuck Murcko]
-
-  *) Fixed problem where a busy server could hang when restarting
-     after being sent a SIGHUP due to child processes not exiting.
-     [Marc Slemko]
-
-  *) Modify mod_include escaping so a '\' only signifies an escaped
-     character if the next character is one that needs
-     escaping.  [Ben Laurie]
-
-  *) Eliminated possible infinite loop in mod_imap when relative URLs are
-     used with a 'base' directive that does not have a '/' in it.
-     [Marc Slemko, reported by Onno Witvliet <onno@tc.hsa.nl>]
-
-  *) Reduced the default timeout from 1200 seconds to 300, and the
-     one in the sample configfile from 400 to 300.  [Marc Slemko]
-
-  *) Stop vbprintf from crashing if given a NULL string pointer;
-     print (null) instead.  [Ken Coar]
-
-  *) Don't disable Nagle algorithm if system doesn't have TCP_NODELAY.
-     [Marc Slemko and Roy Fielding]
-
-  *) Fixed problem with mod_cgi-generated internal redirects trying to
-     read the request message-body twice. [Archie Cobbs and Roy Fielding]
-
-  *) Reduced timeout on lingering close, removed possibility of a blocked
-     read causing the child to hang, and stopped logging of errors if
-     the socket is not connected (reset by client).  [Roy Fielding]
-
-  *) Rearranged main child loop to remove duplication of code in
-     select/accept and keep-alive requests, fixed several bugs regarding
-     checking scoreboard_image for exit indication and failure to
-     account for all success conditions and trap all error conditions,
-     prevented multiple flushes before closing the socket; close the entire
-     socket buffer instead of just one descriptor, prevent logging of
-     EPROTO and ECONNABORTED on platforms where supported, and generally
-     improved readability.  [Roy Fielding]
-
-  *) Extensive performance improvements. Cleaned up inefficient use of
-     auto initializers, multiple is_matchexp calls on a static string,
-     and excessive merging of response_code_strings. [Dean Gaudet]
-
-  *) Added double-buffering to mod_include to improve performance on
-     server-side includes. [Marc Slemko]
-
-  *) Several fixes for suexec wrapper. [Randy Terbush]
-     - Make wrapper work for files on NFS filesystem.
-     - Fix portability problem of MAXPATHLEN.
-     - Fix array overrun problem in clean_env().
-     - Fix allocation of PATH environment variable
-
-  *) Removed extraneous blank line is description of mod_status chars.
-     [Kurt Kohler]
-
-  *) Logging of errors from the call_exec routine simply went nowhere,
-     since the logfile fd has been closed, so now we send them to stderr.
-     [Harald T. Alvestrand]
-
-  *) Fixed core dump when DocumentRoot is a CGI.
-     [Ben Laurie, reported by geddis@tesserae.com]
-
-  *) Fixed potential file descriptor leak in mod_asis; updated it and
-     http_core to use pfopen/pfclose instead of fopen/fclose.
-     [Randy Terbush and Roy Fielding]
-
-  *) Fixed handling of unsigned ints in ap_snprintf() on some chips such
-     as the DEC Alpha which is 64-bit but uses 32-bit ints.
-     [Dean Gaudet and Ken Coar]
-
-  *) Return a 302 response code to the client when sending a redirect
-     due to a missing trailing '/' on a directory instead of a 301; now
-     it is cacheable. [Markus Gyger]
-
-  *) Fix condition where, if a bad directive occurs in .htaccess, and
-     sub_request() goes first to this directory, then log_reason() will
-     SIGSEGV because it doesn't have initialized r->per_dir_config.
-     [PR#162 from Petr Lampa, fix by Marc Slemko and Dean Gaudet]
-
-  *) Fix handling of lang_index in is_variant_better().  This was
-     causing problems which resulted in the server sending the
-     wrong language document in some cases. [Petr Lampa]
-
-  *) Remove free() from clean_env() in suexec wrapper. This was nuking
-     the clean environment on some systems.
-
-  *) Tweak byteserving code (e.g. serving PDF files) to work around
-     bugs in Netscape Navigator and Microsoft Internet Explorer.
-     Emit Content-Length header when sending multipart/byteranges.
-     [Alexei Kosut]
-
-  *) Port to HI-UX/WE2. [Nick Maclaren]
-
-  *) Port to HP MPE operating system for HP 3000 machines
-     [Mark Bixby <markb@cccd.edu>]
-
-  *) Fixed bug which caused a segmentation fault if only one argument
-     given to RLimit* directives. [Ed Korthof]
-
-  *) Continue persistent connection after 204 or 304 response. [Dean Gaudet]
-
-  *) Improved buffered output to the client by delaying the flush decision
-     until the BUFF code is actually about to read the next request.
-     This fixes a problem introduced in 1.2b5 with clients that send
-     an extra CRLF after a POST request. Also improved chunked output
-     performance by combining writes using writev() and removing as
-     many bflush() calls as possible.  NOTE: Platforms without writev()
-     must add -DNO_WRITEV to the compiler CFLAGS, either in Configuration
-     or Configure, unless we have already done so.  [Dean Gaudet]
-
-  *) Fixed mod_rewrite bug which truncated the rewritten URL [Marc Slemko]
-
-  *) Fixed mod_info output corruption bug introduced by buffer overflow
-     fixes. [Dean Gaudet]
-
-  *) Fixed http_protocol to correctly output all HTTP/1.1 headers, including
-     for the special case of a 304 response.  [Paul Sutton]
-
-  *) Improved handling of TRACE method by bypassing normal method handling
-     and header parsing routines; fixed Allow response to always allow TRACE.
-     [Dean Gaudet]
-
-  *) Fixed compiler warnings in the regex library. [Dean Gaudet]
-
-  *) Cleaned-up some of the generated HTML. [Ken Coar]
-
-Changes with Apache 1.2b6
-
-  *) Allow whitespace in imagemap mapfile coordinates. [Marc Slemko]
-
-  *) Fix typo introduced in fix for potential infinite loop around
-     accept() in child_main(). This change caused the rev to 1.2b6.
-     1.2b5 was never a public beta.
-
-Changes with Apache 1.2b5
-
-  *) Change KeepAlive semantics (On|Off instead of a number), add
-     MaxKeepAliveRequests directive. [Alexei Kosut]
-
-  *) Various NeXT compilation patches, as well as a change in
-     regex/regcomp.c since that file also used a NEXT define.
-     [Andreas Koenig]
-
-  *) Allow * to terminate the end of a directory match in mod_dir.
-     Allows /~* to match for both /~joe and /~joe/. [David Bronder]
-
-  *) Don't call can_exec() if suexec_enabled. Calling this requires
-     scripts executed by the suexec wrapper to be world executable, which
-     defeats one of the advantages of running the wrapper. [Randy Terbush]
-
-  *) Portability Fix: IRIX complained with 'make clean' about *pure* (removed)
-     [Jim Jagielski]
-
-  *) Migration from sprintf() to snprintf() to avoid buffer
-     overflows. [Marc Slemko]
-
-  *) Provide portable snprintf() implementation (ap_snprintf)
-     as well as *cvt family. [Jim Jagielski]
-
-  *) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion
-     [Jim Jagielski]
-
-  *) Remove mod_fastcgi.c from the distribution. This module appears
-     to be maintained more through the Open Market channels and should
-     continue to be easily available at http://www.fastcgi.com/
-
-  *) Fixed bug in modules/Makefile that wouldn't allow building in more
-     than one subdirectory (or cleaning, either). [Jeremy Laidman]
-
-  *) mod_info assumed that the config files were relative to ServerRoot.
-     [Ken the Rodent]
-
-  *) CGI scripts called as an error document resulting from failed
-     CGI execution would hang waiting for POST'ed data. [Rob Hartill]
-
-  *) Log reason when mod_dir returns access HTTP_FORBIDDEN
-     [Ken the Rodent]
-
-  *) Properly check errno to prevent display of a directory index
-     when server receives a long enough URL to confuse stat().
-     [Marc Slemko]
-
-  *) Several security enhancements to suexec wrapper. It is _highly_
-     recommended that previously installed versions of the wrapper
-     be replaced with this version.  [Randy Terbush, Jason Dour]
-
-        - ~user execution now properly restricted to ~user's home
-          directory and below.
-        - execution restricted to UID/GID > 100
-        - restrict passed environment to known variables
-        - call setgid() before initgroups() (portability fix)
-        - remove use of setenv() (portability fix)
-
-  *) Add HTTP/1.0 response forcing. [Ben Laurie]
-
-  *) Add access control via environment variables. [Ben Laurie]
-
-  *) Add rflush() function. [Alexei Kosut]
-
-  *) remove duplicate pcalloc() call in new_connection().
-
-  *) Fix incorrect comparison which could allow number of children =
-     MaxClients + 1 if less than HARD_SERVER_LIMIT. Also fix potential
-     problem if StartServers > HARD_SERVER_LIMIT. [Ed Korthof]
-
-  *) Updated support for OSes (MachTen, ULTRIX, Paragon, ISC, OpenBSD
-     AIX PS/2, CONVEXOS. [Jim Jagielski]
-
-  *) Replace instances of inet_ntoa() with inet_addr() for ProxyBlock.
-     It's more portable. [Martin Kraemer]
-
-  *) Replace references to make in Makefile.tmpl with $(MAKE).
-     [Chuck Murcko]
-
-  *) Add ProxyBlock directive w/IP address caching. Add IP address
-     caching to NoCache directive as well. ProxyBlock works with all
-     handlers; NoCache now also works with FTP for anonymous logins.
-     Still more code cleanup. [Chuck Murcko]
-
-  *) Add "header parse" API hook [Ben Laurie]
-
-  *) Fix byte ordering problems for REMOTE_PORT [Chuck Murcko]
-
-  *) suEXEC wrapper was freeing memory that had not been malloc'ed.
-
-  *) Correctly allow access and auth directives in <Files> sections in
-     server config files. [Alexei Kosut]
-
-  *) Fix bug with ServerPath that could cause certain files to be not
-     found by the server. [Alexei Kosut]
-
-  *) Fix handling of ErrorDocument so that it doesn't remove a trailing
-     double-quote from text and so that it properly checks for unsupported
-     status codes using the new index_of_response interface. [Roy Fielding]
-
-  *) Multiple fixes to the lingering_close code in order to avoid being
-     interrupted by a stray timeout, to avoid lingering on a connection
-     that has already been aborted or never really existed, to ensure that
-     we stop lingering as soon as any error condition is received, and to
-     prevent being stuck indefinitely if the read blocks.  Also improves
-     reporting of error conditions.  [Marc Slemko and Roy Fielding]
-
-  *) Fixed initialization of parameter structure for sigaction.
-     [mgyger@itr.ch, Adrian Filipi-Martin]
-
-  *) Fixed reinitializing the parameters before each call to accept and
-     select, and removed potential for infinite loop in accept.
-     [Roy Fielding, after useful PR from adrian@virginia.edu]
-
-  *) Fixed condition where, if a child fails to fork, the scoreboard would
-     continue to say SERVER_STARTING forever. Eventually, the main process
-     would refuse to start new children because count_idle_servers() will
-     count those SERVER_STARTING entries and will always report that there
-     are enough idle servers. [Phillip Vandry]
-
-  *) Fixed bug in bcwrite regarding failure to account for partial writes.
-     Avoided calling bflush() when the client is pipelining requests.
-     Removed unnecessary flushes from http_protocol. [Dean Gaudet]
-
-  *) Added description of "." mode in server-status [Jim Jagielski]
-
-Changes with Apache 1.2b4
-
-  *) Fix possible race condition in accept_mutex_init() that
-     could leave a small security hole open allowing files to be
-     overwritten in cases where the server UID has write permissions.
-     [Marc Slemko]
-
-  *) Fix awk compatibilty problem in Configure. [Jim Jagielski]
-
-  *) Fix portablity problem in util_script where ARG_MAX may not be
-     defined for some systems.
-
-  *) Add changes to allow compilation on Machten 4.0.3 for PowerPC.
-     [Randal Schwartz]
-
-  *) OS/2 changes to support an MMAP style scoreboard file and UNIX
-     style magic #! token for better script portability. [Garey Smiley]
-
-  *) Fix bug in suexec wrapper introduced in b3 that would cause failed
-     execution for ~userdir CGI. [Jason Dour]
-
-  *) Fix initgroups() business in suexec wrapper. [Jason Dour]
-
-  *) Fix month off by one in suexec wrapper logging.
-
-Changes with Apache 1.2b3:
-
-  *) Fix error in mod_cgi which could cause resources not to be properly
-     freed, or worse. [Dean Gaudet]
-
-  *) Fix find_string() NULL pointer dereference. [Howard Fear]
-
-  *) Add set_flag_slot() at the request of Dirk and others.
-     [Dirk vanGulik]
-
-  *) Sync mod_rewrite with patch level 10. [Ralf Engelschall]
-
-  *) Add changes to improve the error message given for invalid
-     ServerName parameters. [Dirk vanGulik]
-
-  *) Add "Authoritative" directive for Auth modules that don't
-     currently have it. This gives admin control to assign authoritative
-     control to an authentication scheme and allow "fall through" for
-     those authentication modules that aren't "Authoritative" thereby
-     allowing multiple authentication mechanisms to be chained.
-     [Dirk vanGulik]
-
-  *) Remove requirement for ResourceConfig/AccessConfig if not using
-     the three config file layout. [Randy Terbush]
-
-  *) Add PASV mode to mod_proxy FTP handler. [Chuck Murcko]
-
-  *) Changes to suexec wrapper to fix the following problems:
-     1.  symlinked homedirs will kill ~userdirs.
-     2.  initgroups() on Linux 2.0.x clobbers gr->grid.
-     3.  CGI command lines paramters problems
-     4.  pw-pwdir for "docroot check" still the httpd user's pw record.
-    [Randy Terbush, Jason Dour]
-
-  *) Change create_argv() to accept variable arguments. This fixes
-     a problem where arguments were not getting passed to the CGI via
-     argv[] when the suexec wrapper was active. [Randy Terbush, Jake Buchholz]
-
-  *) Collapse multiple slashes in path URLs to properly apply
-     handlers defined by <Location>. [Alexei Kosut]
-
-  *) Define a sane set of DEFAULT_USER and DEFAULT_GROUP values for AIX.
-
-  *) Improve the accuracy of request duration timings by setting
-     r->request_time in read_request_line() instead of read_request().
-     [Dean Gaudet]
-
-  *) Reset timeout while reading via get_client_block() in mod_cgi.c
-     Fixes problem with timed out transfers of large files. [Rasmus Lerdorf]
-
-  *) Add the ability to pass different Makefile.tmpl files to Configure
-     using the -make flag. [Rob Hartill]
-
-  *) Fix coredump triggered when sending a SIGHUP to the server caused
-     by an assertion failure, in turn caused by an uninitialised field in a
-     listen_rec.
-     [Ben Laurie]
-
-  *) Add FILEPATH_INFO variable to CGI environment, which is equal to
-     PATH_INFO from previous versions of Apache (in certain situations,
-     Apache 1.2's PATH_INFO will be different than 1.1's). [Alexei Kosut]
-     [later removed in 1.2b11]
-
-  *) Add rwrite() function to API to allow for sending strings of
-     arbitrary length. [Doug MacEachern]
-
-  *) Remove rlim_t typedef for NetBSD. Do older versions need this?
-
-  *) Defined rlim_t and WANTHSREGEX=yes and fixed waitpid() substitute for
-     NeXT. [Jim Jagielski]
-
-  *) Removed recent modification to promote the status code on internal
-     redirects, since the correct fix was to change the default log format
-     in mod_log_config so that it outputs the original status. [Rob Hartill]
-
-Changes with Apache 1.2b2:
-
-  *) Update set_signals() to use sigaction() for setting handlers.
-     This appears to fix a re-entrant problem in the seg_fault()
-     bus_error() handlers. [Randy Terbush]
-
-  *) Changes to allow mod_status compile for OS/2 [Garey Smiley]
-
-  *) changes for DEC AXP running OSF/1 v3.0. [Marc Evans]
-
-  *) proxy_http.c bugfixes:  [Chuck Murcko]
-        1) fixes possible NULL pointer reference w/NoCache
-        2) fixes NoCache behavior when using ProxyRemote (ProxyRemote
-           host would cache nothing if it was in the local domain,
-           and the local domain was in the NoCache list)
-        3) Adds Host: header when not available
-        4) Some code cleanup and clarification
-
-  *) mod_include.c bugfixes:
-        1) Fixed an ommission that caused include variables to not
-           be parsed in config errmsg directives [Howard Fear]
-        2) Remove HAVE_POSIX_REGEX cruft [Alexei Kosut]
-        3) Patch to fix compiler warnings [perrot@lal.in2p3.fr]
-        4) Allow backslash-escaping to all quoted text
-           [Ben Yoshino <ben@wiliki.eng.hawaii.edu>]
-        5) Pass variable to command line if not set in XSSI's env
-           [Howard Fear]
-
-  *) Fix infinite loop when processing Content-language lines in
-     type-map files. [Alexei Kosut]
-
-  *) Closed file-globbing hole in test-cgi script. [Brian Behlendorf]
-
-  *) Fixed problem in set_[user|group] that prevented CGI execution
-     for non-virtualhosts when suEXEC was enabled. [Randy Terbush]
-
-  *) Added PORTING information file.  [Jim Jagielski]
-
-  *) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie]
-
-  *) Changed default group to "nogroup" instead of "nobody" [Randy Terbush]
-
-  *) Fixed define typo of FCNTL_SERIALIZED_ACCEPT where
-     USE_FCNTL_SERIALIZED_ACCEPT was intended.
-
-  *) Fixed additional uses of 0xffffffff where INADDR_NONE was intended,
-     which caused problems of systems where socket s_addr is >32bits.
-
-  *) Added comment to explain (r->chunked = 1) side-effect in
-     http_protocol.c [Roy Fielding]
-
-  *) Replaced use of index() in mod_expires.c with more appropriate
-     and portable isdigit() test.  [Ben Laurie]
-
-  *) Updated Configure for ...
-        OS/2          (DEF_WANTHSREGEX=yes, other code changes)
-        *-dg-dgux*    (bad pattern match)
-        QNX           (DEF_WANTHSREGEX=yes)
-        *-sunos4*     (DEF_WANTHSREGEX=yes, -DUSEBCOPY)
-        *-ultrix      (new)
-        *-unixware211 (new)
-     and added some user diagnostic info.  [Ben Laurie]
-
-  *) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
-     for better portability. [Jim Jagielski]
-
-  *) Updated helpers/GuessOS for ...
-        SCO 5            (recognize minor releases)
-        SCO UnixWare     (braindamaged uname, whatever-whatever-unixware2)
-        SCO UnixWare 2.1.1      (requires a separate set of #defines in conf.h)
-        IRIX64           (-sgi-irix64)
-        ULTRIX           (-unknown-ultrix)
-        SINIX            (-whatever-sysv4)
-        NCR Unix         (-ncr-sysv4)
-     and fixed something in helpers/PrintPath  [Ben Laurie]
-
-Changes with Apache 1.2b1
-
-  *) Not listed. See <http://www.apache.org/docs/new_features_1_2.html>
-
-Changes with Apache 1.1.1
-
-  *) Fixed bug where Cookie module would make two entries in the
-     logfile for each access [Mark Cox]
-
-  *) Fixed bug where Redirect in .htaccess files would cause memory
-     leak. [Nathan Neulinger]
-
-  *) MultiViews now works correctly with AddHandler [Alexei Kosut]
-
-  *) Problems with mod_auth_msql fixed [Dirk vanGulik]
-
-  *) Fix misspelling of "Anonymous_Authorative" directive in mod_auth_anon.
-
-Changes with Apache 1.1.0
-
-  *) Bring NeXT support up to date. [Takaaki Matsumoto]
-
-  *) Bring QNX support up to date. [Ben Laurie]
-
-  *) Make virtual hosts default to main server keepalive parameters.
-     [Alexei Kosut, Ben Laurie]
-
-  *) Allow ScanHTMLTitles to work with lowercase <title> tags. [Alexei Kosut]
-
-  *) Fix missing address family for connect, also remove unreachable statement
-     in mod_proxy. [Ben Laurie]
-
-  *) mod_env now turned on by default in Configuration.tmpl.
-
-  *) Bugs which were fixed:
-        a) yet more mod_proxy bugs [Ben Laurie]
-        b) CGI works again with inetd [Alexei Kosut]
-        c) Leading colons were stripped from passwords [osm@interguide.com]
-        d) Another fix to multi-method Limit problem [jk@tools.de]
-
-Changes with Apache 1.1b4
-
-  *) r->bytes_sent variable restored. [Robert Thau]
-
-  *) Previously broken multi-method <Limit> parsing fixed. [Robert Thau]
-
-  *) More possibly unsecure programs removed from the support directory.
-
-  *) More mod_auth_msql authentication improvements.
-
-  *) VirtualHosts based on Host: headers no longer conflict with the
-     Listen directive.
-
-  *) OS/2 compatibility enhancements. [Gary Smiley]
-
-  *) POST now allowed to directory index CGI scripts.
-
-  *) Actions now work with files of the default type.
-
-  *) Bugs which were fixed:
-        a) more mod_proxy bugs
-        b) early termination of inetd requests
-        c) compile warnings on several systems
-        d) problems when scripts stop reading output early
-
-Changes with Apache 1.1b3
-
-  *) Much of cgi-bin and all of cgi-src has been removed, due to
-     various security holes found and that we could no longer support
-     them.
-
-  *) The "Set-Cookie" header is now special-cased to not merge multiple
-     instances, since certain popular browsers can not handle multiple
-     Set-Cookie instructions in a single header. [Paul Sutton]
-
-  *) rprintf() added to buffer code, occurrences of sprintf removed.
-     [Ben Laurie]
-
-  *) CONNECT method for proxy module, which means tunneling SSL should work.
-     (No crypto needed)  Also a NoCache config directive.
-
-  *) Several API additions: pstrndup(), table_unset() and get_token()
-     functions now available to modules.
-
-  *) mod_imap fixups, in particular Location: headers are now complete
-     URL's.
-
-  *) New "info" module which reports on installed module set through a
-     special URL, a la mod_status.
-
-  *) "ServerPath" directive added - allows for graceful transition
-     for Host:-header-based virtual hosts.
-
-  *) Anonymous authentication module improvements.
-
-  *) MSQL authentication module improvements.
-
-  *) Status module design improved - output now table-based. [Ben Laurie]
-
-  *) htdigest utility included for use with digest authentication
-     module.
-
-  *) mod_negotiation: Accept values with wildcards to be treated with
-     less priority than those without wildcards at the same quality
-     value. [Alexei Kosut]
-
-  *) Bugs which were fixed:
-        a) numerous mod_proxy bugs
-        b) CGI early-termination bug [Ben Laurie]
-        c) Keepalives not working with virtual hosts
-        d) RefererIgnore problems
-        e) closing fd's twice in mod_include (causing core dumps on
-           Linux and elsewhere).
-
-Changes with Apache 1.1b2
-
-  *) Bugfixes:
-        a) core dumps in mod_digest
-        b) truncated hostnames/ip address in the logs
-        c) relative URL's in mod_imap map files
-
-Changes with Apache 1.1b1
-
-  *) Not listed. See <http://www.apache.org/docs/new_features_1_1.html>
-
-Changes with Apache 1.0.3
-
-  *) Internal redirects which occur in mod_dir.c now preserve the
-     query portion of a request (the bit after the question mark).
-     [Adam Sussman]
-
-  *) Escape active characters '<', '>' and '&' in html output in
-     directory listings, error messages and redirection links.
-     [David Robinson]
-
-  *) Apache will now work with LynxOS 2.3 and later [Steven Watt]
-
-  *) Fix for POSIX compliance in waiting for processes in alloc.c.
-     [Nick Williams]
-
-  *) setsockopt no longer takes a const declared argument [Martijn Koster]
-
-  *) Reset timeout timer after each successful fwrite() to the network.
-     This patch adds a reset_timeout() procedure that is called by
-     send_fd() to reset the timeout ever time data is written to the net.
-     [Nathan Schrenk]
-
-  *) timeout() signal handler now checks for SIGPIPE and reports
-     lost connections in a more user friendly way. [Rob Hartill]
-
-  *) Location of the "scoreboard" file which used to live in /tmp is
-     now configurable (for OSes that can't use mmap) via ScoreBoardFile
-     which works similar to PidFile (in httpd.conf) [Rob Hartill]
-
-  *) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh]
-
-  *) the pstrcat call in mod_cookies.c didn't have an ending NULL,
-     which caused a SEGV with cookies enabled
-
-  *) Output warning when MinSpareServers is set to <= 0 and change it to 1
-     [Rob Hartill]
-
-  *) Log the UNIX textual error returned by some system calls, in
-     particular errors from accept() [David Robinson]
-
-  *) Add strerror function to util.c for SunOS4 [Randy Terbush]
-
-Changes with Apache 1.0.2
-
-  *) patch to get Apache compiled on UnixWare 2.x, recommended as
-     a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko]
-
-  *) Fix get_basic_auth_pw() to set the auth_type of the request.
-     [David Robinson]
-
-  *) past changes to http_config.c to only use the
-     setrlimit function on systems defining RLIMIT_NOFILE
-     broke the feature on SUNOS4. Now defines HAVE_RESOURCE
-     for SUNOS and prototypes the needed functions.
-
-  *) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines.
-     [David Robinson]
-
-  *) Fix use of pointer to scratch memory. [Cliff Skolnick]
-
-  *) Merge multiple headers from CGI scripts instead of taking last
-     one. [David Robinson]
-
-  *) Add support for SCO 5. [Ben Laurie]
-
-Changes with Apache 1.0.1
-
-  *) Silence mod_log_referer and mod_log_agent if not configured
-     [Randy Terbush]
-
-  *) Recursive includes can occur if the client supplies PATH_INFO data
-     and the server provider uses relative links; as file.html
-     relative to /doc.shtml/pathinfo is /doc.shtml/file.html. [David Robinson]
-
-  *) The replacement for initgroups() did not call {set,end}grent(). This
-     had two implications: if anything else used getgrent(), then
-     initgroups() would fail, and it was consuming a file descriptor.
-     [Ben Laurie]
-
-  *) On heavily loaded servers it was possible for the scoreboard to get
-     out of sync with reality, as a result of a race condition.
-     The observed symptoms are far more Apaches running than should
-     be, and heavy system loads, generally followed by catastrophic
-     system failure. [Ben Laurie]
-
-  *) Fix typo in license. [David Robinson]
-
-Changes with Apache 1.0.0                                        23 Nov 1995
-
-  *) Not listed. See <http://www.apache.org/docs/new_features_1_0.html>
-
-Changes with Apache 0.8.16                                       05 Nov 1995
-
-  *) New man page for 'httpd' added to support directory [David Robinson]
-
-  *) .htgroup files can have more than one line giving members for a
-     given group (each must have the group name in front), for NCSA
-     back-compatibility [Robert Thau]
-
-  *) Mutual exclusion around accept() is on by default for SVR4 systems
-     generally, since they generally can't handle multiple processes in
-     accept() on the same socket.  This should cure flaky behavior on
-     a lot of those systems.  [David Robinson]
-
-  *) AddType, AddEncoding, and AddLanguage directives take multiple
-     extensions on a single command line [David Robinson]
-
-  *) UserDir can be disabled for a given virtual host by saying
-     "UserDir disabled" in the <VirtualHost> section --- it was a bug
-     that this didn't work.  [David Robinson]
-
-  *) Compiles on QNX [Ben Laurie]
-
-  *) Corrected parsing of ctime time format [David Robinson]
-
-  *) httpd does a perror() before exiting if it can't log its pid
-     to the PidFile, to make diagnosing the error a bit easier.
-     [David Robinson]
-
-  *) <!--#include file="..."--> can no longer include files in the
-     parent directory, for NCSA back-compatibility.  [David Robinson]
-
-  *) '~' is *not* escaped in URIs generated for directory listings
-     [Roy Fielding]
-
-  *) Eliminated compiler warning in the imagemap module [Randy Terbush]
-
-  *) Fixed bug involving handling URIs with escaped %-characters
-     in redirects [David Robinson]
-
-Changes with Apache 0.8.15                                       14 Oct 1995
-
-  *) Switched to new, simpler license
-
-  *) Eliminated core dumps with improperly formatted DBM group files [Mark Cox]
-
-  *) Don't allow requests for ordinary files to have PATH_INFO [Ben Laurie]
-
-  *) Reject paths containing %-escaped '%' or null characters [David Robinson]
-
-  *) Correctly handles internal redirects to files with names containing '%'
-     [David Robinson]
-
-  *) Repunctuated some error messages [Aram Mirzadeh, Andrew Wilson]
-
-  *) Use geteuid() rather than getuid() to see if we have root privilege,
-     so that server correctly resets privilege if run setuid root.  [Andrew
-     Wilson]
-
-  *) Handle ftp: and telnet: URLs correctly in imagemaps (built-in module)
-     [Randy Terbush]
-
-  *) Fix relative URLs in imagemap files [Randy Terbush]
-
-  *) Somewhat better fix for the old "Alias /foo/ /bar/" business
-     [David Robinson]
-
-  *) Don't repeatedly open the ErrorLog if a bunch of <VirtualHost>
-     entries all name the same one. [David Robinson]
-
-  *) Fix directory listings with filenames containing unusual characters
-     [David Robinson]
-
-  *) Better URI-escaping for generated URIs in directories with filenames
-     containing unusual characters [Ben Laurie]
-
-  *) Fixed potential FILE* leak in http_main.c [Ben Laurie]
-
-  *) Unblock alarms on error return from spawn_child() [David Robinson]
-
-  *) Sample Config files have extra note for SCO users [Ben Laurie]
-
-  *) Configuration has note for HP-UX users [Rob Hartill]
-
-  *) Eliminated some bogus Linux-only #defines in conf.h [Aram Mirzadeh]
-
-  *) Nuked bogus #define in httpd.h [David Robinson]
-
-  *) Better test for whether a system has setrlimit() [David Robinson]
-
-  *) Calls update_child_status() after reopen_scoreboard() [David Robinson]
-
-  *) Doesn't send itself SIGHUP on startup when run in the -X debug-only mode
-     [Ben Laurie]
-
-Changes with Apache 0.8.14                                       19 Sep 1995
-
-  *) Compiles on SCO ODT 3.0 [Ben Laurie]
-
-  *) AddDescription works (better) [Ben Laurie]
-
-  *) Leaves an intelligible error diagnostic when it can't set group
-     privileges on standalone startup [Andrew Wilson]
-
-  *) Compiles on NeXT again --- the 0.8.13 RLIMIT patch was failing on
-     that machine, which claims to be BSD but does not support RLIMIT.
-     [Randy Terbush]
-
-  *) gcc -Wall no longer complains about an unused variable when util.c
-     is compiled with -DMINIMAL_DNS [Andrew Wilson]
-
-  *) Nuked another compiler warning for -Wall on Linux [Aram Mirzadeh]
-
-Changes with Apache 0.8.13                                       07 Sep 1995
-
-  *) Make IndexIgnore *work* (ooops) [Jarkko Torppa]
-
-  *) Have built-in imagemap code recognize & honor Point directive [James
-     Cloos]
-
-  *) Generate cleaner directory listings in directories with a mix of
-     long and short filenames [Rob Hartill]
-
-  *) Properly initialize dynamically loaded modules [Royston Shufflebotham]
-
-  *) Properly default ServerName for virtual servers [Robert Thau]
-
-  *) Rationalize handling of BSD in conf.h and elsewhere [Randy Terbush,
-     Paul Richards and a cast of thousands...]
-
-  *) On self-identified BSD systems (we don't try to guess any more),
-     allocate a few extra file descriptors per virtual host with setrlimit,
-     if we can, to avoid running out. [Randy Terbush]
-
-  *) Write 22-character lock file name into buffer with enough space
-     on startup [Konstantin Olchanski]
-
-  *) Use archaic setpgrp() interface on NeXT, which requires it [Brian
-     Pinkerton]
-
-  *) Suppress -Wall warning by casting const away in util.c [Aram Mirzadeh]
-
-  *) Suppress -Wall warning by initializing variable in negotiation code
-     [Tobias Weingartner]
-
-Changes with Apache 0.8.12                                       31 Aug 1995
-
-  *) Doesn't pause three seconds after including a CGI script which is
-     too slow to die off (this is done by not even trying to kill off
-     subprocesses, including the SIGTERM/pause/SIGKILL routine, until
-     after the entire document has been processed).  [Robert Thau]
-
-  *) Doesn't do SSI if Options Includes is off.  (Ooops).  [David Robinson]
-
-  *) Options IncludesNoExec allows inclusion of at least text/* [Roy Fielding]
-
-  *) Allows .htaccess files to override <Directory> sections naming the
-     same directory [David Robinson]
-
-  *) Removed an efficiency hack in sub_req_lookup_uri which was
-     causing certain extremely marginal cases (e.g., ScriptAlias of a
-     *particular* index.html file) to fail.  [David Robinson]
-
-  *) Doesn't log an error when the requested URI requires
-     authentication, but no auth header line was supplied by the
-     client; this is a normal condition (the client doesn't no auth is
-     needed here yet).  [Robert Thau]
-
-  *) Behaves more sanely when the name server loses its mind [Sean Welch]
-
-  *) RFC931 code compiles cleanly on old BSDI releases [Randy Terbush]
-
-  *) RFC931 code no longer passes out name of prior clients on current
-     requests if the current request came from a server that doesn't
-     do RFC931.  [David Robinson]
-
-  *) Configuration script accepts "Module" lines with trailing whitespace.
-     [Robert Thau]
-
-  *) Cleaned up compiler warning from mod_access.c [Robert Thau]
-
-  *) Cleaned up comments in mod_cgi.c [Robert Thau]
-
-Changes with Apache 0.8.11                                       24 Aug 1995
-
-  *) Wildcard <Directory> specifications work.  [Robert Thau]
-
-  *) Doesn't loop for buggy CGI on Solaris [Cliff Skolnick]
-
-  *) Symlink checks (FollowSymLinks off, or SymLinkIfOwnerMatch) always check
-     the file being requested itself, in addition to the directories leading
-     up to it. [Robert Thau]
-
-  *) Logs access failures due to symlink checks or invalid client address
-     in the error log [Roy Fielding, Robert Thau]
-
-  *) Symlink checks deal correctly with systems where lstat of
-     "/path/to/some/link/" follows the link.  [Thau, Fielding]
-
-  *) Doesn't reset DirectoryIndex to 'index.html' when
-     other directory options are set in a .htaccess file.  [Robert Thau]
-
-  *) Clarified init code and nuked bogus warning in mod_access.c
-     [Florent Guillaume]
-
-  *) Corrected several directives in sample srm.conf
-     --- includes corrections to directory indexing icon-related directives
-     (using unknown.gif rather than unknown.xbm as the DefaultIcon, doing
-     icons for encodings right, and turning on AddEncoding by default).
-     [Roy Fielding]
-
-  *) Corrected descriptions of args to AddIcon and AddAlt in command table
-     [James Cloos]
-
-  *) INSTALL & README mention "contributed modules" directory [Brian
-     Behlendorf]
-
-  *) Fixed English in the license language...  "for for" --> "for".
-     [Roy Fielding]
-
-  *) Fixed ScriptAlias/Alias interaction by moving ScriptAlias handling to
-     mod_alias.c, merging it almost completely with handling of Alias, and
-     adding a 'notes' field to the request_rec which allows the CGI module
-     to discover whether the Alias module has put this request through
-     ScriptAlias (which it needs to know for back-compatibility, as the old
-     NCSA code did not check Options ExecCGI in ScriptAlias directories).
-     [Robert Thau]
-
-Changes with Apache 0.8.10                                       18 Aug 1995
-
-  *) AllowOverride applies to the named directory, and not just
-     subdirectories.  [David Robinson]
-
-  *) Do locking for accept() exclusion (on systems that need it)
-     using a special file created for the purpose in /usr/tmp, and
-     not the error log; using the error log causes real problems
-     if it's NFS-mounted; this is known to be the cause of a whole
-     lot of "server hang" problems with Solaris.  [David Robinson;
-     thanks to Merten Schumann for help diagnosing the problem].
-
-Changes with Apache 0.8.9                                        12 Aug 1995
-
-  *) Compiles with -DMAXIMUM_DNS ---- ooops! [Henrik Mortensen]
-
-  *) Nested includes see environment variables of the including document,
-     for NCSA bug-compatibility (some sites have standard footer includes
-     which try to print out the last-modified date).  [Eric Hagberg/Robert
-     Thau]
-
-  *) <!--exec cgi="/some/uri/here"--> always treats the item named by the
-     URI as a CGI script, even if it would have been treated as something
-     else if requested directly, for NCSA back-compatibility.  (Note that
-     this means that people who know the name of the script can see the
-     code just by asking for it).  [Robert Thau]
-
-  *) New version of dbmmanage script included in support directory as
-     dbmmanage.new.
-
-  *) Check if scoreboard file couldn't be opened, and say so, rather
-     then going insane [David Robinson]
-
-  *) POST to CGI works on A/UX [Jim Jagielski]
-
-  *) AddIcon and AddAlt commands work properly [Rob Hartill]
-
-  *) NCSA server push works properly --- the Arena bug compatibility
-     workaround, which broke it, is gone (use -DARENA_BUG_WORKAROUND
-     if you still want the workaround).  [Rob Hartill]
-
-  *) If client didn't submit any Accept-encodings, ignore encodings in
-     content negotiation.  (NB this will all have to be reworked anyway
-     for the new HTTP draft).  [Florent Guillaume]
-
-  *) Don't dump core when trying to log timed-out requests [Jim Jagielski]
-
-  *) Really honor CacheNegotiatedDocs [Florent Guillaume]
-
-  *) Give Redirect priority over Alias, for NCSA bug compatibility
-     [David Robinson]
-
-  *) Correctly set PATH_TRANSLATED in all cases from <!--#exec cmd=""-->,
-     paralleling earlier bug fix for CGI [David Robinson]
-
-  *) If DBM auth is improperly configured, report a server error and don't
-     dump core.
-
-  *) Deleted FCNTL_SERIALIZED_ACCEPTS from conf.h entry for A/UX;
-     it seems to work well enough without it (even in a 10 hits/sec
-     workout), and the overhead for the locking under A/UX is
-     alarmingly high (though it is very low on other systems).
-     [Eric Hagberg, Jim Jagielski]
-
-  *) Fixed portability problems with mod_cookies.c [Cliff Skolnick]
-
-  *) Further de-Berklize mod_cookies.c; change the bogus #include.  [Brian
-     Behlendorf/Eric Hagberg]
-
-  *) More improvements to default Configuration for A/UX [Jim Jagielski]
-
-  *) Compiles clean on NEXT [Rob Hartill]
-
-  *) Compiles clean on SGI [Robert Thau]
-
-Changes with Apache 0.8.8                                        08 Aug 1995
-
-  *) SunOS library prototypes now never included unless explicitly
-     requested in the configuration (via -DSUNOS_LIB_PROTOTYPES);
-     people using GNU libc on SunOS are screwed by prototypes for the
-     standard library.
-
-     (Those who wish to compile clean with gcc -Wall on a standard
-     SunOS setup need the prototypes, and may obtain them using
-     -DSUNOS_LIB_PROTOTYPES.  Those wishing to use -Wall on a system
-     with nonstandard libraries are presumably competent to make their
-     own arrangements).
-
-  *) Strips trailing '/' characters off both args to the Alias command,
-     to make 'Alias /foo/ /bar/' work.
-
-Changes with Apache 0.8.7                                        03 Aug 1995
-
-  *) Don't hang when restarting with a child from 'TransferLog "|..."' running
-     [reported by David Robinson]
-
-  *) Compiles clean on OSF/1 [David Robinson]
-
-  *) Added some of the more recent significant changes (AddLanguage stuff,
-     experimental LogFormat support) to CHANGES file in distribution root
-     directory
-
-Changes with Apache 0.8.6                                        02 Aug 1995
-
-  *) Deleted Netscape reload workaround --- it's in violation of HTTP specs.
-     (If you actually wanted a conditional GET which bypassed the cache, you
-     couldn't get it). [Reported by Roy Fielding]
-
-  *) Properly terminate headers on '304 Not Modified' replies to conditional
-     GETs --- no browser we can find cares much, but the CERN proxy chokes.
-     [Reported by Cliff Skolnick; fix discovered independently by Rob Hartill]
-
-  *) httpd -v doesn't call itself "Shambhala".  [Reported by Chuck Murcko]
-
-  *) SunOS lib-function prototypes in conf.h conditionalized on __GNUC__,
-     not __SUNPRO_C (they're needed to quiet gcc -Wall, but acc chokes on 'em,
-     and older versions don't set the __SUNPRO_C preprocessor variable).  On
-     all other systems, these are never used anyway.  [Reported by Mark Cox].
-
-  *) Scoreboard file (/tmp/htstatus.*) no longer publically writable.
-
-Changes with Apache 0.8.5                                        01 Aug 1995
-
-  *) Added last-minute configurable log experiment, as optional module
-
-  *) Correctly set r->bytes_sent for HTTP/0.9 requests, so they get logged
-     properly.  (One-line fix to http_protocol.c).
-
-  *) Work around bogus behavior when reloading from Netscape.
-     It's Netscape's bug --- for some reason they expect a request with
-     If-modified-since: to not function as a conditional GET if it also
-     comes with Pragma: no-cache, which is way out of line with the HTTP
-     spec (according to Roy Fielding, the redactor).
-
-  *) Added parameter to set maximum number of server processes.
-
-  *) Added patches to make it work on A/UX.  A/UX is *weird*.  [Eric Hagberg,
-     Jim Jagielski]
-
-  *) IdentityCheck bugfix [Chuck Murcko].
-
-  *) Corrected cgi-src/Makefile entry for new imagemap script.  [Alexei Kosut]
-
-  *) More sample config file corrections; add extension to AddType for
-     *.asis, move AddType generic description to its proper place, and
-     fix miscellaneous typos. [ Alexei Kosut ]
-
-  *) Deleted the *other* reference to the regents from the Berkeley
-     legal disclaimer (everyplace).
-
-  *) Nuked Shambhala name from src/README; had already cleaned it out
-     of everywhere else.
-
-Changes with Apache 0.8.4
-
-  *) Changes to server-pool management parms --- renamed current
-     StartServers to MinSpareServers, created separate StartServers
-     parameter which means what it says, and renamed MaxServers to
-     MaxSpareServers (though the old name still works, for NCSA 1.4
-     back-compatibility).  The old names were generally regarded as
-     too confusing.  Also altered "docs" in sample config files.
-
-  *) More improvements to default config files ---
-     sample directives (commented out) for XBitHack, BindAddress,
-     CacheNegotiatedDocs, VirtualHost; decent set of AddLanguage
-     defaults, AddTypes for send-as-is and imagemap magic types, and
-     improvements to samples for DirectoryIndex [Alexei Kosut]
-
-  *) Yet more improvements to default config files --- changes to
-     Alexei's sample AddLanguage directives, and sample LanguagePriority
-     [ Florent Guillaume ]
-
-  *) Set config file locations properly if not set in httpd.conf
-     [ David Robinson ]
-
-  *) Don't escape URIs in internal redirects multiple times; don't
-     do that when translating PATH_INFO to PATH_TRANSLATED either.
-     [ David Robinson ]
-
-  *) Corrected spelling of "Required" in 401 error reports [Andrew Wilson]
-
-Changes with Apache 0.8.3
-
-  *) Edited distribution README to *briefly* summarize installation
-     procedures, and give a pointer to the INSTALL file in the src/
-     directory.
-
-  *) Upgraded imagemap script in cgi-bin to 1.8 version from more
-     recent NCSA distributions.
-
-  *) Bug fix to previous bug fix --- if .htaccess file and <Directory>
-     exist for the same directory, use both and don't segfault.  [Reported
-     by David Robinson]
-
-  *) Proper makefile dependencies [David Robinson]
-
-  *) Note (re)starts in error log --- reported by Rob Hartill.
-
-  *) Only call no2slash() after get_path_info() has been done, to
-     preserve multiple slashes in the PATH_INFO [NCSA compatibility,
-     reported by Andrew Wilson, though this one is probably a real bug]
-
-  *) Fixed mod_imap.c --- relative paths with base_uri referer don't
-     dump core when Referer is not supplied. [Randy Terbush]
-
-  *) Lightly edited sample config files to refer people to our documentation
-     instead of NCSA's, and to list Rob McCool as *original* author (also
-     deleted his old, and no doubt non-functional email address).  Would be
-     nice to have examples of new features...
-
-Changes with Apache 0.8.2                                        19 Jul 1995
-
-  *) Added AddLanuage code [Florent Guillaume]
-
-  *) Don't say "access forbidden" when a CGI script is not found.  [Mark Cox]
-
-  *) All sorts of problems when MultiViews finds a directory.  It would
-     be nice if mod_dir.c was robust enough to handle that, but for now,
-     just punt.  [reported by Brian Behlendorf]
-
-  *) Wait for all children on restart, to make sure that the old socket
-     is gone and we can reopen it.  [reported by Randy Terbush]
-
-  *) Imagemap module is enabled in default Configuration
-
-  *) RefererLog and UserAgentLog modules properly default the logfile
-     [Randy Terbush]
-
-  *) Mark Cox's mod_cookies added to the distribution as an optional
-     module (commented out in the default Configuration, and noted as
-     an experiment, along with mod_dld). [Mark Cox]
-
-  *) Compiles on ULTRIX (a continuing battle...). [Robert Thau]
-
-  *) Fixed nasty bug in SIGTERM handling [reported by Randy Terbush]
-
-  *) Changed "Shambhala" to "Apache" in API docs. [Robert Thau]
-
-  *) Added new, toothier legal disclaimer. [Robert Thau; copied from BSD
-     license]
-
-Changes with Apache 0.8.1
-
-  *) New imagemap module [Randy Terbush]
-
-  *) Replacement referer log module with NCSA-compatible RefererIgnore
-     [Matthew Gray again]
-
-  *) Don't mung directory listings with very long filenames.
-     [Florent Guillaume]
-
-Changes with Apache 0.8.0 (nee Shambhala 0.6.2)                  16 Jul 1995
-
-  *) New config script.  See INSTALL for info.  [Robert Thau]
-
-  *) Scoreboard mechanism for regulating the number of extant server
-     processes.  MaxServers and StartServers defaults are the same as
-     for NCSA, but the meanings are slightly different.  (Actually,
-     I should probably lower the MaxServers default to 10).
-
-     Before asking for a new connection, each server process checks
-     the number of other servers which are also waiting for a
-     connection.  If there are more than MaxServers, it quietly dies
-     off.  Conversely, every second, the root, or caretaker, process
-     looks to see how many servers are waiting for a new connection;
-     if there are fewer than StartServers, it starts a new one.  This
-     does not depend on the number of server processes already extant.
-     The accounting is arranged through a "scoreboard" file, named
-     /tmp/htstatus.*, on which each process has an independent file
-     descriptor (they need to seek without interference).
-
-     The end effect is that MaxServers is the maximum number of
-     servers on an *inactive* server machine, but more will be forked
-     off to handle unusually heavy loads (or unusually slow clients);
-     these will die off when they are no longer needed --- without
-     reverting to the overhead of full forking operation.  There is a
-     hard maximum of 150 server processes compiled in, largely to
-     avoid forking out of control and dragging the machine down.
-     (This is arguably too high).
-
-     In my server endurance tests, this mechanism did not appear to
-     impose any significant overhead, even after I forced it to put the
-     scoreboard file on a normal filesystem (which might have more
-     overhead than tmpfs).  [Robert Thau]
-
-  *) Set HTTP_FOO variables for SSI <!--#exec cmd-->s, not just CGI scripts.
-     [Cliff Skolnick]
-
-  *) Read .htaccess files even in directory with <Directory> section.
-     (Former incompatibility noted on mailing list, now fixed). [Robert
-     Thau]
-
-  *) "HEAD /" gives the client a "Bad Request" error message, rather
-     than trying to send no body *and* no headers.  [Cliff Skolnick].
-
-  *) Don't produce double error reports for some very obscure cases
-     mainly involving auth configuration (the "all modules decline to
-     handle" case which is a sure sign of a server bug in most cases,
-     but also happens when authentication is badly misconfigured).
-     [Robert Thau]
-
-  *) Moved FCNTL_SERIALIZED_ACCEPT defines into conf.h (that's what
-     it's *for*, and this sort of thing really shouldn't be cluttering
-     up the Makefile). [Robert Thau]
-
-  *) Incidental code cleanups in http_main.c --- stop dragging
-     sa_client around; just declare it where used.  [Robert Thau]
-
-  *) Another acc-related fix.  (It doesn't like const char
-     in some places...). [Mark Cox]
-
-Changes with Shambhala 0.6.1                                     13 Jul 1995
-
-  *) Fixed auth_name-related typos in http_core.c [Brian Behlendorf]
-     Also, fixed auth typo in http_protocol.c unmasked by this fix.
-
-  *) Compiles clean with acc on SunOS [Paul Sutton]
-
-  *) Reordered modules in modules.c so that Redirect takes priority
-     over ScriptAlias, for NCSA bug-compatibility [Rob Hartill] ---
-     believe it or not, he has an actual site with a ScriptAlias and
-     a Redirect declared for the *exact same directory*.  Even *my*
-     compatibility fetish wouldn't motivate me to fix this if the fix
-     required any effort, but it doesn't, so what the hey.
-
-  *) Fixed to properly default several server_rec fields for virtual
-     servers from the corresponding fields in the main server_rec.
-     [Cliff Skolnick --- 'port' was a particular irritant].
-
-  *) No longer kills off nph- child processes before they are
-     finished sending output. [Matthew Gray]
-
-Changes with Shambhala 0.6.0                                     10 Jul 1995
-
-  *) Two styles of timeout --- hard and soft.  soft_timeout()s just put
-     the connection to the client in an "aborted" state, but otherwise
-     allow whatever handlers are running to clean up.  hard_timeout()s
-     abort the request in progress completely; anything not tied to some
-     resource pool cleanup will leak.  They're still around because I
-     haven't yet come up with a more elegant way of handling
-     timeouts when talking to something that isn't the client.  The
-     default_handler and the dir_handler now use soft timeouts, largely
-     so I can test the feature.  [Robert Thau]
-
-  *) TransferLog "| my_postprocessor ..." seems to be there.  Note that
-     the case of log handlers dying prematurely is probably handled VERY
-     gracelessly at this point, and if the logger stops reading input,
-     the server will hang.  (It is known to correctly restart the
-     logging process on server restart; this is (should be!) going through
-     the same SIGTERM/pause/SIGKILL routine used to ding an errant CGI
-     script).  [Robert Thau]
-
-  *) asis files supported (new module).  [Robert Thau]
-
-  *) IdentityCheck code is compiled in, but has not been tested.  (I
-     don't know anyone who runs identd). [Robert Thau]
-
-  *) PATH_INFO and PATH_TRANSLATED are not set unless some real PATH_INFO
-     came in with the request, for NCSA bug-compatibility. [Robert Thau]
-
-  *) Don't leak the DIR * on HEAD request for a directory. [Robert Thau]
-
-  *) Deleted the block_alarms() stuff from dbm_auth; no longer necessary,
-     as timeouts are not in scope. [Robert Thau]
-
-  *) quoted-string args in config files now handled correctly (doesn't drop
-     the last character). [Robert Thau; reported by Randy Terbush]
-
-  *) Fixed silly typo in http_main.c which was suddenly fatal in HP-UX.
-     How the hell did it ever work? [Robert Thau; reported by Rob Hartill]
-
-  *) mod_core.c --- default_type returns DEFAULT_TYPE (the compile-time
-     default default type); the former default default behavior when all
-     type-checkers defaulted had been a core dump.  [Paul Sutton]
-
-  *) Copy filenames out of the struct dirent when indexing
-     directories.  (On Linux, readdir() returns a pointer to the same
-     memory area every time).  Fix is in mod_dir.c.  [Paul Sutton]
-
-Changes with Shambhala 0.5.3 [not released]
-
-  *) Default response handler notes "file not found" in the error log,
-     if the file was not found.  [Cliff Skolnick].
-
-  *) Another Cliff bug --- "GET /~user" now properly redirects (the userdir
-     code no longer sets up bogus PATH_INFO which fakes out the directory
-     handler). [Cliff Skolnick]
-
-Changes with Shambhala 0.5.2                                     06 Jul 1995
-
-  *) Changes to http_main.c --- root server no longer plays silly
-     games with SIGCHLD, and so now detects and replaces dying
-     children.  Child processes just die on SIGTERM, without taking
-     the whole process group with them.  Potential problem --- if any
-     child process refuses to die, we hang in restart.
-     MaxRequestsPerChild may still not work, but it certainly works
-     better than it did before this!  [Robert Thau]
-
-  *) mod_dir.c bug fixes: ReadmeName and HeaderName
-     work (or work better, at least); over-long description lines
-     properly terminated. [Mark Cox]
-
-  *) http_request.c now calls unescape_url() more places where it
-     should [Paul Sutton].
-
-  *) More directory handling bugs (reported by Cox)
-     Parent Directory link is now set correctly. [Robert Thau]
-
-Changes with Shambhala 0.5.1                                     04 Jul 1995
-
-  *) Generalized cleanup interface in alloc.c --- any function can be
-     registered with alloc.c as a cleanup for a resource pool;
-     tracking of files and file descriptors has been reimplemented in
-     terms of this interface, so I can give it some sort of a test.
-     [Robert Thau]
-
-  *) More changes in alloc.c --- new cleanup_for_exec() function,
-     which tracks down and closes all file descriptors which have been
-     registered with the alloc.c machinery before the server exec()s a
-     child process for CGI or <!--#exec-->.  CGI children now get
-     started with exactly three file descriptors open.  Hopefully,
-     this cures the problem Rob H. was having with overly persistent
-     CGI connections. [Robert Thau]
-
-  *) Mutual exclusion around the accept() in child_main() --- this is
-     required on at least SGI, Solaris and Linux, and is #ifdef'ed in
-     by default on those systems only (-DFCNTL_SERIALIZED_ACCEPT).
-     This uses fcntl(F_SETLK,...) on the error log descriptor because
-     flock() on that descriptor won't work on systems which have BSD
-     flock() semantics, including (I think) Linux 1.3 and Solaris.
-
-     This does work on SunOS (when the server is idle, only one
-     process in the pool is waiting on accept()); it *ought* to work
-     on the other systems. [Robert Thau]
-
-  *) FreeBSD and BSDI portability tweaks [Chuck Murcko]
-
-  *) sizeof(*sa_client) bugfix from [Rob Hartill]
-
-  *) pstrdup(..., NULL) returns NULL, [Randy Terbush]
-
-  *) block_alarms() to avoid leaking the DBM* in dbm auth (this should
-     be unnecessary if I go to the revised timeout-handling scheme).
-     [Robert Thau]
-
-  *) For NCSA bug-compatibility, set QUERY_STRING env var (to a null
-     string) even if none came in with the request.  [Robert Thau]
-
-  *) CHANGES file added to distribution ;-).
-
-Changes with Shambhala 0.4.5
-
-  *) mod_dld --- early dynamic loading support [rst]
-  *) Add wildcard content handlers for XBITHACK; default_hander now
-     invoked with that mechanism (as a handler hanging off mod_core) [rst]
-  *) XBITHACK supported as a wildcard content-handler, and 
-     configurable at run-time (not just at compile time, as in the
-     "patchy server" releases) [rst]
-
-Changes with Shambhala 0.4.4                                     30 Jun 1995
-
-  *) Fixed basic thinkos in mod_dbm_auth.c [rst, reported by Mark Cox]
-  *) Handle Addtype x/y .z [rst, reported by Cox]
-
-Changes with Shambhala 0.4.3
-
-  *) Fixed very dumb bug in mod_alias; "Alias" and "Redirect" are not
-     synonymous [rst, terbush]
-
-Changes with Shambhala 0.4.1                                     28 Jun 1995
-
-  *) First-cut virtual host implementation; some refit in the config
-     reading code, and log management, was necessary to support this [rst]
-  *) Sub-pool machinery, originally added to avoid excessive storage
-     allocation on listings of large directories (which turned out to
-     be the problem that the 0.3 storage accounting was added to
-     find).  Subrequests and mod_dir changed to use subpools.  [rst]
-  *) More memory debugging --- free list consistency checks. [rst]
-  *) Added err_headers to request_rec, with support elsewhere [rst]
-  *) Other fixes to minor bugs in mod_dir and mod_includes [rst, terbush]
-
-Changes with Shambhala 0.3                                       19 Jun 1995
-
-  *) Switch ONE_PROCESS to a runtime command-line option (-X)
-  *) Don't compile in mod_ai_backcompat by default
-  *) Switch name of server from Apache to Shambhala in Makefile
-  *) Add some accounting routines to track memory usage in the pools,
-     for debugging
-
-Changes with Shambhala 0.2
-
-  *) Set DOCUMENT_ROOT CGI variable
-  *) Add single-process debugging, as a compile-time option (ONE_PROCESS)
-  *) Add critical section protection to handling of cleanup structures 
-     in alloc.c [rst]
-  *) Significant code reorg within the server core to group related
-     functions together [rst]
-  *) Correctly handle clients that hang up before sending any request
-     [rst]
-  *) Replace dying child processes. [rst]
-
-Changes with Shambhala 0.1                                       12 Jun 1995
-
-   Major rewrite of the pre-existing "patchy server" codebase, by
-   Robert Thau (rst).  Significant portions of the server code, such
-   as configuration-file handling and HTTP authentication support,
-   were ripped out and rewritten from scratch.  Code that was not
-   completely rewritten was significantly altered.
-
-   Major changes with this release include:
-
-   *) Introduction of the module API; in request handling, the central 
-      machinery just dispatches to various modules, which actually do
-      most of the work.  Configuration handling is similar --- modules
-      declare their own commands, and the central machinery just
-      dispatches to them.  
-
-      API features from shambhala/0.1 were substantially unchanged in
-      Apache 1.0 and 1.1.  (1.0 API features not yet present in this
-      release, such as wildcard handlers and subpools, were added in
-      subsequent Shambhala releases, and were also generally rst's
-      work). 
-
-   *) This release included the following modules:
-
-      mod_access      (access control --- allow and deny directives),
-      mod_alias       (Alias and Redirect commands),
-      mod_auth        (straight HTTP authentication, based on flat-files)
-      mod_auth_dbm    (same, with dbm files)
-      mod_cgi         (CGI scripts and, in this release, ScriptAlias)
-      mod_common_log  (CLF access logs; later renamed mod_log_common)
-      mod_dir         (directory indexing)
-      mod_include     (server-side includes)
-      mod_mime        (AddType directives)
-      mod_negotiation (content negotiation)
-      mod_userdir     (support for users' public_html directories)
-
-      It also included a mod_ai_backcompat, which was a private hack
-      for back-compatibility with rst's own AI-lab servers.
-
-      All of these modules were substantially complete, and functional 
-      or nearly so (a few, which implemented features not in use at
-      Thau's site, required patches of a few lines).
-
-   *) sub-request machinery, to allow modules to determine how other
-      modules would assign MIME types to a given file, or optionally
-      serve its content (this is heavily used by mod_dir, mod_include
-      and mod_negotiation).
-
-   *) Resource pool system for keeping track of memory allocated and
-      files opened in service of a particular request.  Much of the
-      code in the modules (when they weren't rewrites) was adjusted to 
-      replace a pervasive convention of using fixed-size buffers on
-      the stack with an equally pervasive convention of using memory
-      allocated with palloc().
-
-   *) Reorganization of data structures associated with a given
-      request to eliminate use of global variables and the troublesome 
-      unmunge_name function (used in NCSA and early Apache releases to 
-      attempt to determine the URI which mapped to a given filename
-      --- a difficult proposition, given that it is easy to produce
-      setups in which multiple URIs map to the same file).
-
-   *) Source files renamed and rearranged
-
-   *) Very simple pre-forking behavior --- parent process forked off a 
-      fixed number of children, and then just waited for SIGHUP.
-
-   *) Other more minor changes too numerous to list.
-
-   This release included modified versions of a lot of code from the
-   Apache 0.6.4 public release, plus an early pre-forking patch
-   codeveloped by Robert Thau and Rob Hartill.
-
-Changes with Apache 0.7.3                                        20 Jun 1995
-
-   *) There were a bunch of changes between Apache 0.6.4 and 0.7.3 that
-      were incorporated by Rob Hartill on the main branch while Robert Thau
-      worked on the Shambhala rewrite above.  Most were merged into the
-      Shambala architecture after Apache 0.8.0.
-
-Changes with Apache 0.6.4                                        13 May 1995
-
-   *) Patches by Rob Hartill, Cliff Skolnick, Randy Terbush, Robert Thau,
-      and others.
-
-Changes with Apache 0.5.1                                        10 Apr 1995
-
-Changes with Apache 0.4                                          02 Apr 1995
-
-  *) Patches by Brian Behlendorf, Andrew Wilson, Robert Thau,
-     and Rob Hartill.
-
-Changes with Apache 0.3                                          24 Mar 1995
-
-  *) Patches by Robert Thau, David Robinson, Rob Hartill, and
-     Carlos Varela.
-
-Changes with Apache 0.2                                          18 Mar 1995
-
-  *) Based on NCSA httpd 1.3 by Rob McCool and patches by CERT,
-     Roy Fielding, Robert Thau, Nicolas Pioch, David Robinson,
-     Brian Behlendorf, Rob Hartill, and Cliff Skolnick.
diff --git a/usr.sbin/httpd/src/CHANGES.SSL b/usr.sbin/httpd/src/CHANGES.SSL
deleted file mode 100644
index 5581857f709..00000000000
--- a/usr.sbin/httpd/src/CHANGES.SSL
+++ /dev/null
@@ -1,3878 +0,0 @@
-                       _             _ 
-   _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-  | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-  | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-  |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-                       |_____|         
-  _____________________________________________________________________________
-
-                               ``The difference between a career 
-                                 and a job is about 20 hours a week.''
-  CHANGES
-
-  This file summarizes *all* types of changes to the mod_ssl package, i.e.
-  changes between each betalevel and patchlevel,  i.e. changes between
-  2.x.y->2.x.(y+1) and 2.x.y->2.(x+1).0.  Take this list as a reference for
-  concrete and detailed information about every single change.  There are
-  _INTENTIONALLY_ no contributor names attached to the entries. Instead all
-  contributors are listed in the CREDITS file.
-
-      ____    ___  
-     |___ \  ( _ ) 
-       __) | / _ \ 
-      / __/ | (_) |
-  __ |_____(_)___/ ___________________________________________
-              
-  Changes with mod_ssl 2.8.16 (18-Jul-2003 to 01-Nov-2003)
-
-   *) Upgraded to Apache 1.3.29
-
-   *) Avoid memory corruption in certificate handling caused by a heap
-      memory double-freeing situation.
-
-   *) Allow "HTTPS" variable to be passed through by suEXEC.
-
-   *) Clear the OpenSSL error code in pass phrase reading code to
-      workaround the following situation: multiple keys, all with
-      different passphrases -- entering the correct pass phrase at each
-      prompt leads to an OpenSSL error message after the last prompt.
-
-   *) Reverted the recent change where ap_cleanup_for_exec() called
-      ap_kill_alloc_shared(). This caused nasty side-effects in other
-      processes and is not necessary at all (because shared memory
-      segments are not inherited across exec).
-   
-   *) mod_ssl was checking the OpenSSL error reason code against
-      SSL_R_HTTP_REQUEST and concluded the result is an SSL error. Since
-      OpenSSL reason codes are not unique, this isn't always the case.
-      It now additionally checks that the library is the SSL library.
-
-  Changes with mod_ssl 2.8.15 (21-Mar-2003 to 18-Jul-2003)
-
-   *) Upgraded to Apache 1.3.28
-
-   *) Take over security fix from Apache 2.0 related
-      to per-directory renogotiations.
-
-  Changes with mod_ssl 2.8.14 (18-Mar-2003 to 21-Mar-2003)
-
-   *) Fixed logic in the destruction of a temporary certificate
-      structure and this way avoid a crash due to freeing NULL object.
-
-   *) Removed one newly introduced X509_free() call in the context of
-      SSL_get_certificate(), because this function does not increment a
-      reference count (although SSL_get_peer_certificate() does).
-
-   *) Fixed hash-table based shared memory session cache (shmht)
-      implementation by making sure that the underlying hash table
-      library does not crash if memory cannot be allocated.
-
-  Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003)
-
-   *) Always enforce RSA blinding on RSA private keys in order to be
-      resistent to timing attacks.
-
-   *) Added timeout also to the "pre-sucking" of the trailing data in
-      POST request handling.
-
-   *) Correctly shutdown shared memory pools on fork+exec situations.
-
-   *) Bugfix SSL client certificate verification: OpenSSL was not
-      informed with SSL_set_verify_result(ssl, X509_V_OK) in case
-      mod_ssl forced the verification to be ok.
-
-   *) Consistently use OPENSSL_free() instead of plain free() to
-      deallocate memory chunks allocated inside OpenSSL.
-
-   *) Fixed various memory leaks related to X509 certificates.
-
-  Changes with mod_ssl 2.8.12 (04-Oct-2002 to 23-Oct-2002)
-
-   *) Fixed potential Cross-Site-Scripting bug.
-
-   *) Allow also 8192 bytes of shared memory data size.
-
-  Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002)
-   
-   *) Upgraded to Apache 1.3.27.
-
-   *) Fixed internal error handling for CRL verification.
-
-   *) Initialize OpenSSL ENGINE before initializing OpenSSL
-      to workaround problems with the PRNG.
-
-   *) Also find "openssl" executable in "sbin" directories.
-
-   *) Honor specified number of maximum bytes on SSLRandomSeed
-      if reading from EGD.
-
-   *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables.
-
-  Changes with mod_ssl 2.8.10 (19-Jun-2002 to 24-Jun-2002)
-
-   *) Fixed off-by-one buffer overflow bug in the compatibility
-      functionality (mapping of old directives to new ones).
-
-   *) Fixed memory leak in processing of CA certificates.
-  
-   *) In case there is actually a certificate chain in the session cache, 
-      we now use the value of SSL_get_peer_certificate(ssl) to verify as
-      it will have been removed from the chain before it was put in the
-      cache.
-
-   *) Seed the PRNG with a maximum of 1K from the internal scoreboard.
-
-  Changes with mod_ssl 2.8.9 (27-Mar-2002 to 19-Jun-2002)
-
-   *) Upgraded to Apache 1.3.26.
-
-   *) Support for OpenSSL 0.9.7.
-
-   *) Open random files in binary mode under Win32 to not
-      stop on EOS characters.
-
-   *) Additional internal consistency check on vhost sanity checking
-      in case no DNS entries are found for virtual hosts.
-
-   *) Fixed detection of a faked "Faked Basic Auth" situation for
-      internal redirection situations.
-
-  Changes with mod_ssl 2.8.8 (23-Feb-2002 to 27-Mar-2002)
-
-   *) Upgraded to Apache 1.3.24
-
-   *) Support leading whitespaces in commands of SSLLog "|..."
-      directives.
-
-   *) Fixed timeout handling on connection establishment
-      by correctly resetting the timeout on errors.
-
-   *) Fixed two memory leaks related to CA certificate configuration.
-
-   *) Fixed memory leak related to temporary DH key handling.
-
-   *) Fixed memory leak on shutdown if CRLs are used.
-
-   *) Fixed remaining SIGBUS problems on SPARC inside SHMCB session
-      cache implementation.
-
-  Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002)
-
-   *) Support for the latest OpenSSL 0.9.7 snapshots.
-
-   *) Fixed potential buffer overflow in DBM and SHMHT session
-      cache if very very large certificate chains are used. 
-
-   *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete
-      "head -1" and "tail -1" constructs with sed variants in scripts.
-
-   *) Fixed file descriptor leakage under Win32.
-
-  Changes with mod_ssl 2.8.6 (16-Oct-2001 to 01-Feb-2002)
-
-   *) Upgraded to Apache 1.3.23
-
-   *) Fixed a subtle indexing bug in SHMCB. Each sub-cache used an
-      indexing structure that (correctly) used index values (and ranges)
-      as "unsigned int", but the meta-structure in the header had these
-      ranged as "unsigned char".
-
-   *) Perform the SHMCB remove operation under mutual exclusion
-      to prevent a inter-process synchronization problem.
-
-   *) Made sure that mod_ssl does not segfault in case of
-      SCOREBOARD_SIZE < 1024.
-
-   *) Merged in the SDBM patch from Uwe Ohse which fixes a problem with
-      sdbms .dir file, which arrises when a second .dir block is needed
-      for the first time. read() returns 0 in that case, and the library
-      forgot to initialize that new block. A related problem is that the
-      calculation of db->maxbno is wrong. It just appends 4096*BYTESIZ
-      bits, which is not enough except for small databases (.dir
-      basically doubles everytime it's too small).
-
-  Changes with mod_ssl 2.8.5 (20-May-2001 to 16-Oct-2001)
-
-   *) Upgraded to Apache 1.3.22
-
-   *) Fixed check whether server certificate wildcard CommonName (CN)
-      matches the configured server name.
-
-   *) Use correct ANSI C prototypes also in (semi-automatically
-      generated) ssl_engine_dh.c
-
-   *) Fixed buffer overflow in ssl_expr_eval_func_file().
-
-  Changes with mod_ssl 2.8.4 (04-May-2001 to 20-May-2001)
-
-   *) Removed old db1/ndbm.h kludge from mod_ssl.h, because it should be
-      not needed at all, because mod_ssl downgrades to SDBM anyway on all
-      Linux platforms. Additionally made the Linux check more accurate
-      by using src/Configure's $PLAT variable instead of $OS.
-
-   *) Upgraded to Apache 1.3.20
-
-   *) +------------------------------------------------------------------+
-      | Officially moved mod_ssl to Apache 2.0:                          |
-      | The mod_ssl 2.8.x source tree is now frozen for development      |
-      | and will only be updated for bugfixes and Apache 1.3.x version   |
-      | upgrades. The last release (2.8.3) was imported to the ASF CVS   |
-      | repository under httpd-2.0/modules/ssl/. All development efforts |
-      | are now directed to the Apache 2.0 area. Nevertheless, mod_ssl   |
-      | 2.8.x releases will occur as long as Apache 1.3.x releases occur.|
-      +------------------------------------------------------------------+
-
-  Changes with mod_ssl 2.8.3 (30-Mar-2001 to 04-May-2001)
-
-   *) Allow loadcacert.cgi script to work inside mod_perl.
-
-   *) Fixed typo in the directive descriptions in mod_ssl.c
-
-   *) Fixed EAPI context usage in http_request.c: a context pointer
-      potentially can be NULL requests and can cause a segfault if
-      dereferenced.
-
-   *) Fixed ENGINE support: the engine support is are now already
-      loaded at configure time. Else mod_ssl fails to find them.
-
-   *) Fixed typo in httpd.conf-dist.
-
-  Changes with mod_ssl 2.8.2 (03-Mar-2001 to 30-Mar-2001)
-
-   *) Moved the Shared Memory Cyclic Buffer (SHMCB) session cache
-      variant from "experimental" state to "production" by removing the
-      `#ifdef SSL_EXPERIMENTAL_SHMCB ...#endif' wrappers. This means
-      that now `SSLSessionCache shmcb:...' is unconditionally available.
-
-   *) Modified (only) Win32's specific function SSL_recvwithtimeout()
-      to use the same retry logic as SSL_writewithtimeout(). This
-      fixes some problems with MSIE 5.x clients.
-
-   *) Made the mutex handling more robust by retrying the
-      semaphore-based operations in interrupt situations 
-      (errno == EINTR).
-
-   *) Also log the OpenSSL error message if the RSA temporary
-      key(s) cannot be generated.
-
-   *) Mention in INSTALL document that building OpenSSL with
-      `no-threads' increased performance without negative side-effects
-      because Apache 1.3 is never multi-threaded.
-
-   *) Fixed mod_ssl Auth handler: it now returns DECLINED instead of
-      OK if authentication is passed successfully to allow other modules
-      (usually mod_auth) to still deny the request.
-
-   *) Allow IPC semaphore support also under Tru64 5.x.
-
-   *) Fixed certificate DN handling under EBCDIC platforms.
-
-   *) Try to avoid casting warnings by using "unsigned long" type
-      instead of "unsigned int" in the EAPI macros AP_CTX_XXXX.
-
-   *) Make sure that the default path /usr/include is never added to
-      CFLAGS with an explicit -I options to avoid conflicts with vendor
-      include paths.
-
-   *) Make extra sure the ssl_expr_parse.[ch] and ssl_expr_scan.c
-      files are not regenerated for regular users by timestamping
-      them in a little bit more conservative way.
-
-   *) More fixes to configure.bat and Makefile.win32 to
-      make mod_ssl work again under Win32.
-
-  Changes with mod_ssl 2.8.1 (30-Jan-2001 to 03-Mar-2001)
-
-   *) Conditionally adjusted source to build quietly also under
-      latest OpenSSL 0.9.7-dev versions.
-
-   *) Added a bunch of (untested!) adjustments and fixes for 
-      the Win32 platform as posted to modssl-users some time
-      ago by various people.
-
-   *) Fixed SSLCipherSuite example in httpd.conf-dist: 
-      The string EXP56 is actually EXPORT56, although OpenSSL
-      internally the variable is named SSL_TXT_EXP56.
-
-   *) Upgraded to Apache 1.3.19 as base version.
-
-   *) Extended FAQ entry for MSIE problems.
-
-   *) Added FAQ entry for questions "Why do I get lots of random SSL
-      errors under heavy load?"
-
-  Changes with mod_ssl 2.8.0 (14-Oct-2000 to 30-Jan-2001)
-   
-   *) Upgraded to Apache 1.3.17 as base version.
-   
-   *) Changed ApacheModuleSSL.dll to mod_ssl.so in Makefile.Win32 to
-      make mod_ssl not too broken after Apache 1.3.16's Win32 changes.
-
-   *) Enhanced ApacheCore.def patch for Win32 folks.
-
-   *) Upgraded to Apache 1.3.16 as base version.
-    
-   *) Fixed ssl_intro.wml: DES uses 56 bit, not 54 bit.
-
-   *) Allow %{ENV:variable} in SSLRequire expressions, too.
-
-   *) Fixed version parsing for APXS stuff in configure.
-
-   *) Fixed Geoff Thorpe's Email addresses in various places.
-
-   *) Fixed typo in INSTALL document.
-
-   *) Make sure the user is not able to fake the client certificate
-      based authentication by just entering an X.509 Subject DN
-      ("/XX=YYY/XX=YYY/..") as the username and "password" as the
-      password if "SSLVerifyClient optional" is used in combination
-      with "SSLOptions +FakeBasicAuth".
-
-   *) Fixed URLs in FAQ.
-
-   *) Various fixes for the Win32 world:
-      reflect renaming of "makefile.nt" to "makefile.win"; scache
-      reorganisation adjustments; etc.
-
-      ____   _____ 
-     |___ \ |___  |
-       __) |   / / 
-      / __/ _ / /  
-  __ |_____(_)_/______________________________________________
-              
-  Changes with mod_ssl 2.7.1 (13-Oct-2000 to 14-Oct-2000)
-
-   *) Fixed the parsing of SSLSessionCache directives. The prefixes were
-      incorrectly skipped and leaded to "unable to open semaphore file"
-      errors.
-
-  Changes with mod_ssl 2.7.0 (12-Aug-2000 to 13-Oct-2000)
-
-   *) Upgraded to Apache 1.3.14 as base version.
-
-   *) Added new Cyclic Buffer based Shared Memory Session Cache
-      as ssl_scache_shmcb.c. This was contributed by Geoff Thorpe
-      <geoff@geoffthorpe.net> and is derived from the "c2shm" variant
-      used in Stronghold V3. It uses a fixed size cyclic buffer placed
-      over a shared memory segment for storing SSL session ids. This
-      way it is even more efficient and faster than the old hash table
-      based shared memory cache (ssl_scache_shmht.c). It can be used
-      by building mod_ssl with --enable-rule=SSL_EXPERIMENTAL and then
-      using "SSLSessionCache shmcb:<path-to-temp-file>(<bytes>)".
-
-   *) Cleaned up and restructured the session cache implementation.
-      ssl_engine_scache.c was split into ssl_scache.c (the abstraction
-      layer), ssl_scache_dbm.c (the DBM-based implementation) and
-      ssl_scache_shmht.c (the shared memory based implementation which
-      uses a hash table).
-
-   *) Added experimental support for the ENGINE branch of OpenSSL 0.9.6.
-      A new SSLCryptoDevice configuration directive is available if the
-      OpenSSL-ENGINE 0.9.6 package and --enable-rule=SSL_EXPERIMENTAL
-      is used. The default is "SSLCryptoDevice builtin". To enable
-      to use of a crypto device use "SSLCryptoDevice <name>",
-      where <name> is its ID as used with the OpenSSL command line
-      option "-engine <name>". 
-
-   *) Completely removed RSAref support to make sure US residents no
-      longer try to use this ancient piece of restricted/buggy code.
-
-   *) mod_ssl failed to start if two certificate keys are encrypted 
-      with different pass phrases and SSLProxyVerify was specified.  
-
-      ____    __   
-     |___ \  / /_  
-       __) || '_ \ 
-      / __/ | (_) |
-  __ |_____(_)___/____________________________________________
-
-  Changes with mod_ssl 2.6.6 (04-Jul-2000 to 12-Aug-2000)
-
-   *) Fixed experimental HTTPS proxy code: A segfault was
-      produced by an incorrect logging command.
-
-   *) Fixed server restarts: Under non-DSO run-time situation, the 
-      OpenSSL library was shutdown (and never re-initialized) and this 
-      way caused segfaults on server restarts. This affected only 
-      installations where mod_ssl+OpenSSL were built as a static module
-      instead of a DSO. This nasty bug was unfortunately introduced in
-      2.6.5 as a side-effect of an (otherwise correct) memory leak bugfix.
-   
-   *) Upgraded both the user manual sources and the website
-      www.modssl.org from WML 1.6 to WML 2.0 format.
-
-   *) Various typo fixes in user manual.
-
-   *) Typo fix in INSTALL document related to RSAref.
-
-  Changes with mod_ssl 2.6.5 (01-May-2000 to 04-Jul-2000)
-
-   *) Removed more memory leaks by freeing even more stuff
-      from the OpenSSL toolkit on module shutdown.
-
-   *) Added missing TLSv1, EXP40 and EXP56 keywords to
-      ssl_reference's documentation of SSLCipherSuite.
-
-   *) Updated INSTALL document for MM 1.1.x.
-
-   *) Added hints about MSIE workarounds (-SSLv3, !EXP56, etc.)
-      to the FAQ entry about MSIE errors.
-
-   *) Added !EXP56 to pre-configured SSLCipherSuite in order to avoid
-      MSIE5.x problems in advance.
-
-   *) Fixed typos in INSTALL: sbin -> bin for apachectl.
-
-   *) mod_ssl's configure script now touches also ssl_expr_scan.l and
-      ssl_expr_parse.y when applying the sources corrupted timestamps do
-      not trigger the lex/yacc Makefile rules (which are intended for
-      developer use only).
-
-   *) Allow spaces in ServerRoot and SSLPassPhraseDialog arguments
-      which is especially important for the Win32 environment.
-
-   *) Fixed syntax errors in ssl_howto.wml: "Deny all" -> "Deny from all"
-
-   *) Be aware of extended SERVER_BASEVERSION strings in configure.
-
-   *) Removed a left-over ssl_scache_expire() call in ssl_scache_init()
-      which made the life of vendors complicated.
-
-   *) Allow more fine-tuned overriding of ap_server_root_relative calls
-      by providing the context of the call.
-
-  Changes with mod_ssl 2.6.4 (16-Apr-2000 to 01-May-2000)
-
-   *) Fixed Win32 build by adding gdi32.lib to the libraries
-      and an additional include for <winsock2.h>.
-
-   *) Added Equifax Secure CA certificates to ca-bundle.crt.
-
-   *) Let the pass phrase dialog force the prompt to occur only once
-      (no verification step), because mod_ssl uses the dialog only for
-      pass phrases which are required for reading private keys. This as a
-      side-effect should fix a problem under Win32 where a second prompt
-      occured for unknown reasons.
-
-   *) Added more compatibility to Stronghold v2's SSL_SessionCache.
-   
-   *) Added two more EAPI hools under SSL_VENDOR: one for overriding
-      ap_server_root_relative calls and one for hooking into the server
-      configuration step.
-
-   *) Fixed SSL display for mod_status in `short report' situation.
-
-   *) Made the SSL_EXPERIMENTAL stuff more flexible by checking
-      for particular subset SSL_EXPERIMENTAL_xxxx defines and let
-      SSL_EXPERIMENTAL define all those per default. This reduces the
-      amount of patching vendors have to do in order to just enable a
-      subset of the experimental code.
-
-   *) Added hint to INSTALL document about port specifiers in test URLs
-      (`:8080' and `:8443') if the installation is done under a non-root
-      user.
-
-   *) Fixed Win32's configure.bat: the check for OpenSSL
-      header and libraries is now extended.
-
-   *) Fixed --with-apxs under Solaris where libssl.module
-      has to know $CC in order to enable the libgcc.a workaround.
-
-   *) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy
-      support (ssl_engine_ext.c/mod_proxy) under _NOT_ SSL_EXPERIMENTAL.
-
-  Changes with mod_ssl 2.6.3 (02-Mar-2000 to 16-Apr-2000)
-
-   *) Moved the session cache expire time calculation and handling in
-      ssl_engine_scache.c down to the particular cache-type dependent
-      expire functions to allow a custom vendor supplied cache to perform
-      its own expire handling.
-
-   *) The sub-shells from libssl.module are now called with an
-      explicitly determined Bourne Shell (instead of the implicit she-bang
-      line). This both avoids problems on brain-dead platforms where
-      /bin/sh is broken (Ultrix, etc.) and workarounds a CVS problem in
-      OpenBSD where on read-only checkouts the x-bits sometimes get lost.
-
-   *) Do a slightly better initialization of the random file
-      in src/support/mkcert.sh if $HOME/.rnd doesn't exist.
-
-   *) Be aware of OpenSSL 0.9.5's X509_V_ERR_CERT_UNTRUSTED error.
-
-   *) Cleaned up and optimized ssl_engine_vars.c by kicking out the old
-      static cipher table and calculating the cipher bits dynamically. This
-      avoids lots of string comparisons, reduces further maintainance costs
-      and makes the code smaller.
-
-   *) Cleaned up pkg.contrib/truerand.c: volatile variables,
-      correct function return types, etc.
-
-   *) Fix HTTPS proxy support: if SSLProxyVerify is Off, we don't need
-      to log any errors if the certification fails. Additionally we now
-      don't free the proxy context after a connection, because we will need
-      it for the next proxy connection we make.
-
-   *) Activate `SSLMutex sem' also on HPUX.
-
-   *) Allow libssl.module to handle CFLAGS="cc -flags".
-
-   *) Fixed typo in ssl_intro.wml: "message" was written twice
-
-   *) Added two eval casts for ap_md5() calls.
-
-   *) Fixed typo in ssl_faq.wml: SSLRandSeed -> SSLRandomSeed.
-
-   *) Add final messages also under "configure --with-eapi-only" which
-      give a hint to proceed with --enable-module=so --enable-rule=EAPI in
-      the Apache source tree.
-
-  Changes with mod_ssl 2.6.2 (29-Feb-2000 to 02-Mar-2000)
-
-   *) Updated the conf/ssl.crt/ca-bundle.crt file (containing the CA
-      Root Certificates of over 60 popular CAs) to the contents extracted
-      from Netscape Communicator 4.72's cert7.db file.
-
-   *) Fixed compilation of the new HTTPS proxy code (SSL_EXPERIMENTAL):
-      The SSL_VENDOR was required without need if SSL_EXPERIMENTAL was
-      enabled. This is now fixed and only SSL_EXPERIMENTAL is requied again
-      for the new HTTPS proxy stuff.
-
-   *) Added an FAQ entry about the "less entropy for the PRNG"
-      problem which now becomes "popular" ;) with OpenSSL 0.9.5.
-
-   *) Fixed conf/ssl.crl/Makefile: the files which have to be
-      checked for existance are named foo.rNNN and not just foo.NNN
-
-   *) Fixed a typo related to a RAND_status call in ssl_engine_rand.c
-      which was introduced in 2.6.1 and which caused mod_ssl fail to
-      compile if OpenSSL >= 0.9.5 was used [Sorry, my gcc hasn't caught
-      this typo :-(...]
-
-   *) Added also some random files which exists under Mach/Rhapshody
-      platforms to the list of files in src/support/mkcert.sh to make
-      sure enough entropy is available on these platforms under "make
-      certificate" with OpenSSL 0.9.5
-
-   *) Enhanced SSLRequire (SH2) -> SSLRequireSSL (mod_ssl)
-      directive compatibility mapping.
-
-  Changes with mod_ssl 2.6.1 (25-Feb-2000 to 29-Feb-2000)
-
-   *) Added support for OpenSSL 0.9.5's RAND_egd() which is now used
-      to read entropy from the EGD Unix domain socket if `SSLRandSeed
-      egd:/path/to/socket' is configured. 
-
-   *) Extended builtin PRNG seeding with a run-time stack based source.
-      This way the builtin source now creates more entropy and usually
-      enough to make OpenSSL >= 0.9.5 happy again. If OpenSSL is still not
-      happy (i.e. still not sufficient entropy exists), a warning message
-      is logged by mod_ssl now.
-
-   *) Fixed Tanenbaum's name on the quote in ssl_intro.wml
-
-   *) Updated Thawte's sxnet stuff for latest OpenSSL.
-
-   *) Allow mod_ssl to compile also under Win32 & VC++ 6.0
-   
-   *) Fix OS/2 support and this way make mod_ssl again work
-      also under this platform.
-
-  Changes with mod_ssl 2.6.0 (24-Feb-2000 to 25-Feb-2000)
-
-   *) Merged in enhanced HTTPS Proxy Support which is derived from
-      Stronghold 2.x and was originally contributed by C2Net over one
-      year ago. This is still _EXPERIMENTAL_ stuff, so it is entirely
-      wrapped with SSL_EXPERIMENTAL sections and has to be abled under
-      built-time with --enable-rule=SSL_EXPERIMENTAL. Then the following
-      new configuration directives are provided to fine-tune the HTTPS
-      proxy support:
-
-          o  SSLProxyProtocol [+-][SSLv2|SSLv3|TLSv1] ...
-             (enable or disable SSL protocol flavors)
-          o  SSLProxyCipherSuite XXX:...:XXX
-             (colon-delimited list of permitted SSL ciphers)
-          o  SSLProxyVerify on|off
-             (whether to verify the remote certificate)
-          o  SSLProxyVerifyDepth N
-             (maximum certificate verification depth)
-          o  SSLProxyCACertificateFile /path/to/file
-             (file containing server certificates)
-          o  SSLProxyCACertificatePath /path/to/dir
-             (directory containing server certificates)
-          o  SSLProxyMachineCertificateFile /path/to/file
-             (file containing client certificates)
-          o  SSLProxyMachineCertificatePath /path/to/dir
-             (directory containing client certificates)
-
-      This stuff is declared experimental, because it was still _NOT_
-      tested in depth and is still _UNDOCUMENTED_. So keep in mind what
-      SSL_EXPERIMENTAL means and use this with care!
-
-   *) Extended the EAPI patches to mod_proxy to allow the new
-      HTTPS proxy support to be merged in.
-
-   *) Fixed ssl_io_suck() prototype scope in mod_ssl.h by changing
-      the old #ifdef SSL_EXPERIMENTAL to the now correct #ifndef
-      SSL_CONSERVATIVE.
-
-   *) Added "cons" and "nocons" development target to
-      src/modules/ssl/Makefile.tmpl.
-
-   *) Upgraded to Apache version 1.3.12.
-
-
-      ____    ____  
-     |___ \  | ___| 
-       __) | |___ \ 
-      / __/ _ ___) |
-  __ |_____(_)____/___________________________________________
-               
-  Changes with mod_ssl 2.5.1 (22-Jan-2000 to 24-Feb-2000)
-
-   *) Made sure OpenSSL's Pseudo Random Number Generator (PRNG) is
-      seeded already before the temporary RSA keys are generated.
-
-   *) Fixed possible security hole in mkcert.sh script (make
-      certificate) by making sure we already generate the foo.key files
-      with proper umask instead of chmod them later (and this way
-      perhaps too late).
-
-   *) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy
-      support (ssl_engine_ext.c/mod_proxy).
-
-   *) Fixed quotation author in ssl_glossary.html: it's Richard Nixon,
-      as Lukas Bradley pointed out.
-
-   *) Use "/usr/local/ssl" as the default for $SSL_BASE only if this
-      path really exists. Else use "SYSTEM" and this way be more
-      flexible. This is especially interesting for RedHat/RPM users
-      where OpenSSL stays often directly under /usr.
-
-   *) Make sure libssl.module also detects OpenSSL correctly
-      if OpenSSL was built as shared libraries (.so)
-   
-   *) Let configure script more accurately check for -h, -v and
-      -q options on command line.
-
-   *) Make `SSLSessionCache none' really work as expected.
-
-   *) Added support for the latest OpenSSL snapshot (>= version 0.9.4).
-
-   *) Removed the removal of "#ifdef lint.. #endif" lines from
-      src/modules/ssl/Makefile.tmpl to make the life of the 
-      OpenBSD guys easier in the future.
-
-   *) Removed Unix Bourne-Shell construct "2>&1" from Win32's
-      configure.bat script because Win32 hates this.
-   
-   *) Fixed ApacheCore.def for Win32: Some numbers occured 
-      multiple times.
-
-  Changes with mod_ssl 2.5.0 (08-Jan-2000 to 22-Jan-2000)
-
-   *) Switched the old "POST for HTTPS" support code from
-      defined(SSL_EXPERIMENTAL) to !defined(SSL_CONSERVATIVE), because this
-      code is both already stable (even it's not a conservative approach) and
-      important. This way POST support is now available per default, but still
-      can be disabled/removed by very conservative people with an easy
-      --enable-rule=SSL_CONSERVATIVE.
-
-   *) Added SSL_CONSERVATIVE rule to src/Configuration.tmpl which
-      complements SSL_EXPERIMENTAL. Both rules are per default set
-      to "no", i.e. disabled. But while SSL_EXPERIMENTAL still enables
-      experimental code, enables SSL_CONSERVATIVE conservative code.  That is,
-      actually per default some non-conservative things might be enabled which
-      can be _disabled_ by forcing mod_ssl to use only conservative
-      approaches.
-
-   *) Added entry about "no shared ciphers" to FAQ.
-
-   *) Upgraded to the new Apache version: 1.3.11 (BTW, Apache 1.3.10
-      was never released). This moves the mod_ssl community to the
-      latest Apache state and this way implicitly provides them over 70
-      bugfixes and cleanups which 1.3.11 provides over 1.3.9.
-
-      ____   _  _   
-     |___ \ | || |  
-       __) || || |_ 
-      / __/ |__   _|
-  __ |_____(_) |_| ___________________________________________
-
-  Changes with mod_ssl 2.4.10 (24-Nov-1999 to 08-Jan-2000)
-
-   *) Mentioned MD5-encrypted password in ssl_reference.wml in addition
-      to DES-encrypted password.
-   
-   *) Added a new FAQ entry about the path internally pre-defined by
-      EAPI_MM_CORE_PATH.
-
-   *) Adjust the name-based-vhost complain: Talk say "you should not
-      use" instead of "you cannot use", because first there are
-      situations where it can be reasonable to use name-based vhosts with
-      SSL and second there is no technical restriction on the mod_ssl side,
-      of course.
-
-   *) Changed the license on mod_define.c from the BSD/Apache-style
-      license to a even less restrictive MIT-style license to allow
-      everyone to do with this module what they want.
-
-   *) Fixed a compile-time warning under very strict compilers by using
-      a more correct `ssl_verify_t' (enum based) instead of `int' in
-      ssl_engine_config.c.
-
-   *) Various minor documentation updates.
-
-   *) Made the EAPI-vs-plain-API complain in mod_so more clear.
-
-   *) Adjusted all copyright messages to contain the new year 2000 ;)
-
-   *) Fixed INSTALL.W32 document for latest OpenSSL versions.
-
-   *) Fixed SSL session id context configuration: the value is now an
-      MD5 of `server:port' and this way always a string of just 32 bytes,
-      so OpenSSL's SSL_set_session_id_context() doesn't fail.
-
-   *) Removed old CVS informations from etc/patch.tar tarball.
-
-  Changes with mod_ssl 2.4.9 (05-Nov-1999 to 24-Nov-1999)
-
-   *) Fixed SSLRequire expression evaluation for number strings.
-      Expressions like `SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128'
-      didn't work if SSL_CIPHER_USEKEYSIZE was "40" because the evaluation
-      used strcmp(3) and this fails to compare numbers of different length.
-      An own comparison function is now used to avoid this problem.
-
-   *) Now on Win32 a warning is logged once on startup that mod_ssl is
-      NOT officially supported under Win32 and people have to use it there on
-      their own risk (and so shouldn't complain if it doesn't work). Because
-      only the Unix platform is officially supported and mod_ssl is checked
-      for security issues only related this platform.
-
-   *) For performance reasons it is unreasonable to create the SSL_*
-      CGI/SSI variables _all the time_, because their creation is
-      a rather expensive operation which slows down the server
-      noticeable. Instead it is more reasonable to let them create for
-      CGI and SSI requests _only_. For consistency reason with other
-      `SSLOptions' variables (which all have positive names) and to
-      avoid necessary cleanups changes in the future, I decided to make
-      the incompatibility change _NOW_ (sorry).
-
-      In short: With mod_ssl 2.4.9 per default no SSI/CGI variables
-      SSL_* are created any longer (only the special "HTTPS" variable is
-      always created). Instead one has to use `SSLOptions +StdEnvVars'
-      to switch the creation on.
-
-   *) Added an `SSLOptions' variable `StdEnvVars' which now controls 
-      the creation of the numerious SSL_* CGI/SSI variables.
-
-   *) Renamed old variable SSL_{CLIENT,SERVER}_{S,I}_DN_SP to more
-      correct SSL_{CLIENT,SERVER}_{S,I}_DN_ST variable to conform to
-      RFC2156 and current OpenSSL state (which also prints this OID as
-      "ST" and no longer "SP").
-
-   *) Added support for SSL_{CLIENT,SERVER}_{S,I}_DN_{T,I,G,S,D,UID}
-      variables (corresponding to X.509 title, initials, givenName, surname,
-      description and uniqueIdentifier OIDs) to allow the checking of more
-      X.509 certificate ingredients.
-
-   *) Allow mod_rewrite to also lookup the "HTTPS" variable, for instance
-      via ``RewriteCond %{HTTPS} !=on''.
-
-   *) Removed old URL references to rsaref20.tar.Z from INSTALL document.
-
-   *) Now an explicit error message is logged also if an SSL session cannot be
-      stored to the DBM file via dbm_store (and not just if dbm_open failed).
-
-   *) Now the pass phrase dialog no longer uses the hard-coded
-      filedescriptor 10 as the storage for stderr while the pass phrase dialog
-      is displayed. Instead (at least under Unix) it tries to open /dev/null
-      and uses this filedescriptor instead. And when this fails (or always
-      under Win32) it uses the hard-coded filedescriptor 50 (a lot higher than
-      10 to avoid problems with logfile rotation programs and other things
-      Apache could have started).
-
-   *) Fixed SSL_make_ciphersuite() function: it calculated the required string
-      length incorrectly and could segfault. BUT THIS FUNCTION IS STILL NOT
-      USED IN MOD_SSL AT ALL, so don't panic. This function is for debugging
-      purposes only.
-
-   *) Fixed a filedescriptor leak which happened if encrypted private keys
-      were used. Here the pass phrase dialog forgot to close a temporary
-      filedescriptor.
-
-   *) Added three new OpenSSL log entry annotations: First, "*no start
-      line*" now triggers "Bad file contents or format - or even just
-      a forgotten SSLCertificate KeyFile?" and "*bad password read*"
-      triggers "You entered an incorrect pass phrase!?". Additionally
-      "*bad mac decode*" now triggers "Browser still remembered details
-      of a re-created server certificate?" because people often get "bad
-      data" dialog boxes while (re-)testing with Snake Oil certs.
-
-   *) Added hint about possibly blocking /dev/random devices also to
-      httpd.conf-default to make sure people don't overlook this subtle
-      platform-dependent problem. Additionally a new FAQ entry was
-      made about this, too.
-
-   *) Added an entry to the FAQ about GIDs and their intermediate
-      certificate which has to be configured with SSLCertificateChainFile.
-
-   *) Fixed some external URLs in the FAQ.
-
-  Changes with mod_ssl 2.4.8 (02-Nov-1999 to 05-Nov-1999)
-
-   *) ** IMPORTANT BUGFIX **
-      If (and only if)...
-         1. a server restart at least once happened
-         2. a HTTPS request occurs from a 40-bit/export browser
-         3. the underlaying Unix flavor doesn't map DSOs always
-            to the same memory address on each restart
-      ...then a segfault was very likely to occur for usually
-      all previous mod_ssl version. 
-      
-      The reason was that mod_ssl's temporary RSA keys and DH parameters
-      were stored in the persistent memory pool directly as OpenSSL's
-      RSA and DH structures. But although these structures successfully
-      survived restarts, the contained pointers, which were placed there
-      by OpenSSL and which were referencing _static_ parts of OpenSSL,
-      pointed to Nirvana after restarts. So on the next need for RSA
-      temporary keys or DH parameters (usually caused by 40bit clients)
-      the OpenSSL library internally segfaulted while processing these
-      structures.
-
-      This was a very long-standing bug and is now fixed by storing the
-      RSA keys and DH parameters as raw (and this way safe) DER-encoded
-      ASN.1 dats streams (and not structures) in the persistent memory
-      pool.
-
-   *) Added an FAQ entry about Verisign GIDs and the intermediate CA
-      certificate which is required to fill the gap in the server certificate
-      chain or browsers will complain.
-
-   *) The configure.bat for Win32 now tries to complain if patches were
-      rejected while they are applied to the Apache source tree.
-
-   *) Updated ANNOUNCE and README documents.
-
-  Changes with mod_ssl 2.4.7 (22-Oct-1999 to 02-Nov-1999)
-
-   *) Added a check to mod_so to complain with a warning if one loads
-      a plain Apache 1.3 DSO under EAPI (which might work, but can also
-      segfault).
-
-   *) Added more defensive programming checks in the cert/key handling.
-
-   *) Added an entry to the FAQ about the commercial alternatives.
-
-   *) Disabled SysV IPC semaphore based mutex variant for FreeBSD < 3.0 and
-      any OpenBSD and NetBSD platforms because of conflicts with their
-      non-POSIX conforming semctl(2) prototypes.
-
-   *) Added an FAQ entry on how to enable Anonymous 
-      Diffie-Hellman (ADH) ciphers.
-
-   *) Now `make certificate' allows one to also change the
-      certificate validity time (default is still 365 days).
-
-   *) Recreated the ssl.crt/ca-bundle.crt file with all CA certs found in
-      Netscape Communicator 4.7's cert7.db file.
-
-  Changes with mod_ssl 2.4.6 (01-Oct-1999 to 22-Oct-1999)
-
-   *) Re-created RSA and DSA certificates and private keys for both SnakeOil
-      CA and SnakeOil Server, because the RSA certificate already expired
-      recently.  The cert/keys are now valid for the next 2 years.
-
-   *) Freshed up the test welcome page htdocs/index.html with a feather
-      background image (just for fun ;) and with a few other cosmetic
-      cleanups. 
-
-   *) Fixed a few compile warnings under Win32 environment.
-
-   *) Fixed interactive terminal based pass phrase dialog on Win32 platform by
-      explicitly opening `con' (the console) instead of trying to use stdout
-      (which seems to be no longer connected to the console under Win32).
-
-   *) Fixed expiration checks for the session cache. The
-      calculation and time comparsions were incorrect.
-
-   *) Now `httpd -V' also shows the value of EAPI_MM_CORE_PATH
-      (the path to the MM temporary files) if EAPI_MM is activated.
-
-   *) Made sure that `httpd -t' correctly dies, i.e. including a
-      cleanup of the global MM shared memory pool. Same for
-      `httpd -V'. This is important to not let temporary files
-      stay around which confuse `apachectl'.
-
-   *) Changed a few checks in ssl_engine_scache.c to be even more
-      conservative in order to prevent problems in advance.
-   
-   *) Reduced the size check for DBM session caching from 1024 to 950 bytes,
-      because most DBM libraries have a limit of 1022. This should make sure
-      we do not break some requirements some DBM libraries implicitly assume
-      (even they do not explicitly document it).
-
-   *) Fixed SSL_EXPERIMENTAL code related to the POST problem.  We now do a
-      more careful memory management and a segfault-situation was removed,
-      too.
-
-   *) Now the PID is appended to the global MM based shared memory pool
-      alloc.c allocates. This avoids problems with multiple server instances
-      run from the same installation.
-
-   *) Fixed a few typos in the INSTALL document.
-
-   *) Fixed a nasty bug in the fixup phase which caused ``SSLOptions
-      +ExportCertChain'' to dump core if no client certificates were present.
-
-  Changes with mod_ssl 2.4.5 (28-Sep-1999 to 01-Oct-1999)
-
-   *) Now ``make certificate'' displays a warning message if one generates a
-      DSA certificate with it to make sure the user is aware of the fact that
-      a DSA-only webserver is currently useless because the popular browsers
-      do not speak DH-based ciphers. A hint is given that a DSA cert/key pair
-      is only useful in _combination_ with a parallel configured RSA
-      cert/key pair.
-
-   *) Enhanced the pass phrase dialog: Now ``Server <host>:<port> (<algo>)''
-      is displayed instead of just ``Server <host>:<port>'' and the
-      ``SSLPassPhraseDialog exec:/path/to/program'' is called with arguments
-      ``<host>:<port> <algo>'' instead of just ``<host>:<port>'' to allow the
-      distinction between RSA and DSA keys both to the user and to the
-      program.  This is important, because a single virtual host can use both
-      a RSA and a DSA cert/key at the same time.
-
-   *) Added pre-configured (but commented out) SSLCertificate[Key]File
-      directives to conf/httpd.conf-dist which explains the use of the
-      additional DSA cert/key.
-
-   *) Now the default for SSL_SDBM is 'yes' on Linux boxes because it occurrs
-      too often that Linux boxes with broken DBM libraries are used and people
-      are wondering why their session cache operations segfault the server. If
-      you really want to use the vendor DBM library on Linux you now have to
-      use --disable-rule=SSL_SDBM. But I recommend you to use SDBM except
-      you know what you're doing.
-
-   *) Fixed typo in FAQ: SSLSessioCache -> SSLSessionCache.
-   
-   *) Enhanced the logging facility: First the "Connection to child x"
-      messages now also contain the client IP address, second every
-      logfile entry now has a prefix which contains also the process id in
-      addition to the time. This way it's easier to identify logfile entries
-      written by different processes.
-   
-   *) Fixed ssl_engine_vars.c: SSL3_TXT_RSA_IDEA_128_SHA was contained twice
-      in a table. Instead the second occurrence should be
-      SSL2_TXT_IDEA_128_CBC_WITH_MD5.
-
-   *) Fixed the `union semun' situation for SSLMutex again, this time for
-      brain-dead anchient Linux versions which have incorrect semctl(2)
-      prototypes. We now enable IPC semaphores only on glibc 2.1 boxes.
-
-  Changes with mod_ssl 2.4.4 (27-Sep-1999 to 28-Sep-1999)
-
-   *) Fixed the `union semun' situation for SSLMutex which was broken in 2.4.3
-      because Apache's internal NEED_UNION_SEMUN define is horrible
-      inconsistent (it was defined only for Solaris although it should be for
-      a lot more platforms). The correct solution actually is this: Some
-      platforms have a `union semun' pre-defined but Single Unix Specification
-      (SUSv2) says in semctl(2): `If required, it is of type union semun,
-      which the application program must explicitly declare'. So we have to
-      define it always ourself to avoid problems (but under a different name
-      to avoid a namespace clash, of course).
-
-   *) Fixed `make certificate VIEW=1': nested quotes are
-      disliked by strict(er) Bourne shell flavors.
-
-  Changes with mod_ssl 2.4.3 (06-Sep-1999 to 27-Sep-1999)
-
-   *) Upgraded pkg.contrib/gid-mkcert.sh to use OpenSSL
-      instead of SSLeay+cafix+pkcs12.
-   
-   *) Enabled SSL_USE_SEM (Semaphore based SSLMutex) now explicitly
-      for FreeBSD, NetBSD, OpenBSD, Linux and Solaris.
-
-   *) Fixed ``SSL_CLIENT_CERT_CHAIN<n>'' variable generation under
-      ``SSLOptions +ExportOptions''.
-
-   *) Added new ``SSL_CLIENT_VERIFY'' variable which can be used with
-      SSLRequire to manually check the verify results under ``SSLVerifyClient
-      optional'' in order to redirect to an enrollment page.
-
-   *) Fixed documentation related to SSL_XXX variables.
-
-   *) Fixed timeout handling of internal OpenSSL cache.
-
-   *) Make sure server.key/ca.key files are stored with explicit
-      permissions 600 also in conf/ssl.key/ inside the source tree.
-
-   *) Added hint about "Connection refused" problem to FAQ.
-
-   *) Fixed semaphore based SSLMutex variant: the IPC_CREAT fallback was wrong
-      and the return code semantics were treated incorrectly. Additionally the
-      ownership of the semaphore is now set, too.
-
-  Changes with mod_ssl 2.4.2 (30-Aug-1999 to 06-Sep-1999)
-   
-   *) Added hint about -fPIC vs. -fpic to INSTALL document.
-
-   *) Changed /sw/bin/perl to the more common /usr/bin/perl
-      in pkg.contrib/loadcacert.cgi.
-
-   *) Fixed two (harmless) compile-time warnings related to
-      `unsigned char *' vs. `char *'.
-
-   *) Added hint about required browser restarts on re-installations.
-
-   *) Added quotes to DocumentRoot in conf/httpd.conf-dist
-      to avoid problems with binbuild.sh.
-
-   *) Fixed --with-apxs: configure.stub.sh has to be `sourced' as
-      `./configure.stub.sh' instead of just `configure.stub.sh' or some
-      Bourne Shells cannot find it.
-
-  Changes with mod_ssl 2.4.1 (18-Aug-1999 to 30-Aug-1999)
-
-   *) Added logging hint "too restrictive SSLCipherSuite or using DSA server
-      certificate?" for "no shared cipher" errors.
-   
-   *) Added an explicit ap_blush() call to the connection close hook to
-      make sure that pending outgoing data is flushed _before_ the SSL
-      layer is closed. This is important to make sure that the pending
-      data is still transferred through the SSL layer. Else an I/O
-      error can occur inside the browser because the pending data is
-      transferred as plain data (at a time where the browser will no
-      longer expect the data, i.e. after the SSL close notify message
-      was already received by it).
-
-   *) Added new FAQ entries.
-
-   *) Show `-D EAPI_MM' on `httpd -V', too.
-
-   *) Pass also $(MFLAGS) to src/support/mkcert.sh for consistency.
-
-   *) Fixed mod_define.html: `docroot' was doubled.
-
-   *) Made sure mkcert.sh handles the algorithm variable more robust in order
-      to make sure that people do not accidently choose the DSA variant.
-
-   *) mod_ssl now complains already at startup if one tries to use ``SSLMutex
-      file:...'' on Win32 (where the semaphore mutex _has_ to be used).
-
-   *) Removed obsolete pkg.ssldoc/ssl_cover_title.gif
-
-  Changes with mod_ssl 2.4.0 (03-Aug-1999 to 18-Aug-1999)
-   
-   *) Upgraded from Apache 1.3.6 to Apache 1.3.9 
-      (Apache versions 1.3.7 and 1.3.8 were not released).
-
-   *) Fixed a nasty bug in mod_define.c: the global define variable pool was
-      never destroyed and this way could lead to segfaults on server restarts.
-
-   *) Pass number of bytes from ``SSLRandomSeed exec:/path/to/prog(bytes)'' as
-      first argument to /path/to/prog in order to allow the program to know
-      how much bytes of entropy it should provide on stdout.
-
-      ____    _____ 
-     |___ \  |___ / 
-       __) |   |_ \ 
-      / __/ _ ___) |
-  __ |_____(_)____/ __________________________________________
-               
-  Changes with mod_ssl 2.3.11 (28-Jul-1999 to 03-Aug-1999)
-
-   *) Changed pass phrase dialog: Now you're allowed to enter even 1 char pass
-      phrases, i.e. you're no longer required to enter more than 4 characters.
-      That's important for encrypted private keys not generated via OpenSSL.
-   
-   *) Added configuration check: Now mod_ssl checks on startup whether the
-      CommonName (CN) of a certificate matches the ServerName of the virtual
-      host. If not, a warning is given, because it will lead to at least
-      popping up dialog boxes in NS and IE.
-
-   *) Added configuration check: Now mod_ssl checks whether more than one
-      SSL-aware virtual host uses the same IP:port and complains with a
-      warning, because for SSL name-based virtual hosts cannot be used.
-
-   *) Overhauled mod_define: it now uses a global define value table and
-      this way not works correctly also in <VirtualHost> sections and other
-      contexts.
-
-   *) Added a few more FAQ entries.
-
-   *) Cleaned up ssl_init_Module() function: it now no longer
-      destroys the server_rec argument as a side-effect.
-
-   *) Fixed top-level Makefile.tmpl: ssl.crl wasn't created; README.CRL
-      wasn't installed; incorporated an important escaping bugfix from Apache
-      1.3.7-dev.
-
-   *) Added fallback definitions for TRUE/FALSE to ap_mm.h
-
-   *) Fixed I/O pre-sucking for HTTPS proxy situations where
-      no mod_ssl context is attached to SSL structures.
-
-   *) Fixed Mutex acquiring under Win32: the result value
-      was computed incorrectly and leaded to warning log entries.
-
-   *) Catch SIGPIPE in truerand.c (a contrib program in pkg.contrib/) to allow
-      it behave correctly under `SSLRandomSeed exec:bin/truerand N'.
-
-  Changes with mod_ssl 2.3.10 (26-Jul-1999 to 28-Jul-1999)
-
-   *) Changed the handling of the `per-URL SSL re-configuration in conjunction
-      with POST method based HTTP requests' problem: Per default mod_ssl now
-      returns a METHOD_NOT_ALLOWED HTTP error when one tries to POST to a URL
-      which has SSL parameters re-configured, because mod_ssl per default
-      cannot handle this situation (for technical reasons). This way the I/O
-      errors which occured in the past are now at least replaced by a correct
-      error message. 
-
-      But when you build with --enable-rule=SSL_EXPERIMENTAL you get
-      experimental support for this situation and you then _CAN_ use POST even
-      in conjunction with per-URL SSL re-configurations.
-      
-      But nevertheless one have to keep in mind that the POST body is still
-      transferred under the global SSL parameters and that the renegotiation
-      (typically to a stronger cipher, etc.) happens only before the response
-      is sent (and not before the POST data is read!). The rule of thumb is:
-      per-URL SSL parameters _CANNOT_ be applied to _ANY_ part of the
-      _REQUEST_, they are only guarrantied to be applied to the _RESPONSE_.
-
-      In practice there are situations (for instance when the client resumes
-      the request already with previously renegotiated parameters, etc.) where
-      the situation _CAN_ be better. But you cannot _EXPECT_ it to be better
-      and mod_ssl _CANNOT GUARRANTY_ it to be better, of course.
-
-   *) Added support for latest OpenSSL 0.9.4-dev snapshot version.
-
-   *) Fixed initialization and cleanup related problems with SSLMutex: The
-      mutex is now closed before the chown and the mutex is removed only in
-      the parent on module shutdown.
-
-   *) Removed HTTPD_ROOT from EAPI_MM_CORE_PATH definition in httpd.h
-      because it is redundant and can cause problems.
-
-  Changes with mod_ssl 2.3.9 (25-Jul-1999 to 26-Jul-1999)
-   
-   *) Compile ap_make_shared_sub_pool() only under -DEAPI
-      and added it to httpd.exp.
-
-   *) Fixed alloc.c again: the ap_mm_destroy has to be used only for
-      defined(EAPI) && defined(EAPI_MM) and not just for defined(EAPI).
-
-  Changes with mod_ssl 2.3.8 (25-Jul-1999 to 25-Jul-1999)
-
-   *) Fixed a nasty problem with early pool cleanups during 
-      startup when shared memory session caches are configured.
-
-  Changes with mod_ssl 2.3.7 (14-Jul-1999 to 25-Jul-1999)
-
-   *) Optimization for logfile handling: We now short-circuit the
-      filedescriptors for inherited logfiles in order to save filedescriptors.
-      This is important for mass virtual hosting situations where we really
-      have to reduce the resource consumption. 
-
-   *) Enhanced the DBM-based SSL Session Cache:
-
-      o the cache DBM files are removed on shutdowns and restarts now
-        to prevent the occurance of DBM inconsistencies over long runs.
-
-      o the DBM store operation now stores only data which has
-        sizeof(key)+sizeof(data) < 1024 to make sure some broken vendor DBM
-        libraries do not segfault on large entries.  Only with the built-in
-        SDBM library up to 8KB are stored.
-
-      o the expiry procedure was rewritten to prevent problems with
-        less smart DBM libraries: Instead of iterating and deleting in
-        parallel (which causes some DBM libraries to become totally crazy) a
-        two pass approach is used. In the first pass the DBM library is
-        scanned and expired elements are remembered only. In the second pass
-        the rememebered elements are actually deleted.
-
-   *) Fixed SSL mutex handling: the mutex file was not removed on shutdown.
-
-   *) Fixed global shared memory pool handling in alloc.c: The shared memory
-      related temporary files of MM were not removed because ap_mm_destroy()
-      was missing on exit.
-
-   *) A few adjustments anf fixes to the FAQ and added hint to OpenSA
-      to INSTALL.Win32.
-
-   *) Fixed ``SSLRandomSeed exec:..'' for OS/2 and Win32.
-
-   *) Fixed shared memory pool handling in alloc.c:
-      Two realloc() calls were not shared memory aware.
-
-  Changes with mod_ssl 2.3.6 (22-Jun-1999 to 14-Jul-1999)
-
-   *) Enhanced ap_mm_create() failure messages in alloc.c
-   
-   *) Fixed a core dump for the rare situation where mod_ssl was build
-      statically into Apache but not enabled (AddModule).
-
-   *) Perform more tries to chown() used DBM files.
-
-   *) Fixed memory leaks on restarts related to shared memory session cache:
-      the MM object wasn't removed at all.
-
-   *) Allow SSL_DBM_FILE_SUFFIX_DIR and SSL_DBM_FILE_SUFFIX_PAG
-      to be overridden via CFLAGS.
-   
-   *) Fixed grammar and typos in ssl_reference.wml
-
-   *) Done a blind update of the INSTALL.Win32 document.
-
-   *) Added five new FAQ entries.
-
-   *) Fixed EAPI MM related permission problems.
-
-   *) On startup the configured cipher suite is now also
-      displayed under log level "trace".
-
-   *) Let the Win32 configure.bat complain when --with-apache or
-      --with-ssl is missing.
-
-   *) Added new `SSLCertificateChainFile /path/to/file' directive. This can
-      point to a file containing the concatenation of PEM encoded CA
-      certificates which explicitly form the server certificate chain. This is
-      intended for instance for the Global-ID situation where one _has_ to
-      send the intermediate CA of Verisign with the GID while one wants to
-      avoid that under client authentication all clients issued by this CA are
-      accepted (which would happen when one references the CA cert via
-      SSLCACertificatePath or SSLCACertificateFile instead of
-      SSLCertificateChainFile).
-
-   *) Changed the "Interrupted by system" `error' to `info' level in
-      case errno is not > 0.
-
-  Changes with mod_ssl 2.3.5 (18-Jun-1999 to 22-Jun-1999)
-
-   *) Rewritten the DBM and SHM expiration functions in ssl_engine_scache.c to
-      avoid problematic situation where one deletes an entry before the
-      iteration counter was incremented. This was perhaps also another reasons
-      for the session cache related core dumps.
-
-   *) Fixed a nasty bug in ssl_util_table.c: A static (heap-based) calloc()
-      call was forgotten to be converted to a dynamic (shared memory based)
-      table->calloc() call. This leaded to various core dumps once the session
-      cache's hash table was filled as had to be resized (which occured
-      only after some time of operation, of course).
-
-   *) Now mod_ssl displays an info logfile entry when the server certificate
-      is a SCG one and warning logfile entries when the server certificate has
-      BasicConstraints CA:TRUE or pathlen>0.
-
-   *) Fixed FakeBasicAuth handling: ssl::client::dn wasn't
-      set correctly and wasn't set at all in renegotiation context.
-
-   *) Fixed HowTo example with +FakeBasicAuth: AuthName was
-      missing and typos
-
-  Changes with mod_ssl 2.3.4 (09-Jun-1999 to 18-Jun-1999)
-
-   *) The Fake Basic Auth stuff now is logging it's operation.
-
-   *) Fixed pkg.contrib/cca.sh script: CA:TRUE was incorrect
-      for a client certificate, of course.
-
-   *) Added session cache status display to the pages generated by mod_status.
-      When "ExtendedStatus on" is used mod_ssl appends session cache
-      information (supported for both DBM and SHM).
-
-   *) Fixed ``SSLVerifyClient optional_no_ca'' for per-directory context.
-
-   *) Added ``SSLOptions +OptRenegotiate'':
-      This enables optimized SSL connection renegotiation handling when SSL
-      directives are used in per-directory context. Per default a strict
-      handling is enabled where every per-directory reconfiguration of SSL
-      parameters cause a full SSL renegotiation handshake.  When this option
-      is used mod_ssl tries to avoid unnecessary handshakes by doing more
-      granular (but still safe) parameter checks. This should reduce
-      the renegotiation overhead a little bit.
-
-   *) Also print SSL errors on SSL_ERROR_SYSCALL situation.
-
-   *) Make sure EAPI_MM=SYSTEM doesn't add -I/usr/include to CFLAGS (which
-      occurrs for instance under Debian where MM is installed in system
-      locations).
-
-   *) The SSL session context is now also set on session renegotiations.
-
-  Changes with mod_ssl 2.3.3 (08-Jun-1999 to 09-Jun-1999)
-
-   *) Various type fixes for Session Cache code.
-
-   *) A few fixes to make the Win32 world happy again.
-
-   *) Fixed glibc 2.1 ndbm.h inclusion problems.
-
-   *) Make sure that in "SSLSessionCache shm:/path/to/file(NNN)"
-      the size NNN cannot be specified greater than the maximum
-      possible shared memory segment (which is platform
-      dependent, of course).
-
-  Changes with mod_ssl 2.3.2 (28-May-1999 to 08-Jun-1999)
-
-   *) Removed obsolete mca.sh script and updated cca.sh script to current
-      OpenSSL state.
-
-   *) Now "SSLSessionCache none" really disables _all_ caching,
-      i.e. including the internal OpenSSL cache.
-
-   *) Added Shared Memory based SSL Session Cache: A new "SSLSessionCache
-      shm:/path/to/file(bytes)" variant of the SSL session cache was added.
-      This uses a high-performance hash table inside a shared memory segment
-      to provide the fastest inter-process session cache which is possible.
-      For this Apache+EAPI has to be built with EAPI_MM (linked against the MM
-      library, the shared memory abstraction).
-   
-   *) Fixed the EAPI_MM related patches to Apache's src/Configure:
-      The variables were overridden instead of extended.
-
-   *) Added hint to FAQ to make sure people enter the FQDN for CommonName when
-      generating a server certificate. Added hint to EGD to reference chapter.
-
-   *) Some more Win32 fixes.
-
-   *) Fixed a session cache problem on shutdowns.
-
-   *) Fixed mod_ssl's ``configure --with-mm=DIR''
-
-  Changes with mod_ssl 2.3.1 (25-Apr-1999 to 28-May-1999)
-
-   *) Fixed two memory leaks in ssl_util_ssl.c related to BIOs.
-
-   *) Fixed EAPI sources in src/ap/: They failed to compile
-      when -DEAPI wasn't used which isn't nice.
-
-   *) Fixed Win32 stuff: src/ap/ap.mak missed entries for ap_mm.[ch],
-      src/modules/ssl/Makefile.win32 missed entry for ssl_engine_dh.c,
-      configure.bat wasn't aware of the new include/openssl/ layout.
-
-  Changes with mod_ssl 2.3.0 (12-Apr-1999 to 25-May-1999)
-
-   *) Upgraded to final OpenSSL 0.9.3 API and made this
-      version the lowest possible OpenSSL version for mod_ssl.
-
-   *) Fixed ap_mm.c stubs.
-
-   *) Updated dependencies in src/modules/ssl/Makefile.tmpl
-
-   *) Fixed INSTALL document for OpenSSL 0.9.3: 
-      -DNO_IDEA => no-idea and -DRSAref & friends => rsaref.
-
-   *) ** Second major step for DH/DSA support **: 
-      The mod_ssl module itself is now aware of multiple certificate/keys when
-      they are of a different type (one RSA, the other DSA). All internal
-      cert/key related handling which was hard-coded for RSA was replaced by
-      generic code which supports both RSA and DSA. This way now all SSL
-      ciphers, including the real Diffie-Hellman ciphers like
-      EDH-DSS-DES-CBC3-SHA are supported by mod_ssl.
-
-   *) Upgraded Thawte's sxnet stuff in pkg.contrib/
-
-   *) Added new variable SSL_SESSION_ID which contains the hex-encoded SSL
-      session id. This variable is also exported to the SSI/CGI environment
-      and can be used as a session-unique key.
-
-   *) Added more error checking for SSL_XXX variable lookups.
-
-   *) ** First major step for DH/DSA support **: 
-      1) snakeoil.{crt,key} was renamed to snakeoil-rsa.{crt,key} and a
-      snakeoil-dsa.{crt,key} was created. 2) src/support/ca-fix.c was kicked
-      out (it's obsolete with OpenSSL 0.9.3) and 3) src/support/mkcert.sh was
-      changed to use the new `openssl x509 -extfile ..' instead of ca-fix and
-      to support the generation of DSA certs/keys via `openssl gendsa'.
-      Finally 4) the top-level Makefiles were adjusted to support an
-      ALGO={RSA,DSA} parameter for selecting the algorithm in batch and a
-      VIEW=1 parameter for viewing the generated cert/key in plain text
-      format.
-
-   *) Removed more source code relicts of SSLeay by replacing
-      them with the official OpenSSL variants.
-
-   *) Added ap_{mm,MM}* function list to src/support/httpd.exp
-
-   *) Update ap_mm.{c,h} for MM 1.0.3, i.e. add stubs for new
-      ap_{MM,mm,mm_core}_permission() function.
-
-   *) Replaced all references to EAY's old email address with the new one.
-
-   *) Fixed source tree creation: ap_mm.[ch] wasn't installed.
-  
-   *) Removed -l option from yacc call in src/modules/ssl/Makefile.tmpl and
-      touch the pre-generated scanner/parser files so the generation isn't
-      done for end users.
-
-   *) Give more reasonable error message on pass phrase dialog by
-      distinguishing between "Pass phrase incorrect" and "Private key not
-      found" situations.
-
-   *) Fixed configure and configure.bat scripts: ssl.crl wasn't created
-      and server.csr wasn't installed under Win32.
-
-   *) Added a new ``SSLOptions +StrictRequire'' This _forces_ forbidden
-      access when SSLRequireSSL or SSLRequire successfully decided that access
-      should be forbidden. Usually the default is that at least a used
-      ``Satisfy any'' can cancel such access denies (when other access
-      restrictions were passed), because that's how the Apache Satisfy
-      mechanism should work.  But for strict access restriction you can use
-      SSLRequireSSL and/or SSLRequire in combination with an ``SSLOptions
-      +StrictRequire''. Then an additional ``Satisfy Any'' has no chance once
-      mod_ssl has decided to deny access.
-
-   *) Removed all direct Apache-SSL related comparsions from the mod_ssl FAQ
-      chapter of the user manual to finally avoid any more blames by Ben
-      Laurie.
-   
-   *) Upgraded to the forthcoming OpenSSL 0.9.3 API. Because of too much API
-      changes (constifications, STACK_OF, etc.) we cannot provide support for
-      older versions any longer without making the mod_ssl source code ugly.
-      OTOH for mkcert.sh we already want >= 0.9.3, so drop support for all
-      older versions now.
-
-   *) Switched all addresses and references to new modssl.org domain.
-
-   *) Updated the User Manual for version 2.3
-
-   *) Various stylistic source code cleanups.
-
-   *) EBCDIC-related fix for variable lookup functions.
-
-   *) Added generic Shared Memory support to Extended API (EAPI) via the new
-      MM library (available externally).  First two new ap_mm.c/ap_mm.h source
-      files provide new functions ap_mm_xxx() which are either stubs (when no
-      shared memory support is available via the MM library) or call the
-      mm_xxx() counterparts of the MM library.  Second, shared memory pools
-      are patched into alloc.c/alloc.h which uses the ap_mm_xxx() functions in
-      the background.
-
-   *) Added support for X.509 CA Certificate Revocation Lists (CRL).  For this
-      the two new directives SSLCARevocationPath and SSLCARevocationFile
-      (similar to SSLCACertificate{Path,File}) are provided where one can
-      store CRL files.  The preconfigured default directory for CRLs is
-      PREFIX/conf/ssl.crl. The SSLCARevocationPath is a directory where the
-      CRLs are looked up via hash symlinks. For this a ssl.crl/Makefile is
-      provided similar to ssl.crt/Makefile.
-
-   *) Kicked out all remaining SSLeay references and dependencies.  The
-      minimum SSL library version which is now required is OpenSSL 0.9.2b.
-
-      ____    ____  
-     |___ \  |___ \ 
-       __) |   __) |
-      / __/ _ / __/ 
-  __ |_____(_)_____| _________________________________________
-               
-  Changes with mod_ssl 2.2.8 (29-Mar-1999 to 12-Apr-1999)
-   
-   *) Use SSL_smart_shutdown() also for SSL proxy stuff.
-
-   *) Fixed some compat variable mappings and updated ssl_compat.wml
-      document to reflect the current compat state.
-
-   *) Added ssl_log_applies() function in advance for forthcoming feature
-      commits.
-
-   *) Added NEWS file to distribution which summarizes the major changes and
-      this way gives a faster overview for the impatient users.
-
-   *) Added a new pkg.contrib/cca.sh script which I used for client auth
-      testing with the latest OpenSSL versions.  Additionally adjust old
-      mca.sh script for OpenSSL.
-   
-   *) Added the missing ssl_template.inc file to the distribution
-
-   *) Various source code cleanups to make forthcoming patches more clean.
-
-  Changes with mod_ssl 2.2.7 (24-Mar-1999 to 29-Mar-1999)
-
-   *) Fixed the ``HTTPS request received for child'' log entries: Now no
-      longer multiple copies of a message occur, because mod_ssl logs them
-      only on initial requests (and no longer on sub-requests and internal
-      redirects).
-
-   *) Fixed a few more memory leaks which occured on server restarts.
-
-   *) Added entry to the FAQ for the MSIE work-around with
-      ``SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown''.
-
-   *) Added support for two SetEnvIf variables: ssl-unclean-shutdown and
-      ssl-accurate-shutdown. These can be used to for instance force different
-      shutdown approaches for particular browsers. An ``SetEnvIf User-Agent
-      ".*MSIE.*" ssl-unclean-shutdown'' now forces the old mod_ssl 2.1
-      behaviour where no close notify messages are sent at all before
-      connection close. An ``SetEnvIf User-Agent ".*Lynx.*"
-      ssl-accurate-shutdown'' forces an accurate shutdown when the client is
-      Lynx+OpenSSL where mod_ssl both sends it's close notify alert and waits
-      for the close notify alert of the client.
-
-   *) Updated source file dependecies in src/modules/ssl/Makefile.tmpl.
-
-  Changes with mod_ssl 2.2.6 (18-Mar-1999 to 24-Mar-1999)
-
-   *) Now mod_ssl logs the current Apache, mod_ssl and OpenSSL versions at
-      startup which makes it easier to distinguish which software combination
-      is actually running by just looking into the log.
-
-   *) Added support for new 56/1024 bit export ciphersuites (idea overtaken
-      from Apache-SSL 1.32) and sign-only-certificate situations where
-      stronger (1024 instead of 512 bit) temporary keys are reasonable to use.
-
-   *) Upgrade to new upstream version Apache 1.3.6 on vendor branch.
-      [Version 1.3.5 was not released because of last minute problems]
-
-   *) *** SECURITY *** SECURITY *** SECURITY ***
-      In the OpenSSL project we discovered that a terrible security hole
-      exists for _all_ SSLeay/OpenSSL server applications that use virtual
-      hosting. Here sessions could be resumed in the wrong context thus
-      bypassing client certificate protection! This hole is now fixed in
-      OpenSSL 0.9.2b by an ad-hoc solution were SSL sessions cannot be resumed
-      unless the server application tags it with a unique context id per
-      virtual host. mod_ssl now also performs this tagging to prevent this
-      exploit.
-
-   *) Added the nifty EAPI-based mod_define module to the source tree.  This
-      modules provides variable definitions for arbitrary directive lines,
-      i.e.  you can expand ${xxx} on any(!) directive line. This module is
-      disabled per default in src/Configuration.tmpl (need an
-      --enable-module=define) and it lives in the new pkg.addon area.
-
-   *) Added Stronghold's table look and feel to mod_status' display page.
-      This patch is harmless and enabled per default and lives in the new
-      pkg.addon area.
-
-   *) Opened another distribution package subdir: pkg.addon/.
-      Here addons will be stored which are not directly/physically related to
-      mod_ssl and EAPI, but indirectly.
-
-   *) Cleaned up the generation of the signature table in ap_hook.c
-      and updated the hook list with the still missing vendor hooks.
-
-   *) Renamed recently added vendor hooks to from ssl::vendor::xxx to
-      ap::mod_ssl::vendor::xxx to be consistent with remaining EAPI hook
-      names.
-
-   *) Upgrade to new upstream version Apache 1.3.5 on vendor branch
-
-   *) Fixed a segfault in the HTTPS support for mod_proxy which
-      occured when the proxy couldn't connect to the remote host.
-
-   *) Be 100% conservative and clean and use SSL_clean() after SSL_new().
-
-  Changes with mod_ssl 2.2.5 (04-Mar-1999 to 18-Mar-1999)
-
-   *) Fixed the situation were we discovered processes consuming
-      100% CPU time. This occured under various not exactly known
-      circumstances, but it seems it was always when the client plays bad with
-      the socket connection and OpenSSL cannot recognize it. Then the state
-      machine of SSL_shutdown() seems to loop endless. It's now fixed by not
-      limiting the iterations.
-
-   *) Fixed a typo in the SSL_CERTIFICATE_FILE define, although this
-      variable is still not used.
-
-   *) Fixed the POST-problem where kept-alive HTTPS connections hang or
-      resulted in an I/O error inside the browser because the ``SSL close
-      notify'' alert couldn't be sent correctly because of Apache's internal
-      ``lingering close'' handling. EAPI was changed to now correctly call the
-      close_connection module hook also on timeout and linger closes. This
-      EAPI change means you cannot upgrade your libssl.so with --with-apxs to
-      this version. A complete Apache rebuild with the updated EAPI code is
-      necessary.
-
-   *) The SSLCertificateFile and SSLCertificateKeyFile directives now can read
-      PEM (=DER+Base64+headers), DER+Base64 (without headers) and plain DER
-      format certificate and private key files. This is mostly provided for
-      convinience reasons.
-
-   *) Add FAQ entry: How to convert PEM into DER.
-  
-  Changes with mod_ssl 2.2.4 (21-Feb-1999 to 04-Mar-1999)
-
-   *) Add important note to INSTALL/INSTALL.Win32 that all
-      documentation references already use the term OpenSSL, the file and
-      program names `openssl', etc. although most of the users are still using
-      SSLeay and don't have any `openssl' command, etc.
-
-   *) Fixed two export warnings for ssl_expr_parse.c under Win32.
-
-   *) In correspondence with the SSLeay to OpenSSL transition
-      we changed the --with-ssleay=DIR option to --with-ssl=DIR (but the old
-      variant is still recognized for backward compatibility, of course).  For
-      consistency we also renamed --with-rsaref=DIR to --with-rsa=DIR.
-
-   *) Ported src/support/ca-fix tool to OpenSSL 0.9.2, although after final
-      switching to OpenSSL 0.9.2 as the minimum required toolkit version we
-      will no longer need this tool.  But until then let us be friendly and
-      support the OpenSSL snapshots ;-)
-
-   *) Added the first cut of Vendor extension support.  This stuff is
-      currently _NOT_ compiled in per default. It has to be enabled with the
-      new APACI --enable-rule=SSL_VENDOR option. The idea is this: the mod_ssl
-      sources contain EAPI vendor hooks (`ssl::vendor::xxxx') and internal
-      EAPI context variables which can be used to change or extend mod_ssl by
-      a vendor without patching the source code. Grep for `ssl::vendor::'
-      inside src/modules/ssl/ for more details.  Additionally vendors can now
-      add their own source code as files named ssl_vendor.c, ssl_vendor_XXX.c,
-      etc.  The libssl.module script automatically picks these up under
-      configuration time and mod_ssl under run-time calls the functions `void
-      ssl_vendor_register(void)' and `void ssl_vendor_unregister(void)' inside
-      these objects to bootstrap them.  Read the src/modules/ssl/README file
-      for more details.
-
-   *) Fixed two old Stronghold directive compatibility mappings, added missing
-      Stronghold directive mappings and added a bunch of additional Stronghold
-      variable mappings.
-
-   *) Big and official switch from the name `Apache Interface to SSLeay' to
-      `Apache Interface to OpenSSL', from any SSLeay-references to
-      OpenSSL-references, etc. There is still support for SSLeay, of course.
-      But this renaming cleanup has to be done, because in the near future
-      support for SSLeay has to be completely dropped due to non-optional
-      support for new features like DSA/DH, etc (which is only possible with
-      OpenSSL).
-
-   *) Made the error messages of `configure' even more idiot-proof :-(
-
-   *) Fixed the connection closing phase: First, mod_ssl no longer hooks into
-      this phase by using ap_register_cleanup() (with the connection pool)
-      because the cleanup functions are called by Apache's API a lot too late
-      (actually _after_ the socket was already closed!).  Instead a new EAPI
-      hook `close_connection' was added to register a hook which is run
-      directly _before_ the socket is closed.  Second, the SSL ``Close
-      Notify'' alert is now always sent (even when older IE browsers display
-      the message in the window), because not sending the alert is a violation
-      of the SSL/TLS standard.
-      !! ATTENTION: THIS HAD TO CHANGE EAPI, SO YOU HAVE TO RECOMPILE APACHE !!
-
-   *) Enhance the output of alert messages under `SSLLogLevel trace'.
-   
-   *) Make mod_ssl aware of the forthcoming OpenSSL 0.9.2 version
-      where some callback function signatures will be changed 
-      and a few new TLSv1 export ciphers are added.
-
-   *) Fixed restarts which were broken due to recent changes to the cert/key
-      handling (DER/internal conversions). Now mod_ssl again surives server
-      restarts without problems.
-
-   *) Replaced `%0 %*' with `%0 %1 %2 %3 %4 %5 %6 %7 %8 %9' in configure.bat
-      because Windows 98 is even more braindead than anyone can image.
-
-   *) Added AP_HOOK_DECLTMP return code semantic to EAPI's hook mechanism
-      which is needed in the forthcoming vendor hooks to avoid local temporary
-      variables.
-
-   *) Fixed the `SSLLogLevel debug' output where confusing `Ops, no memory
-      buffer?' messages occured in the past. The BIO callback function now
-      only outputs messages for the actual read/write calls.
-
-   *) Fixed a warning the `gcc -O -Wall ...' compiler flag combination causes.
-
-   *) Fixed confusing terms in the final messages in mkcert.sh
-      which display a short description of files under `make certificate'.
-
-   *) Fixed compilation for SunOS where no RAND_MAX exists.
-
-  Changes with mod_ssl 2.2.3 (05-Feb-1999 to 21-Feb-1999)
-   
-   *) Cleaned up the namespace of mod_ssl structures: 
-      All helper structures are now named ssl_xxxx_t.
-
-   *) Fixed hyperlinks to mod_log_config.html in mod_ssl's User Manual
-
-   *) Let mod_log_config's %{XXXX}x functions (provided by mod_ssl) correctly
-      expand to "-" instead of "" in case XXXX is not available as it's the
-      case for other mod_log_config functions.
-
-   *) Unbreak `SSLOptions +CompatEnvVar' by fixing two nasty bugs
-      and adding a missing variable.
-
-   *) Fixed a confusing "not"-typo in the FAQ.
-
-   *) Another round to get rid of the core dumps under the DSO situation when
-      DSOs are loaded to different memory addresses. We now no longer try to
-      preserve `RSA *' and `X509 *' structures of the SSL library between
-      Apache's init rounds. Because as we discovered, SSLeay/OpenSSL uses
-      various static variables inside these structures which is a big NO-NO
-      for the nasty Apache double-init round situation. Instead we now convert
-      the internal structures to DER/ASN.1 byte-streams allocated inside
-      mod_ssl's global memory pool. This now at least fixed the core dumps
-      under the Solaris/DSO situation for me.
-
-   *) Incorporated a few cleanups for the SDBM code Gred Stein sent me 
-      while he was adding SDBM to his mod_dav package.
-  
-  Changes with mod_ssl 2.2.2 (04-Feb-1999 to 05-Feb-1999)
-
-   *) Fixed `SSLOptions +FakeBasicAuth' and related stuff which
-      was broken because of a typo in a context variable name.
-
-   *) Fixed ToC in chapter 1 of the user manual.
-
-   *) Fixed export lists src/ApacheCore.def (Win32) and 
-      src/support/httpd.exp (AIX).
-
-  Changes with mod_ssl 2.2.1 (27-Jan-1999 to 04-Feb-1999)
-
-   *) Now the configure script uses bold mode to mark some
-      error messages under xterm, vt100 and vt220 terminals.
-   
-   *) Added a new chapter 5 (`HowTo') to the User Manual where solutions for
-      typical situations are presented.
-    
-   *) Now mod_ssl identifies itself to the SCCS `what' and RCS `ident'
-      commands with a string `mod_ssl/2.2.x'.  This allows one for instance to
-      quickly check what version a libssl.so by typing `what libssl.so' or
-      `ident libssl.so'.
-
-   *) Added a new directive `SSLProtocol' which is compatible to Stronghold
-      2.x's directive of the same name. It provides a handy way to control the
-      SSL protocol flavors (SSLv2, SSLv3, TLSv1) mod_ssl should provide on the
-      server side. It's use is a little bit similar to special cases of
-      SSLCipherSuite, but it actually directly affects internal behaviour of
-      the SSL library. So, saying `SSLProtocol all -SSLv3 -TLSv1' to get a
-      SSLv2 only server is not really equal to an `SSLCipherSuite' where just
-      all SSLv3 and TLSv1 ciphers are dropped.
-   
-   *) EAPI functions are now also added to src/ApacheCore.def.
-   
-   *) Output a warning when `SSLVerifyClient require' is used but no CAs are
-      configured for verification.  Additionally the `peer didn't return a
-      certificate' message is annotated with a similar hint.
-
-   *) Updated the README.dsov.{fig,ps} files to reflect the
-      additional internal data structure link from SSL* to request_rec*.
-
-  Changes with mod_ssl 2.2.0 (21-Jan-1999 to 27-Jan-1999)
-
-   *) Commit the long-prepared and long-awaited feature of 
-      per-directory SSL configuration parameters. 
-      
-      The background is this: SSL parameters like the Cipher Suite or the
-      certificate chain verification parameters up to now could only be
-      configured on a per-(virtual)server basis and this way apply to all URLs
-      under https://this-virtual-server/.  The drawback is obvious: You've to
-      find a common denominator for the whole website which isn't usually
-      possible. For instance just because you need client authentication
-      (``SSLVerifyClient require'') for https://this-virtual-server/foo/bar/,
-      this shouldn't mean you have to force client authentication for the
-      whole server. Same for ciphers: Just because a subarea needs to enforce
-      a stronger cipher (e.g. no export, no null cipher, etc.) shouldn't mean
-      that the whole website can only be visited with those requirements.  So
-      the idea is to enforce those (usually stronger) requirements on a
-      per-directory basis.
-
-      The problem is: It's a chicken and egg situation. To decide which
-      parameters should be enforced in the SSL handshake mod_ssl has first to
-      find out the requested directory. For this the HTTP request has to be
-      read. But for this the SSL handshake first has to be performed. Bingo!
-      
-      The nifty solution known from Netscape Commerce servers now is: We
-      simply do the standard SSL handshake, then we read the HTTP response,
-      then we perhaps reconfigure the parameters and enforce a second SSL
-      handshake (this is called "SSL renegotiation") with it. And only when
-      this handshake is also successful, the HTTP response is send.
-
-      How is this configured? You just put additional SSLVerifyClient,
-      SSLVerifyDepth and/or SSLCipherSuite directives in <Directory> or
-      <Location> containers or even .htaccess files. When Apache reaches those
-      directories, those directives reconfigure the SSL parameters and the SSL
-      renegotiation is automatically enforced by mod_ssl. The only drawback is
-      that although an optimization is done to reduce unnecessary
-      renegotiations (when the parameters were not actually changed), you
-      usually increase the overhead for a request because a SSL renegotiation
-      is expensive. So, use the per-directory reconfiguration feature
-      economically.
-
-      Under SSL_EXPERIMENTAL additionally the directives SSLCACertificatePath
-      and SSLCACertificateFile can be used in per-directory context for
-      reconfiguration. But it's tagged experimental because SSLeay/OpenSSL
-      still lacks real support for this. So an ugly kludge has to be done to
-      support these two directives, too.
-      
-   *) Give out more information on "Certificate Chain too long" error message.
-
-   *) Moved SSLeay/OpenSSL specific stuff to the new source files
-      ssl_util_ssl.[ch]. !! ATTENTION: NOW SSLeay 0.9.0 or OpenSSL IS NEEDED
-      !!  Because the new internal structures need at least SSL_get_ex_data()
-      and SSL_set_ex_data() and those are not supported in SSLeay 0.8.x.  So
-      we removed all remaining support for SSLeay 0.8.0. OTOH that's no
-      problem, because SSLeay 0.8.x is known to be unstable, so it's
-      reasonable to remove support for it also for other reasons.
-
-   *) Added a second SSL context variable which holds (with a delay) a pointer
-      back to the request_rec structure in Apache.  This is needed to reach
-      the per-directory configuration parameters.
-   
-   *) Updated the User Manual for mod_ssl 2.2
-
-   *) Added SSL_EXPERIMENTAL rule to Configuration.tmpl which
-      can be used to enable (APACI: ``--enable-rule=SSL_EXPERIMENTAL'')
-      experimental code inside mod_ssl. Code is declared experimental unless
-      it is proofed to be stable by the users.
-
-   *) Replaced the GNU Bison generated ssl_expr_parse.[ch] files with variants
-      generated by BSD Yacc. This way we have more portable source because BSD
-      Yacc doesn't used alloca() and other tricks. This especially should
-      solve the problems under HP/UX.
-
-   *) Updated INSTALL file for recent changes and fixed a few typos there.
-
-   *) Add a SSL_SDBM rule to Apache's Configuration.tmpl which can be used
-      (APACI: ``--enable-rule=SSL_SDBM'') to force mod_ssl to built with the
-      built-in SDBM instead of the custom defined (DBM_LIB) or vendor supplied
-      DBM library. This is especially useful when the vendor DBM library is
-      buggy or restricts the data size too dramatically (BTW, Berkeley-DB/1.x,
-      Berkely-DB/2.x and GDBM based DBM libraries are ok, because they allow
-      unlimited data size).
-   
-   *) Enlarge the SDBM pag/dir blocksize from 1KB/4KB to 8KB/32KB to make sure
-      SDBM really can deal with SSL sessions containing long certificate
-      chains. !! ATTENTION: THIS MEANS THAT YOU'VE TO ONCE REMOVE THE FILE YOU
-      CONFIGURED WITH SSLSessioCache WHEN SDBM WAS USED AND YOU UPGRADE TO
-      THIS OR A LATER mod_ssl VERSION, BECAUSE THE INTERNAL LAYOUT CHANGED. SO
-      THE FILE HAS TO BE RECREATED WITH THE NEW LAYOUT !!
-
-   *) Make the DBM based session cache more robust by using additional error
-      situations. This should fix some observed core dumps on Linux boxes
-      where the vendor DBM library returned strange values.
-
-   *) Fixed configuration handling for global directives: Now the correct
-      memory pools are used and after the first configuration round the global
-      configuration structure is locked.
-
-   *) Added a new `SSLRandomSeed' directive for explicit seeding the Pseudo
-      Random Number Generator (PRNG) of the SSL library on server startup
-      and/or connection establishment time. The intent is that this way the
-      PRNG is better initialized and this way the security of the generated
-      SSL protocol ingredients are more secure (because less predictable). For
-      maximum flexibility you can use three seed sources: an internal source,
-      an external file or an an external program. And you can specify one or
-      more such sources, of course. For instance under a FreeBSD box you can
-      now use the following: 
-
-          SSLRandomSeed startup builtin
-          SSLRandomSeed startup exec:bin/truerand 16
-          SSLRandomSeed startup file:/dev/random  512
-          SSLRandomSeed startup file:/dev/urandom 512
-          SSLRandomSeed connect builtin
-          SSLRandomSeed connect file:/dev/random  512
-          SSLRandomSeed connect file:/dev/urandom 512
-
-      This would at server startup-time seed the PRNG first with a few bytes
-      from the internal source, plus 16 bytes read from stdout of the
-      `truerand' utility (which is based on the AT&T truerand library and can
-      be found in the mod_ssl distribution under pkg.contrib/), plus up to 512
-      bytes from the /dev/random device (it usually only returns a maximum
-      number of bits of randomness currently contained in the device entropy
-      pool) plus 512 bytes from the /dev/urandom device (which usually returns
-      as many bytes as requested, but of low random-quality). Additionally
-      before any new SSL connection is established the PRNG is again seed from
-      the internal source plus up to 512 bytes from /dev/random and plus 512
-      bytes from /dev/urandom. This should give an adequate seed for the PRNG
-      used for generating the SSL protocol ingredients.
-
-   *) Removed some unneccessary defines for `index' and `rindex'
-      in etc/patch/config.h which caused problems under AIX.
-   
-   *) Changed a misleading sentence about RSAref in INSTALL
-
-   *) Overtake the idea of Apache-SSL 1.30 to log SSL errors also directly
-      after SSL_read/SSL_write. This way those error messages should no longer
-      be missed.
-
-      ____    _ 
-     |___ \  / |
-       __) | | |
-      / __/ _| |
-  __ |_____(_)_| _____________________________________________
-
-  Changes with mod_ssl 2.1.8 (11-Jan-1999 to 21-Jan-1999)
-   
-   *) Added an additional variable REQUEST_SCHEME which can be used for in
-      SSLRequire, RewriteCond, RewriteRule, etc.  to forward or redirect
-      HTTP/HTTPS requests with the incoming URL scheme.
-
-   *) Surrounded ap_hook_[un]register() calls with wrapper macros to
-      implicitly cast the function pointers to void pointers, because strict
-      ANSI C requires this.
-
-   *) Added AP_HOOK_ALL support which can be used to call all registered
-      callback-functions for a hooks, independent of any decline value.
-      This will be used in the future by forthcoming features.
-
-   *) Fixed a potential security hole: Both the SSLMutex and SSLSessionCache
-      files are now created without read access for the group and others.
-
-   *) Fixed a typo in the SSL logfile hints and in the terminal
-      message displayed for the `make certificate' step.
-
-   *) Under Extended API situations we now replace the module magic cookie
-      "AP13" with "EAPI" to let us later distinguish between the EAPI-aware
-      module structures (which contain additional pointers at the end) and
-      standard module structures (which lack at least NULL's for the pointers
-      at the end of the structure). This is important because standard
-      ("AP13") modules would dump core when we dispatch over the additional
-      hooks because NULL's are missing at the end of the module structure. 
-
-      But we now to the following: We allow _both_ types of modules to be
-      loaded by mod_so, but dispatch over the EAPI hooks only when the module
-      magic cookie indicates "EAPI".  This way an Apache+EAPI server can load
-      module DSOs built with a plain Apache. That's important to allow people
-      for instance use mod_coldfusion (which is available only as a pre-built
-      DSO!) or allow the Debian package maintainers to finally build their
-      Apache package with EAPI without the need to upgrade all other module
-      packages at the same time.
-
-   *) The SSLMutex filename now is internally extended to contain the PID of
-      the Apache parent process to make the file unique across different
-      server instances. That's the same approach Apache already uses for the
-      accept mutex lockfile.
-
-   *) We now replace the MODULE_MAGIC_COOKIE ("AP13") with "EAPI" under -DEAPI
-      to make sure that mod_so only loads modules which were really compiled
-      with -DEAPI. Because else NULL's at the end of the module structure are
-      missing, which always will leads to core dumps when the Apache core
-      dispatches over it.
-
-   *) Removed hints to the test suite in INSTALL.Win32 because under this
-      platform there are more test suite problems before the tests can be
-      really reasonable.
-
-   *) Now mod_rewrite's %{XXXX} construct can also "magically" expand all
-      variables known to mod_ssl, i.e.  especially the SSL_XXXX variables.
-      This way you can use the same variables in a RewriteRule or RewriteCond
-      you're used to use in a SSLRequire directive.
-
-   *) Fixed a few type problems in ca-fix.c which caused strict ANSI C
-      compilers (not GCC) to complain and fail.  This especially fixed the
-      problems under AIX 4.2
-
-   *) Fixed a syntax problem GCC and VC++ never complained about: A trailing
-      comma on the last element of an enumeration declaration is not allowed,
-      of course.
-
-   *) Changed the EAPI usage inside mod_log_config.c to no longer store a
-      foreign function pointer (which belongs to mod_ssl) into internal
-      structures (because when mod_ssl is unloaded during restarts they evolve
-      into dangling references).
-
-   *) Cleaned up the verbose output of configure & configure.bat
-      and added also support for -v to configure.bat.
-
-   *) Make sure mod_ssl's configure script stops with an error
-      when Apache's configure (APACI) script stopped with an error.
-
-   *) Overtake the important idea from Khimenko Victor's EAPI variant to
-      _un_register EAPI hooks for the various modules when the module is
-      unloaded (DSO!). Without this dangling references occur inside the EAPI
-      hook lists which can cause core-dumps.
-
-   *) Fixed the %{errstr}c function provided for mod_log_config
-      and let %{errcode}c always expand to "-".
-
-   *) Fixed the self-referencing hyperlink in ssl_overview.html
-
-  Changes with mod_ssl 2.1.7 (06-Jan-1999 to 11-Jan-1999)
-
-   *) Fixed APXS support for configure script: The --with-apxs was broken when
-      `apxs' wasn't in the PATH.
-
-   *) Added hint for DSO/PIC-situation to the INSTALL file.
-
-   *) Changed the "you're speaking HTTP to the HTTPS port" error message from
-      HTTP_INTERNAL_SERVER_ERROR to BAD_REQUEST, because first BAD_REQUEST is
-      more correct and HTTP_INTERNAL_SERVER_ERROR from Apache 1.3.4 on no
-      longer displayed the "error-note".
-
-   *) Now finally use LIBS_SHLIB for APXS support (because Apache 1.3.4's apxs
-      is fixed) and also query the target name and no longer hard-code
-      "httpd".
-
-   *) Upgraded to Apache 1.3.4
-
-   *) Now the client IP and server virtual host id are displayed
-      in addition to the general handshake failure logfile message to make it
-      more meaningful inside the Apache error_log (where no SSL context is
-      given).
-
-   *) Remove the ca-fix "-pathlen 0" option in mkcert.sh when creating the
-      server cert. It's only useful for the CA certs.
-
-  Changes with mod_ssl 2.1.6 (02-Jan-1999 to 06-Jan-1999)
-
-   *) Be even more conservative and correct when aborting a connection: We now
-      set the conn_rec->aborted flag in addition to blocking the
-      connection/socket buffer.
-   
-   *) Added some sort of downgrading support to the logging function to no
-      longer create messages like "(SSLeay error follows)" although no such
-      message follows (because SSLeay has no one). The same is done for the
-      System/errno related messages.
-
-   *) Removed direct fiddling with the BUFF->flags stuff. Instead we now use
-      the API conforming way via ap_bsetflag().
-
-   *) Added timeout support for the SSL handshake phase. The timeout in
-      seconds is the same as configured with the standard Apache "Timeout"
-      directive for the HTTP request phase. This way one can defend against
-      special DoS attacks (where the attacker just establishes a lot of
-      parallel connections but doesn't send data) to the HTTPS port the same
-      way one can already do it for the HTTP ports.
-
-   *) Fixed a display error in the `debug' dump messages and made
-      the debug dumping more robust by explicitly checking for the case where
-      SSLeay gives us either a NULL memory pointer or a memory length of -1.
-
-   *) Fixed the "Exit: ..." trace messages: They wrote out an (unnecessary)
-      additional newline which optically broke the tracing messages.
-
-   *) Fixed the "you're speaking HTTP to the HTTPS port" error handling.
-      mod_ssl caused a core dump of the Apache child because the request
-      processing functions were not aware that a dynamically downgraded (from
-      HTTPS to HTTP) request can exists for error sitiations.
-
-   *) Added the EAPI functions to src/support/httpd.exp which is needed to
-      compile mod_ssl as a DSO under the most non-smart linker: AIX' ld.
-
-   *) Fixed internal `host:port' based identification of virtual servers which
-      caused problems under specific Listen/<VirtualHost> configuration
-      variants where an implicit port was used. Additionally we now no longer
-      patch the server_rec->port variable of Apache. Instead we leave it as is
-      and on-the-fly make our decisions.
-
-   *) Fixed APXS/EAPI-related error message in the configure script.
-
-   *) More OpenSSL support: Recognize the forthcoming `openssl' program in
-      addition to `ssleay' when searching for the command line tool.
-
-  Changes with mod_ssl 2.1.5 (23-Dec-1998 to 02-Jan-1999)
-
-   *) Fixed virtual host configuration merging by removing 
-      the default value for SSLCertificateFile.
-
-   *) Replaced index() (non-POSIX) with strchr() (POSIX) function
-      because it doesn't exists under the Win32 environment.
-
-   *) Fixed SSLPassPhraseDialog argument processing: exec:/path/to/program
-      argument variant was not parsed correctly.
-
-   *) Let EAPI hooks also be added to the APXS generated
-      sample module (`apxs -g -n foo').
-
-  Changes with mod_ssl 2.1.4 (05-Nov-1998 to 23-Dec-1998)
-
-   *) Added the support for OpenSSL (see http://www.openssl.org/), 
-      the Open Source successor of SSLeay. The package name is no longer
-      hard-wired and so both the HTTP Server field and the logfile entries
-      correctly reflect the name OpenSSL, too.
-
-   *) Changed the EAPI hook `rewrite_command' from
-      ``char *(*rewrite_command) (cmd_parms *, const char *)'' to 
-      ``char *(*rewrite_command) (cmd_parms *, void *config, const char *)''
-      to allow modules to also access the config structure.
-
-   *) Added two AddType directives to httpd.conf-dist for
-      loading .crt and .crl files into Netscape Communicator.
-
-   *) Added an entry about the Wassenaar Agreement to the mod_ssl FAQ. In
-      short: both mod_ssl and SSLeay are not affected by the Wassenaar
-      Agreement.
-
-   *) Added a few more backslashes to the INSTALL step-by-step lists
-      to make it more clear which commands are on the same command
-      line and which are separate commands.
-
-   *) Added `Year 2000' and `Netscape Lock Icon' entries to the FAQ and fixed
-      a few layouting bugs in the FAQ.
-
-   *) Lot's of cleanups to make the source more accurate and to remove
-      thread-unsafe stuff. Especially all global mc->rCtx.pConn and
-      mc->rCtx.pServ references are now gone. Additionally the SSLeay app_data
-      facility is used whereever possible to walk from SSLeay data structures
-      to Apache data structures without the need of global variables.
-
-   *) Cleaned up and enhanced the README.GlobalID document with more
-      information about the Global ID stuff with the help of 
-      additional hints from Dr Stephen N. Henson.
-
-  Changes with mod_ssl 2.1.3 (03-Nov-1998 to 05-Dec-1998)
-
-   *) Added APXS support: By using the --with-apxs option you can now easily
-      upgrade the libssl.so file through a stand-alone build process as long
-      as you actually use DSO and EAPI doesn't change. In other words, a
-      simple `./configure --with-apxs=/path/to/apache/sbin/apxs
-      --with-ssleay=/path/to/your/ssleay; make install' can be used to upgrade
-      the /path/to/apache/libexec/libssl.so.
-
-   *) Added support documenation, programs and scripts for the `Global Server
-      ID' facility as README.GlobalID, pkg.contrib/gid-mkcert.sh,
-      pkg.contrib/gid-tagcert.c and pkg.contrib/loadcacert.cgi. This way
-      people can setup their own private `Global Server ID' stuff :)
-
-   *) Allowed SSL renegotiations initiated by the client.
-      This especially adds support for Verisign's `Global Server ID' facility
-      where Netscape Communicator does a renegotiation to upgrade the SSL
-      connection parameters (the cipher) from 40-bit to 128-bit encryption.
-
-   *) Fix typo in httpd.conf-dist: `</Location />' -> `</Location>'
-
-   *) Added new README.dsov.{fig,ps} files: They are intended for those people
-      who want to hack theirself inside the mod_ssl source. The figure
-      provides two diagrams which show the lifetime and chaining of the
-      various Apache, mod_ssl and SSLeay data structures which are used inside
-      mod_ssl.
-
-   *) Cleaned up some documents.
-
-   *) Cleaned up ssl_engine_compat.c a little bit more...
-
-  Changes with mod_ssl 2.1.2 (30-Nov-1998 to 03-Dec-1998)
- 
-   *) Let `httpd -V' show `-D EAPI', too.
-
-   *) Fixed again the DBM library determination inside libssl.module: A syntax
-      error caused the fallback (SDBM) to be never used which leaded to
-      problems on systems where no DBM library exists.
-
-   *) Added a check to libssl.module: It now complains with
-      a warning when SSLeay 0.8 is used because of the known problems (core
-      dumps on large files, etc.) with these versions.
-
-   *) Slightly changed mod_ssl's configure hints displayed as the last step.
-
-   *) Removed internal OPTIONAL_SSL stuff which was inherited from Apache-SSL.
-      I currently cannot see a good reason for allowing subrequests to disable
-      SSL, so kick out this stuff.
-
-   *) Extended Chapter 5 (FAQ List) of the User Manual.
-
-   *) Added the Website META Language (WML) sources for the User Manual to the
-      distribution: This way all sources are available to the user community.
-     
-   *) Removed one last reference to SSLCACertificateReqFile inside the 
-      httpd.conf-dist file.
-
-  Changes with mod_ssl 2.1.1 (17-Nov-1998 to 30-Nov-1998)
-
-   *) Fixed typos in pass phrase dialog.
-
-   *) Added support to APACI for overriding the conf/ssl.crt/server.crt
-      default certificate path.
-
-   *) Added another logging level `trace' (between `info' and `debug')
-      and converted all existing `debug' messages to this level.  Additionally
-      the internal SSLeay processing is now logged to this level, too.  The
-      `debug' level now consists of deepest-level I/O dumps where you can even
-      see every read/write byte on the BIO (the buffer above the SSL record
-      layer).
-
-   *) Changed buffer I/O: Previously NO_WRITEV was forced
-      because there is no real SSL_writev() available.  But the drawback of
-      this was that writev() (which nevertheless is available on mostly all
-      platforms) wasn't used for non-SSL requests. The result was bad network
-      I/O performance when Apache was built with EAPI/mod_ssl. This is now
-      changed: When writev() is available it is used for non-SSL requests
-      (this way we gain maximum performance) while for SSL requests the output
-      is still done via SSL_write().
-
-   *) Fixed DBM library determination and build. This especially fixed the
-      problems with DSO support under Linux platforms where libdbm was
-      previously not linked against libssl.
-
-   *) Added a README.Patents document to the distribution
-      which tries to explain some RSA patent issues.
-
-   *) Fixed Thawte sxnet stuff to work with recent EAPI changes.
-
-   *) Fixed documentation: X.509 field was incorrect: SP -> ST.
-
-   *) Fixed SSL support for mod_proxy: It was broken because
-      the "ssl_enable" ctx-flag was set too late.
-
-   *) Ported a recent change in Apache-SSL 1.29 to mod_ssl:
-      ``Send CA list to client when SSLCACertificatePath is used (this was
-      only done for SSLCACertificateFile up to now)''. I've implemented it
-      with a new ssl_init_FindCAList() function in ssl_engine_init.c where the
-      main difference is that it _merges_ the list entries from both
-      directives together while in Apache-SSL the SSLCACertificatePath would
-      override the SSLCACertificateFile for this list generation. I use them
-      in parallel for the list generation (by merging their entries) because
-      they are used in parallel by SSLeay under the verification process, too.
-      Additionally I've now removed SSLCACertifiateReqFile because it was
-      oversize.
-
-   *) Added a similar SSL_accept() check as was recently added to Apache-SSL
-      1.29, but in a different way: Under the SSL_ERROR_ZERO_RETURN error
-      don't log it as an error. A "info"-level log entry is enough.
-    
-   *) Extended the Compatibility chapter of the User Manual to now also
-      contain information about environment variable derivation.
-
-   *) Overhauled the SSL part in the http.conf-dist file.
-
-   *) Fixed pkg.sslcfg/ssl.key/server.key: It contained a dummy key 
-      instead of the intended dummy text "THIS FILE SHOULD ...".
-
-   *) Fixed httpd.conf-dist: The SSLRequire is only allowed in
-      <Location> or <Directory> sections there.
-   
-   *) Fixed documentation: sign.sh instead of ca.sign, SSLRequire uses
-      braces and not parenthesis for word groups, etc.
-   
-   *) Use the commonly used .crt extension also in the sign.sh script
-
-   *) Fixed backward compatibility code: half-way matching could occur (Sioux'
-      "RequireSSL" matched the correct "SSLRequireSSL" and leaded to
-      "SSLSSLRequireSSL") and the SSLRequireCipher/SSLBanCipher directives
-      were not matched correctly.
-
-   *) Don't do I/O read-aheads in SSLeay under Win32 because it's not safe
-      for this platform (we use select() there).
-
-   *) Fixed two memory leaks in ssl_engine_var.c by copying over
-      malloc-allocated buffers from X509_NAME_oneline() to Apache
-      pool-allocated buffers.
-
-   *) Fixed RSAref handling: the -L path to the librsaref.a library 
-      file was configured incorrectly (a bogus "/lib" was there)
-
-   *) Fixed some ANSI C portability issues which popped up with IRIX vendor
-      compiler while good-old GCC was happy. This way other compilers should
-      be quiet now, too.
-
-   *) Added notice and workarounds for RSAref portability problem to the
-      INSTALL document. This is especially important to people using platforms
-      with non-Intel CPUs (like the Alpha-boxes of DEC).
-
-  Changes with mod_ssl 2.1.0 (15-Nov-1998 to 17-Nov-1998)
-
-   *) Updated all distribution documents for the final release.
-
-   *) Fixed configure.bat script: It failed for version strings like 2.1.0 (no
-      "b" for beta contained), failed to patch Apache's src/Makefile.nt file
-      correctly and used not necessary options in nmake calls.  Additionally
-      it now creates .orig files for the patched DevStudio Makefiles, too.
-
-  Changes with mod_ssl 2.1b9 (04-Nov-1998 to 15-Nov-1998)
-
-   *) Replaced the pkg.ssldoc/* stuff with the new mod_ssl 2.1 User Manual.
-
-   *) Fixed patching of Makefile.nt under Win32.
-
-   *) Changed test `-e' option to more portable `-r' option.
-
-   *) Fixed again the init round handling: The SSLeay initialization
-      has to be done _every_ time under DSO/DLL situation because
-      there SSLeay is part of the mod_ssl DSO/DLL which is re-loaded.
-
-   *) Under DSO situation the LoadModule directive for libssl.so
-      is now surrounded by <IfDefine SSL>, too. This way when
-      -DSSL is not used not even the module is loaded.
-
-   *) Replaced the last global var (ssl_ModConfig) with an ap_global_ctx
-      based approach. This way thread-safety for Win32 and Apache 2.0 
-      can be made more easily.
-
-   *) Added compile time check for EAPI: 
-      mod_ssl now can only be compiled when EAPI is active.
-
-   *) Forward port from 2.0 branch:
-      Now SSLVerifyDepth defaults to 1 and this means the client certificate
-      has to be signed directly by the root CA. The verify depth now is the
-      max number of CAs which are checked: 0 = self-signed only, 1 =
-      self-signed or signed by root-CA, 2 = signed by root-CA or signed by a
-      CA which is signed by the root-CA, etc.
-
-   *) Forward port from 2.0 branch:
-      Now SSLSessionCacheTime defaults to 300s.
-
-   *) Forward port from 2.0 branch:
-      Fixed RSAref instructions in INSTALL file and added more support for
-      implicitly finding the RSA_BASE to the libssl.module script.
-
-   *) Added a SSL_COMPAT configuration rule which is enabled per
-      default. But when you disable it via --disable-rule=SSL_COMPAT the
-      backward compatibility code is not build into mod_ssl.  This provides a
-      little bit better performance for those people who don't need the compat
-      stuff. 
-
-   *) Removed the patch from mod_auth.c by not spreading the -I option for
-      SSLeay. Because with the EAPI only the mod_ssl needs to include SSLeay
-      headers. So we no longer have a conflict with the vendors
-      crypt.h stuff ;-)
-
-   *) Moved the patch from ap_config.h into libssl.module.
-
-   *) Overhauled the mod_ssl distribution tree: Now four packages exists
-      (eapi, sslmod, ssldoc, sslcfg, sslsup) and each contains the patches and
-      corresponding files. Especially the EAPI stuff is now stand-alone and
-      doesn't contain any crypto-related stuff.
-
-   *) Fixed version parsing in configure.bat script (Win32)
-
-   *) Fixed default value for SSLCertificateFile directive.
-
-   *) Added real contents for the environment variable mapping. Now all
-      Apache-SSL 1.x and mod_ssl 2.0.x and the most important Stronghold 2.0.x
-      variables (the ones corresponding to certificate DN fields) are mapped
-      to mod_ssl 2.1 variables.
-
-   *) Added on-the-fly mapping for the Apache-SSL 1.x and mod_ssl
-      2.0.x SSLRequireCipher and SSLBanCipher directives.
-
-   *) Added a useful SSL_CIPHER_EXPORT variable.
-
-   *) Fixed compatibility on-the-fly directive mapping: Now comment and blank
-      lines are correctly recognized by the mapping mechanism so the user no
-      longer gets confusing warnings about obsolete directives when they still
-      occured in comments.
-
-   *) Fixed complex situation where the SSL logfile cannot be opened but the
-      error message should be still logged: to the Apache general error log.
-
-   *) Forward port from 2.0 branch:
-      Make sure the mkcert.sh can only be used by `make certificate' _inside_
-      the Apache source tree.
-
-  Changes with mod_ssl 2.1b8 (30-Oct-1998 to 04-Nov-1998)
-
-   *) Replaced the per-server context Fake-Basic-Authentication stuff with a
-      per-directory mechanism which can be now enabled on-demand and on a
-      per-directory basis with `SSLOptions +FakeBasicAuth'. This way the
-      `Cert-Subject-DN to Basic-Auth-Username' mapping is more useful to the
-      users. The SSLFakeBasicAuth directive was removed. But the mod_ssl
-      compatibility code automatically maps Apache-SSL's `SSLFakeBasicAuth'
-      directive to `SSLOptions +FakeBasicAuth' on-the-fly.
-
-   *) Added support for exporting the client and server certificates
-      (not the CA chain; currently only the end certificates) via `SSLOptions
-      +ExportCertData' in PEM format through the environment variables
-      SSL_SERVER_CERT and SSL_CLIENT_CERT.  This way we bloat up the
-      environment with certificate stuff only on demand. Additionally the
-      mod_ssl compatibility code automatically maps Apache-SSL's new
-      `SSLExportClientCertificates' directive to `SSLOptions +ExportCertData'
-      on-the-fly.
-
-   *) Added backward compatibility mappings for environment variables
-      of Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x (where
-      possible). This can be now enabled by the user on-demand via `SSLOptions
-      +CompatEnvVars' - typically inside the .htaccess context of a CGI
-      script. This way we bloat up the environment with compat stuff only on
-      demand.
-
-   *) Added a generic `SSLOptions [+-]option [...]' directive which can be
-      used in the `Options' context, i.e. _everywhere_. It is intended to
-      control various SSL engine parameters.
-
-   *) Enhanced the `make depend' author Makefile target: Now dependencies are
-      also generated for .lo files (DSO object files). This way Make recogizes
-      the dependencies also under the DSO situation.
-
-   *) Now under `make certificate' an interactive prompt is given which asks
-      whether the private key should be encrypted (the default) or not.  This
-      way it's a little bit easier to setup test servers, at least for me ;-)
-
-   *) Make sure all filenames can be ServerRoot relative _and_ get checked for
-      existence directly inside the directive handlers (and not under
-      request-time).
-
-   *) Changed per-directory directives SSLRequireSSL and SSLRequire from
-      `FileInfo' to `AuthConfig' context (see AllowOverride), because they are
-      really authentication directives.
-
-   *) Replaced hard-coded r->server->is_virtual and similar checks with more
-      API-like ap_check_cmd_context()-based checks. Also added some more
-      configuration checks to make sure directives cannot be placed into the
-      wrong context.
-
-   *) Added a special kludge for the GCC+DSO situation to libssl.module: Under
-      some platforms (like Solaris) libssl.so has to be explicitly linked
-      against the libgcc.a in order to resolve internal symbols.
-
-   *) Made a lot of coding style cleanups in the ssl_expr_*.c sources.
-
-   *) Fixed a nasty bug in ap_hook_use() and ap_hook_call().
-
-   *) Backport from 2.0 branch:
-      Upgraded to included Thawte Strong Extranet sources (ssl.contrib/sxnet/)
-      from version 1.2.2 to the current 1.2.3.
-
-   *) Backport from Apache-SSL:
-      Incorporation of recent Base64 (uuencode) encoding bugfixes.
-
-   *) Added more hints about EAPI and upgrade problems with DSO/DDLs
-      to the INSTALL and INSTALL.W32 files.
-
-   *) Changed the building of mod_ssl under Win32 from static (.LIB)
-      to dynamic (.DLL), i.e. mod_ssl is now build as a stand-alone Win32 DSO
-      (DLL in Windows terms) containing SSLeay instead of statically linked
-      into the apache.exe binary.
-
-  Changes with mod_ssl 2.1b7 (09-Oct-1998 to 30-Oct-1998)
-
-   *) Fixed DBM access stuff: An invalid argument was given by the
-      NDBM emulation layer of DB under FreeBSD 2.2.6.
-
-   *) Moved all Crypto/SSL stuff from mod_log_config.c, mod_proxy.c and
-      proxy_http.c to the new ssl_engine_ext.c file. Now SSLeay is _ONLY_
-      needed for linking the mod_ssl code itself. There is no more any SSLeay
-      symbol reference outside mod_ssl.
-
-   *) Rewrote the ap_hook mechanism to provide support for loosly coupling
-      modules together, too. Also support is now provided for up to 8
-      arguments in function signatures.
-
-   *) Added support for a SSL Product ID. To the mod_ssl/x.x.x-y.y.y 
-      string inside libssl.version you now can append a string <product>/x.x.x
-      and then you get -DSSL_PRODUCT=<hex-value-of-x.x.x>,
-      -DSSL_PRODUCT_NAME="<product>", -DSSL_PRODUCT_VERSION="x.x.x" and a HTTP
-      Server field similar to this one: ``Server: Apache/1.3.3 (Unix)
-      MyStuff/1.0.0 mod_ssl/2.1b7 SSLeay/0.9.0b''. This can be used by RH SWS
-      or the other forthcoming mod_ssl based SSL product to add the version
-      string without patching ;-)
-
-   *) The ca-fix tool is now generated at the `make certificate' step
-      on-demand only because it's only needed here. And when mod_ssl is not
-      enabled this tool cannot be build at all (no SSLeay stuff known).
-
-   *) Created a new ssl_engine_io.c source file which now contains
-      all I/O and buffer related code, i.e. the new EAPI-based stuff plus
-      the Win32/SSLeay functions for buffer I/O.
-
-   *) Because with the help of the EAPI we were now able to add Dynamic Shared
-      Object (DSO) support for mod_ssl. For this the
-      src/modules/ssl/Makefile.tmpl, src/modules/ssl/libssl.module and
-      top-level configure files were adjusted.
-
-   *) Replaced SSL code inside mod_log_config.c with EAPI based
-      code which mainly tries to lookup mod_ssl variables. For this the
-      ssl_engine_vars.c stuff now exports the ssl_var_lookup() function as the
-      "ssl::var::lookup" hook.
-
-   *) Replaced all hard r->connection->client->ssl references with the
-      now loosely based ap_ctx_get(r->connection->client->ctx, "ssl").
-
-   *) SSL patches -> Generic Extended API patches:
-      Completely rewrote the Apache code patches: Instead of patching in SSL
-      specific hooks we now patch in an Extended API which provides mainly the
-      following new features:
-
-      - generic low-level hooks mechanism:
-        ap_hook_{init,kill},
-        ap_hook_{configure,register,unregister},
-        ap_hook_{configured,registered,call}
-
-      - buffer hooks:
-        ap::buff::{read,write,recvwithtimeout,sendwithtimeout}
-
-      - generic context mechanism:
-        ap_ctx_{new,set,get}
-
-      - structure context variables:
-        BUFF->ctx, conn_rec->ctx, request_rec->ctx, server->ctx
-        ap_global_ctx
-
-      - four new high-level module hooks: 
-        add_module, remove_module, 
-        rewrite_command, new_connection
-    
-      - a new function ap_add_config_define() which does what
-        option -D does on the command line.
-
-   *) Added new backward compatibility stuff to ssl_engine_compat.c:
-      We use wildcard configuration directive handlers which are used by us to
-      provide backward compatibility to old obsolete directives via on-the-fly
-      mapping. Those wildcard handlers are an additional (patched in)
-      functionality inside the Apache core, of course ;-)
-
-   *) Renamed snakeoil.{crt,key} to snakeoil-ca.{crt,key} and created a real
-      dummy server certificate/key pair as snakeoil.{crt,key} which is now
-      used under `make certificate TYPE=dummy'. This fixes the recently
-      occured problem where Netscape rejected the dummy certificates because
-      they had the CA flag set.
-
-   *) Fixed CRYPTO_malloc_init() call for Win32 environment.
-
-   *) Added a small stand-alone patch.exe (v2.1) to etc/patch/ for the Win32
-      port. This is now used per default by configure.bat, but the user can
-      override it with --with-patch=FILE as under Unix. This way the patching
-      problems caused by incompatible patch utils should be solved.
-
-   *) Fix pathname seperators (slashes) in Win32's configure.bat script
-      and make configure.bat script accept also Perl 5.003 because 5.004 is
-      not really needed.
-
-   *) Fix `uchar' redefinition problem under AIX.
-
-   *) Now a warning is done when HTTPS is configured on a HTTP port.
-
-   *) Added configuration parameter checks for various the directives.
-
-  Changes with mod_ssl 2.1b6 (01-Oct-1998 to 09-Oct-1998)
-   
-   *) Added a --expert option which disables the user hint messages.
-      This can be used by package maintainers to get rid of the final
-      configure messages.
-
-   *) Forward port from 2.0 branch:
-      Recreated the Snake Oil CA certificate: it's now a X.509 v3
-      certificate with the CA flag set and pathlen 0.
-
-   *) Forward port from 2.0 branch:
-      With special permission from Dr Stephen N. Henson his excellent ca-fix
-      program was now added to src/support/ and is used by
-      src/support/mkcert.sh (`make certificate') to fixup the generated
-      certificates. Especially X.509 v3 certificates can be now generated
-      where nsCertType and CA pathlen is correctly set. Additionally `ssleay
-      verify' and `ssleay ... -modulus' checks are performed to make sure the
-      generated certificates are valid.
-
-   *) Forward port from 2.0 branch:
-      Fixed portability problems with prop.sh aux script.
-
-   *) Fixed SSLeay memory setup for Win32 environment.
-
-   *) Upgraded to Apache 1.3.3.
-
-   *) Added a --force option to mod_ssl's configure script to let developers
-      apply mod_ssl also to different Apache versions (especially 1.3.x-dev
-      versions).
-
-  Changes with mod_ssl 2.1b5 (17-Sep-1998 to 01-Oct-1998)
-
-   *) Created a configure.bat script which tries to resemble the
-      Unix configure script. Enhanced the INSTALL.W32 document.
-
-   *) Incorporated the third feeback for the Win32 port from
-      Trung Tran-Duc <trung.tranduc@prague.ixos.cz>.
-
-   *) Incorporated the second cut of the Win32 port from
-      Trung Tran-Duc <trung.tranduc@prague.ixos.cz>. Now the buffer code is
-      finally SSL-aware and a Makefile.nt is provided to build the mod_ssl
-      sources into a DLL.
-
-   *) Replaced some ugly hacking for SSL_CLIENT_CERT_SERIAL
-      by a more safe and straight-foreward BIO based approach.
-      Additionally replaced BIO_ctrl stuff with BIO_pending.
-
-   *) Use a more graceful shutdown approach when the SSL handshake
-      or re-negotiation fails instead of immediately dropping the socket
-      communication.
-
-   *) Cleaned up the log messages and levels.
-
-   *) Fixed the "SSLVerifyType optional_no_ca" situation: The situation
-      has to be checked against more SSLeay errors, because under SSLv3
-      certificate chain loading leads to the presentation of the client CA
-      certs, too. Here SSLeay gives different errors.
-
-   *) Replaced the first cut of the `Recognize HTTP to HTTPS port' stuff with
-      the real (=clean) variant which doesn't use SSLeay internal hex values,
-      etc.
-
-   *) Upgrade from Apache 1.3.1 to Apache 1.3.2
-
-   *) Forward-port from 2.0 branch:
-      Changed HTTPS support in mod_proxy: the ap_proxy_http_handler() function
-      is (illegally because of DSO, of course) called used by third-party
-      modules (like Apache::Proxy). So make make sure we don't change the
-      signature of this function.
-
-   *) Forward-port from 2.0 branch:
-      Added answer to FAQ `Why is client auth broken after upgrading from
-      SSLeay 0.8 to 0.9'. Because of the changed hash algorithm used for the
-      symlinks.
-
-   *) Forward-port from 2.0 branch:
-      Now when `make certificate TYPE=custom' is used the generated
-      ca.crt/ca.key files are installed, too.
-   
-   *) Forward-port from 2.0 branch:
-      Make sure mkcert.sh removes temporary files after work.
-
-   *) Enhanced the ssl.crt/Makefile: now <hash>.N extensions are
-      created when conflicts occur and not only <hash>.0 
-
-   *) Included a first cut of a port to the Win32 platform by
-      courtesy of Trung Tran-Duc <trung.tranduc@prague.ixos.cz>.  Up to know
-      these are only source changes to make it compile under Win32. No support
-      for the build process itself (Makefiles, etc.). But the port already
-      runs on Trung's Windows NT box.
-
-   *) Forward port from 2.0 branch:
-      Enhanced the INSTALL file: Now an example section describes the
-      installation with mod_perl and PHP3. Beside this some bugs were fixed
-      and some more NOTEs were added.
-
-  Changes with mod_ssl 2.1b4 (08-Sep-1998 to 17-Sep-1998)
-
-   *) Now mod_ssl is more friendly to the typical user error: Using HTTP
-      instead of HTTPS to access an SSL-server. In the past the client has
-      just seen an I/O error which often confused a lot of people (including
-      the author of mod_ssl ;-). Now when the SSL_accept of SSLeay fails
-      mod_ssl recognizes the fact that SSLeay already recognized the HTTP
-      protocol. Then mod_ssl does a trick: It does some sort of a request
-      roll-back: It reads the remaining bytes of the request, fakes it with an
-      own error-request, lets Apache process this error-request and finally
-      puts out a HTML error page with a clear description of the problem plus
-      a hyperlink to the HTTPS URL. Currently this check works only with
-      SSLeay 0.9 until the error code determination can be made more general.
-
-   *) Fixed session cache timeout calculation.
-
-   *) Fixed session cache DBM file initialization.
-   
-   *) Forward port from 2.0 branch:
-      Make the SSL_HOOK_SetupConnection more robust. 
-
-   *) Forward port from 2.0 branch:
-      Added checks to APACI to automatically disable DSO for mod_proxy and
-      mod_log_config when SSL is used (because they have to be built against
-      SSLeay which is not supported in Apache 1.3.1). But we allow the user to
-      explicitly use --enable-shared=.., but then at least he gets a warning.
-      This way we protect the average user but don't hurt the experts.
-      Especially with Apache 1.3.2 the experts want to use
-      --enable-rule=SHARED_CHAIN for linking the DSO's against SSLeay.
-
-   *) Forward port from 2.0 branch:
-      Renamed `aux' directory to `etc' because `aux' is a special name under
-      Windows filesystems (and people at least wanted to extract the stuff
-      under windows).
-
-   *) Forward port from 2.0 branch:
-      Added Thawte's Strong Extranet module (mod_sxnet.c) to
-      the ssl.contrib area. This module can be used together
-      with mod_ssl.
-
-   *) Forward port from 2.0 branch:
-      In order to
-      - reduce the confusion with sslcerts/server.pem and sslkeys/server.pem
-      - provide less-problematic non-self-signed certificates on `make certificate'
-      - prepare for mod_ssl 2.1 and the forthcoming client auth & CA scripts 
-      the following cleanups were done:
-
-      1. The files for the SSL certificate system are now stored in the
-         following thee subdirs of the configuration directory:
-         ssl.crt/ ...... contains the X.509 certificate(s)
-         ssl.csr/ ...... contains the X.509 certificate signing requests(s)
-         ssl.key/ ...... contains the RSA private key(s)
-         Each directory contains a README file which describes the purpose and
-         the contents.
-
-      2. A ssl.crt/snakeoil.crt and ssl.key/snakeoil.key demo CA certificate
-         and key is distributed with mod_ssl which is used to sign the test
-         certificates the `make certificate' target creates.  This avoids the
-         problems with MSIE users because MSIE doesn't like self-signed
-         server-certificates very well.
-
-      3. A ssl.crt/ca-bundle.crt is now installed (but not enabled!) which
-         contains all 33 CA root certificates of known public CAs.  They were
-         extracted from Netscape Communicator 4.06 with my certbundle stuff.
-
-      4. The `make certificate' command now can create four types
-         of certificate setups:
-         $ make certificate TYPE=dummy    (dummy self-signed Snake Oil cert)
-         $ make certificate TYPE=test     (test cert signed by Snake Oil CA)
-         $ make certificate TYPE=custom   (custom cert signed by own CA)
-         $ make certificate TYPE=existing (existing official cert)
-                CRT=/path/to/your.crt
-                [KEY=/path/to/your.key]
-         The default is TYPE=test which is equivalent to the old `make
-         certificate' with the exception that now the generated certificate is
-         no longer a self-signed one.  This overview text is also now
-         displayed under built-time.  When KEY is missing it is assumed that
-         it's present in the file from CRT and is extracted from there.
-
-      5. For consistency with 4.) the mod_ssl configure script now
-         uses --with-crt=FILE and --with-key=FILE options. When
-         --with-key is missing it is assumed that it's present in
-         the file from --with-crt and is extracted from there.
-
-   *) Forward port from 2.0 branch:
-      Changed the <VirtualHost> example in the conf/httpd.conf-dist file so it
-      now uses _default_ instead of the server name. This is more portable and
-      totally sufficient for our default configuration where only one virtual
-      host is present.
-
-   *) Fixed INSTALL document: rsaref.a has to be copied to librsaref.a
-
-   *) Totally revised my mod_sslcompat idea because it's not really
-      practical to have the backward compatibility stuff outside the standard
-      mod_ssl code. Another reason is that by including it again into the
-      mod_ssl stuff the code gets easier.
-
-   *) Fixed pass phrase dialog: The server name was always displayed
-      for a new pass phrase. 
-
-   *) Added support for the idea of SSL_CLIENT_CERT_CHAIN<N> variables (Mark
-      Shuttleworth, Thawte Consulting) which enables CGI scripts to verify the
-      client certificate chain up to the root:
-      SSL_CLIENT_CERT_CHAIN_0 = end entity cert
-      SSL_CLIENT_CERT_CHAIN_1 = issuer cert
-      SSL_CLIENT_CERT_CHAIN_2 = issuer's issuer cert ...
-      But because of problems with system resource limits this is currently
-      disabled.
-
-   *) Added support for automatically determining the DBM library. 
-      When a vendor DBM library is available we now use this one (because
-      typically this is a better and faster one than SDBM).  Only when no
-      vendor DBM library could be found we fallback to our built-in SDBM
-      library (which is slow, but portable).
-   
-   *) Splitted the mod_ssl.html document into smaller parts for easier
-      reading and maintaining. Same for the CHANGES file. The entries for
-      mod_ssl 2.0.x are now stores in CHANGES.20 while mod_ssl 2.1bx entries
-      are staying in the CHANGES file.
-
-   *) Fixed some pre-processor and variable declaration inconsitencies 
-      which forced portability problems under some non-GCC compilers.
-
-  Changes with mod_ssl 2.1b3 (06-Sep-1998 to 08-Sep-1998)
-
-   *) Removed a few unneccessary local buffer usages in the mod_ssl-related
-      code in mod_log_config.c.
-
-   *) Updated the documentation for the recent changes, especially for the new
-      SSLRequire directive and the new provided CGI/SSI variables. I've now
-      also added a new FAQ which tries to explain why SSL cannot be used
-      together with name-based virtual hosts (IP-based virtual hosts have to
-      be used).
-
-   *) Fixed ssl_log() (the function which is used produce all kinds of
-      SSL logfile messages): It failed for messages with "%" because
-      it insecurely used fprintf at some points.
-
-   *) Added --quiet|-q, --verbose|-v and --help|-h options to mod_ssl's
-      `configure' script for controlling the verbosity and for more user
-      friendlyness.
-
-   *) Now the mod_ssl `configure' script creates a `config.status' script as
-      APACI does. This can be used for re-configuring mod_ssl the same way one
-      does it for Apache.
-
-   *) The top-level APACI Makefile now gives a hint for `apachectl start-SSL'
-      (which internally uses the `httpd -DSSL' command).
-
-   *) Now on `make certificate' the hash symlinks in conf/sslcerts/ are
-      generated via the provided Makefile instead of directly linking (which
-      fails under some platforms).
-
-   *) Added boolean expression scanning/parsing/evaluation as ssl_expr_*
-      sources and a new SSLRequire directive which now uses this
-      functionality.  This directive can be used in both per-server and
-      per-directory context and has the syntax ``SSLRequire <expr>'' where
-      <expr> is defined as:
-
-        expr     ::= "true" | "false" 
-                   | "!" expr
-                   | expr "&&" expr
-                   | expr "||" expr
-                   | "(" expr ")"
-                   | comp
-        comp     ::= word "==" word | word "eq" word
-                   | word "!=" word | word "ne" word
-                   | word "<"  word | word "lt" word
-                   | word "<=" word | word "le" word
-                   | word ">"  word | word "gt" word
-                   | word ">=" word | word "ge" word
-                   | word "in" "{" wordlist "}"
-                   | word "=~" regex
-                   | word "!~" regex
-        wordlist ::= word 
-                   | wordlist "," word
-        word     ::= digit
-                   | cstring
-                   | variable
-                   | function
-        digit    ::= [0-9]+
-        cstring  ::= "..."
-        variable ::= "%{" [a-zA-Z][a-zA-Z0-9_-]* "}"
-        function ::= funcname "(" funcargs ")"
-
-      Here for %{XXXX} mostly _all_ possible server variables can be looked
-      up: the standard CGI variables, the SSL CGI variables, the internal
-      variables known from mod_rewrite, etc. pp. The intent is the following:
-      With <expr> one can specifiy an arbitrary complex boolean expression
-      which is evaluated under runtime. When it evaluates to "true" access for
-      the current request is granted. If it evaluates to "false" access for
-      the current request is denied. The main use for this is for flexible
-      certificate screening (because one can lookup all certificate X.509
-      fields via %{SSL_CLIENT_xxx}). But it can be used for other
-      authentication schemes, too.
-
-      This is now the general authentication workhorse. With it we were able
-      to remove the too special SSLRequireCipher and SSLBanCipher directives
-      because their functionalities are just special cases of a boolean
-      expressions:
-
-      SSLRequireCipher C1 C2 ... => SSLRequire %{SSL_CIPHER} in ("C1", "C2", ...)
-      SSLBanCipher     C1 C2 ... => SSLRequire not %{SSL_CIPHER} in ("C1", "C2", ...)
-
-      For mod_ssl 2.1.0 (the release version) the above mapping will be done
-      automatically on the fly by the backward-compatibility code.
-
-   *) Removed the __SSLeay prefix inside the source now that the function
-      prefixes are documented in the README file.
-
-  Changes with mod_ssl 2.1b2 (02-Sep-1998 to 06-Sep-1998)
-
-   *) Added the first cut of HTTPS support for the proxy module. This is
-      currently done by making the generic HTTP handler SSL-aware. But it
-      still doesn't provide support for client or server authentication nor
-      does it provide a way to configure it. Later we'll add perhaps
-      SSLProxyXXXXX directives to allow the users to configure the SSL client
-      inside the proxy.  But beside this it's full functional. One can use it
-      for proxying https://xxx URLs and also use `ProxyPass https://xxxx'.
-      (the sources of SSLeay's s_client and cURL were my friends ;-)
-
-   *) Replaced old kludges in mod_log_config.c and mod_ssl sources to
-      determine SSL protocol name with the clean SSL_get_version() which
-      already exists in SSLeay 0.8 and 0.9.
-
-   *) As a of the new ssl_var_lookup() the function ssl_ExpandCert() with the
-      old less-portable and unclean parsing stuff (parsed the DN into the
-      fields on a string basis instead of correctly determining the fields
-      from SSLeay structures) was kicked out and the environment annotation is
-      now done with generic variable lookups. 
-
-   *) Added a new source file named ssl_engine_vars.c which contains
-      a waterfall approach to expanding arbitrary server+SSL variables.  The
-      main function is ssl_var_lookup() which can operate in different
-      contexts. The idea is to resolve information mainly through this
-      function when it's required. Currently the usage is: logfile entries,
-      environment annotation. In the future this will be also used for the
-      SSLRequire directive.
-
-   *) Cleaned up the API command configuration and shortened the code by using
-      #defines. Additionally removed the polymorphic command handling
-      functions with real ones (less pointer arithmetic and preparation for
-      more config-time syntax checks).
-
-  Changes with mod_ssl 2.1b1 (26-Aug-1998 to 02-Sep-1998)
-
-   *) Again completely rewrote the pass phrase handling. This time because the
-      recent dicussions on the sw-mod-ssl mailing lists showed that the direct
-      caching of pass phrases under run-time and the forcing of the
-      administrator to use a single pass phrase for all private key files is
-      not really reasonable. Now the pass phrase handling looks this way:
-
-      1. A directive `SSLPassPhraseDialog builtin|exec:/path/to/program'
-         is used for configuring the pass phrase dialog. The `builtin' is a
-         terminal based dialog while `exec:/path/to/program' runs an external
-         program (which gets `servername:port' as the argument for which the
-         pass phrase has to be given on stdout).
-
-      2. The `builtin' terminal dialog is now a lot different:
-         First it detacts wrong pass phrases and gives reasonable error
-         messages and second it uses Holger Reif's maximum-reuse idea for the
-         pass phrase query:
-
-         When a private key file is encrypted, all known pass phrases (at the
-         beginner there are none, of course) are tried. If one of those known
-         pass phrases succeeds no dialog pops up for this file.  If none
-         succeeded, another pass phrase is queried and remembered for the next
-         round (where it perhaps can be reused).  This scheme allows mod_ssl
-         to be maximum flexible (because for N encrypted private key files you
-         _can_ use N different pass phrases - but then you have to enter all
-         of them, of course) while minimizing the dialog (i.e.  when you use a
-         single pass phrase for all N private key files this pass phrase is
-         queried only once).
-
-      3. After the pass phrase dialog the temporarily remembered pass phrases
-         are immediately wiped out from memory. Instead only the
-         SSLeay-internal representation of the RSA private key and the X.509
-         certificate are stored (as SSLeay already does itself). For this a
-         per-module global configuration pool is used which survives Apache
-         server restarts. This means that Apache will again no longer fall
-         down on restarts.
-
-   *) Beside the per-directory and per-server context configurations 
-      we now use a per-module global configuration pool which survives both
-      the Apache API 2nd init round and server restarts. This is done by using
-      an own permanent memory sub-pool. The idea for this tricky approach
-      which came from Philip Gwyn. This global configuration pool now holds
-      _all_ previous global variables (ssl_g_xxx). This way mod_ssl now uses
-      only a single global variable.
-
-   *) Added ssl_engine_ds.c source which contains new data structures (array
-      and table) which are based on Apache's API arrays but can contain
-      arbitrary data (important especially for the tables).
-
-   *) Removed all explicit ap_clear_pool() calls which are no longer
-      necessary because we already got rid of the gcache stuff
-      which required it.
-
-   *) Moved all pass phrase handling stuff into own file ssl_engine_pphrase.c
-      source file
-
-   *) Now the error messages which are duplicated to the general
-      Apache error logfile are prefixed with "mod_ssl:" there to
-      indicate from where they come.
-
-   *) Forward-port from 2.0.6: Added RSAref support for the US-citizens:
-      mod_ssl now automatically recognizes an SSLeay compiled with -DRSAref,
-      automatically finds libRSAglue and librsaref.a or rsaref.a.
-      Additionally beside SSL_BASE now the variable RSA_BASE can be used to
-      select a particular RSAref source tree (if not installed under system
-      locations).  This way mod_ssl provides out-of-the-box support for
-      SSLeay+RSAref.
-
-   *) Changed SSLSessionCacheDefault from 0 (none) to a reasonable
-      300s default.
-
-   *) The socket connection message in the SSL Engine logfile now
-      also displays the Cipher keysizes for even more information
-      about the connection.
-
-  Changes with mod_ssl 2.1b0 (17-Aug-1998 to 26-Aug-1998)
-
-   *) Added a few files to the distribution: First my PGP public key as
-      ssl.contrib/rse.pgp to the distribution so people can use it on
-      forthcoming releases to verify the tarballs signature. Second the files
-      WISHES and TODO which contain the mod_ssl wishlist and the ToDo-list for
-      2.1.0.
-
-   *) Finally fixed the SSL connection deallocation and removed the old
-      FREE_SESSION stuff.
-
-   *) Added support for annotating SSLeay error messages. Now some
-      of the raw-level SSLeay error messages are automatically annotated with 
-      high-level hints. For instance the unmeaningly message
-      ``error:06065064:digital envelope routines:EVP_DecryptFinal:bad
-      decrypt'' now reads ``...routines:EVP_DecryptFinal:bad decrypt [Hint:
-      wrong pass phrase!?]'' etc.
-
-   *) Removed ERR_load_crypto_strings() call because it's already contained in
-      SSL_load_error_string() from SSLeay 0.8 and 0.9.  Additionally now a
-      ERR_clear_error() is done after each logfile entry was written to make
-      sure no unread SSLeay errors are kept and occur with later messages
-      (where they would confuse people).
-
-   *) Renamed `SSLLogFile' to `SSLLog' because it isn't always a file,
-      it also can have an argument "|/path/to/filter" and act as
-      a reliable pipe to a logging filter program.
-
-   *) Renamed `SSLRequiredCiphers' directive to `SSLCipherSuite'
-      because the Apache-SSL directivename `SSLRequiredCiphers' was a full
-      accident. Because first it always got intermixed with the per-directory
-      context directive `SSLRequireCipher'. And second this sets not Ciphers
-      which are all `required'. It just sets the Ciphers the clients is
-      permitted to negotiate (the client actually chooses only _one_ Cipher).
-
-   *) Added SSLMutex for mutal expclusion of server process operations.
-      This is currently used only for synchronizing access to the new Session
-      Cache stuff. Three variants can be configured: `SSLMutex none' (no mutex
-      at all - works but risky), `SSLMutex file:/path/to/lockfile' (portable)
-      and `SSLMutex ipcsem' (elegant but not portable).
-
-   *) Moved the backward compatibility stuff into its own module:
-      mod_sslcompat. This module now already provides configuration directive
-      compatibility for both Apache-SSL and Sioux.  More (Stronghold?) can be
-      add later, too. Additionally a mod_sslcompat.html document was written
-      which described the provided configuration directive mapping.
-
-   *) Split the mod_ssl sources from its large 70KB file into smaller chunks,
-      which are now mainly named accoring to the logical modules they contain.
-      This way the source inside src/modules/ssl/ is easier to overview.  Just
-      one minor drawback: We lose a lot of nice `static' and have to prefix
-      really _all_ functions with `ssl_' now.
-
-   *) Replaced the gcache stuff from Apache-SSL days and replaced it
-      by a more simple but even more flexible approach. Now the new
-      `SSLSessionCache' directive replaces `SSLCacheServerPath' and
-      `SSLCacheServerPort'.  The SSLSessionCacheTimeout remains and has the
-      old semantics.  So, where is the difference? The old gcache stuff was
-      like this: An extra process (ssl_gcache) was running in parallel to the
-      httpd server processes and listening to a socket. Through SSLeay
-      callbacks the internal SSLeay caches of all server processes were synced
-      with this global cache.  For this socket connections were established.
-      The drawback of this approach were:
-
-      1. The nasty fiddling with the extra child process was totally buggy
-
-      2. The gcache program itself used another local memory cache. This
-         was totally unnecessary because SSLeay already caches the stuff in a
-         local memory cache. So, under Apache-SSL three cache layers were used
-         (1: SSLeay internal, 2: gcache internal, 3: gcache external) while
-         layer 2 is not needed.
-
-      So the intent now was to replace this with a better solution. The idea
-      came from Stronghold: We either cache the information never (the
-      default), in a hashfile on the local disk (the portable variant -
-      already implemented) or even in a hash structure inside a shared memory
-      segment ( (non-portable, but fast and elegant - still not implemented,
-      only stubs were created to plug this in later).
-
-   *) CORRECTLY SOLVE THE PASS PHRASE DIALOG PROBLEM (the problem is that
-      Apache detaches from the terminal before the SSLeay pass phrase dialog
-      pops up). First I got rid of the ugly and unsuccessful filedescriptor
-      hacks Ben added recently to Apache-SSL because they do not work under
-      all platforms as expected. Second I re-ordered the control flow to allow
-      the following processing:
-      
-      Now at the 1st round of the Apache API init cycle the servers are
-      scanned for certificate and key files and the first one which uses an
-      encrypted key forces the pass phrase dialog to pop up. This dialog is
-      either an interactive builtin terminal dialog (`SSLPassPhraseDialog
-      builtin' - which is similar to SSLeay default dialog) or can be driven
-      in batch by a filtering program which is run once and has to provide the
-      pass phrase on stdout (`SSLPassPhraseDialog /path/to/program').  After
-      this the pass phrase is _temporarily_ stored in memory for use later in
-      the 2nd round of the Apache API init cycle. Now additionally this pass
-      phrase can be kept in memory (`SSLPassPhraseCaching on') for forthcoming
-      server restarts (`kill -HUP') or is explicitly wiped out from memory
-      (`SSLPassPhraseCaching off' - for the paranoid users).
-
-      The following combinations are possible:
-
-      1. THE SMART DEFAULT VARIANT:
-         `SSLPassPhraseDialog builtin' + `SSLPassPhraseCaching on':
-         This is the default which is reasonable for most of the users. This
-         way on Apache startup time the pass phrase is requested on the
-         terminal but kept in memory for all forthcoming restarts.
-
-      2. THE THEORY VARIANT:
-         `SSLPassPhraseDialog builtin' + `SSLPassPhraseCaching off':
-         This combination leads to a server fall-down on any occuring restarts
-         because the terminal dialog _cannot_ be done at restart time (Apache
-         is already detached).  So, this combination is only interesting in
-         theory but should be avoided because its not really useful in
-         practice.  
-
-      3. THE BATCH VARIANT:
-         `SSLPassPhraseDialog /path/to/program' + `SSLPassPhraseCaching on':
-         This is for users who want to remote control the Apache startup or
-         make it automatic by controlling the dialog from within a program.
-         This program is run only once at startup. Then the pass phrase is
-         kept in memory for forthcoming restarts.
-
-      4. THE PARANOIA VARIANT: 
-         `SSLPassPhraseDialog /path/to/program' + `SSLPassPhraseCaching off':
-         This is for the really paranoid users who want avoid any pass phrase
-         caching. Instead both on startup and restart time the pass phrase has
-         to be provided by an external program.
-      
-   *) The SSL logfile is now placed in the main server instead of the virtual
-      host because its actually a global logfile, even when it could be used
-      only inside a virtual server.  
-
-   *) The expensive operation of generating the temporary RSA key is now done
-      before Apache forks the server processes. This speeds up the startup
-      phase a little bit.
-
-   *) Added new SSLCACertificateReqFile directive which defaults to the value
-      of SSLCACertificateFile. It sets the all-in-one file where one can
-      assemble the Certificates of Certification Authorities (CA) whose
-      servers you deal with. These are optionally used by the clients for
-      SSLv3 Server Authentication to speedup processing. The file is requested
-      by the client via the "SSLv3 write certificate request A" for loading
-      intermediate CA certificates in the certificate chain (only SSLv3). It
-      is simply the concatenation of the various PEM-encoded certification
-      files, in order of preference.  
-
-   *) Inlined some functions like init_SSLeay() and init_VerifyType() because
-      they were really small functions and only used once in mod_ssl. These
-      were stand-alone functions in Apache-SSL without real need.
-
-   *) Made `SSLEnable'/`SSLDisable' directives obsolete by adding the simpler
-      `SSEngine on|off'. The old directives are now deprecated but still can
-      be used for backward-compatibility with Apache-SSL. Additionally the
-      default is now `SSLEngine off' (formerly `SSLDisable') instead of the
-      Apache-SSL default of `SSLEngine on'. This breaks a little bit with
-      Apache-SSL semantics, but doesn't hurt as much as it sounds.  Because
-      people run SSL inside a virtual hosts and thus already have a SSLDisable
-      in their main (non-SSL) server. The difference is just that with mod_ssl
-      one no longer has to add SSLDisable to all non-SSL virtual hosts (which
-      is nasty).  OTOH SSL is an additional feature, so the logic of "disabled
-      per default and have to be enabled explicity" is more useful and what is
-      expected.
-
-   *) The "SSL rubbish logfile" of Apache-SSL was now replaced by real
-      dedicated SSL logfile which contains no longer "rubbish".  For this the
-      logging mechanism in mod_ssl was completely re-written from scratch and
-      now looks like this:
-
-      1. `SSLogFile <file>' is optional
-      2. `SSLogFile /dev/null' disables the logging _without_ overheads
-      3. `SSLLogLevel <level>' controls the degree of verbosity in SSLLogFile
-      4. `SSLogLevel none' disables the logging _without_ overheads and is the
-         default.
-      5. Log messages of type `error' are _always_ duplicated to 
-         the Apache general error logfile, even under `SSLLogLevel none'.
-      6. The maximum logging can be now achieved by using `SSLLogLevel debug'.
-
-      Additionally obsolete logging stuff from Apache-SSL was removed from the
-      source code.  Finally the logfiles in the provided default config were
-      changed: ssl_log is now the dedicated SSL protocol logfile (SSLLogFile)
-      while the custom logfile (CustomLog) containing only one line per
-      request is now named ssl_req_log.
-  
-       ____    ___  
-      |___ \  / _ \ 
-        __) || | | |
-       / __/ | |_| |
-  ___ |_____(_)___/ __________________________________________
-
-  Changes with mod_ssl 2.0.16 (07-Nov-1998 to 09-Nov-1998)
-
-   *) Fixed documenation: SSLRequireSSL can be used in .htaccess
-      files when the `FileInfo' context is enabled for it.
-
-   *) Revised my recent RSAref fix to INSTALL file a little bit.
-
-   *) Backport of an Apache-SSL bugfix:
-      Fix file-descriptor leak for stderr.
-
-  Changes with mod_ssl 2.0.15 (01-Nov-1998 to 07-Nov-1998)
-
-   *) Fixed some long-standing inconsistencies in mod_ssl.html
-
-   *) Now SSLVerifyDepth defaults to 1 and this means the client certificate
-      has to be signed directly by the root CA. The verify depth now is the
-      max number of CAs which are checked: 0 = self-signed only, 1 =
-      self-signed or signed by root-CA, 2 = signed by root-CA or signed by a
-      CA which is signed by the root-CA, etc.
-
-   *) Now SSLSessionCacheTime defaults to 300s.
-
-   *) Fixed RSAref instructions in INSTALL file and added more support for
-      implicitly finding the RSA_BASE to the libssl.module script.
-
-   *) Backport from 2.1 branch:
-      Now under `make certificate' an interactive prompt is given which asks
-      whether the private key should be encrypted (the default) or not.  This
-      way it's a little bit easier to setup test servers, at least for me ;-)
-
-   *) Fixed SSLRequiredCiphers: The server configuration entry wasn't
-      correctly merged internally which lead to the effect that it got
-      ignored.
-
-  Changes with mod_ssl 2.0.14 (09-Oct-1998 to 01-Nov-1998)
-
-   *) Backport from 2.1 branch:
-      Renamed snakeoil.{crt,key} to snakeoil-ca.{crt,key} and created a real
-      dummy server certificate/key pair as snakeoil.{crt,key} which is now
-      used under `make certificate TYPE=dummy'. This fixes the recently
-      occured problem where Netscape rejected the dummy certificates because
-      they had the CA flag set.
-
-   *) Upgraded to included Thawte Strong Extranet sources (ssl.contrib/sxnet/)
-      from version 1.2.2 to the current 1.2.3.
-
-   *) Backport from Apache-SSL:
-      Incorporation of recent Base64 (uuencode) encoding bugfixes.
-
-   *) Backport from 2.1 branch:
-      Fixed the "SSLVerifyType optional_no_ca" situation: The situation
-      has to be checked against more SSLeay errors, because under SSLv3
-      certificate chain loading leads to the presentation of the client CA
-      certs, too. Here SSLeay gives different errors.
-
-   *) Fixed documentation of SSL_CLIENT_I<x509> and SSL_SERVER_I<x509>
-      environment variables.
-
-   *) Fixed mod_proxy source for the situation where
-      no --enable-module=ssl is used.
-
-   *) Make sure the stand-alone ssl_gcache program compiles
-      correctly even under SunOS where no strerror() exists.
-
-   *) Backport from 2.1 branch:
-      Fix "uchar" redefinition problem under AIX.
-
-  Changes with mod_ssl 2.0.13 (02-Oct-1998 to 09-Oct-1998)
-  
-   *) Fixed some more race conditions in ssl_gcache, cleaned
-      up the error logging and namespace in ssl_gcache.
-
-   *) Overtaken the SIGPIPE handling patch from Apache-SSL 1.27
-
-   *) Recreated the Snake Oil CA certificate: it's now a X.509 v3
-      certificate with the CA flag set and pathlen 0.
-
-   *) With special permission from Dr Stephen N. Henson his excellent ca-fix
-      program was now added to src/support/ and is used by
-      src/support/mkcert.sh (`make certificate') to fixup the generated
-      certificates. Especially X.509 v3 certificates can be now generated
-      where nsCertType and CA pathlen is correctly set. Additionally `ssleay
-      verify' and `ssleay ... -modulus' checks are performed to make sure the
-      generated certificates are valid.
-
-   *) Upgraded to Apache 1.3.3.
-
-   *) Fixed again some RSAref hints in the INSTALL file.
-
-   *) Fixed `SSLLogFile /dev/null' situation: it now works as expected: No
-      logging is done. But not by writing to /dev/null. Instead no logging at
-      all is done, of course.
-
-  Changes with mod_ssl 2.0.12 (23-Sep-1998 to 02-Oct-1998)
-
-   *) Cleaned up gcache stuff again and fixed a few problematic things 
-      by adding extra runtime checks. Now gcache should no longer dump core.
-      At least I've now found no more bug...
-
-   *) Changed gcache communication from TCP-sockets to Unix domain 
-      sockets in default configuration (httpd.conf-dist), because
-      this is more reliable and safe.
-
-   *) Incorporated reasonable change from Apache-SSL 1.25:
-      Allow up to three retries at the pass phrase prompt.  
-     
-      [The other main change in Apache-SSL 1.25 (the client cert export via
-      env variables) is intentionally not overtaken for mod_ssl because of
-      three reasons: 1. it's a too large patch which is not acceptable for the
-      stable mod_ssl 2.0 branch; 2. it still has some flaws Ben is still
-      fixing for 1.26; 3. I'm still not convinced that providing complete
-      Base64 encoded certs (greated than 1KB) via a set of environment
-      variables is really reasonable (because of performance and system
-      resource limits). Instead I'm still seeking for a real on-demand
-      solution, but for mod_ssl 2.1, of course.]
-
-   *) Backport from 2.1 branch: 
-      Added a --force option to mod_ssl's configure script to let developers
-      apply mod_ssl also to different Apache versions (especially 1.3.x-dev
-      versions).
-
-   *) Fixed portability problems with prop.sh aux script.
-
-   *) Fixed gcache expiring: A static variable was not initialized.
-
-   *) Fixed a few inconsistencies in the mod_ssl.html document.
-
-   *) Fixed RSAref installation instructions in INSTALL file and a little big
-      in libssl.module which caused problems for RSAref installations, too.
-
-   *) Fixed mod_perl part in INSTALL file.
-
-   *) Changed some Apache-SSL wordings in mod_ssl.html on request
-      by Ben Laurie.
-
-  Changes with mod_ssl 2.0.11 (17-Sep-1998 to 23-Sep-1998)
-
-   *) Upgrade from Apache 1.3.1 to Apache 1.3.2
-
-   *) Back-port from 2.1: 
-      Enhanced the ssl.crt/Makefile: now <hash>.N extensions are
-      created when conflicts occur and not only <hash>.0 
-
-   *) Changed HTTPS support in mod_proxy: the ap_proxy_http_handler() function
-      is (illegally because of DSO, of course) called used by third-party
-      modules (like Apache::Proxy). So make make sure we don't change the
-      signature of this function.
-
-   *) Added answer to FAQ `Why is client auth broken after upgrading from
-      SSLeay 0.8 to 0.9'. Because of the changed hash algorithm used for the
-      symlinks.
-
-   *) Now when `make certificate TYPE=custom' is used the generated
-      ca.crt/ca.key files are installed, too.
-   
-   *) Make sure mkcert.sh removes temporary files after work.
-
-   *) Enhanced the INSTALL file: Now an example section describes the
-      installation with mod_perl and PHP3. Beside this some bugs were fixed
-      and some more NOTEs were added.
-  
-  Changes with mod_ssl 2.0.10 (13-Sep-1998 to 17-Sep-1998)
-
-   *) Temporarily added a fix from 1.3.2-dev for APACI's configure script to
-      allow the `Group' directive to be adjusted correctly even under Linux
-      boxes. Without this Linux users always have to fix the `Group' directive
-      manually which is nasty.
-
-   *) Added checks to APACI to automatically disable DSO for mod_proxy and
-      mod_log_config when SSL is used (because they have to be built against
-      SSLeay which is not supported in Apache 1.3.1). But we allow the user to
-      explicitly use --enable-shared=.., but then at least he gets a warning.
-      This way we protect the average user but don't hurt the experts.
-      Especially with Apache 1.3.2 the experts want to use
-      --enable-rule=SHARED_CHAIN for linking the DSO's against SSLeay.
-
-   *) Make the SSL_HOOK_SetupConnection a little bit more robust. 
-
-   *) Avoid confusing "unable to load 'random state'" messages
-      from `ssleay genrsa' command.
-
-   *) Renamed `aux' directory to `etc' because `aux' is a special name under
-      Windows filesystems (and people at least wanted to extract the stuff
-      under windows).
-
-   *) Fix top-level Makefile.tmpl: replace `make' with `$(MAKE)'
-      and grep out SSL_PROGRAM variable from src/Makefile.config directly
-      (instead of running a subtarget) to avoid problems with Make output
-      messages. This especially fixed the `make install' problems under Linux
-      platforms (where GNU Make is used which gives nasty messages).
-
-   *) Update INSTALL file: Use apachectl and add hint to 
-      the Apache general error logfile.
-
-   *) Allow ServerRoot relative path for SSLCertificateFile.
-
-  Changes with mod_ssl 2.0.9 (12-Sep-1998 to 13-Sep-1998)
-
-   *) Portability fixes: The ssl.crt/Makefile didn't work on
-      all platforms because of braindead shells and the mkcert.sh script
-      failed to use /dev/random because this device doesn't work as expected
-      on some platforms.
-
-  Changes with mod_ssl 2.0.8 (09-Sep-1998 to 12-Sep-1998)
-
-   *) Make the whole build process (including `make certificate')
-      independent of any installed ssleay.cnf file (some systems have it in
-      non-standard locations and we don't need it any longer at all).
-
-   *) Added Thawte's Strong Extranet module (mod_sxnet.c) to
-      the ssl.contrib area. This module can be used together
-      with mod_ssl.
-
-   *) Fixed hash symlink generation under `make certificate'
-      and `make install' for the cases where `ssleay' is not in $PATH.
-
-   *) Fixed INSTALL document: rsaref.a has to be copied to librsaref.a
-
-   *) Added more information to the mod_ssl.html file about the
-      SSLCACertificateFile: It's also used implicitly for the "SSLv3 write
-      certificate request A" where it's contents is sent to the client to
-      enable him to verify a possible issuer chain on the server certificate.
-
-   *) Fixed a few bugs in the new mkcert.sh script, enhanced it's
-      dialogs and added a lot error checks.
-
-  Changes with mod_ssl 2.0.7 (29-Aug-1998 to 09-Sep-1998)
-   
-   *) Changed the <VirtualHost> example in the conf/httpd.conf-dist
-      file so it now uses _default_ instead of the server name. This is more
-      portable and totally sufficient for our default configuration where
-      only one virtual host is present.
-
-   *) Backport from 2.1b branch: Now the mod_ssl `configure' script creates a
-      `config.status' script as APACI does. This can be used for
-      re-configuring mod_ssl the same way one does it for Apache.
-
-   *) Backport from 2.1b branch: Added the first cut of HTTPS support for the
-      proxy module. This is currently done by making the generic HTTP handler
-      SSL-aware. But it still doesn't provide support for client or server
-      authentication nor does it provide a way to configure it. Later we'll
-      add perhaps SSLProxyXXXXX directives to allow the users to configure the
-      SSL client inside the proxy.  But beside this it's full functional. One
-      can use it for proxying https://xxx URLs and also use `ProxyPass
-      https://xxxx'. (the sources of SSLeay's s_client and cURL were my
-      friends ;-)
-
-   *) In order to
-      - reduce the confusion with sslcerts/server.pem and sslkeys/server.pem
-      - provide less-problematic non-self-signed certificates on `make certificate'
-      - prepare for mod_ssl 2.1 and the forthcoming client auth & CA scripts 
-      the following cleanups were done:
-
-      1. The files for the SSL certificate system are now stored in the
-         following thee subdirs of the configuration directory:
-         ssl.crt/ ...... contains the X.509 certificate(s)
-         ssl.csr/ ...... contains the X.509 certificate signing requests(s)
-         ssl.key/ ...... contains the RSA private key(s)
-         Each directory contains a README file which describes the purpose and
-         the contents.
-
-      2. A ssl.crt/snakeoil.crt and ssl.key/snakeoil.key demo CA certificate
-         and key is distributed with mod_ssl which is used to sign the test
-         certificates the `make certificate' target creates.  This avoids the
-         problems with MSIE users because MSIE doesn't like self-signed
-         server-certificates very well.
-
-      3. A ssl.crt/ca-bundle.crt is now installed (but not enabled!) which
-         contains all 33 CA root certificates of known public CAs.  They were
-         extracted from Netscape Communicator 4.06 with my certbundle stuff.
-
-      4. The `make certificate' command now can create four types
-         of certificate setups:
-         $ make certificate TYPE=dummy    (dummy self-signed Snake Oil cert)
-         $ make certificate TYPE=test     (test cert signed by Snake Oil CA)
-         $ make certificate TYPE=custom   (custom cert signed by own CA)
-         $ make certificate TYPE=existing (existing official cert)
-                CRT=/path/to/your.crt
-                [KEY=/path/to/your.key]
-         The default is TYPE=test which is equivalent to the old `make
-         certificate' with the exception that now the generated certificate is
-         no longer a self-signed one.  This overview text is also now
-         displayed under built-time.  When KEY is missing it is assumed that
-         it's present in the file from CRT and is extracted from there.
-
-      5. For consistency with 4.) the mod_ssl configure script now
-         uses --with-crt=FILE and --with-key=FILE options. When
-         --with-key is missing it is assumed that it's present in
-         the file from --with-crt and is extracted from there.
-
-   *) Removed unnecessary DEBUG_XXXX stuff which gets replaced in
-      mod_ssl 2.1b with ssl_log().
-
-   *) Backport from 2.1b branch: Now on `make certificate' the hash symlinks
-      in conf/sslcerts/ are generated via the provided Makefile instead of
-      directly linking (which fails under some platforms).
-
-   *) Backport from 2.1b branch: The top-level APACI Makefile now gives a hint
-      for `apachectl start-SSL' (which internally uses the `httpd -DSSL'
-      command).
-
-   *) Backport from 2.1b branch: Replaced old kludges in mod_log_config.c
-      to determine SSL protocol name with the clean SSL_get_version() which
-      already exists in SSLeay 0.8 and 0.9.  And removed a few unneccessary
-      local buffer usages in the mod_ssl-related code in mod_log_config.c.
-
-   *) Merge in changes from Apache-SSL 1.23 to 1.24: Cache private keys over
-      init rounds and restarts. This means you now can use enrypted private
-      key files (where pass phrases are needed to read them in) and both
-      survive the terminal detachment and the restart rounds of Apache. This
-      is achieved by using an own permanent memory pool which survives server
-      restarts and holds the private key files. Remember that this is _not_ a
-      backported full-featured pass phrase handling from mod_ssl 2.1b.
-      Instead it's exactly the easier handling from Apache-SSL 1.24. Because
-      the mod_ssl 2.1b pass phrase handling is too complex to be backported to
-      the 2.0 branch. At least it could lead to side-effects in 2.0 which I
-      want to avoid.
-
-   *) Fixed some pre-processor and variable declaration inconsitencies 
-      which forced portability problems under some non-GCC compilers.
-
-   *) Minor correction to the README, SUPPORT, etc. files.
-
-  Changes with mod_ssl 2.0.6 (25-Aug-1998 to 29-Aug-1998)
-
-   *) Added RSAref support for the US-citizens: mod_ssl now automatically
-      recognizes an SSLeay compiled with -DRSAref, automatically finds
-      libRSAglue and librsaref.a or rsaref.a.  Additionally beside SSL_BASE
-      now the variable RSA_BASE can be used to select a particular RSAref
-      source tree (if not installed under system locations). This way mod_ssl
-      provides out-of-the-box support for SSLeay+RSAref.
-
-   *) Back-port from 2.1: Replaced assert()ions with non-process-terminating
-      runtime checks and removed some unnecessary debugging stuff. 
-
-   *) Back-port from 2.1: Finally fixed the SSL connection deallocation and
-      removed the old FREE_SESSION stuff by back-porting the change from the
-      2.1 track.
-
-   *) Added PGP public key as ssl.contrib/rse.pgp to the distribution 
-      so people can use it on forthcoming releases to verify the tarballs
-      signature.
-
-   *) Taken over a change between Apache-SSL 1.22 and 1.23: Move the call for
-      launching the gcache program to a later point in processing.
-
-   *) Back-port from 2.1: Removed ERR_load_crypto_strings() call because it's
-      already contained in SSL_load_error_string() from SSLeay 0.8 and 0.9.
-
-  Changes with mod_ssl 2.0.5
-
-   *) Fix per-server configuration structure merging.
-
-   *) Added support for reliable piped logs to SSLLogFile directive which can
-      be used to plug-in a filter program which receives the logfile entries.
-
-   *) Removed per-server check for valid SSLVerifyClient argument because in
-      mod_ssl it's no longer possible that an invalid argument can exit under
-      run-time because the argument is already validated under config-time.
-
-   *) Removed DEBUG_SSLEAY stuff from Apache-SSL because SSL_debug() does no
-      longer exist in SSLeay 0.9.x.
-
-   *) Added one more digit at the MOD_SSL define value to indicate beta or
-      release versions. The scheme now is the following (only important when
-      one has to check against the version of an SSL-aware Apache from within
-      an own module): <version>.<revision><type><level> where <version>,
-      <revision> and <level> are numbers between 0 and 99 while <type> is
-      either `b' (for beta versions) or `.' (for release versions). From
-      this the MOD_SSL define is created similar to this command:
-
-          sprintf("%d%02d%c%02d", <version>, <revision>, 
-                                  <type> == `b' ? 0 : 1, <level>);
-
-      As an example: the beta version 2.1b3 has MOD_SSL=201003 while
-      the release version 2.1.4 has MOD_SSL=201104.
-
-   *) Fixed typos in mod_ssl.html document.
-
-   *) Fixed typos in mod_ssl.c source.
-
-   *) Created two buttons similar to the existing "Includes SSLeay
-      encryption software" button: One for Apache ("Powered by Apache
-      Webserver Software") and one for mod_ssl ("Secured by mod_ssl
-      Interface"). These are now put on the default frontdoor webpage at
-      install time.
-
-   *) Removed half done DSO-related stuff from Apache-SSL because it's
-      useless.  Why? Because mod_ssl currently _cannot_ be build as a DSO,
-      because:
-
-      1. Because SSLeay is directly called from within Apache's buffer code
-         (SSL_write/SSL_read) because the Apache API lacks a hook for this.
-         But direct calls from the core to modules and libraries is tabu under
-         DSO situation.
-
-      2. Because mod_ssl is directly called from within Apache's main loop
-         for setting up the SSL protocol after the socket connection was
-         established because the Apache API lacks a hook for this.  But
-         direct calls from the core to modules and libraries is tabu under
-         DSO situation.
-
-      3. Because the pass-phrase dialog can be done only before Apache
-         detaches from the terminal. But the general order is this:
-
-           a) ap_read_config (where LoadModule is done)
-           b) ap_init_modules (where mod_ssl can do the pass-phrase dialog)
-           c) detaching
-           d) ap_read_config (where DSOs are unloaded and reloaded)
-           e) ap_init_modules (where mod_ssl no longer can do the dialog)
-
-         When mod_ssl is not a DSO it can do the pass-phrase dialog in step
-         b), but when it's a DSO (assuming 1. and 2. are already solved) then
-         it cannot preserve information between b) and e) because it is
-         unloaded in the meantime.
-
-      So, for DSO the Apache kernel has to be bloated up with some more
-      features. Currently I want to avoid this because DSO is still not not
-      really worth the effort (there are other things which can be improved in
-      mod_ssl first). 
-
-  Changes with mod_ssl 2.0.4
-
-   *) Added VERSIONS file to the distribution which contains the
-      release date and version numbers for reference.
-
-   *) Make sure the server.pem certificate files in sysconfdir/sslcerts/ is
-      not overridden on APACI re-installs. Now a message simular to other
-      existing APACI messages informs the user that his certificates are
-      preserved.
-
-   *) Added support for SSL_BASE=SYSTEM which means that SSLeay header files,
-      libraries, configuration and binary files were not searched under a
-      single SSL_BASE root. Instead they are searched inside the common system
-      directories like /etc/, /usr/etc, /lib, /usr/lib, /usr/local/lib,
-      /usr/include, etc. pp.
-
-   *) Replaced even more old Apache-SSL relicts to make mod_ssl really secure,
-      stable and robust: sprintf -> ap_snprinf, srcpy -> ap_cpystrn, fopen ->
-      ap_pfopen. 
-
-   *) Added U.S. export law information to SUPPORT file to make sure
-      mailing list users inside the United States remember the U.S. export law.
-
-  Changes with mod_ssl 2.0.3
-
-   *) Fixed a view ap_log_error() calls where APLOG_NOERRNO was missing.
-
-   *) For better compatibility with Stronghold and because it is really more
-      intuitive we now also provide the CustomLog directives %{subjectdn}c and
-      %{issuerdn}c: The (more intuitive) %{subjectdn}c replaced the (confusing)
-      %{clientcert}c directive (although %{clientcert}c is still accepted as an
-      alias).  And the %{issuerdn}c was added (with the alias %{cacert}c :-( ).
-      This way custom logfiles now can contain the certificate issuer as well.
-
-   *) For better configuration sharing with Stronghold (which uses
-      the name mod_ssl.c for its module, too) mod_ssl now defines not only the
-      C Pre-Processor define MOD_SSL, it now also pre-defines the Apache
-      configuration define MOD_SSL. This now can be used with <IfDefine
-      MOD_SSL>..</IfDefine> sections without the need to startup Apache
-      explicitly with an -DSSL or -DMOD_SSL option. 
-   
-   *) ANSI C doesn't allow one to forward declare an array variable without
-      specifying the actual array size. GCC didn't complain, but other vendor
-      compilers (like /bin/cc under IRIX) do. This is now fixed by re-ordering
-      the definitions in the code to make the forward declaration not
-      necessary. 
-
-   *) Let APACI adjust the port 443 to 8443 when installing under a non-root
-      UID similar to what Apache already does with adjusting port 80 to 8080.
-
-   *) Fix patch tool location for the situation where the user
-      has to compile manually the stuff because of platforms errors.
-
-   *) Incorporated changes from Apache-SSL 1.20 to 1.21:
-      Was only a single register_cleanup -> ap_register_cleanup rename,
-      because all other changes were either already in mod_ssl or will be done
-      totally different with the next mod_ssl changes (for instance the
-      logging stuff which gets replaced by a more improved version the next
-      days - because Ben's idea to now log anything to Apache's error_log
-      sounds not reasonable to me).
-
-   *) Fixed variable arg usage in logging functions: va_end was missing.
-
-  Changes with mod_ssl 2.0.2
-
-   *) Make egrep arguments more safe because they failed under
-      Solaris and other platforms. 
-
-   *) Replaced basename() and dirname() functions in aux/patch/backupfile.c
-      to avoid conflicts with glibc2's versions of these functions.
-
-   *) Removed ssl.contrib/ssleay.diff because it was only needed
-      for the temporary broken SSLeay 0.9.0b which was staying around on the
-      net. 
-
-   *) Now the sslcerts dir is created with permissions 755 and sslkeys 
-      with 700 for security reasons.
-
-   *) Now the FAQ inside the mod_ssl.html document has corresponding ToC
-      entries. Additionally now the question "What is different between mod_ssl
-      and Apache-SSL" is tried to be answered.  And a few hints were added on how
-      to check HTTPS manually.
-
-   *) Make the building of the 'patch' tool more robust by checking for
-      success and providing a log of the failure. Additionally in case of
-      problems the user now can use a --with-patch option to force the usage
-      of a vendor patch program.
-
-   *) Cleaned up the gcache stuff even more: reduced #includes
-      to minimum and moved some stuff to the header file.
-
-   *) Cleaned up the httpd.conf-dist entries for SSL.
-
-   *) Cleanup mod_log_config.c patch and fixed %{version}c construct:
-      It now says "SSLX" even under SSLeay 0.8.0.
-
-   *) Misc. doc ajdustments: Fixed a few comment typos in apache.patch file;
-      Added Announcement text as ANNOUNCE file to distribution; Fixed
-      hyperlinks in mod_ssl.html document and added more useful hyperlinks to
-      the README file.
-
-   *) Replaced a lot of C constructs into shorthand defines to
-      make the code even more readable and reviewable: 
-      o ``strcmp ... == 0'' -> ``strEQ''
-      o ``\0'' -> ``NUL''
-      o ``ap_get_module_config(...)'' -> ``myXXConfig''
-      o ``ap_overlay_tables'' -> ``cfgMergeTable''
-
-   *) Fixed dependencies in src/modules/ssl/Makefile.tmpl
-
-   *) Add Ben Laurie's copyright message to gcache sources, even when Ben
-      missed it here. It's from Ben, so his copyright applies and credit has
-      to be given. 
-
-  Changes with mod_ssl 2.0.1
-
-   *) Minor documentation updates.
-
-   *) Now the ssl.patch/apache.diff file is named ssl.patch/apache.patch
-      and contains descriptive annotations for each patches file. This way
-      even the patches are easier reviewable.
- 
-   *) The configure patch was not 100% correct: The SSL has not to be
-      disabled for --enable-module=most (where it should be enabled, of
-      course). Instead it has to be disabled automatically for
-      --enable-shared=max.
-  
-  Changes with mod_ssl 2.0.0
-  
-   *) Added "SSL library type" message to the configuration process
-      to inform the user how we recognized the SSLeay location.
- 
-   *) Added support for conf/sslkeys/ directory both to configure
-      script, Makefile.tmpl and default config files. Additionally now on
-      "make install" the hash symlinks are created and a dummy server cert
-      file is skipped.
- 
-   *) Fixed prop.sh script.
- 
-   *) Cleaned up mod_ssl.html document for release.
- 
-   *) Cleaned up the README file and added a situation report
-      about the author conflict with Ben.
- 
-   *) Incorporated changes from Apache-SSL 1.19 to 1.20:
-      - Do a cleanup before starting gcache.
-      - Make gcache die when httpd dies. 
-        This failing in previous versions appears to be a bug in Apache. 
-      - Document the biz with passphrases and sleep.
-      - Do Apache-SSL on inetd connections.
-      ALL OTHER CHANGES BETWEEN APACHE-SSL 1.19 AND 1.20 WERE ALREADY DONE
-      FOR MOD_SSL IN THE PAST BY Ralf S. Engelschall. Because it seems Ben
-      just has drawn level Apache-SSL with the mod_ssl pre-release I sent to
-      him last week.  Hmmmm...
- 
-   *) Minor cleanups to README and mod_ssl.html file.
- 
-   *) Now create the CHANGES.SSL in <apache>/src/ instead in <apache>/.
- 
-   *) Moved patch to a subdir aux/patch/ and added prop.sh for
-      a visual process indicator while building the aux tools.
- 
-   *) Slightly fixed the configure scripts messages
- 
-   *) Added support for checking the Apache version: Now mod_ssl can
-      only be applied to the correct matching Apache source tree.
- 
-   *) Added configurable support for mod_ssl version strings: Now
-      a libssl.version file is created inside src/modules/ssl/ which holds
-      the mod_ssl version. From this the libssl.module script creates a
-      MOD_SSL_VERSION define holding the value as a string ("X.Y.Z") and a
-      MOD_SSL define holding the value with a zero-spaced numerical value
-      (XYYZZ). This way the mod_ssl received the string for the Server field
-      and other modules can check against certain mod_ssl versions via #ifdef
-      or more granular via #if MOD_SSL >= 20000 or whatever.
-    
-   *) Added support for named to SSLVerifyClient directive: Now the ogly
-      numerical levels 0-2 are still valid but can be replaced by better
-      readable names: "none", "optional", "require" and "optional_no_ca".
- 
-   *) Added Makefile for conf/sslcerts/ directory to keep <hash>.0 
-      symlinks up-to-date.
- 
-   *) Translated the FAQ into HTML format and appended it to mod_ssl.html.
-      Additionally I created a ca.sign script and a Makefile for sslcert/ in
-      relation to the FAQ.
- 
-   *) Enhanced the logfile support: First I've converted nasty
-      fprintf(stderr,..) to ap_log_error() variants. Second I've moved the
-      fprintf(pConfig->fileLogfile,...) to ssl_log_own(pConfig,...) calls.
-      And third error messages are now consistently prefixed with "mod_ssl:"
-      and "SSLeay:" - dependend from which an error comes. And forth I've
-      added the word "SSL" to a lot of messages to indicate that the
-      SSL-relationship.  Additionally I removed doubled ERR_print_xxx calls.
-  
-   *) Cleanup up namespace by added lots of `static's, so only the
-      module structure and the SSL_HOOK_xxx symbols are now exported.
- 
-   *) Fixed up Apache API structures for Apache 1.3: added MODULE_VAR_EXPORT
-      for consistency and missing module structure dispatch pointers.
-       
-   *) Completely renamed the functions to use common prefixes which
-      indicate their relationship and ordered the functions according to this
-      relationship. Additionally a complete list of prototypes is now
-      provided in mod_ssl.h. The order of functions now reflects the logical
-      order when one wants to review the module: 1. API structures, 2. config
-      handing, 3.  directive handling, 4. init functions, 5. API hooks, 6.
-      internals, 7.  caching support, 8. logfile support and 9. utility
-      functions.  Additionally I cleanup up the namespace of global data
-      symbols: They now all have the prefix "_g": bFirstTime -> g_bFirstTime,
-      szCacheServerPort -> g_szCacheServerPort, szCacheServerPath ->
-      g_szCacheServerPath, s_pServer -> g_pServer.
-
-   *) Now all stuff for SSLEay < 0.8.0 is removed because an #error was
-      already given and there is now real need to support these versions any
-      longer. As a consequence we now also could remove the CACHE_SESSIONS
-      #ifdef mess because  this was enabled for >= 0.8.0 since a long time.
-
-   *) Cleaned up the mess inside ap_config.h where TRUE, FALSE and BOOL
-      where globally defined even when they were only used my mod_ssl.  Now
-      all stuff mod_ssl needs is inside mod_ssl.h and not spread over the
-      Apache sources without need. I've also cleaned up the "uchar"
-      definition because this was defined only by coincidence. I've also
-      replaced ugly return 0's with return FALSE and -1 by UNSET when the
-      context was the one for UNSET (like for VerifyType). Additionally I
-      replaced some incorrect declarations (extern uid_t ap_user_id) by
-      including the correct header file (http_config_globals.h). In the same
-      spirit for cleaness I've replaced the numerical filedescriptor numbers
-      by the STDXX_FILENO aliases.
-
-   *) Fixed a nasty bug: When a startup error occured an exit() was done.
-      But an already started ssl_gcache program was not terminated because
-      the exit() doesn't give Apache a chance to cleanup the pools (where the
-      program is registered). Fixed by adding a bunch of ap_clear_pool()
-      calls before the exit() calls. Additionally some more missing exit()'s
-      were added to config checks. And last but not least a termination
-      message is now created by ssl_gcache when it is terminated so one now
-      see both the start and the termination of ssl_gcache program in the
-      logfiles.
- 
-   *) Replaced various sprintf()'s by the more safe and correct ap_snprintf()
-      variants. Same for fopen() and ap_pfopen() and other such functions.
- 
-   *) Prefixed all SSLeay function calls with __SSLeay to mark them
-      for reviewing. I'm still not happy with this long and ugly reading
-      prefix but need to use an initial one which doesn't conflict.
-      Additionally I've then grep'ed out all __SSLeay prefixed symbols,
-      sorted them by group and inserted them into a README which can help
-      identifiying the used SSLeay API functions. The whole intent is
-      just to make reviewing of the code more easier, because this is
-      really important for security related sources.
-
-   *) A lot of various minor cleanups and fixes: For instance I've corrected the
-      directive descriptions, added some descriptive source comments, etc.
-      Really to much of these minor cleanups to write them down, sorry.
- 
-   *) Added an FAQ file, assembled from some information found
-      on www.apache-ssl.org
-
-   *) Incorporated the changes between Apache-SSL 1.18-1.19
- 
-   *) Added back support for the old Apache 1.2 way of configuring and
-      building by placing the SSL_BASE into src/Configuration.tmpl and
-      providing steps in INSTALL, too.
-
-   *) Added a complete Apache-style mod_ssl.html document which describes all
-      mod_ssl directives in detail. I've also painted a nice mod_ssl logo out
-      of the old mod_rewrite logo parts and a safety lock which secures the
-      feather. The SSLeay logo is also part of the document to give credit.
-
-   *) Added a `configure' frontend script for easy applying the mod_ssl
-      source extension and patches to the Apache source tree. It also can
-      replace APACI's configure script by running it in the background.
-      Additionally a slightly changed GNU patch 2.1 tool is distributed under
-      aux/ subdir to make sure the source patching works reliable because
-      newer patches have problems with the apache.diff file and some systems
-      have no "patch" at all.
-
-   *) Split definitions from mod_ssl.c into own mod_ssl.h and converted all
-      source files to the Apache coding styles to be consistent with the
-      officially distributed Apache sources.
- 
-   *) Generation of a certificate is supported via top-level "make
-      certificate" which correctly finds SSLeay both when SSLeay tree is the
-      source tree or the installed tree.
- 
-   *) Added SSLNeedsSSL to config files and cleaned up the
-      SSL-related stuff at the end of httpd.conf-dist.
-
-   *) Out-of-the-box installation for a SSL-aware Apache is provided by
-      automatically installing the certificate and the ssl_gcache program.
-      Additionally the SSL-related directives in the extended httpd.conf file
-      is adjusted, so one immediately can fire up an SSL-aware httpd.
-
-   *) The name of the binary is now again "httpd" instead of the "httpsd"
-      because "httpsd" reads ugly and confuses APACI. And there is no real
-      need to distinguish between them, because one still can compile a
-      standard Apache even after mod_ssl was applied to the Apache source
-      tree. Or why isn't everybody using httppd just because mod_perl is
-      built in? Bingo!
- 
-   *) Added Apache 1.3 Autoconf-style Interface (APACI) support to
-      automatically enable the SSL module via --enable-module=ssl.  This also
-      triggers the MOD_PERL define, so without this APACI option you still
-      can build a standard Apache.
-
-   *) Use the official Apache 1.3 way of adding strings to the
-      HTTP Server header: via ap_add_version_component() instead of patching
-      the defines in httpd.h.  Additionally it now creates a header like
-      ``Server: Apache/1.3.1-dev (Unix) mod_ssl/2.0.0 SSLeay/0.9.0a'' i.e.
-      SSLeay is part of the Server header. Because SSLeay's version is more
-      important than mod_ssl's.
-
-   *) Removed all broken parts in the original Ben-SSL patch, for instance
-      incorrectly added newlines, incorrectly moved SecureWare, etc.
-
-   *) Removed nasty terminal messages like "Skip first time initialization",
-      "Launching ....", etc. These can be enabled in the future by using the
-      ap_log_error stuff.
-
-   *) Fixed incorrect log_ssl_info prototypes in mod_log_config.c from
-      Ben-SSL patch and fixed minor other things.
-
-   *) Cleaned up mod_ssl.c (formerly apache_ssl.c): removed unused variables
-      mod_ssl.c, added prototypes, moved extern prototypes. Actually I've
-      made it run quietly through ``gcc -Wall -Wshadow -Wpointer-arith
-      -Wcast-align -Wmissing-prototypes -Wmissing-declarations
-      -Wnested-externs -Winline'', etc.
-
-   *) Renamed apache_ssl.c to mod_ssl.c for consistency and also
-      to avoid problems inside APACI. Additionally the APACHE_SSL define was
-      renamed to MOD_SSL which is also consistent which the behaviour of
-      mod_perl which uses MOD_PERL.
-
-   *) *GENESIS*: Based the complete code on Ben Laurie's latest Apache-SSL
-      patch (Ben-SSL) version "apache_1.3.0+ssl_1.18". To avoid confusion and
-      to show that its second generation stuff the mod_ssl version starts
-      with 2.0.0. I've merged in all my previous work on Apache-SSL for
-      Apache 1.3b, i.e. especially the APACI stuff.
-
diff --git a/usr.sbin/httpd/src/Configuration b/usr.sbin/httpd/src/Configuration
deleted file mode 100644
index 62fb681c0dd..00000000000
--- a/usr.sbin/httpd/src/Configuration
+++ /dev/null
@@ -1,453 +0,0 @@
-# Config file for the Apache httpd.
-
-# Configuration.tmpl is the template for Configuration. Configuration should
-# be edited to select the modules to be included as well as various flags
-# for Makefile.
-
-# The template should only be changed when a new system or module is added,
-# or an existing one modified. This will also most likely require some minor
-# changes to Configure to recognize those changes.
-
-# There are 5 types of lines here:
-
-# '#' comments, distinguished by having a '#' as the first non-blank character
-#
-# Makefile options, such as CC=gcc, etc...
-#
-# Rules, distinguished by having "Rule" at the front. These are used to
-# control Configure's behavior as far as how to create Makefile.
-#
-# Module selection lines, distinguished by having 'AddModule' at the front.
-# These list the configured modules, in priority order (highest priority
-# last).  They're down at the bottom.
-#
-# Optional module selection lines, distinguished by having `%Module'
-# at the front.  These specify a module that is to be compiled in (but
-# not enabled).  The AddModule directive can be used to enable such a
-# module.  By default no such modules are defined.
-
-
-################################################################
-# Makefile configuration
-#
-# These are added to the general flags determined by Configure.
-# Edit these to work around Configure if needed. The EXTRA_* family
-# will be added to the regular Makefile flags. For example, if you
-# want to compile with -Wall, then add that to EXTRA_CFLAGS. These
-# will be added to whatever flags Configure determines as appropriate
-# and needed for your platform.
-#
-# You can also set the compiler (CC) and optimization (OPTIM) used here as
-# well.  Settings here have priority; If not set, Configure will attempt to
-# guess the C compiler, looking for gcc first, then cc.
-#
-# Optimization note: 
-# Be careful when adding optimization flags (like -O3 or -O6) on the OPTIM
-# entry, especially when using some GCC variants. Experience showed that using
-# these for compiling Apache is risky. If you don't want to see Apache dumping
-# core regularly then at most use -O or -O2.
-#
-# The EXTRA_DEPS can be used to add extra Makefile dependencies to external
-# files (for instance third-party libraries) for the httpd target. The effect
-# is that httpd is relinked when those files are changed.
-#
-EXTRA_CFLAGS=
-EXTRA_LDFLAGS=
-EXTRA_LIBS=
-EXTRA_INCLUDES=
-EXTRA_DEPS=
-
-#CC=
-#CPP=
-#OPTIM=
-#RANLIB=
-
-################################################################
-# Name of the installed Apache HTTP webserver.
-#
-#TARGET=
-
-################################################################
-# Dynamic Shared Object (DSO) support
-#
-# There is experimental support for compiling the Apache core and
-# the Apache modules into dynamic shared object (DSO) files for
-# maximum runtime flexibility.
-#
-# The Configure script currently has only limited built-in
-# knowledge on how to compile these DSO files because this is
-# heavily platform-dependent. The current state of supported and
-# explicitly unsupported platforms can be found in the file 
-# "htdocs/manual/dso.html", under "Supported Platforms".
-#
-# For other platforms where you want to use the DSO mechanism you
-# first have to make sure it supports the pragmatic dlopen()
-# system call and then you have to provide the appropriate
-# compiler and linker flags below to create the DSO files on your
-# particular platform.
-#
-# The placement of the Apache core into a DSO file is triggered
-# by the SHARED_CORE rule below while support for building
-# individual Apache Modules as DSO files and loading them under
-# runtime without recompilation is triggered by `SharedModule'
-# commands. To be able to use the latter one first enable the
-# module mod_so (see corresponding `AddModule' command below).
-# Then enable the DSO feature for particular modules individually
-# by replacing their `AddModule' command with `SharedModule' and
-# change the filename extension from `.o' to `.so'. 
-#
-# Sometimes the DSO files need to be linked against other shared
-# libraries to explicitly resolve symbols from them when the
-# httpd program not already contains references to them. For
-# instance when buidling mod_auth_db as a DSO you need to link
-# the DSO against the libdb explicity because the Apache kernel
-# has no references for this library. But the problem is that
-# this "chaining" is not supported on all platforms. Although one
-# usually can link a DSO against another DSO without linker
-# complains the linkage is not really done on these platforms.
-# So, when you receive "unresolved symbol" errors under runtime
-# when using the LoadModule directive for a particular module try
-# to enable the SHARED_CHAIN rule below.
-
-#CFLAGS_SHLIB=
-#LD_SHLIB=
-#LDFLAGS_SHLIB=
-#LDFLAGS_SHLIB_EXPORT=
-
-Rule SHARED_CORE=default
-Rule SHARED_CHAIN=default
-
-################################################################
-# Rules configuration
-#
-# These are used to let Configure know that we want certain
-# functions. The format is: Rule RULE=value
-#
-# At present, only the following RULES are known: WANTHSREGEX, SOCKS4,
-# SOCKS5, IRIXNIS, IRIXN32, PARANOID, and DEV_RANDOM.
-#
-# For all Rules except DEV_RANDOM, if set to "yes", then Configure knows
-# we want that capability and does what is required to add it in. If set
-# to "default" then Configure makes a "best guess"; if set to anything
-# else, or not present, then nothing is done.
-#
-# SOCKS4:
-#  If SOCKS4 is set to 'yes', be sure that you add the socks library
-#  location to EXTRA_LIBS, otherwise Configure will assume
-#  "-L/usr/local/lib -lsocks"
-#
-# SOCKS5:
-#  If SOCKS5 is set to 'yes', be sure that you add the socks5 library
-#  location to EXTRA_LIBS, otherwise Configure will assume
-#  "-L/usr/local/lib -lsocks5"
-#
-# IRIXNIS:
-#  Only takes effect if Configure determines that you are running
-#  SGI IRIX.  If you are using a (ancient) 4.x version of IRIX, you
-#  need this if you are using NIS and Apache needs access to it for
-#  things like mod_userdir.  This is not required on 5.x and later
-#  and you should not enable it on such systems.
-#
-# IRIXN32:
-#  If you are running a version of IRIX and Configure detects
-#  n32 libraries, it will use those instead of the o32 ones.
-#
-# PARANOID:
-#  New with version 1.3, during Configure modules can run
-#  pre-programmed shell commands in the same environment that
-#  Configure runs in. This allows modules to control how Configure
-#  works. Normally, Configure will simply note that a module
-#  is performing this function. If PARANOID is set to yes, it will
-#  actually print-out the code that the modules execute
-#
-# EXPAT:
-#  Include an Expat implementation into Apache for use by the
-#  modules. James Clark's Expat package (expat-lite) is bundled
-#  with Apache for the convenience of our users. The EXPAT rule
-#  determines which Expat implementation, if any, to use as follows:
-#
-#  Rule EXPAT=yes       : Use system Expat if available; otherwise
-#                         use bundled Expat (lib/expat-lite). If
-#                         neither exists the build will fail
-#  Rule EXPAT=no        : Don't include Expat at all
-#  Rule EXPAT=default   : If Expat can be found at the system or
-#                         in lib/expat-lite, use it; otherwise
-#                         skip it
-# 
-# CYGWIN_WINSOCK: 
-#  Use Win32 API system calls for socket communication instead 
-#  of Cygwin's POSIX.1 wrappers. This avoids the Cygwin specific
-#  implementation and uses the Win32 native calls. Should be faster
-#  and more reliable for high-load systems.  
-# 
-
-Rule SOCKS4=no
-Rule SOCKS5=no
-Rule IRIXNIS=no
-Rule IRIXN32=yes
-Rule PARANOID=no
-Rule EXPAT=default
-Rule CYGWIN_WINSOCK=no 
-
-# DEV_RANDOM:
-#  Note: this rule is only used when compiling mod_auth_digest.
-#  mod_auth_digest requires a cryptographically strong random seed for its
-#  random number generator. It knows two ways of getting this: 1) from
-#  a file or device (such as "/dev/random"), or 2) from the truerand
-#  library. If this rule is set to 'default' then Configure will choose
-#  to use /dev/random if it exists, else /dev/urandom if it exists,
-#  else the truerand library. To override this behaviour set DEV_RANDOM
-#  either to 'truerand' (to use the library) or to a device or file
-#  (e.g. '/dev/urandom'). If the truerand library is selected, Configure
-#  will assume "-L/usr/local/lib -lrand".
-Rule DEV_RANDOM=/dev/arandom
-
-# The following rules should be set automatically by Configure. However, if
-# they are not set by Configure (because we don't know the correct value for
-# your platform), or are set incorrectly, you may override them here.
-# If you have to do this, please let us know what you set and what your
-# platform is, by filling out a problem report form at the Apache web site:
-# <http://bugs.apache.org/>.  If your browser is forms-incapable, you
-# can get the information to us by sending mail to apache-bugs@apache.org.
-#
-# WANTHSREGEX:
-#  Apache requires a POSIX regex implementation. Henry Spencer's
-#  excellent regex package is included with Apache and can be used
-#  if desired. If your OS has a decent regex, you can elect to
-#  not use this one by setting WANTHSREGEX to 'no' or commenting
-#  out the Rule. The "default" action is "yes" unless overruled
-#  by OS specifics
-
-Rule WANTHSREGEX=default
-
-################################################################
-# Module configuration
-#
-# Modules are listed in reverse priority order --- the ones that come
-# later can override the behavior of those that come earlier.  This
-# can have visible effects; for instance, if UserDir followed Alias,
-# you couldn't alias out a particular user's home directory.
-
-# The configuration below is what we consider a decent default 
-# configuration.  If you want the functionality provided by a particular
-# module, remove the "#" sign at the beginning of the line. But remember, 
-# the more modules you compile into the server, the larger the executable
-# is and the more memory it will take, so if you are unlikely to use the
-# functionality of a particular module you might wish to leave it out.
-
-## mod_mmap_static is an experimental module, you almost certainly
-## don't need it.  It can make some webservers faster.  No further
-## documentation is provided here because you'd be foolish
-## to use mod_mmap_static without reading the full documentation.
-
-# AddModule modules/experimental/mod_mmap_static.o
-
-## mod_vhost_alias provides support for mass virtual hosting
-## by dynamically changing the document root and CGI directory
-## based on the host header or local IP address of the request.
-## See "../htdocs/manual/vhosts/mass.html".
-
-# AddModule modules/standard/mod_vhost_alias.o
-
-##
-## Config manipulation modules
-##
-## mod_env sets up additional or restricted environment variables to be
-## passed to CGI/SSI scripts.  It is listed first (lowest priority) since
-## it does not do per-request stuff.
-
-AddModule modules/standard/mod_env.o
-
-##
-## Request logging modules
-##
-
-AddModule modules/standard/mod_log_config.o
-
-## Optional modules for NCSA user-agent/referer logging compatibility
-## We recommend, however, that you just use the configurable access_log.
-
-# AddModule modules/standard/mod_log_agent.o
-# AddModule modules/standard/mod_log_referer.o
-
-##
-## Type checking modules
-##
-## mod_mime_magic determines the type of a file by examining a few bytes
-## of it and testing against a database of filetype signatures.  It is
-## based on the unix file(1) command.
-## mod_mime maps filename extensions to content types, encodings, and
-## "magic" type handlers (the latter is obsoleted by mod_actions, and
-## don't confuse it with the previous module).
-## mod_negotiation allows content selection based on the Accept* headers.
-
-# AddModule modules/standard/mod_mime_magic.o
-AddModule modules/standard/mod_mime.o
-AddModule modules/standard/mod_negotiation.o
-
-##
-## Content delivery modules
-##
-## The status module allows the server to display current details about 
-## how well it is performing and what it is doing.  Consider also enabling 
-## the 'ExtendedStatus On' directive to allow full status information.
-## Please note that doing so can result in a palpable performance hit.
-
-AddModule modules/standard/mod_status.o
-
-## The Info module displays configuration information for the server and 
-## all included modules. It's very useful for debugging.
-
-# AddModule modules/standard/mod_info.o
-
-## mod_include translates server-side include (SSI) statements in text files.
-## mod_autoindex handles requests for directories which have no index file
-## mod_dir handles requests on directories and directory index files.
-## mod_cgi handles CGI scripts.
-
-AddModule modules/standard/mod_include.o
-AddModule modules/standard/mod_autoindex.o
-AddModule modules/standard/mod_dir.o
-AddModule modules/standard/mod_cgi.o
-
-## The asis module implements ".asis" file types, which allow the embedding
-## of HTTP headers at the beginning of the document.  mod_imap handles internal 
-## imagemaps (no more cgi-bin/imagemap/!).  mod_actions is used to specify 
-## CGI scripts which act as "handlers" for particular files, for example to
-## automatically convert every GIF to another file type.
-
-AddModule modules/standard/mod_asis.o
-AddModule modules/standard/mod_imap.o
-AddModule modules/standard/mod_actions.o
-
-##
-## URL translation modules.
-##
-
-## The Speling module attempts to correct misspellings of URLs that
-## users might have entered, namely by checking capitalizations
-## or by allowing up to one misspelling (character insertion / omission /
-## transposition/typo). This catches the majority of misspelled requests.
-## If it finds a match, a "spelling corrected" redirection is returned.
-
-# AddModule modules/standard/mod_speling.o
-
-## The UserDir module for selecting resource directories by user name
-## and a common prefix, e.g., /~<user> , /usr/web/<user> , etc.
-
-AddModule modules/standard/mod_userdir.o
-
-## The Alias module provides simple URL translation and redirection.
-
-AddModule modules/standard/mod_alias.o
-
-## The URL rewriting module allows for powerful URI-to-URI and 
-## URI-to-filename mapping using a regular expression based 
-## rule-controlled rewriting engine.
-
-# AddModule modules/standard/mod_rewrite.o
-
-##
-## Access control and authentication modules. 
-##
-AddModule modules/standard/mod_access.o
-AddModule modules/standard/mod_auth.o
-
-## The anon_auth module allows for anonymous-FTP-style username/ 
-## password authentication.
-
-# AddModule modules/standard/mod_auth_anon.o
-
-## db_auth and dbm_auth work with Berkeley DB files - make sure there
-## is support for DBM files on your system.  You may need to grab the GNU
-## "gdbm" package if not and possibly adjust EXTRA_LIBS. (This may be
-## done by Configure at a later date)
-
-# AddModule modules/standard/mod_auth_dbm.o
-# AddModule modules/standard/mod_auth_db.o
-
-## "digest" implements HTTP Digest Authentication rather than the less 
-## secure Basic Auth used by the other modules.  This is the old version.
-
-# AddModule modules/standard/mod_digest.o
-
-## "auth_digest" implements HTTP/1.1 Digest Authentication (RFC 2617)
-## rather than the less secure Basic Auth used by the other modules.
-## This is an updated version of mod_digest, but it is not as well tested
-## and is therefore marked experimental.  Use either the one above, or
-## this one below, but not both digest modules.
-## Note: if you add this module in then you might also need the
-## truerand library (available for example from
-## ftp://research.att.com/dist/mab/librand.shar) - see the Rule
-## DEV_RANDOM above for more info.
-##
-## Must be added above (run later than) the proxy module because the
-## WWW-Authenticate and Proxy-Authenticate headers are parsed in the
-## post-read-request phase and it needs to know if this is a proxy request.
-
-# AddModule modules/experimental/mod_auth_digest.o
-
-## Optional Proxy
-##
-## The proxy module enables the server to act as a proxy for outside
-## http and ftp services. It's not as complete as it could be yet.
-## NOTE: You do not want this module UNLESS you are running a proxy;
-##       it is not needed for normal (origin server) operation.
-
-# AddModule modules/proxy/libproxy.a
-
-## Optional response header manipulation modules. 
-##
-## cern_meta mimics the behavior of the CERN web server with regards to 
-## metainformation files.  
-
-# AddModule modules/standard/mod_cern_meta.o
-
-## The expires module can apply Expires: headers to resources,
-## as a function of access time or modification time.
-
-# AddModule modules/standard/mod_expires.o
-
-## The headers module can set arbitrary HTTP response headers,
-## as configured in server, vhost, access.conf or .htaccess configs
-
-# AddModule modules/standard/mod_headers.o
-
-## Miscellaneous modules
-##
-## mod_usertrack is the new name for mod_cookies.  This module
-## uses Netscape cookies to automatically construct and log
-## click-trails from Netscape cookies, or compatible clients who
-## aren't coming in via proxy.   
-##
-## You do not need this, or any other module to allow your site
-## to use Cookies.  This module is for user tracking only
-
-# AddModule modules/standard/mod_usertrack.o
-
-## The example module, which demonstrates the use of the API.  See
-## the file modules/example/README for details.  This module should
-## only be used for testing -- DO NOT ENABLE IT on a production server.
-
-# AddModule modules/example/mod_example.o
-
-## mod_unique_id generates unique identifiers for each hit, which are
-## available in the environment variable UNIQUE_ID.  It may not work on all
-## systems, hence it is not included by default.
-
-# AddModule modules/standard/mod_unique_id.o
-
-## mod_so lets you add modules to Apache without recompiling.
-## This is an experimental feature at this stage and only supported 
-## on a subset of the platforms we generally support. 
-## Don't change this entry to a 'SharedModule' variant (Bootstrapping!)
-
-# AddModule modules/standard/mod_so.o
-
-## mod_setenvif lets you set environment variables based on the HTTP header
-## fields in the request; this is useful for conditional HTML, for example.
-## Since it is also used to detect buggy browsers for workarounds, it
-## should be the last (highest priority) module.
-
-AddModule modules/standard/mod_setenvif.o
-
diff --git a/usr.sbin/httpd/src/Configuration.tmpl b/usr.sbin/httpd/src/Configuration.tmpl
deleted file mode 100644
index f471d8d7545..00000000000
--- a/usr.sbin/httpd/src/Configuration.tmpl
+++ /dev/null
@@ -1,528 +0,0 @@
-# Config file for the Apache httpd.
-
-# Configuration.tmpl is the template for Configuration. Configuration should
-# be edited to select the modules to be included as well as various flags
-# for Makefile.
-
-# The template should only be changed when a new system or module is added,
-# or an existing one modified. This will also most likely require some minor
-# changes to Configure to recognize those changes.
-
-# There are 5 types of lines here:
-
-# '#' comments, distinguished by having a '#' as the first non-blank character
-#
-# Makefile options, such as CC=gcc, etc...
-#
-# Rules, distinguished by having "Rule" at the front. These are used to
-# control Configure's behavior as far as how to create Makefile.
-#
-# Module selection lines, distinguished by having 'AddModule' at the front.
-# These list the configured modules, in priority order (highest priority
-# last).  They're down at the bottom.
-#
-# Optional module selection lines, distinguished by having `%Module'
-# at the front.  These specify a module that is to be compiled in (but
-# not enabled).  The AddModule directive can be used to enable such a
-# module.  By default no such modules are defined.
-
-################################################################
-# SSL support:
-#
-# o Set SSL_BASE to either the directory of your OpenSSL source tree or the
-#   installation tree. Alternatively you can also use the value 'SYSTEM' which
-#   then indicates that OpenSSL is installed under various system locations.
-#
-# o Disable SSL_COMPAT rule to build mod_ssl without backward compatibility
-#   code for Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.x and Stronghold 2.x.
-#
-# o The SSL_SDBM rule controls whether the built-in SDBM library should be
-#   used instead of a custom defined or vendor supplied DBM library.  Use the
-#   value 'default' for automatic determination or use 'yes' to force the use
-#   of SDBM in case the vendor DBM library is buggy or restricts the data
-#   sizes too dramatically.
-#
-# o The SSL_EXPERIMENTAL rule can be used to enable still experimental code
-#   inside mod_ssl. These are usually new features which need some more
-#   testing before they can be considered stable. So, enable this on your own
-#   risk and only when you like to see Apache+mod_ssl dump core ;-)
-#
-# o The SSL_CONSERVATIVE rule can be used to disable some non-conservative
-#   code inside mod_ssl. These are usually recently introduced features 
-#   which some people still want to consider unstable. So, to be maximum 
-#   conservative, one can enable this flag and this way remove such code.
-#
-# o The SSL_VENDOR rule can be used to enable code inside mod_ssl which can be
-#   used by product vendors to extend mod_ssl via EAPI hooks without patching
-#   the source. Additionally ssl_vendor*.c source files are automatically
-#   picked up by the compilation process.
-
-#SSL_BASE=/usr/local/ssl
-Rule SSL_COMPAT=yes
-Rule SSL_SDBM=default
-Rule SSL_EXPERIMENTAL=no
-Rule SSL_CONSERVATIVE=no
-Rule SSL_VENDOR=no
-
-################################################################
-# Makefile configuration
-#
-# These are added to the general flags determined by Configure.
-# Edit these to work around Configure if needed. The EXTRA_* family
-# will be added to the regular Makefile flags. For example, if you
-# want to compile with -Wall, then add that to EXTRA_CFLAGS. These
-# will be added to whatever flags Configure determines as appropriate
-# and needed for your platform.
-#
-# You can also set the compiler (CC) and optimization (OPTIM) used here as
-# well.  Settings here have priority; If not set, Configure will attempt to
-# guess the C compiler, looking for gcc first, then cc.
-#
-# Optimization note: 
-# Be careful when adding optimization flags (like -O3 or -O6) on the OPTIM
-# entry, especially when using some GCC variants. Experience showed that using
-# these for compiling Apache is risky. If you don't want to see Apache dumping
-# core regularly then at most use -O or -O2.
-#
-# The EXTRA_DEPS can be used to add extra Makefile dependencies to external
-# files (for instance third-party libraries) for the httpd target. The effect
-# is that httpd is relinked when those files are changed.
-#
-EXTRA_CFLAGS=
-EXTRA_LDFLAGS=
-EXTRA_LIBS=
-EXTRA_INCLUDES=
-EXTRA_DEPS=
-
-#CC=
-#CPP=
-#OPTIM=
-#RANLIB=
-
-################################################################
-# Name of the installed Apache HTTP webserver.
-#
-#TARGET=
-
-################################################################
-# Extended API (EAPI) support:
-#
-# EAPI:
-#   The EAPI rule enables more module hooks, a generic low-level hook
-#   mechanism, a generic context mechanism and shared memory based pools. 
-#
-# EAPI_MM:
-#   Set the EAPI_MM variable to either the directory of a MM Shared Memory
-#   Library source tree or the installation tree of MM. Alternatively you can
-#   also use the value 'SYSTEM' which then indicates that MM is installed
-#   under various system locations. When the MM library files cannot be found
-#   the EAPI still can be built, but without shared memory pool support, of
-#   course.
-
-Rule EAPI=no
-#EAPI_MM=SYSTEM
-
-################################################################
-# Dynamic Shared Object (DSO) support
-#
-# There is experimental support for compiling the Apache core and
-# the Apache modules into dynamic shared object (DSO) files for
-# maximum runtime flexibility.
-#
-# The Configure script currently has only limited built-in
-# knowledge on how to compile these DSO files because this is
-# heavily platform-dependent. The current state of supported and
-# explicitly unsupported platforms can be found in the file 
-# "htdocs/manual/dso.html", under "Supported Platforms".
-#
-# For other platforms where you want to use the DSO mechanism you
-# first have to make sure it supports the pragmatic dlopen()
-# system call and then you have to provide the appropriate
-# compiler and linker flags below to create the DSO files on your
-# particular platform.
-#
-# The placement of the Apache core into a DSO file is triggered
-# by the SHARED_CORE rule below while support for building
-# individual Apache Modules as DSO files and loading them under
-# runtime without recompilation is triggered by `SharedModule'
-# commands. To be able to use the latter one first enable the
-# module mod_so (see corresponding `AddModule' command below).
-# Then enable the DSO feature for particular modules individually
-# by replacing their `AddModule' command with `SharedModule' and
-# change the filename extension from `.o' to `.so'. 
-#
-# Sometimes the DSO files need to be linked against other shared
-# libraries to explicitly resolve symbols from them when the
-# httpd program not already contains references to them. For
-# instance when buidling mod_auth_db as a DSO you need to link
-# the DSO against the libdb explicity because the Apache kernel
-# has no references for this library. But the problem is that
-# this "chaining" is not supported on all platforms. Although one
-# usually can link a DSO against another DSO without linker
-# complains the linkage is not really done on these platforms.
-# So, when you receive "unresolved symbol" errors under runtime
-# when using the LoadModule directive for a particular module try
-# to enable the SHARED_CHAIN rule below.
-
-#CFLAGS_SHLIB=
-#LD_SHLIB=
-#LDFLAGS_SHLIB=
-#LDFLAGS_SHLIB_EXPORT=
-
-Rule SHARED_CORE=default
-Rule SHARED_CHAIN=default
-
-################################################################
-# Rules configuration
-#
-# These are used to let Configure know that we want certain
-# functions. The format is: Rule RULE=value
-#
-# At present, only the following RULES are known: WANTHSREGEX, SOCKS4,
-# SOCKS5, IRIXNIS, IRIXN32, PARANOID, and DEV_RANDOM.
-#
-# For all Rules except DEV_RANDOM, if set to "yes", then Configure knows
-# we want that capability and does what is required to add it in. If set
-# to "default" then Configure makes a "best guess"; if set to anything
-# else, or not present, then nothing is done.
-#
-# SOCKS4:
-#  If SOCKS4 is set to 'yes', be sure that you add the socks library
-#  location to EXTRA_LIBS, otherwise Configure will assume
-#  "-L/usr/local/lib -lsocks"
-#
-# SOCKS5:
-#  If SOCKS5 is set to 'yes', be sure that you add the socks5 library
-#  location to EXTRA_LIBS, otherwise Configure will assume
-#  "-L/usr/local/lib -lsocks5"
-#
-# IRIXNIS:
-#  Only takes effect if Configure determines that you are running
-#  SGI IRIX.  If you are using a (ancient) 4.x version of IRIX, you
-#  need this if you are using NIS and Apache needs access to it for
-#  things like mod_userdir.  This is not required on 5.x and later
-#  and you should not enable it on such systems.
-#
-# IRIXN32:
-#  If you are running a version of IRIX and Configure detects
-#  n32 libraries, it will use those instead of the o32 ones.
-#
-# PARANOID:
-#  New with version 1.3, during Configure modules can run
-#  pre-programmed shell commands in the same environment that
-#  Configure runs in. This allows modules to control how Configure
-#  works. Normally, Configure will simply note that a module
-#  is performing this function. If PARANOID is set to yes, it will
-#  actually print-out the code that the modules execute
-#
-# EXPAT:
-#  Include an Expat implementation into Apache for use by the
-#  modules. James Clark's Expat package (expat-lite) is bundled
-#  with Apache for the convenience of our users. The EXPAT rule
-#  determines which Expat implementation, if any, to use as follows:
-#
-#  Rule EXPAT=yes       : Use system Expat if available; otherwise
-#                         use bundled Expat (lib/expat-lite). If
-#                         neither exists the build will fail
-#  Rule EXPAT=no        : Don't include Expat at all
-#  Rule EXPAT=default   : If Expat can be found at the system or
-#                         in lib/expat-lite, use it; otherwise
-#                         skip it
-# 
-# CYGWIN_WINSOCK: 
-#  Use Win32 API system calls for socket communication instead 
-#  of Cygwin's POSIX.1 wrappers. This avoids the Cygwin specific
-#  implementation and uses the Win32 native calls. Should be faster
-#  and more reliable for high-load systems.  
-# 
-# INET6:
-#  IPv6 support.
-#
-
-Rule SOCKS4=no
-Rule SOCKS5=no
-Rule IRIXNIS=no
-Rule IRIXN32=yes
-Rule PARANOID=no
-Rule EXPAT=default
-Rule CYGWIN_WINSOCK=no 
-Rule INET6=yes
-
-# DEV_RANDOM:
-#  Note: this rule is only used when compiling mod_auth_digest.
-#  mod_auth_digest requires a cryptographically strong random seed for its
-#  random number generator. It knows two ways of getting this: 1) from
-#  a file or device (such as "/dev/random"), or 2) from the truerand
-#  library. If this rule is set to 'default' then Configure will choose
-#  to use /dev/random if it exists, else /dev/urandom if it exists,
-#  else the truerand library. To override this behaviour set DEV_RANDOM
-#  either to 'truerand' (to use the library) or to a device or file
-#  (e.g. '/dev/urandom'). If the truerand library is selected, Configure
-#  will assume "-L/usr/local/lib -lrand".
-Rule DEV_RANDOM=/dev/arandom
-
-# The following rules should be set automatically by Configure. However, if
-# they are not set by Configure (because we don't know the correct value for
-# your platform), or are set incorrectly, you may override them here.
-# If you have to do this, please let us know what you set and what your
-# platform is, by filling out a problem report form at the Apache web site:
-# <http://bugs.apache.org/>.  If your browser is forms-incapable, you
-# can get the information to us by sending mail to apache-bugs@apache.org.
-#
-# WANTHSREGEX:
-#  Apache requires a POSIX regex implementation. Henry Spencer's
-#  excellent regex package is included with Apache and can be used
-#  if desired. If your OS has a decent regex, you can elect to
-#  not use this one by setting WANTHSREGEX to 'no' or commenting
-#  out the Rule. The "default" action is "yes" unless overruled
-#  by OS specifics
-
-Rule WANTHSREGEX=default
-
-################################################################
-# Module configuration
-#
-# Modules are listed in reverse priority order --- the ones that come
-# later can override the behavior of those that come earlier.  This
-# can have visible effects; for instance, if UserDir followed Alias,
-# you couldn't alias out a particular user's home directory.
-
-# The configuration below is what we consider a decent default 
-# configuration.  If you want the functionality provided by a particular
-# module, remove the "#" sign at the beginning of the line. But remember, 
-# the more modules you compile into the server, the larger the executable
-# is and the more memory it will take, so if you are unlikely to use the
-# functionality of a particular module you might wish to leave it out.
-
-## mod_mmap_static is an experimental module, you almost certainly
-## don't need it.  It can make some webservers faster.  No further
-## documentation is provided here because you'd be foolish
-## to use mod_mmap_static without reading the full documentation.
-
-# AddModule modules/experimental/mod_mmap_static.o
-
-## mod_vhost_alias provides support for mass virtual hosting
-## by dynamically changing the document root and CGI directory
-## based on the host header or local IP address of the request.
-## See "../htdocs/manual/vhosts/mass.html".
-
-# AddModule modules/standard/mod_vhost_alias.o
-
-##
-## Config manipulation modules
-##
-## mod_env sets up additional or restricted environment variables to be
-## passed to CGI/SSI scripts.  It is listed first (lowest priority) since
-## it does not do per-request stuff.
-
-AddModule modules/standard/mod_env.o
-
-## mod_define expands variables on arbitrary directive lines.
-## It requires Extended API (EAPI).
-
-# AddModule modules/extra/mod_define.o
-
-##
-## Request logging modules
-##
-
-AddModule modules/standard/mod_log_config.o
-
-## Optional modules for NCSA user-agent/referer logging compatibility
-## We recommend, however, that you just use the configurable access_log.
-
-# AddModule modules/standard/mod_log_agent.o
-# AddModule modules/standard/mod_log_referer.o
-
-##
-## Type checking modules
-##
-## mod_mime_magic determines the type of a file by examining a few bytes
-## of it and testing against a database of filetype signatures.  It is
-## based on the unix file(1) command.
-## mod_mime maps filename extensions to content types, encodings, and
-## "magic" type handlers (the latter is obsoleted by mod_actions, and
-## don't confuse it with the previous module).
-## mod_negotiation allows content selection based on the Accept* headers.
-
-# AddModule modules/standard/mod_mime_magic.o
-AddModule modules/standard/mod_mime.o
-AddModule modules/standard/mod_negotiation.o
-
-##
-## Content delivery modules
-##
-## The status module allows the server to display current details about 
-## how well it is performing and what it is doing.  Consider also enabling 
-## the 'ExtendedStatus On' directive to allow full status information.
-## Please note that doing so can result in a palpable performance hit.
-
-AddModule modules/standard/mod_status.o
-
-## The Info module displays configuration information for the server and 
-## all included modules. It's very useful for debugging.
-
-# AddModule modules/standard/mod_info.o
-
-## mod_include translates server-side include (SSI) statements in text files.
-## mod_autoindex handles requests for directories which have no index file
-## mod_dir handles requests on directories and directory index files.
-## mod_cgi handles CGI scripts.
-
-AddModule modules/standard/mod_include.o
-AddModule modules/standard/mod_autoindex.o
-AddModule modules/standard/mod_dir.o
-AddModule modules/standard/mod_cgi.o
-
-## The asis module implements ".asis" file types, which allow the embedding
-## of HTTP headers at the beginning of the document.  mod_imap handles internal 
-## imagemaps (no more cgi-bin/imagemap/!).  mod_actions is used to specify 
-## CGI scripts which act as "handlers" for particular files, for example to
-## automatically convert every GIF to another file type.
-
-AddModule modules/standard/mod_asis.o
-AddModule modules/standard/mod_imap.o
-AddModule modules/standard/mod_actions.o
-
-##
-## URL translation modules.
-##
-
-## The Speling module attempts to correct misspellings of URLs that
-## users might have entered, namely by checking capitalizations
-## or by allowing up to one misspelling (character insertion / omission /
-## transposition/typo). This catches the majority of misspelled requests.
-## If it finds a match, a "spelling corrected" redirection is returned.
-
-# AddModule modules/standard/mod_speling.o
-
-## The UserDir module for selecting resource directories by user name
-## and a common prefix, e.g., /~<user> , /usr/web/<user> , etc.
-
-AddModule modules/standard/mod_userdir.o
-
-## The Alias module provides simple URL translation and redirection.
-
-AddModule modules/standard/mod_alias.o
-
-## The URL rewriting module allows for powerful URI-to-URI and 
-## URI-to-filename mapping using a regular expression based 
-## rule-controlled rewriting engine.
-
-# AddModule modules/standard/mod_rewrite.o
-
-##
-## Access control and authentication modules. 
-##
-AddModule modules/standard/mod_access.o
-AddModule modules/standard/mod_auth.o
-
-## The anon_auth module allows for anonymous-FTP-style username/ 
-## password authentication.
-
-# AddModule modules/standard/mod_auth_anon.o
-
-## db_auth and dbm_auth work with Berkeley DB files - make sure there
-## is support for DBM files on your system.  You may need to grab the GNU
-## "gdbm" package if not and possibly adjust EXTRA_LIBS. (This may be
-## done by Configure at a later date)
-
-# AddModule modules/standard/mod_auth_dbm.o
-# AddModule modules/standard/mod_auth_db.o
-
-## "digest" implements HTTP Digest Authentication rather than the less 
-## secure Basic Auth used by the other modules.  This is the old version.
-
-# AddModule modules/standard/mod_digest.o
-
-## "auth_digest" implements HTTP/1.1 Digest Authentication (RFC 2617)
-## rather than the less secure Basic Auth used by the other modules.
-## This is an updated version of mod_digest, but it is not as well tested
-## and is therefore marked experimental.  Use either the one above, or
-## this one below, but not both digest modules.
-## Note: if you add this module in then you might also need the
-## truerand library (available for example from
-## ftp://research.att.com/dist/mab/librand.shar) - see the Rule
-## DEV_RANDOM above for more info.
-##
-## Must be added above (run later than) the proxy module because the
-## WWW-Authenticate and Proxy-Authenticate headers are parsed in the
-## post-read-request phase and it needs to know if this is a proxy request.
-
-# AddModule modules/experimental/mod_auth_digest.o
-
-## Optional Proxy
-##
-## The proxy module enables the server to act as a proxy for outside
-## http and ftp services. It's not as complete as it could be yet.
-## NOTE: You do not want this module UNLESS you are running a proxy;
-##       it is not needed for normal (origin server) operation.
-
-# AddModule modules/proxy/libproxy.a
-
-## Optional response header manipulation modules. 
-##
-## cern_meta mimics the behavior of the CERN web server with regards to 
-## metainformation files.  
-
-# AddModule modules/standard/mod_cern_meta.o
-
-## The expires module can apply Expires: headers to resources,
-## as a function of access time or modification time.
-
-# AddModule modules/standard/mod_expires.o
-
-## The headers module can set arbitrary HTTP response headers,
-## as configured in server, vhost, access.conf or .htaccess configs
-
-# AddModule modules/standard/mod_headers.o
-
-## Miscellaneous modules
-##
-## mod_usertrack is the new name for mod_cookies.  This module
-## uses Netscape cookies to automatically construct and log
-## click-trails from Netscape cookies, or compatible clients who
-## aren't coming in via proxy.   
-##
-## You do not need this, or any other module to allow your site
-## to use Cookies.  This module is for user tracking only
-
-# AddModule modules/standard/mod_usertrack.o
-
-## The example module, which demonstrates the use of the API.  See
-## the file modules/example/README for details.  This module should
-## only be used for testing -- DO NOT ENABLE IT on a production server.
-
-# AddModule modules/example/mod_example.o
-
-## mod_unique_id generates unique identifiers for each hit, which are
-## available in the environment variable UNIQUE_ID.  It may not work on all
-## systems, hence it is not included by default.
-
-# AddModule modules/standard/mod_unique_id.o
-
-## mod_so lets you add modules to Apache without recompiling.
-## This is an experimental feature at this stage and only supported 
-## on a subset of the platforms we generally support. 
-## Don't change this entry to a 'SharedModule' variant (Bootstrapping!)
-
-# AddModule modules/standard/mod_so.o
-
-## mod_setenvif lets you set environment variables based on the HTTP header
-## fields in the request; this is useful for conditional HTML, for example.
-## Since it is also used to detect buggy browsers for workarounds, it
-## should be the last (highest priority) module.
-
-AddModule modules/standard/mod_setenvif.o
-
-## mod_keynote adds RFC 2704 KeyNote-based authentication support.
-## It requires that mod_ssl also be configured in order to function.
-
-# AddModule modules/keynote/mod_keynote.o
-
-## mod_ssl incorporates SSL into Apache.
-## It must stay last here to be first in execution to 
-## fake basic authorization.
-
-# AddModule modules/ssl/libssl.a
-
diff --git a/usr.sbin/httpd/src/Configure b/usr.sbin/httpd/src/Configure
deleted file mode 100644
index 62b8d1aebd7..00000000000
--- a/usr.sbin/httpd/src/Configure
+++ /dev/null
@@ -1,2649 +0,0 @@
-#!/bin/sh
-# $OpenBSD: Configure,v 1.29 2010/05/05 11:58:27 kettenis Exp $
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-
-
-
-# Uses 6 supplemental scripts located in ./helpers:
-#	CutRule: Determines the value for a specified Rule
-#	GuessOS: Uses uname to determine OS/platform
-#	PrintPath: generic "type" or "whence" replacement
-#	TestCompile: Can check for libs and if $(CC) is ANSI
-#	 (i.e., a simple "sanity check")
-#	mfhead:
-#	fp2rp:
-#	slo.sh:
-
-LANG=C; export LANG
-exitcode=0
-trap 'rm -f $tmpfile $tmpfile2 $tmpfile3 $tmpconfig $awkfile; exit $exitcode' 0 1 2 3 15
-
-####################################################################
-## Set up some defaults
-##
-file=Configuration
-tmpfile=htconf.$$
-tmpfile2=$tmpfile.2
-tmpfile3=$tmpfile.3
-awkfile=$tmpfile.4
-tmpconfig=$tmpfile.5
-SUBDIRS="ap main"
-APLIBDIRS=""
-SHELL=/bin/sh
-
-####################################################################
-## Now handle any arguments, which, for now, is -file
-## to select an alternate Configuration file and -v
-## to turn on verbose mode
-##
-while [ "x$1" != "x" ]; do
-  if [ "x$1" = "x-v" ] ; then
-    shift 1;
-    vflag="-v";
-  fi
-  if [ "x$1" = "x-file" ] ; then
-    shift 1; file=$1; shift 1
-    if [ ! -r $file ]; then
-      echo "$file does not exist or is not readable."
-      exitcode=1
-      exit 1
-    fi
-  else
-    echo "ERROR: Bad command line option '$1'"
-    echo "  Please read the file INSTALL."
-    exit 1
-  fi
-done
-if [ ! -r $file ]; then
-  echo "Can't see or read \"$file\""
-  echo "Please copy Configuration.tmpl to $file, edit it for your platform,"
-  echo "and re-run $0 again."
-  exitcode=1
-  exit 1
-fi
-
-####################################################################
-## Now see if Configuration.tmpl is more recent than $file. If
-## so, then we complain and bail out
-##
-if ls -lt $file Configuration.tmpl | head -1 | \
-  grep 'Configuration.tmpl' > /dev/null
-then
-  echo "Configuration.tmpl is more recent than $file;"
-  echo "Make sure that $file is valid and, if it is, simply"
-  echo "'touch $file' and re-run $0 again."
-  exitcode=1
-  exit 1
-fi
-
-echo "Using config file: $file"
-
-####################################################################
-## From the Configuration file, create a "cleaned-up" version
-## that's easy to scan
-##
-
-# Strip comments and blank lines, remove whitespace around
-# "=" assignments, change Rules to comments and then remove whitespace
-# before Module declarations
-sed 's/#.*//' $file | \
- sed '/^[ 	]*$/d' | \
- sed 's/[ 	]*$//' | \
- sed 's/[ 	]*=[ 	]*/=/' | \
- sed '/^Rule[ 	]*/d' | \
- sed 's/^[ 	]*AddModule/AddModule/' | \
- sed 's/^[ 	]*%AddModule/%AddModule/' | \
- sed 's/^[ 	]*SharedModule/SharedModule/' | \
- sed 's/^[ 	]*Module/Module/' | \
- sed 's/^[ 	]*%Module/%Module/' > $tmpfile
-
-# Determine if shared objects are used
-using_shlib=`grep  '^SharedModule' $tmpfile >/dev/null && echo 1`
-
-# But perhaps later via apxs when just mod_so is compiled in!
-if [ "x$using_shlib" = "x" ]; then
-    using_shlib=`grep  '^AddModule modules/standard/mod_so.o' $tmpfile >/dev/null && echo 1`
-fi
-
-# Only "assignment" ("=") statements and Module lines
-# should be left at this point. If there is other stuff
-# we bail out
-if egrep -v '^%?Module[ 	]+[A-Za-z0-9_]+[ 	]+[^ 	]+$' $tmpfile \
- | egrep -v '^%?AddModule[ 	]+[^ 	]+$' \
- | egrep -v '^SharedModule[ 	]+[^ 	]+$' \
- | grep -v = > /dev/null
-then
-  echo "Syntax error --- The configuration file is used only to"
-  echo "define the list of included modules or to set Makefile"
-  echo "options or Configure rules, and I don't see that at all:"
-  egrep -v '^%?Module[ 	]+[A-Za-z0-9_]+[ 	]+[^ 	]+$' $tmpfile \
-   | egrep -v '^%?AddModule[ 	]+[^ 	]+$'  \
-   | egrep -v '^%?SharedModule[ 	]+[^ 	]+$'  \
-   | grep -v =
-  exitcode=1
-  exit 1
-fi
-
-####################################################################
-## If we find the directory /usr/local/etc/httpd and there is
-## no HTTPD_ROOT flag set in the Configuration file we assume
-## that the user was using the old default root directory
-## and issue a notice about it.
-##
-if [ "x$file" != "xConfiguration.apaci" ]
-then
-  if [ -d /usr/local/etc/httpd/ ]
-  then
-    if egrep '^EXTRA_CFLAGS.*HTTPD_ROOT' $file >/dev/null
-    then
-      :
-    else
-      echo " | Please note that the default httpd root directory has changed"
-      echo " | from '/usr/local/etc/httpd/' to '/usr/local/apache/.'"
-      echo " | You may add '-DHTTPD_ROOT=\\\"/usr/local/etc/httpd\\\"' to EXTRA_CFLAGS"
-      echo " | in your Configuration file (and re-run Configure) or start"
-      echo " | httpd with the option '-d /usr/local/etc/httpd' if you still"
-      echo " | want to use the old root directory for your server."
-    fi
-  fi
-fi
-
-####################################################################
-## Start creating the Makefile. We add some comments and
-## then fold in the modules that were included in Configuration
-##
-echo "Creating Makefile"
-${SHELL} helpers/mfhead . $file > Makefile
-
-####################################################################
-## Now we create a stub file, called Makefile.config, which
-## just includes those assignments (eg: CC=gcc) in Configuration
-##
-awk >Makefile.config <$tmpfile '
-    BEGIN {
-	print "##"
-	print "##  Inherited Makefile options from Configure script"
-	print "##  (Begin of automatically generated section)"
-	print "##"
-	print "SRCDIR=."
-    } 
-    /\=/ { print } 
-    '
-
-####################################################################
-## Extract the rules.
-##
-RULE_WANTHSREGEX=`${SHELL} helpers/CutRule WANTHSREGEX $file`
-RULE_STATUS=`${SHELL} helpers/CutRule STATUS $file`
-RULE_SOCKS4=`${SHELL} helpers/CutRule SOCKS4 $file`
-RULE_SOCKS5=`${SHELL} helpers/CutRule SOCKS5 $file`
-RULE_IRIXNIS=`${SHELL} helpers/CutRule IRIXNIS $file`
-RULE_IRIXN32=`${SHELL} helpers/CutRule IRIXN32 $file`
-RULE_PARANOID=`${SHELL} helpers/CutRule PARANOID $file`
-RULE_EXPAT=`${SHELL} helpers/CutRule EXPAT $file`
-RULE_CYGWIN_WINSOCK=`${SHELL} helpers/CutRule CYGWIN_WINSOCK $file` 
-RULE_SHARED_CORE=`${SHELL} helpers/CutRule SHARED_CORE $file`
-RULE_SHARED_CHAIN=`${SHELL} helpers/CutRule SHARED_CHAIN $file`
-RULE_INET6=`${SHELL} helpers/CutRule INET6 $file`
-
-####################################################################
-## Rule SHARED_CORE implies required DSO support
-##
-if [ "x$RULE_SHARED_CORE" = "xyes" ]; then
-	using_shlib=1
-fi
-
-####################################################################
-## Preset some "constants";
-## can be overridden on a per-platform basis below.
-##
-DBM_LIB="-ldbm"
-DB_LIB="-ldb"
-SHELL="/bin/sh"
-SUBTARGET="target_static"
-SHLIB_SUFFIX_NAME=""
-SHLIB_SUFFIX_LIST=""
-CAT="cat"
-
-####################################################################
-## Now we determine the OS/Platform automagically, thanks to
-## GuessOS, a home-brewed OS-determiner ala config.guess
-##
-## We adjust CFLAGS, LIBS, LDFLAGS and INCLUDES (and other Makefile
-## options) as required. Setting CC and OPTIM here has no effect
-## if they were set in Configure.
-##
-## Also, we set DEF_WANTHSREGEX and to the appropriate
-## value for each platform.
-##
-## As more PLATFORMs are added to Configuration.tmpl, be sure to
-## add the required lines below.
-##
-SHELL="/bin/sh"
-PLAT=`${SHELL} helpers/GuessOS`
-OSDIR="os/unix"
-
-case "$PLAT" in
-    *mint)
-	OS="MiNT"
-	CFLAGS="-DMINT"
-	LIBS="$LIBS -lportlib -lsocket"
-	DEF_WANTHSREGEX=yes
-	;;
-    *MPE/iX*)
-	export OS='MPE/iX'
-	OSDIR='os/mpeix'
-	CFLAGS="$CFLAGS -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE"
-	LIBS="$LIBS -lsocket -lsvipc -lcurses"
-	LDFLAGS="$LDFLAGS -Xlinker \"-WL,cap=ia,ba,ph;nmstack=1024000\""
-	CAT="/bin/cat" # built-in cat is badly broken for stdin redirection
-	;;
-    *-apple-aux3*)
-	OS='A/UX 3.1.x'
-	CFLAGS="$CFLAGS -DAUX3 -D_POSIX_SOURCE"
-	LIBS="$LIBS -lposix -lbsd"
-	LDFLAGS="$LDFLAGS -s"
-	DEF_WANTHSREGEX=no
-	;;
-    i386-ibm-aix*)
-	OS='IBM AIX PS/2'
-	CFLAGS="$CFLAGS -DAIX=100 -U__STR__ -DUSEBCOPY"
-	DEF_WANTHSREGEX=no
-	;;
-    ia64-ibm-aix*)
-       OS='IBM AIX IA64'
-       CFLAGS="$CFLAGS -DAIXIA64 -U__STR__"
-       LDFLAGS="$LDFLAGS -lm"
-       RULE_SHARED_CORE=no
-       DEF_SHARED_CORE=no
-       ;;
-    *-ibm-aix[1-2].*)
-	OS='IBM AIX 1.x/2.x'
-	CFLAGS="$CFLAGS -DAIX=100 -DNEED_RLIM_T -U__STR__"
-	;;
-    *-ibm-aix3.*)
-	OS='IBM AIX 3.x'
-	CFLAGS="$CFLAGS -DAIX=300 -DNEED_RLIM_T -U__STR__"
-	;;
-    *-ibm-aix[45678].*)
-        PLATOSVERS=`echo $PLAT | sed 's/^.*ibm-aix//'`
-        OS="AIX $PLATOSVERS"
-        PLATOSVERSNUM=`echo $PLATOSVERS | sed 's/\.//'`
-        if test $PLATOSVERSNUM -ge 43; then
-            PLATOSVERSNUM=`oslevel | sed 's/\.//g' | sed 's/.$//'`
-        else
-            PLATOSVERSNUM="$PLATOSVERSNUM"0
-        fi
-        # PLATOSVERSNUM is a three digit number at this point
-        CFLAGS="$CFLAGS -DAIX=$PLATOSVERSNUM -U__STR__"
-        if test $PLATOSVERSNUM -lt 420; then
-            CFLAGS="$CFLAGS -DNEED_RLIM_T"
-        fi
-        if test $PLATOSVERSNUM -ge 420; then
-            LDFLAGS="$LDFLAGS -lm"
-        fi
-        if test $PLATOSVERSNUM -ge 430; then
-            LDFLAGS="$LDFLAGS -lpthread"
-            RULE_SHARED_CORE=no
-            DEF_SHARED_CORE=no
-        fi
-        ;;
-    *-ibm-aix*)
-	OS='IBM AIX'
-	CFLAGS="$CFLAGS -DAIX=100 -U__STR__"
-	LDFLAGS="$LDFLAGS -lm"
-	;;
-    *-apollo-*)
-	OS='Apollo Domain'
-	CFLAGS="$CFLAGS -DAPOLLO"
-	;;
-    *-dg-dgux*)
-	OS='DG/UX 5.4'
-	CFLAGS="$CFLAGS -DDGUX"
-	DEF_WANTHSREGEX=yes
-	;;
-    *OS/2*)
-	OSDIR="os/os2"
-	DEF_WANTHSREGEX=yes
-	OS='EMX OS/2'
-	CFLAGS="$CFLAGS -DOS2 -DTCPIPV4 -g -Zmt"
-	LDFLAGS="$LDFLAGS -Zexe -Zmtd -Zsysv-signals -Zbin-files"
-	LIBS="$LIBS -lsocket -lufc -lbsd"
-	DBM_LIB="-lgdbm"
-	SHELL=sh
-	;;
-    *-hi-hiux)
-	OS='HI-UX'
-	CFLAGS="$CFLAGS -DHIUX"
-	;;
-    *-hp*-hpux11.*)
-	OS='HP-UX 11'
-	CFLAGS="$CFLAGS -DHPUX11"
-	RANLIB="/bin/true"
-	LIBS="$LIBS -lm -lpthread"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-hp*-hpux10.*)
-	OS='HP-UX 10'
-	CFLAGS="$CFLAGS -DHPUX10"
-	RANLIB="/bin/true"
- 	case "$PLAT" in
- 	  *-hp-hpux10.01)
-	       # We know this is a problem in 10.01.
-	       # Not a problem in 10.20.  Otherwise, who knows?
-	       CFLAGS="$CFLAGS -DSELECT_NEEDS_CAST"
-	       ;;	     
- 	esac
-	DEF_WANTHSREGEX=yes
-	;;
-    *-hp*-hpux*)
-	OS='HP-UX'
-	CFLAGS="$CFLAGS -DHPUX"
-	RANLIB="/bin/true"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lm"
-	;;
-    *-sgi-irix64)
-	# Note: We'd like to see patches to compile 64-bit, but for now...
-	echo "You are running 64-bit Irix. For now, we will compile 32-bit"
-	echo "but if you would care to port to 64-bit, send us the patches."
-	DEF_WANTHSREGEX=yes
-	DBM_LIB=""
-	if [ "x$RULE_IRIXNIS" = "xyes" ]; then
-	    OS='SGI IRIX-64 w/NIS'
-	    CFLAGS="$CFLAGS -DIRIX"
-	    LIBS="$LIBS -lsun"
-	else
-	    OS='SGI IRIX-64'
-	    CFLAGS="$CFLAGS -DIRIX"
-	fi
-	;;
-    *-sgi-irix32)
-	DEF_WANTHSREGEX=yes
-	DBM_LIB=""
-	if [ "x$RULE_IRIXN32" = "xyes" ]; then
-	    if [ "x$RULE_IRIXNIS" = "xyes" ]; then
-		OS='SGI IRIX-32 w/NIS'
-	    else
-		OS='SGI IRIX-32'
-	    fi
-	else
-	    if [ "x$RULE_IRIXNIS" = "xyes" ]; then
-		OS='SGI IRIX w/NIS'
-	    else
-		OS='SGI IRIX'
-	    fi
-	fi
-	CC='cc'
-	CFLAGS="$CFLAGS -DIRIX"
-	;;
-    *-sgi-irix)
-	DEF_WANTHSREGEX=yes
-	DBM_LIB=""
-	if [ "x$RULE_IRIXNIS" = "xyes" ]; then
-	    OS='SGI IRIX w/NIS'
-	    CFLAGS="$CFLAGS -DIRIX"
-	    LIBS="$LIBS -lsun"
-	else
-	    OS='SGI IRIX'
-	    CFLAGS="$CFLAGS -DIRIX"
-	fi
-	;;
-    *-linux20)
-	DEF_WANTHSREGEX=yes
-	OS='Linux'
-	CFLAGS="$CFLAGS -DLINUX=20"
-	LIBS="$LIBS -lm"
-	;;
-    *-linux22)
-        # This handles linux 2.2 and above (2.4, ...)
-	DEF_WANTHSREGEX=yes
-	OS='Linux'
-	CFLAGS="$CFLAGS -DLINUX=22"
-	LIBS="$LIBS -lm"
-	;;
-    *-GNU*)
-	DEF_WANTHSREGEX=yes
-	OS='GNU/Hurd'
-	CFLAGS="$CFLAGS -DHURD"
-	LIBS="$LIBS -lm -lcrypt"
-	;;
-    *-linux1)
-	DEF_WANTHSREGEX=yes
-	OS='Linux'
-	CFLAGS="$CFLAGS -DLINUX=1"
-	;;
-    *-lynx-lynxos)
-	OS='LynxOS 2.x'
-	CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__ -DLYNXOS"
-	LIBS="$LIBS -lbsd -lcrypt"
-	DEF_WANTHSREGEX=yes
-	;;
-    *486-*-bsdi*)
-	OS='BSDI w/486'
-	CFLAGS="$CFLAGS -m486"
-	DBM_LIB=""
-	DB_LIB=""
-	;;
-    *-bsdi3)
-        if [ "x$using_shlib" = "x1" ] ; then
-            CC="shlicc2"
-        fi
-        ;;
-    *-bsdi*)
-	OS='BSDI'
-	DBM_LIB=""
-	DB_LIB=""
-	;;
-    *-netbsd*)
-	OS='NetBSD'
-	CFLAGS="$CFLAGS -DNETBSD"
-	LIBS="$LIBS -lcrypt"
-	DBM_LIB=""
-	DB_LIB=""
-	DEF_WANTHSREGEX=no
-	;;
-    *-freebsd*)
-    	PLATOSVERS=`echo $PLAT | sed 's/^.*freebsd//'`
-	OS="FreeBSD $PLATOSVERS"
-	case "$PLATOSVERS" in
-	    [2345]*)
-		DEF_WANTHSREGEX=no
-		CFLAGS="$CFLAGS -funsigned-char"
-		;;
-	esac
-	LIBS="$LIBS -lcrypt"
-	DBM_LIB=""
-	DB_LIB=""
-	;;
-    *-openbsd*)
-	OS='OpenBSD'
-	DBM_LIB=""
-	DB_LIB=""
-	DEF_WANTHSREGEX=no
-	;;
-    *-next-nextstep*)
-	OS='NeXTStep'
-	OPTIM='-O'
-	CFLAGS="$CFLAGS -DNEXT"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-next-openstep*)
-	OS='OpenStep/Mach'
-	CC='cc'
-	OPTIM='-O'
-	CFLAGS="$CFLAGS -DNEXT"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-apple-rhapsody*)
-	OS='Mac OS X Server'
-	CFLAGS="$CFLAGS -DDARWIN -DMAC_OS_X_SERVER"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-apple-darwin*)
-	OS='Darwin'
-	CFLAGS="$CFLAGS -DDARWIN"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-dec-osf*)
-	OS='DEC OSF/1'
-	CFLAGS="$CFLAGS -DOSF1"
-	LIBS="$LIBS -lm"
-	;;
-    *-qnx)
-	OS='QNX'
-	CFLAGS="$CFLAGS -DQNX"
-	LIBS="$LIBS -N128k -lsocket -lunix"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-qnx32)
-        CC='cc -F'
-	OS='QNX32'
-	CFLAGS="$CFLAGS -DQNX -mf -3"
-	LIBS="$LIBS -N128k -lsocket -lunix"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-isc4*)
-	OS='ISC 4'
-	CC='gcc'
-	CFLAGS="$CFLAGS -posix -DISC"
-	LDFLAGS="$LDFLAGS -posix"
-	LIBS="$LIBS -linet"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-sco3*)
-	OS='SCO 3'
-	CFLAGS="$CFLAGS -DSCO -Oacgiltz"
-	LIBS="$LIBS -lPW -lsocket -lmalloc -lcrypt_i"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-sco5*)
-	OS='SCO 5'
-	CFLAGS="$CFLAGS -DSCO5"
-	LIBS="$LIBS -lsocket -lmalloc -lprot -ltinfo -lx -lm"
-	DEF_WANTHSREGEX=no
-	;;
-    *-sco_sv*|*-SCO_SV*)
-	OS='SCO SV'
-	CFLAGS="$CFLAGS -DSCO"
-	LIBS="$LIBS -lPW -lsocket -lmalloc -lcrypt_i"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-solaris2*)
-    	PLATOSVERS=`echo $PLAT | sed 's/^.*solaris2.//'`
-	OS="Solaris $PLATOSVERS"
-	CFLAGS="$CFLAGS -DSOLARIS2=$PLATOSVERS"
-	LIBS="$LIBS -lsocket -lnsl -lpthread"
-	DBM_LIB=""
-	case "$PLATOSVERS" in
-	    2[01234]*)
-		DEF_WANTHSREGEX=yes
-		;;
-	    *)
-		DEF_WANTHSREGEX=no
-		;;
-	esac
-	;;
-    *-sunos4*)
-	OS='SunOS 4'
-	CFLAGS="$CFLAGS -DSUNOS4 -DUSEBCOPY"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-unixware1)
-	DEF_WANTHSREGEX=yes
-	OS='UnixWare 1.x'
-	CFLAGS="$CFLAGS -DUW=100"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt"
-	;;
-    *-unixware2)
-	DEF_WANTHSREGEX=yes
-	OS='UnixWare 2.x'
-	CFLAGS="$CFLAGS -DUW=200"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen"
-	;;
-    *-unixware211)
-	OS='UnixWare 2.1.1'
-	CFLAGS="$CFLAGS -DUW=211"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen"
-	;;
-    *-unixware212)
-	OS='UnixWare 2.1.2'
-	CFLAGS="$CFLAGS -DUW=212"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen"
-	DBM_LIB=""
-	;;
-    *-unixware7)
-	OS='UnixWare 7'
-	CFLAGS="$CFLAGS -DUW=700"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv"
-	DBM_LIB=""
-	;;
-    *-OpenUNIX)
-	OS='OpenUNIX'
-	CFLAGS="$CFLAGS -DUW=800"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv"
-	DBM_LIB=""
-	;;
-    maxion-*-sysv4*)
-    	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc -lgen"
-	;;
-    *-*-powermax*)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lgen"
-	LD_SHLIB='cc'
-	LDFLAGS_SHLIB="-Zlink=so"
-	LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	LDFLAGS_SHLIB_EXPORT="-Zlink=dynamic -Wl,-Bexport"
-	CFLAGS_SHLIB='-Zpic'
-	;;
-    TPF)
-       OS='TPF'
-       OSDIR='os/tpf'
-       CC='c89'
-       CFLAGS="$CFLAGS -DTPF -DCHARSET_EBCDIC -D_POSIX_SOURCE"
-       DEF_WANTHSREGEX=yes
-       LIBS="$LIBS"
-       SUBTARGET="target_compile_only"
-       ;;
-    BS2000*-siemens-sysv4*)
-	OS='BS2000'
-	OSDIR='os/bs2000'
-	# If you are using a CPP before V3.0, delete the -Kno_integer_overflow flag
-	CC='c89 -XLLML -XLLMK -XL -Kno_integer_overflow'
-	CFLAGS="$CFLAGS -DCHARSET_EBCDIC -DSVR4 -D_XPG_IV"
-	DEF_WANTHSREGEX=yes
-	DBM_LIB=""
-	;;
-    *-siemens-sysv4*)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4 -D_XPG_IV -DHAS_DLFCN -DUSE_MMAP_FILES -DNEED_UNION_SEMUN"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	DBM_LIB=""
-	;;
-    pyramid-pyramid-svr4)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4 -DNO_LONG_DOUBLE"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    DS/90\ 7000-*-sysv4*)
-	OS='UXP/DS'
-	CFLAGS="$CFLAGS -DUXPDS"
-	LIBS="$LIBS -lsocket -lnsl"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-tandem-sysv4*)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4"
-	LIBS="$LIBS -lsocket -lnsl"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-ncr-sysv4)
-	OS='NCR MP/RAS'
-	CFLAGS="$CFLAGS -DSVR4 -DMPRAS"
-	LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-sysv4*)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    88k-encore-sysv4)
-	OS='Encore UMAX V'
-	CFLAGS="$CFLAGS -DSVR4 -DENCORE"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lPW"
-	;;
-    *-uts*)
-	PLATOSVERS=`echo $PLAT | sed 's/^.*,//'`
-	OS='Amdahl UTS $PLATOSVERS'
-	case "$PLATOSVERS" in
-	    2*) CFLAGS="$CFLAGS -Xa -eft -DUTS21 -DUSEBCOPY"
-	        LIBS="$LIBS -lsocket -lbsd -la"
-	        DEF_WANTHSREGEX=yes
-	        ;;
-	    *)  CFLAGS="$CFLAGS -Xa -DSVR4"
-	        LIBS="$LIBS -lsocket -lnsl"
-	        ;;
-	esac
-	;;
-    *-ultrix)
-	OS='ULTRIX'
-	CFLAGS="-DULTRIX"
-	DEF_WANTHSREGEX=yes
-	SHELL="/bin/sh5"
-	;;
-    *powerpc-tenon-machten*)
-	OS='MachTen PPC'
-	LDFLAGS="$LDFLAGS -Xlstack=0x14000 -Xldelcsect"
-	;;
-    *-machten*)
-	OS='MachTen 68K'
-	LDFLAGS="$LDFLAGS -stack 0x14000"
-	DEF_WANTHSREGEX=yes
-	;;
-    *convex-v11*)
-	OS='CONVEXOS11'
-	CFLAGS="$CFLAGS -ext -DCONVEXOS11"
-	OPTIM="-O1" # scalar optimization only
-	CC='cc'
-	DEF_WANTHSREGEX=yes
-	;;
-    i860-intel-osf1)
-	DEF_WANTHSREGEX=yes
-	OS='Paragon OSF/1'
-	CFLAGS="$CFLAGS -DPARAGON"
-	;;
-    *-sequent-ptx2.*.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v2.*.*'
-	CFLAGS="$CFLAGS -DSEQUENT=20 -Wc,-pw"
-	LIBS="$LIBS -lsocket -linet -lnsl -lc -lseq"
-	;;
-    *-sequent-ptx4.0.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v4.0.*'
-	CFLAGS="$CFLAGS -DSEQUENT=40 -Wc,-pw"
-	LIBS="$LIBS -lsocket -linet -lnsl -lc"
-	;;
-    *-sequent-ptx4.[123].*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v4.1.*/v4.2.*'
-	CFLAGS="$CFLAGS -DSEQUENT=41 -Wc,-pw"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    *-sequent-ptx4.4.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v4.4.*'
-	CFLAGS="$CFLAGS -DSEQUENT=44 -Wc,-pw"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    *-sequent-ptx4.5.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v4.5.*'
-	CFLAGS="$CFLAGS -DSEQUENT=45 -Wc,-pw"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    *-sequent-ptx5.0.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v5.0.*'
-	CFLAGS="$CFLAGS -DSEQUENT=50 -Wc,-pw"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    *NEWS-OS*)
-	DEF_WANTHSREGEX=yes
-	OS='SONY NEWS-OS'
-	CFLAGS="$CFLAGS -DNEWSOS"
-	;;
-    *-riscix)
-	OS='Acorn RISCix'
-	CFLAGS="$CFLAGS -DRISCIX"
-	OPTIM="-O"
-	MAKE="make"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-BeOS*)
-	PLATOSVER=`uname -r`
-        case "$PLATOSVER" in
-            5.0.4*)
-                OS="BeOS BONE"
-                LIBS="-lbind -lsocket -lbe -lroot"
-                CFLAGS="$CFLAGS -DBONE"
-                ;;
-            *)
-                OS='BeOS';
-	        CFLAGS="$CFLAGS -DBEOS"
-                ;;
-        esac
-	DEF_WANTHSREGEX=yes
-	;;
-    4850-*.*)
-	OS='NCR MP/RAS'
-	CFLAGS="$CFLAGS -DSVR4 -DMPRAS"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb"
-	;;
-    drs6000*)
-	OS='DRS6000'
-	CFLAGS="$CFLAGS -DSVR4"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb"
-	;;
-    m88k-*-CX/SX|CYBER)
-	OS='Cyberguard CX/SX'
-	CFLAGS="$CFLAGS -D_CX_SX -Xa"
-	DEF_WANTHSREGEX=yes
-	CC='cc'
-	RANLIB='true'
-	;;
-    *-tandem-oss)
-	OS='Tandem OSS'
-	CFLAGS="-D_TANDEM_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
-	CC='c89'
-	;;
-    *-IBM-OS390*)
-       OS='OS390'
-       OSDIR='os/os390'
-       CC='c89'
-       CFLAGS="$CFLAGS -DOS390 -DCHARSET_EBCDIC -D_ALL_SOURCE"
-       DEF_WANTHSREGEX=yes
-       LIBS="$LIBS"
-       ;;
-    *-cygwin*)
-	OS='Cygwin'
-	OSDIR="os/cygwin"
-	CFLAGS="$CFLAGS -DCYGWIN"
-	DEF_WANTHSREGEX=yes
-	DBM_LIB="-lgdbm"
-	LIBS="$LIBS -lcrypt $DBM_LIB"
-	if [ "x$RULE_CYGWIN_WINSOCK" = "xyes" ]; then 
-	    CFLAGS="$CFLAGS -DCYGWIN_WINSOCK" 
-	    LIBS="$LIBS -lwsock32" 
-	fi 
-
-	;;
-    *atheos*)
-	DEF_WANTSREGEX=yes
-	OS='AtheOS'
-	CFLAGS="$CFLAGS -DATHEOS"
-	LIBS="$LIBS -lcrypt"
-	;;
-    *) # default: Catch systems we don't know about
-	OS='Unknown and unsupported OS'
-    	echo Sorry, but we cannot grok \"$PLAT\"
-	echo uname -m
-	uname -m
-	echo uname -r
-	uname -r
-	echo uname -s
-	uname -s
-	echo uname -v
-	uname -v
-	echo uname -X
-	uname -X
-	echo Ideally, read the file PORTING, do what it says, and send the
-	echo resulting patches to The Apache Group by filling out a report
-	echo form at http://bugs.apache.org/.  If you don\'t 
-	echo wish to do the port yourself, please submit this output rather 
-	echo than the patches. Thank you.
-	echo
-	echo Pressing on with the build process, but all bets are off.
-	echo Do not be surprised if it fails. If it works, and even
-	echo if it does not, please contact the above address.
-	echo
-	;;
-esac
-
-####################################################################
-## set this if we haven't
-##
-if [ "x${MAKE}" = "x" ]; then
-    MAKE='make'; export MAKE
-fi
-
-####################################################################
-## Show user what OS we came up with
-##
-echo " + configured for $OS platform"
-SUBDIRS="$OSDIR $SUBDIRS"
-
-####################################################################
-# Continue building the stub file
-# Set variables as soon as possible so that TestCompile can use them
-##
-echo >>Makefile.config "OSDIR=\$(SRCDIR)/$OSDIR"
-echo >>Makefile.config "INCDIR=\$(SRCDIR)/include"
-echo >>Makefile.config "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR)"
-echo >>Makefile.config "SHELL=$SHELL"
-echo >>Makefile.config "OS=$OS"
-
-####################################################################
-## And adjust/override WANTHSREGEX as needed
-##
-if [ "x$RULE_WANTHSREGEX" = "xdefault" ]; then
-	if [ "x$DEF_WANTHSREGEX" = "x" ]; then
-		RULE_WANTHSREGEX=yes
-	else
-		RULE_WANTHSREGEX=$DEF_WANTHSREGEX
-	fi
-fi
-
-####################################################################
-## Now we determine the C-compiler and optimization level
-## to use. Settings of CC and OPTIM in Configuration have
-## the highest precedence; next comes any settings from
-## the above "OS-specific" section. If still unset,
-## then we look for a known compiler somewhere in PATH
-##
-
-# First, look for a CC=<whatever> setting in Configuration (recall, we
-# copied these to Makefile.config)
-#
-# If $TCC is null, then no such line exists in Configuration
-#
-TCC=`egrep '^CC=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-if [ "x$TCC" = "x" ]; then
-    if [ "x$CC" = "x" ]; then
-	# At this point, CC is not set in Configuration or above, so we
-	# try to find one
-	for compilers in "gcc" "cc" "acc" "c89"
-	do
-	    lookedfor="$lookedfor $compilers"
-	    if ${SHELL} helpers/PrintPath -s $compilers; then
-		COMPILER="$compilers"
-		break
-	    fi
-	done
-	if [ "x$COMPILER" = "x" ]; then
-	    echo "Error: could not find any of these C compilers"
-	    echo " anywhere in your PATH: $lookedfor"
-	    echo "Configure terminated"
-	    exitcode=1
-	    exit 1
-	fi
-	CC=$COMPILER
-    fi
-    echo " + setting C compiler to $CC"
-fi
-
-####################################################################
-## Write the value of $CC to Makefile.config... We only do this
-## is not done already (ie: a 'CC=' line was in Configuration).
-## If there was an entry for it, then set $CC for our own internal
-## use.
-##
-if [ "x$TCC" = "x" ]; then
-    echo "CC=$CC" >> Makefile.config
-else
-    CC=$TCC
-fi
-
-####################################################################
-## Now check how we can _directly_ run the C pre-processor
-##
-TCPP=`egrep '^CPP=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-if [ "x$TCPP" != "x" ]; then
-    CPP=`CPP="$TCPP"; export CPP CC; ${SHELL} ./helpers/findcpp.sh`
-else
-    CPP=`export CC; ${SHELL} ./helpers/findcpp.sh`
-fi
-if [ "x$TCPP" = "x" ]; then
-    echo "CPP=$CPP" >> Makefile.config
-fi 
-echo " + setting C pre-processor to $CPP"
-
-####################################################################
-## Now check for existance of non-standard system header files
-## and start generation of the ap_config_auto.h header
-##
-AP_CONFIG_AUTO_H="include/ap_config_auto.h.new"
-echo "/*" >$AP_CONFIG_AUTO_H
-echo " *  ap_config_auto.h -- Automatically determined configuration stuff" >>$AP_CONFIG_AUTO_H
-echo " *  THIS FILE WAS AUTOMATICALLY GENERATED - DO NOT EDIT!" >>$AP_CONFIG_AUTO_H
-echo " */" >>$AP_CONFIG_AUTO_H
-echo "" >>$AP_CONFIG_AUTO_H
-echo "#ifndef AP_CONFIG_AUTO_H" >>$AP_CONFIG_AUTO_H
-echo "#define AP_CONFIG_AUTO_H" >>$AP_CONFIG_AUTO_H
-
-for uppercase in "tr [a-z] [A-Z]" "tr [:lower:] [:upper:]" "sed y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/"
-do
-  case `echo Apache | $uppercase` in
-    APACHE) break;;
-  esac
-done
-echo " + using \"$uppercase\" to uppercase"
-echo " + checking for system header files"
-CHECK_FOR_HEADERS="dlfcn.h dl.h bstring.h crypt.h unistd.h sys/resource.h sys/select.h sys/processor.h sys/param.h"
-(
-export CPP
-for header in $CHECK_FOR_HEADERS; do
-    echo "" >>$AP_CONFIG_AUTO_H
-    echo "/* check: #include <$header> */" >>$AP_CONFIG_AUTO_H
-    name="`echo $header | sed -e 's:/:_:g' -e 's:\.:_:g' | $uppercase`"
-    ${SHELL} ./helpers/checkheader.sh $header
-    if [ $? -eq 0 ]; then
-	echo "#ifndef HAVE_${name}" >>$AP_CONFIG_AUTO_H
-	echo "#define HAVE_${name} 1" >>$AP_CONFIG_AUTO_H
-	echo "#endif" >>$AP_CONFIG_AUTO_H
-    else
-	echo "#ifdef HAVE_${name}" >>$AP_CONFIG_AUTO_H
-	echo "#undef HAVE_${name}" >>$AP_CONFIG_AUTO_H
-	echo "#endif" >>$AP_CONFIG_AUTO_H
-    fi
-done
-)
-
-####################################################################
-# Special AIX 4.x support: need to check for sys/processor.h
-# to decide whether the Processor Binding can be used or not
-case "$PLAT" in
-    *-ibm-aix*)
-	CPP=$CPP ${SHELL} helpers/checkheader.sh sys/processor.h
-	if [ $? -eq 0 ]; then
-	    CFLAGS="$CFLAGS -DAIX_BIND_PROCESSOR"
-	fi
-	;;
-esac
-
-####################################################################
-## Look for OPTIM and save for later
-##
-TOPTIM=`egrep '^OPTIM=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TRANLIB=`egrep '^RANLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TTARGET=`egrep '^TARGET=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-
-####################################################################
-## Check for user provided flags for shared object support
-##
-TLD_SHLIB=`egrep '^LD_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TLDFLAGS_SHLIB=`egrep '^LDFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TLDFLAGS_MOD_SHLIB=`egrep '^LDFLAGS_MOD_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TLDFLAGS_SHLIB_EXPORT=`egrep '^LDFLAGS_SHLIB_EXPORT=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TCFLAGS_SHLIB=`egrep '^CFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-
-####################################################################
-## Handle TARGET name
-##
-if [ "x$TTARGET" = "x" ]; then
-    TARGET=httpd
-    echo "TARGET=$TARGET" >> Makefile.config
-else
-    TARGET=$TTARGET
-fi
-if [ "x$TARGET" != "xhttpd" ]; then
-    echo " + using custom target name: $TARGET"
-    CFLAGS="$CFLAGS -DTARGET=\\\"$TARGET\\\""
-fi
-
-####################################################################
-## We adjust now CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT as
-## required.  For more platforms just add the required lines below.
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    LD_SHLIB="ld"
-    DEF_SHARED_CORE=no
-    DEF_SHARED_CHAIN=no
-    SHLIB_SUFFIX_NAME=so
-    SHMOD_SUFFIX_NAME=so
-    SHLIB_SUFFIX_DEPTH=all
-    SHLIB_EXPORT_FILES=no
-    SHARED_CORE_EP='lib$(TARGET).ep'
-    SHCORE_IMPLIB=''
-    case "$PLAT" in
-	*MPE/iX*)
-	    LD_SHLIB=ld	
-	    LDFLAGS_SHLIB='-b -a archive'
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    ;;
-	*-linux1)
-	    CFLAGS_SHLIB="-fpic"
-	    LDFLAGS_SHLIB="-Bshareable"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-rdynamic"
-	    ;;
-	*-linux2*)
-		LD_SHLIB="gcc"
-	    CFLAGS_SHLIB="-fpic"
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-rdynamic"
-	    SHLIB_SUFFIX_DEPTH=0
-	    ;;
-	*-freebsd2*)
-		LD_SHLIB="gcc"
-	    CFLAGS_SHLIB="-fpic"
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=2
-	    ;;
-	*-freebsd[3-9]*)
-		LD_SHLIB="gcc"
-	    CFLAGS_SHLIB="-fpic"
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    OBJFORMAT=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` 
-	    if [ "x$OBJFORMAT" = "xelf" ]; then
-		LDFLAGS_SHLIB_EXPORT="-Wl,-E"
-		SHLIB_SUFFIX_DEPTH=0
-	    else
-		LDFLAGS_SHLIB_EXPORT=""
-		SHLIB_SUFFIX_DEPTH=2
-	    fi  
-	    ;;
-	*-openbsd*)
-	    PLATOSVERS=`echo $PLAT | sed 's/^.*openbsd//'`
-	    CFLAGS_SHLIB="-fPIC"
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=2
-	    case "$PLATOSVERS" in
-		[01].*|2.[0-7]|2.[0-7].*)
-		   LDFLAGS_SHLIB="-Bshareable"
-		;;
-		*)
-		   LD_SHLIB="gcc"
-		   LDFLAGS_SHLIB="-shared \$(CFLAGS_SHLIB)"
-		   if [ -z "`echo __ELF__ | ${CC} -E - | grep __ELF__`" ]; then
-		     LDFLAGS_SHLIB_EXPORT="-Wl,-E"
-		   fi
-		;;
-	    esac
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    ;;
-	*-netbsd*)
-	    CFLAGS_SHLIB="-fPIC -DPIC"
-	    if echo __ELF__ | ${CC} -E - | grep -q __ELF__; then
-		LDFLAGS_SHLIB="-Bshareable"
-		LDFLAGS_SHLIB_EXPORT=""
-	    else
-		LDFLAGS_SHLIB="-shared"
-		LDFLAGS_SHLIB_EXPORT="-Wl,-E"
-	    fi
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    SHLIB_SUFFIX_DEPTH=2
-	    ;;
-	*-bsdi3)
-	    LD_SHLIB="shlicc2"
-	    LDFLAGS_SHLIB="-r"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    ;;
-	*-bsdi)
-	    CFLAGS_SHLIB="-fPIC"
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-rdynamic"
-	    ;;
- 	*-next-openstep*)
- 	    LD_SHLIB='cc'
- 	    CFLAGS_SHLIB='-dynamic -fno-common'
- 	    LDFLAGS_SHLIB='-bundle -undefined warning'
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
- 	    LDFLAGS_SHLIB_EXPORT=''
- 	    SHLIB_SUFFIX_DEPTH=0
- 	    ;;
-	*-apple-rhapsody* | *-apple-darwin* )
-	    LD_SHLIB="cc"
-	    CFLAGS_SHLIB=""
-	    case "$PLAT" in
-		*-apple-rhapsody* | *-apple-darwin1.[0-3]* )
-		    LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined suppress'
-		    ;;
-		* )
-		    LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined suppress -flat_namespace'
-		    ;;
-	    esac
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=0
-	    ;;
-	*-solaris2*)
-	    if [ "x`$CC -v 2>&1 | grep gcc`" != "x" ]; then
-	        CFLAGS_SHLIB="-fPIC"
-	    else
-	        CFLAGS_SHLIB="-KPIC"
-	    fi
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=1
-	    ;;
-	*-sunos4*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fPIC" ;;
-		*/acc|acc ) CFLAGS_SHLIB="-pic" ;;
-	    esac
-	    LDFLAGS_SHLIB="-assert pure-text"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-sgi-irix32)
-	    case $CC in
-		*/gcc|gcc )
-		    CFLAGS_SHLIB="-fpic"
-		    N32FLAG=""
-		    ;;
-		*/cc|cc )
-		    CFLAGS_SHLIB="-KPIC"
-		    N32FLAG="-n32"
-		    ;;
-	    esac
-	    if [ "x$RULE_IRIXN32" = "xyes" ]; then
-		LDFLAGS_SHLIB="$N32FLAG -shared"
-	    else
-		LDFLAGS_SHLIB="-shared"
-	    fi
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-sgi-irix64)
-	    case $CC in
-		*/gcc|gcc )
-		    CFLAGS_SHLIB="-fpic"
-		    N32FLAG=""
-		    ;;
-		*/cc|cc )
-		    CFLAGS_SHLIB="-KPIC"
-		    N32FLAG="-n32"
-		    ;;
-	    esac
-	    if [ "x$RULE_IRIXN32" = "xyes" ]; then
-		LDFLAGS_SHLIB="$N32FLAG -shared"
-	    else
-		LDFLAGS_SHLIB="-shared"
-	    fi
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-sgi-irix)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-dec-osf*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="" ;;
-	    esac
-	    LDFLAGS_SHLIB='-shared -expect_unresolved "*" -s'
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-unixware*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-Bdynamic -G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
-	    ;;
-	*-OpenUNIX*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-Bdynamic -G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
-	    LD_SHLIB=$CC
-	    ;;
-	 *-sco5*)
-	     case $CC in
-		 */gcc*|gcc* ) CFLAGS_SHLIB="-fpic" ;;
-		 */cc*|cc*   ) CFLAGS_SHLIB="-KPIC" ;;
-	     esac
-	     LDFLAGS_SHLIB="-G"
-	     LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	     SHLIB_SUFFIX_DEPTH=1
-	     ;;
-	*-sequent-ptx*)
-	    case $PLAT in
-	       *-sequent-ptx2*)
-	           ;;
-	       *-sequent-ptx4.0*)
-	           ;;
-	       *-sequent-ptx*)
-	           CFLAGS_SHLIB="-KPIC"
-	           LDFLAGS_SHLIB="-G"
-	           LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
-	           LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	           ;;
-	    esac
-	    ;;
-	RM*-siemens-sysv4*)
-	    # MIPS hosts can take advantage of the LDFLAGS_SHLIB_EXPORT switch
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-Blargedynsym"
-	    ;;
-	BS2000-siemens-sysv4*)
-	    CFLAGS_SHLIB="-K PIC"
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=0
-	    DEF_SHARED_CORE=no
-	    ;;
-	*-siemens-sysv4*)
-	    # Older SINIX machines must be linked as "shared core"-Apache
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*)          CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=0
-	    DEF_SHARED_CORE=yes
-	    ;;
-	*-sysv4*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    DEF_SHARED_CORE=yes
-	    ;;
-	*-hp-hpux9.*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="+z" ;;
-	    esac
-	    LDFLAGS_SHLIB="-b"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-E -Wl,-B,deferred"
-	    SHLIB_SUFFIX_NAME=sl
-	    ;;
-	*-hp-hpux10.*|*-hp-hpux11.*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="+z" ;;
-	    esac
-	    LDFLAGS_SHLIB="-b"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-E -Wl,-B,deferred -Wl,+s"
-	    SHLIB_SUFFIX_NAME=sl
-	    ;;
-       ia64-ibm-aix*)
-           case $CC in
-               */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-               */cc|cc   ) CFLAGS_SHLIB="" ;;
-           esac
-           LDFLAGS_SHLIB=" -L /usr/lib/ia64l32 -G "
-           LDFLAGS_MOD_SHLIB="$LDFLAGS_SHLIB -bI:@libexecdir@/httpd.exp -lc"
-           LDFLAGS_SHLIB="$LDFLAGS_SHLIB -Bexport:\`echo \$@|sed -e 's:\.so\$\$:.exp:'\`"
-           LDFLAGS_SHLIB="$LDFLAGS_SHLIB -lc"
-           LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport:\$(SRCDIR)/support/httpd.exp"
-           SHLIB_EXPORT_FILES=yes
-           ;;
-	*-ibm-aix*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="" ;;
-	    esac
-	    case $PLAT in
-		*-ibm-aix[45678]*)
-		    LDFLAGS_SHLIB="-H512 -T512 -bhalt:4 -bM:SRE -bnoentry"
-		    ;;
-		*-ibm-aix*)
-		    LDFLAGS_SHLIB="-H512 -T512 -bhalt:4 -bM:SRE -e _nostart"
-		    ;;
-	    esac
-	    LDFLAGS_MOD_SHLIB="$LDFLAGS_SHLIB -bI:@libexecdir@/httpd.exp -lc"
-	    LDFLAGS_SHLIB="$LDFLAGS_SHLIB -bI:\$(SRCDIR)/support/httpd.exp "
-	    LDFLAGS_SHLIB="$LDFLAGS_SHLIB -bE:\`echo \$@|sed -e 's:\.so\$\$:.exp:'\`"
-	    LDFLAGS_SHLIB="$LDFLAGS_SHLIB -lc"
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-bE:\$(SRCDIR)/support/httpd.exp"
-	    SHLIB_EXPORT_FILES=yes
-	    ;;
-	*-*-powermax*)
-	    LD_SHLIB='cc'
-	    LDFLAGS_SHLIB="-Zlink=so"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Zlink=dynamic -Wl,-Bexport"
-	    CFLAGS_SHLIB='-Zpic'
-	    ;;
-	*-OS/2*)
-	    DEF_SHARED_CORE=yes
-	    LDFLAGS_SHLIB="`echo $LDFLAGS|sed -e s/-Zexe//` -Zdll"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    SHLIB_SUFFIX_NAME=dll
-	    SHMOD_SUFFIX_NAME=dll
-	    SHLIB_SUFFIX_DEPTH=0
-	    LD_SHLIB=$CC
-	    LD_SHCORE_DEF="ApacheCoreOS2.def"
-	    LD_SHCORE_LIBS="$LIBS"
-	    LIBS_SHLIB='$(SRCDIR)/ApacheCoreOS2.a -lsocket -lbsd $(EXTRA_LIBS)'
-	    SHARED_CORE_EP=''
-	    SHCORE_IMPLIB='ApacheCoreOS2.a'
-	    OS_MODULE_INCLUDE='Makefile.OS2'
-	    ;;
-	*-dgux)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-	    esac
-	    DEF_SHARED_CORE=yes
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-            ;;
-	*-cygwin*)
-	    DEF_SHARED_CORE=yes
-	    LDFLAGS_SHLIB="--export-all"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    SHLIB_SUFFIX_NAME=dll
-	    SHMOD_SUFFIX_NAME=dll
-	    SHLIB_SUFFIX_DEPTH=0
-	    LD_SHLIB='dllwrap'
-	    LD_SHCORE_DEF=''
-	    LD_SHCORE_LIBS="$LIBS"
-	    LIBS_SHLIB='$(EXTRA_LIBS)'
-	    SHARED_CORE_EP='lib$(TARGET).ep'
-	    SHCORE_IMPLIB='lib$(TARGET).dll'
-	    OS_MODULE_INCLUDE='$(SRCDIR)/modules/standard/Makefile.Cygwin'
-	    ;;
-	*)
-	    ##  ok, no known explict support for shared objects
-	    ##  on this platform, but we give not up immediately.
-	    ##  We take a second chance by guessing the compiler
-	    ##  and linker flags from the Perl installation
-	    ##  if it exists.
-	    PERL=
-	    for dir in `echo $PATH | sed -e 's/:/ /g'`
-	    do
-		if [ -f "$dir/perl5" ]; then
-		    PERL="$dir/perl5"
-		    break
-		fi
-		if [ -f "$dir/perl" ]; then
-		    PERL="$dir/perl"
-		    break
-		fi
-	    done
-	    if [ "x$PERL" != "x" ]; then
-		#   cool, Perl is installed on this platform...
-		if [ "x`$PERL -V:dlsrc 2>/dev/null | grep dlopen`" != "x" ]; then
-		    #   ...and actually uses the dlopen-style interface,
-		    #   so we can guess the flags from its knowledge
-		    CFLAGS_SHLIB="`$PERL -V:cccdlflags | cut -d\' -f2`"
-		    LDFLAGS_SHLIB="`$PERL -V:lddlflags | cut -d\' -f2`"
-		    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-		    LDFLAGS_SHLIB_EXPORT="`$PERL -V:ccdlflags | cut -d\' -f2`"
-		    #   but additionally we have to inform the
-		    #   user that we are just guessing the flags
-		    echo ""
-		    echo "** WARNING: We have no explicit knowledge about shared object"
-		    echo "** support for your particular platform. But perhaps you have"
-		    echo "** luck: We were able to guess the compiler and linker flags"
-		    echo "** for creating shared objects from your Perl installation."
-		    echo "** If they actually work, please send the following information"
-		    echo "** for inclusion into later releases to new-httpd@apache.org or make"
-		    echo "** a suggestion report at http://bugs.apache.org/:"
-		    echo "**     PLATFORM=$PLAT"
-		    echo "**     CFLAGS_SHLIB=$CFLAGS_SHLIB"
-		    echo "**     LDFLAGS_SHLIB=$LDFLAGS_SHLIB"
-		    echo "**     LDFLAGS_SHLIB_EXPORT=$LDFLAGS_SHLIB_EXPORT"
-		    echo ""
-		fi
-	    fi
-	    ;;
-    esac
-fi
-
-####################################################################
-## Check if we really have some information to compile
-## the shared objects if SharedModule was used.
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    if [ "x$TCFLAGS_SHLIB"  = "x" -a "x$CFLAGS_SHLIB"  = "x"  -a \
-	 "x$TLDFLAGS_SHLIB" = "x" -a "x$LDFLAGS_SHLIB" = "x" ]; then
-	echo ""
-	echo "** FAILURE: Sorry, no shared object support available."
-	echo "** Either compile all modules statically (use AddModule instead"
-	echo "** of SharedModule in the Configuration file) or at least provide"
-	echo "** us with the appropriate compiler and linker flags via the"
-	echo "** CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT entries"
-	echo "** in the Configuration file."
-	echo ""
-	exit 1
-    fi
-fi
-
-####################################################################
-## Now we do some OS specific adjustments... for some OSs, we need
-## to adjust CFLAGS and/or OPTIM depending on which compiler we
-## are going to use. This is easy, since this can be gleamed from
-## Makefile.config
-##
-case "$OS" in
-    'ULTRIX')
-	case "$CC" in
-	    */cc|cc ) CFLAGS="$CFLAGS -std" ;;
-	esac
-	;;
-    'SCO 5')
-	case "$CC" in
-	    */cc|cc ) CFLAGS="$CFLAGS -K noinline" ;;
-	esac
-	;;
-    'HI-UX')
-	case "$CC" in
-	    */cc|cc )
-		CFLAGS="$CFLAGS -Aa -Ae -D_HIUX_SOURCE"
-		OPTIM=" "
-		TOPTIM=""
-	    ;;
-	esac
-	;;
-    'HP-UX'|'HP-UX 10'|'HP-UX 11')
-	case "$CC" in
-	    */cc|cc )
-		CFLAGS="$CFLAGS -Aa -Ae -D_HPUX_SOURCE"
-		OPTIM=" "
-		TOPTIM=""
-	    ;;
-	esac
-	;;
-    *IRIX-64*)
-	if [ "x$RULE_IRIXN32" = "xyes" ]; then
-	    case "$CC" in
-		*/cc|cc )
-		    CFLAGS="$CFLAGS -n32"
-		    LDFLAGS="$LDFLAGS -n32"
-		;;
-	    esac
-	fi
-	;;
-    *IRIX-32*)
-	if [ "x$RULE_IRIXN32" = "xyes" ]; then
-	    case "$CC" in
-		*/cc|cc )
-		    CFLAGS="$CFLAGS -n32"
-		    LDFLAGS="$LDFLAGS -n32"
-		;;
-	    esac
-	fi
-	;;
-    IBM?AIX?4.[123])
-	case $CC in
-	    */cc|cc ) 
-		CFLAGS="$CFLAGS -qnogenpcomp -qnousepcomp"
-	    ;;
-	esac
-	;;
-    'IBM AIX IA64')
-       case $CC in
-           */cc|cc )
-               CFLAGS="$CFLAGS -qnogenpcomp -qnousepcomp"
-           ;;
-       esac
-       ;;
-esac
-
-####################################################################
-## OK, now we can write OPTIM
-##
-if [ "x$TOPTIM" = "x" ]; then
-    echo "OPTIM=$OPTIM" >> Makefile.config
-fi
-
-####################################################################
-## OK, now handle RANLIB
-##
-if [ "x$RANLIB" = "x" ]; then
-    if [ "x$TRANLIB" != "x" ]; then
-	RANLIB=$TRANLIB
-    else
-	if ${SHELL} helpers/PrintPath -s ranlib; then
-	    RANLIB="ranlib"
-	else
-	    RANLIB="true"
-	fi
-    fi
-fi
-
-####################################################################
-## Now we do some general checks and some intelligent Configuration
-## control.
-
-# Use TestCompile to look for various LIBS
-case "$PLAT" in
-    *-linux*)
-	# newer systems using glibc 2.x need -lcrypt
-	if ${SHELL} helpers/TestCompile lib crypt; then
-	    LIBS="$LIBS -lcrypt"
-	fi
-	;;
-
-    *-dg-dgux*)
-	# R4.11MU02 requires -lsocket -lnsl ... no idea if it's earlier or
-	# later than what we already knew about.  PR#732
-	if ${SHELL} helpers/TestCompile lib nsl; then
-	    LIBS="$LIBS -lnsl"
-	    TLIB='-lnsl'
-	fi
-	if TLIB=$TLIB ${SHELL} helpers/TestCompile lib socket; then
-	    LIBS="-lsocket $LIBS"
-	fi
-	;;
-    BS2000*-siemens-sysv4*)
-	# Activate RISC compilation if this is a SR2000 machine
-	# (test written by Thomas Dorner <Thomas.Dorner@start.de>
-	# for perl5 port):
-	ISSR2000="`bs2cmd SHOW-SYSTEM-INFO | grep 'HSI-ATT'`"
-	case "$ISSR2000" in
-	    *TYPE*SR*)
-	        CFLAGS="$CFLAGS -Krisc_4000"
-	        ;;
-	esac
-	# Depending on the BS2000 OS and compiler/crte release,
-	# -lnsl may be available (or may be not).
-	# In standard SVR4 systems, -lsocket relies on some symbols
-	# from -lnsl, so the test for -lnsl must appear first.
-	if ${SHELL} helpers/TestCompile lib nsl; then
-	    LIBS="$LIBS -lnsl"
-	    TLIB='-lnsl'
-	fi
-	if TLIB=$TLIB ${SHELL} helpers/TestCompile lib socket; then
-	    LIBS="-lsocket $LIBS"
-	fi
-	# Auto-detect presence of libdl for dynamic loading
-	if ${SHELL} ./helpers/TestCompile lib dl; then
-	    if ${SHELL} ./helpers/TestCompile func dlopen; then
-		LIBS="$LIBS -ldl"
-		TLIB='-ldl'
-    	   fi
-	fi
-	# Test for the presence of the "union semun":
-	if TCADDINCL='#include <sys/types.h>
-#include <sys/ipc.h>
-#include <sys/sem.h>' ${SHELL} helpers/TestCompile sizeof "union semun"; then
-            : Okay, union semun is defined
-	else
-	    CFLAGS="$CFLAGS -DNEED_UNION_SEMUN"
-	fi
-	# Test for the presence of the _rini_struct typedef:
-	if TCADDINCL='#include <pwd.h>' ${SHELL} ./helpers/TestCompile sizeof _rini_struct; then
-	    CFLAGS="$CFLAGS -DHAVE_RINI_STRUCT"
-	fi
-	# Test whether initgroups() must be emulated:
-	if ${SHELL} helpers/TestCompile func initgroups; then
-	    :
-	else
-	    CFLAGS="$CFLAGS -DNEED_INITGROUPS"
-	fi
-	;;
-esac
-
-# SOCKS4 support:
-# We assume that if they are using SOCKS4, then they've
-# adjusted EXTRA_LIBS and/or EXTRA_LDFLAGS as required,
-# otherwise we assume "-L/usr/local/lib -lsocks"
-if [ "x$RULE_SOCKS4" = "xyes" ]; then
-    echo " + enabling SOCKS4 support"
-    CFLAGS="$CFLAGS -DSOCKS -DSOCKS4"
-    CFLAGS="$CFLAGS -Dconnect=Rconnect -Dselect=Rselect"
-    CFLAGS="$CFLAGS -Dgethostbyname=Rgethostbyname"
-    if [ "x`egrep '^EXTRA_L' Makefile.config | grep lsocks`" = "x" ]; then
-	LIBS="$LIBS -L/usr/local/lib -lsocks"
-    fi
-    case $PLAT in
-	*-solaris2* )
-	    LIBS="$LIBS -lresolv"
-	    ;;
-    esac
-fi
-
-# SOCKS5 support:
-# We assume that if they are using SOCKS5, then they've
-# adjusted EXTRA_LIBS and/or EXTRA_LDFLAGS as required,
-# otherwise we assume "-L/usr/local/lib -lsocks5"
-if [ "x$RULE_SOCKS5" = "xyes" ]; then
-    echo " + enabling SOCKS5 support"
-    CFLAGS="$CFLAGS -DSOCKS -DSOCKS5"
-    CFLAGS="$CFLAGS -Dconnect=SOCKSconnect -Dselect=SOCKSselect"
-    CFLAGS="$CFLAGS -Dgethostbyname=SOCKSgethostbyname -Dclose=SOCKSclose"
-    if [ "x`egrep '^EXTRA_L' Makefile.config | grep lsocks5`" = "x" ]; then
-	LIBS="$LIBS -L/usr/local/lib -lsocks5"
-    fi
-    case $PLAT in
-	*-solaris2* )
-	    LIBS="$LIBS -lresolv"
-	    ;;
-    esac
-fi
-
-# INET6 support.
-if [ "$RULE_INET6" = "yes" ]; then
-    echo " + enabling INET6 support"
-    CFLAGS="$CFLAGS -DINET6"
-    CFLAGS="$CFLAGS -Dss_family=__ss_family -Dss_len=__ss_len"
-    IPV6_STACKTYPE=KAME
-fi
-
-echo '#include <sys/types.h>' >testfunc.c
-echo '#include <sys/socket.h>' >>testfunc.c
-echo 'int testfunc(){ struct sockaddr sa; int i = sa.sa_len; };' >>testfunc.c
-rm -f testfunc.o
-eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
-if [ -f testfunc.o ]; then
-    echo " + you have sa_len in struct sockaddr."
-    CFLAGS="$CFLAGS -DHAVE_SOCKADDR_LEN"
-else
-    echo " + you don't have sa_len in struct sockaddr."
-fi
-rm -f testfunc.c testfunc.o
-
-echo '#include <sys/types.h>' >testfunc.c
-echo '#include <sys/socket.h>' >>testfunc.c
-echo 'struct sockaddr_storage sockaddr_storage;' >>testfunc.c
-rm -f testfunc.o
-eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
-if [ -f testfunc.o ]; then
-    echo " + assuming you have struct sockaddr_storage"
-else
-    CFLAGS="$CFLAGS -DNEED_SOCKADDR_STORAGE"
-    echo " + you need struct sockaddr_storage"
-fi
-rm -f testfunc.c testfunc.o
-
-echo '#include <sys/types.h>' >testfunc.c
-echo '#include <sys/socket.h>' >>testfunc.c
-echo 'int testfunc(){ socklen_t t; }' >>testfunc.c
-rm -f testfunc.o
-eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
-if [ ! -f testfunc.o ]; then
-    CFLAGS="$CFLAGS -Dsocklen_t=int"
-fi
-rm -f testfunc.c testfunc.o
-
-echo '#include <sys/types.h>' >testfunc.c
-echo '#include <sys/socket.h>' >>testfunc.c
-echo 'struct sockaddr_in sin;' >>testfunc.c
-echo 'int main(){ int i = sin.sin_len; }' >>testfunc.c
-rm -f testfunc.o
-eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
-if [ -f testfunc.o ]; then
-    CFLAGS="$CFLAGS -DSIN_LEN"
-fi
-rm -f testfunc.c testfunc.o
-
-
-####################################################################
-## Find out what modules we want and try and configure things for them
-## Module lines can look like this:
-##
-##  Module  name_module    some/path/mod_name[.[oa]]
-##  AddModule              some/path/mod_name[.[oa]]
-##
-## In both cases, the some/path can either be an arbitrary path (including
-## an absolute path), or a path like "modules/DIR", in which case we _might_
-## auto-generate a Makefile in modules/DIR (see later).
-##
-## The first case is the original style, where we give the module's
-## name as well as it's binary file location - either a .o or .a.
-##
-## The second format is new, and means we do not repeat the module
-## name, which is already part of the module source or definition.
-## The way we find the module name (and other optional information about
-## the module) is like this:
-##
-##  1 If extension is not given or is .c, assume .o was given and goto 3
-##  2 If extension is .module, go to D1
-##  3 If extension is .o, look for a corresponding .c file and if
-##      found, go to C1
-##  4 If no .c file was found, look for a .module file (Apache module
-##      definition file). If found, go to D1
-##  5 Assume module name is the "name" part of "mod_name", as in
-##      name_module.
-##
-## If a C file is found:
-##
-## C1 Look for module name given by an MODULE: line (e.g. MODULE: name_module)
-##      If found assume module contains a definition, and go to D1
-## C2 If not found, look for a module name given on the declaration of the
-##      module structure (e.g. module name_module).
-## C3 If neither given, go to 4 above.
-##
-## If a definition file is found, or a .c file includes a module definition:
-##
-## D1 Get the module name from the MODULE: name= line
-## D2 Get other module options (libraries etc). To be done later.
-##
-##
-## For now, we will convert the AddModule lines into Module format
-## lines, so the rest of Configure can do its stuff without too much
-## additional hackery. It would be nice to reduce the number of times
-## we have to awk the $tmpfile, though.
-
-## MODFILES contains a list of module filenames (could be .c, .o, .so, .a
-##    or .module files) from AddModule lines only
-## MODDIRS contains a list of subdirectories under 'modules' which
-##    contain modules we want to build from both AddModule and Module
-##    lines
-
-echo " + adding selected modules"
-
-MODFILES=`awk <$tmpfile '($1 == "AddModule" || $1 == "SharedModule") { printf "%s ", $2 }'`
-MODDIRS=`awk < $tmpfile '
-	($1 == "Module" && $3 ~ /^modules\//) {
-	    split ($3, pp, "/")
-	    if (! SEEN[pp[2]]) {
-		printf "%s ", pp[2]
-		SEEN[pp[2]] = 1
-	    }
-    	}
-	(($1 == "AddModule" || $1 == "SharedModule") && $2 ~ /^modules\//) { 
-	    split ($2, pp, "/")
-	    if (! SEEN[pp[2]]) {
-		printf "%s ", pp[2]
-		SEEN[pp[2]] = 1
-	    } 
-    	}'`
-MODDIRS_NO_SO=`awk < $tmpfile '
-	($1 == "Module" && $3 ~ /^modules\//) {
-	    split ($3, pp, "/")
-	    if (! SEEN[pp[2]]) {
-		printf "%s ", pp[2]
-		SEEN[pp[2]] = 1
-	    }
-    	}
-	(($1 == "AddModule") && $2 ~ /^modules\//) { 
-	    split ($2, pp, "/")
-	    if (! SEEN[pp[2]]) {
-		printf "%s ", pp[2]
-		SEEN[pp[2]] = 1
-	    } 
-    	}'`
-
-# Now autoconfigure each of the modules specified by AddModule.
-# Use tmpfile2 for the module definition file, and tmpfile3 for the
-# shell commands to be executed for this module.
-
-for modfile in $MODFILES ; do
-	rm -f $tmpfile2 $tmpfile3
-	modname=''
-
-	ext=`echo $modfile | sed 's/^.*\.//'`
-	modbase=`echo $modfile | sed 's/\.[^.]*$//'`
-	if [ "x$ext" = "x$modfile" ]; then ext=o; modbase=$modfile; modfile=$modbase.o; fi
-	if [ "x$ext" = "x" ] ; then ext=o; modbase=$modfile; fi
-	if [ "x$ext" = "xc" ] ; then ext=o; fi
-
-	# modbase is the path+filename without extension, ext is the
-	# extension given, or if none, o
-	if [ -r $modbase.module ] ; then
-		$CAT $modbase.module > $tmpfile2
-	else
-	    if [ -f $modbase.c ] ; then
-		# Guess module structure name in case there is no
-		# module definition in this file
-		modname=`egrep '^module .*;' $modbase.c | head -1 |\
-			sed 's/^module.*[ 	][ 	]*//' | \
-			sed 's/[ 	]*;[ 	]*$//'`
-		# Get any module definition part
-		if grep "MODULE-DEFINITION-" $modbase.c > /dev/null; then
-		$CAT $modbase.c | \
-		sed '1,/MODULE-DEFINITION-START/d;/MODULE-DEFINITION-END/,$d' \
-			> $tmpfile2
-		fi
-	    fi
-	fi		
-	if [ -r $tmpfile2 ] ; then
-		# Read a module definition from .module or .c
-		modname=`grep "Name:" $tmpfile2 | sed 's/^.*Name:[ 	]*//'`
-		if grep "ConfigStart" $tmpfile2 > /dev/null \
-		 && grep "ConfigEnd" $tmpfile2 > /dev/null; then
-		    sed '1,/ConfigStart/d;/ConfigEnd/,$d' $tmpfile2 > \
-		     $tmpfile3
-		    echo "    o $modname uses ConfigStart/End"
-		    if [ "x$RULE_PARANOID" = "xyes" ]; then
-			sed 's/^/>> /' $tmpfile3
-		    fi
-		    . ./$tmpfile3
-		fi
-		if grep "Libs:" $tmpfile2 > /dev/null; then
-		    modlibs1=`grep Libs: $tmpfile2 | sed 's/^.*Libs:[ 	]*//'`
-		    echo "    o $modbase adds libraries: $modlibs1"
-		    modlibs="$modlibs $modlibs1"
-		fi
-		rm -f $tmpfile2 $tmpfile3
-		if [ "x$ext" != "x$SHMOD_SUFFIX_NAME" ]; then
-		    ext=o
-		fi
-	fi
-	if [ "x$modname" = "x" ] ; then
-		modname=`echo $modbase | sed 's/^.*\///' | \
-			sed 's/^mod_//' | sed 's/^lib//' | sed 's/$/_module/'`
-	fi
-	if [ "x$ext" != "x$SHMOD_SUFFIX_NAME" ]; then
-		echo "Module $modname $modbase.$ext" >>$tmpfile
-	fi
-	#   optionally generate export file for some linkers 
-	if [ "x$ext" = "x$SHMOD_SUFFIX_NAME" -a "x$SHLIB_EXPORT_FILES" = "xyes" ]; then
-		echo "$modname" >$modbase.exp
-	fi
-done
-# $tmpfile now contains Module lines for all the modules we want
-
-####################################################################
-## Now HS's POSIX regex implementation if needed/wanted. We do it
-## now since AddModule may have changed it
-##
-if [ "x$RULE_WANTHSREGEX" = "xyes" ]; then
-    REGLIB="regex/libregex.a"
-    SUBDIRS="regex $SUBDIRS"
-    CFLAGS="$CFLAGS -DUSE_HSREGEX"
-fi
-
-####################################################################
-## Extended API (EAPI) support:
-##
-if [ "x$RULE_EAPI" = "x" ]; then
-    RULE_EAPI=`${SHELL} helpers/CutRule EAPI $file`
-fi
-if [ "x$RULE_EAPI" = "xyes" ]; then
-    echo " + enabling Extended API (EAPI)"
-    CFLAGS="$CFLAGS -DEAPI"
-    #   some vendor compilers are too restrictive
-    #   for our ap_hook and ap_ctx sources.
-    case "$OS:$CC" in
-        *IRIX-32*:*/cc|*IRIX-32*:cc )
-            CFLAGS="$CFLAGS -woff 1048,1110,1164"
-            ;;
-    esac
-    #   MM Shared Memory Library support for EAPI
-    if [ "x$EAPI_MM" = "x" ]; then
-        EAPI_MM=`egrep '^EAPI_MM=' $file | sed -n -e '$p' | awk -F= '{print $2}'`
-    fi
-    if [ "x$EAPI_MM" != "x" ]; then
-        case $EAPI_MM in
-            SYSTEM|/* ) ;;
-            * ) for p in . .. ../..; do
-                    if [ -d "$p/$EAPI_MM" ]; then
-                        EAPI_MM="`echo $p/$EAPI_MM | sed -e 's;/\./;/;g'`" 
-                        break
-                    fi
-                done
-                ;;
-        esac
-        if [ "x$EAPI_MM" = "xSYSTEM" ]; then
-            echo "   using MM library for EAPI: (system-wide)"
-            CFLAGS="$CFLAGS -DEAPI_MM"
-            __INCLUDES="`mm-config --cflags`"
-            if [ "x$__INCLUDES" != "x-I/usr/include" ]; then
-                INCLUDES="$INCLUDES $__INCLUDES"
-            fi
-            LDFLAGS="$LDFLAGS `mm-config --ldflags`"
-            LIBS="$LIBS `mm-config --libs`"
-        else
-            if [ -f "$EAPI_MM/.libs/libmm.a" -a -f "$EAPI_MM/mm.h" ]; then
-                echo "   using MM library: $EAPI_MM (source-tree only)"
-                case $EAPI_MM in
-                    /* ) ;;
-                    *  ) EAPI_MM="\$(SRCDIR)/$EAPI_MM" ;;
-                esac
-                CFLAGS="$CFLAGS -DEAPI_MM"
-                INCLUDES="$INCLUDES -I$EAPI_MM"
-                LDFLAGS="$LDFLAGS -L$EAPI_MM/.libs"
-                LIBS="$LIBS -lmm"
-            elif [ -f "$EAPI_MM/bin/mm-config" ]; then
-                echo "   using MM library: $EAPI_MM (installed)"
-                CFLAGS="$CFLAGS -DEAPI_MM"
-                INCLUDES="$INCLUDES `$EAPI_MM/bin/mm-config --cflags`"
-                LDFLAGS="$LDFLAGS `$EAPI_MM/bin/mm-config --ldflags`"
-                LIBS="$LIBS `$EAPI_MM/bin/mm-config --libs`"
-            else
-                echo "Configure:Error: Cannot find MM library under $EAPI_MM" 1>&2
-                exit 1
-            fi
-        fi
-    fi
-fi
-
-
-####################################################################
-## Add in the Expat library if needed/wanted.
-##
-
-# set the default, based on whether expat-lite is bundled. if it is present,
-# then we can always include expat.
-if [ "x$RULE_EXPAT" = "xdefault" ]; then
-    if [ -d ./lib/expat-lite/ ]; then
-        RULE_EXPAT=yes
-    else
-        RULE_EXPAT=no
-    fi
-fi
-
-if [ "x$RULE_EXPAT" = "xyes" ]; then
-    if ${SHELL} ./helpers/TestCompile lib expat; then
-        echo " + using system Expat"
-        LIBS="$LIBS -lexpat"
-    else
-        if [ ! -d ./lib/expat-lite/ ]; then
-            echo "ERROR: RULE_EXPAT set to \"yes\" but is not available."
-	    exit 1
-        fi
-        echo " + using builtin Expat"
-        EXPATLIB="lib/expat-lite/libexpat.a"
-        APLIBDIRS="expat-lite $APLIBDIRS"
-        CFLAGS="$CFLAGS -DUSE_EXPAT -I\$(SRCDIR)/lib/expat-lite"
-    fi
-fi
-
-####################################################################
-## Now the SHARED_CHAIN stuff
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    if [ "x$RULE_SHARED_CHAIN" = "xdefault" ] ; then
-	RULE_SHARED_CHAIN=$DEF_SHARED_CHAIN
-    fi
-    if [ "x$RULE_SHARED_CHAIN" = "xyes" ]; then
-	echo " + enabling DSO files to be linked against others"
-	#   determine libraries which can be safely linked
-	#   to our DSO files, i.e. PIC libraries and shared libraries
-	extra_ldflags="`grep EXTRA_LDFLAGS= Makefile.config`"
-	extra_libs="`grep EXTRA_LIBS= Makefile.config`"
-	eval "`${SHELL} helpers/slo.sh $LDFLAGS $LIBS $extra_ldflags $extra_libs`"
-	LIBS_SHLIB="$SLO_DIRS_PIC $SLO_LIBS_PIC $SLO_DIRS_DSO $SLO_LIBS_DSO"
-    fi
-fi
-
-####################################################################
-## Now the SHARED_CORE stuff
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    if [ "x$RULE_SHARED_CORE" = "xdefault" ] ; then
-	RULE_SHARED_CORE=$DEF_SHARED_CORE
-    fi
-    if [ "x$RULE_SHARED_CORE" = "xyes" ]; then
-	DSO_STRING="DSO"
-	if [ "$OS" = "Cygwin" ]; then
-	    DSO_STRING="DLL"
-	fi
-	echo " + enabling generation of Apache core as $DSO_STRING"
-	#    shuffle compiler flags from shlib variant to standard
-	CFLAGS="$CFLAGS $CFLAGS_SHLIB"
-	CFLAGS_SHLIB=""
-	#    indicate that Rule SHARED_CORE is active
-	CFLAGS="$CFLAGS -DSHARED_CORE"
-	#    select the special subtarget for shared core generation
-	SUBTARGET=target_shared
-	#    determine additional suffixes for libhttpd.so
-	V=1 R=3 P=29
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then
-	    SHLIB_SUFFIX_LIST=""
-	fi
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "x1" ]; then
-	    SHLIB_SUFFIX_LIST="$V"
-	fi
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "x2" ]; then
-	    SHLIB_SUFFIX_LIST="$V.$R"
-	fi
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "x3" ]; then
-	    SHLIB_SUFFIX_LIST="$V.$R.$P"
-	fi
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "xall" ]; then
-	    SHLIB_SUFFIX_LIST="$V $V.$R $V.$R.$P"
-	fi
-    fi
-fi
-
-####################################################################
-## Set the value of the shared libary flags, if they aren't explicitly
-## set in the configuration file
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    if [ "x$TCFLAGS_SHLIB" = "x" ]; then
-	echo "CFLAGS_SHLIB=$CFLAGS_SHLIB -DSHARED_MODULE" >> Makefile.config
-    fi
-    if [ "x$TLD_SHLIB" = "x" ]; then
-	echo "LD_SHLIB=$LD_SHLIB" >> Makefile.config
-    fi
-    if [ "x$TLDFLAGS_SHLIB" = "x" ]; then
-	echo "EXTRA_LDFLAGS_SHLIB=$EXTRA_LDFLAGS_SHLIB" >> Makefile.config
-	echo "LDFLAGS_SHLIB=$LDFLAGS_SHLIB $EXTRA_LDFLAGS_SHLIB" >> Makefile.config
-    fi
-    if [ "x$TLDFLAGS_SHLIB_EXPORT" = "x" ]; then
-	echo "LDFLAGS_SHLIB_EXPORT=$LDFLAGS_SHLIB_EXPORT" >> Makefile.config
-    fi
-    if [ "x$TLDFLAGS_MOD_SHLIB" = "x" ]; then
-	echo "LDFLAGS_MOD_SHLIB=$LDFLAGS_MOD_SHLIB" >> Makefile.config
-    fi
-    echo "LD_SHCORE_DEF=$LD_SHCORE_DEF" >> Makefile.config
-    echo "LD_SHCORE_LIBS=$LD_SHCORE_LIBS" >> Makefile.config
-    echo "SHARED_CORE_EP=$SHARED_CORE_EP" >> Makefile.config
-    echo "SHCORE_IMPLIB=$SHCORE_IMPLIB" >> Makefile.config
-fi
-
-####################################################################
-## Now create modules.c
-##
-$CAT > $awkfile <<'EOFM'
-    BEGIN {
-	modules[n++] = "core"
-	pmodules[pn++] = "core"
-    } 
-    /^Module/ { modules[n++] = $2 ; pmodules[pn++] = $2 } 
-    /^%Module/ { pmodules[pn++] = $2 } 
-    END {
-	print "/*"
-	print " * modules.c --- automatically generated by Apache"
-	print " * configuration script.  DO NOT HAND EDIT!!!!!"
-	print " */"
-	print ""
-	print "#include \"httpd.h\""
-	print "#include \"http_config.h\""
-	print ""
-	for (i = 0; i < pn; ++i) {
-	    printf ("extern module %s_module;\n", pmodules[i])
-	}
-	print ""
-	print "/*"
-	print " *  Modules which implicitly form the"
-	print " *  list of activated modules on startup,"
-	print " *  i.e. these are the modules which are"
-	print " *  initially linked into the Apache processing"
-	print " *  [extendable under run-time via AddModule]"
-	print " */"
-	print "module *ap_prelinked_modules[] = {"
-	for (i = 0; i < n; ++i) {
-	    printf "  &%s_module,\n", modules[i]
-	}
-	print "  NULL"
-	print "};"
-	print ""
-	print "/*"
-	print " *  Modules which initially form the"
-	print " *  list of available modules on startup,"
-	print " *  i.e. these are the modules which are"
-	print " *  initially loaded into the Apache process"
-	print " *  [extendable under run-time via LoadModule]"
-	print " */"
-	print "module *ap_preloaded_modules[] = {"
-	for (i = 0; i < pn; ++i) {
-	    printf "  &%s_module,\n", pmodules[i]
-	}
-	print "  NULL"
-	print "};"
-	print ""
-    }
-EOFM
-$CAT $tmpfile | sed 's/_module//' | awk -f $awkfile > modules.c 
-
-####################################################################
-## figure out which module dir require use to autocreate a Makefile.
-## for these dirs we must not list the object files from the AddModule
-## lines individually since the auto-generated Makefile will create
-## a library called libMODDIR.a for it (MODDIR is the module dir
-## name). We create two variable here:
-##
-##   AUTODIRS   Space separated list of module directories, relative to
-##              src
-##   AUTOLIBS   Space separated list of auto-generated library files
-##
-for moddir in $MODDIRS 
-do
-	if [ -f modules/$moddir/Makefile.tmpl ] ; then
-		AUTODIRS="$AUTODIRS modules/$moddir"
-	fi
-done
-for moddir in $MODDIRS_NO_SO
-do
-	if [ -f modules/$moddir/Makefile.tmpl ] ; then
-		AUTOLIBS="$AUTOLIBS modules/$moddir/lib$moddir.a"
-	fi
-done
-
-####################################################################
-## Add the module targets to the Makefile. Do not add individual object
-## targets for auto-generated directories.
-##
-$CAT > $awkfile <<EOF1
-    BEGIN {
-	split ("$AUTODIRS", tmp, " ")
-EOF1
-$CAT >> $awkfile <<'EOF2'
-	for ( key in tmp ) {
-	    autodirs[tmp[key]] = 1
-	}
-     }
-    /^Module/ { modules[n++] = $3 }
-    /^%Module/ { modules[n++] = $3 }
-    END {
-	print "MODULES= \\"
-	for (i = 0; i < n; ++i) {
-	    split (modules[i], pp, "/")
-	    dir = pp[1] "/" pp[2] 
-	    inthere = 0
-	    for ( tdir in autodirs ) {
-		if (tdir == dir) 
-		    inthere = 1
-	    }
-	    if (inthere == 1)
-		continue
-	    else
-		printf ("  %s \\\n", modules[i])
-	}
-    }
-EOF2
-awk -f $awkfile >>Makefile <$tmpfile
-
-####################################################################
-## Now add the auto-generated library targets.  Need to use awk so we
-## don't hang a continuation on the last line.
-##
-$CAT > $awkfile <<'EOF4'
-    {
-	z = 0
-	split ($0, libs)
-	for ( lib in libs ) {
-	    if (z != 0)
-		printf (" \\\n")
-	    z++
-	    printf ("  %s", libs[lib])
-	}
-    }
-    END {
-	printf ("\n")
-    }
-EOF4
-echo "$AUTOLIBS" | awk -f $awkfile >>Makefile
-echo "" >>Makefile
-
-####################################################################
-## Now add the target for the main Makefile
-##
-echo "SUBDIRS=$SUBDIRS lib modules" >> Makefile
-echo "SUBTARGET=$SUBTARGET" >> Makefile
-echo "SHLIB_SUFFIX_NAME=$SHLIB_SUFFIX_NAME" >> Makefile
-echo "SHMOD_SUFFIX_NAME=$SHMOD_SUFFIX_NAME" >> Makefile
-echo "SHLIB_SUFFIX_LIST=$SHLIB_SUFFIX_LIST" >> Makefile
-echo "SHLIB_EXPORT_FILES=$SHLIB_EXPORT_FILES" >> Makefile
-echo "" >> Makefile
-
-####################################################################
-## Determine GNU Make variant because
-## it uses ugly looking built-in directory walk messages
-## while we are already using our own messages
-##
-if [ "x`${MAKE} -v 2>/dev/null | grep 'GNU Make'`" = "x" ]; then
-	MFLAGS_STATIC=
-else
-	MFLAGS_STATIC=--no-print-directory
-fi
-
-####################################################################
-## Continue building Makefile.config. Fill in all entries except
-## for $LIBS at this point. This implies that anything below
-## can only alter $LIBS
-##
-echo "CFLAGS1=$CFLAGS" >>Makefile.config
-echo "INCLUDES1=$INCLUDES" >>Makefile.config
-echo "LIBS_SHLIB=$LIBS_SHLIB" >>Makefile.config
-echo "LDFLAGS1=$LDFLAGS" >>Makefile.config
-echo "MFLAGS_STATIC=$MFLAGS_STATIC" >>Makefile.config
-echo "REGLIB=$REGLIB" >>Makefile.config
-echo "EXPATLIB=$EXPATLIB" >>Makefile.config
-echo "RANLIB=$RANLIB" >>Makefile.config
-
-####################################################################
-## Some OS-related stuff for the DSO mechanism:
-## Finding the vendor DSO functions
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    DL_LIB=""
-    case $PLAT in
-       ia64-ibm-aix* )
-           DL_LIB="-ldl"
-           ;;
-	*-ibm-aix* )
-	    DL_LIB="-lld"
-	    ;;
-	*-sequent-ptx* )
-	    case $PLAT in
-	        *-sequent-ptx2*)
-	            ;;
-	        *-sequent-ptx4.0*)
-	            ;;
-	        *-sequent-ptx*)
-	            DL_LIB="-ldl"
-	            ;;
-	    esac
-	    ;;
-	*-hp-hpux*)
-	    if ${SHELL} helpers/TestCompile func shl_load; then
-		:
-	    else
-		if ${SHELL} helpers/TestCompile lib dld; then
-		    DL_LIB="-ldld"
-		fi
-	    fi
-	    ;;
-	* )
-	    if ${SHELL} helpers/TestCompile func dlopen; then
-		:
-	    else
-		if ${SHELL} helpers/TestCompile lib dl; then
-		    DL_LIB="-ldl"
-		fi
-	    fi
-	    ;;
-    esac
-    if [ "x$DL_LIB" != "x" ]; then
-	LIBS="$LIBS $DL_LIB"
-	echo " + using $DL_LIB for vendor DSO support"
-    fi
-fi
-
-####################################################################
-## More building ap_config_auto.h
-##
-## Check for availability of isinf() and isnan()
-##
-echo "" >>$AP_CONFIG_AUTO_H
-echo "/* determine: isinf() found in libc */ " >>$AP_CONFIG_AUTO_H
-echo "#ifndef HAVE_ISINF" >>$AP_CONFIG_AUTO_H
-echo "#define HAVE_ISINF 1" >>$AP_CONFIG_AUTO_H
-echo "#endif" >>$AP_CONFIG_AUTO_H
-
-echo "" >>$AP_CONFIG_AUTO_H
-echo "/* determine: isnan() found in libc */ " >>$AP_CONFIG_AUTO_H
-echo "#ifndef HAVE_ISNAN" >>$AP_CONFIG_AUTO_H
-echo "#define HAVE_ISNAN 1" >>$AP_CONFIG_AUTO_H
-echo "#endif" >>$AP_CONFIG_AUTO_H
-
-##
-## Now compare the sizes of off_t to long
-##
-echo "" >>$AP_CONFIG_AUTO_H
-echo "/* sizeof(off_t) == sizeof(quad_t) on OpenBSD */" >>$AP_CONFIG_AUTO_H
-echo "#ifndef AP_OFF_T_IS_QUAD" >>$AP_CONFIG_AUTO_H
-echo "#define AP_OFF_T_IS_QUAD 1" >>$AP_CONFIG_AUTO_H
-echo "#endif" >>$AP_CONFIG_AUTO_H
-
-####################################################################
-## Finish building ap_config_auto.h
-##
-## We pick out all -D's from CFLAGS and insert them as defines into
-## ap_config_auto.h so they are available to external modules needing to
-## include Apache header files.
-##
-TEXTRA_CFLAGS=`egrep '^EXTRA_CFLAGS=' Makefile.config | tail -1 |\
-	       sed -e 's;^EXTRA_CFLAGS=;;' -e 's;\`.*\`;;'`
-tmpstr=`echo $CFLAGS $TEXTRA_CFLAGS |\
-	sed -e 's;[ 	]\([+-]\);!\1;g' -e 's/\([^\\\]\)"/\1/g' -e 's/\\\"/\"/g'`
-OIFS="$IFS"
-IFS='!'
-for cflag in $tmpstr; do
-    echo "$cflag" >>$tmpconfig
-done
-IFS="$OIFS"
-awk >>$AP_CONFIG_AUTO_H <$tmpconfig '
-    /^-D.*/ {
-	i = index($0, "=")
-	if (i > 0) {
-	    define = substr($0, 3, i-3)
-	    value  = substr($0, i+1, length($0)-i)
-	}
-	else {
-	    define = substr($0, 3, length($0)-2)
-	    value  = "1";
-	}
-	printf ("\n/* build flag: %s */\n", $0)
-	printf ("#ifndef %s\n#define %s %s\n#endif\n", define, define, value)
-    }
-'
-
-# finish header file
-echo "" >>$AP_CONFIG_AUTO_H
-echo "#endif /* AP_CONFIG_AUTO_H */" >>$AP_CONFIG_AUTO_H
-
-####################################################################
-## Finish creating the Makefile.config file
-##
-echo "LIBS1=$modlibs $LIBS">> Makefile.config
-echo "##" >> Makefile.config
-echo "##  (End of automatically generated section)">> Makefile.config
-echo "##" >> Makefile.config
-echo "" >> Makefile.config
-
-####################################################################
-## Use TestCompile to see if $(CC) is ANSI and as a "final" sanity
-## check
-##
-
-if [ "x$OS" = "xTPF" ] ; then
-    :
-else
-   echo " + doing sanity check on compiler and options"
-   if ${SHELL} ./helpers/TestCompile $vflag sanity; then
-      :
-   else
-      if [ "x$vflag" = "x-v" ] ; then
-         WHEREERR="above"
-      else
-         WHEREERR="below"
-      fi
-      echo "** A test compilation with your Makefile configuration"
-      echo "** failed.  The $WHEREERR error output from the compilation"
-      echo "** test will give you an idea what is failing. Note that"
-      echo "** Apache requires an ANSI C Compiler, such as gcc. "
-      echo ""
-      echo "======== Error Output for sanity check ========"
-      (${SHELL} ./helpers/TestCompile -v sanity) 2>&1
-      echo "============= End of Error Report ============="
-      echo ""
-      echo " Aborting!"
-      exitcode=1
-      exit 1
-   fi
-fi
-
-####################################################################
-## Now (finish) creating the makefiles
-##
-
-# ./Makefile
-$CAT Makefile.config >> Makefile
-sed -e "s#@@Configuration@@#$file#" "Makefile.tmpl" >>Makefile
-
-# xxx/Makefile
-MAKEDIRS="support $SUBDIRS"
-for dir in $MAKEDIRS ; do
-	echo Creating Makefile in $dir
-	${SHELL} helpers/mfhead $dir $file > $dir/Makefile
-	$CAT Makefile.config $dir/Makefile.tmpl |\
-	sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp $dir`:" >> $dir/Makefile
-done
-
-####################################################################
-## Now create the lib/Makefile
-##
-${SHELL} helpers/mfhead modules $file > lib/Makefile
-$CAT Makefile.config | sed -e 's:^SRCDIR=.*:SRCDIR=..:' >> lib/Makefile
-
-$CAT << EOF >> lib/Makefile
-APLIBS=$APLIBDIRS
-CFLAGS=\$(OPTIM) \$(CFLAGS1) \$(EXTRA_CFLAGS)
-
-default: all
-
-all clean distclean depend :: 
-	@for i in \$(APLIBS) ""; do \\
-	  if [ "x\$\$i" != "x" ]; then \\
-	    echo "===> \$(SDP)lib/\$\$i"; \\
-		(cd \$\$i && \$(MAKE) \$(MFLAGS_STATIC) SDP='\$(SDP)' CC='\$(CC)' AUX_CFLAGS='\$(CFLAGS)' RANLIB='\$(RANLIB)' \$@) || exit 1; \\
-		echo "<=== \$(SDP)lib/\$\$i"; \\
-	  fi; \\
-	done
-
-EOF
-
-####################################################################
-## Now create the lib/xxx/Makefile
-##
-
-for dir in $APLIBDIRS ; do
-	echo Creating Makefile in lib/$dir
-	${SHELL} helpers/mfhead lib/$dir $file > lib/$dir/Makefile
-	$CAT Makefile.config lib/$dir/Makefile.tmpl |\
-	sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp lib/$dir`:" >> lib/$dir/Makefile
-done
-
-####################################################################
-## Now create the modules/Makefile
-##
-${SHELL} helpers/mfhead modules $file > modules/Makefile
-$CAT Makefile.config | sed -e 's:^SRCDIR=.*:SRCDIR=..:' >> modules/Makefile
-
-$CAT << EOF >> modules/Makefile
-MODULES=$MODDIRS
-CFLAGS=\$(OPTIM) \$(CFLAGS1) \$(EXTRA_CFLAGS)
-
-default: all
-
-all clean distclean depend :: 
-	@for i in \$(MODULES) ""; do \\
-	  if [ "x\$\$i" != "x" ]; then \\
-	    echo "===> \$(SDP)modules/\$\$i"; \\
-		case "x\$(OS)" in \\
-		  xOS390 | xTPF) (cd \$\$i && \$(MAKE) SDP='\$(SDP)' OPTIM='\$(OPTIM)' \$@) || exit 1;; \\
-		              *) (cd \$\$i && \$(MAKE) \$(MFLAGS_STATIC) SDP='\$(SDP)' CC='\$(CC)' AUX_CFLAGS='\$(CFLAGS)' RANLIB='\$(RANLIB)' OPTIM='\$(OPTIM)' \$@) || exit 1;; \\
-		esac; \\
-		echo "<=== \$(SDP)modules/\$\$i"; \\
-	  fi; \\
-	done
-
-EOF
-
-####################################################################
-## Now create modules/xxx/Makefile
-##
-for moddir in $AUTODIRS ; do
-	echo "Creating Makefile in $moddir"
-
-    ${SHELL} helpers/mfhead $moddir $file > $moddir/Makefile
-	$CAT Makefile.config |\
-	sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp $moddir`:" >> $moddir/Makefile
-	$CAT << 'EOF' >> $moddir/Makefile
-##
-##  Default Makefile options from Configure script
-##  (Begin of automatically generated section)
-##
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-INCDIR=$(SRCDIR)/include
-EOF
-	if [ -f $moddir/Makefile.libdir ]; then
-	    basedir=`echo $moddir | sed 's@^[^/]*/@@g'`
-	    awk >> $moddir/Makefile < $tmpfile '
-		($2 ~ /^modules\/'$basedir'\//) {
-		    split($2, pp, "/");
-		    split(pp[3], parts, ".");
-		    libext=parts[2];
-		}
-		END { 
-		    printf "LIBEXT=%s\n", libext;
-		}'
-	    # it's responsible for the rest of its Makefile...
-	else
-	    basedir=`echo $moddir | sed 's@^[^/]*/@@g'`
-	    OBJS=`awk < $tmpfile '
-		($1 == "Module" && $3 ~ /^modules\/'$basedir'\//) { 
-		    split ($3, pp, "/")
-		    printf "%s ", pp[3] 
-		} 
-		'`
-	    echo "OBJS=$OBJS" >> $moddir/Makefile
-	    if [ "x$OBJS" != "x" ]; then
-		echo "LIB=lib$basedir.a" >> $moddir/Makefile
-	    else
-		#   essential!
-		echo "LIB=" >> $moddir/Makefile
-	    fi
-	    awk >> $moddir/Makefile < $tmpfile '
-	    ($1 == "SharedModule" && $2 ~ /^modules\/'$basedir'\//) {
-		split($2, pp, "/")
-		shlibs=shlibs " " pp[3]
-		so=pp[3]
-		split(pp[3], parts, ".")
-		base=parts[1]
-		objspic=objspic " " base ".lo"
-	    }
-	    END { 
-		printf "SHLIBS=%s\n", shlibs;
-		printf "OBJS_PIC=%s\n", objspic;
-	    }'
-
-	    $CAT << 'EOF' >> $moddir/Makefile
-
-all: lib shlib
-
-lib:	$(LIB) 
-
-shlib:	$(SHLIBS)
-
-dummy $(LIB): $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-.SUFFIXES: .o .so .dll
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-.c.so:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $(CFLAGS_SHLIB) $< && mv $*.o $*.lo
-	$(LD_SHLIB) $(LDFLAGS_SHLIB) -o $@ $*.lo $(LIBS_SHLIB)
-
-clean:
-	rm -f $(LIB) $(OBJS) $(SHLIBS) $(OBJS_PIC)
-
-distclean: clean
-	rm -f Makefile
-
-#   NOT FOR END USERS!
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-		   -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-EOF
-	fi
-
-	if [ "x$OS_MODULE_INCLUDE" != "x" ]; then
-		echo "include $OS_MODULE_INCLUDE" >> $moddir/Makefile
-	fi
-
-	$CAT << 'EOF' >> $moddir/Makefile
-##
-##  (End of automatically generated section)
-##
-EOF
-    $CAT >> $moddir/Makefile < $moddir/Makefile.tmpl
-
-done
-
diff --git a/usr.sbin/httpd/src/INSTALL b/usr.sbin/httpd/src/INSTALL
deleted file mode 100644
index 73c91ccdb2d..00000000000
--- a/usr.sbin/httpd/src/INSTALL
+++ /dev/null
@@ -1,169 +0,0 @@
-
-  A P A C H E   I N S T A L L A T I O N
-
-  NOTE: Windows users please read the documents ../README-WIN.TXT and
-        http://httpd.apache.org/docs/windows.html, (or the
-        htdocs/manual/windows.html file included with Apache).  
-        The following applies only to Unix users.
-
-  Installing the Apache 1.3 HTTP server with APACI
-  ================================================
-
-  For the out-of-the-box build and installation through the new Apache
-  Autoconf-style Interface (APACI) see the file INSTALL in the parent
-  directory. This document describes only the manual way of installing Apache.
-
-  Installing the Apache 1.3 HTTP server manually
-  ==============================================
-
-  Unless you grabbed a binary distribution of Apache, you must compile it for
-  your specific platform.  In order to compile it, you must set compile-time
-  options (in particular, system type) for your system by editing a
-  Configuration file, run a script which generates a Makefile and a small
-  piece of C code, and then compile it.
-
-  Compilation
-  -----------
-
-  Building the Apache Web server absolutely REQUIRES an ANSI C-compliant
-  compiler.  If your compiler does not meet this requirement, don't even
-  bother trying to build the server; it won't work.  The server may or may not
-  build correctly with a C++ compiler.  Making it compilable with C++ is not a
-  goal at this point, so if it doesn't work please use a normal ANSI C
-  compiler instead.
-
-  This release of Apache supports the notion of "optional modules".  However,
-  the server has to know which modules are compiled into it, in order for
-  those modules to be effective; this requires generation of a short bit of
-  code ("modules.c") which simply has a list of them.
-
-  It is also necessary to choose the correct options for your platform.
-
-  To do this:
-
-  1) Copy the file "Configuration.tmpl" to "Configuration" and then edit
-     "Configuration".  This contains the list and settings of various "Rules"
-     and an additional section at the bottom which lists the modules which
-     have been compiled in, and also names the files containing them.  You
-     will need to:
-
-     a) Adjust the Rules and EXTRA_CFLAGS|LIBS|LDFLAGS|INCLUDES if
-        you feel so inclined.
-
-     b) Uncomment lines corresponding to those optional modules you wish to
-        include (among the Module lines at the bottom of the file), or add new
-        lines corresponding to custom modules you have written.  (See API.html
-        for preliminary docs on how to do that).    
-
-     Note that DBM auth has to be explicitly configured in, if you want it ---
-     just uncomment the corresponding line.
-
-  2) Run the "Configure" script:
-
-     $ ./Configure
-     Using config file: Configuration
-     Creating Makefile
-      + configured for <whatever> platform
-      + setting C compiler to <whatever>
-      + Adding selected modules
-      + doing sanity check on compiler and options
-     Creating Makefile in support
-     Creating Makefile in main
-     Creating Makefile in os/unix
-     Creating Makefile in modules/standard
-     $ _
-
-     This generates new versions of the Makefiles and of modules.c.  (If you
-     want to maintain multiple configurations, you can say, e.g.,
-
-     $ ./Configure -file Configuration.ai
-     Using config file: Configuration.ai
-     Creating Makefile
-      + configured for <whatever> platform
-      + setting C compiler to <whatever>
-      + Adding selected modules
-      + doing sanity check on compiler and options
-     Creating Makefile in support
-     Creating Makefile in main
-     Creating Makefile in os/unix
-     Creating Makefile in modules/standard
-     $ _
-
-  3) Now compile the program:
-  
-     $ make
-
-  The modules we place in the Apache distribution are the ones we have tested
-  and are used regularly by various members of the Apache development group.
-  Additional modules contributed by members or third parties with specific
-  needs or functions are available at
-  http://www.apache.org/dist/contrib/modules/.  There are instructions
-  on that page for linking these modules into the core Apache code.
-
-  If during compilation you get a warning about a missing 'regex.h', set
-  WANTHSREGEX=yes in the 'Configuration', and let The Apache Group know you
-  needed to do this for your OS by filling out a problem report form at
-  http://bugs.apache.org/, or by sending a mail message to
-  apache-bugs@apache.org. Include the output of the command "uname -a".
-
-  Installation
-  ------------
- 
-  After compilation, you will have a binary called "httpd" in this src/
-  directory.  If you received a binary distribution of apache, you should have
-  this file already.
-
-  The next step is to edit the configuration files for the server.  In the
-  top-level subdirectory called "conf" you should find distribution versions
-  of the three configuration files: srm.conf-dist, access.conf-dist, and
-  httpd.conf-dist.  Copy them to srm.conf, access.conf, httpd.conf
-  respectively.
-
-  First edit httpd.conf.  This sets up general attributes about the server -
-  the port number, the user it runs as, etc.  Next edit the srm.conf file -
-  this sets up the root of the document tree, special functions like
-  server-parsed HTML or internal imagemap parsing, etc.  Finally, edit the
-  access.conf file to at least set the base cases of access. Documentation for
-  all of these is located at http://www.apache.org/docs/.
-
-  Finally, make a call to httpd, with a -f to the full path to the httpd.conf
-  file. I.e., the common case:
-
-    $ /usr/local/apache/httpd -f /usr/local/apache/conf/httpd.conf
-
-  And voila! The server should be running.
-
-  By default the srm.conf and access.conf files are located by name - to
-  specifically call them by other names, use the AccessConfig and
-  ResourceConfig directives in httpd.conf.
-
-  Set your system time properly!
-
-  Proper operation of a public web server requires accurate time
-  keeping, since elements of the HTTP protocol are expressed as the time
-  of day.  So, it's time to investigate setting up NTP or some other
-  time synchronization system on your Unix box, or whatever the
-  equivalent on NT would be.
-
-  Upgrading an Existing Apache Environment
-  ----------------------------------------
-
-  Between releases of Apache, there are several files that are likely to get
-  changed (aside from the source, of course).  These include:
-
-    src/Makefile.tmpl
-    src/Configuration.tmpl
-    src/Configure
-    conf/*.conf-dist
-    conf/mime.types
-
-  It's recommended that you unpack a new Apache version distribution into a
-  different directory than the existing one, and check these files against the
-  ones you already have for new or changed directives.  It's almost certain
-  that the Configure, Configuration.tmpl, and Makefile.tmpl files are going to
-  change, so pay particular attention to merging your existing Configuration
-  settings with the ones in the Configuration.tmpl file to make a new
-  Configuration file in the new Apache src directory.  Then follow the steps
-  for a new installation to build and test the new server before replacing the
-  existing Apache directory tree with the one from the new distribution.
-
diff --git a/usr.sbin/httpd/src/Makefile.bsd-wrapper b/usr.sbin/httpd/src/Makefile.bsd-wrapper
deleted file mode 100644
index bc836a9c85b..00000000000
--- a/usr.sbin/httpd/src/Makefile.bsd-wrapper
+++ /dev/null
@@ -1,48 +0,0 @@
-
-.include <bsd.own.mk>
-
-PROG=httpd
-BINDIR=/usr/sbin
-BINOWN=root
-BINGRP=daemon
-
-all: Makefile
-	${MAKE}
-
-.FORCE:	.IGNORE
-
-helpers/GuessOS: 
-	lndir -e Makefile.bsd-wrapper -e obj ${.CURDIR} ${.OBJDIR}
-
-config:	.FORCE
-	sh ${.CURDIR}/Configure -file ${.CURDIR}/Configuration -make ${.CURDIR}/Makefile.tmpl
-
-Makefile: helpers/GuessOS
-	sh ${.CURDIR}/Configure -file ${.CURDIR}/Configuration -make ${.CURDIR}/Makefile.tmpl
-
-# apache has no man pages in the dist
-
-maninistall:
-	@echo No man pages for apache
-
-install: maninistall
-	${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} ${PROG} ${BINDIR} 
-
-clean cleandir:
-.if 	exists(${.OBJDIR}/Makefile)
-		 ${MAKE} clean 
-.endif
-	/bin/rm -f Makefile
-	/bin/rm -f modules/Makefile
-	/bin/rm -f Makefile.config
-	/bin/rm -f modules.c
-
-depend:
-	# Nothing here yet
-lint:
-	#Nothing here yet
-tags:
-	#Nothing here yet
-
-.include<bsd.obj.mk>
-.include<bsd.subdir.mk>
diff --git a/usr.sbin/httpd/src/Makefile.tmpl b/usr.sbin/httpd/src/Makefile.tmpl
deleted file mode 100644
index aa5b7917bb3..00000000000
--- a/usr.sbin/httpd/src/Makefile.tmpl
+++ /dev/null
@@ -1,147 +0,0 @@
-
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-
-OBJS= \
-  modules.o \
-  $(MODULES) \
-  main/libmain.a \
-  $(OSDIR)/libos.a \
-  ap/libap.a
-
-TYPE=
-ALGO=
-CRT=
-KEY=
-VIEW=
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-# Used to generate import library for OS/2
-.SUFFIXES: .def
-.def.a:
-	emximp -o $@ $<
-
-all: @@Configuration@@ $(TARGET)
-
-@@Configuration@@: Configuration.tmpl
-	@echo "++ File '@@Configuration@@' older than 'Configuration.tmpl',"
-	@echo "++ or still doesn't exist. Please consider copying 'Configuration.tmpl'"
-	@echo "++ to '@@Configuration@@', editing and rerunning 'Configure'."
-	@echo "++ If not, you will at least have to touch '@@Configuration@@'."
-	@false
-
-$(TARGET): $(EXTRA_DEPS) $(SUBTARGET)
-
-target_static: subdirs modules.o
-	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
-	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
-	      -o $(TARGET) buildmark.o $(OBJS) $(REGLIB) $(EXPATLIB) $(LIBS)
-
-target_compile_only: subdirs modules.o
-	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
-
-target_shared: $(SHCORE_IMPLIB) $(SHARED_CORE_EP) lib$(TARGET).$(SHLIB_SUFFIX_NAME)
-	$(CC) $(INCLUDES) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
-	      -o $(TARGET) -DSHARED_CORE_BOOTSTRAP main/http_main.c \
-	      ap/libap.a $(LIBS) $(SHCORE_IMPLIB)
-
-lib$(TARGET).ep: lib$(TARGET).$(SHLIB_SUFFIX_NAME)
-	$(CC) $(INCLUDES) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
-	      -o lib$(TARGET).ep -DSHARED_CORE_TIESTATIC main/http_main.c \
-		  -L. -l$(TARGET) $(LIBS)
-
-lib$(TARGET).$(SHLIB_SUFFIX_NAME): subdirs modules.o
-	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
-	$(LD_SHLIB) $(LDFLAGS_SHLIB) -o lib$(TARGET).$(SHLIB_SUFFIX_NAME) buildmark.o $(OBJS) $(REGLIB) $(EXPATLIB) $(LD_SHCORE_DEF) $(LD_SHCORE_LIBS)
-	@if [ ".$(SHLIB_SUFFIX_LIST)" != . ]; then \
-		rm -f lib$(TARGET).$(SHLIB_SUFFIX_NAME).*; \
-		for suffix in $(SHLIB_SUFFIX_LIST) ""; do \
-			[ ".$$suffix" = . ] && continue; \
-		    echo "ln lib$(TARGET).$(SHLIB_SUFFIX_NAME) lib$(TARGET).$(SHLIB_SUFFIX_NAME).$$suffix"; \
-		    ln lib$(TARGET).$(SHLIB_SUFFIX_NAME) lib$(TARGET).$(SHLIB_SUFFIX_NAME).$$suffix; \
-		done; \
-	fi
-
-certificate:   
-	@./support/mkcert.sh \
-		"$(MAKE)" "$(MFLAGS) $(MFLAGS_STATIC)" \
-		"$(SSL_PROGRAM)" ./support \
-		"$(TYPE)" "$(ALGO)" "$(CRT)" "$(KEY)" "$(VIEW)"
-	@cd ../conf/ssl.crt; $(MAKE) $(MFLAGS_STATIC) SSL_PROGRAM=$(SSL_PROGRAM) >/dev/null 2>&1
-
-subdirs:
-	@for i in $(SUBDIRS); do \
-		echo "===> $(SDP)$$i"; \
-		case ".$(OS)" in \
-		  .OS390 | .TPF) ( cd $$i && $(MAKE) SDP='$(SDP)' OPTIM='$(OPTIM)') || exit 1;; \
-		              *) ( cd $$i && $(MAKE) $(MFLAGS_STATIC) SDP='$(SDP)' CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)' OPTIM='$(OPTIM)') || exit 1;; \
-		esac; \
-		echo "<=== $(SDP)$$i"; \
-	done
-
-support: support-dir
-
-support-dir:
-	@echo "===> $(SDP)support"; \
-	cd support; $(MAKE) $(MFLAGS_STATIC) SDP='$(SDP)' CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)' OPTIM='$(OPTIM)' || exit 1; \
-	echo "<=== $(SDP)support"
-
-clean:
-	-rm -f $(TARGET) lib$(TARGET).* *.o
-	@for i in $(SUBDIRS); do \
-		echo "===> $(SDP)$$i"; \
-		( cd $$i && $(MAKE) $(MFLAGS_STATIC) SDP='$(SDP)' OPTIM='$(OPTIM)' $@ ) || exit 1; \
-		echo "<=== $(SDP)$$i"; \
-	done
-
-distclean:
-	-rm -f $(TARGET) lib$(TARGET).* *.o
-	@for i in $(SUBDIRS); do \
-		echo "===> $(SDP)$$i"; \
-		( cd $$i && $(MAKE) $(MFLAGS_STATIC) SDP='$(SDP)' $@ ) || exit 1; \
-		echo "<=== $(SDP)$$i"; \
-	done
-	-rm -f include/ap_config_auto.h
-	-rm -f modules.c
-	-rm -f modules/Makefile
-	-rm -f regex/Makefile
-	-rm -f lib/Makefile
-	-rm -f Makefile.config
-	-rm -f Makefile
-
-install:
-	@echo "++ Sorry, no installation procedure available at this level."
-	@echo "++ Go to the parent directory for an 'install' target."
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-	for i in $(SUBDIRS); do \
-	    ( cd $$i && $(MAKE) CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)' OPTIM='$(OPTIM)' depend ) || exit 1; \
-	done
-
-#Dependencies
-
-$(OBJS): Makefile subdirs
-
-# DO NOT REMOVE
-buildmark.o: buildmark.c include/ap_config.h include/ap_mmn.h \
- include/ap_config_auto.h $(OSDIR)/os.h include/ap_ctype.h \
- include/httpd.h include/ap_alloc.h include/buff.h \
- include/ap.h include/util_uri.h
-modules.o: modules.c include/httpd.h include/ap_config.h \
- include/ap_mmn.h include/ap_config_auto.h $(OSDIR)/os.h \
- include/ap_ctype.h include/ap_alloc.h include/buff.h \
- include/ap.h include/util_uri.h include/http_config.h
diff --git a/usr.sbin/httpd/src/PORTING b/usr.sbin/httpd/src/PORTING
deleted file mode 100644
index e9b3bc63ee7..00000000000
--- a/usr.sbin/httpd/src/PORTING
+++ /dev/null
@@ -1,387 +0,0 @@
-The Semi-Official Guide to Porting Apache
-
--------------
-Introduction:
--------------
-Apache has been ported to a wide variety of platforms, from multiple
-UNIX variants to OS/2. Starting with v1.3, it will even run under
-Windows95 and Windows NT. Nonetheless, there are most likely a few
-platforms out there that currently are not "officially" supported under
-Apache. Porting Apache to these platforms can be quite simple
-depending on the "genericness" of the OS. This document will provide
-some basic guidelines to help the potential porter.
-
--------------
-Requirements:
--------------
-One of the basic requirements for a potential Apache platform is
-a robust TCP/IP implementation. Just about any UNIX out there
-nowadays, even some ancient ones, have a TCP/IP stack that will
-work. In particular, the UNIX should provide for sockets and the
-basic controlling functions for them (like accept(), bind(), etc).
-
-The source for Apache is written in ANSI-C, so an ANSI-C compiler
-is required. However, Apache does not use or require ANSI-only
-functions or options (eg: the "%n" parameter in the scanf()
-family) as much as possible to ease portability. Generally,
-an ANSI-C compiler (eg: gcc) even without a full-blown ANSI
-C library is usually sufficient.
-
-At present, the Apache source is not compatible with C++.
-
--------------------
-The Starting Point:
--------------------
-The first thing to look at is the output of the ./helpers/GuessOS
-script. This is a simple script that attempts to determine the
-platform and OS you are running on. The output of this script
-is used by Configure to set some basic compilation parameters.
-
-The output of ./helpers/GuessOS was designed to be GNU 'config.guess'
-compatible (from GNU/autoconf). The format of the output string
-is:
-
-   machine-vendor-OS
-
-This string is returned to the main Configure script as the
-shell variable $PLAT. If Configure is not "aware" of that platform
-(or cannot correctly parse it), it will complain and die. We realize
-that this may not be the best solution; the intent is to get as
-much feedback as possible.
-
-----------------------
-Configure cannot Grok:
-----------------------
-If this happens to you, then it means that Configure doesn't know
-how to configure and compile Apache for your OS. It will still try
-nonetheless, but at this point, all bets are off.
-
-The best solution if this happens to you is to make Apache aware
-of your OS.  The first course of action is the easiest:  Look in
-Configure and see if there are any OSs which are similar to yours.
-
-For example, let's say that your OS is similar to HP-UX, but that
-GuessOS returns "foobar-intel-hubble". You would then edit
-Configure as follows:
-
-    *-hp-hpux*|*-*-hubble)
-	OS='HP-UX'
-	CFLAGS="$CFLAGS -DHPUX"
-	;;
-
-The '|*-*-hubble' was added to the switch statement for HP-UX.
-
-Another fix may involve editing the GuessOS helper script. Let's
-say, for example, that your system is SysV4-based, but that
-GuessOS does not return that info. You could then add a switch
-to the script that does something like:
-
-	*WeirdSystem*)
-	    echo "${MACHINE}-whatever-sysv4"; exit 0
-	    ;;
-
-In this case, we force GuessOS to return a string that includes
-the "sysv4" cookie for Configure to recognize.
-
-Unfortunately, unless you are running a very generic BSD or SysV
-system, no "supported" OS will be close enough in all aspects to
-allow for a clear (and possibly workable) build of Apache. If this
-is the case, you will need to port Apache to your OS.
-
--------------------
-Porting for Apache:
--------------------
-When all else fails, it's time to hack some code. The source itself
-is generic enough that most ports are incredibly easy. No matter
-what, however, there are 2 source files that need to be updated
-for the port:
-
-   ./Configure
-   ./include/ap_config.h
-
-Configure:
-==========
-Configure concerns itself with determining the OS-type for the
-build and setting up a few Makefile variables for the build. The
-most important are 'OS' and 'CFLAGS'. For example, when Configure
-determines a build for A/UX, it runs the following lines:
-
-  case "$PLAT" in
-    *-apple-aux3*)
-	OS='A/UX 3.1.x'
-	CFLAGS="$CFLAGS -DAUX -D_POSIX_SOURCE"
-	LIBS="$LIBS -lposix -lbsd"
-	LDFLAGS="$LDFLAGS -s"
-	DEF_WANTHSREGEX=no
-	;;
-
-The 'OS' variable is used to define the system Apache is being built
-for. You will also note that 'CFLAGS' defines "-DAUX". In this case,
-'AUX' is a magic cookie used by the Apache code (mainly ap_config.h [see
-below]) to handle OS-specific code. Each code that has and requires
-such OS-specific code will require a unique "system cookie" defined
-in 'CFLAGS'. You will also note that Configure also goes ahead and
-predefines the LIBS and LDFLAGS Makefile variables.
-
-DEF_WANTHSREGEX indicates the "default" setting of the WANTHSREGEX rule.
-If left undefined it'll default to yes.  Yes means the src/regex/
-directory, containing Henry Spencer's regex library will be used rather
-than any system supplied regex.  It's been our experience that system
-supplied regex libraries are generally buggy, and should be avoided.
-
-ap_config.h:
-=======
-The Apache code, specifically in ap_config.h, uses a variety of #defines to
-control how the code is compiled and what options are available for each
-supported OS. One of the hardest parts about the porting process is
-determining which of the following are applicable for your system and
-setup. This time using the example of AIX, we see:
-
-   #elif defined(AIX)
-   #undef HAVE_GMTOFF
-   #undef NO_KILLPG
-   #undef NO_SETSID
-   #define HAVE_SYS_SELECT_H
-   #define JMP_BUF sigjmp_buf
-   #define HAVE_MMAP
-   #define USE_MMAP_SCOREBOARD
-   typedef int rlim_t;
-
-The above lines describe which functions,  capabilities and specifics
-are required for Apache to build and run under IBM AIX (the #undefs
-are not strictly required, but are a Good Idea anyway).
-
-The following several lines provide a list and short description
-of these #defines. By correctly #defining the ones you need in ap_config.h
-(wrapped by the above mentioned "system cookie"), you can fine tune the
-build for your OS.
-
---
-
- NEED_*:
-  If the particular OS doesn't supply the specified function, we use the
-  Apache-supplied version (in util.c). 
-
-    NEED_STRERROR:
-    NEED_STRDUP:
-    NEED_STRCASECMP:
-    NEED_STRNCASECMP:
-    NEED_INITGROUPS:
-    NEED_WAITPID:
-    NEED_STRERROR:
---
-
- HAVE_*:
-  Does this OS have/support this capability?
-
-    HAVE_MMAP:
-      The OS has a working mmap() implementation
-
-    HAVE_SHMGET:
-      The OS has a working shmget() (SystemV shared memory) implementation
-
-    HAVE_GMTOFF:
-      Define if the OS's tm struct has the tm_gmtoff element
-
-    HAVE_CRYPT_H:
-      Defined if the OS has the <crypt.h> header file. This is set
-      automatically during the Configure process and stored in the
-      src/include/ap_config_auto.h header file.
-
-    HAVE_SYS_SELECT_H:
-      Defined if the OS has the <sys/select.h> header file. This is
-      set automatically during the Configure process and stored in the
-      src/include/ap_config_auto.h header file.
-
-    HAVE_SYS_RESOURCE_H:
-      Defined if the OS has and supports the getrlimit/setrlimit
-      family. Apache uses this to determine if RLIMIT_CPU|VMEM|DATA|RLIMIT
-      is found and used. This also assumes that the getrlimit()/setrlimit()
-      functions are available as well. This is set automatically during the
-      Configure process and stored in the src/include/ap_config_auto.h header
-      file.
-
-    HAVE_SYS_PARAM_H:
-      Defined if the OS has the <sys/param.h> header file. This is
-      set automatically during the Configure process and stored in the
-      src/include/ap_config_auto.h header file.
-
---
-
- USE_*:
-  These #defines are used for functions and ability that aren't exactly
-  required but should be used.
-
-     USE_MMAP_SCOREBOARD:
-      Define if the OS supports the BSD mmap() call. This is used by various
-      OSs to allow the scoreboard file to be held in shared mmapped-memory
-      instead of a real file.  Note that this is only used to determine
-      if mmap should be used for shared memory. If HAVE_MMAP is not
-      #defined, this will automatically be unset.
-
-     USE_SHMGET_SCOREBOARD:
-      Define if the OS has the SysV-based shmget() family of shared-memory
-      functions. Used to allow the scoreboard to live in a shared-memory
-      slot instead of a real file. If HAVE_SHMGET is not #defined,
-      this will automatically be unset.
-
-     <<NOTE: If neither USE_MMAP_SCOREBOARD or USE_SHMGET_SCOREBOARD
-	     is defined, a file-based scoreboard will be used and
-	     SCOREBOARD_FILE will automatically be defined >>
-
-     USE_POSIX_SCOREBOARD:
-      Defined on QNX currently where the shared memory scoreboard follows
-      the POSIX 1003.4 spec.
-    
-     USE_OS2_SCOREBOARD:
-      Defined on OS2, uses OS2 primitives to construct shared memory for
-      the scoreboard.
-
-     USE_LONGJMP:
-      Define to use the longjmp() call instead of siglongjmp()
-      (as well as setjmp() instead of sigsetjmp()).
-
-     USE_MMAP_FILES:
-      Enable the use of mmap() for sending static files. If HAVE_MMAP
-      is not #defined, this will automatically be unset.
---
-
- USE_*_SERIALIZED_ACCEPT:
-  See htdocs/manual/misc/perf-tuning.html for an in-depth discussion of
-  why these are required.  These are choices for implementing a mutex
-  between children entering accept().  A complete port should define at
-  least one of these, many may work and it's worthwhile timing them.
-  Without these the server will not implement multiple Listen directives
-  reliably.  Please note that as of 1.3.21, we can set the method at runtime.
-  To so do, we specify which methods are available at compile time
-  with the HAVE_FOO_SERIALIZED_ACCEPT #defines. The USE_FOO_SERIALIZED_ACCEPT
-  is used to pick the default version of all those available. These are
-  set at compile time usually in include/ap_config.h but can also be
-  done at the compile command line.
-
-     USE_FCNTL_SERIALIZED_ACCEPT:
-      Use fcntl() to implement the semaphore.
-
-     USE_FLOCK_SERIALIZED_ACCEPT:
-      Use flock() to implement the semaphore (fcntl() is expensive on
-      some OSs, esp.  when using NFS).
-
-     USE_USLOCK_SERIALIZED_ACCEPT:
-      Probably IRIX only: use uslock() to serialize, which is far faster
-      on multiprocessor boxes (and far slower on uniprocessor, yay).
-
-     USE_SYSVSEM_SERIALIZED_ACCEPT:
-      Use System V semaphores to implement the semaphore.  These are
-      problematic in that they won't be cleaned up if apache is kill -9d,
-      and there's the potential of a CGI causing a denial of service
-      attack if it's running as the same uid as apache (i.e. suexec
-      is recommended on public servers).  But they can be faster than
-      either of fcntl() or flock() on some systems.
-
-     USE_PTHREAD_SERIALIZED_ACCEPT:
-      Use POSIX mutexes to implement the semaphore.
-
-     << NOTE: If none of the above USE_*SERIALIZED_ACCEPTs are
-	      defined, NO_SERIALIZED_ACCEPT will automatically
-	      be defined if MULTITHREAD is not defined >>
-
-     SINGLE_LISTEN_UNSERIALIZED_ACCEPT:
-      It's safe to unserialize single-socket accept().
-
---
-
-  NO_*:
-   These are defined if the OS does NOT have the specified function or if
-   we should not use it.
-
-      NO_SHMGET:
-       Do not use shmget() (SystemV shared memory) at all.
-
-      NO_MMAP:
-       Do not use mmap() at all.
-
-      NO_UNISTD_H:
-
-      NO_KILLPG:
-
-      NO_SETSID:
-
-      NO_USE_SIGACTION:
-       Do not use the sigaction() call, even if we have it.
-
-      NO_LINGCLOSE:
-       Do not use Apache's soft, "lingering" close feature to
-       terminate connections. If you find that your server crashes
-       due to being choked by too many FIN_WAIT_2 network states, 
-       some reports indicate that #define'ing this will help.
-
-      NO_SLACK:
-       Do not use the "slack" fd feature which requires a working fcntl
-       F_DUPFD.
-
-      NO_GETTIMEOFDAY:
-       OS does not have the gettimeofday() function (which is
-       BSDish).
-
-      NO_TIMES:
-       OS does not have the times() function.
-
-      NO_OTHER_CHILD:
-       Do not implement the register_other_child API, usually because
-       certain system calls aren't available.
-
-      NO_RELIABLE_PIPED_LOGS:
-       Do not use reliable piped logs, which happen to also require
-       the register_other_child API.  The reliable piped log code
-       requires another child spawning interface which hasn't been
-       generalised yet.
-
---
-
-  MISC #DEFINES:
-   Various other #defines used in the code.
-
-      MULTITHREAD:
-       Defined if the OS is multi-threaded. Used only on Win32 and Netware.
-
-      JMP_BUF:
-       The variable-type for siglongjmp() or longjmp() call.
-
-      MOVEBREAK:
-       Amount to move sbrk() breakpoint, if required, before attaching
-       shared-memory segment.
-
-      NET_SIZE_T:
-       Some functions such as accept(), getsockname(), getpeername() take
-       an int *len on some architectures and a size_t *len on others.
-       If left undefined apache will default it to int.  See
-       include/ap_config.h for a description of NET_SIZE_T.
-
-      NEED_HASHBANG_EMUL:
-       The execve()/etc. functions on this platform do not deal with #!,
-       so it must be emulated by Apache.
-
-      SYS_SIGLIST
-       Should be defined to point to a const char * const * array of
-       signal descriptions.  This is frequently sys_siglist or
-       _sys_siglist, defined in <signals.h>
-
-      ap_wait_t
-       The type used for wait()/waitpid()/... status parameter.  Usually
-       int.
-
------------
-Conclusion:
------------
-The above hints, and a good understanding of your OS and Apache, will
-go a LONG way in helping you get Apache built and running on your
-OS. If you have a port, PLEASE send Email to 'Apache@Apache.Org',
-or log a suggestion report at <http://bugs.apache.org/>, with
-the patches so that we may add them to the official version.
-If you hit a rough spot in the porting process, you can also try
-sending Email to that address as well and, if you are lucky, someone
-will respond. Another good source is the 'comp.infosystems.www.servers.unix'
-Usenet group as well.
-
-Good luck and happy porting!
-
diff --git a/usr.sbin/httpd/src/README b/usr.sbin/httpd/src/README
deleted file mode 100644
index 9aefdcac470..00000000000
--- a/usr.sbin/httpd/src/README
+++ /dev/null
@@ -1,147 +0,0 @@
-The following document was written by Robert S. Thau (rst@ai.mit.edu) on the
-release of Apache 1.0.  Some details may have changed since then regarding the
-functions and names of modules, but the basic ideas are still intact.
- =================================================
-
-The basic idea of the new Apache release is to make a modular
-"tinkertoy" server, to which people can easily add code which is
-valuable to them (even if it isn't universally useful) without hairing
-up a monolithic server.  Applications for this idea include database
-integration, support for experimental search and scripting extensions,
-new authentication modes (digest authentication, for instance, could
-be done entirely as a module), and so forth.  All modules have the
-same interface to the server core, and through it, to each other.
-
-In particular, the following are modules in the current code base:
-common log format (other loggers can easily coexist with it), auth and
-dbm auth (although both use common code in http_protocol.c to parse
-the Authorization: line), directory handling (which can be added or
-replaced), handling of aliases and access control, content
-negotiation, CGI, includes, aliases, and so forth.  (What's left in
-the basic server?  Not a whole lot).  The configuration file commands
-which configure these things are defined, for the most part, by the
-modules themselves, and not by the server core (each module has, or
-can have, a command dispatch table).
-
-Besides carving up the base code into modules, this release makes a
-few other fairly pervasive changes.  Most of the global variables are
-gone; most of the MAX_STRING_LENGTH char arrays are gone (the few that
-are left being sprintf() targets, or I/O buffers of various sorts),
-and unmunge_name has vanished.  The most drastic change is the use of
-a "compool" strategy to manage resources allocated for a request ---
-the code in alloc.c keeps track of it all and allows it to be freed en
-bloc at the end of the request.  This strategy seems to be effective
-in stanching memory and descriptor leaks.
-
-Additional third-party modules can be found at
-<URL:http://www.apache.org/dist/contrib/modules/>.
-
-
-A brief code review:
-
-The code here can be divided into the server core (the http_* files,
-along with alloc.c and the various utility files), and several modules
-(the mod_* files).
-
-The core interfaces to modules through the "module" structure which
-describes each one.  There's a linked list of these things rooted at
-top_module, through which http_config.c dispatches when necessary.  The
-module structures themselves are defined at the bottom of the mod_foo
-files.  (Loading new modules dynamically at runtime should be simple;
-just push them onto the linked list.  The only complication is what to
-do with AddModule commands when the config files are reread,
-particularly if you find a module has been taken out).
-
-In addition to the core itself (which does have a module structure to
-hold its command tables, and the handlers for various phases of
-request handling which make it *barely* a web server on its own),
-the modules included here are the following:
-
-mod_mime.c --- deduction of MIME types and content-encodings from
-  filename extensions.  This module defines the AddType, AddEncoding,
-  and TypesConfig config-file directives.  This code is off in a
-  module by itself so that people who want to experiment with other
-  meta-information schemes can replace it, and still have content
-  negotiation work.
-
-mod_log_config.c --- logging in configurable or common log format.
-
-mod_auth.c --- HTTP authentication.  Defines the AuthUserFile and
-  AuthGroupFile directives (other auth-related commands are handled by
-  the core itself, so it knows which requests require it to poll the
-  modules for authentication handlers).
-
-mod_auth_dbm.c --- DBM auth.  Untested, and left out of the modules
-  list in modules.c because of that, but it does at least compile.
-  Grump. 
-
-mod_access.c --- access checking by DNS name or IP address; defines
-  the "order", "allow" and "deny" config-file commands.  (If this
-  module is compiled out, the server fails safe --- any attempt to
-  configure access control will die on a config file syntax error when
-  the relevant commands go unrecognized).
-
-mod_negotiation.c --- Content negotiation.  Defines the
-  CacheNegotiatedDocs config-file command.  Making this a module is
-  perhaps going overboard, but I wanted to see how far I could push
-  it. 
-
-mod_alias.c --- Alias command and file translation.
-
-mod_userdir.c --- ditto for Userdir.
-
-mod_cgi.c --- Common Gateway Interface.  Also defines ScriptAlias,
-  because scripts are treated slightly differently depending on
-  whether they are ScriptAliased or not (in particular, ExecCGI is not
-  required in the former case).
-
-mod_includes.c --- server-side includes.
-
-mod_dir.c --- defines a whole *raft* of commands; handles directories.
-
-mod_asis.c --- ASIS file handling.
-
-mod_dld.c --- the experimental runtime-code-loader described above.
-  You'll have to alter the makefile and modules.c to make this active
-  if you want it.
-
-
-
-As to the core, here's a brief review of what's where:
-
-http_protocol.c --- functions for dealing directly with the client.
-  Reading requests, writing replies of various sorts.  I've tried to
-  route all data transfer between server and client through here, so
-  there's a single piece of code to change if we want to add, say,
-  HTTP-NG packetization.  The major glaring exception is NPH- CGI
-  scripts; what *will* we do with those for HTTP-NG?
-
-http_request.c --- functions which direct the processing of requests,
-  including error handling.  Generally responsible for making sure
-  that the right module handlers get invoked, in the right order.
-  (This includes the "sub-request" mechanism, which is used by
-  includes and other stuff to ask about the status of particular
-  subfiles).
-
-http_core.c --- 
-  Contains the core module structure, its command table, and the
-  command handlers, also the filename translation routine, and the
-  like for the core.  (Basically, this is all of the core module stuff
-  which looks more or less like the boilerplate from the other modules).
-
-http_config.c --- Functions to read config files and dispatch to the
-  command handlers; also, routines to manage configuration vectors,
-  and to dispatch to modules' handlers for the various phases of
-  handling a request.  
-
-http_log.c --- just the error log.  Error handling is split between
-  http_protocol.c (for generating the default error responses) and
-  http_request.c (for executive handling, including ErrorDocument
-  invocation); transaction logging is in the modules.
-
-http_main.c --- System startup, restart, and accepting connections;
-  also timeout handling (which is pretty grotesque right now; ideas?)
-
-alloc.c --- allocation of all resources which might have to be reclaimed
-  eventually, including memory, files, and child processes.
-
diff --git a/usr.sbin/httpd/src/README.EAPI b/usr.sbin/httpd/src/README.EAPI
deleted file mode 100644
index ffd1dee4a77..00000000000
--- a/usr.sbin/httpd/src/README.EAPI
+++ /dev/null
@@ -1,340 +0,0 @@
-
- Extended API (EAPI)
- ===================
-
- What is EAPI
- ============
-
- Extended API (EAPI) is a comprehensive API addition which can be _OPTIONALLY_
- enabled with ``Rule EAPI=yes'' in src/Configuration or ``--enable-rule=EAPI''
- on the APACI configure command line. This then defines a -DEAPI and this way
- the EAPI code is compiled into Apache. When this define is not present _NO_
- EAPI code is compiled into Apache at all, because all(!) EAPI patches are
- encapsulated in #ifdef EAPI...#endif.
-
- What is provided by EAPI?
- =========================
-
- EAPI's additions to the Apache API fall into the following categories:
-
-    o  Context Attachment Support for Data Structures
-    o  Loosly-coupled Hook Interface for Inter-Module Communication
-    o  Direct and Pool-based Shared Memory Support 
-    o  Additional Apache Module Hooks
-    o  Specialized EAPI Goodies
-
- They are discussed in details now....
-
- Context Attachment Support for Data Structures
- ----------------------------------------------
-
- Attaching private information to a request_rec, conn_rec, server_rec or even
- BUFF structure is for a lot of modules the most elegant solution to keep
- states between API phases without the need for any global variables. That's
- especially true for modules which operate on lower I/O levels (where no
- per-module configuration structure is available) or have to deal with various
- callback functions of third-party libraries (where one need to find the
- private context which can be hard without global variables).
-
- The EAPI way to solve this situation is: 
-
- 1. A generic context library was written which allows one
-    to create a context and later store and retrieve context variables
-    identified by a unique key.
-
- 2. The Apache kernel was extended to provide contexts for all standard data
-    structures like request_rec, server_rec, conn_rec, BUFF, etc.  This way
-    modules can easily attach information to all these structures with the
-    help of the context API.
-
- Point 1 is implemented by new src/ap/ap_ctx.c and src/include/ap_ctx.h source
- files.  Point 2 is implemented by EAPI patches to various src/main/*.c and
- src/include/*.h files.
-
- Example:
- 
-  | /* a module implements on-the-fly compression for
-  |    the buffer code and for this uses a third-party library which 
-  |    don't uses a filedescriptor. Instead a CLIB* is used.  The module has to
-  |    attach this CLIB* to the BUFF in oder to have it available whenever a
-  |    BUFF is used somewhere. */
-  | BUFF *buff;
-  | CLIB *comp;
-  | comp = CLIB_new_from_fd(buff->fd);
-  | ap_ctx_set(buff->ctx, "CLIB", comp);
-  |   :
-  | 
-  | /* later when it deals with a BUFF, it can easily find back the
-  |    CLIB* via the BUFF* */
-  | comp = (CLIB *)ap_ctx_get(buff->ctx, "CLIB");
-  |   :
- 
- Possible use cases from practice are:
-  
-  o  attaching third-party structures to Apache structures
-  o  replacing global module variables with clean context variables
-  o  custom attachments for complex modules like mod_php, mod_php, etc.
-  o  companion support for the hook interface (see below)
-  o  etc. pp.
-
- Loosly-coupled Hook Interface for Inter-Module Communication
- ------------------------------------------------------------
-
- Apache is structured into modules which is a nice idea.  With the Dynamic
- Shared Object (DSO) facility it gets even nicer because then modules are then
- really stand-alone objects. The drawback is that DSO restricts modules.  The
- most popular problem is that no inter-module symbol references are allowed.
- The classical problem: Module A implements some nice functions module B would
- like to use to avoid reimplementing the wheel. But B cannot call A's
- functions because this violates both the design idea of stand-alone modules
- and the DSO restrictions. Additionally a module C could exists which also
- provides a variant of the functionality of A's function.  Then B should get
- the variant (either A's or C's) which is best or available at all.
- 
- Real Life Example:
-
- mod_rewrite provides %{XXXX} constructs to lookup variables.  The available
- variables are (and have to be) hard-coded into mod_rewrite. Now our mod_clib
- which does on-the-fly compression provides a variable CLIB_FACTOR which gives
- information about the shrink factor of the compression and a user wants to
- use this shrink factor to make an URL-rewriting decision (<grin>). No chance
- without EAPI.  With EAPI it's easy: Inside the if-cascade for the various
- variables in mod_rewrite one replaces:
-
-  | char *result;
-  | request_rec *r;
-  |    :
-  | if (strcasecmp(var, "...") == 0) {
-  |    :
-  | else if (strcasecmp(var, "SCRIPT_GROUP") == 0) {
-  |     result = ...
-  | }
-  | else {
-  |     if (result == NULL) {
-  |         ...complain...
-  |     }
-  | }
-  |    :
-
- with
-
-  | char *result;
-  | request_rec *r;
-  |    :
-  | if (strcasecmp(var, "...") == 0) {
-  |    :
-  | else if (strcasecmp(var, "SCRIPT_GROUP") == 0) {
-  |     result = ...
-  | }
-  | else {
-  |     ap_hook_use("ap::lookup_variable",
-  |                 AP_HOOK_SIG4(ptr,ptr,ptr,ctx), 
-  |                 AP_HOOK_DECLINE(NULL),
-  |                 &result, r, var);
-  |     if (result == NULL) {
-  |         ...complain...
-  |     }
-  | }
-  |    :
-
- What this does is that when XXXX of %{XXXX} isn't known, a hook named
- ap::lookup_variable is called with the request_rec and the var ("XXX") and
- the result variable. When no one has registered for this hook, nothing
- happens. ap_hook_use() immediately returns and nothing was changed. 
-
- But now let's assume mod_clib is additionally loaded as a DSO. And without
- changing anything now magically mod_rewrite implements %{CLIB_FACTOR}. How?
- Look inside mod_clib.c:
-
-  | /* mod_clib registeres for the ap::lookup_variable hook 
-  | inside it's init phase */
-  | CLIB *comp;
-  | ap_hook_register("ap::lookup_variable", 
-  |                  my_lookup_variable, AP_HOOK_CTX(comp));
-  |
-  | /* and implements the my_lookup_variable() function */
-  | char *my_lookup_variable(request_rec *r, char *name, CLIB *comp)
-  | {
-  |     if (strcmp(name, "CLIB_FACTOR") == 0)
-  |         return ap_psrintf(r->pool, "%d", comp->factor);
-  |     return NULL;
-  | }
-
- What happens? When mod_rewrite calls the ap_hook_use() function internally
- the hook facility knows that mod_clib has registered for this hook and calls
- the equivalent of
-
- |     result = my_lookup_variable(r, var, <comp>);
-
- where <comp> is the CLIB* context variable mod_clib has registered for
- itself. Now assume a second module exists which also provides variables and
- want to allow mod_rewrite to lookup them.  It registers after mod_clib with
-
- |      ap_hook_register("ap::lookup_variable", 
- |                        my_lookup_variable2, AP_HOOK_CTX(whatever));
- | 
-
- and then the following happens: The hook facility does for mod_rewrite the
- equivalent of:
-
- |      result = my_lookup_variable(r, var, <comp>);
- |      if (result == NULL)
- |          result = my_lookup_variable2(r, var, <whatever>);
-
- As you can see the hook functions decline in this example with NULL.  That's
- the NULL from AP_HOOK_DECLINE(NULL) and can be any value of any type, of
- course.
-
- The same idea can be also used by mod_log_config and every other module which
- wants to lookup a variable inside Apache. Which variables are available
- depend on the available modules which implement them. And this all works
- nicely with the DSO facility, because the ap_hook_xxx() API is part of the
- Apache kernel code. And nothing has to be changed inside Apache when another
- modules wants to create a new hook, because the mechanism is totally generic.
-
- So when our module A wants to let other modules to use it's function it just
- has to configure a hook for this.  Then other modules call this hook. Is
- module A not there the boolean return value of the hook call will indicate
- this. When module A is there the function is called.
-
- Direct and Pool-based Shared Memory Support
- -------------------------------------------
-
- Since years it was annoying that Apache's pre-forked process model basically
- means that every server lives it's own life (= address space) and this way
- module authors cannot easily spread module configuration or other data
- accross the processes.  The most elegant solution is to use shared memory
- segments.  The drawback is that there is no portable API for shared memory
- handling and there is no convinient memory allocation API for working inside
- shared memory segments.
-
- The EAPI way to solve this situation is: 
-
- 1. A stand-alone and resuable library was written (named MM from "memory
-    mapped" and available from http://www.engelschall.com/sw/mm/) which
-    abstracts the shared memory and memory mutex fiddling into a low-level
-    API.  Internally the shared memory and mutex functionality is implemented
-    in various platform-depended ways: 4.4BSD or POSIX.1 anonymous memory
-    mapping, /dev/zero-based memory mapping, temporary file memory mapping, or
-    SysV IPC shared memory for allocating the shared memory areas and POSIX.1
-    fcntl(2), BSD flock(2) or SysV IPC semaphores for implementing mutual
-    exclusion capabilities.
-
-    Additionally MM provides a high-level malloc()-style API based on this
-    abstracted shared memory low-level API. The idea is just to allocate the
-    requested memory chunks from shared memory segments instead of the heap.
-
- 2. EAPI now provides an easy method (with the EAPI_MM configuration 
-    variable) to build Apache against this MM library. For this the whole MM
-    API (mm_xxx() functions) is encapsulated in an Apache API subpart
-    (ap_mm_xxx() functions). This way the API is fixed and always present (no
-    #ifdef EAPI stuff in modules!), but useable only when EAPI was used in
-    conjunction with MM. A simple ``EAPI_MM=/path/to/mm ./configure
-    --enable-rule=EAPI ...'' is enough to put MM under the ap_mm_xxx() API.
-    This way modules can use a consistent, powerful and abstracted ap_mm_xxx()
-    API for dealing with shared memory.
-
- 3. Because inside Apache mostly all memory handling is done via the
-    pool facility, additional support for ``shared memory pools'' is provided.
-    This way modules can use all ap_pxxx() functions in combination with
-    shared memory.
-
- Point 1 is implemented inside the MM package. Point 2 is implemented by the
- new src/ap/ap_mm.c and src/include/ap_mm.h source files.  Point 3 is
- implemented by EAPI patches to src/main/alloc.c and src/include/alloc.h.
-
- Example:
-
- | /* inside a module init function (before the forking!)
- |    for instance a module allocates a structure with a counter
- |    in a shared memory segment */
- | pool *p;
- | pool *sp;
- | struct mystuff { int cnt } *my;
- | sp = ap_make_shared_sub_pool(p);
- | my = (struct mystuff *)ap_palloc(sp, sizeof(struct mystuff));
- | my->cnt = 0;
- | 
- |     :
- | /* then under request processing time it's changed by one process */
- | ap_acquire_pool(sp, AP_POOL_RW);
- | my->cnt++;
- | ap_release_pool(sp);
- |     :
- | 
- | /* and at the same time read by other processes */
- | ap_acquire_pool(sp, AP_POOL_RD);
- | ap_rprintf(r, "The counter is %d\n", my->cnt);
- | ap_release_pool(sp);
-
- Possible use cases from practice are:
-
-  o  assembling traffic or other accounting details
-  o  establishing of high-performance inter-process caches
-  o  inter-process wide keeping of session state information
-  o  shared memory support for mod_perl, mod_php, etc.
-  o  etc. pp.
-
- Additional Apache Module Hooks
- ------------------------------
-
- The above three EAPI additions are all very generic facilities.  But there
- were also specialized things which were missing in Apache (and needed by
- modules). Mostly additional API phases. EAPI adds the following additional
- hook pointers to the module structure:
-
- add_module: 
-     Called from within ap_add_module() right after the module structure
-     was linked into the Apache internal module list.  It is mainly
-     intended to be used to define configuration defines (<IfDefine>)
-     which have to be available directly after a LoadModule/AddModule.
-     Actually this is the earliest possible hook a module can use.  It's
-     especially important for the modules when they use the hook facility.
-
- remove_module: 
-     Called from within ap_remove_module() right before the module
-     structure is kicked out from the Apache internal module list.
-     Actually this is last possible hook a module can use and exists for
-     consistency with the add_module hook.
-
- rewrite_command:
-     Called right after a configuration directive line was read and
-     before it is processed. It is mainly intended to be used for
-     rewriting directives in order to provide backward compatibility to
-     old directive variants.
-
- new_connection:
-     Called from within the internal new_connection() function, right
-     after the conn_rec structure for the new established connection was
-     created and before Apache starts processing the request with
-     ap_read_request().  It is mainly intended to be used to setup/run
-     connection dependent things like sending start headers for
-     on-the-fly compression, etc.
-
- close_connection:
-     Called from within the Apache dispatching loop just before any
-     ap_bclose() is performed on the socket connection, but a long time
-     before any pool cleanups are done for the connection (which can be
-     too late for some applications).  It is mainly intended to be used
-     to close/finalize connection dependent things like sending end
-     headers for on-the-fly compression, etc.
-
- Specialized EAPI Goodies
- ------------------------
-
- And finally EAPI now uses some of the new functionality to add a few new
- EAPI-based goodies to mod_rewrite, mod_status and mod_proxy:
-
- mod_rewrite:
-     The above presented example of lookup hooks is implemented which allows
-     mod_rewrite to lookup arbitrary variables provides by not known modules.
-
- mod_status:
-     Any module now can register to an EAPI hook of mod_status which
-     allows it to put additional text on the /status webpages.
-
- mod_proxy:  
-     Some EAPI hooks are provided to allow other modules to control the HTTP
-     client processing inside mod_proxy.  This can be used for a lot of
-     tricks.
-
diff --git a/usr.sbin/httpd/src/ap/.indent.pro b/usr.sbin/httpd/src/ap/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/ap/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/ap/Makefile.tmpl b/usr.sbin/httpd/src/ap/Makefile.tmpl
deleted file mode 100644
index 0e6fe22ea2f..00000000000
--- a/usr.sbin/httpd/src/ap/Makefile.tmpl
+++ /dev/null
@@ -1,84 +0,0 @@
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-
-LIB=libap.a
-
-OBJS=ap_cpystrn.o ap_execve.o ap_fnmatch.o ap_getpass.o ap_md5c.o ap_signal.o \
-     ap_slack.o ap_snprintf.o ap_sha1.o ap_checkpass.o ap_base64.o ap_ebcdic.o \
-     ap_strtol.o ap_hook.o ap_ctx.o ap_mm.o
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-all: $(LIB)
-
-clean:
-	rm -f *.o *.a
-
-distclean: clean
-	-rm -f Makefile
-
-$(OBJS): Makefile
-
-$(LIB): $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-# DO NOT REMOVE
-ap_cpystrn.o: ap_cpystrn.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
-ap_execve.o: ap_execve.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
-ap_fnmatch.o: ap_fnmatch.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(OSDIR)/os-inline.c \
- $(INCDIR)/ap_ctype.h $(INCDIR)/fnmatch.h
-ap_getpass.o: ap_getpass.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(OSDIR)/os-inline.c \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap.h
-ap_md5c.o: ap_md5c.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(OSDIR)/os-inline.c \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/ap.h
-ap_sha1.o: ap_sha1.c $(INCDIR)/ap_config.h $(INCDIR)/ap_sha1.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(OSDIR)/os-inline.c
-ap_signal.o: ap_signal.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
-ap_slack.o: ap_slack.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_log.h
-ap_snprintf.o: ap_snprintf.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
-ap_strtol.o: ap_strtol.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
diff --git a/usr.sbin/httpd/src/ap/ap_base64.c b/usr.sbin/httpd/src/ap/ap_base64.c
deleted file mode 100644
index 0c36a7a9048..00000000000
--- a/usr.sbin/httpd/src/ap/ap_base64.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/* $OpenBSD: ap_base64.c,v 1.9 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* base64 encoder/decoder. Originally part of main/util.c
- * but moved here so that support/ab and ap_sha1.c could
- * use it. This meant removing the ap_palloc()s and adding
- * ugly 'len' functions, which is quite a nasty cost.
- */
-
-#include <string.h>
-
-#include "ap_config.h"
-#include "ap.h"
-
-
-/* aaaack but it's fast and const should make it shared text page. */
-static const unsigned char pr2six[256] =
-{
-	/* ASCII table */
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63,
-	52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
-	64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
-	15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64,
-	64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
-	41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64
-};
-
-API_EXPORT(int)
-ap_base64decode_len(const char *bufcoded)
-{
-	int nbytesdecoded;
-	const unsigned char *bufin;
-	int nprbytes;
-
-	bufin = (const unsigned char *) bufcoded;
-	while (pr2six[*(bufin++)] <= 63);
-
-	nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
-	nbytesdecoded = ((nprbytes + 3) / 4) * 3;
-
-	return nbytesdecoded + 1;
-}
-
-API_EXPORT(int)
-ap_base64decode(char *bufplain, const char *bufcoded)
-{
-	int len;
-
-	len = ap_base64decode_binary((unsigned char *) bufplain, bufcoded);
-	bufplain[len] = '\0';
-	return len;
-}
-
-/* This is the same as ap_base64udecode() except on EBCDIC machines, where
- * the conversion of the output to ebcdic is left out.
- */
-API_EXPORT(int)
-ap_base64decode_binary(unsigned char *bufplain, const char *bufcoded)
-{
-	int nbytesdecoded;
-	const unsigned char *bufin;
-	unsigned char *bufout;
-	int nprbytes;
-	bufin = (const unsigned char *) bufcoded;
-	while (pr2six[*(bufin++)] <= 63);
-	nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
-	nbytesdecoded = ((nprbytes + 3) / 4) * 3;
-
-	bufout = (unsigned char *) bufplain;
-	bufin = (const unsigned char *) bufcoded;
-
-	while (nprbytes > 4) {
-		*(bufout++) = (unsigned char) (pr2six[*bufin] << 2
-		    | pr2six[bufin[1]] >> 4);
-		*(bufout++) = (unsigned char) (pr2six[bufin[1]] << 4
-		    | pr2six[bufin[2]] >> 2);
-		*(bufout++) = (unsigned char) (pr2six[bufin[2]] << 6
-		    | pr2six[bufin[3]]);
-		bufin += 4;
-		nprbytes -= 4;
-	}
-
-	/* Note: (nprbytes == 1) would be an error, so just ingore that case */
-	if (nprbytes > 1)
-		*(bufout++) = (unsigned char) (pr2six[*bufin] << 2
-		    | pr2six[bufin[1]] >> 4);
-	if (nprbytes > 2)
-		*(bufout++) = (unsigned char) (pr2six[bufin[1]] << 4
-		    | pr2six[bufin[2]] >> 2);
-	if (nprbytes > 3)
-		*(bufout++) = (unsigned char) (pr2six[bufin[2]] << 6
-		    | pr2six[bufin[3]]);
-
-	nbytesdecoded -= (4 - nprbytes) & 3;
-	return nbytesdecoded;
-}
-
-static const char basis_64[] =
-"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-API_EXPORT(int)
-ap_base64encode_len(int len)
-{
-	return ((len + 2) / 3 * 4) + 1;
-}
-
-API_EXPORT(int)
-ap_base64encode(char *encoded, const char *string, int len)
-{
-	return ap_base64encode_binary(encoded, (const unsigned char *) string,
-	    len);
-}
-
-/* This is the same as ap_base64encode() except on EBCDIC machines, where
- * the conversion of the input to ascii is left out.
- */
-API_EXPORT(int)
-ap_base64encode_binary(char *encoded, const unsigned char *string, int len)
-{
-	int i;
-	char *p;
-
-	p = encoded;
-	for (i = 0; i < len - 2; i += 3) {
-		*p++ = basis_64[(string[i] >> 2) & 0x3F];
-		*p++ = basis_64[((string[i] & 0x3) << 4) |
-		    ((int) (string[i + 1] & 0xF0) >> 4)];
-		*p++ = basis_64[((string[i + 1] & 0xF) << 2) |
-		    ((int) (string[i + 2] & 0xC0) >> 6)];
-		*p++ = basis_64[string[i + 2] & 0x3F];
-	}
-	if (i < len) {
-		*p++ = basis_64[(string[i] >> 2) & 0x3F];
-		if (i == (len - 1)) {
-			*p++ = basis_64[((string[i] & 0x3) << 4)];
-			*p++ = '=';
-		}
-		else {
-			*p++ = basis_64[((string[i] & 0x3) << 4) |
-			    ((int) (string[i + 1] & 0xF0) >> 4)];
-			*p++ = basis_64[((string[i + 1] & 0xF) << 2)];
-		}
-		*p++ = '=';
-	}
-
-	*p++ = '\0';
-	return p - encoded;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_checkpass.c b/usr.sbin/httpd/src/ap/ap_checkpass.c
deleted file mode 100644
index fa04d403c7c..00000000000
--- a/usr.sbin/httpd/src/ap/ap_checkpass.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* $OpenBSD: ap_checkpass.c,v 1.9 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Simple password verify, which 'know's about various password
- * types, such as the simple base64 encoded crypt()s, MD5 $ marked
- * FreeBSD style and netscape SHA1's.
- */
-#include <string.h>
-
-#include "ap_config.h"
-#include "ap_md5.h"
-#include "ap_sha1.h"
-#include "ap.h"
-
-/*
- * Validate a plaintext password against a smashed one.  Use either
- * crypt() (if available), ap_MD5Encode() or ap_SHA1Encode depending
- * upon the format of the smashed input password.
- *
- * Return NULL if they match, or an explanatory text string if they don't.
- */
-
-API_EXPORT(char *)
-ap_validate_password(const char *passwd, const char *hash)
-{
-	char sample[120];
-
-	/* FreeBSD style MD5 string 
-	*/
-	if (strncmp(hash, AP_MD5PW_ID, AP_MD5PW_IDLEN) == 0)
-		ap_MD5Encode((const unsigned char *)passwd,
-		    (const unsigned char *)hash, sample, sizeof(sample));
-	/* Netscape / SHA1 ldap style strng  
-	*/
-	else if (strncmp(hash, AP_SHA1PW_ID, AP_SHA1PW_IDLEN) == 0)
-		ap_sha1_base64(passwd, strlen(passwd), sample);
-	/*
-	 * It's not our algorithm, so feed it to crypt() if possible.
-	 */
-	else
-		ap_cpystrn(sample, (char *)crypt(passwd, hash),
-		    sizeof(sample) - 1);
-	return (strcmp(sample, hash) == 0) ? NULL : "password mismatch";
-}
diff --git a/usr.sbin/httpd/src/ap/ap_cpystrn.c b/usr.sbin/httpd/src/ap/ap_cpystrn.c
deleted file mode 100644
index 0fba2bf4195..00000000000
--- a/usr.sbin/httpd/src/ap/ap_cpystrn.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* $OpenBSD: ap_cpystrn.c,v 1.7 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-
-/*
- * Apache's "replacement" for the strncpy() function. We roll our
- * own to implement these specific changes:
- *   (1) strncpy() doesn't always null terminate and we want it to.
- *   (2) strncpy() null fills, which is bogus, esp. when copy 8byte
- *       strings into 8k blocks.
- *   (3) Instead of returning the pointer to the beginning of
- *       the destination string, we return a pointer to the
- *       terminating '\0' to allow us to "check" for truncation
- *
- * ap_cpystrn() follows the same call structure as strncpy().
- */
-
-API_EXPORT(char *)
-ap_cpystrn(char *dst, const char *src, size_t dst_size)
-{
-
-	char *d, *end;
-
-	if (!dst_size)
-		return (dst);
-
-	d = dst;
-	end = dst + dst_size - 1;
-
-	for (; d < end; ++d, ++src)
-		if (!(*d = *src))
-			return (d);
-
-	*d = '\0';      /* always null terminate */
-
-	return (d);
-}
diff --git a/usr.sbin/httpd/src/ap/ap_ctx.c b/usr.sbin/httpd/src/ap/ap_ctx.c
deleted file mode 100644
index 0a1b9cb89c2..00000000000
--- a/usr.sbin/httpd/src/ap/ap_ctx.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/* $OpenBSD: ap_ctx.c,v 1.6 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-/*
-**  Generic Context Interface for Apache
-**  Written by Ralf S. Engelschall <rse@engelschall.com> 
-*/
-
-#include "httpd.h"
-#include "ap_config.h"
-#include "ap_ctx.h"
-
-API_EXPORT(ap_ctx *)
-ap_ctx_new(pool *p)
-{
-	ap_ctx *ctx;
-	int i;
-
-	if (p != NULL) {
-		ctx = (ap_ctx *)ap_palloc(p, sizeof(ap_ctx_rec));
-		ctx->cr_pool = p;
-		ctx->cr_entry = (ap_ctx_entry **)
-		    ap_palloc(p, sizeof(ap_ctx_entry *)*(AP_CTX_MAX_ENTRIES+1));
-	}
-	else {
-		ctx = (ap_ctx *)malloc(sizeof(ap_ctx_rec));
-		ctx->cr_pool = NULL;
-		ctx->cr_entry = (ap_ctx_entry **)
-		    malloc(sizeof(ap_ctx_entry *)*(AP_CTX_MAX_ENTRIES+1));
-	}
-	for (i = 0; i < AP_CTX_MAX_ENTRIES+1; i++)
-		ctx->cr_entry[i] = NULL;
-	return ctx;
-}
-
-API_EXPORT(void)
-ap_ctx_set(ap_ctx *ctx, char *key, void *val)
-{
-	int i;
-	ap_ctx_entry *ce;
-
-	ce = NULL;
-	for (i = 0; ctx->cr_entry[i] != NULL; i++) {
-		if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0) {
-			ce = ctx->cr_entry[i];
-			break;
-		}
-	}
-	if (ce == NULL) {
-		if (i == AP_CTX_MAX_ENTRIES)
-			return;
-		if (ctx->cr_pool != NULL) {
-			ce = (ap_ctx_entry *)ap_palloc(ctx->cr_pool,
-			    sizeof(ap_ctx_entry));
-			ce->ce_key = ap_pstrdup(ctx->cr_pool, key);
-		}
-		else {
-			ce = (ap_ctx_entry *)malloc(sizeof(ap_ctx_entry));
-			ce->ce_key = strdup(key);
-		}
-		ctx->cr_entry[i] = ce;
-		ctx->cr_entry[i+1] = NULL;
-	}
-	ce->ce_val = val;
-	return;
-}
-
-API_EXPORT(void *)
-ap_ctx_get(ap_ctx *ctx, char *key)
-{
-	int i;
-
-	for (i = 0; ctx->cr_entry[i] != NULL; i++)
-		if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0)
-			return ctx->cr_entry[i]->ce_val;
-	return NULL;
-}
-
-API_EXPORT(ap_ctx *)
-ap_ctx_overlay(pool *p, ap_ctx *over, ap_ctx *base)
-{
-	ap_ctx *new;
-	int i;
-
-	#ifdef POOL_DEBUG
-	if (p != NULL) {
-		if (!ap_pool_is_ancestor(over->cr_pool, p))
-		    ap_log_assert("ap_ctx_overlay: overlay's pool is not an"
-			" ancestor of p", __FILE__, __LINE__);
-		if (!ap_pool_is_ancestor(base->cr_pool, p))
-		    ap_log_assert("ap_ctx_overlay: base's pool is not an"
-			" ancestor of p", __FILE__, __LINE__);
-	}
-	#endif
-	if ((new = ap_ctx_new(p)) == NULL)
-		return NULL;
-	memcpy(new->cr_entry, base->cr_entry,
-	    sizeof(ap_ctx_entry *)*(AP_CTX_MAX_ENTRIES+1));
-	for (i = 0; over->cr_entry[i] != NULL; i++)
-		ap_ctx_set(new, over->cr_entry[i]->ce_key,
-		    over->cr_entry[i]->ce_val);
-	return new;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_ebcdic.c b/usr.sbin/httpd/src/ap/ap_ebcdic.c
deleted file mode 100644
index 752237ebcf3..00000000000
--- a/usr.sbin/httpd/src/ap/ap_ebcdic.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* $OpenBSD: ap_ebcdic.c,v 1.6 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-#include "httpd.h"
-#include "http_core.h"
-#include "http_config.h"
-#include "ap_config.h"
-
diff --git a/usr.sbin/httpd/src/ap/ap_execve.c b/usr.sbin/httpd/src/ap/ap_execve.c
deleted file mode 100644
index 0b89d4ebb1d..00000000000
--- a/usr.sbin/httpd/src/ap/ap_execve.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $OpenBSD: ap_execve.c,v 1.11 2005/03/28 21:03:33 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Portions of this code are under this license:
- *
- * Copyright (c) 1980, 1991 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "httpd.h"
-
-/*---------------------------------------------------------------*/
-
-extern void ap_execve_is_not_here(void);
-void
-ap_execve_is_not_here(void)
-{
-}
diff --git a/usr.sbin/httpd/src/ap/ap_fnmatch.c b/usr.sbin/httpd/src/ap/ap_fnmatch.c
deleted file mode 100644
index f6191e93c2a..00000000000
--- a/usr.sbin/httpd/src/ap/ap_fnmatch.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* $OpenBSD: ap_fnmatch.c,v 1.6 2011/09/17 15:20:57 stsp Exp $ */
-
-/*
- * Copyright (c) 1989, 1993, 1994
- *      The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
- * Compares a filename or pathname to a pattern.
- */
-
-#include "ap_config.h"
-#include "fnmatch.h"
-#include <string.h>
-#include <limits.h>
-
-#define EOS     '\0'
-
-/* Limit of recursion during matching attempts. */
-#define __FNM_MAX_RECUR	64
-
-static int __fnmatch(const char *, const char *, int, int);
-static const char *rangematch(const char *, int, int);
-
-API_EXPORT(int)
-ap_fnmatch(const char *pattern, const char *string, int flags)
-{
-	int e;
-
-	if (strnlen(pattern, PATH_MAX) == PATH_MAX ||
-	    strnlen(string, PATH_MAX) == PATH_MAX)
-		return (FNM_NOMATCH);
-		
-	e = __fnmatch(pattern, string, flags, __FNM_MAX_RECUR);
-	if (e == -1)
-		e = FNM_NOMATCH;
-	return (e);
-}
-
-int
-__fnmatch(const char *pattern, const char *string, int flags, int recur)
-{
-	const char *stringstart;
-	char c, test;
-	int e;
-
-	if (recur-- == 0)
-		return (-1);
-
-	for (stringstart = string;;) {
-		switch (c = *pattern++) {
-		case EOS:
-			return (*string == EOS ? 0 : FNM_NOMATCH);
-		case '?':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && (flags & FNM_PATHNAME))
-				return (FNM_NOMATCH);
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '*':
-			c = *pattern;
-			/* Collapse multiple stars. */
-			while (c == '*')
-				c = *++pattern;
-
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-
-			/* Optimize for pattern with * at end or before /. */
-			if (c == EOS) {
-				if (flags & FNM_PATHNAME)
-					return (strchr(string, '/') == NULL ? 0 : FNM_NOMATCH);
-				else
-					return (0);
-			}
-			else if (c == '/' && flags & FNM_PATHNAME) {
-				if ((string = strchr(string, '/')) == NULL)
-					return (FNM_NOMATCH);
-				break;
-			}
-
-			/* General case, use recursion. */
-			while ((test = *string) != EOS) {
-				e = __fnmatch(pattern, string,
-				    flags & ~FNM_PERIOD, recur);
-				if (e != FNM_NOMATCH)
-					return (e);
-				if (test == '/' && flags & FNM_PATHNAME)
-					break;
-				++string;
-			}
-			return (FNM_NOMATCH);
-		case '[':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && flags & FNM_PATHNAME)
-				return (FNM_NOMATCH);
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-			if ((pattern = rangematch(pattern, *string, flags))
-			    == NULL)
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '\\':
-			if (!(flags & FNM_NOESCAPE))
-				if ((c = *pattern++) == EOS) {
-					c = '\\';
-					--pattern;
-				}
-			/* FALLTHROUGH */
-		default:
-			if (flags & FNM_CASE_BLIND) {
-				if (ap_tolower(c) != ap_tolower(*string))
-					return (FNM_NOMATCH);
-			}
-			else if (c != *string)
-				return (FNM_NOMATCH);
-			string++;
-			break;
-		}
-	/* NOTREACHED */
-	}
-}
-
-static const char *
-rangematch(const char *pattern, int test, int flags)
-{
-	int negate, ok;
-	char c, c2;
-
-	/*
-	* A bracket expression starting with an unquoted circumflex
-	* character produces unspecified results (IEEE 1003.2-1992,
-	* 3.13.2).  This implementation treats it like '!', for
-	* consistency with the regular expression syntax.
-	* J.T. Conklin (conklin@ngai.kaleida.com)
-	*/
-	if ((negate = (*pattern == '!' || *pattern == '^')))
-		++pattern;
-
-	for (ok = 0; (c = *pattern++) != ']';) {
-		if (c == '\\' && !(flags & FNM_NOESCAPE))
-			c = *pattern++;
-		if (c == EOS)
-			return (NULL);
-		if (*pattern == '-' && (c2 = *(pattern + 1)) != EOS && c2
-		    != ']') {
-			pattern += 2;
-			if (c2 == '\\' && !(flags & FNM_NOESCAPE))
-				c2 = *pattern++;
-			if (c2 == EOS)
-				return (NULL);
-			if ((c <= test && test <= c2)
-			    || ((flags & FNM_CASE_BLIND)
-			    && ((ap_tolower(c) <= ap_tolower(test))
-			    && (ap_tolower(test) <= ap_tolower(c2)))))
-				ok = 1;
-		}
-		else if ((c == test) || ((flags & FNM_CASE_BLIND)
-		    && (ap_tolower(c) == ap_tolower(test))))
-			ok = 1;
-	}
-	return (ok == negate ? NULL : pattern);
-}
-
-
-/* This function is an Apache addition */
-/* return non-zero if pattern has any glob chars in it */
-API_EXPORT(int)
-ap_is_fnmatch(const char *pattern)
-{
-	int nesting;
-
-	nesting = 0;
-	while (*pattern) {
-		switch (*pattern) {
-		case '?':
-		case '*':
-			return 1;
-
-		case '\\':
-			if (*pattern++ == '\0')
-				return 0;
-			break;
-
-		case '[':    /* '[' is only a glob if it has a matching ']' */
-			++nesting;
-			break;
-
-		case ']':
-			if (nesting)
-				return 1;
-			break;
-		}
-		++pattern;
-	}
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_getpass.c b/usr.sbin/httpd/src/ap/ap_getpass.c
deleted file mode 100644
index b1804f0616a..00000000000
--- a/usr.sbin/httpd/src/ap/ap_getpass.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/* $OpenBSD: ap_getpass.c,v 1.8 2005/03/28 21:03:33 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-/*
- * ap_getpass.c: abstraction to provide for obtaining a password from the
- * command line in whatever way the OS supports.  In the best case, it's a
- * wrapper for the system library's getpass() routine; otherwise, we
- * use one we define ourselves.
- */
-
-#include "ap_config.h"
-#include <sys/types.h>
-#include <errno.h>
-#include "ap.h"
-
-#define LF 10
-#define CR 13
-
-#define MAX_STRING_LEN 256
-
-#define ERR_OVERFLOW 5
-
-/*
- * Use the OS getpass() routine (or our own) to obtain a password from
- * the input stream.
- *
- * Exit values:
- *  0: Success
- *  5: Partial success; entered text truncated to the size of the
- *     destination buffer
- *
- * Restrictions: Truncation also occurs according to the host system's
- * getpass() semantics, or at position 255 if our own version is used,
- * but the caller is *not* made aware of it.
- */
-
-API_EXPORT(int)
-ap_getpass(const char *prompt, char *pwbuf, size_t bufsiz)
-{
-	char *pw_got;
-	int result = 0;
-
-	pw_got = getpass(prompt);
-	if (strlen(pw_got) > (bufsiz - 1))
-		result = ERR_OVERFLOW;
-	ap_cpystrn(pwbuf, pw_got, bufsiz);
-	return result;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_hook.c b/usr.sbin/httpd/src/ap/ap_hook.c
deleted file mode 100644
index 56142de232f..00000000000
--- a/usr.sbin/httpd/src/ap/ap_hook.c
+++ /dev/null
@@ -1,817 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-/*
-**  Implementation of a Generic Hook Interface for Apache
-**  Written by Ralf S. Engelschall <rse@engelschall.com> 
-**
-**  See POD document at end of ap_hook.h for description.
-**  View it with the command ``pod2man ap_hook.h | nroff -man | more''
-**
-*/
-
-                                      /*
-                                       * Premature optimization is 
-                                       * the root of all evil.
-                                       *       -- D. E. Knuth
-                                       */
-
-#include "httpd.h"
-#include "http_log.h"
-#include "ap_config.h"
-#include "ap_hook.h"
-
-/* 
- * the internal hook pool
- */
-static ap_hook_entry **ap_hook_pool = NULL;
-
-/* 
- * forward prototypes for internal functions
- */
-static int            ap_hook_call_func(va_list ap, ap_hook_entry *he, ap_hook_func *hf);
-static ap_hook_entry *ap_hook_create(char *hook);
-static ap_hook_entry *ap_hook_find(char *hook);
-static void           ap_hook_destroy(ap_hook_entry *he);
-
-/*
- * Initialize the hook mechanism
- */
-API_EXPORT(void) ap_hook_init(void)
-{
-	int i;
-
-	if (ap_hook_pool != NULL)
-		return;
-	ap_hook_pool = (ap_hook_entry **)malloc(sizeof(ap_hook_entry *)
-	    *(AP_HOOK_MAX_ENTRIES+1));
-	for (i = 0; i < AP_HOOK_MAX_ENTRIES; i++)
-		ap_hook_pool[i] = NULL;
-	return;
-}
-
-/*
- * Kill the hook mechanism
- */
-API_EXPORT(void) ap_hook_kill(void)
-{
-	int i;
-
-	if (ap_hook_pool == NULL)
-		return;
-	for (i = 0; ap_hook_pool[i] != NULL; i++)
-		ap_hook_destroy(ap_hook_pool[i]);
-	free(ap_hook_pool);
-	ap_hook_pool = NULL;
-	return;
-}
-    
-/*
- * Smart creation of a hook (when it exist this is the same as
- * ap_hook_find, when it doesn't exists it is created)
- */
-static ap_hook_entry *ap_hook_create(char *hook)
-{
-	int i;
-	ap_hook_entry *he;
-
-	for (i = 0; ap_hook_pool[i] != NULL; i++)
-		if (strcmp(ap_hook_pool[i]->he_hook, hook) == 0)
-			return ap_hook_pool[i];
-
-	if (i >= AP_HOOK_MAX_ENTRIES)
-		return NULL;
-
-	if ((he = (ap_hook_entry *)malloc(sizeof(ap_hook_entry))) == NULL)
-		return NULL;
-	ap_hook_pool[i] = he;
-
-	he->he_hook          = strdup(hook);
-	he->he_sig           = AP_HOOK_SIG_UNKNOWN;
-	he->he_modeid        = AP_HOOK_MODE_UNKNOWN;
-	he->he_modeval.v_int = 0;
-
-	he->he_func = (ap_hook_func **)malloc(sizeof(ap_hook_func *)
-	    *(AP_HOOK_MAX_FUNCS+1));
-	if (he->he_func == NULL)
-		return FALSE;
-
-	for (i = 0; i < AP_HOOK_MAX_FUNCS; i++)
-		he->he_func[i] = NULL;
-	return he;
-}
-
-/*
- * Find a particular hook
- */
-static ap_hook_entry *ap_hook_find(char *hook)
-{
-	int i;
-
-	for (i = 0; ap_hook_pool[i] != NULL; i++)
-		if (strcmp(ap_hook_pool[i]->he_hook, hook) == 0)
-			return ap_hook_pool[i];
-	return NULL;
-}
-
-/*
- * Destroy a particular hook
- */
-static void ap_hook_destroy(ap_hook_entry *he)
-{
-	int i;
-
-	if (he == NULL)
-		return;
-	free(he->he_hook);
-	for (i = 0; he->he_func[i] != NULL; i++)
-		free(he->he_func[i]);
-	free(he->he_func);
-	free(he);
-	return;
-}
-
-/*
- * Configure a particular hook, 
- * i.e. remember its signature and return value mode
- */
-API_EXPORT(int) ap_hook_configure(char *hook, ap_hook_sig sig, ap_hook_mode modeid, ...)
-{
-	ap_hook_entry *he;
-	va_list ap;
-	int rc;
-
-	va_start(ap, modeid);
-	if ((he = ap_hook_create(hook)) == NULL)
-	rc = FALSE;
-	else {
-		he->he_sig = sig;
-		he->he_modeid = modeid;
-		if (modeid == AP_HOOK_MODE_DECLINE || modeid == AP_HOOK_MODE_DECLTMP) {
-			if (AP_HOOK_SIG_HAS(sig, RC, char))
-				he->he_modeval.v_char = va_arg(ap, va_type(char));
-			else if (AP_HOOK_SIG_HAS(sig, RC, int))
-				he->he_modeval.v_int = va_arg(ap, va_type(int));
-			else if (AP_HOOK_SIG_HAS(sig, RC, long))
-				he->he_modeval.v_long = va_arg(ap, va_type(long));
-			else if (AP_HOOK_SIG_HAS(sig, RC, float))
-				he->he_modeval.v_float = va_arg(ap, va_type(float));
-			else if (AP_HOOK_SIG_HAS(sig, RC, double))
-				he->he_modeval.v_double = va_arg(ap, va_type(double));
-			else if (AP_HOOK_SIG_HAS(sig, RC, ptr))
-				he->he_modeval.v_ptr = va_arg(ap, va_type(ptr));
-		}
-		rc = TRUE;
-	}
-	va_end(ap);
-	return rc;
-}
-
-/*
- * Register a function to call for a hook
- */
-API_EXPORT(int) ap_hook_register_I(char *hook, void *func, void *ctx)
-{
-	int i, j;
-	ap_hook_entry *he;
-	ap_hook_func *hf;
-
-	if ((he = ap_hook_create(hook)) == NULL)
-		return FALSE;
-
-	for (i = 0; he->he_func[i] != NULL; i++)
-		if (he->he_func[i]->hf_ptr == func)
-			return FALSE;
-
-	if (i == AP_HOOK_MAX_FUNCS)
-		return FALSE;
-
-	if ((hf = (ap_hook_func *)malloc(sizeof(ap_hook_func))) == NULL)
-		return FALSE;
-
-	for (j = i; j >= 0; j--)
-		he->he_func[j+1] = he->he_func[j];
-	he->he_func[0] = hf;
-
-	hf->hf_ptr = func;
-	hf->hf_ctx = ctx;
-
-	return TRUE;
-}
-
-/*
- * Unregister a function to call for a hook
- */
-API_EXPORT(int) ap_hook_unregister_I(char *hook, void *func)
-{
-	int i, j;
-	ap_hook_entry *he;
-
-	if ((he = ap_hook_find(hook)) == NULL)
-		return FALSE;
-	for (i = 0; he->he_func[i] != NULL; i++) {
-		if (he->he_func[i]->hf_ptr == func) {
-			free(he->he_func[i]);
-			for (j = i; he->he_func[j] != NULL; j++)
-				he->he_func[j] = he->he_func[j+1];
-			return TRUE;
-			}
-	}
-	return FALSE;
-}
-
-/*
- * Retrieve the status of a particular hook
- */
-API_EXPORT(ap_hook_state) ap_hook_status(char *hook)
-{
-	ap_hook_entry *he;
-
-	if ((he = ap_hook_find(hook)) == NULL)
-		return AP_HOOK_STATE_NOTEXISTANT;
-	if (   he->he_func[0] != NULL
-	    && he->he_sig != AP_HOOK_SIG_UNKNOWN
-	    && he->he_modeid != AP_HOOK_MODE_UNKNOWN)
-		return AP_HOOK_STATE_REGISTERED;
-	if (   he->he_sig != AP_HOOK_SIG_UNKNOWN
-	    && he->he_modeid != AP_HOOK_MODE_UNKNOWN)
-		return AP_HOOK_STATE_CONFIGURED;
-	return AP_HOOK_STATE_ESTABLISHED;
-}
-
-/*
- * Use a hook, i.e. optional on-the-fly configure it before calling it
- */
-API_EXPORT(int) ap_hook_use(char *hook, ap_hook_sig sig, ap_hook_mode modeid, ...)
-{
-	int i;
-	ap_hook_value modeval;
-	ap_hook_entry *he;
-	va_list ap;
-	int rc;
-
-	va_start(ap, modeid);
-
-	if (modeid == AP_HOOK_MODE_DECLINE || modeid == AP_HOOK_MODE_DECLTMP) {
-		if (AP_HOOK_SIG_HAS(sig, RC, char))
-			modeval.v_char = va_arg(ap, va_type(char));
-		else if (AP_HOOK_SIG_HAS(sig, RC, int))
-			modeval.v_int = va_arg(ap, va_type(int));
-		else if (AP_HOOK_SIG_HAS(sig, RC, long))
-			modeval.v_long = va_arg(ap, va_type(long));
-		else if (AP_HOOK_SIG_HAS(sig, RC, float))
-			modeval.v_float = va_arg(ap, va_type(float));
-		else if (AP_HOOK_SIG_HAS(sig, RC, double))
-			modeval.v_double = va_arg(ap, va_type(double));
-		else if (AP_HOOK_SIG_HAS(sig, RC, ptr))
-			modeval.v_ptr = va_arg(ap, va_type(ptr));
-	}
-
-	if ((he = ap_hook_create(hook)) == NULL)
-		return FALSE;
-
-	if (he->he_sig == AP_HOOK_SIG_UNKNOWN)
-		he->he_sig = sig;
-	if (he->he_modeid == AP_HOOK_MODE_UNKNOWN) {
-		he->he_modeid  = modeid;
-		he->he_modeval = modeval;
-	}
-
-	for (i = 0; he->he_func[i] != NULL; i++)
-		if (ap_hook_call_func(ap, he, he->he_func[i]))
-			break;
-
-	if (i > 0 && he->he_modeid == AP_HOOK_MODE_ALL)
-		rc = TRUE;
-	else if (i == AP_HOOK_MAX_FUNCS || he->he_func[i] == NULL)
-		rc = FALSE;
-	else
-		rc = TRUE;
-
-	va_end(ap);
-	return rc;
-}
-
-/*
- * Call a hook
- */
-API_EXPORT(int) ap_hook_call(char *hook, ...)
-{
-	int i;
-	ap_hook_entry *he;
-	va_list ap;
-	int rc;
-
-	va_start(ap, hook);
-
-	if ((he = ap_hook_find(hook)) == NULL) {
-		va_end(ap);
-		return FALSE;
-	}
-	if (   he->he_sig == AP_HOOK_SIG_UNKNOWN
-	    || he->he_modeid == AP_HOOK_MODE_UNKNOWN) {
-		va_end(ap);
-		return FALSE;
-	}
-
-	for (i = 0; he->he_func[i] != NULL; i++)
-		if (ap_hook_call_func(ap, he, he->he_func[i]))
-			break;
-
-	if (i > 0 && he->he_modeid == AP_HOOK_MODE_ALL)
-		rc = TRUE;
-	else if (i == AP_HOOK_MAX_FUNCS || he->he_func[i] == NULL)
-		rc = FALSE;
-	else
-		rc = TRUE;
-
-	va_end(ap);
-	return rc;
-}
-
-static int ap_hook_call_func(va_list ap, ap_hook_entry *he, ap_hook_func *hf)
-{
-	void *v_rc;
-	ap_hook_value v_tmp;
-	int rc;
-
-	/*
-	* Now we dispatch the various function calls. We support function
-	* signatures with up to 9 types (1 return type, 8 argument types) where
-	* each argument can have 7 different types (ctx, char, int, long, float,
-	* double, ptr), so theoretically there are 9^7 (=4782969) combinations
-	* possible.  But because we don't need all of them, of course, we
-	* implement only the following well chosen subset (duplicates are ok):
-	*
-	* 1. `The basic hook'.
-	*
-	*    void func()
-	*
-	* 2. The standard set of signatures which form all combinations of
-	*    int&ptr based signatures for up to 3 arguments. We provide
-	*    them per default for module authors.
-	*
-	*    int func()
-	*    ptr func()
-	*    int func(int)
-	*    int func(ptr)
-	*    ptr func(int)
-	*    ptr func(ptr)
-	*    int func(int,int)
-	*    int func(int,ptr)
-	*    int func(ptr,int)
-	*    int func(ptr,ptr)
-	*    ptr func(int,int)
-	*    ptr func(int,ptr)
-	*    ptr func(ptr,int)
-	*    ptr func(ptr,ptr)
-	*    int func(int,int,int)
-	*    int func(int,int,ptr)
-	*    int func(int,ptr,int)
-	*    int func(int,ptr,ptr)
-	*    int func(ptr,int,int)
-	*    int func(ptr,int,ptr)
-	*    int func(ptr,ptr,int)
-	*    int func(ptr,ptr,ptr)
-	*    ptr func(int,int,int)
-	*    ptr func(int,int,ptr)
-	*    ptr func(int,ptr,int)
-	*    ptr func(int,ptr,ptr)
-	*    ptr func(ptr,int,int)
-	*    ptr func(ptr,int,ptr)
-	*    ptr func(ptr,ptr,int)
-	*    ptr func(ptr,ptr,ptr)
-	*
-	* 3. Actually currently used hooks.
-	*
-	*    int   func(ptr)                          [2x]
-	*    int   func(ptr,ptr)                      [2x]
-	*    int   func(ptr,ptr,int)                  [5x]
-	*    int   func(ptr,ptr,ptr,int)              [1x]
-	*    int   func(ptr,ptr,ptr,int,ptr)          [1x]
-	*    int   func(ptr,ptr,ptr,ptr,int)          [1x]
-	*    int   func(ptr,ptr,ptr,ptr,int,ptr)      [1x]
-	*    ptr   func(ptr,ptr)                      [3x]
-	*    ptr   func(ptr,ptr,ptr,ptr,ptr)          [1x]
-	*    void  func(ptr)                          [2x]
-	*    void  func(ptr,int,int)                  [1x]
-	*    void  func(ptr,ptr)                      [5x]
-	*    void  func(ptr,ptr,ptr)                  [3x]
-	*    void  func(ptr,ptr,ptr,ptr)              [2x]
-	*
-	* To simplify the programming task we generate the actual dispatch code
-	* for these calls via the embedded Perl script at the end of this source
-	* file. This script parses the above lines and generates the section
-	* below.  So, when you need more signature variants just add them to the
-	* above list and run
-	*
-	*     $ perl ap_hook.c
-	*
-	* This automatically updates the above code.
-	*/
-
-	rc = TRUE;
-	v_rc = NULL;
-	if (!AP_HOOK_SIG_HAS(he->he_sig, RC, void)) {
-		if (he->he_modeid == AP_HOOK_MODE_DECLTMP) {
-			/* the return variable is a temporary one */ 
-			if (AP_HOOK_SIG_HAS(he->he_sig, RC, char))
-				v_rc = &v_tmp.v_char;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, int))
-				v_rc = &v_tmp.v_int;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, long))
-				v_rc = &v_tmp.v_long;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, float))
-				v_rc = &v_tmp.v_float;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, double))
-				v_rc = &v_tmp.v_double;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, ptr))
-				v_rc = &v_tmp.v_ptr;
-		}
-		else {
-			/* the return variable is provided by caller */ 
-			v_rc = va_arg(ap, void *);
-		}
-	}
-
-	/* ----BEGIN GENERATED SECTION-------- */
-	if (he->he_sig == AP_HOOK_SIG1(void)) {
-		/* Call: void func() */
-		((void(*)())(hf->hf_ptr))();
-	}
-	else if (he->he_sig == AP_HOOK_SIG1(int)) {
-		/* Call: int func() */
-		*((int *)v_rc) = ((int(*)())(hf->hf_ptr))();
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG1(ptr)) {
-		/* Call: ptr func() */
-		*((void * *)v_rc) = ((void *(*)())(hf->hf_ptr))();
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(int, int)) {
-		/* Call: int func(int) */
-		int   v1 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(int))(hf->hf_ptr))(v1);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(int, ptr)) {
-		/* Call: int func(ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *))(hf->hf_ptr))(v1);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(ptr, int)) {
-		/* Call: ptr func(int) */
-		int   v1 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(int))(hf->hf_ptr))(v1);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(ptr, ptr)) {
-		/* Call: ptr func(ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *))(hf->hf_ptr))(v1);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(int, int, int)) {
-		/* Call: int func(int,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(int, int))(hf->hf_ptr))(v1, v2);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(int, int, ptr)) {
-		/* Call: int func(int,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(int, void *))(hf->hf_ptr))(v1, v2);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(int, ptr, int)) {
-		/* Call: int func(ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, int))(hf->hf_ptr))(v1, v2);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(int, ptr, ptr)) {
-		/* Call: int func(ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *))(hf->hf_ptr))(v1, v2);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(ptr, int, int)) {
-		/* Call: ptr func(int,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(int, int))(hf->hf_ptr))(v1, v2);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(ptr, int, ptr)) {
-		/* Call: ptr func(int,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(int, void *))(hf->hf_ptr))(v1, v2);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(ptr, ptr, int)) {
-		/* Call: ptr func(ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(void *, int))(hf->hf_ptr))(v1, v2);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(ptr, ptr, ptr)) {
-		/* Call: ptr func(ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *, void *))(hf->hf_ptr))(v1, v2);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, int, int, int)) {
-		/* Call: int func(int,int,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(int, int, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, int, int, ptr)) {
-		/* Call: int func(int,int,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(int, int, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, int, ptr, int)) {
-		/* Call: int func(int,ptr,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		int   v3 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(int, void *, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, int, ptr, ptr)) {
-		/* Call: int func(int,ptr,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(int, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, ptr, int, int)) {
-		/* Call: int func(ptr,int,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, int, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, ptr, int, ptr)) {
-		/* Call: int func(ptr,int,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, int, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, ptr, ptr, int)) {
-		/* Call: int func(ptr,ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		int   v3 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, void *, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, ptr, ptr, ptr)) {
-		/* Call: int func(ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, int, int, int)) {
-		/* Call: ptr func(int,int,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(int, int, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, int, int, ptr)) {
-		/* Call: ptr func(int,int,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(int, int, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, int, ptr, int)) {
-		/* Call: ptr func(int,ptr,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		int   v3 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(int, void *, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, int, ptr, ptr)) {
-		/* Call: ptr func(int,ptr,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(int, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, ptr, int, int)) {
-		/* Call: ptr func(ptr,int,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(void *, int, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, ptr, int, ptr)) {
-		/* Call: ptr func(ptr,int,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *, int, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, ptr, ptr, int)) {
-		/* Call: ptr func(ptr,ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		int   v3 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(void *, void *, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, ptr, ptr, ptr)) {
-		/* Call: ptr func(ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG5(int, ptr, ptr, ptr, int)) {
-		/* Call: int func(ptr,ptr,ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		int   v4 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, int))(hf->hf_ptr))(v1, v2, v3, v4);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG6(int, ptr, ptr, ptr, int, ptr)) {
-		/* Call: int func(ptr,ptr,ptr,int,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		int   v4 = va_arg(ap, va_type(int));
-		void *v5 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, int, void *))(hf->hf_ptr))(v1, v2, v3, v4, v5);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG6(int, ptr, ptr, ptr, ptr, int)) {
-		/* Call: int func(ptr,ptr,ptr,ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		int   v5 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, void *, int))(hf->hf_ptr))(v1, v2, v3, v4, v5);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG6(int, ptr, ptr, ptr, ptr, ptr)) {
-		/* Call: int func(ptr,ptr,ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		void *v5 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, void *, void *))(hf->hf_ptr))(v1, v2, v3, v4, v5);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG7(int, ptr, ptr, ptr, ptr, int, ptr)) {
-		/* Call: int func(ptr,ptr,ptr,ptr,int,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		int   v5 = va_arg(ap, va_type(int));
-		void *v6 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, void *, int, void *))(hf->hf_ptr))(v1, v2, v3, v4, v5, v6);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG6(ptr, ptr, ptr, ptr, ptr, ptr)) {
-		/* Call: ptr func(ptr,ptr,ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		void *v5 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *, void *, void *, void *, void *))(hf->hf_ptr))(v1, v2, v3, v4, v5);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(void, ptr)) {
-		/* Call: void func(ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		((void(*)(void *))(hf->hf_ptr))(v1);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(void, ptr, int, int)) {
-		/* Call: void func(ptr,int,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		((void(*)(void *, int, int))(hf->hf_ptr))(v1, v2, v3);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(void, ptr, ptr)) {
-		/* Call: void func(ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		((void(*)(void *, void *))(hf->hf_ptr))(v1, v2);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(void, ptr, ptr, ptr)) {
-		/* Call: void func(ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		((void(*)(void *, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-	}
-	else if (he->he_sig == AP_HOOK_SIG5(void, ptr, ptr, ptr, ptr)) {
-		/* Call: void func(ptr,ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		((void(*)(void *, void *, void *, void *))(hf->hf_ptr))(v1, v2, v3, v4);
-	}
-	/* ----END GENERATED SECTION---------- */
-	else
-		ap_log_assert("hook signature not implemented", __FILE__, 0);
-
-	if (he->he_modeid == AP_HOOK_MODE_ALL)
-		rc = FALSE;
-	else if (he->he_modeid == AP_HOOK_MODE_TOPMOST)
-		rc = TRUE;
-
-	return rc;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_md5c.c b/usr.sbin/httpd/src/ap/ap_md5c.c
deleted file mode 100644
index 9f03e5f48aa..00000000000
--- a/usr.sbin/httpd/src/ap/ap_md5c.c
+++ /dev/null
@@ -1,297 +0,0 @@
-/* $OpenBSD: ap_md5c.c,v 1.11 2009/10/31 13:29:07 sobrado Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * The ap_MD5Encode() routine uses much code obtained from the FreeBSD 3.0
- * MD5 crypt() function, which is licenced as follows:
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- */
-
-#include <string.h>
-
-#include "ap_config.h"
-#include "ap_md5.h"
-#include "ap.h"
-
-static void Encode(unsigned char *output, const UINT4 *input, unsigned int len);
-static void Decode(UINT4 *output, const unsigned char *input, unsigned int len);
-
-API_EXPORT(void)
-ap_MD5Init(AP_MD5_CTX *context)
-{
-	MD5Init(context);
-}
-
-API_EXPORT(void)
-ap_MD5Update(AP_MD5_CTX *context, const unsigned char *input,
-    unsigned int inputLen)
-{
-	MD5Update(context, input, inputLen);
-}
-
-API_EXPORT(void)
-ap_MD5Final(unsigned char digest[16], AP_MD5_CTX *context)
-{
-	MD5Final(digest, context);
-}
-
-/* Encodes input (UINT4) into output (unsigned char). Assumes len is
-   a multiple of 4.
- */
-static void
-Encode(unsigned char *output, const UINT4 *input, unsigned int len)
-{
-	unsigned int i, j;
-	UINT4 k;
-
-	for (i = 0, j = 0; j < len; i++, j += 4) {
-		k = input[i];
-		output[j] = (unsigned char) (k & 0xff);
-		output[j + 1] = (unsigned char) ((k >> 8) & 0xff);
-		output[j + 2] = (unsigned char) ((k >> 16) & 0xff);
-		output[j + 3] = (unsigned char) ((k >> 24) & 0xff);
-	}
-}
-
-/* Decodes input (unsigned char) into output (UINT4). Assumes len is
- * a multiple of 4.
- */
-static void
-Decode(UINT4 *output, const unsigned char *input, unsigned int len)
-{
-	unsigned int i, j;
-
-	for (i = 0, j = 0; j < len; i++, j += 4)
-		output[i] = ((UINT4) input[j]) | (((UINT4) input[j + 1]) << 8) |
-		    (((UINT4) input[j + 2]) << 16)
-		    | (((UINT4) input[j + 3]) << 24);
-}
-
-/*
- * The following MD5 password encryption code was largely borrowed from
- * the FreeBSD 3.0 /usr/src/lib/libcrypt/crypt.c file, which is
- * licenced as stated at the top of this file.
- */
-API_EXPORT(void)
-ap_to64(char *s, unsigned long v, int n)
-{
-	static unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
-	    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
-	while (--n >= 0) {
-		*s++ = itoa64[v&0x3f];
-		v >>= 6;
-	}
-}
-
-API_EXPORT(void)
-ap_MD5Encode(const unsigned char *pw, const unsigned char *salt, char *result,
-    size_t nbytes)
-{
-	/*
-	* Minimum size is 8 bytes for salt, plus 1 for the trailing NUL,
-	* plus 4 for the '$' separators, plus the password hash itself.
-	* Let's leave a goodly amount of leeway.
-	*/
-
-	char passwd[120], *p;
-	const unsigned char *sp, *ep;
-	unsigned char final[16];
-	int i;
-	unsigned int sl;
-	int pl;
-	unsigned int pwlen;
-	MD5_CTX ctx, ctx1;
-	unsigned long l;
-
-	/* 
-	* Refine the salt first.  It's possible we were given an already-hashed
-	* string as the salt argument, so extract the actual salt value from it
-	* if so.  Otherwise just use the string up to the first '$' as the salt.
-	*/
-	sp = salt;
-
-	/*
-	* If it starts with the magic string, then skip that.
-	*/
-	if (strncmp((char *)sp, AP_MD5PW_ID, AP_MD5PW_IDLEN) == 0)
-		sp += AP_MD5PW_IDLEN;
-
-	/*
-	* It stops at the first '$' or 8 chars, whichever comes first
-	*/
-	for (ep = sp; (*ep != '\0') && (*ep != '$') && (ep < (sp + 8)); ep++)
-		continue;
-
-	/*
-	* Get the length of the true salt
-	*/
-	sl = ep - sp;
-
-	/*
-	* 'Time to make the doughnuts..'
-	*/
-	MD5Init(&ctx);
-
-	pwlen = strlen((char *)pw);
-	/*
-	* The password first, since that is what is most unknown
-	*/
-	MD5Update(&ctx, pw, pwlen);
-
-	/*
-	* Then our magic string
-	*/
-	MD5Update(&ctx, (const unsigned char *) AP_MD5PW_ID, AP_MD5PW_IDLEN);
-
-	/*
-	* Then the raw salt
-	*/
-	MD5Update(&ctx, sp, sl);
-
-	/*
-	* Then just as many characters of the MD5(pw, salt, pw)
-	*/
-	MD5Init(&ctx1);
-	MD5Update(&ctx1, pw, pwlen);
-	MD5Update(&ctx1, sp, sl);
-	MD5Update(&ctx1, pw, pwlen);
-	MD5Final(final, &ctx1);
-	for(pl = pwlen; pl > 0; pl -= 16)
-		MD5Update(&ctx, final, (pl > 16) ? 16 : (unsigned int) pl);
-
-	/*
-	* Don't leave anything around in vm they could use.
-	*/
-	memset(final, 0, sizeof(final));
-
-	/*
-	* Then something really weird...
-	*/
-	for (i = pwlen; i != 0; i >>= 1) {
-		if (i & 1)
-		    MD5Update(&ctx, final, 1);
-		else
-		    MD5Update(&ctx, pw, 1);
-	}
-
-	/*
-	* Now make the output string.  We know our limitations, so we
-	* can use the string routines without bounds checking.
-	*/
-	ap_cpystrn(passwd, AP_MD5PW_ID, AP_MD5PW_IDLEN + 1);
-	ap_cpystrn(passwd + AP_MD5PW_IDLEN, (char *)sp, sl + 1);
-	passwd[AP_MD5PW_IDLEN + sl]     = '$';
-	passwd[AP_MD5PW_IDLEN + sl + 1] = '\0';
-
-	MD5Final(final, &ctx);
-
-	/*
-	* And now, just to make sure things don't run too fast..
-	* On a 60 MHz Pentium this takes 34 msec, so you would
-	* need 30 seconds to build a 1000 entry dictionary...
-	*/
-	for (i = 0; i < 1000; i++) {
-		MD5Init(&ctx1);
-		if (i & 1)
-		    MD5Update(&ctx1, pw, pwlen);
-		else
-		    MD5Update(&ctx1, final, 16);
-		if (i % 3)
-		    MD5Update(&ctx1, sp, sl);
-
-		if (i % 7)
-		    MD5Update(&ctx1, pw, pwlen);
-
-		if (i & 1)
-		    MD5Update(&ctx1, final, 16);
-		else
-		    MD5Update(&ctx1, pw, pwlen);
-		MD5Final(final,&ctx1);
-	}
-
-	p = passwd + strlen(passwd);
-
-	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; ap_to64(p, l, 4);
-	p += 4;
-	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; ap_to64(p, l, 4);
-	p += 4;
-	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; ap_to64(p, l, 4);
-	p += 4;
-	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; ap_to64(p, l, 4);
-	p += 4;
-	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; ap_to64(p, l, 4);
-	p += 4;
-	l =                    final[11]                ; ap_to64(p, l, 2);
-	p += 2;
-	*p = '\0';
-
-	/*
-	* Don't leave anything around in vm they could use.
-	*/
-	memset(final, 0, sizeof(final));
-
-	ap_cpystrn(result, passwd, nbytes - 1);
-}
diff --git a/usr.sbin/httpd/src/ap/ap_mm.c b/usr.sbin/httpd/src/ap/ap_mm.c
deleted file mode 100644
index 4392ad10af0..00000000000
--- a/usr.sbin/httpd/src/ap/ap_mm.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/* $OpenBSD: ap_mm.c,v 1.4 2005/03/28 21:03:33 niallo Exp $ */
-
-/* ====================================================================
- * Copyright (c) 1999-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- */
-
-/*
-**  ap_mm.c -- wrapper for MM shared memory library
-**
-**  This file has two reason:
-**
-**  1. Under DSO context we need stubs inside the Apache core code
-**     to make sure the MM library's code is actually available
-**     to the module DSOs.
-**
-**  2. When the MM library cannot be built on the current platform
-**     still provide dummy stubs so modules using the ap_mm_xxx()
-**     functions can be still built. But modules should use
-**     ap_mm_useable() to find out whether they really can use
-**     the MM stuff.
-*/
-                                       /*
-                                        * "What you see is all you get."
-                                        *     -- Brian Kernighan
-                                        */
-#include "httpd.h"
-#include "ap_mm.h"
-
-#ifdef EAPI_MM
-#include "mm.h"
-API_EXPORT(int) ap_mm_useable(void) { return TRUE;  }
-#define STUB(val,nul)               { return val;   }
-#define STUB_STMT(stmt)             { stmt; return; }
-#else
-API_EXPORT(int) ap_mm_useable(void) { return FALSE; }
-#define STUB(val,nul)               { return nul;   }
-#define STUB_STMT(stmt)             { return;       }
-#endif
-
-API_EXPORT(int) ap_MM_create(size_t size, char *file)
-    STUB(MM_create(size, file), FALSE)
-API_EXPORT(int) ap_MM_permission(mode_t mode, uid_t owner, gid_t group)
-    STUB(MM_permission(mode, owner, group), -1)
-API_EXPORT(void) ap_MM_destroy(void)
-    STUB_STMT(MM_destroy())
-API_EXPORT(int) ap_MM_lock(ap_mm_lock_mode mode)
-    STUB(MM_lock(mode), FALSE)
-API_EXPORT(int) ap_MM_unlock(void)
-    STUB(MM_unlock(), FALSE)
-API_EXPORT(void *) ap_MM_malloc(size_t size)
-    STUB(MM_malloc(size), NULL)
-API_EXPORT(void *) ap_MM_realloc(void *ptr, size_t size)
-    STUB(MM_realloc(ptr, size), NULL)
-API_EXPORT(void) ap_MM_free(void *ptr)
-    STUB_STMT(MM_free(ptr))
-API_EXPORT(void *) ap_MM_calloc(size_t number, size_t size)
-    STUB(MM_calloc(number, size), NULL)
-API_EXPORT(char *) ap_MM_strdup(const char *str)
-    STUB(MM_strdup(str), NULL)
-API_EXPORT(size_t) ap_MM_sizeof(void *ptr)
-    STUB(MM_sizeof(ptr), 0)
-API_EXPORT(size_t) ap_MM_maxsize(void)
-    STUB(MM_maxsize(), 0)
-API_EXPORT(size_t) ap_MM_available(void)
-    STUB(MM_available(), 0)
-API_EXPORT(char *) ap_MM_error(void)
-    STUB(MM_error(), NULL)
-
-API_EXPORT(AP_MM *) ap_mm_create(size_t size, char *file)
-    STUB(mm_create(size, file), NULL)
-API_EXPORT(int) ap_mm_permission(AP_MM *mm, mode_t mode, uid_t owner,
-    gid_t group)
-    STUB(mm_permission(mm, mode, owner, group), -1)
-API_EXPORT(void) ap_mm_destroy(AP_MM *mm)
-    STUB_STMT(mm_destroy(mm))
-API_EXPORT(int) ap_mm_lock(AP_MM *mm, ap_mm_lock_mode mode)
-    STUB(mm_lock(mm, mode), FALSE)
-API_EXPORT(int) ap_mm_unlock(AP_MM *mm)
-    STUB(mm_unlock(mm), FALSE)
-API_EXPORT(void *) ap_mm_malloc(AP_MM *mm, size_t size)
-    STUB(mm_malloc(mm, size), NULL)
-API_EXPORT(void *) ap_mm_realloc(AP_MM *mm, void *ptr, size_t size)
-    STUB(mm_realloc(mm, ptr, size), NULL)
-API_EXPORT(void) ap_mm_free(AP_MM *mm, void *ptr)
-    STUB_STMT(mm_free(mm, ptr))
-API_EXPORT(void *) ap_mm_calloc(AP_MM *mm, size_t number, size_t size)
-    STUB(mm_calloc(mm, number, size), NULL)
-API_EXPORT(char *) ap_mm_strdup(AP_MM *mm, const char *str)
-    STUB(mm_strdup(mm, str), NULL)
-API_EXPORT(size_t) ap_mm_sizeof(AP_MM *mm, void *ptr)
-    STUB(mm_sizeof(mm, ptr), 0)
-API_EXPORT(size_t) ap_mm_maxsize(void)
-    STUB(mm_maxsize(), 0)
-API_EXPORT(size_t) ap_mm_available(AP_MM *mm)
-    STUB(mm_available(mm), 0)
-API_EXPORT(char *) ap_mm_error(void)
-    STUB(mm_error(), NULL)
-API_EXPORT(void) ap_mm_display_info(AP_MM *mm)
-    STUB_STMT(mm_display_info(mm))
-
-API_EXPORT(void *) ap_mm_core_create(size_t size, char *file)
-    STUB(mm_core_create(size, file), NULL)
-API_EXPORT(int) ap_mm_core_permission(void *core, mode_t mode, uid_t owner,
-    gid_t group)
-    STUB(mm_core_permission(core, mode, owner, group), -1)
-API_EXPORT(void) ap_mm_core_delete(void *core)
-    STUB_STMT(mm_core_delete(core))
-API_EXPORT(size_t) ap_mm_core_size(void *core)
-    STUB(mm_core_size(core), 0)
-API_EXPORT(int) ap_mm_core_lock(void *core, ap_mm_lock_mode mode)
-    STUB(mm_core_lock(core, mode), FALSE)
-API_EXPORT(int) ap_mm_core_unlock(void *core)
-    STUB(mm_core_unlock(core), FALSE)
-API_EXPORT(size_t) ap_mm_core_maxsegsize(void)
-    STUB(mm_core_maxsegsize(), 0)
-API_EXPORT(size_t) ap_mm_core_align2page(size_t size)
-    STUB(mm_core_align2page(size), 0)
-API_EXPORT(size_t) ap_mm_core_align2word(size_t size)
-    STUB(mm_core_align2word(size), 0)
-
-API_EXPORT(void) ap_mm_lib_error_set(unsigned int type, const char *str)
-    STUB_STMT(mm_lib_error_set(type, str))
-API_EXPORT(char *) ap_mm_lib_error_get(void)
-    STUB(mm_lib_error_get(), NULL)
-API_EXPORT(int) ap_mm_lib_version(void)
-    STUB(mm_lib_version(), 0)
diff --git a/usr.sbin/httpd/src/ap/ap_sha1.c b/usr.sbin/httpd/src/ap/ap_sha1.c
deleted file mode 100644
index 6a1dac0733e..00000000000
--- a/usr.sbin/httpd/src/ap/ap_sha1.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* $OpenBSD: ap_sha1.c,v 1.9 2005/03/28 21:03:33 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- *
- * The exported function:
- *
- *       ap_sha1_base64(const char *clear, int len, char *out);
- *
- * provides a means to SHA1 crypt/encode a plaintext password in
- * a way which makes password files compatible with those commonly
- * used in netscape web and ldap installations. It was put together
- * by Clinton Wong <clintdw@netcom.com>, who also notes that:
- *
- * Note: SHA1 support is useful for migration purposes, but is less
- *     secure than Apache's password format, since Apache's (MD5)
- *     password format uses a random eight character salt to generate
- *     one of many possible hashes for the same password.  Netscape
- *     uses plain SHA1 without a salt, so the same password
- *     will always generate the same hash, making it easier
- *     to break since the search space is smaller.
- *
- * See also the documentation in support/SHA1 as to hints on how to
- * migrate an existing netscape installation and other supplied utitlites.
- *
- * This software also makes use of the following component:
- *
- * NIST Secure Hash Algorithm
- *      heavily modified by Uwe Hollerbach uh@alumni.caltech edu
- *      from Peter C. Gutmann's implementation as found in
- *      Applied Cryptography by Bruce Schneier
- *      This code is hereby placed in the public domain
- */
-
-#include <string.h>
-
-#include "ap_config.h"
-#include "ap_sha1.h"
-#include "ap.h"
-
-
-API_EXPORT(void)
-ap_SHA1Init(AP_SHA1_CTX *sha_info)
-{
-	SHA1Init(sha_info);
-}
-
-/* update the SHA digest */
-
-API_EXPORT(void)
-ap_SHA1Update_binary(AP_SHA1_CTX *sha_info, const unsigned char *buffer,
-    unsigned int count)
-{
-	SHA1Update(sha_info, buffer, count);
-}
-
-API_EXPORT(void)
-ap_SHA1Update(AP_SHA1_CTX *sha_info, const char *buf, unsigned int count)
-{
-	SHA1Update(sha_info, (const unsigned char *) buf, count);
-}
-
-/* finish computing the SHA digest */
-
-API_EXPORT(void)
-ap_SHA1Final(unsigned char digest[SHA_DIGESTSIZE], AP_SHA1_CTX *sha_info)
-{
-	SHA1Final(digest, sha_info);
-}
-
-
-API_EXPORT(void)
-ap_sha1_base64(const char *clear, int len, char *out)
-{
-	int l;
-	AP_SHA1_CTX context;
-	unsigned char digest[SHA_DIGESTSIZE];
-
-	if (strncmp(clear, AP_SHA1PW_ID, AP_SHA1PW_IDLEN) == 0)
-		clear += AP_SHA1PW_IDLEN;
-
-	ap_SHA1Init(&context);
-	ap_SHA1Update(&context, clear, len);
-	ap_SHA1Final(digest, &context);
-
-	/* private marker. */
-	ap_cpystrn(out, AP_SHA1PW_ID, AP_SHA1PW_IDLEN + 1);
-
-	/* SHA1 hash is always 20 chars */
-	l = ap_base64encode_binary(out + AP_SHA1PW_IDLEN, digest,
-	    sizeof(digest));
-	out[l + AP_SHA1PW_IDLEN] = '\0';
-
-	/*
-	* output of base64 encoded SHA1 is always 28 chars + AP_SHA1PW_IDLEN
-	*/
-}
diff --git a/usr.sbin/httpd/src/ap/ap_signal.c b/usr.sbin/httpd/src/ap/ap_signal.c
deleted file mode 100644
index 290bde940c4..00000000000
--- a/usr.sbin/httpd/src/ap/ap_signal.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/* $OpenBSD: ap_signal.c,v 1.9 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-
-/*
- * Replace standard signal() with the more reliable sigaction equivalent
- * from W. Richard Stevens' "Advanced Programming in the UNIX Environment"
- * (the version that does not automatically restart system calls).
- */
-Sigfunc *
-signal(int signo, Sigfunc * func)
-{
-	struct sigaction act, oact;
-
-	act.sa_handler = func;
-	sigemptyset(&act.sa_mask);
-	act.sa_flags = 0;
-	if (sigaction(signo, &act, &oact) < 0)
-		return SIG_ERR;
-	return oact.sa_handler;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_slack.c b/usr.sbin/httpd/src/ap/ap_slack.c
deleted file mode 100644
index eb62078ebbd..00000000000
--- a/usr.sbin/httpd/src/ap/ap_slack.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * ap_slack.c: File descriptor preallocation
- *
- * 3/21/93 Rob McCool
- * 1995-96 Many changes by the Apache Group
- *
- */
-
-#include "httpd.h"
-#include "http_log.h"
-
-int ap_slack(int fd, int line)
-{
-	static int low_warned;
-	int new_fd;
-
-	/* otherwise just assume line == AP_SLACK_LOW */
-	if (fd >= LOW_SLACK_LINE) {
-		return fd;
-	}
-	new_fd = fcntl(fd, F_DUPFD, LOW_SLACK_LINE);
-	if (new_fd == -1) {
-		if (!low_warned) {
-		/* Give them a warning here, because we really can't predict
-		* how libraries and such are going to fail.  If we can't
-		* do this F_DUPFD there's a good chance that apache has too
-		* few descriptors available to it.  Note we don't warn on
-		* the high line, because if it fails we'll eventually try
-		* the low line...
-		*/
-			ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				"unable to open a file descriptor above %u, "
-				"you may need to increase the number of descriptors",
-				LOW_SLACK_LINE);
-			low_warned = 1;
-		}
-		return fd;
-	}
-	close(fd);
-	return new_fd;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_snprintf.c b/usr.sbin/httpd/src/ap/ap_snprintf.c
deleted file mode 100644
index aad2a402838..00000000000
--- a/usr.sbin/httpd/src/ap/ap_snprintf.c
+++ /dev/null
@@ -1,1231 +0,0 @@
-/* $OpenBSD: ap_snprintf.c,v 1.17 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * This code is based on, and used with the permission of, the
- * SIO stdio-replacement strx_* functions by Panos Tsirigotis
- * <panos@alumni.cs.colorado.edu> for xinetd.
- */
-
-#include "httpd.h"
-
-#include <stdio.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <stdarg.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <math.h>
-
-typedef enum {
-        NO = 0, YES = 1
-} boolean_e;
-
-#ifndef FALSE
-#define FALSE			0
-#endif
-#ifndef TRUE
-#define TRUE			1
-#endif
-#define NUL			'\0'
-#define WIDE_INT		long
-
-typedef WIDE_INT wide_int;
-typedef unsigned WIDE_INT u_wide_int;
-typedef intmax_t widest_int;
-typedef uintmax_t u_widest_int;
-typedef int bool_int;
-
-#define S_NULL			"(null)"
-#define S_NULL_LEN		6
-
-#define FLOAT_DIGITS		6
-#define EXPONENT_LENGTH		10
-
-/*
- * NUM_BUF_SIZE is the size of the buffer used for arithmetic conversions
- *
- * XXX: this is a magic number; do not decrease it
- */
-#define NUM_BUF_SIZE		512
-
-/*
- * cvt.c - IEEE floating point formatting routines for FreeBSD
- * from GNU libc-4.6.27.  Modified to be thread safe.
- */
-
-/*
- *    ap_ecvt converts to decimal
- *      the number of digits is specified by ndigit
- *      decpt is set to the position of the decimal point
- *      sign is set to 0 for positive, 1 for negative
- */
-
-#define	NDIG	80
-
-/* buf must have at least NDIG bytes */
-static char *
-ap_cvt(double arg, int ndigits, int *decpt, int *sign, int eflag, char *buf)
-{
-	int r2;
-	double fi, fj;
-	char *p, *p1;
-
-	if (ndigits >= NDIG - 1)
-		ndigits = NDIG - 2;
-	r2 = 0;
-	*sign = 0;
-	p = &buf[0];
-	if (arg < 0) {
-		*sign = 1;
-		arg = -arg;
-	}
-	arg = modf(arg, &fi);
-	p1 = &buf[NDIG];
-	/*
-	* Do integer part
-	*/
-	if (fi != 0) {
-		p1 = &buf[NDIG];
-		while (p1 > &buf[0] && fi != 0) {
-			fj = modf(fi / 10, &fi);
-			*--p1 = (int) ((fj + .03) * 10) + '0';
-			r2++;
-		}
-		while (p1 < &buf[NDIG])
-			*p++ = *p1++;
-	}
-	else if (arg > 0) {
-		while ((fj = arg * 10) < 1) {
-			arg = fj;
-			r2--;
-		}
-	}
-	p1 = &buf[ndigits];
-	if (eflag == 0)
-		p1 += r2;
-	*decpt = r2;
-	if (p1 < &buf[0]) {
-		buf[0] = '\0';
-		return (buf);
-	}
-	while (p <= p1 && p < &buf[NDIG]) {
-		arg *= 10;
-		arg = modf(arg, &fj);
-		*p++ = (int) fj + '0';
-	}
-	if (p1 >= &buf[NDIG]) {
-		buf[NDIG - 1] = '\0';
-		return (buf);
-	}
-	p = p1;
-	*p1 += 5;
-	while (*p1 > '9') {
-		*p1 = '0';
-		if (p1 > buf)
-			++ * --p1;
-		else {
-			*p1 = '1';
-			(*decpt)++;
-			if (eflag == 0) {
-				if (p > buf)
-					*p = '0';
-				p++;
-			}
-		}
-	}
-	*p = '\0';
-	return (buf);
-	}
-
-	static char
-	*ap_ecvt(double arg, int ndigits, int *decpt, int *sign, char *buf)
-	{
-	return (ap_cvt(arg, ndigits, decpt, sign, 1, buf));
-	}
-
-	static char *
-	ap_fcvt(double arg, int ndigits, int *decpt, int *sign, char *buf)
-	{
-	return (ap_cvt(arg, ndigits, decpt, sign, 0, buf));
-}
-
-/*
- * ap_gcvt  - Floating output conversion to
- * minimal length string
- */
-
-static char
-*ap_gcvt(double number, int ndigit, char *buf, boolean_e altform)
-{
-	int sign, decpt;
-	char *p1, *p2;
-	int i;
-	char buf1[NDIG];
-
-	p1 = ap_ecvt(number, ndigit, &decpt, &sign, buf1);
-	p2 = buf;
-	if (sign)
-		*p2++ = '-';
-	for (i = ndigit - 1; i > 0 && p1[i] == '0'; i--)
-		ndigit--;
-	if ((decpt >= 0 && decpt - ndigit > 4)
-	    || (decpt < 0 && decpt < -3)) {             /* use E-style */
-		decpt--;
-		*p2++ = *p1++;
-		*p2++ = '.';
-		for (i = 1; i < ndigit; i++)
-		    *p2++ = *p1++;
-		*p2++ = 'e';
-		if (decpt < 0) {
-		    decpt = -decpt;
-		    *p2++ = '-';
-		}
-		else
-		    *p2++ = '+';
-		if (decpt / 100 > 0)
-		    *p2++ = decpt / 100 + '0';
-		if (decpt / 10 > 0)
-		    *p2++ = (decpt % 100) / 10 + '0';
-		*p2++ = decpt % 10 + '0';
-	}
-	else {
-		if (decpt <= 0) {
-			if (*p1 != '0')
-				*p2++ = '.';
-			while (decpt < 0) {
-				decpt++;
-				*p2++ = '0';
-			}
-		}
-		for (i = 1; i <= ndigit; i++) {
-			*p2++ = *p1++;
-			if (i == decpt)
-				*p2++ = '.';
-		}
-		if (ndigit < decpt) {
-			while (ndigit++ < decpt)
-				*p2++ = '0';
-			*p2++ = '.';
-		}
-	}
-	if (p2[-1] == '.' && !altform)
-		p2--;
-	*p2 = '\0';
-	return (buf);
-}
-
-/*
- * The INS_CHAR macro inserts a character in the buffer and writes
- * the buffer back to disk if necessary
- * It uses the char pointers sp and bep:
- *      sp points to the next available character in the buffer
- *      bep points to the end-of-buffer+1
- * While using this macro, note that the nextb pointer is NOT updated.
- *
- * NOTE: Evaluation of the c argument should not have any side-effects
- */
-#define INS_CHAR(c, sp, bep, cc)                                \
-                {                                               \
-                if (sp >= bep) {                                \
-                        vbuff->curpos = sp;                     \
-                        if (flush_func(vbuff))                  \
-                                return -1;                      \
-                        sp = vbuff->curpos;                     \
-                        bep = vbuff->endpos;                    \
-                }                                               \
-                *sp++ = (c);                                    \
-                cc++;                                           \
-        }
-
-#define NUM( c )                        ( c - '0' )
-
-#define STR_TO_DEC( str, num )          \
-    num = NUM( *str++ ) ;               \
-    while ( ap_isdigit( *str ) )        \
-    {                                   \
-        num *= 10 ;                     \
-        num += NUM( *str++ ) ;          \
-    }
-
-/*
- * This macro does zero padding so that the precision
- * requirement is satisfied. The padding is done by
- * adding '0's to the left of the string that is going
- * to be printed. We don't allow precision to be large
- * enough that we continue past the start of s.
- *
- * NOTE: this makes use of the magic info that s is
- * always based on num_buf with a size of NUM_BUF_SIZE.
- */
-#define FIX_PRECISION( adjust, precision, s, s_len )    \
-    if ( adjust ) {                                     \
-        int p = precision < NUM_BUF_SIZE - 1 ? precision : NUM_BUF_SIZE - 1; \
-        while ( s_len < p )                             \
-        {                                               \
-            *--s = '0' ;                                \
-            s_len++ ;                                   \
-        }                                               \
-    }
-
-/*
- * Macro that does padding. The padding is done by printing
- * the character ch.
- */
-#define PAD( width, len, ch )   do              \
-        {                                       \
-            INS_CHAR( ch, sp, bep, cc ) ;       \
-            width-- ;                           \
-        }                                       \
-        while ( width > len )
-
-/*
- * Prefix the character ch to the string str
- * Increase length
- * Set the has_prefix flag
- */
-#define PREFIX( str, length, ch )	 *--str = ch ; length++ ; has_prefix = YES
-
-
-/*
- * Convert num to its decimal format.
- * Return value:
- *   - a pointer to a string containing the number (no sign)
- *   - len contains the length of the string
- *   - is_negative is set to TRUE or FALSE depending on the sign
- *     of the number (always set to FALSE if is_unsigned is TRUE)
- *
- * The caller provides a buffer for the string: that is the buf_end argument
- * which is a pointer to the END of the buffer + 1 (i.e. if the buffer
- * is declared as buf[ 100 ], buf_end should be &buf[ 100 ])
- *
- * Note: we have 2 versions. One is used when we need to use quads
- * (conv_10_quad), the other when we don't (conv_10). We're assuming the
- * latter is faster.
- */
-static char *
-conv_10(wide_int num, bool_int is_unsigned,
-    bool_int *is_negative, char *buf_end, int *len)
-{
-	char *p = buf_end;
-	u_wide_int magnitude;
-
-	if (is_unsigned) {
-		magnitude = (u_wide_int) num;
-		*is_negative = FALSE;
-	}
-	else {
-		*is_negative = (num < 0);
-
-		/*
-		 * On a 2's complement machine, negating the most negative
-		 * integer results in a number that cannot be represented as
-		 * a signed integer.
-		 * Here is what we do to obtain the number's magnitude:
-		 *      a. add 1 to the number
-		 *      b. negate it (becomes positive)
-		 *      c. convert it to unsigned
-		 *      d. add 1
-		 */
-		if (*is_negative) {
-			wide_int t = num + 1;
-
-			magnitude = ((u_wide_int) -t) + 1;
-		}
-		else
-			magnitude = (u_wide_int) num;
-	}
-
-	/*
-	* We use a do-while loop so that we write at least 1 digit 
-	*/
-	do {
-		u_wide_int new_magnitude = magnitude / 10;
-
-		*--p = (char) (magnitude - new_magnitude * 10 + '0');
-		magnitude = new_magnitude;
-	}
-	while (magnitude);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-static char *
-conv_10_quad(widest_int num, bool_int is_unsigned,
-    bool_int *is_negative, char *buf_end, int *len)
-{
-	char *p = buf_end;
-	u_widest_int magnitude;
-
-	/*
-	* We see if we can use the faster non-quad version by checking the
-	* number against the largest long value it can be. If <=, we
-	* punt to the quicker version.
-	*/
-	if ((num <= ULONG_MAX && is_unsigned) ||
-	    (num <= LONG_MAX && !is_unsigned))
-		return(conv_10( (wide_int)num, is_unsigned, is_negative,
-		    buf_end, len));
-
-	if (is_unsigned) {
-		magnitude = (u_widest_int) num;
-		*is_negative = FALSE;
-	}
-	else {
-		*is_negative = (num < 0);
-
-		/*
-		 * On a 2's complement machine, negating the most negative
-		 * integer * results in a number that cannot be represented as
-		 * a signed integer.
-		 * Here is what we do to obtain the number's magnitude:
-		 *      a. add 1 to the number
-		 *      b. negate it (becomes positive)
-		 *      c. convert it to unsigned
-		 *      d. add 1
-		 */
-		if (*is_negative) {
-			widest_int t = num + 1;
-
-			magnitude = ((u_widest_int) -t) + 1;
-		}
-		else
-			magnitude = (u_widest_int) num;
-	}
-
-	/*
-	* We use a do-while loop so that we write at least 1 digit 
-	*/
-	do {
-		u_widest_int new_magnitude = magnitude / 10;
-
-		*--p = (char) (magnitude - new_magnitude * 10 + '0');
-		magnitude = new_magnitude;
-	}
-	while (magnitude);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-
-
-static char*
-conv_in_addr(struct in_addr *ia, char *buf_end, int *len)
-{
-	unsigned addr = ntohl(ia->s_addr);
-	char *p = buf_end;
-	bool_int is_negative;
-	int sub_len;
-
-	p = conv_10((addr & 0x000000FF)      , TRUE, &is_negative, p, &sub_len);
-	*--p = '.';
-	p = conv_10((addr & 0x0000FF00) >>  8, TRUE, &is_negative, p, &sub_len);
-	*--p = '.';
-	p = conv_10((addr & 0x00FF0000) >> 16, TRUE, &is_negative, p, &sub_len);
-	*--p = '.';
-	p = conv_10((addr & 0xFF000000) >> 24, TRUE, &is_negative, p, &sub_len);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-
-
-static char *
-conv_sockaddr_in(struct sockaddr_in *si, char *buf_end, int *len)
-{
-	char *p = buf_end;
-	bool_int is_negative;
-	int sub_len;
-
-	p = conv_10(ntohs(si->sin_port), TRUE, &is_negative, p, &sub_len);
-	*--p = ':';
-	p = conv_in_addr(&si->sin_addr, p, &sub_len);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-
-
-/*
- * Convert a floating point number to a string formats 'f', 'e' or 'E'.
- * The result is placed in buf, and len denotes the length of the string
- * The sign is returned in the is_negative argument (and is not placed
- * in buf).
- */
-static char *
-conv_fp(char format, double num, boolean_e add_dp,
-    int precision, bool_int *is_negative, char *buf, int *len, int buflen)
-{
-	char *s = buf;
-	char *p;
-	int decimal_point;
-	char buf1[NDIG];
-
-	if (format == 'f')
-		p = ap_fcvt(num, precision, &decimal_point, is_negative, buf1);
-	else                    /* either e or E format */
-		p = ap_ecvt(num, precision + 1, &decimal_point, is_negative,
-		    buf1);
-	/*
-	* Check for Infinity and NaN
-	*/
-	if (ap_isalpha(*p)) {
-		*len = strlcpy(buf, p, buflen);
-		/* we really need the wanted len here */
-		*is_negative = FALSE;
-		return (buf);
-	}
-
-	if (format == 'f') {
-		if (decimal_point <= 0) {
-			*s++ = '0';
-			if (precision > 0) {
-				*s++ = '.';
-				while (decimal_point++ < 0)
-					*s++ = '0';
-			}
-			else if (add_dp)
-				*s++ = '.';
-		}
-		else {
-			while (decimal_point-- > 0)
-				*s++ = *p++;
-			if (precision > 0 || add_dp)
-				*s++ = '.';
-		}
-	}
-	else {
-		*s++ = *p++;
-		if (precision > 0 || add_dp)
-			*s++ = '.';
-	}
-
-	/*
-	* copy the rest of p, the NUL is NOT copied
-	*/
-	while (*p)
-		*s++ = *p++;
-
-	if (format != 'f') {
-		char temp[EXPONENT_LENGTH];     /* for exponent conversion */
-		int t_len;
-		bool_int exponent_is_negative;
-
-		*s++ = format;          /* either e or E */
-		decimal_point--;
-		if (decimal_point != 0) {
-			p = conv_10((wide_int) decimal_point, FALSE,
-			    &exponent_is_negative, &temp[EXPONENT_LENGTH],
-			    &t_len);
-			*s++ = exponent_is_negative ? '-' : '+';
-
-			/*
-			* Make sure the exponent has at least 2 digits
-			*/
-			if (t_len == 1)
-				*s++ = '0';
-			while (t_len--)
-				*s++ = *p++;
-		}
-		else {
-			*s++ = '+';
-			*s++ = '0';
-			*s++ = '0';
-		}
-	}
-	*len = s - buf;
-	return (buf);
-}
-
-
-/*
- * Convert num to a base X number where X is a power of 2. nbits determines X.
- * For example, if nbits is 3, we do base 8 conversion
- * Return value:
- *      a pointer to a string containing the number
- *
- * The caller provides a buffer for the string: that is the buf_end argument
- * which is a pointer to the END of the buffer + 1 (i.e. if the buffer
- * is declared as buf[ 100 ], buf_end should be &buf[ 100 ])
- *
- * As with conv_10, we have a faster version which is used when
- * the number isn't quad size.
- */
-static char *
-conv_p2(u_wide_int num, int nbits, char format, char *buf_end,
-    int *len)
-{
-	int mask = (1 << nbits) - 1;
-	char *p = buf_end;
-	static const char low_digits[] = "0123456789abcdef";
-	static const char upper_digits[] = "0123456789ABCDEF";
-	const char *digits = (format == 'X') ? upper_digits :
-	    low_digits;
-
-	do {
-		*--p = digits[num & mask];
-		num >>= nbits;
-	}
-	while (num);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-static char *
-conv_p2_quad(u_widest_int num, int nbits, char format,
-    char *buf_end, int *len)
-{
-	int mask = (1 << nbits) - 1;
-	char *p = buf_end;
-	static const char low_digits[] = "0123456789abcdef";
-	static const char upper_digits[] = "0123456789ABCDEF";
-	const char *digits = (format == 'X') ? upper_digits :
-	    low_digits;
-
-	if (num <= ULONG_MAX)
-		return(conv_p2( (u_wide_int)num, nbits, format, buf_end, len));
-
-	do {
-		*--p = digits[num & mask];
-		num >>= nbits;
-	}
-	while (num);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-
-/*
- * Do format conversion placing the output in buffer
- */
-API_EXPORT(int)
-ap_vformatter(int (*flush_func)(ap_vformatter_buff *),
-    ap_vformatter_buff *vbuff, const char *fmt, va_list ap)
-{
-	char *sp;
-	char *bep;
-	int cc = 0;
-	int i;
-
-	char *s = NULL;
-	char *q;
-	int s_len;
-
-	int min_width = 0;
-	int precision = 0;
-	enum {
-	LEFT, RIGHT
-	} adjust;
-	char pad_char;
-	char prefix_char;
-
-	double fp_num;
-	widest_int i_quad = (widest_int) 0;
-	u_widest_int ui_quad;
-	wide_int i_num = (wide_int) 0;
-	u_wide_int ui_num;
-
-	char num_buf[NUM_BUF_SIZE];
-	char char_buf[2];		/* for printing %% and %<unknown> */
-
-	enum var_type_enum {
-		IS_QUAD, IS_LONG, IS_SHORT, IS_INT
-	};
-	enum var_type_enum var_type = IS_INT;
-
-	/*
-	* Flag variables
-	*/
-	boolean_e alternate_form;
-	boolean_e print_sign;
-	boolean_e print_blank;
-	boolean_e adjust_precision;
-	boolean_e adjust_width;
-	bool_int is_negative;
-
-	sp = vbuff->curpos;
-	bep = vbuff->endpos;
-
-	while (*fmt) {
-		if (*fmt != '%') {
-			INS_CHAR(*fmt, sp, bep, cc);
-			}
-		else {
-			/*
-			* Default variable settings
-			*/
-			adjust = RIGHT;
-			alternate_form = print_sign = print_blank = NO;
-			pad_char = ' ';
-			prefix_char = NUL;
-
-			fmt++;
-
-			/*
-			* Try to avoid checking for flags, width or precision
-			*/
-			if (!ap_islower(*fmt)) {
-				/*
-				 * Recognize flags: -, #, BLANK, +
-				 */
-				for (;; fmt++) {
-					if (*fmt == '-')
-						adjust = LEFT;
-					else if (*fmt == '+')
-						print_sign = YES;
-					else if (*fmt == '#')
-						alternate_form = YES;
-					else if (*fmt == ' ')
-						print_blank = YES;
-					else if (*fmt == '0')
-						pad_char = '0';
-					else
-						break;
-				}
-
-				/*
-				 * Check if a width was specified
-				 */
-				if (ap_isdigit(*fmt)) {
-					STR_TO_DEC(fmt, min_width);
-					adjust_width = YES;
-				}
-				else if (*fmt == '*') {
-					min_width = va_arg(ap, int);
-					fmt++;
-					adjust_width = YES;
-					if (min_width < 0) {
-						adjust = LEFT;
-						min_width = -min_width;
-					}
-				}
-				else
-					adjust_width = NO;
-
-				/*
-				 * Check if a precision was specified
-				 */
-				if (*fmt == '.') {
-					adjust_precision = YES;
-					fmt++;
-					if (ap_isdigit(*fmt)) {
-						STR_TO_DEC(fmt, precision);
-					}
-					else if (*fmt == '*') {
-						precision = va_arg(ap, int);
-						fmt++;
-						if (precision < 0)
-							precision = 0;
-					}
-					else
-						precision = 0;
-				}
-				else
-					adjust_precision = NO;
-			}
-			else
-				adjust_precision = adjust_width = NO;
-
-			/*
-			* Modifier check
-			*/
-			if (*fmt == 'q') {
-				var_type = IS_QUAD;
-				fmt++;
-			}
-			else if (*fmt == 'l') {
-				var_type = IS_LONG;
-				fmt++;
-			}
-			else if (*fmt == 'h') {
-				var_type = IS_SHORT;
-				fmt++;
-			}
-			else {
-				var_type = IS_INT;
-			}
-
-			/*
-			* Argument extraction and printing.
-			* First we determine the argument type.
-			* Then, we convert the argument to a string.
-			* On exit from the switch, s points to the string that
-			* must be printed, s_len has the length of the string
-			* The precision requirements, if any, are reflected in
-			* s_len.
-			*
-			* NOTE: pad_char may be set to '0' because of the 0
-			* flag.
-			* It is reset to ' ' by non-numeric formats
-			*/
-			switch (*fmt) {
-			case 'u':
-				if (var_type == IS_QUAD) {
-					i_quad = va_arg(ap, u_widest_int);
-					s = conv_10_quad(i_quad, 1,
-					    &is_negative,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				else {
-					if (var_type == IS_LONG)
-						i_num = (wide_int) va_arg(ap,
-						    u_wide_int);
-					else if (var_type == IS_SHORT)
-						i_num = (wide_int)
-						    (unsigned short) va_arg(ap,
-						    unsigned int);
-					else
-						i_num = (wide_int) va_arg(ap,
-						    unsigned int);
-					s = conv_10(i_num, 1, &is_negative,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				FIX_PRECISION(adjust_precision, precision, s,
-				    s_len);
-				break;
-
-			case 'd':
-			case 'i':
-				if (var_type == IS_QUAD) {
-					i_quad = va_arg(ap, widest_int);
-					s = conv_10_quad(i_quad, 0,
-					    &is_negative,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				else {
-					if (var_type == IS_LONG)
-						i_num = (wide_int) va_arg(ap,
-						wide_int);
-					else if (var_type == IS_SHORT)
-						i_num = (wide_int) (short)
-						    va_arg(ap, int);
-					else
-						i_num = (wide_int) va_arg(ap,
-						    int);
-					s = conv_10(i_num, 0, &is_negative,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				FIX_PRECISION(adjust_precision, precision, s,
-				    s_len);
-
-				if (is_negative)
-					prefix_char = '-';
-				else if (print_sign)
-					prefix_char = '+';
-				else if (print_blank)
-					prefix_char = ' ';
-				break;
-
-
-			case 'o':
-				if (var_type == IS_QUAD) {
-					ui_quad = va_arg(ap, u_widest_int);
-					s = conv_p2_quad(ui_quad, 3, *fmt,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				else {
-					if (var_type == IS_LONG)
-						ui_num = (u_wide_int) va_arg(ap,
-						    u_wide_int);
-					else if (var_type == IS_SHORT)
-						ui_num = (u_wide_int)
-						    (unsigned short)
-						    va_arg(ap, unsigned int);
-					else
-						ui_num = (u_wide_int) va_arg(ap,
-						    unsigned int);
-					s = conv_p2(ui_num, 3, *fmt,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				FIX_PRECISION(adjust_precision, precision, s,
-				    s_len);
-				if (alternate_form && *s != '0') {
-					*--s = '0';
-					s_len++;
-				}
-				break;
-
-
-			case 'x':
-			case 'X':
-				if (var_type == IS_QUAD) {
-					ui_quad = va_arg(ap, u_widest_int);
-					s = conv_p2_quad(ui_quad, 4, *fmt,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				else {
-					if (var_type == IS_LONG)
-						ui_num = (u_wide_int) va_arg(ap,
-						    u_wide_int);
-					else if (var_type == IS_SHORT)
-						ui_num = (u_wide_int)
-						    (unsigned short) va_arg(ap,
-						    unsigned int);
-					else
-						ui_num = (u_wide_int) va_arg(ap,
-						    unsigned int);
-					s = conv_p2(ui_num, 4, *fmt,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				FIX_PRECISION(adjust_precision, precision, s,
-				    s_len);
-				if (alternate_form && i_num != 0) {
-					*--s = *fmt;	/* 'x' or 'X' */
-					*--s = '0';
-					s_len += 2;
-				}
-				break;
-
-
-			case 's':
-				s = va_arg(ap, char *);
-				if (s != NULL) {
-					s_len = strlen(s);
-					if (adjust_precision && precision
-					    < s_len)
-						s_len = precision;
-				}
-				else {
-					s = S_NULL;
-					s_len = S_NULL_LEN;
-				}
-				pad_char = ' ';
-				break;
-
-
-			case 'f':
-			case 'e':
-			case 'E':
-				fp_num = va_arg(ap, double);
-				/*
-				 * * We use &num_buf[ 1 ], so that we have room
-				 *   for the sign
-				 */
-				if (isnan(fp_num)) {
-					s = "nan";
-					s_len = 3;
-				}
-				else if (isinf(fp_num)) {
-					s = "inf";
-					s_len = 3;
-				} else {
-					s = conv_fp(*fmt, fp_num,
-					    alternate_form,
-					    (adjust_precision == NO) ?
-					    FLOAT_DIGITS : precision,
-					    &is_negative, &num_buf[1],
-					    &s_len, sizeof(num_buf) - 1);
-					if (is_negative)
-						prefix_char = '-';
-					else if (print_sign)
-						prefix_char = '+';
-					else if (print_blank)
-						prefix_char = ' ';
-				}
-				break;
-
-
-			case 'g':
-			case 'G':
-				if (adjust_precision == NO)
-					precision = FLOAT_DIGITS;
-				else if (precision == 0)
-					precision = 1;
-				/*
-				 * * We use &num_buf[ 1 ], so that we have room
-				 *   for the sign
-				 */
-				s = ap_gcvt(va_arg(ap, double), precision,
-				    &num_buf[1], alternate_form);
-				if (*s == '-')
-					prefix_char = *s++;
-				else if (print_sign)
-					prefix_char = '+';
-				else if (print_blank)
-					prefix_char = ' ';
-
-				s_len = strlen(s);
-
-				if (alternate_form && (q = strchr(s, '.'))
-				    == NULL) {
-					s[s_len++] = '.';
-					s[s_len] = '\0';
-					/* delimit for following strchr() */
-				}
-				if (*fmt == 'G' && (q = strchr(s, 'e')) != NULL)
-					*q = 'E';
-				break;
-
-
-			case 'c':
-				char_buf[0] = (char) (va_arg(ap, int));
-				s = &char_buf[0];
-				s_len = 1;
-				pad_char = ' ';
-				break;
-
-
-			case '%':
-				char_buf[0] = '%';
-				s = &char_buf[0];
-				s_len = 1;
-				pad_char = ' ';
-				break;
-
-
-			case 'n':
-				if (var_type == IS_QUAD)
-					*(va_arg(ap, widest_int *)) = cc;
-				else if (var_type == IS_LONG)
-					*(va_arg(ap, long *)) = cc;
-				else if (var_type == IS_SHORT)
-					*(va_arg(ap, short *)) = cc;
-				else
-					*(va_arg(ap, int *)) = cc;
-				break;
-
-			/*
-			 * This is where we extend the printf format, with a
-			 * second type specifier
-			 */
-			case 'p':
-				switch(*++fmt) {
-				case 'p':
-					ui_quad = (u_widest_int)(uintptr_t)
-					    va_arg(ap, void *);
-					s = conv_p2_quad(ui_quad, 4,
-					    'x', &num_buf[NUM_BUF_SIZE],
-					    &s_len);
-					pad_char = ' ';
-					break;
-
-				/* print a struct sockaddr_in as a.b.c.d:port */
-				case 'I':
-				{
-					struct sockaddr_in *si;
-
-					si = va_arg(ap, struct sockaddr_in *);
-					if (si != NULL) {
-						s = conv_sockaddr_in(si,
-						    &num_buf[NUM_BUF_SIZE],
-						    &s_len);
-						if (adjust_precision &&
-						    precision < s_len)
-							s_len = precision;
-					}
-					else {
-					    s = S_NULL;
-					    s_len = S_NULL_LEN;
-					}
-					pad_char = ' ';
-					break;
-				}
-
-				    /* print a struct in_addr as a.b.c.d */
-				case 'A':
-				{
-					struct in_addr *ia;
-
-					ia = va_arg(ap, struct in_addr *);
-					if (ia != NULL) {
-						s = conv_in_addr(ia,
-						    &num_buf[NUM_BUF_SIZE],
-						    &s_len);
-						if (adjust_precision &&
-						    precision < s_len)
-							s_len = precision;
-					}
-					else {
-						s = S_NULL;
-						s_len = S_NULL_LEN;
-					}
-					pad_char = ' ';
-					break;
-				}
-
-				case NUL:
-				/* if %p ends the string, oh well ignore it */
-					continue;
-
-				default:
-					s = "bogus %p";
-					s_len = 8;
-					prefix_char = NUL;
-					break;
-				}
-				break;
-
-			case NUL:
-				/*
-				 * The last character of the format string was
-				 * %. We ignore it.
-				 */
-				continue;
-
-
-			/*
-			 * The default case is for unrecognized %'s.
-			 * We print %<char> to help the user identify what
-			 * option is not understood.
-			 * This is also useful in case the user wants to pass
-			 * the output of format_converter to another function
-			 * that understands some other %<char> (like syslog).
-			 * Note that we can't point s inside fmt because the
-			 * unknown <char> could be preceded by width etc.
-			 */
-			default:
-				char_buf[0] = '%';
-				char_buf[1] = *fmt;
-				s = char_buf;
-				s_len = 2;
-				pad_char = ' ';
-				break;
-			}
-
-			if (prefix_char != NUL && s != S_NULL &&
-			    s != char_buf) {
-				*--s = prefix_char;
-				s_len++;
-			}
-
-			if (adjust_width && adjust == RIGHT &&
-			    min_width > s_len) {
-				if (pad_char == '0' && prefix_char != NUL) {
-					INS_CHAR(*s, sp, bep, cc);
-					s++;
-					s_len--;
-					min_width--;
-				}
-				PAD(min_width, s_len, pad_char);
-			}
-
-			/*
-			* Print the string s. 
-			*/
-			for (i = s_len; i != 0; i--) {
-				INS_CHAR(*s, sp, bep, cc);
-				s++;
-			}
-
-			if (adjust_width && adjust == LEFT && min_width > s_len)
-				PAD(min_width, s_len, pad_char);
-		}
-		fmt++;
-	}
-	vbuff->curpos = sp;
-
-	return cc;
-}
-
-
-static int
-snprintf_flush(ap_vformatter_buff *vbuff)
-{
-	/* if the buffer fills we have to abort immediately, there is no way
-	* to "flush" an ap_snprintf... there's nowhere to flush it to.
-	*/
-	return -1;
-}
-
-
-API_EXPORT_NONSTD(int)
-ap_snprintf(char *buf, size_t len, const char *format,...)
-{
-	int cc;
-	va_list ap;
-	ap_vformatter_buff vbuff;
-
-	if (len == 0)
-		return 0;
-
-	/* save one byte for nul terminator */
-	vbuff.curpos = buf;
-	vbuff.endpos = buf + len - 1;
-	va_start(ap, format);
-	cc = ap_vformatter(snprintf_flush, &vbuff, format, ap);
-	va_end(ap);
-	*vbuff.curpos = '\0';
-	return (cc == -1) ? len : cc;
-}
-
-
-API_EXPORT(int)
-ap_vsnprintf(char *buf, size_t len, const char *format, va_list ap)
-{
-	int cc;
-	ap_vformatter_buff vbuff;
-
-	if (len == 0)
-		return 0;
-
-	/* save one byte for nul terminator */
-	vbuff.curpos = buf;
-	vbuff.endpos = buf + len - 1;
-	cc = ap_vformatter(snprintf_flush, &vbuff, format, ap);
-	*vbuff.curpos = '\0';
-	return (cc == -1) ? len : cc;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_strtol.c b/usr.sbin/httpd/src/ap/ap_strtol.c
deleted file mode 100644
index d1f1e9a89c1..00000000000
--- a/usr.sbin/httpd/src/ap/ap_strtol.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/* $OpenBSD: ap_strtol.c,v 1.7 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "httpd.h"
-#include <limits.h>
-#include <errno.h>
-#include <stdlib.h>
-#include "ap_ctype.h"
-
-#ifndef LONG_MAX
-#define LONG_MAX  2147483647
-#endif
-#ifndef LONG_MIN
-#define LONG_MIN  (-2147483647-1)
-#endif
-
-/*
- * Convert a string to a long integer.
- *
- * Assumes that the upper and lower case
- * alphabets and digits are each contiguous.
- * (On EBCDIC machines it assumes that digits and
- *  upper/lower case A-I, J-R, and S-Z are contiguous.)
- */
-
-API_EXPORT(long)
-ap_strtol(const char *nptr, char **endptr, int base)
-{
-	const char *s;
-	unsigned long acc;
-	char c;
-	unsigned long cutoff;
-	int neg, any, cutlim;
-        long result;
-
-	/*
-	 * Skip white space and pick up leading +/- sign if any.
-	 * If base is 0, allow 0x for hex and 0 for octal, else
-	 * assume decimal; if base is already 16, allow 0x.
-	 */
-	s = nptr;
-	do {
-		c = *s++;
-	}
-	while (ap_isspace(c));
-	if (c == '-') {
-		neg = 1;
-		c = *s++;
-	} else {
-		neg = 0;
-		if (c == '+')
-			c = *s++;
-	}
-	if ((base == 0 || base == 16) &&
-	    c == '0' && (*s == 'x' || *s == 'X')) {
-		c = s[1];
-		s += 2;
-		base = 16;
-	}
-	if (base == 0)
-		base = c == '0' ? 8 : 10;
-	acc = any = 0;
-	if (base < 2 || base > 36)
-		goto noconv;
-
-	/*
-	 * Compute the cutoff value between legal numbers and illegal
-	 * numbers.  That is the largest legal value, divided by the
-	 * base.  An input number that is greater than this value, if
-	 * followed by a legal input character, is too big.  One that
-	 * is equal to this value may be valid or not; the limit
-	 * between valid and invalid numbers is then based on the last
-	 * digit.  For instance, if the range for longs is
-	 * [-2147483648..2147483647] and the input base is 10,
-	 * cutoff will be set to 214748364 and cutlim to either
-	 * 7 (neg==0) or 8 (neg==1), meaning that if we have accumulated
-	 * a value > 214748364, or equal but the next digit is > 7 (or 8),
-	 * the number is too big, and we will return a range error.
-	 *
-	 * Set 'any' if any `digits' consumed; make it negative to indicate
-	 * overflow.
-	 */
-	cutoff = neg ? (unsigned long)-(LONG_MIN + LONG_MAX) + LONG_MAX
-	    : LONG_MAX;
-	cutlim = cutoff % base;
-	cutoff /= base;
-	for ( ; ; c = *s++) {
-		if (c >= '0' && c <= '9')
-			c -= '0';
-		else if (c >= 'A' && c <= 'Z')
-			c -= 'A' - 10;
-		else if (c >= 'a' && c <= 'z')
-			c -= 'a' - 10;
-		else
-			break;
-		if (c >= base)
-			break;
-		if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim)) {
-			any = -1;
-		} else {
-			any = 1;
-			acc *= base;
-			acc += c;
-		}
-	}
-        result = (long)acc;
-	if (any < 0) {
-		result = neg ? LONG_MIN : LONG_MAX;
-		errno = ERANGE;
-	} else if (!any) {
-noconv:
-                result = (long)acc;
-		errno = EINVAL;
-	} else if (neg)
-		result = -(long)acc;
-	if (endptr != NULL)
-		*endptr = (char *)(any ? s - 1 : nptr);
-	return (result);
-}
-
diff --git a/usr.sbin/httpd/src/buildmark.c b/usr.sbin/httpd/src/buildmark.c
deleted file mode 100644
index 5d30ed5b9a2..00000000000
--- a/usr.sbin/httpd/src/buildmark.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "ap_config.h"
-#include "httpd.h"
-
-API_EXPORT(const char *) ap_get_server_built(void)
-{
-    return "unknown";
-}
diff --git a/usr.sbin/httpd/src/helpers/CutRule b/usr.sbin/httpd/src/helpers/CutRule
deleted file mode 100644
index ca4b1f8eabb..00000000000
--- a/usr.sbin/httpd/src/helpers/CutRule
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-# Helper script for Configure - cut a rule from Configuration.
-# note that there is a tab and a space in the character groups.
-# Map to lowercase to make tests easier
-
-egrep "^[	 ]*Rule[	 ]+$1[	 ]*=" $2 | \
-awk 'BEGIN {FS="="}{print $2}' | \
-sed 's/[	 ]//g' | tr "A-Z" "a-z"
diff --git a/usr.sbin/httpd/src/helpers/GuessCodeset b/usr.sbin/httpd/src/helpers/GuessCodeset
deleted file mode 100644
index b761efb3150..00000000000
--- a/usr.sbin/httpd/src/helpers/GuessCodeset
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-# This script tries to find out whether the native codeset of this machine
-# is ASCII or EBCDIC. On EBCDIC based machines, it is used to activate
-# the mod_ebcdic EBCDIC conversion module.
-#
-# Note: This script will break if you use an ebcdic cross-compiler!
-#
-case `${AWK-awk} 'BEGIN {printf("%c%c%c%c%c<->%c%c%c%c%c%c\n",97,115,99,105,105,133,130,131,132,137,131);}' /dev/null` in
-    ascii*)     echo ASCII;;
-    *ebcdic)    echo EBCDIC;;
-    *)          echo >&2 "ERROR: Your platform codeset could not be detected correctly."
-		echo >&2 "Assuming ASCII. Please send an EMail to <martin@apache.org>"
-		echo >&2 "describing the platform in use. Is your AWK broken?"
-		echo ASCII;;
-esac
diff --git a/usr.sbin/httpd/src/helpers/GuessOS b/usr.sbin/httpd/src/helpers/GuessOS
deleted file mode 100644
index d2c27a5bd39..00000000000
--- a/usr.sbin/httpd/src/helpers/GuessOS
+++ /dev/null
@@ -1,366 +0,0 @@
-#!/bin/sh
-#
-# Simple OS/Platform guesser. Similar to config.guess but
-# much, much smaller. Since it was developed for use with
-# Apache, it follows under Apache's regular licensing
-# (see http://www.apache.org/docs/LICENSE)  with one specific
-# addition: Any changes or additions to this script should be
-# Emailed to the Apache group (apache@apache.org).
-#
-# Initially written by Jim Jagielski for the Apache configuration mechanism
-#
-# Be as similar to the output of config.guess/config.sub
-# as possible.
-
-# Handle TPF before handling other OSes.  This
-# is being done because TPF is sometimes compiled
-# on OS/390.  When that is the case, if we don't
-# handle TPF ahead of the other OSes, TPF will
-# fall into the OS/390 case and this script would
-# return an incorrect value for the platform.
-#
-# Apache is not compiled on the TPF platform
-# therefore an environment variable is used
-if [ "x$TPF" = "xYES" ]; then
-    echo "TPF"
-    exit 0	
-fi
-
-# First get uname entries that we use below
-
-MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
-RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
-SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
-VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
-
-# Some HP machines have slashes.
-MACHINE=`echo ${MACHINE}|sed -e 's/\//_/'`
-
-# Now test for ISC and SCO, since it is has a braindamaged uname.
-#
-# We need to work around FreeBSD 1.1.5.1 
-XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
-if [ "x$XREL" != "x" ]; then
-    if [ -f /etc/kconfig ]; then
-	case "$XREL" in
-	    4.0|4.1)
-		    echo "${MACHINE}-whatever-isc4"; exit 0
-		;;
-	esac
-    else
-	case "$XREL" in
-	    3.2v4.2)
-		echo "whatever-whatever-sco3"; exit 0
-		;;
-	    3.2v5.0*)
-		echo "whatever-whatever-sco5"; exit 0
-		;;
-	    4.2MP)
-		if [ "x$VERSION" = "x2.1.1" ]; then
-		    echo "${MACHINE}-whatever-unixware211"; exit 0
-		elif [ "x$VERSION" = "x2.1.2" ]; then
-		    echo "${MACHINE}-whatever-unixware212"; exit 0
-		else
-		    echo "${MACHINE}-whatever-unixware2"; exit 0
-		fi
-		;;
-	    4.2)
-		echo "whatever-whatever-unixware1"; exit 0
-		;;
-	    5)
-	    	case "$VERSION" in
-		    7*)
-			echo "${MACHINE}-whatever-unixware7"; exit 0
-			;;
-		    8*)
-			echo "${MACHINE}-whatever-OpenUNIX"; exit 0
-			;;
-		esac
-		;;
-	esac
-    fi
-fi
-# Now we simply scan though... In most cases, the SYSTEM info is enough
-#
-case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
-    MiNT:*)
-        echo "m68k-atari-mint"; exit 0
-	;;
-    A/UX:*)
-	echo "m68k-apple-aux3"; exit 0
-	;;
-
-    AIX:*)
-	echo "${MACHINE}-ibm-aix${VERSION}.${RELEASE}"; exit 0
-	;;
-
-    dgux:*)
-	echo "${MACHINE}-dg-dgux"; exit 0
-	;;
-
-    HI-UX:*)
-	echo "${MACHINE}-hi-hiux"; exit 0
-	;;
-
-    HP-UX:*)
-	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	echo "${MACHINE}-hp-hpux${HPUXVER}"; exit 0
-	;;
-
-    IRIX:*)
-	if [ -f /usr/lib32/mips4/libm.so ]; then
-	    echo "${MACHINE}-sgi-irix32"; exit 0
-	else
-	    echo "${MACHINE}-sgi-irix"; exit 0
-	fi
-	;;
-
-    IRIX64:*)
-	echo "${MACHINE}-sgi-irix64"; exit 0
-	;;
-
-    Linux:2.0.*)
-    	echo "${MACHINE}-whatever-linux20"; exit 0
-	;;
-
-    Linux:[2-9].*)
-        # This handles linux 2.2 and above (2.4, ...)
-	# Don't worry if you don't really have a Linux-2.2
-	echo "${MACHINE}-whatever-linux22"; exit 0
-	;;
-
-    Linux:1.*)
-	echo "${MACHINE}-whatever-linux1"; exit 0
-	;;
-
-    GNU:*)
-	echo "${MACHINE}-GNU-GNU/Hurd"; exit 0
-	;;
-
-    LynxOS:*)
-	echo "${MACHINE}-lynx-lynxos"; exit 0
-	;;
-
-    BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
-	echo "i486-whatever-bsdi"; exit 0
-	;;
-
-	BSD/386|BSD/OS:3.*)
-	echo "${MACHINE}-whatever-bsdi3"; exit 0
-	;;
-
-	BSD/386:*|BSD/OS:*)
-	echo "${MACHINE}-whatever-bsdi"; exit 0
-	;;
-
-    FreeBSD:*:*:*486*)
-	FREEBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'`
-	echo "i486-whatever-freebsd${FREEBSDVERS}"; exit 0
-	;;
-
-    FreeBSD:*)
-	FREEBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'`
-	echo "${MACHINE}-whatever-freebsd${FREEBSDVERS}"; exit 0
-	;;
-
-    NetBSD:*:*:*486*)
-	echo "i486-whatever-netbsd"; exit 0
-	;;
-
-    NetBSD:*)
-	echo "${MACHINE}-whatever-netbsd"; exit 0
-	;;
-
-    OpenBSD:*)
-	OPENBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'`
-	echo "${MACHINE}-whatever-openbsd${OPENBSDVERS}"; exit 0
-	;;
-
-    OSF1:*:*:*alpha*)
-	echo "${MACHINE}-dec-osf"; exit 0
-	;;
-
-	NONSTOP_KERNEL:*:*:*)
-	echo "${MACHINE}-tandem-oss"; exit 0; 
-	;;
-
-    QNX:*)
-	if [ "$VERSION" -gt 422 ]; then
-	    echo "${MACHINE}-qssl-qnx32"
-	else
-	    echo "${MACHINE}-qssl-qnx"
-	fi
-	exit 0
-	;;
-
-    Paragon*:*:*:*)
-	echo "i860-intel-osf1"; exit 0
-	;;
-
-    SunOS:5.*)
-	SOLVER=`echo ${RELEASE}|awk -F. '{
-	    if (NF < 3)
-		printf "2%s0\n",$2
-	    else
-	    	printf "2%s%s\n",$2,$3
-	}'`
-	echo "${MACHINE}-sun-solaris2.${SOLVER}"; exit 0
-	;;
-
-    SunOS:*)
-	echo "${MACHINE}-sun-sunos4"; exit 0
-	;;
-
-    UNIX_System_V:4.*:*)
-	echo "${MACHINE}-whatever-sysv4"; exit 0
-	;;
-
-    unix:3.0.9*:*:88k)
-	echo "${MACHINE}-encore-sysv4"; exit 0
-	;;
-
-    *:4*:R4*:m88k)
-	echo "${MACHINE}-whatever-sysv4"; exit 0
-	;;
-
-    UnixWare:5:99*:*)
-	# Gemini, beta release of next rev of unixware
-	echo "${MACHINE}-whatever-unixware212"; exit 0
-	;;
-
-    DYNIX/ptx:4*:*:i386)
-	PTXVER=`echo ${VERSION}|sed -e 's/[^.]//'`
-	echo "${MACHINE}-sequent-ptx${PTXVER}"; exit 0
-	;;
-
-    *:3.2.0:*:i386)
-	# uname on DYNIX/ptx below V4.0.0 is brain dead
-	PTXVER=`echo ${VERSION}|sed -e 's/[^.]//'`
-	echo "${MACHINE}-sequent-ptx${PTXVER}"; exit 0
-	;;
-
-    *:4.0:3.0:[345][0-9]?? | *:4.0:3.0:3[34]??[/,]* | library:*)
-	echo "x86-ncr-sysv4"; exit 0
-	;;
-
-    ULTRIX:*)
-	echo "${MACHINE}-unknown-ultrix"; exit 0
-	;;
-
-    SINIX-?:* | ReliantUNIX-?:*)
-	echo "${MACHINE}-siemens-sysv4"; exit 0
-	;;
-
-    POSIX*BS2000)
-	echo "${MACHINE}-siemens-sysv4"; exit 0
-	;;
-
-    machten:*)
-       echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
-       ;;
-
-    ConvexOS:*:11.*:*)
-	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
-	;;
-    
-    UNIX_SV:*:*:maxion)
-	echo "${MACHINE}-ccur-sysv4"; exit 0;
-	;;
-
-    PowerMAX_OS:*:*:Night_Hawk)
-        MACHINE=`uname -p`
-        echo "${MACHINE}-concurrent-powermax"; exit 0;
-        ;;
-    
-    UNIX_SV:*)
-	if [ -d /usr/nec ];then
-		echo "mips-nec-sysv4"; exit 0;
-	fi
-	;;
-
-    NonStop-UX:4.[02]*:[BC]*:*)
-	echo "${MACHINE}-tandem-sysv4"; exit 0;
-	;;
-
-    NonStop-UX:*:*:*)
-	echo "${MACHINE}-compaq-sysv4"; exit 0;
-	;;
-
-    Rhapsody:*:*:*)
-	case "${MACHINE}" in
-	    Power*) MACHINE=powerpc ;;
-	esac
-	echo "${MACHINE}-apple-rhapsody${RELEASE}"; exit 0
-	;;
-
-    Darwin:*:*:*)
-	MACHINE=`uname -p`
-	echo "${MACHINE}-apple-darwin${RELEASE}"; exit 0
-	;;
-
-    "RISC iX":*)
-	echo "arm-whatever-riscix"; exit 0;
-	;;
-
-    *:4.0:2:*)
-	echo "whatever-unisys-sysv4"; exit 0;
-	;;
-
-    *:*:dcosx:NILE*)
-	echo "pyramid-pyramid-svr4"; exit 0;
-	;;
-
-    *:*:*:"DRS 6000")
-        echo "drs6000-whatever-whatever"; exit 0;
-	;;
-    OS/390:*)
-        echo "${MACHINE}-IBM-OS390-${RELEASE}-${VERSION}"; exit 0;
-        ;;
-    CYGWIN*:*:*:*)
-	echo "${MACHINE}-whatever-cygwin"; exit 0
-	;;
-    atheos:*)
-	echo "${MACHINE}-whatever-atheos"; exit 0
-	;;
-esac
-
-#
-# Ugg. These are all we can determine by what we know about
-# the output of uname. Be more creative:
-#
-
-# Do the Apollo stuff first. Here, we just simply assume
-# that the existance of the /usr/apollo directory is proof
-# enough
-if [ -d /usr/apollo ]; then
-    echo "whatever-apollo-whatever"
-    exit 0
-fi
-
-# Now NeXT
-ISNEXT=`hostinfo 2>/dev/null`
-case "$ISNEXT" in
-    *NeXT*)
-#	echo "whatever-next-nextstep"; exit 0
-
-#	Swiped from a friendly uname clone for NEXT/OPEN Step.
-     	NEXTOSVER="`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`"
-	if [ "$NEXTOSVER" -gt 3.3 ]
-     	then
-          NEXTOS="openstep"
-     	else
-          NEXTOS="nextstep"
-     	fi
-
-	NEXTREL="`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`" 
-	NEXTARCH=`arch`
-	echo "${NEXTARCH}-next-${NEXTOS}${NEXTREL}" ; exit 0
-
-	;;
-esac
-
-# At this point we gone through all the one's
-# we know of: Punt
-
-echo "${MACHINE}-whatever-${SYSTEM},${RELEASE},${VERSION}" 
-exit 0
diff --git a/usr.sbin/httpd/src/helpers/MakeEtags b/usr.sbin/httpd/src/helpers/MakeEtags
deleted file mode 100644
index 25f6bdab176..00000000000
--- a/usr.sbin/httpd/src/helpers/MakeEtags
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# This file illustrates how to generate a useful TAGS file via etags
-# for emacs.  This should be invoked from the src directory i.e.:
-#   > helpers/MakeEtags
-# and will create a TAGS file in the src directory.
-
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-# Once you have created src/TAGS in emacs you'll need to setup
-# tag-table-alist with an entry to assure it finds the single src/TAGS
-# file from the many source directories.  Something along these lines:
-# (setq tag-table-alist
-#	'(("/home/me/work/apache-1.3/src/" 
-#	   . "/home/me/work/apache-1.3/src/")
-#	 ))
-
-# This requires a special version of etags, i.e. the
-# one called "Exuberant ctags" available at:
-#    http://fly.hiwaay.net/~darren/ctags/
-# Once that is setup you'll need to point to the
-# executable here:
-
-etags=~/local/bin/etags
-
-# Exuberant etags is necessary since it can ignore some defined symbols
-# that obscure the function signatures.
-
-ignore=API_EXPORT,API_EXPORT_NONSTD,__declspec
-
-# Create an etags file at the root of the source
-# tree, then create symbol links to it from each
-# directory in the source tree.  By passing etags
-# absolute pathnames we get a tag file that is
-# NOT portable when we move the directory tree.
-
-find . -name '*.[ch]' -print | $etags -I "$ignore"  -L -
-
diff --git a/usr.sbin/httpd/src/helpers/MakeLint b/usr.sbin/httpd/src/helpers/MakeLint
deleted file mode 100644
index 4ab6bba1c40..00000000000
--- a/usr.sbin/httpd/src/helpers/MakeLint
+++ /dev/null
@@ -1,31 +0,0 @@
-#!perl
-
-# Create a Configuration.lint with every Module except for the modules
-# specified in the 'isbad' subroutine.
-
-sub isbad
-{
-    local($module) = @_;
-    return 1 if $module =~ /mod_dld/;
-    return 1 if $module =~ /mod_dld/;
-    return 1 if $module =~ /mod_auth_msql/;
-    return 1 if $module =~ /mod_example/;
-
-    return 0;
-}
-
-open(TMPL, "Configuration.tmpl") || die "can't open Configuration.tmpl: $!";
-open(LINT, ">Configuration.lint") || die "can't write Configuration.link: $!";
-
-while(<TMPL>)
-{
-    next if /^$/;
-    print LINT if /^[^#]/;
-    if(/^# AddModule\s+(.*)$/)
-    {
-	   $module = $1;
-	   print LINT "AddModule $module\n" if ! &isbad($module);
-    }
-}
-close(TMPL);
-close(LINT);
diff --git a/usr.sbin/httpd/src/helpers/PrintPath b/usr.sbin/httpd/src/helpers/PrintPath
deleted file mode 100644
index 908d2740083..00000000000
--- a/usr.sbin/httpd/src/helpers/PrintPath
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/bin/sh
-# Look for program[s] somewhere in $PATH.
-#
-# Options:
-#  -s
-#    Do not print out full pathname. (silent)
-#  -pPATHNAME
-#    Look in PATHNAME instead of $PATH
-#
-# Usage:
-#  PrintPath [-s] [-pPATHNAME] program [program ...]
-#
-# Initially written by Jim Jagielski for the Apache configuration mechanism
-#  (with kudos to Kernighan/Pike)
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-##
-# Some "constants"
-##
-pathname=$PATH
-echo="yes"
-
-##
-# Find out what OS we are running for later on
-##
-os=`(uname) 2>/dev/null`
-
-##
-# Parse command line
-##
-for args in $*
-do
-    case $args in
-	-s  ) echo="no" ;;
-	-p* ) pathname="`echo $args | sed 's/^..//'`" ;;
-	*   ) programs="$programs $args" ;;
-    esac
-done
-
-##
-# Now we make the adjustments required for OS/2 and everyone
-# else :)
-#
-# First of all, all OS/2 programs have the '.exe' extension.
-# Next, we adjust PATH (or what was given to us as PATH) to
-# be whitespace seperated directories.
-# Finally, we try to determine the best flag to use for
-# test/[] to look for an executable file. OS/2 just has '-r'
-# but with other OSs, we do some funny stuff to check to see
-# if test/[] knows about -x, which is the prefered flag.
-##
-
-if [ "x$os" = "xOS/2" ]
-then
-    ext=".exe"
-    pathname=`echo -E $pathname |
-     sed 's/^;/.;/
-	  s/;;/;.;/g
-	  s/;$/;./
-	  s/;/ /g
-	  s/\\\\/\\//g' `
-    test_exec_flag="-r"
-else
-    ext=""	# No default extensions
-    pathname=`echo $pathname |
-     sed 's/^:/.:/
-	  s/::/:.:/g
-	  s/:$/:./
-	  s/:/ /g' `
-    # Here is how we test to see if test/[] can handle -x
-    testfile="pp.t.$$"
-
-    cat > $testfile <<ENDTEST
-#!/bin/sh
-if [ -x / ] || [ -x /bin ] || [ -x /bin/ls ]; then
-    exit 0
-fi
-exit 1
-ENDTEST
-
-    if `/bin/sh $testfile 2>/dev/null`; then
-	test_exec_flag="-x"
-    else
-	test_exec_flag="-r"
-    fi
-    rm -f $testfile
-fi
-
-for program in $programs
-do
-    for path in $pathname
-    do
-	if [ $test_exec_flag $path/${program}${ext} ] && \
-	   [ ! -d $path/${program}${ext} ]; then
-	    if [ "x$echo" = "xyes" ]; then
-		echo $path/${program}${ext}
-	    fi
-	    exit 0
-	fi
-    done
-done
-exit 1
-
diff --git a/usr.sbin/httpd/src/helpers/TestCompile b/usr.sbin/httpd/src/helpers/TestCompile
deleted file mode 100644
index 0b7171ed158..00000000000
--- a/usr.sbin/httpd/src/helpers/TestCompile
+++ /dev/null
@@ -1,281 +0,0 @@
-#!/bin/sh
-exstat=1
-trap 'rm -f Makefile dummy ../dummy.o dummy.exe testfunc.c testfunc ../testfunc.o testfunc.exe; exit $exstat' 0 1 2 3 15
-#
-# Yet another Apache Configure helper script.
-# This script tests certain aspects of the compilation
-# process. Right now, it can perform 5 tests:
-#
-# ./helpers/TestCompile lib <libname>
-#    Which checks to see if <libname> exists on this system
-#
-# ./helpers/TestCompile lib <libname> <func>
-#    Which checks to see if <libname> exists on this system and
-#    contains func.
-#
-# ./helpers/TestCompile func <function>
-#    Which checks to see if <function> exists
-#
-# ./helpers/TestCompile header <header>
-#    Which checks to see if header file <header> exists
-#
-# ./helpers/TestCompile sanity
-#    Which does a simple sanity check/test compile
-#
-# ./helpers/TestCompile sizeof <type>
-#    Which prints out the sizeof <type> (sure would be nice
-#    if sizeof could be use in preprocessor if's)
-#
-# ./helpers/TestCompile byteorder
-#    Which prints out the byte order of the machine
-#    (12: little endian, 21: big endian)
-#
-# It does these by creating a small mini-makefile, based on
-# ../Makefile.config and trying to compile a small dummy
-# program. If the compilation succeeds, we assume the test
-# was successful as well.
-#
-# This must be run as './helpers/TestCompile' from
-# the ./src directory (same directory that Configure is
-# located) if you want to test it out. Configure must
-# also call it as './helpers/TestCompile'
-#
-#
-# INVOCATION SWITCHES:
-# TestCompile evaluates the following switches
-# (currently, it accepts only *ONE* of them!):
-#
-#  -v (enable verbose operation)
-#   Enables VERBOSE=yes, see below.
-#
-#  -s (enforce silent operation)
-#   Override a VERBOSE=yes, force it to VERBOSE=no.
-#
-#  -r (run generated test program)
-#   Enables TCRUNIT=yes, see below
-#
-#  
-# ENVIRONMENT VARIABLES:
-# The following environment variables have influence on
-# TestCompile's operation:
-#
-#  $VERBOSE (yes|no; default=no)
-#    If set to "yes", will print compiler messages to stderr
-#    Otherwise, stderr of all invoked programs is sent to /dev/null
-#
-#  $TCRUNIT (yes|no; default=no)
-#    (This variable is obsoleted by the "-r" switch)
-#    If set to "yes", will invoke the test program which was
-#    generated by TestCompile. Useful for "TestCompile sizeof"
-#    and "TestCompile byteorder" tests.
-#    Otherwise, TestCompile only tests for the presence of a
-#    generated program when deciding whether the compilation was
-#    successful.
-#
-#  $TCADDINCL (#include <> stmt list; default=empty)
-#    If set to an "#include <file>" preprocessor directive
-#    (optionally several #include's separated by newlines), these
-#    directives will be added to the generated test sources.
-#    That allows, e.g., the "TestCompile sizeof" test to check for
-#    types which are not defined in the standard locations.
-#
-#  $TLIB (additional libraries; default=empty)
-#    If set to a list of additional libraries, these libs will be used
-#    in addition to the one tested by the "TestCompile lib" call.
-#    For the other TestCompile tests, it is ignored.
-#
-#
-# Initially written by Jim Jagielski for the Apache configuration mechanism
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-cd ./helpers
-
-#
-# Handle "verbose", "silent" and "runit" flags. Allow for them
-# to be set via the environment
-#
-if [ "x$VERBOSE" = "x" ]; then
-    VERBOSE="no"
-fi
-if [ "x$TCRUNIT" = "x" ]; then
-    TCRUNIT="no";
-fi
-case "$1" in
-    "-v")
-        VERBOSE="yes"
-	shift
-	;;
-    "-s")
-        VERBOSE="no"
-	shift
-	;;
-    "-r")
-        TCRUNIT="yes"
-	shift
-	;;
-esac
-
-#
-# Make sure we have the right arguments
-#
-
-case "$1" in
-    "lib")
-	if [ "x$2" = "x" ]; then
-	    exit
-	fi
-	TLIB="-l$2 $TLIB"
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	if [ "x$3" = "x" ]; then
-	    TARGET='dummy'
-	else
-	    TARGET='testfunc'
-	    echo "int main(void) { $3(); return(0); }" > testfunc.c
-	fi
-	;;
-    "sizeof")
-	if [ "x$2" = "x" ]; then
-	    exit
-	fi
-	TLIB=""
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	TARGET='testfunc'
-	cat <<EOF >testfunc.c
-#include <stdio.h>
-#include <sys/types.h>
-$TCADDINCL
-int main(void) {
-    printf("%d\n", sizeof($2));
-    return(0);
-}
-EOF
-	;;
-    "byteorder")
-	TLIB=""
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	TARGET='testfunc'
-	cat <<EOF >testfunc.c
-#include <stdio.h>
-#include <sys/types.h>
-$TCADDINCL
-int main(void) {
-    /* Are we little or big endian? From Harbison & Steele */
-    union {
-        long l;
-        char c[sizeof(long)];
-    } u;
-    u.l = 1;
-    printf("%s\n", u.c[sizeof(long)-1] == 1 ? "21" : "12");
-    return(0);
-}
-EOF
-	;;
-    "sanity")
-	TLIB=""
-	if [ "x$VERBOSE" = "xno" ]; then
-	    ERRDIR='2>/dev/null'
-	else
-	    ERRDIR=""
-	fi
-	TARGET='dummy'
-	;;
-    "func")
-	if [ "x$2" = "x" ]; then
-	    exit
-	fi
-	TLIB=""
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	TARGET='testfunc'
-	cat <<EOF >testfunc.c
-$TCADDINCL
-int main(void) {
-    $2();
-    return(0);
-}
-EOF
-	;;
-    "header")
-	if [ "x$2" = "x" ]; then
-	    exit
-	fi
-	TLIB=""
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	TARGET='testfunc'
-	cat <<EOF >testfunc.c
-$TCADDINCL
-#include <$2>
-int main(void) {
-    return(0);
-}
-EOF
-	;;
-    *)
-    	exit
-	;;
-esac
-
-#
-# Get makefile settings and build a basic Makefile
-#
-rm -f dummy ../dummy.o testfunc ../testfunc.o
-
-cat ../Makefile.config > Makefile
-cat <<EOF >> Makefile
-CFLAGS=\$(OPTIM) \$(CFLAGS1) \$(EXTRA_CFLAGS)
-LIBS=\$(EXTRA_LIBS) \$(LIBS1)
-INCLUDES=\$(INCLUDES1) \$(EXTRA_INCLUDES)
-LDFLAGS=\$(LDFLAGS1) \$(EXTRA_LDFLAGS)
-
-dummy:
-	cd ..; \$(CC) \$(CFLAGS) \$(INCLUDES) \$(LDFLAGS) -o helpers/dummy helpers/dummy.c $TLIB \$(LIBS)
-
-testfunc:
-	cd ..; \$(CC) \$(CFLAGS) \$(INCLUDES) \$(LDFLAGS) -o helpers/testfunc helpers/testfunc.c $TLIB \$(LIBS)
-EOF
-
-# Now run that Makefile
-eval "${MAKE-make} ${TARGET} $ERRDIR >&2"
-
-# And see if dummy exists and is executable, if so, then we
-# assume the condition we are testing for is good
-#
-# Use our PrintPath helper script using the "-p" option to
-# have PrintPath just search this directory.
-
-if sh PrintPath -s -p`pwd` $TARGET ; then
-    if [ "x$OS" = "xMPE/iX" ]; then
-	# clever hack to check for unresolved externals without actually
-	# executing the test program 
-	if eval "callci run `pwd`/$TARGET\;stdin=\*notfound 2>&1 | /bin/grep ^UNRESOLVED $ERRDIR >&2"; then
-	    exit 1 # there were unresolved externals
-	fi
-    fi
-    if [ "x$TCRUNIT" = "xyes" ]; then
-	`pwd`/$TARGET
-    fi
-    exstat=0
-fi
-
diff --git a/usr.sbin/httpd/src/helpers/binbuild.sh b/usr.sbin/httpd/src/helpers/binbuild.sh
deleted file mode 100644
index 570a7da6a17..00000000000
--- a/usr.sbin/httpd/src/helpers/binbuild.sh
+++ /dev/null
@@ -1,301 +0,0 @@
-#!/bin/sh
-#
-# binbuild.sh - Builds an Apache binary distribution.
-# Initially written by Lars Eilebrecht <lars@apache.org>.
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-OS=`src/helpers/GuessOS`
-case "x$OS" in
-  x*OS390*) CONFIGPARAM="--with-layout=BinaryDistribution --enable-module=most";;
-  *cygwin*) CONFIGPARAM="--with-layout=BinaryDistribution --enable-module=most \
-                         --enable-rule=SHARED_CORE --libexecdir=bin";;
-      *) CONFIGPARAM="--with-layout=BinaryDistribution --enable-module=most --enable-shared=max";;
-esac
-APDIR=`pwd`
-APDIR=`basename $APDIR`
-VER=`echo $APDIR |sed s/apache_//`
-TAR="`src/helpers/PrintPath tar`"
-GTAR="`src/helpers/PrintPath gtar`"
-GZIP="`src/helpers/PrintPath gzip`"
-
-if [ x$1 != x ]
-then
-  USER=$1
-else
-  USER="`src/helpers/buildinfo.sh -n %u@%h%d`"
-fi
-
-if [ ! -f ./ABOUT_APACHE ]
-then
-  echo "ERROR: The current directory contains no valid Apache distribution."
-  echo "Please change the directory to the top level directory of a freshly"
-  echo "unpacked Apache 1.3 source distribution and re-execute the script"
-  echo "'./src/helpers/bindbuild.sh'." 
-  exit 1;
-fi
-
-if [ -d ./CVS ]
-then
-  echo "ERROR: The current directory is a CVS checkout of Apache."
-  echo "Only a standard Apache 1.3 source distribution should be used to"
-  echo "create a binary distribution."
-  exit 1;
-fi
-
-echo "Building Apache $VER binary distribution..."
-echo "Platform is \"$OS\"..."
-
-( echo "Build log for Apache binary distribution" && \
-  echo "----------------------------------------------------------------------" && \
-  ./configure $CONFIGPARAM && \
-  echo "----------------------------------------------------------------------" && \
-  make clean && \
-  rm -rf bindist install-bindist.sh *.bindist
-  echo "----------------------------------------------------------------------" && \
-  make && \
-  echo "----------------------------------------------------------------------" && \
-  make install-quiet root="bindist/" && \
-  echo "----------------------------------------------------------------------" && \
-  make clean && \
-  echo "----------------------------------------------------------------------" && \
-  echo "[EOF]" \
-) > build.log 2>&1
-
-if [ ! -f ./bindist/bin/httpd ]
-then
-  echo "ERROR: Failed to build Apache. See \"build.log\" for details."
-  exit 1;
-fi
-
-echo "Binary image successfully created..."
-
-./bindist/bin/httpd -v
-
-echo "Creating supplementary files..."
-
-( echo " " && \
-  echo "Apache $VER binary distribution" && \
-  echo "================================" && \
-  echo " " && \
-  echo "This binary distribution is usable on a \"$OS\"" && \
-  echo "system and was built by \"$USER\"." && \
-  echo "" && \
-  echo "The distribution contains all standard Apache modules as shared" && \
-  echo "objects. This allows you to enable or disable particular modules" && \
-  echo "with the LoadModule/AddModule directives in the configuration file" && \
-  echo "without the need to re-compile Apache." && \
-  echo "" && \
-  echo "See \"INSTALL.bindist\" on how to install the distribution." && \
-  echo " " && \
-  echo "NOTE: Please do not send support-related mails to the address mentioned" && \
-  echo "      above or to any member of the Apache Group! Support questions" && \
-  echo "      should be directed to the forums mentioned at" && \
-  echo "      http://httpd.apache.org/lists.html#http-users" && \
-  echo "      where some of the Apache team lurk, in the company of many other" && \
-  echo "      Apache gurus who should be able to help." && \
-  echo "      If you think you found a bug in Apache or have a suggestion please" && \
-  echo "      visit the bug report page at http://httpd.apache.org/bug_report.html" && \
-  echo " " && \
-  echo "----------------------------------------------------------------------" && \
-  ./bindist/bin/httpd -V && \
-  echo "----------------------------------------------------------------------" \
-) > README.bindist
-cp README.bindist ../apache_$VER-$OS.README
-
-( echo " " && \
-  echo "Apache $VER binary installation" && \
-  echo "================================" && \
-  echo " " && \
-  echo "To install this binary distribution you have to execute the installation" && \
-  echo "script \"install-bindist.sh\" in the top-level directory of the distribution." && \
-  echo " " && \
-  echo "The script takes the ServerRoot directory into which you want to install" && \
-  echo "Apache as an option. If you ommit the option the default path" && \
-  echo "\"/usr/local/apache\" is used." && \
-  echo "Make sure you have write permissions in the target directory, e.g. switch" && \
-  echo "to user \"root\" before you execute the script." && \
-  echo " " && \
-  echo "See \"README.bindist\" for further details about this distribution." && \
-  echo " " && \
-  echo "Please note that this distribution includes the complete Apache source code." && \
-  echo "Therefore you may compile Apache yourself at any time if you have a compiler" && \
-  echo "installation on your system." && \
-  echo "See \"INSTALL\" for details on how to accomplish this." && \
-  echo " " \
-) > INSTALL.bindist
-
-( echo "#!/bin/sh" && \
-  echo "#" && \
-  echo "# Usage: install-bindist.sh [ServerRoot]" && \
-  echo "# This script installs the Apache binary distribution and" && \
-  echo "# was automatically created by binbuild.sh." && \
-  echo " " && \
-  echo "lmkdir()" && \
-  echo "{" && \
-  echo "  path=\"\"" && \
-  echo "  dirs=\`echo \$1 | sed -e 's%/% %g'\`" && \
-  echo "  mode=\$2" && \
-  echo " " && \
-  echo "  set -- \${dirs}" && \
-  echo " " && \
-  echo "  for d in \${dirs}" && \
-  echo "  do" && \
-  echo "    path=\"\${path}/\$d\"" && \
-  echo "    if test ! -d \"\${path}\" ; then" && \
-  echo "      mkdir \${path}" && \
-  echo "      if test \$? -ne 0 ; then" && \
-  echo "        echo \"Failed to create directory: \${path}\"" && \
-  echo "        exit 1" && \
-  echo "      fi" && \
-  echo "      chmod \${mode} \${path}" && \
-  echo "    fi" && \
-  echo "  done" && \
-  echo "}" && \
-  echo " " && \
-  echo "lcopy()" && \
-  echo "{" && \
-  echo "  from=\$1" && \
-  echo "  to=\$2" && \
-  echo "  dmode=\$3" && \
-  echo "  fmode=\$4" && \
-  echo " " && \
-  echo "  test -d \${to} || lmkdir \${to} \${dmode}" && \
-  echo "  (cd \${from} && tar -cf - *) | (cd \${to} && tar -xf -)" && \
-  echo " " && \
-  echo "  if test \"X\${fmode}\" != X ; then" && \
-  echo "    find \${to} -type f -print | xargs chmod \${fmode}" && \
-  echo "  fi" && \
-  echo "  if test \"X\${dmode}\" != X ; then" && \
-  echo "    find \${to} -type d -print | xargs chmod \${dmode}" && \
-  echo "  fi" && \
-  echo "}" && \
-  echo " " && \
-  echo "##" && \
-  echo "##  determine path to (optional) Perl interpreter" && \
-  echo "##" && \
-  echo "PERL=no-perl5-on-this-system" && \
-  echo "perls='perl5 perl'" && \
-  echo "path=\`echo \$PATH | sed -e 's/:/ /g'\`" && \
-  echo " " && \
-  echo "for dir in \${path} ;  do" && \
-  echo "  for pperl in \${perls} ; do" && \
-  echo "    if test -f \"\${dir}/\${pperl}\" ; then" && \
-  echo "      if \`\${dir}/\${pperl} -v | grep 'version 5\.' >/dev/null 2>&1\` ; then" && \
-  echo "        PERL=\"\${dir}/\${pperl}\"" && \
-  echo "        break" && \
-  echo "      fi" && \
-  echo "    fi" && \
-  echo "  done" && \
-  echo "done" && \
-  echo " " && \
-  echo "if [ .\$1 = . ]" && \
-  echo "then" && \
-  echo "  SR=/usr/local/apache" && \
-  echo "else" && \
-  echo "  SR=\$1" && \
-  echo "fi" && \
-  echo "echo \"Installing binary distribution for platform $OS\"" && \
-  echo "echo \"into directory \$SR ...\"" && \
-  echo "lmkdir \$SR 755" && \
-  echo "lmkdir \$SR/proxy 750" && \
-  echo "lmkdir \$SR/logs 750" && \
-  echo "lcopy bindist/man \$SR/man 755 644" && \
-  echo "lcopy bindist/libexec \$SR/libexec 750 750" && \
-  echo "lcopy bindist/include \$SR/include 755 644" && \
-  echo "lcopy bindist/icons \$SR/icons 755 644" && \
-  echo "lcopy bindist/cgi-bin \$SR/cgi-bin 750 750" && \
-  echo "lcopy bindist/bin \$SR/bin 750 750" && \
-  echo "if [ -d \$SR/conf ]" && \
-  echo "then" && \
-  echo "  echo \"[Preserving existing configuration files.]\"" && \
-  echo "  cp bindist/conf/*.default \$SR/conf/" && \
-  echo "else" && \
-  echo "  lcopy bindist/conf \$SR/conf 750 640" && \
-  echo "fi" && \
-  echo "if [ -d \$SR/htdocs ]" && \
-  echo "then" && \
-  echo "  echo \"[Preserving existing htdocs directory.]\"" && \
-  echo "else" && \
-  echo "  lcopy bindist/htdocs \$SR/htdocs 755 644" && \
-  echo "fi" && \
-  echo " " && \
-  echo "sed -e \"s;^#!/.*;#!\$PERL;\" -e \"s;\@prefix\@;\$SR;\" -e \"s;\@sbindir\@;\$SR/bin;\" \\" && \
-  echo "	-e \"s;\@libexecdir\@;\$SR/libexec;\" -e \"s;\@includedir\@;\$SR/include;\" \\" && \
-  echo "	-e \"s;\@sysconfdir\@;\$SR/conf;\" bindist/bin/apxs > \$SR/bin/apxs" && \
-  echo "sed -e \"s;^#!/.*;#!\$PERL;\" bindist/bin/dbmmanage > \$SR/bin/dbmmanage" && \
-  echo "sed -e \"s%/usr/local/apache%\$SR%\" \$SR/conf/httpd.conf.default > \$SR/conf/httpd.conf" && \
-  echo "sed -e \"s%PIDFILE=%PIDFILE=\$SR/%\" -e \"s%HTTPD=%HTTPD=\\\"\$SR/%\" -e \"s%httpd\$%httpd -d \$SR -R \$SR/libexec\\\"%\" bindist/bin/apachectl > \$SR/bin/apachectl" && \
-  echo " " && \
-  echo "echo \"Ready.\"" && \
-  echo "echo \" +--------------------------------------------------------+\"" && \
-  echo "echo \" | You now have successfully installed the Apache $VER  |\"" && \
-  echo "echo \" | HTTP server. To verify that Apache actually works      |\"" && \
-  echo "echo \" | correctly you should first check the (initially        |\"" && \
-  echo "echo \" | created or preserved) configuration files:             |\"" && \
-  echo "echo \" |                                                        |\"" && \
-  echo "echo \" |   \$SR/conf/httpd.conf\"" && \
-  echo "echo \" |                                                        |\"" && \
-  echo "echo \" | You should then be able to immediately fire up         |\"" && \
-  echo "echo \" | Apache the first time by running:                      |\"" && \
-  echo "echo \" |                                                        |\"" && \
-  echo "echo \" |   \$SR/bin/apachectl start \"" &&\
-  echo "echo \" |                                                        |\"" && \
-  echo "echo \" | Thanks for using Apache.       The Apache Group        |\"" && \
-  echo "echo \" |                                http://www.apache.org/  |\"" && \
-  echo "echo \" +--------------------------------------------------------+\"" && \
-  echo "echo \" \"" \
-) > install-bindist.sh
-chmod 755 install-bindist.sh
-
-sed -e "s%\"htdocs%\"/usr/local/apache/htdocs%" \
-    -e "s%\"icons%\"/usr/local/apache/icons%" \
-    -e "s%\"cgi-bin%\"/usr/local/apache/cgi-bin%" \
-    -e "s%\"proxy%\"/usr/local/apache/proxy%" \
-    -e "s%^ServerAdmin.*%ServerAdmin you@your.address%" \
-    -e "s%#ServerName.*%#ServerName localhost%" \
-    -e "s%Port 8080%Port 80%" \
-    bindist/conf/httpd.conf.default > bindist/conf/httpd.conf
-cp bindist/conf/httpd.conf bindist/conf/httpd.conf.default
-
-echo "Creating distribution archive and readme file..."
- 
-if [ ".`grep -i error build.log > /dev/null`" != . ]
-then
-  echo "ERROR: Failed to build Apache. See \"build.log\" for details."
-  exit 1;
-else
-  if [ "x$GTAR" != "x" ]
-  then
-    $GTAR -zcf ../apache_$VER-$OS.tar.gz -C .. apache_$VER
-  else
-    if [ "x$TAR" != "x" ]
-    then
-      case "x$OS" in
-        x*OS390*) $TAR -cfU ../apache_$VER-$OS.tar -C .. apache_$VER;;
-	    *) (cd .. && $TAR -cf apache_$VER-$OS.tar apache_$VER);;
-      esac
-      if [ "x$GZIP" != "x" ]
-      then
-        $GZIP ../apache_$VER-$OS.tar
-      fi
-    else
-      echo "ERROR: Could not find a 'tar' program!"
-      echo "       Please execute the following commands manually:"
-      echo "         tar -cf ../apache_$VER-$OS.tar ."
-      echo "         gzip ../apache_$VER-$OS.tar"
-    fi
-  fi
-
-  if [ -f ../apache_$VER-$OS.tar.gz ] && [ -f ../apache_$VER-$OS.README ]
-  then
-    echo "Ready."
-    echo "You can find the binary archive (apache_$VER-$OS.tar.gz)"
-    echo "and the readme file (apache_$VER-$OS.README) in the"
-    echo "parent directory."
-    exit 0;
-  else
-    exit 1;
-  fi
-fi
diff --git a/usr.sbin/httpd/src/helpers/buildinfo.sh b/usr.sbin/httpd/src/helpers/buildinfo.sh
deleted file mode 100644
index 5c2a72d6b35..00000000000
--- a/usr.sbin/httpd/src/helpers/buildinfo.sh
+++ /dev/null
@@ -1,160 +0,0 @@
-#!/bin/sh
-##
-##  buildinfo.sh -- Determine Build Information
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##  for the Apache's Autoconf-style Interface (APACI) 
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#
-#   argument line handling
-#
-error=no
-if [ $# -ne 1 -a $# -ne 2 ]; then
-    error=yes
-fi
-if [ $# -eq 2 -a "x$1" != "x-n" ]; then
-    error=yes
-fi
-if [ "x$error" = "xyes" ]; then
-    echo "$0:Error: invalid argument line"
-    echo "$0:Usage: $0 [-n] <format-string>"
-    echo "Where <format-string> can contain:"
-    echo "   %u ...... substituted by determined username    (foo)"
-    echo "   %h ...... substituted by determined hostname    (bar)"
-    echo "   %d ...... substituted by determined domainname  (.com)"
-    echo "   %D ...... substituted by determined day         (DD)"
-    echo "   %M ...... substituted by determined month       (MM)"
-    echo "   %Y ...... substituted by determined year        (YYYYY)"
-    echo "   %m ...... substituted by determined monthname   (Jan)"
-    exit 1
-fi
-if [ $# -eq 2 ]; then
-    newline=no
-    format_string="$2"
-else
-    newline=yes
-    format_string="$1"
-fi
-
-#
-#   initialization
-#
-username=''
-hostname=''
-domainname=''
-time_day=''
-time_month=''
-time_year=''
-time_monthname=''
-
-#
-#   determine username
-#
-username="$LOGNAME"
-if [ "x$username" = "x" ]; then
-    username="$USER"
-    if [ "x$username" = "x" ]; then
-        username="`(whoami) 2>/dev/null |\
-                   awk '{ printf("%s", $1); }'`"
-        if [ "x$username" = "x" ]; then
-            username="`(who am i) 2>/dev/null |\
-                       awk '{ printf("%s", $1); }'`"
-            if [ "x$username" = "x" ]; then
-                username='unknown'
-            fi
-        fi
-    fi
-fi
-
-#
-#   determine hostname and domainname
-#
-hostname="`(uname -n) 2>/dev/null |\
-           awk '{ printf("%s", $1); }'`"
-if [ "x$hostname" = "x" ]; then
-    hostname="`(hostname) 2>/dev/null |\
-               awk '{ printf("%s", $1); }'`"
-    if [ "x$hostname" = "x" ]; then
-        hostname='unknown'
-    fi
-fi
-case $hostname in
-    *.* )
-        domainname=".`echo $hostname | cut -d. -f2-`"
-        hostname="`echo $hostname | cut -d. -f1`"
-        ;;
-esac
-if [ "x$domainname" = "x" ]; then
-    if [ -f /etc/resolv.conf ]; then
-        domainname="`egrep '^[ 	]*domain' /etc/resolv.conf | head -1 |\
-                     sed -e 's/.*domain//' \
-                         -e 's/^[ 	]*//' -e 's/^ *//' -e 's/^	*//' \
-                         -e 's/^\.//' -e 's/^/./' |\
-                     awk '{ printf("%s", $1); }'`"
-        if [ "x$domainname" = "x" ]; then
-            domainname="`egrep '^[ 	]*search' /etc/resolv.conf | head -1 |\
-                         sed -e 's/.*search//' \
-                             -e 's/^[ 	]*//' -e 's/^ *//' -e 's/^	*//' \
-                             -e 's/ .*//' -e 's/	.*//' \
-                             -e 's/^\.//' -e 's/^/./' |\
-                         awk '{ printf("%s", $1); }'`"
-        fi
-    fi
-fi
-
-#
-#   determine current time
-#
-time_day="`date '+%d' | awk '{ printf("%s", $1); }'`"
-time_month="`date '+%m' | awk '{ printf("%s", $1); }'`"
-time_year="`date '+%Y' 2>/dev/null | awk '{ printf("%s", $1); }'`"
-if [ "x$time_year" = "x" ]; then
-    time_year="`date '+%y' | awk '{ printf("%s", $1); }'`"
-    case $time_year in
-        [5-9][0-9]) time_year="19$time_year" ;;
-        [0-4][0-9]) time_year="20$time_year" ;;
-    esac
-fi
-case $time_month in
-    1|01) time_monthname='Jan' ;;
-    2|02) time_monthname='Feb' ;;
-    3|03) time_monthname='Mar' ;;
-    4|04) time_monthname='Apr' ;;
-    5|05) time_monthname='May' ;;
-    6|06) time_monthname='Jun' ;;
-    7|07) time_monthname='Jul' ;;
-    8|08) time_monthname='Aug' ;;
-    9|09) time_monthname='Sep' ;;
-      10) time_monthname='Oct' ;;
-      11) time_monthname='Nov' ;;
-      12) time_monthname='Dec' ;;
-esac
-
-#
-#   create result string
-#
-if [ "x$newline" = "xyes" ]; then
-    echo $format_string |\
-    sed -e "s;%u;$username;g" \
-        -e "s;%h;$hostname;g" \
-        -e "s;%d;$domainname;g" \
-        -e "s;%D;$time_day;g" \
-        -e "s;%M;$time_month;g" \
-        -e "s;%Y;$time_year;g" \
-        -e "s;%m;$time_monthname;g"
-else
-    echo "${format_string}&" |\
-    sed -e "s;%u;$username;g" \
-        -e "s;%h;$hostname;g" \
-        -e "s;%d;$domainname;g" \
-        -e "s;%D;$time_day;g" \
-        -e "s;%M;$time_month;g" \
-        -e "s;%Y;$time_year;g" \
-        -e "s;%m;$time_monthname;g" |\
-    awk '-F&' '{ printf("%s", $1); }'
-fi
-
diff --git a/usr.sbin/httpd/src/helpers/checkheader.sh b/usr.sbin/httpd/src/helpers/checkheader.sh
deleted file mode 100644
index 26cd176c682..00000000000
--- a/usr.sbin/httpd/src/helpers/checkheader.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-##
-##  checkheader.sh -- Check whether a C header file exists
-##  Initially written by Ralf S. Engelschall for the Apache
-##   configuration mechanism
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-header=$1
-rc=1
-if [ "x$CPP" = "x" ]; then
-    CPP='NOT-AVAILABLE'
-fi
-if [ "x$CPP" != "xNOT-AVAILABLE" ]; then
-    #   create a test C source
-    cat >conftest.c <<EOF
-#include <$header>
-Syntax Error
-EOF
-    (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-    my_error=`grep -v '^ *+' conftest.out`
-    if [ "x$my_error" = "x" ]; then
-        rc=0
-    fi
-else
-    if [ -f "/usr/include/$header" ]; then
-        rc=0
-    fi
-fi
-rm -f conftest.*
-exit $rc
-    
diff --git a/usr.sbin/httpd/src/helpers/cvstodsp5.pl b/usr.sbin/httpd/src/helpers/cvstodsp5.pl
deleted file mode 100644
index cf2d167c96b..00000000000
--- a/usr.sbin/httpd/src/helpers/cvstodsp5.pl
+++ /dev/null
@@ -1,43 +0,0 @@
-use IO::File;
-use File::Find;
-
-chdir '..';
-find(\&tovc5, '.');
-
-sub tovc5 { 
-
-    if (m|.dsp$|) {
-        $oname = $_;
-	$tname = '.#' . $_;
-        $verchg = 0;
-	$srcfl = new IO::File $oname, "r" || die;
-	$dstfl = new IO::File $tname, "w" || die;
-	while ($src = <$srcfl>) {
-	    if ($src =~ s|Format Version 6\.00|Format Version 5\.00|) {
-		$verchg = -1;
-	    }
-	    if ($src =~ s|^(# ADD CPP .*)/ZI (.*)|$1/Zi $2|) {
-		$verchg = -1;
-	    }
-	    if ($src =~ s|^(# ADD BASE CPP .*)/ZI (.*)|$1/Zi $2|) {
-		$verchg = -1;
-	    }
-	    if ($src !~ m|^# PROP AllowPerConfigDependencies|) {
-		print $dstfl $src; }
-	    else {
-		$verchg = -1;
-
-	    }
-	}
-	undef $srcfl;
-	undef $dstfl;
-	if ($verchg) {
-	    unlink $oname || die;
-	    rename $tname, $oname || die;
-	    print "Converted VC6 project " . $oname . " to VC5 in " . $File::Find::dir . "\n"; 
-	}
-	else {
-	    unlink $tname;
-	}
-    }
-}
diff --git a/usr.sbin/httpd/src/helpers/dsp5tocvs.pl b/usr.sbin/httpd/src/helpers/dsp5tocvs.pl
deleted file mode 100644
index 682ddba9206..00000000000
--- a/usr.sbin/httpd/src/helpers/dsp5tocvs.pl
+++ /dev/null
@@ -1,40 +0,0 @@
-use IO::File;
-use File::Find;
-
-chdir '..';
-find(\&tovc6, '.');
-
-sub tovc6 { 
-
-    if (m|.dsp$|) {
-        $oname = $_;
-	$tname = '.#' . $_;
-	$verchg = 0;
-	$srcfl = new IO::File $_, "r" || die;
-	$dstfl = new IO::File $tname, "w" || die;
-	while ($src = <$srcfl>) {
-	    if ($src =~ s|Format Version 5\.00|Format Version 6\.00|) {
-		$verchg = -1;
-	    }
-	    if ($src =~ s|^(!MESSAGE .*)\\\n|$1|) {
-		$cont = <$srcfl>;
-		$src = $src . $cont;
-		$verchg = -1;
-	    }
-            print $dstfl $src; 
-	    if ($verchg && $src =~ m|^# Begin Project|) {
-		print $dstfl "# PROP AllowPerConfigDependencies 0\n"; 
-	    }
-	}
-	undef $srcfl;
-	undef $dstfl;
-	if ($verchg) {
-	    unlink $oname || die;
-	    rename $tname, $oname || die;
-	    print "Converted VC5 project " . $oname . " to VC6 in " . $File::Find::dir . "\n"; 
-	}
-	else {
-	    unlink $tname;
-	}
-    }
-}
diff --git a/usr.sbin/httpd/src/helpers/dummy.c b/usr.sbin/httpd/src/helpers/dummy.c
deleted file mode 100644
index cf938b8402c..00000000000
--- a/usr.sbin/httpd/src/helpers/dummy.c
+++ /dev/null
@@ -1,12 +0,0 @@
-/* this file is used by TestLib */
-/* the extra decl is to shutup gcc -Wmissing-prototypes */
-extern int foo (const char *c);
-int foo ( const char *c )
-{
-return *c;
-}
-int main(void) {
-    const char *c = "";
-    (void)foo(c);
-    return 0;
-}
diff --git a/usr.sbin/httpd/src/helpers/find-dbm-lib b/usr.sbin/httpd/src/helpers/find-dbm-lib
deleted file mode 100644
index 21a837c37f8..00000000000
--- a/usr.sbin/httpd/src/helpers/find-dbm-lib
+++ /dev/null
@@ -1,74 +0,0 @@
-# Our config tool sucks... if this script decides to modify the
-# LIBS variable it won't be used by any of the other TestCompiles.
-# So unless we protect ourselves with the found_dbm variable
-# we'd end up having to do the work twice... and we'd end up putting
-# two -ldbm -ldbm into the LIBS variable.
-
-if [ "x$found_dbm" = "x" ]; then
-    if sh helpers/TestCompile func dbm_open; then
-	found_dbm=1
-    else
-	found_dbm=0
-	case "$PLAT" in
-  	    *-linux*)
-  		# many systems don't have -ldbm
-  		DBM_LIB=""
-		if ./helpers/TestCompile lib ndbm dbm_open; then
-  		    DBM_LIB="-lndbm"
-		    if ./helpers/TestCompile lib db1 dbm_open; then
-			# Red Hat needs this; ndbm.h lives in db1
-			CFLAGS="$CFLAGS -I/usr/include/db1"
-		    fi
-		elif ./helpers/TestCompile lib db1 dbm_open; then
-		    # For Red Hat 7, if not handled by the ndbm case above
-  		    DBM_LIB="-ldb1"
-  		    CFLAGS="$CFLAGS -I/usr/include/db1"
-                elif ./helpers/TestCompile lib gdbm dbm_open; then
-                    DBM_LIB="-lgdbm"
-                    CFLAGS="$CFLAGS -I/usr/include/gdbm"
-		elif ./helpers/TestCompile lib dbm dbm_open; then
-		    DBM_LIB="-ldbm"
-		fi
-  		if [ "x$DBM_LIB" != "x" ]; then
-  		    LIBS="$LIBS $DBM_LIB"
-  		    found_dbm=1
-  		fi
-  		;;
-        *-cygwin*)
-        # we use the shared DLL version of gdbm if available
-        DBM_LIB=""
-        if ./helpers/TestCompile lib gdbm dbm_open; then
-            DBM_LIB="-lgdbm"
-            LIBS="$LIBS $DBM_LIB"
-            found_dbm=1
-        fi
-        ;;
-	    *)
-		if [ "x$DBM_LIB" != "x" ]; then
-		    oldLIBS="$LIBS"
-		    LIBS="$LIBS $DBM_LIB"
-		    if sh helpers/TestCompile func dbm_open; then
-			found_dbm=1
-		    else
-			found_dbm=0
-			LIBS="$oldLIBS"
-		    fi
-		else
-		    for dblib in dbm ndbm db
-		    do
-			DBM_LIB=""
-			if sh helpers/TestCompile lib $dblib dbm_open; then
-			    DBM_LIB="-l${dblib}"
-			    LIBS="$LIBS $DBM_LIB"
-			    found_dbm=1
-			    break
-			fi
-		    done
-		fi
-		;;
-	esac
-	if [ "x$found_dbm" = "x1" ]; then
-	    echo " + using $DBM_LIB for DBM support"
-	fi
-    fi
-fi
diff --git a/usr.sbin/httpd/src/helpers/findcpp.sh b/usr.sbin/httpd/src/helpers/findcpp.sh
deleted file mode 100644
index 0fb55849226..00000000000
--- a/usr.sbin/httpd/src/helpers/findcpp.sh
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/sh
-##
-##  findcpp.sh -- Find out how to _directly_ run the C Pre-Processor (CPP)
-##  Initially written by Ralf S. Engelschall for the Apache configuration
-##   mechanism
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#   create a test C source:
-#   - has to use extension ".c" because some CPP only accept this one
-#   - uses assert.h because this is a standard header and harmless to include
-#   - contains a Syntax Error to make sure it passes only the preprocessor
-#     but not the real compiler pass
-cat >conftest.c <<EOF
-#include <assert.h>
-Syntax Error
-EOF
-
-#   some braindead systems have a CPP define for a directory :-(
-if [ "x$CPP" != "x" ]; then
-    if [ -d "$CPP" ]; then
-        CPP=''
-    fi
-fi
-if [ "x$CPP" != "x" ]; then
-    #   case 1: user provided a default CPP variable (we only check)
-    (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-    my_error=`grep -v '^ *+' conftest.out`
-    if [ "x$my_error" != "x" ]; then
-        CPP=''
-    fi
-else
-    #   case 2: no default CPP variable (we have to find one)
-    #   1. try the standard -E option
-    CPP="${CC-cc} -E"
-    (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-    my_error=`grep -v '^ *+' conftest.out`
-    if [ "x$my_error" != "x" ]; then
-        #   2. try the -E option and GCC's -traditional-ccp option
-        CPP="${CC-cc} -E -traditional-cpp"
-        (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-        my_error=`grep -v '^ *+' conftest.out`
-        if [ "x$my_error" != "x" ]; then
-            #   3. try a standalone cpp command in $PATH and lib dirs
-            CPP="`sh helpers/PrintPath cpp`"
-            if [ "x$CPP" = "x" ]; then
-                CPP="`sh helpers/PrintPath -p/lib:/usr/lib:/usr/local/lib cpp`"
-            fi
-            if [ "x$CPP" != "x" ]; then
-                (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-                my_error=`grep -v '^ *+' conftest.out`
-                if [ "x$my_error" != "x" ]; then
-                    #   ok, we gave up...
-                    CPP=''
-                fi
-            fi
-        fi
-    fi
-fi
-
-#   cleanup after work
-rm -f conftest.*
-
-#   Ok, empty CPP variable now means it's not available
-if [ "x$CPP" = "x" ]; then
-    CPP='NOT-AVAILABLE'
-fi
-
-echo $CPP
-
diff --git a/usr.sbin/httpd/src/helpers/fixwin32mak.pl b/usr.sbin/httpd/src/helpers/fixwin32mak.pl
deleted file mode 100644
index 756f0a735c8..00000000000
--- a/usr.sbin/httpd/src/helpers/fixwin32mak.pl
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# fixwin32mak.pl ::: Apache/Win32 maintanace program
-#
-# This program, launched from the build/ directory, replaces all nasty absoulute paths
-# in the win32 .mak files with the appropriate relative root.
-#
-# Run this program prior to committing or packaging any newly exported make files.
-
-use Cwd;
-use IO::File;
-use File::Find;
-
-chdir '..';
-$root = cwd;
-$root =~ s|.:(.*)|cd "$1|;
-$root =~ s|/|\\\\|g;
-find(\&fixcwd, '.');
-
-sub fixcwd { 
-    if (m|.mak$|) {
-	$repl = $File::Find::dir;
-        $repl =~ s|^./||;
-        $repl =~ s|[^\./]+|..|g;
-        $repl =~ s|/|\\|;
-        $oname = $_;
-	$tname = '.#' . $_;
-	$verchg = 0;
-	$srcfl = new IO::File $_, "r" || die;
-	$dstfl = new IO::File $tname, "w" || die;
-	while ($src = <$srcfl>) {
-	    if ($src =~ s|^(\s*)$root|$1cd "$repl|) {
-		$verchg = -1;
-	    }
-            print $dstfl $src; 
-	}
-	undef $srcfl;
-	undef $dstfl;
-	if ($verchg) {
-	    unlink $oname || die;
-	    rename $tname, $oname || die;
-	    print "Corrected absolute paths within " . $oname . " in " . $File::Find::dir . "\n"; 
-	}
-	else {
-	    unlink $tname;
-	}
-    }
-}
diff --git a/usr.sbin/httpd/src/helpers/fmn.sh b/usr.sbin/httpd/src/helpers/fmn.sh
deleted file mode 100644
index 2900499da99..00000000000
--- a/usr.sbin/httpd/src/helpers/fmn.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-##
-##  fmn.sh -- find a modules (structure) name
-##
-##  Extracted from the Configure script for use with
-##  Apache's Autoconf-style Interface (APACI).
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#   input: the modules source file
-modfile=$1
-
-#   the part from the Configure script
-tmpfile=${TMPDIR-/tmp}/fmn.tmp.$$
-rm -f $tmpfile
-modname=''
-ext=`echo $modfile | sed 's/^.*\.//'`
-modbase=`echo $modfile | sed 's/\.[^.]*$//'`
-if [ "x$ext" = "x$modfile" ]; then ext=o; modbase=$modfile; modfile=$modbase.o; fi
-if [ "x$ext" = "x" ] ; then ext=o; modbase=$modfile; fi
-if [ "x$ext" = "xc" ] ; then ext=o; fi
-if [ -r $modbase.module ] ; then
-    cat $modbase.module >$tmpfile
-else
-    if [ -f $modbase.c ] ; then
-        modname=`egrep '^module .*;' $modbase.c | head -1 |\
-                sed 's/^module.*[ 	][ 	]*//' | \
-                sed 's/[ 	]*;[ 	]*$//'`
-        if grep "MODULE-DEFINITION-" $modbase.c >/dev/null; then
-            cat $modbase.c | \
-            sed '1,/MODULE-DEFINITION-START/d;/MODULE-DEFINITION-END/,$d' >$tmpfile
-        fi
-    fi
-fi              
-if [ -r $tmpfile ] ; then
-    modname=`grep "Name:" $tmpfile | sed 's/^.*Name:[ 	]*//'`
-fi
-if [ "x$modname" = "x" ] ; then
-    modname=`echo $modbase | sed 's/^.*\///' | \
-        sed 's/^mod_//' | sed 's/^lib//' | sed 's/$/_module/'`
-fi
-rm -f $tmpfile
-
-#   output: the name of the module structure symbol
-echo "$modname"
-
diff --git a/usr.sbin/httpd/src/helpers/fp2rp b/usr.sbin/httpd/src/helpers/fp2rp
deleted file mode 100644
index 68d5adb6d19..00000000000
--- a/usr.sbin/httpd/src/helpers/fp2rp
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-##
-## fp2rp -- convert a standard forward path to a reverse dotted path
-##
-if [ "x$1" = "x." ]; then
-    rp="."
-else
-    rp=""
-    for pe in `IFS="$IFS/"; echo $1`; do
-        rp="../$rp"
-    done
-fi
-echo $rp | sed -e 's:/$::'
diff --git a/usr.sbin/httpd/src/helpers/getuid.sh b/usr.sbin/httpd/src/helpers/getuid.sh
deleted file mode 100644
index 9b5b3498f5f..00000000000
--- a/usr.sbin/httpd/src/helpers/getuid.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-# Return the uid of the process being run. If we cannot
-# determine what it is, return '?'.
-#
-# Initially written by Jim Jagielski for the Apache configuration mechanism
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-# First we try 'id'
-if `sh src/helpers/PrintPath -s id` ; then
-    AP_IDPATH=`sh src/helpers/PrintPath id`
-    # See if it's a POSIX 'id'
-    if `$AP_IDPATH -u >/dev/null 2>&1` ; then
-	AP_RETVAL=`$AP_IDPATH -u` 
-	echo $AP_RETVAL
-	exit 0
-    else
-	AP_RETVAL=`$AP_IDPATH | \
-	    sed -e 's/^.*uid[ 	]*=[ 	]*[^0123456789]*//' | \
-	    sed -e 's/[ 	]*(.*$//'`
-	echo $AP_RETVAL
-	exit 0
-    fi
-fi
-
-#
-# Ugg. Now we have to grab the login name of the process, and
-# scan /etc/passwd.
-#
-# Try 'whoami' first, then 'who am i' (making sure to strip away
-# the who crud) and finally just copy $LOGNAME
-#
-if `sh src/helpers/PrintPath -s whoami` ; then
-    AP_WAIPATH=`sh src/helpers/PrintPath whoami`
-    AP_LOGNAME=`$AP_WAIPATH`
-else
-    AP_LOGNAME=`who am i | tail -1 | sed -e 's/[ 	][ 	]*.*$//'`
-fi
-
-#
-# See if we have a valid login name.
-#
-if [ "x$AP_LOGNAME" = "x" ]; then
-    AP_LOGNAME=$LOGNAME
-    if [ "x$AP_LOGNAME" = "x" ]; then
-	echo "?"
-	exit 1
-    fi
-fi
-
-#
-# Ok, now we scan through /etc/passwd
-#
-AP_RETVAL=`egrep \^${AP_LOGNAME}: /etc/passwd | \
-	sed -e 's/[^:]*:[^:]*://' | \
-	sed -e 's/:.*$//'`
-
-if [ "x$AP_RETVAL" = "x" ]; then
-    echo "?"
-    exit 1
-else
-    echo $AP_RETVAL
-    exit 0
-fi
diff --git a/usr.sbin/httpd/src/helpers/install.sh b/usr.sbin/httpd/src/helpers/install.sh
deleted file mode 100644
index dafc26e9cec..00000000000
--- a/usr.sbin/httpd/src/helpers/install.sh
+++ /dev/null
@@ -1,120 +0,0 @@
-#!/bin/sh
-##
-##  install.sh -- install a program, script or datafile
-##
-##  Based on `install-sh' from the X Consortium's X11R5 distribution
-##  as of 89/12/18 which is freely available.
-##  Cleaned up for Apache's Autoconf-style Interface (APACI)
-##  by Ralf S. Engelschall <rse@apache.org>
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#
-#   put in absolute paths if you don't have them in your path; 
-#   or use env. vars.
-#
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-
-#
-#   parse argument line
-#
-instcmd="$mvprog"
-chmodcmd=""
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-ext=""
-src=""
-dst=""
-while [ "x$1" != "x" ]; do
-    case $1 in
-        -c) instcmd="$cpprog"
-            shift; continue
-            ;;
-        -m) chmodcmd="$chmodprog $2"
-            shift; shift; continue
-            ;;
-        -o) chowncmd="$chownprog $2"
-            shift; shift; continue
-            ;;
-        -g) chgrpcmd="$chgrpprog $2"
-            shift; shift; continue
-            ;;
-        -s) stripcmd="$stripprog"
-            shift; continue
-            ;;
-        -S) stripcmd="$stripprog $2"
-            shift; shift; continue
-            ;;
-        -e) ext="$2"
-            shift; shift; continue
-            ;;
-        *)  if [ "x$src" = "x" ]; then
-                src=$1
-            else
-                dst=$1
-            fi
-            shift; continue
-            ;;
-    esac
-done
-if [ "x$src" = "x" ]; then
-     echo "install.sh: no input file specified"
-     exit 1
-fi
-if [ "x$dst" = "x" ]; then
-     echo "install.sh: no destination specified"
-     exit 1
-fi
-
-#
-#  If destination is a directory, append the input filename; if
-#  your system does not like double slashes in filenames, you may
-#  need to add some logic
-#
-if [ -d $dst ]; then
-    dst="$dst/`basename $src`"
-fi
-
-#  Check if we need to add an executable extension (such as ".exe") 
-#  on specific OS to src and dst
-if [ -f "$src.exe" ]; then
-  if [ -f "$src" ]; then
-    : # Cygwin [ test ] is too stupid to do [ -f "$src.exe" ] && [ ! -f "$src" ]
-  else
-    ext=".exe"
-  fi
-fi
-src="$src$ext"
-dst="$dst$ext"
-
-#  Make a temp file name in the proper directory.
-dstdir=`dirname $dst`
-dsttmp=$dstdir/inst.$$
-
-#  Move or copy the file name to the temp name
-$instcmd $src $dsttmp
-
-#  And set any options; do chmod last to preserve setuid bits
-if [ "x$chowncmd" != "x" ]; then $chowncmd $dsttmp; fi
-if [ "x$chgrpcmd" != "x" ]; then $chgrpcmd $dsttmp; fi
-if [ "x$stripcmd" != "x" ]; then $stripcmd $dsttmp; fi
-if [ "x$chmodcmd" != "x" ]; then $chmodcmd $dsttmp; fi
-
-#  Now rename the file to the real destination.
-$rmcmd $dst
-$mvcmd $dsttmp $dst
-
-exit 0
-
diff --git a/usr.sbin/httpd/src/helpers/mfhead b/usr.sbin/httpd/src/helpers/mfhead
deleted file mode 100644
index f33d82492d1..00000000000
--- a/usr.sbin/httpd/src/helpers/mfhead
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-echo "##"
-echo "##  Apache Makefile, automatically generated by Configure script."
-echo "##  Hand-edited changes will be lost if the Configure script is re-run."
-echo "##  Sources: - `sh helpers/fp2rp $1`/Makefile.config (via $2)"
-echo "##           - ./Makefile.tmpl"
-echo "##"
-echo ""
diff --git a/usr.sbin/httpd/src/helpers/mkdir.sh b/usr.sbin/httpd/src/helpers/mkdir.sh
deleted file mode 100644
index 4cd33c5671c..00000000000
--- a/usr.sbin/httpd/src/helpers/mkdir.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-## 
-##  mkdir.sh -- make directory hierarchy
-##
-##  Based on `mkinstalldirs' from Noah Friedman <friedman@prep.ai.mit.edu>
-##  as of 1994-03-25, which was placed in the Public Domain.
-##  Cleaned up for Apache's Autoconf-style Interface (APACI)
-##  by Ralf S. Engelschall <rse@apache.org>
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-umask 022
-errstatus=0
-for file in ${1+"$@"} ; do 
-    set fnord `echo ":$file" |\
-               sed -e 's/^:\//%/' -e 's/^://' -e 's/\// /g' -e 's/^%/\//'`
-    shift
-    pathcomp=
-    for d in ${1+"$@"}; do
-        pathcomp="$pathcomp$d"
-        case "$pathcomp" in
-            -* ) pathcomp=./$pathcomp ;;
-        esac
-        if test ! -d "$pathcomp"; then
-            echo "mkdir $pathcomp" 1>&2
-            mkdir "$pathcomp" || errstatus=$?
-        fi
-        pathcomp="$pathcomp/"
-    done
-done
-exit $errstatus
-
diff --git a/usr.sbin/httpd/src/helpers/mkshadow.sh b/usr.sbin/httpd/src/helpers/mkshadow.sh
deleted file mode 100644
index 00b0e3a2a41..00000000000
--- a/usr.sbin/httpd/src/helpers/mkshadow.sh
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/sh
-##
-##  mkshadow.sh -- create a shadow tree
-##
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##  for the shadow tree generation option (--shadow) of 
-##  Apache's Autoconf-style Interface (APACI) 
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#   default IFS
-DIFS=' 	
-'
-
-#   source and destination directory
-src=`echo $1 | sed -e 's:/$::'`
-dst=`echo $2 | sed -e 's:/$::'`
-
-#   check whether source exists
-if [ ! -d $src ]; then
-    echo "mkshadow.sh:Error: source directory not found" 1>&2
-    exit 1
-fi
-
-#   determine if one of the paths is an absolute path,
-#   because then we have to use an absolute symlink
-oneisabs=0
-case $src in
-    /* ) oneisabs=1 ;;
-esac
-case $dst in
-    /* ) oneisabs=1 ;;
-esac
-
-#   determine reverse directory for destination directory
-dstrevdir=''
-if [ "x$oneisabs" = "x0" ]; then
-    #   (inlined fp2rp)
-    OIFS2="$IFS"; IFS='/'
-    for pe in $dst; do
-        dstrevdir="../$dstrevdir"
-    done
-    IFS="$OIFS2"
-else
-    src="`cd $src; pwd`";
-fi
-
-#   create directory tree at destination
-if [ ! -d $dst ]; then
-    mkdir $dst
-fi
-DIRS="`cd $src; \
-       find . -type d -print |\
-       sed -e '/\/CVS/d' \
-           -e '/^\.$/d' \
-           -e 's:^\./::'`"
-OIFS="$IFS" IFS="$DIFS"
-for dir in $DIRS; do
-    mkdir $dst/$dir
-done
-IFS="$OIFS"
-
-#   fill directory tree with symlinks to files
-FILES="`cd $src; \
-        find . -depth -print |\
-        sed -e '/\.o$/d' \
-            -e '/\.a$/d' \
-            -e '/\.so$/d' \
-            -e '/\.so-o$/d' \
-            -e '/\.cvsignore$/d' \
-            -e '/\/CVS/d' \
-            -e '/\.indent\.pro$/d' \
-            -e '/\.apaci.*/d' \
-            -e '/Makefile$/d' \
-            -e '/\/\.#/d' \
-            -e '/\.orig$/d' \
-            -e 's/^\.\///'`"
-OIFS="$IFS" IFS="$DIFS"
-for file in $FILES; do
-     #  don't use `-type f' above for find because of symlinks
-     if [ -d "$src/$file" ]; then
-         continue
-     fi
-     basename=`echo $file | sed -e 's:^.*/::'`
-     dir=`echo $file | sed -e 's:[^/]*$::' -e 's:/$::' -e 's:$:/:' -e 's:^/$::'`
-     from="$src/$file"
-     to="$dst/$dir$basename"
-     if [ "x$oneisabs" = "x0" ]; then
-         if [ "x$dir" != "x" ]; then
-             subdir=`echo $dir | sed -e 's:/$::'`
-             #   (inlined fp2rp)
-             revdir=''
-             OIFS2="$IFS"; IFS='/'
-             for pe in $subdir; do
-                 revdir="../$revdir"
-             done
-             IFS="$OIFS2"
-             #   finalize from
-             from="$revdir$from"
-         fi
-         from="$dstrevdir$from"
-     fi
-     echo "    $to"
-     ln -s $from $to
-done
-IFS="$OIFS"
-
diff --git a/usr.sbin/httpd/src/helpers/ppl.sh b/usr.sbin/httpd/src/helpers/ppl.sh
deleted file mode 100644
index e83ab4793fc..00000000000
--- a/usr.sbin/httpd/src/helpers/ppl.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/sh
-##
-##  ppl.sh -- pretty print a colon-sperarated list by avoiding 
-##            `tr' and `fmt' because these tools are different
-##            between Unix platforms
-##
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##  for pretty printing lists in the --help option of
-##  Apache's Autoconf-style Interface (APACI)
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-list=`
-IFS=:
-for entry in $*; do
-    if [ "x$entry" != "x" ]; then
-        echo $entry
-    fi
-done |\
-sort |\
-awk '
-    BEGIN { list = ""; n = 0; }
-    { 
-        list = list $1;
-        n = n + 1;
-        if (n == 1 || n == 2) {
-            list = list ":";
-        }
-        if (n == 3) {
-            list = list "\n";
-            n = 0;
-        }
-    }
-    END { print list; }
-'`
-IFS='
-'
-for entry in $list; do
-    echo $entry |\
-    awk -F: '
-        { printf("%-15s %-15s %-15s\n", $1, $2, $3); }
-    '
-done |\
-awk '{ 
-    if (length($0) > 48) { 
-        printf("%s\n", substr($0, 0, 47));
-    } else { 
-        print $0; 
-    }
-}' |\
-sed -e 's/^/                        [/' -e 's/$/]/'
-
diff --git a/usr.sbin/httpd/src/helpers/slo.sh b/usr.sbin/httpd/src/helpers/slo.sh
deleted file mode 100644
index e9d0e588134..00000000000
--- a/usr.sbin/httpd/src/helpers/slo.sh
+++ /dev/null
@@ -1,178 +0,0 @@
-#!/bin/sh
-##
-##  slo.h -- (S)eparate (L)inker (O)ptions by library class
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-DIFS=' 	
-'
-
-#   
-#   parse out -L and -l options from command line
-#
-DIRS=''
-LIBS=''
-ARGV=''
-optprev=""
-OIFS="$IFS" IFS="$DIFS"
-for opt
-do
-    #   concatenate with previous option if exists
-    if [ "x$optprev" != "x" ]; then
-        opt="${optprev}${opt}";
-        optprev=''
-    fi
-    #   remember options for arg when used stand-alone
-    if [ "x$opt" = "x-L" -o "x$opt" = "x-l" ]; then
-        optprev="$opt"
-        continue;
-    fi
-    #   split argument into option plus option argument
-    arg="`echo $opt | cut -c3-`"
-    opt="`echo $opt | cut -c1-2`"
-    #   store into containers
-    case $opt in
-        -L) DIRS="$DIRS:$arg" ;;
-        -l) LIBS="$LIBS:$arg" ;;
-         *) ARGV="$ARGV $opt" ;;
-    esac
-done
-IFS="$OIFS"
-
-#
-#   set linker default directories
-#
-DIRS_DEFAULT='/lib:/usr/lib'
-if [ "x$LD_LIBRARY_PATH" != "x" ]; then
-    DIRS_DEFAULT="$DIRS_DEFAULT:$LD_LIBRARY_PATH"
-fi
-
-#
-#   sort options by class
-#
-DIRS_OBJ=''
-LIBS_OBJ=''
-DIRS_PIC=''
-LIBS_PIC=''
-DIRS_DSO=''
-LIBS_DSO=''
-
-#    for each library...
-OIFS="$IFS" IFS=':'
-for lib in $LIBS; do
-    [ "x$lib" = "x" ] && continue
-
-    found='no'
-    found_indefdir='no'
-    found_type=''
-    found_dir=''
-
-    #    for each directory...
-    OIFS2="$IFS" IFS=":$DIFS"
-    for dir in ${DIRS} switch-to-defdirs ${DIRS_DEFAULT}; do
-        [ "x$dir" = "x" ] && continue
-        [ "x$dir" = "xswitch-to-defdirs" ] && found_indefdir=yes
-        [ ! -d $dir ] && continue
-
-        #    search the file
-        OIFS3="$IFS" IFS="$DIFS"
-        for file in '' `cd $dir && ls lib${lib}.* 2>/dev/null`; do
-             [ "x$file" = "x" ] && continue
-             case $file in
-                 *.so|*.so.[0-9]*|*.sl|*.sl.[0-9]* )
-                      found=yes;
-                      found_type=DSO; 
-                      break 
-                      ;;
-                 *.lo|*.la )
-                      found=yes;
-                      found_type=PIC 
-                      ;;
-                 *.a )
-                      if [ "x$found_type" = "x" ]; then
-                          found=yes
-                          found_type=OBJ 
-                      fi
-                      ;;
-             esac
-        done
-        IFS="$OIFS3"
-        if [ "x$found" = "xyes" ]; then
-            found_dir="$dir"
-            break
-        fi
-    done
-    IFS="$OIFS2"
-
-    if [ "x$found" = "xyes" ]; then
-        if [ "x$found_indefdir" != "xyes" ]; then
-            eval "dirlist=\"\${DIRS_${found_type}}:\""
-            if [ ".`echo \"$dirlist\" | fgrep :$found_dir:`" = . ]; then
-                eval "DIRS_${found_type}=\"\$DIRS_${found_type}:${found_dir}\""
-            fi
-            eval "LIBS_${found_type}=\"\$LIBS_${found_type}:$lib\""
-        else
-            eval "LIBS_${found_type}=\"\$LIBS_${found_type}:$lib\""
-        fi
-    else
-        LIBS_OBJ="$LIBS_OBJ:$lib"
-        #dirlist="`echo $DIRS $DIRS_DEFAULT | sed -e 's/:/ /g'`"
-        #echo "splitlibs:Warning: library \"$lib\" not found in any of the following dirs:" 2>&1
-        #echo "splitlibs:Warning: $dirlist" 1>&1
-    fi
-done
-IFS="$OIFS"
-
-#
-#   also pass-through unused dirs even if it's useless
-#
-OIFS="$IFS" IFS=':'
-for dir in $DIRS; do
-    dirlist="${DIRS_OBJ}:${DIRS_PIC}:${DIRS_DSO}:"
-    if [ ".`echo \"$dirlist\" | fgrep :$dir:`" = . ]; then
-        DIRS_OBJ="$DIRS_OBJ:$dir"
-    fi
-done
-IFS="$OIFS"
-
-#
-#   reassemble the options but seperated by type
-#
-OIFS="$IFS" IFS="$DIFS"
-for type in OBJ PIC DSO; do
-    OIFS2="$IFS" IFS=':'
-    eval "libs=\"\$LIBS_${type}\""
-    opts=''
-    for lib in $libs; do
-        [ "x$lib" = "x" ] && continue
-        opts="$opts -l$lib"
-    done
-    eval "LIBS_${type}=\"$opts\""
-
-    eval "dirs=\"\$DIRS_${type}\""
-    opts=''
-    for dir in $dirs; do
-        [ "x$dir" = "x" ] && continue
-        opts="$opts -L$dir"
-    done
-    eval "DIRS_${type}=\"$opts\""
-    IFS="$OIFS2"
-done
-IFS="$OIFS"
-
-#
-#   give back results
-#
-OIFS="$IFS" IFS="$DIFS"
-for var in ARGV DIRS_OBJ LIBS_OBJ DIRS_PIC LIBS_PIC DIRS_DSO LIBS_DSO; do
-    eval "val=\"\$${var}\""
-    val="`echo $val | sed -e 's/^ *//'`"
-    echo "SLO_${var}=\"${val}\""
-done
-IFS="$OIFS"
-
-##EOF##
diff --git a/usr.sbin/httpd/src/include/.indent.pro b/usr.sbin/httpd/src/include/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/include/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/include/ap.h b/usr.sbin/httpd/src/include/ap.h
deleted file mode 100644
index dbe41bfe83d..00000000000
--- a/usr.sbin/httpd/src/include/ap.h
+++ /dev/null
@@ -1,200 +0,0 @@
-/* $OpenBSD: ap.h,v 1.14 2008/05/09 08:06:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * The ap_vsnprintf/ap_snprintf functions are based on, and used with the
- * permission of, the  SIO stdio-replacement strx_* functions by Panos
- * Tsirigotis <panos@alumni.cs.colorado.edu> for xinetd.
- */
-
-#ifndef APACHE_AP_H
-#define APACHE_AP_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-API_EXPORT(char *) ap_cpystrn(char *, const char *, size_t);
-int ap_slack(int, int);
-int ap_execle(const char *, const char *, ...);
-int ap_execve(const char *, char * const argv[], char * const envp[]);
-API_EXPORT(int) ap_getpass(const char *prompt, char *pwbuf, size_t bufsiz);
-
-#ifndef ap_strtol
-API_EXPORT(long) ap_strtol(const char *nptr, char **endptr, int base);
-#endif
-
-/* small utility macros to make things easier to read */
-
-#define ap_killpg(x, y)         (killpg ((x), (y)))
-
-/* ap_vformatter() is a generic printf-style formatting routine
- * with some extensions.  The extensions are:
- *
- * %pA	takes a struct in_addr *, and prints it as a.b.c.d
- * %pI	takes a struct sockaddr * and prints it as a.b.c.d:port, or
- *	ipv6-numeric-addr:port
- * %pp  takes a void * and outputs it in hex
- *
- * The %p hacks are to force gcc's printf warning code to skip
- * over a pointer argument without complaining.  This does
- * mean that the ANSI-style %p (output a void * in hex format) won't
- * work as expected at all, but that seems to be a fair trade-off
- * for the increased robustness of having printf-warnings work.
- *
- * Additionally, ap_vformatter allows for arbitrary output methods
- * using the ap_vformatter_buff and flush_func.
- *
- * The ap_vformatter_buff has two elements curpos and endpos.
- * curpos is where ap_vformatter will write the next byte of output.
- * It proceeds writing output to curpos, and updating curpos, until
- * either the end of output is reached, or curpos == endpos (i.e. the
- * buffer is full).
- *
- * If the end of output is reached, ap_vformatter returns the
- * number of bytes written.
- *
- * When the buffer is full, the flush_func is called.  The flush_func
- * can return -1 to indicate that no further output should be attempted,
- * and ap_vformatter will return immediately with -1.  Otherwise
- * the flush_func should flush the buffer in whatever manner is
- * appropriate, re-initialize curpos and endpos, and return 0.
- *
- * Note that flush_func is only invoked as a result of attempting to
- * write another byte at curpos when curpos >= endpos.  So for
- * example, it's possible when the output exactly matches the buffer
- * space available that curpos == endpos will be true when
- * ap_vformatter returns.
- *
- * ap_vformatter does not call out to any other code, it is entirely
- * self-contained.  This allows the callers to do things which are
- * otherwise "unsafe".  For example, ap_psprintf uses the "scratch"
- * space at the unallocated end of a block, and doesn't actually
- * complete the allocation until ap_vformatter returns.  ap_psprintf
- * would be completely broken if ap_vformatter were to call anything
- * that used a pool.  Similarly http_bprintf() uses the "scratch"
- * space at the end of its output buffer, and doesn't actually note
- * that the space is in use until it either has to flush the buffer
- * or until ap_vformatter returns.
- */
-
-typedef struct {
-	char *curpos;
-	char *endpos;
-} ap_vformatter_buff;
-
-API_EXPORT(int) ap_vformatter(int (*flush_func)(ap_vformatter_buff *),
-    ap_vformatter_buff *, const char *fmt, va_list ap);
-
-/* These are snprintf implementations based on ap_vformatter().
- *
- * Note that various standards and implementations disagree on the return
- * value of snprintf, and side-effects due to %n in the formatting string.
- * ap_snprintf behaves as follows:
- *
- * Process the format string until the entire string is exhausted, or
- * the buffer fills.  If the buffer fills then stop processing immediately
- * (so no further %n arguments are processed), and return the buffer
- * length.  In all cases the buffer is NUL terminated. The return value
- * is the number of characters placed in the buffer, excluding the
- * terminating NUL. All this implies that, at most, (len-1) characters
- * will be copied over; if the return value is >= len, then truncation
- * occured.
- *
- * In no event does ap_snprintf return a negative number.
- */
-API_EXPORT_NONSTD(int) ap_snprintf(char *buf, size_t len,
-    const char *format,...) __attribute__((format(printf,3,4)));
-API_EXPORT(int) ap_vsnprintf(char *buf, size_t len, const char *format,
-    va_list ap);
-/* Simple BASE64 encode/decode functions.
- * 
- * As we might encode binary strings, hence we require the length of
- * the incoming plain source. And return the length of what we decoded.
- *
- * The decoding function takes any non valid char (i.e. whitespace, \0
- * or anything non A-Z,0-9 etc as terminal.
- * 
- * plain strings/binary sequences are not assumed '\0' terminated. Encoded
- * strings are neither. But propably should.
- *
- */
-API_EXPORT(int) ap_base64encode_len(int len);
-API_EXPORT(int) ap_base64encode(char * coded_dst, const char *plain_src,
-    int len_plain_src);
-API_EXPORT(int) ap_base64encode_binary(char * coded_dst,
-    const unsigned char *plain_src,int len_plain_src);
-
-API_EXPORT(int) ap_base64decode_len(const char * coded_src);
-API_EXPORT(int) ap_base64decode(char * plain_dst, const char *coded_src);
-API_EXPORT(int) ap_base64decode_binary(unsigned char * plain_dst,
-    const char *coded_src);
-
-/* Password validation, as used in AuthType Basic which is able to cope
- * (based on the prefix) with the SHA1, Apache's internal MD5 and (depending
- * on your platform either plain or crypt(3) passwords.
- */
-API_EXPORT(char *) ap_validate_password(const char *passwd, const char *hash);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_AP_H */
diff --git a/usr.sbin/httpd/src/include/ap_alloc.h b/usr.sbin/httpd/src/include/ap_alloc.h
deleted file mode 100644
index b9f24efc062..00000000000
--- a/usr.sbin/httpd/src/include/ap_alloc.h
+++ /dev/null
@@ -1,421 +0,0 @@
-/* $OpenBSD: ap_alloc.h,v 1.8 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_ALLOC_H
-#define APACHE_ALLOC_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Resource allocation routines...
- *
- * designed so that we don't have to keep track of EVERYTHING so that
- * it can be explicitly freed later (a fundamentally unsound strategy ---
- * particularly in the presence of die()).
- *
- * Instead, we maintain pools, and allocate items (both memory and I/O
- * handlers) from the pools --- currently there are two, one for per
- * transaction info, and one for config info.  When a transaction is over,
- * we can delete everything in the per-transaction pool without fear, and
- * without thinking too hard about it either.
- *
- * rst
- */
-
-/* Arenas for configuration info and transaction info
- * --- actual layout of the pool structure is private to
- * alloc.c.
- */
-
-typedef struct pool pool;
-typedef struct pool ap_pool;
-
-API_EXPORT(pool *) ap_init_alloc(void);         /* Set up everything */
-void ap_cleanup_alloc(void);
-API_EXPORT(pool *) ap_make_sub_pool(pool *);    /* All pools are subpools of permanent_pool */
-typedef enum { AP_POOL_RD, AP_POOL_RW } ap_pool_lock_mode;
-int ap_shared_pool_possible(void);
-void ap_init_alloc_shared(int);
-void ap_kill_alloc_shared(void);
-API_EXPORT(pool *) ap_make_shared_sub_pool(pool *);
-API_EXPORT(int) ap_acquire_pool(pool *, ap_pool_lock_mode);
-API_EXPORT(int) ap_release_pool(pool *);
-API_EXPORT(void) ap_destroy_pool(pool *);
-
-/* pools have nested lifetimes -- sub_pools are destroyed when the
- * parent pool is cleared.  We allow certain liberties with operations
- * on things such as tables (and on other structures in a more general
- * sense) where we allow the caller to insert values into a table which
- * were not allocated from the table's pool.  The table's data will
- * remain valid as long as all the pools from which its values are
- * allocated remain valid.
- *
- * For example, if B is a sub pool of A, and you build a table T in
- * pool B, then it's safe to insert data allocated in A or B into T
- * (because B lives at most as long as A does, and T is destroyed when
- * B is cleared/destroyed).  On the other hand, if S is a table in
- * pool A, it is safe to insert data allocated in A into S, but it
- * is *not safe* to insert data allocated from B into S... because
- * B can be cleared/destroyed before A is (which would leave dangling
- * pointers in T's data structures).
- *
- * In general we say that it is safe to insert data into a table T
- * if the data is allocated in any ancestor of T's pool.  This is the
- * basis on which the POOL_DEBUG code works -- it tests these ancestor
- * relationships for all data inserted into tables.  POOL_DEBUG also
- * provides tools (ap_find_pool, and ap_pool_is_ancestor) for other
- * folks to implement similar restrictions for their own data
- * structures.
- *
- * However, sometimes this ancestor requirement is inconvenient --
- * sometimes we're forced to create a sub pool (such as through
- * ap_sub_req_lookup_uri), and the sub pool is guaranteed to have
- * the same lifetime as the parent pool.  This is a guarantee implemented
- * by the *caller*, not by the pool code.  That is, the caller guarantees
- * they won't destroy the sub pool individually prior to destroying the
- * parent pool.
- *
- * In this case the caller must call ap_pool_join() to indicate this
- * guarantee to the POOL_DEBUG code.  There are a few examples spread
- * through the standard modules.
- */
-#ifndef POOL_DEBUG
-#ifdef ap_pool_join
-#undef ap_pool_join
-#endif
-#define ap_pool_join(a,b)
-#else
-API_EXPORT(void) ap_pool_join(pool *p, pool *sub);
-API_EXPORT(pool *) ap_find_pool(const void *ts);
-API_EXPORT(int) ap_pool_is_ancestor(pool *a, pool *b);
-#endif
-
-/* Clearing out EVERYTHING in an pool... destroys any sub-pools */
-
-API_EXPORT(void) ap_clear_pool(struct pool *);
-
-/* Preparing for exec() --- close files, etc., but *don't* flush I/O
- * buffers, *don't* wait for subprocesses, and *don't* free any memory.
- */
-
-API_EXPORT(void) ap_cleanup_for_exec(void);
-
-/* routines to allocate memory from an pool... */
-
-API_EXPORT(void *) ap_palloc(struct pool *, int nbytes);
-API_EXPORT(void *) ap_pcalloc(struct pool *, int nbytes);
-API_EXPORT(char *) ap_pstrdup(struct pool *, const char *s);
-/* make a nul terminated copy of the n characters starting with s */
-API_EXPORT(char *) ap_pstrndup(struct pool *, const char *s, int n);
-API_EXPORT_NONSTD(char *) ap_pstrcat(struct pool *,...);
-/* all '...' must be char* */
-API_EXPORT_NONSTD(char *) ap_psprintf(struct pool *, const char *fmt, ...)
-    __attribute__((format(printf,2,3)));
-API_EXPORT(char *) ap_pvsprintf(struct pool *, const char *fmt, va_list);
-
-/* array and alist management... keeping lists of things.
- * Common enough to want common support code ...
- */
-
-typedef struct {
-	ap_pool *pool;
-	int elt_size;
-	int nelts;
-	int nalloc;
-	char *elts;
-} array_header;
-
-API_EXPORT(array_header *) ap_make_array(pool *p, int nelts, int elt_size);
-API_EXPORT(void *) ap_push_array(array_header *);
-API_EXPORT(void) ap_array_cat(array_header *dst, const array_header *src);
-API_EXPORT(array_header *) ap_append_arrays(pool *, const array_header *,
-    const array_header *);
-
-/* ap_array_pstrcat generates a new string from the pool containing
- * the concatenated sequence of substrings referenced as elements within
- * the array.  The string will be empty if all substrings are empty or null,
- * or if there are no elements in the array.
- * If sep is non-NUL, it will be inserted between elements as a separator.
- */
-API_EXPORT(char *) ap_array_pstrcat(pool *p, const array_header *arr,
-    const char sep);
-
-/* copy_array copies the *entire* array.  copy_array_hdr just copies
- * the header, and arranges for the elements to be copied if (and only
- * if) the code subsequently does a push or arraycat.
- */
-
-API_EXPORT(array_header *) ap_copy_array(pool *p, const array_header *src);
-API_EXPORT(array_header *) ap_copy_array_hdr(pool *p, const array_header *src);
-
-
-/* Tables.  Implemented alist style, for now, though we try to keep
- * it so that imposing a hash table structure on top in the future
- * wouldn't be *too* hard...
- *
- * Note that key comparisons for these are case-insensitive, largely
- * because that's what's appropriate and convenient everywhere they're
- * currently being used...
- */
-
-typedef struct table table;
-
-typedef struct {
-	char *key;      /* maybe NULL in future;
-			 * check when iterating thru table_elts
-			 */
-	char *val;
-} table_entry;
-
-API_EXPORT(table *) ap_make_table(pool *p, int nelts);
-API_EXPORT(table *) ap_copy_table(pool *p, const table *);
-API_EXPORT(void) ap_clear_table(table *);
-API_EXPORT(const char *) ap_table_get(const table *, const char *);
-API_EXPORT(void) ap_table_set(table *, const char *name, const char *val);
-API_EXPORT(void) ap_table_setn(table *, const char *name, const char *val);
-API_EXPORT(void) ap_table_merge(table *, const char *name,
-    const char *more_val);
-API_EXPORT(void) ap_table_mergen(table *, const char *name,
-    const char *more_val);
-API_EXPORT(void) ap_table_unset(table *, const char *key);
-API_EXPORT(void) ap_table_add(table *, const char *name, const char *val);
-API_EXPORT(void) ap_table_addn(table *, const char *name, const char *val);
-API_EXPORT_NONSTD(void) ap_table_do(int (*comp) (void *, const char *,
-    const char *), void *rec, const table *t,...);
-
-API_EXPORT(table *) ap_overlay_tables(pool *p, const table *overlay,
-    const table *base);
-
-/* Conceptually, ap_overlap_tables does this:
-
-    array_header *barr = ap_table_elts(b);
-    table_entry *belt = (table_entry *)barr->elts;
-    int i;
-
-    for (i = 0; i < barr->nelts; ++i) {
-        if (flags & AP_OVERLAP_TABLES_MERGE) {
-            ap_table_mergen(a, belt[i].key, belt[i].val);
-        }
-        else {
-            ap_table_setn(a, belt[i].key, belt[i].val);
-        }
-    }
-
-    Except that it is more efficient (less space and cpu-time) especially
-    when b has many elements.
-
-    Notice the assumptions on the keys and values in b -- they must be
-    in an ancestor of a's pool.  In practice b and a are usually from
-    the same pool.
-*/
-#define AP_OVERLAP_TABLES_SET	(0)
-#define AP_OVERLAP_TABLES_MERGE	(1)
-API_EXPORT(void) ap_overlap_tables(table *a, const table *b, unsigned flags);
-
-/* XXX: these know about the definition of struct table in alloc.c.  That
- * definition is not here because it is supposed to be private, and by not
- * placing it here we are able to get compile-time diagnostics from modules
- * written which assume that a table is the same as an array_header. -djg
- */
-#define ap_table_elts(t) ((array_header *)(t))
-#define ap_is_empty_table(t) \
-    (((t) == NULL)||(((array_header *)(t))->nelts == 0))
-
-/* routines to remember allocation of other sorts of things...
- * generic interface first.  Note that we want to have two separate
- * cleanup functions in the general case, one for exec() preparation,
- * to keep CGI scripts and the like from inheriting access to things
- * they shouldn't be able to touch, and one for actually cleaning up,
- * when the actual server process wants to get rid of the thing,
- * whatever it is.
- *
- * kill_cleanup disarms a cleanup, presumably because the resource in
- * question has been closed, freed, or whatever, and it's scarce
- * enough to want to reclaim (e.g., descriptors).  It arranges for the
- * resource not to be cleaned up a second time (it might have been
- * reallocated).  run_cleanup does the same, but runs it first.
- *
- * Cleanups are identified for purposes of finding & running them off by the
- * plain_cleanup and data, which should presumably be unique.
- *
- * NB any code which invokes register_cleanup or kill_cleanup directly
- * is a critical section which should be guarded by block_alarms() and
- * unblock_alarms() below...
- *
- * ap_register_cleanup_ex provided to allow for an optional "cleanup"
- * to be run at call-time for things like setting CLOSEXEC flags
- * on fd's or whatever else may make sense.
- */
-
-API_EXPORT(void) ap_register_cleanup(pool *p, void *data,
-    void (*plain_cleanup) (void *), void (*child_cleanup) (void *));
-API_EXPORT(void) ap_register_cleanup_ex(pool *p, void *data,
-    void (*plain_cleanup) (void *), void (*child_cleanup) (void *),
-    int (*magic_cleanup) (void *));
-
-API_EXPORT(void) ap_kill_cleanup(pool *p, void *data,
-    void (*plain_cleanup) (void *));
-API_EXPORT(void) ap_run_cleanup(pool *p, void *data,
-    void (*cleanup) (void *));
-
-/* A "do-nothing" cleanup, for register_cleanup; it's faster to do
- * things this way than to test for NULL. */
-API_EXPORT_NONSTD(void) ap_null_cleanup(void *data);
-
-/* The time between when a resource is actually allocated, and when it
- * its cleanup is registered is a critical section, during which the
- * resource could leak if we got interrupted or timed out.  So, anything
- * which registers cleanups should bracket resource allocation and the
- * cleanup registry with these.  (This is done internally by run_cleanup).
- *
- * NB they are actually implemented in http_main.c, since they are bound
- * up with timeout handling in general...
- */
-
-API_EXPORT(void) ap_block_alarms(void);
-API_EXPORT(void) ap_unblock_alarms(void);
-
-/* Common cases which want utility support..
- * the note_cleanups_for_foo routines are for 
- */
-
-API_EXPORT(FILE *) ap_pfopen(struct pool *, const char *name,
-    const char *fmode);
-API_EXPORT(FILE *) ap_pfdopen(struct pool *, int fd,
-    const char *fmode);
-API_EXPORT(int) ap_popenf(struct pool *, const char *name, int flg, int mode);
-API_EXPORT(int) ap_popenf_ex(struct pool *, const char *name, int flg, int mode,
-    int domagic);
-
-API_EXPORT(void) ap_note_cleanups_for_file(pool *, FILE *);
-API_EXPORT(void) ap_note_cleanups_for_file_ex(pool *, FILE *, int);
-API_EXPORT(void) ap_note_cleanups_for_fd(pool *, int);
-API_EXPORT(void) ap_note_cleanups_for_fd_ex(pool *, int, int);
-API_EXPORT(void) ap_kill_cleanups_for_fd(pool *p, int fd);
-
-API_EXPORT(void) ap_note_cleanups_for_socket(pool *, int);
-API_EXPORT(void) ap_note_cleanups_for_socket_ex(pool *, int, int);
-API_EXPORT(void) ap_kill_cleanups_for_socket(pool *p, int sock);
-API_EXPORT(int) ap_psocket(pool *p, int, int, int);
-API_EXPORT(int) ap_psocket_ex(pool *p, int, int, int, int);
-API_EXPORT(int) ap_pclosesocket(pool *a, int sock);
-
-API_EXPORT(regex_t *) ap_pregcomp(pool *p, const char *pattern, int cflags);
-API_EXPORT(void) ap_pregfree(pool *p, regex_t * reg);
-
-/* routines to note closes... file descriptors are constrained enough
- * on some systems that we want to support this.
- */
-
-API_EXPORT(int) ap_pfclose(struct pool *, FILE *);
-API_EXPORT(int) ap_pclosef(struct pool *, int fd);
-
-/* routines to deal with directories */
-API_EXPORT(DIR *) ap_popendir(pool *p, const char *name);
-API_EXPORT(void) ap_pclosedir(pool *p, DIR * d);
-
-/* ... even child processes (which we may want to wait for,
- * or to kill outright, on unexpected termination).
- *
- * ap_spawn_child is a utility routine which handles an awful lot of
- * the rigamarole associated with spawning a child --- it arranges
- * for pipes to the child's stdin and stdout, if desired (if not,
- * set the associated args to NULL).  It takes as args a function
- * to call in the child, and an argument to be passed to the function.
- */
-
-enum kill_conditions {
-	kill_never,             /* process is never sent any signals */
-	kill_always,            /* process is sent SIGKILL on pool cleanup */
-	kill_after_timeout,     /* SIGTERM, wait 3 seconds, SIGKILL */
-	just_wait,              /* wait forever for the process to complete */
-	kill_only_once          /* send SIGTERM and then wait */
-};
-
-typedef struct child_info child_info;
-API_EXPORT(void) ap_note_subprocess(pool *a, pid_t pid,
-    enum kill_conditions how);
-API_EXPORT(int) ap_spawn_child(pool *, int (*)(void *, child_info *),
-   void *, enum kill_conditions, FILE **pipe_in, FILE **pipe_out,
-   FILE **pipe_err);
-int ap_close_fd_on_exec(int fd);
-
-/* magic numbers --- min free bytes to consider a free pool block useable,
- * and the min amount to allocate if we have to go to malloc() */
-
-#ifndef BLOCK_MINFREE
-#define BLOCK_MINFREE 4096
-#endif
-#ifndef BLOCK_MINALLOC
-#define BLOCK_MINALLOC 8192
-#endif
-
-/* Finally, some accounting */
-
-API_EXPORT(long) ap_bytes_in_pool(pool *p);
-API_EXPORT(long) ap_bytes_in_free_blocks(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_ALLOC_H */
diff --git a/usr.sbin/httpd/src/include/ap_compat.h b/usr.sbin/httpd/src/include/ap_compat.h
deleted file mode 100644
index dec73644768..00000000000
--- a/usr.sbin/httpd/src/include/ap_compat.h
+++ /dev/null
@@ -1,431 +0,0 @@
-/*
-**  ap_compat.h -- Apache Backward Compatibility
-**
-**  INCLUDE THIS HEADER FILE ONLY IF YOU REALLY NEED
-**  BACKWARD COMPATIBILITY TO OLD APACHE RESOURCES.
-*/
-
-#ifndef AP_COMPAT_H
-#define AP_COMPAT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* 
- *   Mapping of Apache 1.2 global symbols to the
- *   namespace conflict free variants used in Apache 1.3
- */
-
-#define MD5Final                       ap_MD5Final
-#define MD5Init                        ap_MD5Init
-#define acquire_mutex                  ap_acquire_mutex
-#define add_cgi_vars                   ap_add_cgi_vars
-#define add_common_vars                ap_add_common_vars
-#define add_file_conf                  ap_add_file_conf
-#define add_module                     ap_add_module
-#define add_named_module               ap_add_named_module
-#define add_per_dir_conf               ap_add_per_dir_conf
-#define add_per_url_conf               ap_add_per_url_conf
-#define allow_options                  ap_allow_options
-#define allow_overrides                ap_allow_overrides
-#define apapi_get_server_built         ap_get_server_built
-#define apapi_get_server_version       ap_get_server_version
-#define aplog_error                    ap_log_error
-#define append_arrays                  ap_append_arrays
-#define array_cat                      ap_array_cat
-#define auth_name                      ap_auth_name
-#define auth_type                      ap_auth_type
-#define basic_http_header              ap_basic_http_header
-#define bclose                         ap_bclose
-#define bcreate                        ap_bcreate
-#define bfilbuf                        ap_bfilbuf
-#define bfileno                        ap_bfileno
-#define bflsbuf                        ap_bflsbuf
-#define bflush                         ap_bflush
-#define bgetc                          ap_bgetc
-#define bgetflag                       ap_bgetflag
-#define bgetopt                        ap_bgetopt
-#define bgets                          ap_bgets
-#define bhalfduplex                    ap_bhalfduplex
-#define bind_address                   ap_bind_address
-#define block_alarms                   ap_block_alarms
-#define blookc                         ap_blookc
-#define bnonblock                      ap_bnonblock
-#define bonerror                       ap_bonerror
-#define bprintf                        ap_bprintf
-#define bpushfd                        ap_bpushfd
-#define bputc                          ap_bputc
-#define bputs                          ap_bputs
-#define bread                          ap_bread
-#define bsetflag                       ap_bsetflag
-#define bsetopt                        ap_bsetopt
-#define bskiplf                        ap_bskiplf
-#define bvputs                         ap_bvputs
-#define bwrite                         ap_bwrite
-#define bytes_in_free_blocks           ap_bytes_in_free_blocks
-#define bytes_in_pool                  ap_bytes_in_pool
-#define call_exec                      ap_call_exec
-#define can_exec                       ap_can_exec
-#define cfg_closefile                  ap_cfg_closefile
-#define cfg_getc                       ap_cfg_getc
-#define cfg_getline                    ap_cfg_getline
-#define chdir_file                     ap_chdir_file
-#define check_access                   ap_check_access
-#define check_alarm                    ap_check_alarm
-#define check_auth                     ap_check_auth
-#define check_cmd_context              ap_check_cmd_context
-#define check_user_id                  ap_check_user_id
-#define checkmask                      ap_checkmask
-#define child_exit_modules             ap_child_exit_modules
-#define child_init_modules             ap_child_init_modules
-#define child_terminate                ap_child_terminate
-#define cleanup_for_exec               ap_cleanup_for_exec
-#define clear_module_list              ap_clear_module_list
-#define clear_pool                     ap_clear_pool
-#define clear_table                    ap_clear_table
-#define close_piped_log                ap_close_piped_log
-#define construct_server               ap_construct_server
-#define construct_url                  ap_construct_url
-#define copy_array                     ap_copy_array
-#define copy_array_hdr                 ap_copy_array_hdr
-#define copy_table                     ap_copy_table
-#define core_reorder_directories       ap_core_reorder_directories
-#define coredump_dir                   ap_coredump_dir
-#define count_dirs                     ap_count_dirs
-#define create_environment             ap_create_environment
-#define create_mutex                   ap_create_mutex
-#define create_per_dir_config          ap_create_per_dir_config
-#define create_request_config          ap_create_request_config
-#define daemons_limit                  ap_daemons_limit
-#define daemons_max_free               ap_daemons_max_free
-#define daemons_min_free               ap_daemons_min_free
-#define daemons_to_start               ap_daemons_to_start
-#define day_snames                     ap_day_snames
-#define default_port                   ap_default_port
-#define default_port_for_request       ap_default_port_for_request
-#define default_port_for_scheme        ap_default_port_for_scheme
-#define default_type                   ap_default_type
-#define destroy_mutex                  ap_destroy_mutex
-#define destroy_pool                   ap_destroy_pool
-#define destroy_sub_req                ap_destroy_sub_req
-#define die                            ap_die
-#define discard_request_body           ap_discard_request_body
-#define document_root                  ap_document_root
-#define dummy_mutex                    ap_dummy_mutex
-#define each_byterange                 ap_each_byterange
-#define error_log2stderr               ap_error_log2stderr
-#define escape_html                    ap_escape_html
-#define escape_path_segment            ap_escape_path_segment
-#define escape_shell_cmd               ap_escape_shell_cmd
-#define escape_uri                     ap_escape_uri
-#define excess_requests_per_child      ap_excess_requests_per_child
-#define exists_scoreboard_image        ap_exists_scoreboard_image
-#define finalize_request_protocol      ap_finalize_request_protocol
-#define finalize_sub_req_protocol      ap_finalize_sub_req_protocol
-#define find_command                   ap_find_command
-#define find_command_in_modules        ap_find_command_in_modules
-#define find_last_token                ap_find_last_token
-#define find_linked_module             ap_find_linked_module
-#define find_module_name               ap_find_module_name
-#define find_path_info                 ap_find_path_info
-#define find_pool                      ap_find_pool
-#define find_token                     ap_find_token
-#define find_types                     ap_find_types
-#define fini_vhost_config              ap_fini_vhost_config
-#define fnmatch                        ap_fnmatch
-#define force_library_loading          ap_force_library_loading
-#define get_basic_auth_pw              ap_get_basic_auth_pw
-#define get_client_block               ap_get_client_block
-#define get_gmtoff                     ap_get_gmtoff
-#define get_local_host                 ap_get_local_host
-#define get_module_config              ap_get_module_config
-#define get_remote_host                ap_get_remote_host
-#define get_remote_logname             ap_get_remote_logname
-#define get_server_name                ap_get_server_name
-#define get_server_port                ap_get_server_port
-#define get_time                       ap_get_time
-#define get_token                      ap_get_token
-#define get_virthost_addr              ap_get_virthost_addr
-#define getparents                     ap_getparents
-#define getword                        ap_getword
-#define getword_conf                   ap_getword_conf
-#define getword_conf_nc                ap_getword_conf_nc
-#define getword_nc                     ap_getword_nc
-#define getword_nulls                  ap_getword_nulls
-#define getword_nulls_nc               ap_getword_nulls_nc
-#define getword_white                  ap_getword_white
-#define getword_white_nc               ap_getword_white_nc
-#define gm_timestr_822                 ap_gm_timestr_822
-#define gname2id                       ap_gname2id
-#define group_id                       ap_group_id
-#define handle_command                 ap_handle_command
-#define hard_timeout                   ap_hard_timeout
-#define header_parse                   ap_header_parse
-#define ht_time                        ap_ht_time
-#define http_method                    ap_http_method
-#define ind                            ap_ind
-#define index_of_response              ap_index_of_response
-#define init_alloc                     ap_init_alloc
-#define init_modules                   ap_init_modules
-#define init_vhost_config              ap_init_vhost_config
-#define init_virtual_host              ap_init_virtual_host
-#define internal_redirect              ap_internal_redirect
-#define internal_redirect_handler      ap_internal_redirect_handler
-#define invoke_handler                 ap_invoke_handler
-#define is_default_port                ap_is_default_port
-#define is_directory                   ap_is_directory
-#define is_empty_table                 ap_is_empty_table
-#define is_fnmatch                     ap_is_fnmatch
-#define is_initial_req                 ap_is_initial_req
-#define is_matchexp                    ap_is_matchexp
-#define is_table_empty                 ap_is_table_empty
-#define is_url                         ap_is_url
-#define keepalive_timeout              ap_keepalive_timeout
-#define kill_cleanup                   ap_kill_cleanup
-#define kill_cleanups_for_fd           ap_kill_cleanups_for_fd
-#define kill_cleanups_for_socket       ap_kill_cleanups_for_socket
-#define kill_timeout                   ap_kill_timeout
-#define limit_section                  ap_limit_section
-#define listenbacklog                  ap_listenbacklog
-#define listeners                      ap_listeners
-#define lock_fname                     ap_lock_fname
-#define log_assert                     ap_log_assert
-#define log_error                      ap_log_error_old
-#define log_pid                        ap_log_pid
-#define log_printf                     ap_log_printf
-#define log_reason                     ap_log_reason
-#define log_transaction                ap_log_transaction
-#define log_unixerr                    ap_log_unixerr
-#define make_array                     ap_make_array
-#define make_dirstr                    ap_make_dirstr
-#define make_dirstr_parent             ap_make_dirstr_parent
-#define make_dirstr_prefix             ap_make_dirstr_prefix
-#define make_full_path                 ap_make_full_path
-#define make_sub_pool                  ap_make_sub_pool
-#define make_table                     ap_make_table
-#define matches_request_vhost          ap_matches_request_vhost
-#define max_requests_per_child         ap_max_requests_per_child
-#define max_cpu_per_child              ap_max_cpu_per_child
-#define max_data_per_child             ap_max_data_per_child
-#define max_nofile_per_child           ap_max_nofile_per_child
-#define max_rss_per_child              ap_max_rss_per_child
-#define max_stack_per_child            ap_max_stack_per_child
-#define md5                            ap_md5
-#define meets_conditions               ap_meets_conditions
-#define merge_per_dir_configs          ap_merge_per_dir_configs
-#define month_snames                   ap_month_snames
-#define no2slash                       ap_no2slash
-#define note_auth_failure              ap_note_auth_failure
-#define note_basic_auth_failure        ap_note_basic_auth_failure
-#define note_cleanups_for_fd           ap_note_cleanups_for_fd
-#define note_cleanups_for_file         ap_note_cleanups_for_file
-#define note_cleanups_for_socket       ap_note_cleanups_for_socket
-#define note_digest_auth_failure       ap_note_digest_auth_failure
-#define note_subprocess                ap_note_subprocess
-#define null_cleanup                   ap_null_cleanup
-#define open_logs                      ap_open_logs
-#define open_mutex                     ap_open_mutex
-#define open_piped_log                 ap_open_piped_log
-#define os_canonical_filename          ap_os_canonical_filename
-#define os_dl_load                     ap_os_dso_load
-#define os_dl_unload                   ap_os_dso_unload
-#define os_dl_sym                      ap_os_dso_sym
-#define os_dl_error                    ap_os_dso_error
-#define os_escape_path                 ap_os_escape_path
-#define os_is_path_absolute            ap_os_is_path_absolute
-#define overlay_tables                 ap_overlay_tables
-#define palloc                         ap_palloc
-#define parseHTTPdate                  ap_parseHTTPdate
-#define parse_hostinfo_components      ap_parse_hostinfo_components
-#define parse_htaccess                 ap_parse_htaccess
-#define parse_uri                      ap_parse_uri
-#define parse_uri_components           ap_parse_uri_components
-#define parse_vhost_addrs              ap_parse_vhost_addrs
-#define pcalloc                        ap_pcalloc
-#define pcfg_open_custom               ap_pcfg_open_custom
-#define pcfg_openfile                  ap_pcfg_openfile
-#define pclosedir                      ap_pclosedir
-#define pclosef                        ap_pclosef
-#define pclosesocket                   ap_pclosesocket
-#define pduphostent                    ap_pduphostent
-#define pfclose                        ap_pfclose
-#define pfdopen                        ap_pfdopen
-#define pfopen                         ap_pfopen
-#define pgethostbyname                 ap_pgethostbyname
-#define pid_fname                      ap_pid_fname
-#define piped_log_read_fd              ap_piped_log_read_fd
-#define piped_log_write_fd             ap_piped_log_write_fd
-#define pool_is_ancestor               ap_pool_is_ancestor
-#define pool_join                      ap_pool_join
-#define popendir                       ap_popendir
-#define popenf                         ap_popenf
-#define pregcomp                       ap_pregcomp
-#define pregfree                       ap_pregfree
-#define pregsub                        ap_pregsub
-#define process_request                ap_process_request
-#define process_resource_config        ap_process_resource_config
-#define proxy_add_header               ap_proxy_add_header
-#define proxy_c2hex                    ap_proxy_c2hex
-#define proxy_cache_check              ap_proxy_cache_check
-#define proxy_cache_error              ap_proxy_cache_error
-#define proxy_cache_tidy               ap_proxy_cache_tidy
-#define proxy_cache_update             ap_proxy_cache_update
-#define proxy_canon_netloc             ap_proxy_canon_netloc
-#define proxy_canonenc                 ap_proxy_canonenc
-#define proxy_connect_handler          ap_proxy_connect_handler
-#define proxy_date_canon               ap_proxy_date_canon
-#define proxy_del_header               ap_proxy_del_header
-#define proxy_doconnect                ap_proxy_doconnect
-#define proxy_ftp_canon                ap_proxy_ftp_canon
-#define proxy_ftp_handler              ap_proxy_ftp_handler
-#define proxy_garbage_coll             ap_proxy_garbage_coll
-#define proxy_garbage_init             ap_proxy_garbage_init
-#define proxy_get_header               ap_proxy_get_header
-#define proxy_hash                     ap_proxy_hash
-#define proxy_hex2c                    ap_proxy_hex2c
-#define proxy_hex2sec                  ap_proxy_hex2sec
-#define proxy_host2addr                ap_proxy_host2addr
-#define proxy_http_canon               ap_proxy_http_canon
-#define proxy_http_handler             ap_proxy_http_handler
-#define proxy_is_domainname            ap_proxy_is_domainname
-#define proxy_is_hostname              ap_proxy_is_hostname
-#define proxy_is_ipaddr                ap_proxy_is_ipaddr
-#define proxy_is_word                  ap_proxy_is_word
-#define proxy_liststr                  ap_proxy_liststr
-#define proxy_read_headers             ap_proxy_read_headers
-#define proxy_sec2hex                  ap_proxy_sec2hex
-#define proxy_send_fb                  ap_proxy_send_fb
-#define proxy_send_headers             ap_proxy_send_headers
-#define proxyerror                     ap_proxyerror
-#define psignature                     ap_psignature
-#define psocket                        ap_psocket
-#define psprintf                       ap_psprintf
-#define pstrcat                        ap_pstrcat
-#define pstrdup                        ap_pstrdup
-#define pstrndup                       ap_pstrndup
-#define push_array                     ap_push_array
-#define pvsprintf                      ap_pvsprintf
-#define rationalize_mtime              ap_rationalize_mtime
-#define read_config                    ap_read_config
-#define read_request                   ap_read_request
-#define regexec                        ap_regexec
-#define regerror                       ap_regerror
-#define register_cleanup               ap_register_cleanup
-#define register_other_child           ap_register_other_child
-#define release_mutex                  ap_release_mutex
-#define remove_module                  ap_remove_module
-#define requires                       ap_requires
-#define reset_timeout                  ap_reset_timeout
-#define response_code_string           ap_response_code_string
-#define restart_time                   ap_restart_time
-#define rfc1413                        ap_rfc1413
-#define rfc1413_timeout                ap_rfc1413_timeout
-#define rflush                         ap_rflush
-#define rind                           ap_rind
-#define rprintf                        ap_rprintf
-#define rputc                          ap_rputc
-#define rputs                          ap_rputs
-#define run_cleanup                    ap_run_cleanup
-#define run_fixups                     ap_run_fixups
-#define run_post_read_request          ap_run_post_read_request
-#define run_sub_req                    ap_run_sub_req
-#define rvputs                         ap_rvputs
-#define rwrite                         ap_rwrite
-#define satisfies                      ap_satisfies
-#define scan_script_header(a1,a2)      ap_scan_script_header_err(a1,a2,NULL)
-#define scan_script_header_err         ap_scan_script_header_err
-#define scan_script_header_err_buff    ap_scan_script_header_err_buff
-#define scoreboard_fname               ap_scoreboard_fname
-#define scoreboard_image               ap_scoreboard_image
-#define send_error_response            ap_send_error_response
-#define send_fb                        ap_send_fb
-#define send_fb_length                 ap_send_fb_length
-#define send_fd                        ap_send_fd
-#define send_fd_length                 ap_send_fd_length
-#define send_header_field              ap_send_header_field
-#define send_http_header               ap_send_http_header
-#define send_http_options              ap_send_http_options
-#define send_http_trace                ap_send_http_trace
-#define send_mmap                      ap_send_mmap
-#define send_size                      ap_send_size
-#define server_argv0                   ap_server_argv0
-#define server_confname                ap_server_confname
-#define server_post_read_config        ap_server_post_read_config
-#define server_pre_read_config         ap_server_pre_read_config
-#define server_root                    ap_server_root
-#define server_root_relative           ap_server_root_relative
-#define set_byterange                  ap_set_byterange
-#define set_callback_and_alarm         ap_set_callback_and_alarm
-#define set_config_vectors             ap_set_config_vectors
-#define set_content_length             ap_set_content_length
-#define set_etag                       ap_set_etag
-#define set_file_slot                  ap_set_file_slot
-#define set_flag_slot                  ap_set_flag_slot
-#define set_keepalive                  ap_set_keepalive
-#define set_last_modified              ap_set_last_modified
-#define set_module_config              ap_set_module_config
-#define set_name_virtual_host          ap_set_name_virtual_host
-#define set_string_slot                ap_set_string_slot
-#define set_string_slot_lower          ap_set_string_slot_lower
-#define set_sub_req_protocol           ap_set_sub_req_protocol
-#define setup_client_block             ap_setup_client_block
-#define setup_prelinked_modules        ap_setup_prelinked_modules
-#define should_client_block            ap_should_client_block
-#define show_directives                ap_show_directives
-#define show_modules                   ap_show_modules
-#define soft_timeout                   ap_soft_timeout
-#define some_auth_required             ap_some_auth_required
-#define spawn_child_err                ap_spawn_child
-#define spawn_child_err_buff           ap_bspawn_child
-#define srm_command_loop               ap_srm_command_loop
-#define standalone                     ap_standalone
-#define start_restart                  ap_start_restart
-#define start_shutdown                 ap_start_shutdown
-#define status_drops_connection        ap_status_drops_connection
-#define str_tolower                    ap_str_tolower
-#define strcasecmp_match               ap_strcasecmp_match
-#define strcmp_match                   ap_strcmp_match
-#define sub_req_lookup_file            ap_sub_req_lookup_file
-#define sub_req_lookup_uri             ap_sub_req_lookup_uri
-#define suexec_enabled                 ap_suexec_enabled
-#define table_add                      ap_table_add
-#define table_addn                     ap_table_addn
-#define table_do                       ap_table_do
-#define table_elts                     ap_table_elts
-#define table_get                      ap_table_get
-#define table_merge                    ap_table_merge
-#define table_mergen                   ap_table_mergen
-#define table_set                      ap_table_set
-#define table_setn                     ap_table_setn
-#define table_unset                    ap_table_unset
-#define threads_per_child              ap_threads_per_child
-#define time_process_request           ap_time_process_request
-#define tm2sec                         ap_tm2sec
-#define translate_name                 ap_translate_name
-#define uname2id                       ap_uname2id
-#define unblock_alarms                 ap_unblock_alarms
-#define unescape_url                   ap_unescape_url
-#define unparse_uri_components         ap_unparse_uri_components
-#define unregister_other_child         ap_unregister_other_child
-#define update_child_status            ap_update_child_status
-#define update_mtime                   ap_update_mtime
-#define update_vhost_from_headers      ap_update_vhost_from_headers
-#define update_vhost_given_ip          ap_update_vhost_given_ip
-#define user_id                        ap_user_id
-#define user_name                      ap_user_name
-#define util_init                      ap_util_init
-#define util_uri_init                  ap_util_uri_init
-#define uudecode                       ap_uudecode
-#define vbprintf                       ap_vbprintf
-
-/* 
- *  Macros for routines whose arguments have changed over time.
- */
-#define spawn_child(p,f,v,k,in,out) ap_spawn_child(p,f,v,k,in,out,NULL)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !AP_COMPAT_H */
diff --git a/usr.sbin/httpd/src/include/ap_config.h b/usr.sbin/httpd/src/include/ap_config.h
deleted file mode 100644
index 27c16b1b8e7..00000000000
--- a/usr.sbin/httpd/src/include/ap_config.h
+++ /dev/null
@@ -1,356 +0,0 @@
-/*	$OpenBSD: ap_config.h,v 1.24 2013/01/07 18:43:33 brad Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef AP_CONFIG_H
-#define AP_CONFIG_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * ap_config.h: system-dependant #defines and includes...
- * See PORTING for a listing of what they mean
- */
-
-#include "ap_mmn.h"		/* MODULE_MAGIC_NUMBER_ */
-
-/*
- * Support for platform dependent autogenerated defines
- */
-#include "ap_config_auto.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-
-/* So that we can use inline on some critical functions, and use
- * GNUC attributes (such as to get -Wall warnings for printf-like
- * functions).  Only do this in gcc 2.7 or later ... it may work
- * on earlier stuff, but why chance it.
- */
-#ifdef __GNUC_STDC_INLINE__
-#define ap_inline __inline__ __attribute__((__gnu_inline__))
-#else
-#define ap_inline __inline__
-#endif
-#define USE_GNU_INLINE
-#define ENUM_BITFIELD(e,n,w)  e n : w
-
-#include "os.h"
-
-/* Define these according to OpenBSD system. */
-#define HAVE_GMTOFF 1
-#undef NO_KILLPG
-#undef NO_SETSID
-#define HAVE_SYSLOG 1
-#ifndef DEFAULT_USER
-#define DEFAULT_USER "www"
-#endif
-#ifndef DEFAULT_GROUP
-#define DEFAULT_GROUP "www"
-#endif
-#define HAVE_SHMGET 1
-#define HAVE_MMAP 1
-#define USE_MMAP_SCOREBOARD
-#define USE_MMAP_FILES
-#define HAVE_FLOCK_SERIALIZED_ACCEPT
-#define HAVE_SYSVSEM_SERIALIZED_ACCEPT
-#define USE_SYSVSEM_SERIALIZED_ACCEPT
-#include <sys/param.h>
-#if (OpenBSD >= 199912)
-#define NET_SIZE_T socklen_t
-#endif
-#define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-
-#include <sys/param.h>
-
-/* stuff marked API_EXPORT is part of the API, and intended for use
- * by modules
- */
-#ifndef API_EXPORT
-#define API_EXPORT(type)    type
-#endif
-
-/* Stuff marked API_EXPORT_NONSTD is part of the API, and intended for
- * use by modules.  The difference between API_EXPORT and
- * API_EXPORT_NONSTD is that the latter is required for any functions
- * which use varargs or are used via indirect function call.  This
- * is to accomodate the two calling conventions in windows dlls.
- */
-#ifndef API_EXPORT_NONSTD
-#define API_EXPORT_NONSTD(type)    type
-#endif
-
-#ifndef MODULE_VAR_EXPORT
-#define MODULE_VAR_EXPORT
-#endif
-#ifndef API_VAR_EXPORT
-#define API_VAR_EXPORT
-#endif
-
-/* modules should not used functions marked CORE_EXPORT
- * or CORE_EXPORT_NONSTD */
-#ifndef CORE_EXPORT
-#define CORE_EXPORT	API_EXPORT
-#endif
-#ifndef CORE_EXPORT_NONSTD
-#define CORE_EXPORT_NONSTD	API_EXPORT_NONSTD
-#endif
-
-#define ap_private_extern
-
-/*
- * The particular directory style your system supports. If you have dirent.h
- * in /usr/include (POSIX) or /usr/include/sys (SYSV), #include 
- * that file and define DIR_TYPE to be dirent. Otherwise, if you have 
- * /usr/include/sys/dir.h, define DIR_TYPE to be direct and include that
- * file. If you have neither, I'm confused.
- */
-
-#include <sys/types.h>
-#include <stdarg.h>
-
-#include <dirent.h>
-#define DIR_TYPE dirent
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "ap_ctype.h"
-#include <sys/file.h>
-#include <sys/socket.h>
-#include <sys/select.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <sys/ioctl.h>
-#include <arpa/inet.h>		/* for inet_ntoa */
-#include <sys/wait.h>
-#include <pwd.h>
-#include <grp.h>
-#include <fcntl.h>
-#define closesocket(s) close(s)
-#ifndef O_BINARY
-#define O_BINARY (0)
-#endif
-
-#include <limits.h>
-#include <time.h>		/* for ctime */
-#include <signal.h>
-#include <errno.h>
-#include <memory.h>
-
-#include <regex.h>
-
-#include <sys/resource.h>
-#include <sys/mman.h>
-
-/* A USE_FOO_SERIALIZED_ACCEPT implies a HAVE_FOO_SERIALIZED_ACCEPT */
-#if defined(USE_SYSVSEM_SERIALIZED_ACCEPT) && !defined(HAVE_SYSVSEM_SERIALIZED_ACCEPT)
-#define HAVE_SYSVSEM_SERIALIZED_ACCEPT
-#endif
-#if defined(USE_FLOCK_SERIALIZED_ACCEPT) && !defined(HAVE_FLOCK_SERIALIZED_ACCEPT)
-#define HAVE_FLOCK_SERIALIZED_ACCEPT
-#endif
-
-#ifndef LOGNAME_MAX
-#define LOGNAME_MAX 25
-#endif
-
-#include <unistd.h>
-
-#ifndef S_ISLNK
-#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
-#endif
-
-#ifndef INADDR_NONE
-#define INADDR_NONE ((unsigned long) -1)
-#endif
-
-/*
- * Replace signal function with sigaction equivalent
- */
-typedef void Sigfunc(int);
-
-#if defined(SIG_IGN) && !defined(SIG_ERR)
-#define SIG_ERR ((Sigfunc *)-1)
-#endif
-
-/*
- * For some strange reason, QNX defines signal to signal. Eliminate it.
- */
-#ifdef signal
-#undef signal
-#endif
-#define signal(s,f)	ap_signal(s,f)
-Sigfunc *signal(int signo, Sigfunc * func);
-
-#include <setjmp.h>
-
-#if defined(USE_LONGJMP)
-#define ap_longjmp(x, y)        longjmp((x), (y))
-#define ap_setjmp(x)            setjmp(x)
-#ifndef JMP_BUF
-#define JMP_BUF jmp_buf
-#endif
-#else
-#define ap_longjmp(x, y)        siglongjmp((x), (y))
-#define ap_setjmp(x)            sigsetjmp((x), 1)
-#ifndef JMP_BUF
-#define JMP_BUF sigjmp_buf
-#endif
-#endif
-
-/* Majority of os's want to verify FD_SETSIZE */
-#define CHECK_FD_SETSIZE
-
-#if defined(SELECT_NEEDS_CAST)
-#define ap_select(_a, _b, _c, _d, _e)   \
-    select((_a), (int *)(_b), (int *)(_c), (int *)(_d), (_e))
-#else
-#define ap_select(_a, _b, _c, _d, _e)   \
-	select(_a, _b, _c, _d, _e)
-#endif
-
-#define ap_accept(_fd, _sa, _ln)	accept(_fd, _sa, _ln)
-
-#define ap_check_signals()
-
-#define ap_fdopen(d,m) fdopen((d), (m))
-
-#ifndef ap_inet_addr
-#define ap_inet_addr inet_addr
-#endif
-
-/* Finding offsets of elements within structures.
- * Taken from the X code... they've sweated portability of this stuff
- * so we don't have to.  Sigh...
- */
-
-#if defined(__arm)
-#ifdef __STDC__
-#define XtOffset(p_type,field) _Offsetof(p_type,field)
-#else
-#define XtOffset(p_type,field) ((unsigned int)&(((p_type)NULL)->field))
-#endif /* __STDC__ */
-#else /* ! (__arm) */
-
-#define XtOffset(p_type,field) \
-	((long) (((char *) (&(((p_type)NULL)->field))) - ((char *) NULL)))
-
-#endif /* __arm */
-
-#ifdef offsetof
-#define XtOffsetOf(s_type,field) offsetof(s_type,field)
-#else
-#define XtOffsetOf(s_type,field) XtOffset(s_type*,field)
-#endif
-
-/*
- * NET_SIZE_T exists because of shortsightedness on the POSIX committee.  BSD
- * systems used "int *" as the parameter to accept(), getsockname(),
- * getpeername() et al.  Consequently many unixes took an int * for that
- * parameter.  The POSIX committee decided that "int" was just too generic and
- * had to be replaced with size_t almost everywhere.  There's no problem with
- * that when you're passing by value.  But when you're passing by reference
- * this creates a gross source incompatibility with existing programs.  On
- * 32-bit architectures it creates only a warning.  On 64-bit architectures it
- * creates broken code -- because "int *" is a pointer to a 64-bit quantity and
- * "size_t *" is frequently a pointer to a 32-bit quantity.
- *
- * Some Unixes adopted "size_t *" for the sake of POSIX compliance.  Others
- * ignored it because it was such a broken interface.  Chaos ensued.  POSIX
- * finally woke up and decided that it was wrong and created a new type
- * socklen_t.  The only useful value for socklen_t is int, and that's how
- * everyone who has a clue implements it.  It is almost always the case that
- * NET_SIZE_T should be defined to be an int, unless the system being compiled
- * for was created in the window of POSIX madness.
- */
-#ifndef NET_SIZE_T
-#define NET_SIZE_T int
-#endif
-
-/* The assumption is that when the functions are missing,
- * then there's no matching prototype available either.
- * Declare what is needed exactly as the replacement routines implement it.
- */
-
-#ifndef ap_wait_t
-#define ap_wait_t int
-#endif
-
-#ifndef INET6_ADDRSTRLEN
-#define INET6_ADDRSTRLEN	46
-#endif
-#ifndef INET_ADDRSTRLEN
-#define INET_ADDRSTRLEN		16
-#endif
-#ifndef NI_MAXHOST
-#define NI_MAXHOST		1025
-#endif
-#ifndef NI_MAXSERV
-#define	NI_MAXSERV		32
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !AP_CONFIG_H */
diff --git a/usr.sbin/httpd/src/include/ap_config_auto.h b/usr.sbin/httpd/src/include/ap_config_auto.h
deleted file mode 100644
index 8c460078960..00000000000
--- a/usr.sbin/httpd/src/include/ap_config_auto.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- *  ap_config_auto.h -- Automatically determined configuration stuff
- *  THIS FILE WAS AUTOMATICALLY GENERATED - DO NOT EDIT!
- */
-
-#ifndef AP_CONFIG_AUTO_H
-#define AP_CONFIG_AUTO_H
-
-/* check: #include <dlfcn.h> */
-#ifndef HAVE_DLFCN_H
-#define HAVE_DLFCN_H 1
-#endif
-
-/* check: #include <dl.h> */
-#ifdef HAVE_DL_H
-#undef HAVE_DL_H
-#endif
-
-/* check: #include <bstring.h> */
-#ifdef HAVE_BSTRING_H
-#undef HAVE_BSTRING_H
-#endif
-
-/* check: #include <crypt.h> */
-#ifdef HAVE_CRYPT_H
-#undef HAVE_CRYPT_H
-#endif
-
-/* check: #include <unistd.h> */
-#ifndef HAVE_UNISTD_H
-#define HAVE_UNISTD_H 1
-#endif
-
-/* check: #include <sys/resource.h> */
-#ifndef HAVE_SYS_RESOURCE_H
-#define HAVE_SYS_RESOURCE_H 1
-#endif
-
-/* check: #include <sys/select.h> */
-#ifndef HAVE_SYS_SELECT_H
-#define HAVE_SYS_SELECT_H 1
-#endif
-
-/* check: #include <sys/processor.h> */
-#ifdef HAVE_SYS_PROCESSOR_H
-#undef HAVE_SYS_PROCESSOR_H
-#endif
-
-/* check: #include <sys/param.h> */
-#ifndef HAVE_SYS_PARAM_H
-#define HAVE_SYS_PARAM_H 1
-#endif
-
-/* determine: isinf() found in libc */ 
-#ifndef HAVE_ISINF
-#define HAVE_ISINF 1
-#endif
-
-/* determine: isnan() found in libc */ 
-#ifndef HAVE_ISNAN
-#define HAVE_ISNAN 1
-#endif
-
-/* sizeof(off_t) == sizeof(quad_t) on OpenBSD */
-#ifndef AP_OFF_T_IS_QUAD
-#define AP_OFF_T_IS_QUAD 1
-#endif
-
-/* build flag: -DINET6 */
-#ifndef INET6
-#define INET6 1
-#endif
-
-/* build flag: -Dss_family=__ss_family */
-#ifndef ss_family
-#define ss_family __ss_family
-#endif
-
-/* build flag: -Dss_len=__ss_len */
-#ifndef ss_len
-#define ss_len __ss_len
-#endif
-
-/* build flag: -DHAVE_SOCKADDR_LEN */
-#ifndef HAVE_SOCKADDR_LEN
-#define HAVE_SOCKADDR_LEN 1
-#endif
-
-/* build flag: -DMOD_SSL=208116 */
-#ifndef MOD_SSL
-#define MOD_SSL 208116
-#endif
-
-/* build flag: -DEAPI */
-#ifndef EAPI
-#define EAPI 1
-#endif
-
-#endif /* AP_CONFIG_AUTO_H */
diff --git a/usr.sbin/httpd/src/include/ap_ctx.h b/usr.sbin/httpd/src/include/ap_ctx.h
deleted file mode 100644
index 8f8d8402fcc..00000000000
--- a/usr.sbin/httpd/src/include/ap_ctx.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* $OpenBSD: ap_ctx.h,v 1.6 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-/*
-**  Generic Context Interface for Apache
-**  Written by Ralf S. Engelschall <rse@engelschall.com> 
-*/
-
-#ifndef AP_CTX_H
-#define AP_CTX_H
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE  !FALSE
-#endif
-
-/*
- * Internal Context Record Definition
- */
-
-#define AP_CTX_MAX_ENTRIES 1024
-
-typedef struct {
-	char *ce_key;
-	void *ce_val;
-} ap_ctx_entry;
-
-typedef struct {
-	pool          *cr_pool;
-	ap_ctx_entry **cr_entry;
-} ap_ctx_rec;
-
-typedef ap_ctx_rec ap_ctx;
-
-/*
- * Some convinience macros for storing _numbers_ 0...n in contexts, i.e.
- * treating numbers as pointers but keeping track of the NULL return code of
- * ap_ctx_get.
- */
-#define AP_CTX_NUM2PTR(n) (void *)(((unsigned long)(n))+1)
-#define AP_CTX_PTR2NUM(p) (unsigned long)(((char *)(p))-1)
-
-/*
- * Prototypes for Context Handling Functions
- */
-
-API_EXPORT(ap_ctx *)ap_ctx_new(pool *p);
-API_EXPORT(void)    ap_ctx_set(ap_ctx *ctx, char *key, void *val);
-API_EXPORT(void *)  ap_ctx_get(ap_ctx *ctx, char *key);
-API_EXPORT(ap_ctx *)ap_ctx_overlay(pool *p, ap_ctx *over, ap_ctx *base);
-
-#endif /* AP_CTX_H */
diff --git a/usr.sbin/httpd/src/include/ap_ctype.h b/usr.sbin/httpd/src/include/ap_ctype.h
deleted file mode 100644
index 769ae24b05c..00000000000
--- a/usr.sbin/httpd/src/include/ap_ctype.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* $OpenBSD: ap_ctype.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef AP_CTYPE_H
-#define AP_CTYPE_H
-
-#include <ctype.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These macros allow correct support of 8-bit characters on systems which
- * support 8-bit characters.  Pretty dumb how the cast is required, but
- * that's legacy libc for ya.  These new macros do not support EOF like
- * the standard macros do.  Tough.
- */
-#define ap_isalnum(c) (isalnum(((unsigned char)(c))))
-#define ap_isalpha(c) (isalpha(((unsigned char)(c))))
-#define ap_iscntrl(c) (iscntrl(((unsigned char)(c))))
-#define ap_isdigit(c) (isdigit(((unsigned char)(c))))
-#define ap_isgraph(c) (isgraph(((unsigned char)(c))))
-#define ap_islower(c) (islower(((unsigned char)(c))))
-#define ap_isprint(c) (isprint(((unsigned char)(c))))
-#define ap_ispunct(c) (ispunct(((unsigned char)(c))))
-#define ap_isspace(c) (isspace(((unsigned char)(c))))
-#define ap_isupper(c) (isupper(((unsigned char)(c))))
-#define ap_isxdigit(c) (isxdigit(((unsigned char)(c))))
-#define ap_tolower(c) (tolower(((unsigned char)(c))))
-#define ap_toupper(c) (toupper(((unsigned char)(c))))
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !AP_CTYPE_H */
diff --git a/usr.sbin/httpd/src/include/ap_ebcdic.h b/usr.sbin/httpd/src/include/ap_ebcdic.h
deleted file mode 100644
index 402309f5274..00000000000
--- a/usr.sbin/httpd/src/include/ap_ebcdic.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* $OpenBSD: ap_ebcdic.h,v 1.4 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-#ifndef AP_EBCDIC_H
-#define AP_EBCDIC_H  "$Id: ap_ebcdic.h,v 1.4 2005/03/28 23:26:51 niallo Exp $"
-
-#include <sys/types.h>
-
-extern const unsigned char os_toascii[256];
-extern const unsigned char os_toebcdic[256];
-API_EXPORT(void *) ebcdic2ascii(void *dest, const void *srce, size_t count);
-API_EXPORT(void *) ascii2ebcdic(void *dest, const void *srce, size_t count);
-
-#endif /*AP_EBCDIC_H*/
diff --git a/usr.sbin/httpd/src/include/ap_hook.h b/usr.sbin/httpd/src/include/ap_hook.h
deleted file mode 100644
index e36f0f50e2a..00000000000
--- a/usr.sbin/httpd/src/include/ap_hook.h
+++ /dev/null
@@ -1,712 +0,0 @@
-/* $OpenBSD: ap_hook.h,v 1.5 2005/03/28 23:26:51 niallo Exp $ */
-
-#if 0
-=cut
-#endif
-/* ====================================================================
- * Copyright (c) 1998-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-/*
-**  Implementation of a Generic Hook Interface for Apache
-**  Written by Ralf S. Engelschall <rse@engelschall.com> 
-**
-**  See POD document at end of this file for description.
-**  View it with the command ``pod2man ap_hook.h | nroff -man | more''
-**
-**  Attention: This header file is a little bit tricky.
-**             It's a combination of a C source and an embedded POD document
-**             The purpose of this is to have both things together at one
-**             place. So you can both pass this file to the C compiler and 
-**             the pod2man translater.
-*/
-
-#ifndef AP_HOOK_H
-#define AP_HOOK_H
-
-/*
- * Function Signature Specification:
- *
- * We encode the complete signature ingredients as a bitfield
- * stored in a single unsigned long integer value, which can be
- * constructed with AP_HOOK_SIGx(...)
- */
-
-/* the type of the signature bitfield */
-typedef unsigned long int ap_hook_sig;
-
-/* the mask (bin) 111 (hex 0x7) for the triples in the bitfield */
-#define AP_HOOK_SIG_TRIPLE_MASK  0x7
-
-/* the position of the triple */
-#define AP_HOOK_SIG_TRIPLE_POS(n) ((n)*3)
-
-/* the constructor for triple #n with value v */
-#define AP_HOOK_SIG_TRIPLE(n,v) \
-        (((ap_hook_sig)(v))<<((AP_HOOK_##n)*3))
-
-/* the check whether triple #n in sig contains value v */
-#define AP_HOOK_SIG_HAS(sig,n,v) \
-        ((((ap_hook_sig)(sig))&AP_HOOK_SIG_TRIPLE(n, AP_HOOK_SIG_TRIPLE_MASK)) == (AP_HOOK_##n##_##v))
-
-/* utility function to get triple #n in sig */
-#define AP_HOOK_SIG_TRIPLE_GET(sig,n) \
-        ((((ap_hook_sig)(sig))>>AP_HOOK_SIG_TRIPLE_POS(n))&(AP_HOOK_SIG_TRIPLE_MASK))
-
-/* utility function to set triple #n in sig to value v */
-#define AP_HOOK_SIG_TRIPLE_SET(sig,n,v) \
-        ((((ap_hook_sig)(sig))&~(AP_HOOK_SIG_TRIPLE_MASK<<AP_HOOK_SIG_TRIPLE_POS(n)))|((v)<<AP_HOOK_SIG_TRIPLE_POS(n)))
-
-/* define the ingredients for the triple #0: id stuff */
-#define AP_HOOK_ID          0
-#define AP_HOOK_ID_ok       AP_HOOK_SIG_TRIPLE(ID,0)
-#define AP_HOOK_ID_undef    AP_HOOK_SIG_TRIPLE(ID,1)
-
-/* define the ingredients for the triple #1: return code */
-#define AP_HOOK_RC          1
-#define AP_HOOK_RC_void     AP_HOOK_SIG_TRIPLE(RC,0)
-#define AP_HOOK_RC_char     AP_HOOK_SIG_TRIPLE(RC,1)
-#define AP_HOOK_RC_int      AP_HOOK_SIG_TRIPLE(RC,2)
-#define AP_HOOK_RC_long     AP_HOOK_SIG_TRIPLE(RC,3)
-#define AP_HOOK_RC_float    AP_HOOK_SIG_TRIPLE(RC,4)
-#define AP_HOOK_RC_double   AP_HOOK_SIG_TRIPLE(RC,5)
-#define AP_HOOK_RC_ptr      AP_HOOK_SIG_TRIPLE(RC,6)
-
-/* define the ingredients for the triple #2: argument 1 */
-#define AP_HOOK_A1          2
-#define AP_HOOK_A1_ctx      AP_HOOK_SIG_TRIPLE(A1,0)
-#define AP_HOOK_A1_char     AP_HOOK_SIG_TRIPLE(A1,1)
-#define AP_HOOK_A1_int      AP_HOOK_SIG_TRIPLE(A1,2)
-#define AP_HOOK_A1_long     AP_HOOK_SIG_TRIPLE(A1,3)
-#define AP_HOOK_A1_float    AP_HOOK_SIG_TRIPLE(A1,4)
-#define AP_HOOK_A1_double   AP_HOOK_SIG_TRIPLE(A1,5)
-#define AP_HOOK_A1_ptr      AP_HOOK_SIG_TRIPLE(A1,6)
-
-/* define the ingredients for the triple #3: argument 2 */
-#define AP_HOOK_A2          3
-#define AP_HOOK_A2_ctx      AP_HOOK_SIG_TRIPLE(A2,0)
-#define AP_HOOK_A2_char     AP_HOOK_SIG_TRIPLE(A2,1)
-#define AP_HOOK_A2_int      AP_HOOK_SIG_TRIPLE(A2,2)
-#define AP_HOOK_A2_long     AP_HOOK_SIG_TRIPLE(A2,3)
-#define AP_HOOK_A2_float    AP_HOOK_SIG_TRIPLE(A2,4)
-#define AP_HOOK_A2_double   AP_HOOK_SIG_TRIPLE(A2,5)
-#define AP_HOOK_A2_ptr      AP_HOOK_SIG_TRIPLE(A2,6)
-
-/* define the ingredients for the triple #4: argument 3 */
-#define AP_HOOK_A3          4
-#define AP_HOOK_A3_ctx      AP_HOOK_SIG_TRIPLE(A3,0)
-#define AP_HOOK_A3_char     AP_HOOK_SIG_TRIPLE(A3,1)
-#define AP_HOOK_A3_int      AP_HOOK_SIG_TRIPLE(A3,2)
-#define AP_HOOK_A3_long     AP_HOOK_SIG_TRIPLE(A3,3)
-#define AP_HOOK_A3_float    AP_HOOK_SIG_TRIPLE(A3,4)
-#define AP_HOOK_A3_double   AP_HOOK_SIG_TRIPLE(A3,5)
-#define AP_HOOK_A3_ptr      AP_HOOK_SIG_TRIPLE(A3,6)
-
-/* define the ingredients for the triple #5: argument 4 */
-#define AP_HOOK_A4          5
-#define AP_HOOK_A4_ctx      AP_HOOK_SIG_TRIPLE(A4,0)
-#define AP_HOOK_A4_char     AP_HOOK_SIG_TRIPLE(A4,1)
-#define AP_HOOK_A4_int      AP_HOOK_SIG_TRIPLE(A4,2)
-#define AP_HOOK_A4_long     AP_HOOK_SIG_TRIPLE(A4,3)
-#define AP_HOOK_A4_float    AP_HOOK_SIG_TRIPLE(A4,4)
-#define AP_HOOK_A4_double   AP_HOOK_SIG_TRIPLE(A4,5)
-#define AP_HOOK_A4_ptr      AP_HOOK_SIG_TRIPLE(A4,6)
-
-/* define the ingredients for the triple #6: argument 5 */
-#define AP_HOOK_A5          6
-#define AP_HOOK_A5_ctx      AP_HOOK_SIG_TRIPLE(A5,0)
-#define AP_HOOK_A5_char     AP_HOOK_SIG_TRIPLE(A5,1)
-#define AP_HOOK_A5_int      AP_HOOK_SIG_TRIPLE(A5,2)
-#define AP_HOOK_A5_long     AP_HOOK_SIG_TRIPLE(A5,3)
-#define AP_HOOK_A5_float    AP_HOOK_SIG_TRIPLE(A5,4)
-#define AP_HOOK_A5_double   AP_HOOK_SIG_TRIPLE(A5,5)
-#define AP_HOOK_A5_ptr      AP_HOOK_SIG_TRIPLE(A5,6)
-
-/* define the ingredients for the triple #7: argument 6 */
-#define AP_HOOK_A6          7
-#define AP_HOOK_A6_ctx      AP_HOOK_SIG_TRIPLE(A6,0)
-#define AP_HOOK_A6_char     AP_HOOK_SIG_TRIPLE(A6,1)
-#define AP_HOOK_A6_int      AP_HOOK_SIG_TRIPLE(A6,2)
-#define AP_HOOK_A6_long     AP_HOOK_SIG_TRIPLE(A6,3)
-#define AP_HOOK_A6_float    AP_HOOK_SIG_TRIPLE(A6,4)
-#define AP_HOOK_A6_double   AP_HOOK_SIG_TRIPLE(A6,5)
-#define AP_HOOK_A6_ptr      AP_HOOK_SIG_TRIPLE(A6,6)
-
-/* define the ingredients for the triple #8: argument 7 */
-#define AP_HOOK_A7          8
-#define AP_HOOK_A7_ctx      AP_HOOK_SIG_TRIPLE(A7,0)
-#define AP_HOOK_A7_char     AP_HOOK_SIG_TRIPLE(A7,1)
-#define AP_HOOK_A7_int      AP_HOOK_SIG_TRIPLE(A7,2)
-#define AP_HOOK_A7_long     AP_HOOK_SIG_TRIPLE(A7,3)
-#define AP_HOOK_A7_float    AP_HOOK_SIG_TRIPLE(A7,4)
-#define AP_HOOK_A7_double   AP_HOOK_SIG_TRIPLE(A7,5)
-#define AP_HOOK_A7_ptr      AP_HOOK_SIG_TRIPLE(A7,6)
-
-/* define the ingredients for the triple #9: argument 8 */
-#define AP_HOOK_A8          9
-#define AP_HOOK_A8_ctx      AP_HOOK_SIG_TRIPLE(9,0)
-#define AP_HOOK_A8_char     AP_HOOK_SIG_TRIPLE(9,1)
-#define AP_HOOK_A8_int      AP_HOOK_SIG_TRIPLE(9,2)
-#define AP_HOOK_A8_long     AP_HOOK_SIG_TRIPLE(9,3)
-#define AP_HOOK_A8_float    AP_HOOK_SIG_TRIPLE(9,4)
-#define AP_HOOK_A8_double   AP_HOOK_SIG_TRIPLE(9,5)
-#define AP_HOOK_A8_ptr      AP_HOOK_SIG_TRIPLE(9,6)
-  
-/* the constructor for unknown signatures */
-#define AP_HOOK_SIG_UNKNOWN AP_HOOK_ID_undef
-
-/* the constructor for signatures with 1 type */
-#define AP_HOOK_SIG1(rc) \
-        (AP_HOOK_RC_##rc)
-
-/* the constructor for signatures with 2 types */
-#define AP_HOOK_SIG2(rc,a1) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1)
-
-/* the constructor for signatures with 3 types */
-#define AP_HOOK_SIG3(rc,a1,a2) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2)
-
-/* the constructor for signatures with 4 types */
-#define AP_HOOK_SIG4(rc,a1,a2,a3) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3)
-
-/* the constructor for signatures with 5 types */
-#define AP_HOOK_SIG5(rc,a1,a2,a3,a4) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4)
-
-/* the constructor for signatures with 6 types */
-#define AP_HOOK_SIG6(rc,a1,a2,a3,a4,a5) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4|AP_HOOK_A5_##a5)
-
-/* the constructor for signatures with 7 types */
-#define AP_HOOK_SIG7(rc,a1,a2,a3,a4,a5,a6) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4|AP_HOOK_A5_##a5|AP_HOOK_A6_##a6)
-
-/* the constructor for signatures with 8 types */
-#define AP_HOOK_SIG8(rc,a1,a2,a3,a4,a5,a6,a7) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4|AP_HOOK_A5_##a5|AP_HOOK_A6_##a6|AP_HOOK_A7_##a7)
-
-/* the constructor for signatures with 9 types */
-#define AP_HOOK_SIG9(rc,a1,a2,a3,a4,a5,a6,a7,a8) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4|AP_HOOK_A5_##a5|AP_HOOK_A6_##a6|AP_HOOK_A7_##a7|AP_HOOK_A8_##a8)
-
-/*
- * Return Value Mode Identification
- */
-
-/* the type of the return value modes */
-typedef unsigned int ap_hook_mode;
-
-/* the mode of the return value */
-#define AP_HOOK_MODE_UNKNOWN  0
-#define AP_HOOK_MODE_TOPMOST  1
-#define AP_HOOK_MODE_DECLINE  2
-#define AP_HOOK_MODE_DECLTMP  3
-#define AP_HOOK_MODE_ALL      4
-
-/* the constructors for the return value modes */
-#define AP_HOOK_TOPMOST       AP_HOOK_MODE_TOPMOST
-#define AP_HOOK_DECLINE(val)  AP_HOOK_MODE_DECLINE, (val)   
-#define AP_HOOK_DECLTMP(val)  AP_HOOK_MODE_DECLTMP, (val)   
-#define AP_HOOK_ALL           AP_HOOK_MODE_ALL
-
-/*
- * Hook State Identification
- */
-
-/* the type of the hook state */
-typedef unsigned short int ap_hook_state;
-
-/* the values of the hook state */
-#define AP_HOOK_STATE_UNDEF       0
-#define AP_HOOK_STATE_NOTEXISTANT 1
-#define AP_HOOK_STATE_ESTABLISHED 2
-#define AP_HOOK_STATE_CONFIGURED  3
-#define AP_HOOK_STATE_REGISTERED  4
-
-/*
- * Hook Context Identification
- *
- * Notice: Null is ok here, because AP_HOOK_NOCTX is just a dummy argument
- *         because we know from the signature whether the argument is a
- *         context value or just the dummy value.
- */
-
-#define AP_HOOK_NOCTX  (void *)(0)
-#define AP_HOOK_CTX(v) (void *)(v)
-
-/*
- * Internal Hook Record Definition
- */
-
-/* the union holding the arbitrary decline values */
-typedef union {
-	char   v_char;
-	int    v_int;
-	long   v_long;
-	float  v_float;
-	double v_double;
-	void  *v_ptr;
-} ap_hook_value;
-
-/* the structure holding one hook function and its context */
-typedef struct {
-	void *hf_ptr;              /* function pointer       */
-	void *hf_ctx;              /* function context       */
-} ap_hook_func;
-
-/* the structure holding one hook entry with all its registered functions */
-typedef struct {
-	char          *he_hook;    /* hook name (=unique id) */
-	ap_hook_sig    he_sig;     /* hook signature         */
-	int            he_modeid;  /* hook mode id           */
-	ap_hook_value  he_modeval; /* hook mode value        */
-	ap_hook_func **he_func;    /* hook registered funcs  */
-} ap_hook_entry;
-
-/* the maximum number of hooks and functions per hook */
-#define AP_HOOK_MAX_ENTRIES 512
-#define AP_HOOK_MAX_FUNCS   128
-
-/*
- * Extended Variable Argument (vararg) Support
- *
- * In ANSI C varargs exists, but because the prototypes of function with
- * varargs cannot reflect the types of the varargs, K&R argument passing
- * conventions have to apply for the compiler.  This means mainly a conversion
- * of shorter type variants to the maximum variant (according to sizeof). The
- * above va_type() macro provides this mapping from the wanted types to the
- * physically used ones.
- */
-
-/* the mapping */
-#define VA_TYPE_char   int
-#define VA_TYPE_short  int
-#define VA_TYPE_int    int
-#define VA_TYPE_long   long
-#define VA_TYPE_float  double
-#define VA_TYPE_double double
-#define VA_TYPE_ptr    void *
-#define VA_TYPE_ctx    void *
-
-/* the constructor */
-#ifdef  va_type
-#undef  va_type
-#endif
-#define va_type(type)  VA_TYPE_ ## type
-
-/*
- * Miscellaneous stuff
- */
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE  !FALSE
-#endif
-
-/*
- * Wrapper macros for the callback-function register/unregister calls.  
- * 
- * Background: Strict ANSI C doesn't allow a function pointer to be treated as
- * a void pointer on argument passing, but we cannot declare the argument as a
- * function prototype, because the functions can have arbitrary signatures. So
- * we have to use a void pointer here. But to not require explicit casts on
- * function pointers for every register/unregister call, we smooth the API a
- * little bit by providing these macros.
- */
-
-#define ap_hook_register(hook,func,ctx) ap_hook_register_I(hook,(void *)(func),ctx)
-#define ap_hook_unregister(hook,func)   ap_hook_unregister_I(hook,(void *)(func))
-
-/*
- * Prototypes for the hook API functions
- */
-
-API_EXPORT(void)          ap_hook_init         (void);
-API_EXPORT(void)          ap_hook_kill         (void);
-API_EXPORT(int)           ap_hook_configure    (char *hook, ap_hook_sig sig,
-    ap_hook_mode modeid, ...);
-API_EXPORT(int)           ap_hook_register_I   (char *hook, void *func,
-    void *ctx);
-API_EXPORT(int)           ap_hook_unregister_I (char *hook, void *func);
-API_EXPORT(ap_hook_state) ap_hook_status       (char *hook);
-API_EXPORT(int)           ap_hook_use          (char *hook, ap_hook_sig sig,
-    ap_hook_mode modeid, ...);
-API_EXPORT(int)           ap_hook_call         (char *hook, ...);
-
-#endif /* AP_HOOK_H */
-
-/*
-=pod
-##
-##  Embedded POD document
-##
-
-=head1 NAME
-
-B<ap_hook> - B<Generic Hook Interface for Apache>
-
-=head1 SYNOPSIS
-
-B<Hook Library Setup:>
-
- void ap_hook_init(void);
- void ap_hook_kill(void);
-
-B<Hook Configuration and Registration:>
-
- int ap_hook_configure(char *hook, ap_hook_sig sig, ap_hook_mode mode);
- int ap_hook_register(char *hook, void *func, void *ctx);
- int ap_hook_unregister(char *hook, void *func);
-
-B<Hook Usage:>
-
- ap_hook_state ap_hook_status(char *hook);
- int ap_hook_use(char *hook, ap_hook_sig sig, ap_hook_mode mode, ...);
- int ap_hook_call(char *hook, ...);
-
-B<Hook Signature Constructors> (ap_hook_sig):
-
- AP_HOOK_SIG1(rc)
- AP_HOOK_SIG2(rc,a1)
- AP_HOOK_SIG3(rc,a1,a2)
- AP_HOOK_SIG4(rc,a1,a2,a3)
- AP_HOOK_SIG5(rc,a1,a2,a3,a4)
- AP_HOOK_SIG6(rc,a1,a2,a3,a4,a5)
- AP_HOOK_SIG7(rc,a1,a2,a3,a4,a5,a6)
- AP_HOOK_SIG8(rc,a1,a2,a3,a4,a5,a6,a7)
-
-B<Hook Modes Constructors> (ap_hook_mode):
-
- AP_HOOK_TOPMOST
- AP_HOOK_DECLINE(value)
- AP_HOOK_DECLTMP(value)
- AP_HOOK_ALL
-
-B<Hook States> (ap_hook_state):
-
- AP_HOOK_STATE_UNDEF
- AP_HOOK_STATE_NOTEXISTANT
- AP_HOOK_STATE_ESTABLISHED
- AP_HOOK_STATE_CONFIGURED 
- AP_HOOK_STATE_REGISTERED
-
-=head1 DESCRIPTION
-
-This library implements a generic hook interface for Apache which can be used
-to loosely couple code through arbitrary hooks. There are two use cases for
-this mechanism:
-
-=over 3
-
-=item B<1. Extension and Overrides>
-
-Inside a specific code section you want to perform a specific function call
-for extension reasons.  But you want to allow one or more modules to implement
-this function by registering hooks. Those hooks are registered on a stack and
-can be even configured to have a I<decline> return value. As long as there are
-functions which return the decline value the next function on the stack is
-tried. When the first function doesn't return the decline value the hook call
-stops. 
-
-The original intent of this use case is to provide a flexible extension
-mechanism where modules can override functionality.
-
-=item B<2. Intercommunication>
-
-Inside a specific code you have a function you want to export. But you first
-want to allow other code to override this function.  And second you want to
-export this function without real object file symbol references. Instead you
-want to register the function and let the users call this function by name. 
-
-The original intent of this use case is to allow inter-module communication
-without direct symbol references, which are a big I<no-no> for the I<Dynamic
-Shared Object> (DSO) situation.
-
-=back
-
-And the following design goals existed:
-
-=over 3
-
-=item B<1. Minimum code changes>
-
-The hook calls should look very similar to the corresponding direct function
-call to allow one to easily translate it. And the total amount of changes for
-the hook registration, hook configuration and hook usage should be as small as
-possible to minimize the total code changes. Additionally a shorthand API
-function (ap_hook_use) should be provided which lets one trivially add a hook
-by just changing the code at a single location.
-
-=item B<2. The hook call has to be maximum flexible>
-
-In order to avoid nasty hacks, maximum flexiblity for the hook calls is
-needed, i.e. any function signature (the set of types for the return value and
-the arguments) should be supported.  And it should be possible to
-register always a context (ctx) variable with a function which is passed to
-the corresponding function when the hook call is performed.
-
-=back
-
-The implementation of this library directly followed these two design goals.
-
-=head1 USAGE
-
-Using this hook API is a four-step process:
-
-=over 3
-
-=item B<1. Initialization>
-
-Initialize or destroy the hook mechanism inside your application program:
-
- ap_hook_init();
-    :
- ap_hook_kill();
-
-=item B<2. Configuration>
-
-Configure a particular hook by specifing its name, signature and return type
-semantic:
-
- ap_hook_configure("lookup", AP_HOOK_SIG2(ptr,ptr,ctx), AP_HOOK_DECLINE(NULL));
- ap_hook_configure("setup", AP_HOOK_SIG2(int,ptr,char), AP_HOOK_DECLTMP(FALSE));
- ap_hook_configure("read", AP_HOOK_SIG2(void,ptr), AP_HOOK_TOPMOST);
- ap_hook_configure("logit", AP_HOOK_SIG2(void,ptr), AP_HOOK_ALL);
-
-This configures four hooks: 
-
-A hook named C<lookup> with the signature C<void *lookup(void *, void *)>
-(where the second argument is C<NULL> or the private context pointer of the
-hook function which can be optionally provided at the registration step
-later) and a return code semantic which says: Proceed as long as the
-registered lookup functions return C<NULL> or no more registered functions
-exists. A call for this hook has to provide 2 argument only (a pointer to the
-return variable and the first argument), because the context is
-implicitly provided by the hook mechanism. Sample idea: I<The first function
-who was successful in looking up a variable provides the value>.
-
-A hook named C<setup> with the signature C<int setup(void *, char)" and a
-return code semantic equal to the one of the C<lookup> hook. But the decline
-return value is implemented by a temporay variable of the hook mechanism and
-only used for the decline decision. So a call to this hook has to provide 2
-arguments only (the first and second argument, but no address to a return
-value). Sample idea: I<Any function can handle the setup and when one
-function handled it stops the processing by indicating this with the return
-value>.
-
-A hook named C<read> with the signature C<void read(void *)> and a return code
-semantic which says: Only the top most function on the registered function
-stack is tried (and independet of a possible return value in non-void
-context). A call to this hook has to provide exactly 1 argument (the
-single argument to the hook function). Sample idea: I<We want to
-use a read function and allow others to override it, but independent how much
-registered functions exists, only top most (= last registered) function
-overrides and is used>.
-
-A hook named C<logit> with the signature C<void logit(void *)> and a return
-code semantic which says: All registered functions on the hook functioin stack
-are tried. Sample idea: I<We pass a FILE pointer to the logging functions and
-any function can log whatever it wants>.
-
-=item B<3. Registration>
-
-Register the actual functions which should be used by the hook:
-
- ap_hook_register("lookup", mylookup, mycontext);
- ap_hook_register("setup", mysetup);
- ap_hook_register("read", myread);
- ap_hook_register("logit", mylogit);
-
-This registers the function C<mylookup()> under the C<lookup> hook with the
-private context given by the variable C<mycontext>. And it registers the
-function C<mysetup()> under the C<setup> hook without any context. Same for
-C<myread> and C<mylogit>.
-
-=item B<4. Usage>
-
-Finally use the hooks, i.e. instead of using direct function calls like
-        
- rc = mylookup(a1, a2);
- rc = mysetup(a1, a2);
- myread(a1);
- mylogit(a1);
-
-you now use:
-
- ap_hook_call("lookup", &rc, a1, a2);
- ap_hook_call("setup", &rc, a1, a2);
- ap_hook_call("read", a1);
- ap_hook_call("logit", a1);
-
-which are internally translated to:
-
- rc = mylookup(a1, a2, mycontext);
- rc = mysetup(a1, a2);
- myread(a1);
- mylogit(a1);
-
-Notice two things here: First the context (C<mycontext>) for the C<mylookup()>
-function is automatically added by the hook mechanism. And it is a different
-(and not fixed) context for each registered function, of course.  Second,
-return values always have to be pushed into variables and a pointer to them
-has to be given as the second argument to C<ap_hook_call> (except for
-functions which have a void return type, of course).
-
-BTW, the return value of C<ap_hook_call()> is always C<TRUE> or C<FALSE>.
-C<TRUE> when at least one function call was successful (always the case for
-C<AP_HOOK_TOPMOST> and C<AP_HOOK_ALL>). C<FALSE> when all functions
-returned the decline value or no functions are registered at all.
-
-=back
-
-=head1 RESTRICTIONS
-
-To make the hook implementation efficient and to not bloat up the code too
-much a few restrictions have to make:
-
-=over 3
-
-=item 1.
-
-Only function calls with up to 4 arguments are implemented. When more are
-needed you can either extend the hook implementation by using more bits for
-the signature configuration or you can do a workaround when the function is
-your own one: Put the remaining (N-4-1) arguments into a structure and pass
-only a pointer (one argument) as the forth argument.
-
-=item 2.
-
-Only the following ANSI C variable types are supported:
-
- - For the return value: 
-   void (= none), char, int, float, double, ptr (= void *)
- - For the arguments:
-   ctx  (= context), char, int, float, double, ptr (= void *)
-
-This means in theory that 6^5 (=7776) signature combinations are possible. But
-because we don't need all of them inside Apache and it would bloat up the code
-too dramatically we implement only a subset of those combinations. The
-implemented signatures can be specified inside C<ap_hook.c> and the
-corresponding code can be automatically generated by running ``C<perl
-ap_hook.c>'' (yeah, no joke ;-).  So when you need a hook with a different
-still not implemented signature you either have to again use a workaround as
-above (i.e. use a structure) or just add the signature to the C<ap_hook.c>
-file.
-
-=head1 EXAMPLE
-
-We want to call `C<ssize_t read(int, void *, size_t)>' through hooks in order
-to allow modules to override this call.  So, somewhere we have a replacement
-function for C<read()> defined (same signature, of course):
-
- ssize_t my_read(int, void *, size_t);
-
-We now configure a C<read> hook. Here the C<AP_HOOK_SIGx()> macro defines the
-signature of the C<read()>-like callback functions and has to match the
-prototype of C<read()>. But we have to replace typedefs with the physical
-underlaying ANSI C types. And C<AP_HOOK_DECLINE()> sets the return value of
-the read()-like functions which forces the next hook to be called (here -1).
-And we register the original C<read()> function as the default hook.
-
- ap_hook_configure("read", 
-                   AP_HOOK_SIG4(int,int,ptr,int), 
-                   AP_HOOK_DECLINE(-1));
- ap_hook_register("read", read);
-
-Now a module wants to override the C<read()> call and registers the
-C<my_read()> function:
-
- ap_hook_register("read", my_read);
-
-The function logically gets pushed onto a stack, so the execution order is the
-reverse registering order, i.e. I<last registered - first called>. Now we can
-replace the standard C<read()> call
-
- bytes = read(fd, buf, bufsize);
- if (bytes == -1)
-    ...error...
-
-with the hook based call:
-
-  rc = ap_hook_call("read", &bytes, fd, buf, bufsize);
-  if (rc == FALSE)
-     ...error...
-
-Now internally the following is done: The call `C<bytes = my_read(fd, buf,
-bufsize)>' is done. When it returns not -1 (the decline value) nothing
-more is done. But when C<my_read()> returns -1 the next function is tried:
-`C<bytes = read(fd, buf, bufsize)>'. When this one also returns -1 you get
-`rc == FALSE'. When it finally returns not -1 you get `rc == TRUE'.
-
-=head1 SEE ALSO
-
-ap_ctx(3)
-
-=head1 HISTORY
-
-The ap_hook(3) interface was originally designed and 
-implemented in October 1998 by Ralf S. Engelschall.
-
-=head1 AUTHOR
-
- Ralf S. Engelschall
- rse@engelschall.com
- www.engelschall.com
-
-=cut
-*/
diff --git a/usr.sbin/httpd/src/include/ap_md5.h b/usr.sbin/httpd/src/include/ap_md5.h
deleted file mode 100644
index 91d8e545538..00000000000
--- a/usr.sbin/httpd/src/include/ap_md5.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/* $OpenBSD: ap_md5.h,v 1.9 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_MD5_H
-#define APACHE_MD5_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <md5.h>
-
-#define MD5_DIGESTSIZE 16
-
-/* UINT4 defines a four byte word */
-typedef unsigned int UINT4;
-#define AP_MD5_CTX MD5_CTX
-
-/*
- * Define the Magic String prefix that identifies a password as being
- * hashed using our algorithm.
- */
-#define AP_MD5PW_ID "$apr1$"
-#define AP_MD5PW_IDLEN 6
-
-API_EXPORT(void) ap_MD5Init(AP_MD5_CTX *context);
-API_EXPORT(void) ap_MD5Update(AP_MD5_CTX *context, const unsigned char *input,
-    unsigned int inputLen);
-API_EXPORT(void) ap_MD5Final(unsigned char digest[MD5_DIGESTSIZE],
-    AP_MD5_CTX *context);
-API_EXPORT(void) ap_MD5Encode(const unsigned char *password,
-    const unsigned char *salt, char *result, size_t nbytes);
-API_EXPORT(void) ap_to64(char *s, unsigned long v, int n);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_MD5_H */
diff --git a/usr.sbin/httpd/src/include/ap_mm.h b/usr.sbin/httpd/src/include/ap_mm.h
deleted file mode 100644
index b7d17f5b392..00000000000
--- a/usr.sbin/httpd/src/include/ap_mm.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/* $OpenBSD: ap_mm.h,v 1.4 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * Copyright (c) 1999-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- */
-
-/*
-**
-** ap_mm.h -- wrapper code for MM shared memory library
-**
-*/
-
-#ifndef AP_MM_H 
-#define AP_MM_H 1
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE  !FALSE
-#endif
-
-API_EXPORT(int) ap_mm_useable(void);
-
-typedef void AP_MM;
-typedef enum { AP_MM_LOCK_RD, AP_MM_LOCK_RW } ap_mm_lock_mode;
-
-/* Global Malloc-Replacement API */
-API_EXPORT(int)     ap_MM_create(size_t size, char *file);
-API_EXPORT(int)     ap_MM_permission(mode_t mode, uid_t owner, gid_t group);
-API_EXPORT(void)    ap_MM_destroy(void);
-API_EXPORT(int)     ap_MM_lock(ap_mm_lock_mode mode);
-API_EXPORT(int)     ap_MM_unlock(void);
-API_EXPORT(void *)  ap_MM_malloc(size_t size);
-API_EXPORT(void *)  ap_MM_realloc(void *ptr, size_t size);
-API_EXPORT(void)    ap_MM_free(void *ptr);
-API_EXPORT(void *)  ap_MM_calloc(size_t number, size_t size);
-API_EXPORT(char *)  ap_MM_strdup(const char *str);
-API_EXPORT(size_t)  ap_MM_sizeof(void *ptr);
-API_EXPORT(size_t)  ap_MM_maxsize(void);
-API_EXPORT(size_t)  ap_MM_available(void);
-API_EXPORT(char *)  ap_MM_error(void);
-
-/* Standard Malloc-Style API */
-API_EXPORT(AP_MM *) ap_mm_create(size_t size, char *file);
-API_EXPORT(int)     ap_mm_permission(AP_MM *mm, mode_t mode, uid_t owner,
-    gid_t group);
-API_EXPORT(void)    ap_mm_destroy(AP_MM *mm);
-API_EXPORT(int)     ap_mm_lock(AP_MM *mm, ap_mm_lock_mode mode);
-API_EXPORT(int)     ap_mm_unlock(AP_MM *mm);
-API_EXPORT(void *)  ap_mm_malloc(AP_MM *mm, size_t size);
-API_EXPORT(void *)  ap_mm_realloc(AP_MM *mm, void *ptr, size_t size);
-API_EXPORT(void)    ap_mm_free(AP_MM *mm, void *ptr);
-API_EXPORT(void *)  ap_mm_calloc(AP_MM *mm, size_t number, size_t size);
-API_EXPORT(char *)  ap_mm_strdup(AP_MM *mm, const char *str);
-API_EXPORT(size_t)  ap_mm_sizeof(AP_MM *mm, void *ptr);
-API_EXPORT(size_t)  ap_mm_maxsize(void);
-API_EXPORT(size_t)  ap_mm_available(AP_MM *mm);
-API_EXPORT(char *)  ap_mm_error(void);
-API_EXPORT(void)    ap_mm_display_info(AP_MM *mm);
-
-/* Low-Level Shared Memory API */
-API_EXPORT(void *)  ap_mm_core_create(size_t size, char *file);
-API_EXPORT(int)     ap_mm_core_permission(void *core, mode_t mode, uid_t owner,
-    gid_t group);
-API_EXPORT(void)    ap_mm_core_delete(void *core);
-API_EXPORT(size_t)  ap_mm_core_size(void *core);
-API_EXPORT(int)     ap_mm_core_lock(void *core, ap_mm_lock_mode mode);
-API_EXPORT(int)     ap_mm_core_unlock(void *core);
-API_EXPORT(size_t)  ap_mm_core_maxsegsize(void);
-API_EXPORT(size_t)  ap_mm_core_align2page(size_t size);
-API_EXPORT(size_t)  ap_mm_core_align2word(size_t size);
-
-/* Internal Library API */
-API_EXPORT(void)    ap_mm_lib_error_set(unsigned int, const char *str);
-API_EXPORT(char *)  ap_mm_lib_error_get(void);
-API_EXPORT(int)     ap_mm_lib_version(void);
-
-#endif /* AP_MM_H */
diff --git a/usr.sbin/httpd/src/include/ap_mmn.h b/usr.sbin/httpd/src/include/ap_mmn.h
deleted file mode 100644
index 46f2e442dab..00000000000
--- a/usr.sbin/httpd/src/include/ap_mmn.h
+++ /dev/null
@@ -1,289 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_AP_MMN_H
-#define APACHE_AP_MMN_H
-
-/*
- * MODULE_MAGIC_NUMBER_MAJOR
- * Major API changes that could cause compatibility problems for older modules
- * such as structure size changes.  No binary compatibility is possible across
- * a change in the major version.
- *
- * MODULE_MAGIC_NUMBER_MINOR
- * Minor API changes that do not cause binary compatibility problems.
- * Should be reset to 0 when upgrading MODULE_MAGIC_NUMBER_MAJOR.
- *
- * See the MODULE_MAGIC_AT_LEAST macro below for an example.
- */
-
-/*
- * 19950525		- original value
- * 19960512 (1.1b2)	- updated, 1.1, version.
- * 19960526 (1.1b3)	- get_token(), table_unset(), pstrndup()
- *			  functions added
- * 19960725 (1.2-dev)	- HTTP/1.1 compliance
- *			  (new version of read_client_block)
- * 19960806 (1.2-dev)	- scan_script_header_err() added
- * 19961007 (1.2-dev)	- replace read_client_block() with get_client_block()
- * 19961125 (1.2b1)	- change setup_client_block() to Roy's version
- * 19961211 (1.2b3)	- rwrite() added
- * 19970103 (1.2b5-dev)	- header parse API
- * 19970427 (1.2b9-dev)	- port references made unsigned
- * 19970526 (1.2)	- correct vhost walk for multiple requests on a single
- *			  connect
- * 19970623 (1.3-dev)	- NT changes
- * 19970628 (1.3-dev)	- ap_slack (fd fixes) added
- * 19970717 (1.3-dev)	- child_init API hook added
- * 19970719 (1.3-dev)	- discard_request_body() added (to clear the decks
- *			  as needed)
- * 19970728 (1.3a2-dev)	- child_exit API hook added
- * 19970818 (1.3a2-dev)	- post read-request phase added
- * 19970825 (1.3a2-dev)	- r->mtime cell added
- * 19970831 (1.3a2-dev)	- error logging changed to use aplog_error()
- * 19970902 (1.3a2-dev)	- MD5 routines and structures renamed to ap_*
- * 19970912 (1.3b1-dev)	- set_last_modified split into set_last_modified,
- * 			  set_etag and meets_conditions
- *			  register_other_child API
- *			  piped_log API
- *			  short_score split into parent and child pieces
- *			  os_is_absolute_path
- * 19971026 (1.3b3-dev)	- custom config hooks in place
- * 19980126 (1.3b4-dev)	- ap_cpystrn(), table_addn(), table_setn(),
- *			  table_mergen()
- * 19980201 (1.3b4-dev)	- construct_url()
- *			  prototype server_rec * -> request_rec *
- *			  add get_server_name() and get_server_port()
- * 19980207 (1.3b4-dev)	- add dynamic_load_handle to module structure as part
- *			  of the STANDARD_MODULE_STUFF header
- * 19980304 (1.3b6-dev)	- abstraction of SERVER_BUILT and SERVER_VERSION
- * 19980305 (1.3b6-dev)	- ap_config.h added for use by external modules
- * 19980312 (1.3b6-dev)	- parse_uri_components() and its ilk
- *			  remove r->hostlen, add r->unparsed_uri
- *			  set_string_slot_lower()
- *			  clarification: non-RAW_ARGS cmd handlers do not
- *			  need to pstrdup() their arguments
- *			  clarification: request_rec members content_type,
- *			  handler, content_encoding, content_language,
- *			  content_languages MUST all be lowercase strings,
- *			  and MAY NOT be modified in place -- modifications
- *			  require pstrdup().
- * 19980317 (1.3b6-dev)	- CORE_EXPORTs for win32 and <Perl>
- *			  API export basic_http_header, send_header_field,
- *			  set_keepalive, srm_command_loop, check_cmd_context,
- *			  tm2sec
- *			  spacetoplus(), plustospace(), client_to_stdout()
- *			  removed
- * 19980324 (1.3b6-dev)	- API_EXPORT(index_of_response)
- * 19980413 (1.3b6-dev)	- The BIG SYMBOL RENAMING: general ap_ prefix
- *			  (see src/include/compat.h for more details)
- *			  ap_vformatter() API, see src/include/ap.h
- * 19980507 (1.3b7-dev)	- addition of ap_add_version_component() and
- *			  discontinuation of -DSERVER_SUBVERSION support
- * 19980519 (1.3b7-dev)	- add child_info * to spawn function (as passed to
- *			  ap_spawn_child_err_buff) and to ap_call_exec to make
- *			  children work correctly on Win32.
- * 19980527 (1.3b8-dev)	- renamed some more functions to ap_ prefix which were
- *			  missed at the big renaming (they are defines):
- *			  is_default_port, default_port and http_method.
- *			  A new communication method for modules was added:
- *			  they can create customized error messages under the
- *			  "error-notes" key in the request_rec->notes table.
- *			  This string will be printed in place of the canned
- *			  error responses, and will be propagated to
- *			  ErrorDocuments or cgi scripts in the
- *			  (REDIRECT_)ERROR_NOTES variable.
- * 19980627 (1.3.1-dev)	- More renaming that we forgot/bypassed. In particular:
- *			  table_elts --> ap_table_elts
- *			  is_table_empty --> ap_is_table_empty
- * 19980708 (1.3.1-dev)	- ap_isalnum(), ap_isalpha(), ... "8-bit safe" ctype
- *			  macros and apctype.h added
- * 19980713 (1.3.1-dev)	- renaming of C header files:
- *			  1. conf.h      -> ap_config.h
- *			  2. conf_auto.h -> ap_config_auto.h - now merged
- *			  3. ap_config.h -> ap_config_auto.h - now merged
- *			  4. compat.h    -> ap_compat.h
- *			  5. apctype.h   -> ap_ctype.h
- * 19980806 (1.3.2-dev) - add ap_log_rerror()
- *                      - add ap_scan_script_header_err_core()
- *                      - add ap_uuencode()
- *                      - add ap_custom_response()
- * 19980811 (1.3.2-dev)	- added limit_req_line, limit_req_fieldsize, and
- *			  limit_req_fields to server_rec.
- *			  added limit_req_body to core_dir_config and
- *			  ap_get_limit_req_body() to get its value.
- * 19980812 (1.3.2-dev)	- split off MODULE_MAGIC_NUMBER
- * 19980812.2           - add ap_overlap_tables()
- * 19980816 (1.3.2-dev)	- change proxy to use tables for headers, change
- *                        struct cache_req to typedef cache_req.
- *                        Delete ap_proxy_get_header(), ap_proxy_add_header(),
- *                        ap_proxy_del_header(). Change interface of 
- *                        ap_proxy_send_fb() and ap_proxy_cache_error(). 
- *                        Add ap_proxy_send_hdr_line() and ap_proxy_bputs2().
- * 19980825 (1.3.2-dev) - renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx()
- * 19980825.1           - mod_proxy only (minor change): modified interface of
- *                        ap_proxy_read_headers() and rdcache() to use a
- *                        request_rec* instead of pool*
- *                        (for implementing better error reporting).
- * 19980906 (1.3.2-dev) - added ap_md5_binary()
- * 19980917 (1.3.2-dev) - bs2000: changed os_set_authfile() to os_set_account()
- * 19981108 (1.3.4-dev) - added ap_method_number_of()
- *                      - changed value of M_INVALID and added WebDAV methods
- * 19981108.1           - ap_exists_config_define() is now public (minor bump)
- * 19981204             - scoreboard changes -- added generation, changed
- *                        exit_generation to running_generation.  Somewhere
- *                        earlier vhostrec was added, but it's only safe to use
- *                        as of this rev.  See scoreboard.h for documentation.
- * 19981211             - DSO changes -- added ap_single_module_configure()
- *                                    -- added ap_single_module_init()
- * 19981229             - mod_negotiation overhaul -- added ap_make_etag()
- *                        and added vlist_validator to request_rec.
- * 19990101             - renamed macro escape_uri() to ap_escape_uri()
- *                      - added MODULE_MAGIC_COOKIE to identify module structs
- * 19990103 (1.3.4-dev) - added ap_array_pstrcat()
- * 19990105 (1.3.4-dev) - added ap_os_is_filename_valid()
- * 19990106 (1.3.4-dev) - Move MODULE_MAGIC_COOKIE to the end of the
- *                        STANDARD_MODULE_STUFF macro so the version
- *                        numbers and file name remain at invariant offsets
- * 19990108 (1.3.4-dev) - status_drops_connection -> ap_status_drops_connection
- *                        scan_script_header -> ap_scan_script_header_err
- *                      - reordered entries in request_rec that were waiting
- *                        for a non-binary-compatible release.
- *          (1.3.5-dev)
- * 19990108.1           - add ap_MD5Encode() for MD5 password handling.
- * 19990108.2           - add ap_validate_password() and change ap_MD5Encode()
- *                        to use a stronger algorithm.
- * 19990108.4           - add ap_size_list_item(), ap_get_list_item(), and
- *                        ap_find_list_item()
- * 19990108.5           - added ap_sub_req_method_uri() and added const to the
- *                        definition of method in request_rec.
- * 19990108.6           - SIGPIPE is now ignored by the core server.
- * 19990108.7           - ap_isxdigit added
- * 19990320             - METHODS and M_INVALID symbol values modified
- * 19990320.1           - add ap_vrprintf()
- * 19990320.2           - add cmd_parms.context, ap_set_config_vectors, 
- *                        export ap_add_file_conf
- * 19990320.3           - add ap_regexec() and ap_regerror()
- * 19990320.4           - add ap_field_noparam()
- * 19990320.5           - add local_ip/host to conn_rec for mass-vhost
- * 19990320.6           - add ap_SHA1Final(), ap_SHA1Init(),
- *                        ap_SHA1Update_binary(), ap_SHA1Update(),
- *                        ap_base64encode(), ap_base64encode_binary(),
- *                        ap_base64encode_len(), ap_base64decode(),
- *                        ap_base64decode_binary(), ap_base64decode_len(),
- *                        ap_pbase64decode(), ap_pbase64encode()
- * 19990320.7           - add ap_strcasestr()
- * 19990320.8           - add request_rec.case_preserved_filename
- * 19990320.9           - renamed alloc.h to ap_alloc.h
- * 19990320.10          - add ap_is_rdirectory() and ap_stripprefix()
- * 19990320.11          - Add a couple of fields, callback_data and
- *                        filter_callback to the end of buff.h
- * 19990320.11          - Add some fields to the end of the core_dir_config
- *                        structure
- * 19990320.12		- add ap_getline(), ap_get_chunk_size()
- * 19990320.13          - add ap_strtol()
- * 19990320.14          - add ap_register_cleanup_ex(),
- *                        ap_note_cleanups_for_fd_ex(),
- *                        ap_note_cleanups_for_socket_ex(),
- *                        ap_note_cleanups_for_file_ex(),
- *                        ap_popenf_ex() and ap_psocket_ex().
- * 19990320.15          - ap_is_recursion_limit_exceeded()
- */
-
-/* 
- * Under Extended API situations we replace the magic cookie "AP13" with
- * "EAPI" to let us distinguish between the EAPI module structure (which
- * contain additional pointers at the end) and standard module structures
- * (which lack at least NULL's for the pointers at the end).  This is
- * important because standard ("AP13") modules would dump core when we
- * dispatch over the additional hooks because NULL's are missing at the end of
- * the module structure. See also the code in mod_so for details on loading
- * (we accept both "AP13" and "EAPI").
- */
-#define MODULE_MAGIC_COOKIE_AP13 0x41503133UL /* "AP13" */
-#define MODULE_MAGIC_COOKIE_EAPI 0x45415049UL /* "EAPI" */
-#define MODULE_MAGIC_COOKIE      MODULE_MAGIC_COOKIE_EAPI 
-
-#ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 19990320
-#endif
-#define MODULE_MAGIC_NUMBER_MINOR 15                    /* 0...n */
-
-/* Useful for testing for features. */
-#define AP_MODULE_MAGIC_AT_LEAST(major,minor)		\
-    ((major) < MODULE_MAGIC_NUMBER_MAJOR 		\
-	|| ((major) == MODULE_MAGIC_NUMBER_MAJOR 	\
-	    && (minor) <= MODULE_MAGIC_NUMBER_MINOR))
-
-/*
- * For example, suppose you wish to use the ap_overlap_tables
- * function.  You can do this:
- *
- * #if AP_MODULE_MAGIC_AT_LEAST(19980812,2)
- *    ... use ap_overlap_tables()
- * #else
- *    ... alternative code which doesn't use ap_overlap_tables()
- * #endif
- *
- */
-
-/* deprecated. present for backwards compatibility */
-#define MODULE_MAGIC_NUMBER MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_AT_LEAST old_broken_macro_we_hope_you_are_not_using
-
-#endif /* !APACHE_AP_MMN_H */
diff --git a/usr.sbin/httpd/src/include/ap_sha1.h b/usr.sbin/httpd/src/include/ap_sha1.h
deleted file mode 100644
index 5a0eeadccf5..00000000000
--- a/usr.sbin/httpd/src/include/ap_sha1.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/* $OpenBSD: ap_sha1.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * NIST Secure Hash Algorithm
- * 	heavily modified by Uwe Hollerbach uh@alumni.caltech edu
- * 	from Peter C. Gutmann's implementation as found in
- * 	Applied Cryptography by Bruce Schneier
- * 	This code is hereby placed in the public domain
- */
-
-#ifndef APACHE_SHA1_H
-#define APACHE_SHA1_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <sha1.h>
-
-#define SHA_DIGESTSIZE SHA1_DIGEST_LENGTH
-
-/*
- * Define the Magic String prefix that identifies a password as being
- * hashed using our algorithm.
- */
-#define AP_SHA1PW_ID "{SHA}"
-#define AP_SHA1PW_IDLEN 5
-
-typedef u_int32_t AP_LONG;         /* a 32-bit quantity */
-
-#define AP_SHA1_CTX SHA1_CTX
-
-API_EXPORT(void) ap_sha1_base64(const char *clear, int len, char *out);
-API_EXPORT(void) ap_SHA1Init(AP_SHA1_CTX *context);
-API_EXPORT(void) ap_SHA1Update(AP_SHA1_CTX *context, const char *input,
-    unsigned int inputLen);
-API_EXPORT(void) ap_SHA1Update_binary(AP_SHA1_CTX *context,
-    const unsigned char *input, unsigned int inputLen);
-API_EXPORT(void) ap_SHA1Final(unsigned char digest[SHA_DIGESTSIZE],
-    AP_SHA1_CTX *context);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_SHA1_H */
diff --git a/usr.sbin/httpd/src/include/buff.h b/usr.sbin/httpd/src/include/buff.h
deleted file mode 100644
index 8fd8ff47702..00000000000
--- a/usr.sbin/httpd/src/include/buff.h
+++ /dev/null
@@ -1,193 +0,0 @@
-/* $OpenBSD: buff.h,v 1.13 2010/02/25 07:49:53 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_BUFF_H
-#define APACHE_BUFF_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <stdarg.h>
-
-/* Reading is buffered */
-#define B_RD     (1)
-/* Writing is buffered */
-#define B_WR     (2)
-#define B_RDWR   (3)
-/* At end of file, or closed stream; no further input allowed */
-#define B_EOF    (4)
-/* No further output possible */
-#define B_EOUT   (8)
-/* A read error has occurred */
-#define B_RDERR (16)
-/* A write error has occurred */
-#define B_WRERR (32)
-#ifdef B_ERROR  /* in SVR4: sometimes defined in /usr/include/sys/buf.h */
-#undef B_ERROR
-#endif
-#define B_ERROR (48)
-/* Use chunked writing */
-#define B_CHUNK (64)
-/* bflush() if a read would block */
-#define B_SAFEREAD (128)
-/* buffer is a socket */
-#define B_SOCKET (256)
-
-typedef struct buff_struct BUFF;
-
-struct buff_struct {
-	int flags;			/* flags */
-	unsigned char *inptr;	/* pointer to next location to read */
-	int incnt;		/* number of bytes left to read from input buffer;
-				 * always 0 if had a read error  */
-	int outchunk;		/* location of chunk header when chunking */
-	int outcnt;		/* number of byte put in output buffer */
-	unsigned char *inbase;
-	unsigned char *outbase;
-	int bufsiz;
-	void (*error) (BUFF *fb, int op, void *data);
-	void *error_data;
-	off_t bytes_sent;	/* number of bytes actually written */
-
-	ap_pool *pool;
-
-	/* could also put pointers to the basic I/O routines here */
-	int fd;			/* the file descriptor */
-	int fd_in;		/* input file descriptor, if different */
-
-	/* transport handle, for RPC binding handle or some such */
-	void *t_handle;
-
-	ap_ctx *ctx;
-
-	void *callback_data;
-	void (*filter_callback)(BUFF *, const void *, int );
-};
-
-/* Options to bset/getopt */
-#define BO_BYTECT (1)
-
-/* Stream creation and modification */
-API_EXPORT(BUFF *) ap_bcreate(pool *p, int flags);
-API_EXPORT(void) ap_bpushfd(BUFF *fb, int fd_in, int fd_out);
-API_EXPORT(int) ap_bsetopt(BUFF *fb, int optname, const void *optval);
-API_EXPORT(int) ap_bgetopt(BUFF *fb, int optname, void *optval);
-API_EXPORT(int) ap_bsetflag(BUFF *fb, int flag, int value);
-API_EXPORT(int) ap_bclose(BUFF *fb);
-
-#define ap_bgetflag(fb, flag)	((fb)->flags & (flag))
-
-/* Error handling */
-API_EXPORT(void) ap_bonerror(BUFF *fb, void (*error) (BUFF *, int, void *),
-			  void *data);
-
-/* I/O */
-API_EXPORT(int) ap_bread(BUFF *fb, void *buf, int nbyte);
-API_EXPORT(int) ap_bgets(char *s, int n, BUFF *fb);
-API_EXPORT(int) ap_blookc(char *buff, BUFF *fb);
-API_EXPORT(int) ap_bskiplf(BUFF *fb);
-API_EXPORT(int) ap_bwrite(BUFF *fb, const void *buf, int nbyte);
-API_EXPORT(int) ap_bflush(BUFF *fb);
-API_EXPORT(int) ap_bputs(const char *x, BUFF *fb);
-API_EXPORT_NONSTD(int) ap_bvputs(BUFF *fb,...);
-API_EXPORT_NONSTD(int) ap_bprintf(BUFF *fb, const char *fmt,...)
-				__attribute__((format(printf,2,3)));
-API_EXPORT(int) ap_vbprintf(BUFF *fb, const char *fmt, va_list vlist);
-
-/* Internal routines */
-API_EXPORT(int) ap_bflsbuf(int c, BUFF *fb);
-API_EXPORT(int) ap_bfilbuf(BUFF *fb);
-
-#define ap_bpeekc(fb) ( ((fb)->incnt == 0) ? EOF : *((fb)->inptr) )
-
-#define ap_bgetc(fb)   ( ((fb)->incnt == 0) ? ap_bfilbuf(fb) : \
-		    ((fb)->incnt--, *((fb)->inptr++)) )
-
-#define ap_bputc(c, fb) ((((fb)->flags & (B_EOUT|B_WRERR|B_WR)) != B_WR || \
-		     (fb)->outcnt == (fb)->bufsiz) ? ap_bflsbuf(c, (fb)) : \
-		     ((fb)->outbase[(fb)->outcnt++] = (c), 0))
-
-struct child_info {
-    /* 
-     * We need to put a dummy member in here to avoid compilation
-     * errors under certain Unix compilers, like SGI's and HPUX's,
-     * which fail to compile a zero-sized struct.  Of course
-     * it would be much nicer if there was actually a use for this
-     * structure under Unix.  Aah the joys of x-platform code.
-     */
-    int dummy;
-};
-API_EXPORT(int) ap_bspawn_child(pool *, int (*)(void *, child_info *), void *,
-    enum kill_conditions, BUFF **pipe_in, BUFF **pipe_out, BUFF **pipe_err);
-
-/* enable non-blocking operations */
-API_EXPORT(int) ap_bnonblock(BUFF *fb, int direction);
-/* and get an fd to select() on */
-API_EXPORT(int) ap_bfileno(BUFF *fb, int direction);
-
-/* bflush() if a read now would block, but don't actually read anything */
-API_EXPORT(void) ap_bhalfduplex(BUFF *fb);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_BUFF_H */
diff --git a/usr.sbin/httpd/src/include/compat.h b/usr.sbin/httpd/src/include/compat.h
deleted file mode 100644
index ab21c0fe63e..00000000000
--- a/usr.sbin/httpd/src/include/compat.h
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $OpenBSD: compat.h,v 1.2 2005/03/28 23:26:51 niallo Exp $ */
-
-/*
- *  compat.h -- backward compatibility header for ap_compat.h
- */
-
-#ifdef __GNUC__
-#warning "This header is obsolete, use ap_compat.h instead"
-#endif
-
-#include "ap_compat.h"
diff --git a/usr.sbin/httpd/src/include/conf.h b/usr.sbin/httpd/src/include/conf.h
deleted file mode 100644
index b50b8c852e1..00000000000
--- a/usr.sbin/httpd/src/include/conf.h
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $OpenBSD: conf.h,v 1.2 2005/03/28 23:26:51 niallo Exp $ */
-
-/*
- *  conf.h -- backward compatibility header for ap_config.h
- */
-
-#ifdef __GNUC__
-#warning "This header is obsolete, use ap_config.h instead"
-#endif
-
-#include "ap_config.h"
diff --git a/usr.sbin/httpd/src/include/explain.h b/usr.sbin/httpd/src/include/explain.h
deleted file mode 100644
index 4ab6bc7cbb0..00000000000
--- a/usr.sbin/httpd/src/include/explain.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* $OpenBSD: explain.h,v 1.2 2005/03/28 23:26:51 niallo Exp $ */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef EXPLAIN
-#define DEF_Explain
-#define Explain0(f)
-#define Explain1(f,a1)
-#define Explain2(f,a1,a2)
-#define Explain3(f,a1,a2,a3)
-#define Explain4(f,a1,a2,a3,a4)
-#define Explain5(f,a1,a2,a3,a4,a5)
-#define Explain6(f,a1,a2,a3,a4,a5,a6)
-#else
-#include "http_log.h"
-#define DEF_Explain
-#define Explain0(f) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f)
-#define Explain1(f,a1) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1)
-#define Explain2(f,a1,a2) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2)
-#define Explain3(f,a1,a2,a3) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2,a3)
-#define Explain4(f,a1,a2,a3,a4) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2,a3,a4)
-#define Explain5(f,a1,a2,a3,a4,a5)  \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2,a3,a4,a5)
-#define Explain6(f,a1,a2,a3,a4,a5,a6)   \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2,a3,a4,a5,a6)
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/usr.sbin/httpd/src/include/fdcache.h b/usr.sbin/httpd/src/include/fdcache.h
deleted file mode 100644
index 597bde12216..00000000000
--- a/usr.sbin/httpd/src/include/fdcache.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*	$OpenBSD: fdcache.h,v 1.1 2002/07/17 11:17:00 henning Exp $ */
-
-/*
- * Copyright (c) 2002 Henning Brauer
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *    - Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    - Redistributions in binary form must reproduce the above
- *      copyright notice, this list of conditions and the following
- *      disclaimer in the documentation and/or other materials provided
- *      with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-int	fdcache_open(char *, int, mode_t);
-void	fdcache_closeall();
diff --git a/usr.sbin/httpd/src/include/fnmatch.h b/usr.sbin/httpd/src/include/fnmatch.h
deleted file mode 100644
index 5795a2241b5..00000000000
--- a/usr.sbin/httpd/src/include/fnmatch.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/* $OpenBSD: fnmatch.h,v 1.3 2005/03/28 23:26:51 niallo Exp $ */
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
- */
-
-/* This file has been modified by the Apache Group. */
-
-#include "ap_config.h"
-
-#ifndef	_FNMATCH_H_
-#define	_FNMATCH_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define	FNM_NOMATCH	1	/* Match failed. */
-
-#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
-#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
-#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
-/* This flag is an Apache addition */
-#define FNM_CASE_BLIND  0x08    /* Compare characters case-insensitively. */
-
-API_EXPORT(int) ap_fnmatch(const char *, const char *, int);
-
-/* this function is an Apache addition */
-API_EXPORT(extern int) ap_is_fnmatch(const char *);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !_FNMATCH_H_ */
diff --git a/usr.sbin/httpd/src/include/http_conf_globals.h b/usr.sbin/httpd/src/include/http_conf_globals.h
deleted file mode 100644
index 14ff3b2afcd..00000000000
--- a/usr.sbin/httpd/src/include/http_conf_globals.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/* $OpenBSD: http_conf_globals.h,v 1.17 2008/05/09 08:06:28 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_CONF_GLOBALS_H
-#define APACHE_HTTP_CONF_GLOBALS_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* 
- * Process config --- what the process ITSELF is doing
- */
-
-extern API_VAR_EXPORT int ap_standalone;
-extern API_VAR_EXPORT int ap_configtestonly;
-extern int ap_docrootcheck;
-extern API_VAR_EXPORT uid_t ap_user_id;
-extern API_VAR_EXPORT char *ap_user_name;
-extern API_VAR_EXPORT gid_t ap_group_id;
-extern API_VAR_EXPORT int ap_max_requests_per_child;
-extern API_VAR_EXPORT int ap_max_cpu_per_child;
-extern API_VAR_EXPORT int ap_max_data_per_child;
-extern API_VAR_EXPORT int ap_max_nofile_per_child;
-extern API_VAR_EXPORT int ap_max_rss_per_child;
-extern API_VAR_EXPORT int ap_max_stack_per_child;
-extern API_VAR_EXPORT int ap_threads_per_child;
-extern API_VAR_EXPORT int ap_excess_requests_per_child;
-extern API_VAR_EXPORT struct sockaddr_storage ap_bind_address;
-extern API_VAR_EXPORT int ap_default_family;
-extern listen_rec *ap_listeners;
-extern API_VAR_EXPORT int ap_daemons_to_start;
-extern API_VAR_EXPORT int ap_daemons_min_free;
-extern API_VAR_EXPORT int ap_daemons_max_free;
-extern API_VAR_EXPORT int ap_daemons_limit;
-extern API_VAR_EXPORT int ap_suexec_enabled;
-extern API_VAR_EXPORT int ap_listenbacklog;
-extern int ap_dump_settings;
-extern API_VAR_EXPORT int ap_extended_status;
-extern API_VAR_EXPORT ap_ctx *ap_global_ctx;
-
-extern API_VAR_EXPORT char *ap_pid_fname;
-extern API_VAR_EXPORT char *ap_scoreboard_fname;
-extern API_VAR_EXPORT char *ap_lock_fname;
-extern API_VAR_EXPORT char *ap_server_argv0;
-
-extern enum server_token_type ap_server_tokens;
-
-extern API_VAR_EXPORT int ap_protocol_req_check;
-extern API_VAR_EXPORT int ap_change_shmem_uid;
-
-/* Trying to allocate these in the config pool gets us into some *nasty*
- * chicken-and-egg problems in http_main.c --- where do you stick them
- * when pconf gets cleared?  Better to just allocate a little space
- * statically...
- */
-
-extern API_VAR_EXPORT char ap_server_root[MAX_STRING_LEN];
-extern API_VAR_EXPORT char ap_server_confname[MAX_STRING_LEN];
-
-/* for -C, -c and -D switches */
-extern API_VAR_EXPORT array_header *ap_server_pre_read_config;
-extern API_VAR_EXPORT array_header *ap_server_post_read_config;
-extern API_VAR_EXPORT array_header *ap_server_config_defines;
-
-/* We want this to have the least chance of being corrupted if there
- * is some memory corruption, so we allocate it statically.
- */
-extern API_VAR_EXPORT char ap_coredump_dir[MAX_STRING_LEN];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_CONF_GLOBALS_H */
diff --git a/usr.sbin/httpd/src/include/http_config.h b/usr.sbin/httpd/src/include/http_config.h
deleted file mode 100644
index 21482a9cc1a..00000000000
--- a/usr.sbin/httpd/src/include/http_config.h
+++ /dev/null
@@ -1,469 +0,0 @@
-/* $OpenBSD: http_config.h,v 1.12 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_CONFIG_H
-#define APACHE_HTTP_CONFIG_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The central data structures around here...
- */
-
-/* Command dispatch structures... */
-
-/* Note that for all of these except RAW_ARGS, the config routine is
- * passed a freshly allocated string which can be modified or stored
- * or whatever... it's only necessary to do pstrdup() stuff with
- * RAW_ARGS.
- */
-enum cmd_how {
-	RAW_ARGS,		/* cmd_func parses command line itself */
-	TAKE1,			/* one argument only */
-	TAKE2,			/* two arguments only */
-	ITERATE,		/* one argument, occuring multiple times
-				 * (e.g., IndexIgnore)
-				 */
-	ITERATE2,		/* two arguments, 2nd occurs multiple times
-				 * (e.g., AddIcon)
-				 */
-	FLAG,			/* One of 'On' or 'Off' */
-	NO_ARGS,		/* No args at all, e.g. </Directory> */
-	TAKE12,			/* one or two arguments */
-	TAKE3,			/* three arguments only */
-	TAKE23,			/* two or three arguments */
-	TAKE123,		/* one, two or three arguments */
-	TAKE13			/* one or three arguments */
-};
-
-typedef struct command_struct {
-	const char *name;		/* Name of this command */
-	const char *(*func) ();	/* Function invoked */
-	void *cmd_data;		/* Extra data, for functions which
-				 * implement multiple commands...
-				 */
-	int req_override;	/* What overrides need to be allowed to
-				 * enable this command.
-				 */
-	enum cmd_how args_how;	/* What the command expects as arguments */
-
-	const char *errmsg;	/* 'usage' message, in case of syntax errors */
-} command_rec;
-
-/* The allowed locations for a configuration directive are the union of
- * those indicated by each set bit in the req_override mask.
- *
- * (req_override & RSRC_CONF)   => *.conf outside <Directory> or <Location>
- * (req_override & ACCESS_CONF) => *.conf inside <Directory> or <Location>
- * (req_override & OR_AUTHCFG)  => *.conf inside <Directory> or <Location>
- *                                 and .htaccess when AllowOverride AuthConfig
- * (req_override & OR_LIMIT)    => *.conf inside <Directory> or <Location>
- *                                 and .htaccess when AllowOverride Limit
- * (req_override & OR_OPTIONS)  => *.conf anywhere
- *                                 and .htaccess when AllowOverride Options
- * (req_override & OR_FILEINFO) => *.conf anywhere
- *                                 and .htaccess when AllowOverride FileInfo
- * (req_override & OR_INDEXES)  => *.conf anywhere
- *                                 and .htaccess when AllowOverride Indexes
- */
-#define OR_NONE 0
-#define OR_LIMIT 1
-#define OR_OPTIONS 2
-#define OR_FILEINFO 4
-#define OR_AUTHCFG 8
-#define OR_INDEXES 16
-#define OR_UNSET 32
-#define ACCESS_CONF 64
-#define RSRC_CONF 128
-#define OR_ALL (OR_LIMIT|OR_OPTIONS|OR_FILEINFO|OR_AUTHCFG|OR_INDEXES)
-
-/* This can be returned by a function if they don't wish to handle
- * a command. Make it something not likely someone will actually use
- * as an error code.
- */
-
-#define DECLINE_CMD "\a\b"
-
-/*
- * This structure is passed to a command which is being invoked,
- * to carry a large variety of miscellaneous data which is all of
- * use to *somebody*...
- */
-
-typedef struct {
-	void *info;		/* Argument to command from cmd_table */
-	int override;		/* Which allow-override bits are set */
-	int limited;		/* Which methods are <Limit>ed */
-
-			      /* Config file structure from pcfg_openfile() */
-	configfile_t *config_file;
-
-	ap_pool *pool;			/* Pool to allocate new storage in */
-	struct pool *temp_pool;	/* Pool for scratch memory; persists during
-				 * configuration, but wiped before the first
-				 * request is served...
-				 */
-	server_rec *server;		/* Server_rec being configured for */
-	char *path;			/* If configuring for a directory,
-				 * pathname of that directory.
-				 * NOPE!  That's what it meant previous to the
-				 * existance of <Files>, <Location> and regex
-				 * matching.  Now the only usefulness that can
-			* be derived from this field is whether a command
-			 * is being called in a server context (path == NULL)
-			 * or being called in a dir context (path != NULL).
-				 */
-	const command_rec *cmd;	/* configuration command */
-	const char *end_token;	/* end token required to end a nested section */
-	void *context;		/* per_dir_config vector passed 
-				 * to handle_command */
-} cmd_parms;
-
-/* This structure records the existence of handlers in a module... */
-
-typedef struct {
-    const char *content_type;	/* MUST be all lower case */
-    int (*handler) (request_rec *);
-} handler_rec;
-
-/*
- * Module structures.  Just about everything is dispatched through
- * these, directly or indirectly (through the command and handler
- * tables).
- */
-
-typedef struct module_struct {
-	int version;		/* API version, *not* module version;
-				 * check that module is compatible with this
-				 * version of the server.
-				 */
-	int minor_version;          /* API minor version. Provides API feature
-				 * milestones. Not checked during module init
-				 */
-	int module_index;	/* Index to this modules structures in
-				 * config vectors.
-				 */
-
-	const char *name;
-	void *dynamic_load_handle;
-
-	struct module_struct *next;
-
-	unsigned long magic;    /* Magic Cookie to identify a module structure;
-				 * It's mainly important for the DSO facility
-				 * (see also mod_so).
-				 */
-
-	/* init() occurs after config parsing, but before any children are
-	* forked.
-	* Modules should not rely on the order in which create_server_config
-	* and create_dir_config are called.
-	*/
-	void (*init) (server_rec *, pool *);
-	void *(*create_dir_config) (pool *p, char *dir);
-	void *(*merge_dir_config) (pool *p, void *base_conf, void *new_conf);
-	void *(*create_server_config) (pool *p, server_rec *s);
-	void *(*merge_server_config) (pool *p, void *base_conf, void *new_conf);
-
-	const command_rec *cmds;
-	const handler_rec *handlers;
-
-	/* Hooks for getting into the middle of server ops...
-
-	* translate_handler --- translate URI to filename
-	* access_checker --- check access by host address, etc.   All of these
-	*                    run; if all decline, that's still OK.
-	* check_user_id --- get and validate user id from the HTTP request
-	* auth_checker --- see if the user (from check_user_id) is OK *here*.
-	*                  If all of *these* decline, the request is rejected
-	*                  (as a SERVER_ERROR, since the module which was
-	*                  supposed to handle this was configured wrong).
-	* type_checker --- Determine MIME type of the requested entity;
-	*                  sets content_type, _encoding and _language fields.
-	* logger --- log a transaction.
-        * post_read_request --- run right after read_request or
-	*                internal_redirect, and not run during any subrequests.
-	*/
-
-	int (*translate_handler) (request_rec *);
-	int (*ap_check_user_id) (request_rec *);
-	int (*auth_checker) (request_rec *);
-	int (*access_checker) (request_rec *);
-	int (*type_checker) (request_rec *);
-	int (*fixer_upper) (request_rec *);
-	int (*logger) (request_rec *);
-	int (*header_parser) (request_rec *);
-
-	/* Regardless of the model the server uses for managing "units of
-	* execution", i.e. multi-process, multi-threaded, hybrids of those,
-	* there is the concept of a "heavy weight process".  That is, a
-	* process with its own memory space, file spaces, etc.  This method,
-	* child_init, is called once for each heavy-weight process before
-	* any requests are served.  Note that no provision is made yet for
-	* initialization per light-weight process (i.e. thread).  The
-	* parameters passed here are the same as those passed to the global
-	* init method above.
-	*/
-	void (*child_init) (server_rec *, pool *);
-	void (*child_exit) (server_rec *, pool *);
-	int (*post_read_request) (request_rec *);
-
-	/*
-	* ANSI C guarantees us that we can at least extend the module structure
-	* with additional hooks without the need to change all existing modules.
-	* Because: ``If there are fewer initializers in the list than members of
-	* the structure, the trailing members are initialized with 0.'' (The C
-	* Programming Language, 2nd Ed., A8.7 Initialization). So we just
-	* have to put our additional hooks here:
-	*
-	* add_module:
-	*     Called from within ap_add_module() right after the module
-	*     structure was linked into the Apache internal module list.
-	*     It is mainly intended to be used to define configuration defines
-	*     (<IfDefine>) which have to be available directly after a
-	*     LoadModule/AddModule. Actually this is the earliest possible
-	*     hook a module can use.
-	*
-	* remove_module:
-	*     Called from within ap_remove_module() right before the module
-	*     structure is kicked out from the Apache internal module list.
-	*     Actually this is last possible hook a module can use and exists
-	*     for consistency with the add_module hook.
-	*
-	* rewrite_command:
-	*     Called right after a configuration directive line was read and
-	*     before it is processed. It is mainly intended to be used for
-	*     rewriting directives in order to provide backward compatibility to
-	*     old directive variants.
-	*
-	* new_connection:
-	*     Called from within the internal new_connection() function, right
-	*     after the conn_rec structure for the new established connection
-	*     was created and before Apache starts processing the request with
-	*     ap_read_request().  It is mainly intended to be used to setup/run
-	*     connection dependent things like sending start headers for
-	*     on-the-fly compression, etc.
-	*
-	* close_connection:
-	*     Called from within the Apache dispatching loop just before any
-	*     ap_bclose() is performed on the socket connection, but a long time
-	*     before any pool cleanups are done for the connection (which can be
-	*     too late for some applications).  It is mainly intended to be used
-	*     to close/finalize connection dependent things like sending end
-	*     headers for on-the-fly compression, etc.
-	*/
-	void  (*add_module) (struct module_struct *);
-	void  (*remove_module) (struct module_struct *);
-	char *(*rewrite_command) (cmd_parms *, void *config, const char *);
-	void  (*new_connection) (conn_rec *);
-	void  (*close_connection) (conn_rec *);
-} module;
-
-/* Initializer for the first few module slots, which are only
- * really set up once we start running.  Note that the first two slots
- * provide a version check; this should allow us to deal with changes to
- * the API. The major number should reflect changes to the API handler table
- * itself or removal of functionality. The minor number should reflect
- * additions of functionality to the existing API. (the server can detect
- * an old-format module, and either handle it back-compatibly, or at least
- * signal an error). See src/include/ap_mmn.h for MMN version history.
- */
-
-#define STANDARD_MODULE_STUFF	MODULE_MAGIC_NUMBER_MAJOR, \
-				MODULE_MAGIC_NUMBER_MINOR, \
-				-1, \
-				__FILE__, \
-				NULL, \
-				NULL, \
-				MODULE_MAGIC_COOKIE
-
-/* Generic accessors for other modules to get at their own module-specific
- * data
- */
-
-API_EXPORT(void *) ap_get_module_config(void *conf_vector, module *m);
-API_EXPORT(void) ap_set_module_config(void *conf_vector, module *m, void *val);
-
-#define ap_get_module_config(v,m)	\
-    (((void **)(v))[(m)->module_index])
-#define ap_set_module_config(v,m,val)	\
-    ((((void **)(v))[(m)->module_index]) = (val))
-
-/* Generic command handling function... */
-
-API_EXPORT_NONSTD(const char *) ap_set_string_slot(cmd_parms *, char *, char *);
-API_EXPORT_NONSTD(const char *) ap_set_string_slot_lower(cmd_parms *, char *,
-    char *);
-API_EXPORT_NONSTD(const char *) ap_set_flag_slot(cmd_parms *, char *, int);
-API_EXPORT_NONSTD(const char *) ap_set_file_slot(cmd_parms *, char *, char *);
-
-/* For modules which need to read config files, open logs, etc. ...
- * this returns the fname argument if it begins with '/'; otherwise
- * it relativizes it wrt server_root.
- */
-
-API_EXPORT(char *) ap_server_root_relative(pool *p, char *fname);
-
-/* Finally, the hook for dynamically loading modules in... */
-
-API_EXPORT(void) ap_add_module(module *m);
-API_EXPORT(void) ap_remove_module(module *m);
-API_EXPORT(void) ap_add_loaded_module(module *mod);
-API_EXPORT(void) ap_remove_loaded_module(module *mod);
-API_EXPORT(int) ap_add_named_module(const char *name);
-API_EXPORT(void) ap_clear_module_list(void);
-API_EXPORT(const char *) ap_find_module_name(module *m);
-API_EXPORT(module *) ap_find_linked_module(const char *name);
-
-/* for implementing subconfigs and customized config files */
-API_EXPORT(const char *) ap_srm_command_loop(cmd_parms *parms, void *config);
-
-#ifdef CORE_PRIVATE
-
-extern API_VAR_EXPORT module *top_module;
-
-extern module *ap_prelinked_modules[];
-extern module *ap_preloaded_modules[];
-extern API_VAR_EXPORT module **ap_loaded_modules;
-
-/* For mod_so.c... */
-
-API_EXPORT(void) ap_single_module_configure(pool *p, server_rec *s, module *m);
-
-/* For http_main.c... */
-
-API_EXPORT(server_rec *) ap_read_config(pool *conf_pool, pool *temp_pool,
-    char *config_name);
-API_EXPORT(void) ap_init_modules(pool *p, server_rec *s);
-API_EXPORT(void) ap_child_init_modules(pool *p, server_rec *s);
-API_EXPORT(void) ap_child_exit_modules(pool *p, server_rec *s);
-API_EXPORT(void) ap_setup_prelinked_modules(void);
-API_EXPORT(void) ap_show_directives(void);
-API_EXPORT(void) ap_show_modules(void);
-void ap_cleanup_method_ptrs(void);
-
-/* For http_request.c... */
-
-CORE_EXPORT(void *) ap_create_request_config(pool *p);
-CORE_EXPORT(void *) ap_create_per_dir_config(pool *p);
-CORE_EXPORT(void *) ap_merge_per_dir_configs(pool *p, void *base, void *new);
-
-/* For http_core.c... (<Directory> command and virtual hosts) */
-
-CORE_EXPORT(int) ap_parse_htaccess(void **result, request_rec *r, int override,
-    const char *path, const char *access_name);
-
-CORE_EXPORT(const char *) ap_init_virtual_host(pool *p, const char *hostname,
-    server_rec *main_server, server_rec **);
-CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname,
-    pool *p, pool *ptemp);
-
-/* ap_check_cmd_context() definitions: */
-API_EXPORT(const char *) ap_check_cmd_context(cmd_parms *cmd,
-    unsigned forbidden);
-
-/* ap_check_cmd_context():              Forbidden in: */
-#define  NOT_IN_VIRTUALHOST     0x01 /* <Virtualhost> */
-#define  NOT_IN_LIMIT           0x02 /* <Limit> */
-#define  NOT_IN_DIRECTORY       0x04 /* <Directory> */
-#define  NOT_IN_LOCATION        0x08 /* <Location> */
-#define  NOT_IN_FILES           0x10 /* <Files> */
-#define  NOT_IN_DIR_LOC_FILE    (NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES) /* <Directory>/<Location>/<Files>*/
-#define  GLOBAL_ONLY      (NOT_IN_VIRTUALHOST|NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE)
-
-
-/* Module-method dispatchers, also for http_request.c */
-
-API_EXPORT(int) ap_translate_name(request_rec *);
-/* check access on non-auth basis */
-API_EXPORT(int) ap_check_access(request_rec *);
-/* obtain valid username from client auth */
-API_EXPORT(int) ap_check_user_id(request_rec *);
-/* check (validated) user is authorized here */
-API_EXPORT(int) ap_check_auth(request_rec *);
-/* identify MIME type */
-API_EXPORT(int) ap_find_types(request_rec *);
-/* poke around for other metainfo, etc.... */
-API_EXPORT(int) ap_run_fixups(request_rec *);
-API_EXPORT(int) ap_invoke_handler(request_rec *);
-API_EXPORT(int) ap_log_transaction(request_rec *r);
-API_EXPORT(int) ap_header_parse(request_rec *);
-API_EXPORT(int) ap_run_post_read_request(request_rec *);
-
-/* for mod_perl */
-
-CORE_EXPORT(const command_rec *) ap_find_command(const char *name,
-    const command_rec *cmds);
-CORE_EXPORT(const command_rec *) ap_find_command_in_modules(const char
-    *cmd_name, module **mod);
-CORE_EXPORT(void *) ap_set_config_vectors(cmd_parms *parms, void *config,
-    module *mod);
-CORE_EXPORT(const char *) ap_handle_command(cmd_parms *parms, void *config,
-    const char *l);
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_CONFIG_H */
diff --git a/usr.sbin/httpd/src/include/http_core.h b/usr.sbin/httpd/src/include/http_core.h
deleted file mode 100644
index 07fcd1fff11..00000000000
--- a/usr.sbin/httpd/src/include/http_core.h
+++ /dev/null
@@ -1,356 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_CORE_H
-#define APACHE_HTTP_CORE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*****************************************************************
- *
- * The most basic server code is encapsulated in a single module
- * known as the core, which is just *barely* functional enough to
- * serve documents, though not terribly well.
- *
- * Largely for NCSA back-compatibility reasons, the core needs to
- * make pieces of its config structures available to other modules.
- * The accessors are declared here, along with the interpretation
- * of one of them (allow_options).
- */
-
-#define OPT_NONE 0
-#define OPT_INDEXES 1
-#define OPT_INCLUDES 2
-#define OPT_SYM_LINKS 4
-#define OPT_EXECCGI 8
-#define OPT_UNSET 16
-#define OPT_INCNOEXEC 32
-#define OPT_SYM_OWNER 64
-#define OPT_MULTI 128
-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)
-
-/* options for get_remote_host() */
-/* REMOTE_HOST returns the hostname, or NULL if the hostname
- * lookup fails.  It will force a DNS lookup according to the
- * HostnameLookups setting.
- */
-#define REMOTE_HOST (0)
-
-/* REMOTE_NAME returns the hostname, or the dotted quad if the
- * hostname lookup fails.  It will force a DNS lookup according
- * to the HostnameLookups setting.
- */
-#define REMOTE_NAME (1)
-
-/* REMOTE_NOLOOKUP is like REMOTE_NAME except that a DNS lookup is
- * never forced.
- */
-#define REMOTE_NOLOOKUP (2)
-
-/* REMOTE_DOUBLE_REV will always force a DNS lookup, and also force
- * a double reverse lookup, regardless of the HostnameLookups
- * setting.  The result is the (double reverse checked) hostname,
- * or NULL if any of the lookups fail.
- */
-#define REMOTE_DOUBLE_REV (3)
-
-#define SATISFY_ALL 0
-#define SATISFY_ANY 1
-#define SATISFY_NOSPEC 2
-
-/* default maximum of internal redirects */
-# define AP_DEFAULT_MAX_INTERNAL_REDIRECTS 20
-
-/* default maximum subrequest nesting level */
-# define AP_DEFAULT_MAX_SUBREQ_DEPTH 20
-
-API_EXPORT(int) ap_allow_options (request_rec *);
-API_EXPORT(int) ap_allow_overrides (request_rec *);
-API_EXPORT(const char *) ap_default_type (request_rec *);     
-API_EXPORT(const char *) ap_document_root (request_rec *); /* Don't use this!  If your request went
-				      * through a Userdir, or something like
-				      * that, it'll screw you.  But it's
-				      * back-compatible...
-				      */
-API_EXPORT(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int type);
-API_EXPORT(const char *) ap_get_remote_logname(request_rec *r);
-
-/* Used for constructing self-referencing URLs, and things like SERVER_PORT,
- * and SERVER_NAME.
- */
-API_EXPORT(char *) ap_construct_url(pool *p, const char *uri, request_rec *r);
-API_EXPORT(const char *) ap_get_server_name(request_rec *r);
-API_EXPORT(unsigned) ap_get_server_port(const request_rec *r);
-API_EXPORT(unsigned long) ap_get_limit_req_body(const request_rec *r);
-API_EXPORT(void) ap_custom_response(request_rec *r, int status, char *string);
-API_EXPORT(int) ap_exists_config_define(char *name);
-
-/* Check if the current request is beyond the configured max. number of redirects or subrequests
- * @param r The current request
- * @return true (is exceeded) or false
- */
-API_EXPORT(int) ap_is_recursion_limit_exceeded(const request_rec *r);
-
-/* Authentication stuff.  This is one of the places where compatibility
- * with the old config files *really* hurts; they don't discriminate at
- * all between different authentication schemes, meaning that we need
- * to maintain common state for all of them in the core, and make it
- * available to the other modules through interfaces.
- */
-    
-typedef struct {
-    int method_mask;
-    char *requirement;
-} require_line;
-     
-API_EXPORT(const char *) ap_auth_type (request_rec *);
-API_EXPORT(const char *) ap_auth_name (request_rec *);     
-API_EXPORT(const char *) ap_auth_nonce (request_rec *);
-API_EXPORT(int) ap_satisfies (request_rec *r);
-API_EXPORT(const array_header *) ap_requires (request_rec *);    
-
-#ifdef CORE_PRIVATE
-
-/*
- * Core is also unlike other modules in being implemented in more than
- * one file... so, data structures are declared here, even though most of
- * the code that cares really is in http_core.c.  Also, another accessor.
- */
-
-API_EXPORT(char *) ap_response_code_string (request_rec *r, int error_index);
-
-extern API_VAR_EXPORT module core_module;
-
-/* Per-directory configuration */
-
-typedef unsigned char allow_options_t;
-typedef unsigned char overrides_t;
-/*
- * Bits of info that go into making an ETag for a file
- * document.  Why a long?  Because char historically
- * proved too short for Options, and int can be different
- * sizes on different platforms.
- */
-typedef unsigned long etag_components_t;
-
-#define ETAG_UNSET 0
-#define ETAG_NONE  (1 << 0)
-#define ETAG_MTIME (1 << 1)
-#define ETAG_INODE (1 << 2)
-#define ETAG_SIZE  (1 << 3)
-#define ETAG_BACKWARD (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
-#define ETAG_ALL   (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
-
-typedef enum {
-    AP_FLAG_UNSET = 0,
-    AP_FLAG_ON = 1,
-    AP_FLAG_OFF = 2
-} ap_flag_e;
-
-typedef struct {
-    /* path of the directory/regex/etc.  see also d_is_fnmatch below */
-    char *d;
-    /* the number of slashes in d */
-    unsigned d_components;
-
-    /* If (opts & OPT_UNSET) then no absolute assignment to options has
-     * been made.
-     * invariant: (opts_add & opts_remove) == 0
-     * Which said another way means that the last relative (options + or -)
-     * assignment made to each bit is recorded in exactly one of opts_add
-     * or opts_remove.
-     */
-    allow_options_t opts;
-    allow_options_t opts_add;
-    allow_options_t opts_remove;
-    overrides_t override;
-    
-    /* MIME typing --- the core doesn't do anything at all with this,
-     * but it does know what to slap on a request for a document which
-     * goes untyped by other mechanisms before it slips out the door...
-     */
-    
-    char *ap_default_type;
-  
-    /* Authentication stuff.  Groan... */
-    
-    int satisfy;
-    char *ap_auth_type;
-    char *ap_auth_name;
-    array_header *ap_requires;
-
-    /* Custom response config. These can contain text or a URL to redirect to.
-     * if response_code_strings is NULL then there are none in the config,
-     * if it's not null then it's allocated to sizeof(char*)*RESPONSE_CODES.
-     * This lets us do quick merges in merge_core_dir_configs().
-     */
-  
-    char **response_code_strings;
-
-    /* Hostname resolution etc */
-#define HOSTNAME_LOOKUP_OFF	0
-#define HOSTNAME_LOOKUP_ON	1
-#define HOSTNAME_LOOKUP_DOUBLE	2
-#define HOSTNAME_LOOKUP_UNSET	3
-    unsigned int hostname_lookups : 4;
-
-    signed int do_rfc1413 : 2;   /* See if client is advertising a username? */
-
-    signed int content_md5 : 2;  /* calculate Content-MD5? */
-
-#define USE_CANONICAL_NAME_OFF   (0)
-#define USE_CANONICAL_NAME_ON    (1)
-#define USE_CANONICAL_NAME_DNS   (2)
-#define USE_CANONICAL_NAME_UNSET (3)
-    unsigned use_canonical_name : 2;
-
-    /* since is_fnmatch(conf->d) was being called so frequently in
-     * directory_walk() and its relatives, this field was created and
-     * is set to the result of that call.
-     */
-    unsigned d_is_fnmatch : 1;
-
-    /* should we force a charset on any outgoing parameterless content-type?
-     * if so, which charset?
-     */
-#define ADD_DEFAULT_CHARSET_OFF   (0)
-#define ADD_DEFAULT_CHARSET_ON    (1)
-#define ADD_DEFAULT_CHARSET_UNSET (2)
-    unsigned add_default_charset : 2;
-    char *add_default_charset_name;
-
-    /* System Resource Control */
-    struct rlimit *limit_cpu;
-    struct rlimit *limit_mem;
-    struct rlimit *limit_nproc;
-    struct rlimit *limit_nofile;
-    unsigned long limit_req_body;  /* limit on bytes in request msg body */
-
-    /* logging options */
-    enum { srv_sig_unset, srv_sig_off, srv_sig_on,
-	    srv_sig_withmail } server_signature;
-    int loglevel;
-    
-    /* Access control */
-    array_header *sec;
-    regex_t *r;
-
-    
-
-    /*
-     * What attributes/data should be included in ETag generation?
-     */
-    etag_components_t etag_bits;
-    etag_components_t etag_add;
-    etag_components_t etag_remove;
-
-    /*
-     * Do we allow ISINDEX CGI scripts to pass their query argument as
-     * direct command line parameters or argv elements?
-     */
-    ap_flag_e cgi_command_args;
-
-    /* Digest auth. */
-    char *ap_auth_nonce;
-
-} core_dir_config;
-
-/* Per-server core configuration */
-
-typedef struct {
-  
-#ifdef GPROF
-    char *gprof_dir;
-#endif
-
-    /* Name translations --- we want the core to be able to do *something*
-     * so it's at least a minimally functional web server on its own (and
-     * can be tested that way).  But let's keep it to the bare minimum:
-     */
-    char *ap_document_root;
-  
-    /* Access control */
-
-    char *access_name;
-    array_header *sec;
-    array_header *sec_url;
-
-    /* recursion backstopper */
-    int recursion_limit_set; /* boolean */
-    int redirect_limit;      /* maximum number of internal redirects */
-    int subreq_limit;        /* maximum nesting level of subrequests */
-} core_server_config;
-
-/* for http_config.c */
-CORE_EXPORT(void) ap_core_reorder_directories(pool *, server_rec *);
-
-/* for mod_perl */
-CORE_EXPORT(void) ap_add_per_dir_conf (server_rec *s, void *dir_config);
-CORE_EXPORT(void) ap_add_per_url_conf (server_rec *s, void *url_config);
-CORE_EXPORT(void) ap_add_file_conf(core_dir_config *conf, void *url_config);
-CORE_EXPORT_NONSTD(const char *) ap_limit_section (cmd_parms *cmd, void *dummy, const char *arg);
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_CORE_H */
diff --git a/usr.sbin/httpd/src/include/http_log.h b/usr.sbin/httpd/src/include/http_log.h
deleted file mode 100644
index f6fb9065700..00000000000
--- a/usr.sbin/httpd/src/include/http_log.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/* $OpenBSD: http_log.h,v 1.11 2005/06/15 00:00:16 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_LOG_H
-#define APACHE_HTTP_LOG_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <syslog.h>
-
-#define APLOG_EMERG     LOG_EMERG     /* system is unusable */
-#define APLOG_ALERT     LOG_ALERT     /* action must be taken immediately */
-#define APLOG_CRIT      LOG_CRIT      /* critical conditions */
-#define APLOG_ERR       LOG_ERR       /* error conditions */
-#define APLOG_WARNING   LOG_WARNING   /* warning conditions */
-#define APLOG_NOTICE    LOG_NOTICE    /* normal but significant condition */
-#define APLOG_INFO      LOG_INFO      /* informational */
-#define APLOG_DEBUG     LOG_DEBUG     /* debug-level messages */
-
-#define APLOG_LEVELMASK LOG_PRIMASK   /* mask off the level value */
-
-#define APLOG_NOERRNO		(APLOG_LEVELMASK + 1)
-
-#ifndef DEFAULT_LOGLEVEL
-#define DEFAULT_LOGLEVEL	APLOG_WARNING
-#endif
-
-#define APLOG_MARK	__FILE__,0
-
-API_EXPORT(void) ap_open_logs (server_rec *, pool *p);
-
-/* The two primary logging functions, ap_log_error and ap_log_rerror,
- * use a printf style format string to build the log message.  It is
- * VERY IMPORTANT that you not include any raw data from the network,
- * such as the request-URI or request header fields, within the format
- * string.  Doing so makes the server vulnerable to a denial-of-service
- * attack and other messy behavior.  Instead, use a simple format string
- * like "%s", followed by the string containing the untrusted data.
- */
-API_EXPORT_NONSTD(void) ap_log_error(const char *file, int line, int level,
-    const server_rec *s, const char *fmt, ...)
-   __attribute__((format(printf,5,6)));
-API_EXPORT_NONSTD(void) ap_log_rerror(const char *file, int line, int level,
-    const request_rec *s, const char *fmt, ...)
-    __attribute__((format(printf,5,6)));
-API_EXPORT(void) ap_error_log2stderr (server_rec *);
-
-API_EXPORT(void) ap_log_pid (pool *p, char *fname);
-/* These are for legacy code, new code should use ap_log_error,
- * or ap_log_rerror.
- */
-API_EXPORT(void) ap_log_error_old(const char *err, server_rec *s);
-API_EXPORT(void) ap_log_unixerr(const char *routine, const char *file,
-    const char *msg, server_rec *s);
-API_EXPORT_NONSTD(void) ap_log_printf(const server_rec *s, const char *fmt, ...)
-    __attribute__((format(printf,2,3)));
-API_EXPORT(void) ap_log_reason(const char *reason, const char *fname,
-    request_rec *r);
-
-typedef struct piped_log {
-	pool *p;
-	char *program;
-	int pid;
-	int fds[2];
-} piped_log;
-
-API_EXPORT(piped_log *) ap_open_piped_log (pool *p, const char *program);
-API_EXPORT(void) ap_close_piped_log (piped_log *);
-#define ap_piped_log_read_fd(pl)	((pl)->fds[0])
-#define ap_piped_log_write_fd(pl)	((pl)->fds[1])
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_LOG_H */
diff --git a/usr.sbin/httpd/src/include/http_main.h b/usr.sbin/httpd/src/include/http_main.h
deleted file mode 100644
index 6f3c02aa550..00000000000
--- a/usr.sbin/httpd/src/include/http_main.h
+++ /dev/null
@@ -1,183 +0,0 @@
-/* $OpenBSD: http_main.h,v 1.13 2006/03/22 13:19:19 ray Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_MAIN_H
-#define APACHE_HTTP_MAIN_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Routines in http_main.c which other code --- in particular modules ---
- * may want to call.  Right now, that's limited to timeout handling.
- * There are two functions which modules can call to trigger a timeout
- * (with the per-virtual-server timeout duration); these are hard_timeout
- * and soft_timeout.
- *
- * The difference between the two is what happens when the timeout
- * expires (or earlier than that, if the client connection aborts) ---
- * a soft_timeout just puts the connection to the client in an
- * "aborted" state, which will cause http_protocol.c to stop trying to
- * talk to the client, but otherwise allows the code to continue normally.
- * hard_timeout(), by contrast, logs the request, and then aborts it
- * completely --- longjmp()ing out to the accept() loop in http_main.
- * Any resources tied into the request's resource pool will be cleaned up;
- * everything that isn't will leak.
- *
- * soft_timeout() is recommended as a general rule, because it gives your
- * code a chance to clean up.  However, hard_timeout() may be the most
- * convenient way of dealing with timeouts waiting for some external
- * resource other than the client, if you can live with the restrictions.
- *
- * (When a hard timeout is in scope, critical sections can be guarded
- * with block_alarms() and unblock_alarms() --- these are declared in
- * alloc.c because they are most often used in conjunction with
- * routines to allocate something or other, to make sure that the
- * cleanup does get registered before any alarm is allowed to happen
- * which might require it to be cleaned up; they * are, however,
- * implemented in http_main.c).
- *
- * NOTE!  It's not "fair" for a hard_timeout to be in scope through calls
- * across modules.  Your module code really has no idea what other modules may
- * be present in the server, and they may not take too kindly to having a
- * longjmp() happen -- it could result in corrupted state.  Heck they may not
- * even take to kindly to a soft_timeout()... because it can cause EINTR to
- * happen on pretty much any syscall, and unless all the libraries and modules
- * in use are known to deal well with EINTR it could cause corruption as well.
- * But things are likely to do much better with a soft_timeout in scope than a
- * hard_timeout.
- * 
- * A module MAY NOT use a hard_timeout() across * sub_req_lookup_xxx()
- * functions, or across run_sub_request() functions.  A module SHOULD NOT use a
- * soft_timeout() in either of these cases, but sometimes there's just no
- * choice.
- *
- * kill_timeout() will disarm either variety of timeout.
- *
- * reset_timeout() resets the timeout in progress.
- */
-
-API_EXPORT(void) ap_start_shutdown(void);
-API_EXPORT(void) ap_start_restart(int);
-API_EXPORT(void) ap_hard_timeout(char *, request_rec *);
-API_EXPORT(void) ap_keepalive_timeout(char *, request_rec *);
-API_EXPORT(void) ap_soft_timeout(char *, request_rec *);
-API_EXPORT(void) ap_kill_timeout(request_rec *);
-API_EXPORT(void) ap_reset_timeout(request_rec *);
-
-API_EXPORT(void) ap_child_terminate(request_rec *r);
-API_EXPORT(int) ap_update_child_status(int child_num, int status,
-    request_rec *r);
-void ap_time_process_request(int child_num, int status);
-API_EXPORT(unsigned int) ap_set_callback_and_alarm(void (*fn) (int), int x);
-API_EXPORT(int) ap_check_alarm(void);
-API_EXPORT(void) ap_server_strip_chroot(char *, int);
-API_EXPORT(int) ap_server_is_chrooted(void);
-API_EXPORT(int) ap_server_chroot_desired(void);
-
-void setup_signal_names(char *prefix);
-
-/* functions for determination and setting of accept() mutexing */
-char *ap_default_mutex_method(void);
-char *ap_init_mutex_method(char *t);
-
-/*
- * register an other_child -- a child which the main loop keeps track of
- * and knows it is different than the rest of the scoreboard.
- *
- * pid is the pid of the child.
- *
- * maintenance is a function that is invoked with a reason, the data
- * pointer passed here, and when appropriate a status result from waitpid().
- *
- * write_fd is an fd that is probed for writing by select() if it is ever
- * unwritable, then maintenance is invoked with reason OC_REASON_UNWRITABLE.
- * This is useful for log pipe children, to know when they've blocked.  To
- * disable this feature, use -1 for write_fd.
- */
-API_EXPORT(void) ap_register_other_child(int pid,
-    void (*maintenance) (int reason, void *data, ap_wait_t status),
-    void *data, int write_fd);
-#define OC_REASON_DEATH		0	/* child has died, caller must call
-					 * unregister still */
-#define OC_REASON_UNWRITABLE	1	/* write_fd is unwritable */
-#define OC_REASON_RESTART	2	/* a restart is occuring, perform
-					 * any necessary cleanup (including
-					 * sending a special signal to child)
-					 */
-#define OC_REASON_UNREGISTER	3	/* unregister has been called, do
-					 * whatever is necessary (including
-					 * kill the child) */
-#define OC_REASON_LOST		4	/* somehow the child exited without
-					 * us knowing ... buggy os? */
-
-/*
- * unregister an other_child.  Note that the data pointer is used here, and
- * is assumed to be unique per other_child.  This is because the pid and
- * write_fd are possibly killed off separately.
- */
-API_EXPORT(void) ap_unregister_other_child(void *data);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_MAIN_H */
diff --git a/usr.sbin/httpd/src/include/http_protocol.h b/usr.sbin/httpd/src/include/http_protocol.h
deleted file mode 100644
index d96be72703b..00000000000
--- a/usr.sbin/httpd/src/include/http_protocol.h
+++ /dev/null
@@ -1,233 +0,0 @@
-/* $OpenBSD: http_protocol.h,v 1.13 2010/02/23 08:15:27 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_PROTOCOL_H
-#define APACHE_HTTP_PROTOCOL_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Prototypes for routines which either talk directly back to the user,
- * or control the ones that eventually do.
- */
-
-/* Read a request and fill in the fields. */
-
-API_EXPORT(request_rec *) ap_read_request(conn_rec *c);
-
-/* Send a single HTTP header field */
-
-API_EXPORT_NONSTD(int) ap_send_header_field(request_rec *r,
-    const char *fieldname, const char *fieldval);
-
-/* Send the minimal part of an HTTP response header... but modules should be
- * very careful about using this, and should prefer ap_send_http_header().
- * Much of the HTTP/1.1 implementation correctness depends on code in
- * ap_send_http_header().
- */
-API_EXPORT(void) ap_basic_http_header(request_rec *r);
-
-/* Send the Status-Line and header fields for HTTP response */
-
-API_EXPORT(void) ap_send_http_header(request_rec *l);
-
-/* Send the response to special method requests */
-
-API_EXPORT(int) ap_send_http_trace(request_rec *r);
-API_EXPORT(int) ap_send_http_options(request_rec *r);
-
-/* Finish up stuff after a request */
-
-API_EXPORT(void) ap_finalize_request_protocol(request_rec *r);
-
-/* Send error back to client... last arg indicates error status in case
- * we get an error in the process of trying to deal with an ErrorDocument
- * to handle some other error.  In that case, we print the default report
- * for the first thing that went wrong, and more briefly report on the
- * problem with the ErrorDocument.
- */
-
-API_EXPORT(void) ap_send_error_response(request_rec *r, int recursive_error);
-
-/* Set last modified header line from the lastmod date of the associated file.
- * Also, set content length.
- *
- * May return an error status, typically USE_LOCAL_COPY (that when the
- * permit_cache argument is set to one).
- */
-
-API_EXPORT(int) ap_set_content_length(request_rec *r, off_t length);
-API_EXPORT(int) ap_set_keepalive(request_rec *r);
-API_EXPORT(time_t) ap_rationalize_mtime(request_rec *r, time_t mtime);
-API_EXPORT(char *) ap_make_etag(request_rec *r, int force_weak);
-API_EXPORT(void) ap_set_etag(request_rec *r);
-API_EXPORT(void) ap_set_last_modified(request_rec *r);
-API_EXPORT(int) ap_meets_conditions(request_rec *r);
-
-/* Other ways to send stuff at the client.  All of these keep track
- * of bytes_sent automatically.  This indirection is intended to make
- * it a little more painless to slide things like HTTP-NG packetization
- * underneath the main body of the code later.  In the meantime, it lets
- * us centralize a bit of accounting (bytes_sent).
- *
- * These also return the number of bytes written by the call.
- * They should only be called with a timeout registered, for obvious reaasons.
- * (Ditto the send_header stuff).
- */
-
-API_EXPORT(long) ap_send_fd(FILE *f, request_rec *r);
-API_EXPORT(long) ap_send_fd_length(FILE *f, request_rec *r, long length);
-
-API_EXPORT(long) ap_send_fb(BUFF *f, request_rec *r);
-API_EXPORT(long) ap_send_fb_length(BUFF *f, request_rec *r, long length);
-
-API_EXPORT(off_t) ap_send_mmap(void *mm, request_rec *r, off_t offset,
-                             off_t length);
-
-/* Hmmm... could macrofy these for now, and maybe forever, though the
- * definitions of the macros would get a whole lot hairier.
- */
-
-API_EXPORT(int) ap_rputc(int c, request_rec *r);
-API_EXPORT(int) ap_rputs(const char *str, request_rec *r);
-API_EXPORT(int) ap_rwrite(const void *buf, int nbyte, request_rec *r);
-API_EXPORT_NONSTD(int) ap_rvputs(request_rec *r,...);
-API_EXPORT(int) ap_vrprintf(request_rec *r, const char *fmt, va_list vlist);
-API_EXPORT_NONSTD(int) ap_rprintf(request_rec *r, const char *fmt,...)
-    __attribute__((format(printf,2,3)));
-API_EXPORT(int) ap_rflush(request_rec *r);
-
-/*
- * Index used in custom_responses array for a specific error code
- * (only use outside protocol.c is in getting them configured).
- */
-
-API_EXPORT(int) ap_index_of_response(int status);
-
-/* Reading a block of data from the client connection (e.g., POST arg) */
-
-API_EXPORT(int) ap_setup_client_block(request_rec *r, int read_policy);
-API_EXPORT(int) ap_should_client_block(request_rec *r);
-API_EXPORT(long) ap_get_client_block(request_rec *r, char *buffer, int bufsiz);
-API_EXPORT(int) ap_discard_request_body(request_rec *r);
-
-/* Sending a byterange */
-
-API_EXPORT(int) ap_set_byterange(request_rec *r);
-API_EXPORT(int) ap_each_byterange(request_rec *r, off_t *offset, off_t *length);
-
-/* Support for the Basic authentication protocol.  Note that there's
- * nothing that prevents these from being in mod_auth.c, except that other
- * modules which wanted to provide their own variants on finding users and
- * passwords for Basic auth (a fairly common request) would then require
- * mod_auth to be loaded or they wouldn't work.
- *
- * get_basic_auth_pw returns 0 (OK) if it set the 'pw' argument (and assured
- * a correct value in r->connection->user); otherwise it returns an error
- * code, either SERVER_ERROR if things are really confused, AUTH_REQUIRED
- * if no authentication at all seemed to be in use, or DECLINED if there
- * was authentication but it wasn't Basic (in which case, the caller should
- * presumably decline as well).
- *
- * note_basic_auth_failure arranges for the right stuff to be scribbled on
- * the HTTP return so that the client knows how to authenticate itself the
- * next time. As does note_digest_auth_failure for Digest auth.
- *
- * note_auth_failure does the same thing, but will call the correct one
- * based on the authentication type in use.
- *
- */
-
-API_EXPORT(void) ap_note_auth_failure(request_rec *r);
-API_EXPORT(void) ap_note_basic_auth_failure(request_rec *r);
-API_EXPORT(void) ap_note_digest_auth_failure(request_rec *r);
-API_EXPORT(int) ap_get_basic_auth_pw(request_rec *r, const char **pw);
-
-/*
- * Setting up the protocol fields for subsidiary requests...
- * Also, a wrapup function to keep the internal accounting straight.
- */
-
-API_EXPORT(void) ap_set_sub_req_protocol(request_rec *rnew,
-    const request_rec *r);
-API_EXPORT(void) ap_finalize_sub_req_protocol(request_rec *sub_r);
-
-/* This is also useful for putting sub_reqs and internal_redirects together */
-
-CORE_EXPORT(void) ap_parse_uri(request_rec *r, const char *uri);
-
-/* Get the method number associated with the given string, assumed to
- * contain an HTTP method.  Returns M_INVALID if not recognized.
- */
-API_EXPORT(int) ap_method_number_of(const char *method);
-
-API_EXPORT(int) ap_getline(char *s, int n, BUFF *in, int fold);
-
-API_EXPORT(long) ap_get_chunk_size(char *b);
-
-API_EXPORT(void) ap_init_etag(pool *pconf);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_PROTOCOL_H */
diff --git a/usr.sbin/httpd/src/include/http_request.h b/usr.sbin/httpd/src/include/http_request.h
deleted file mode 100644
index a2463b5290c..00000000000
--- a/usr.sbin/httpd/src/include/http_request.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/* $OpenBSD: http_request.h,v 1.8 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_REQUEST_H
-#define APACHE_HTTP_REQUEST_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* http_request.c is the code which handles the main line of request
- * processing, once a request has been read in (finding the right per-
- * directory configuration, building it if necessary, and calling all
- * the module dispatch functions in the right order).
- *
- * The pieces here which are public to the modules, allow them to learn
- * how the server would handle some other file or URI, or perhaps even
- * direct the server to serve that other file instead of the one the
- * client requested directly.
- *
- * There are two ways to do that.  The first is the sub_request mechanism,
- * which handles looking up files and URIs as adjuncts to some other
- * request (e.g., directory entries for multiviews and directory listings);
- * the lookup functions stop short of actually running the request, but
- * (e.g., for includes), a module may call for the request to be run
- * by calling run_sub_req.  The space allocated to create sub_reqs can be
- * reclaimed by calling destroy_sub_req --- be sure to copy anything you care
- * about which was allocated in its pool elsewhere before doing this.
- */
-
-API_EXPORT(request_rec *) ap_sub_req_lookup_uri(const char *new_file,
-    const request_rec *r);
-API_EXPORT(request_rec *) ap_sub_req_lookup_file(const char *new_file,
-    const request_rec *r);
-API_EXPORT(request_rec *) ap_sub_req_method_uri(const char *method,
-    const char *new_file, const request_rec *r);
-API_EXPORT(int) ap_run_sub_req(request_rec *r);
-API_EXPORT(void) ap_destroy_sub_req(request_rec *r);
-
-/*
- * Then there's the case that you want some other request to be served
- * as the top-level request INSTEAD of what the client requested directly.
- * If so, call this from a handler, and then immediately return OK.
- */
-
-API_EXPORT(void) ap_internal_redirect(const char *new_uri, request_rec *);
-API_EXPORT(void) ap_internal_redirect_handler(const char *new_uri,
-    request_rec *);
-API_EXPORT(int) ap_some_auth_required(request_rec *r);
-API_EXPORT(int) ap_is_initial_req(request_rec *r);
-API_EXPORT(time_t) ap_update_mtime(request_rec *r, time_t dependency_mtime);
-
-#ifdef CORE_PRIVATE
-/* Function called by main.c to handle first-level request */
-API_EXPORT(void) ap_process_request(request_rec *);
-API_EXPORT(void) ap_die(int type, request_rec *r);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_REQUEST_H */
diff --git a/usr.sbin/httpd/src/include/http_vhost.h b/usr.sbin/httpd/src/include/http_vhost.h
deleted file mode 100644
index 1ff99faee40..00000000000
--- a/usr.sbin/httpd/src/include/http_vhost.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $OpenBSD: http_vhost.h,v 1.8 2008/05/09 08:06:28 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_VHOST_H
-#define APACHE_HTTP_VHOST_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* called before any config is read */
-API_EXPORT(void) ap_init_vhost_config(pool *p);
-
-/* called after the config has been read */
-API_EXPORT(void) ap_fini_vhost_config(pool *p, server_rec *main_server);
-
-/* handle addresses in <VirtualHost> statement */
-API_EXPORT(const char *) ap_parse_vhost_addrs(pool *p, const char *hostname,
-    server_rec *s);
-
-/* handle NameVirtualHost directive */
-API_EXPORT_NONSTD(const char *) ap_set_name_virtual_host (cmd_parms *cmd,
-    void *dummy, char *h, char *p);
-
-/* given an ip address only, give our best guess as to what vhost it is */
-API_EXPORT(void) ap_update_vhost_given_ip(conn_rec *conn);
-
-/* The above is never enough, and this is always called after the headers
- * have been read.  It may change r->server.
- */
-API_EXPORT(void) ap_update_vhost_from_headers(request_rec *r);
-
-/* return 1 if the host:port matches any of the aliases of r->server
- * return 0 otherwise
- */
-API_EXPORT(int) ap_matches_request_vhost(request_rec *r, const char *host,
-    unsigned port);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_VHOST_H */
diff --git a/usr.sbin/httpd/src/include/httpd.h b/usr.sbin/httpd/src/include/httpd.h
deleted file mode 100644
index 3d682b339e5..00000000000
--- a/usr.sbin/httpd/src/include/httpd.h
+++ /dev/null
@@ -1,1178 +0,0 @@
-/* $OpenBSD: httpd.h,v 1.30 2010/02/25 07:49:53 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTPD_H
-#define APACHE_HTTPD_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Define APACHE6 so that additional modules depending on Apache can
- * tell if this a pacthed apache-1.3.*. With this definition apache6
- * is working together with e.g. the ap-perl module in NetBSD.
- */
-#define APACHE6 1
-
-/*
- * httpd.h: header for simple (ha! not anymore) http daemon
- */
-
-/* Headers in which EVERYONE has an interest... */
-
-#include "ap_config.h"
-#include "ap_mm.h"
-#include "ap_alloc.h"
-/*
- * Include the Extended API headers.
- * Don't move the position. It has to be after ap_alloc.h because it uses the
- * pool stuff but before buff.h because the buffer stuff uses the EAPI, too.
- */
-#include "ap_hook.h"
-#include "ap_ctx.h"
-#include "buff.h"
-#include "ap.h"
-
-/* ----------------------------- config dir ------------------------------ */
-
-/* Define this to be the default server home dir. Most things later in this
- * file with a relative pathname will have this added.
- */
-#ifndef HTTPD_ROOT
-#define HTTPD_ROOT "/usr/local/apache"
-#endif /* HTTPD_ROOT */
-
-/* Default location of documents.  Can be overridden by the DocumentRoot
- * directive.
- */
-#ifndef DOCUMENT_LOCATION
-#define DOCUMENT_LOCATION  HTTPD_ROOT "/htdocs"
-#endif /* DOCUMENT_LOCATION */
-
-/* Max. number of dynamically loaded modules */
-#ifndef DYNAMIC_MODULE_LIMIT
-#define DYNAMIC_MODULE_LIMIT 64
-#endif
-
-/* Default administrator's address */
-#define DEFAULT_ADMIN "[no address given]"
-
-/* The target name of the installed Apache */
-#ifndef TARGET
-#define TARGET "httpd"
-#endif
-
-/*
- * --------- You shouldn't have to edit anything below this line ----------
- *
- * Any modifications to any defaults not defined above should be done in the 
- * respective config. file.
- *
- */
-
-
-/* -- Internal representation for a HTTP protocol number, e.g., HTTP/1.1 -- */
-
-#define HTTP_VERSION(major,minor) (1000*(major)+(minor))
-#define HTTP_VERSION_MAJOR(number) ((number)/1000)
-#define HTTP_VERSION_MINOR(number) ((number)%1000)
-
-
-/* -------------- Port number for server running standalone --------------- */
-
-#define DEFAULT_HTTP_PORT	80
-#define DEFAULT_HTTPS_PORT	443
-#define ap_is_default_port(port,r)	((port) == ap_default_port(r))
-#define ap_http_method(r)   (((r)->ctx != NULL && ap_ctx_get((r)->ctx, \
-    "ap::http::method") != NULL) ? ((char *)ap_ctx_get((r)->ctx,       \
-    "ap::http::method")) : "http")
-#define ap_default_port(r)  (((r)->ctx != NULL && ap_ctx_get((r)->ctx, \
-    "ap::default::port") != NULL) ? atoi((char *)ap_ctx_get((r)->ctx,  \
-    "ap::default::port")) : DEFAULT_HTTP_PORT)
-
-/* --------- Default user name and group name running standalone ---------- */
-/* --- These may be specified as numbers by placing a # before a number --- */
-
-#ifndef DEFAULT_USER
-#define DEFAULT_USER "#-1"
-#endif
-#ifndef DEFAULT_GROUP
-#define DEFAULT_GROUP "#-1"
-#endif
-
-#ifndef DEFAULT_ERRORLOG
-#define DEFAULT_ERRORLOG "logs/error_log"
-#endif /* DEFAULT_ERRORLOG */
-
-#ifndef DEFAULT_PIDLOG
-#define DEFAULT_PIDLOG "logs/httpd.pid"
-#endif
-#ifndef DEFAULT_SCOREBOARD
-#define DEFAULT_SCOREBOARD "logs/apache_runtime_status"
-#endif
-#ifndef DEFAULT_LOCKFILE
-#define DEFAULT_LOCKFILE "logs/accept.lock"
-#endif
-
-/* Define this to be what your HTML directory content files are called */
-#ifndef DEFAULT_INDEX
-#define DEFAULT_INDEX "index.html"
-#endif
-
-/* Define this to 1 if you want fancy indexing, 0 otherwise */
-#ifndef DEFAULT_INDEXING
-#define DEFAULT_INDEXING 0
-#endif
-
-/* Define this to be what type you'd like returned for files with unknown */
-/* suffixes.  MUST be all lower case. */
-#ifndef DEFAULT_CONTENT_TYPE
-#define DEFAULT_CONTENT_TYPE "text/plain"
-#endif
-
-/* Define this to be what your per-directory security files are called */
-#ifndef DEFAULT_ACCESS_FNAME
-#define DEFAULT_ACCESS_FNAME ".htaccess"
-#endif /* DEFAULT_ACCESS_FNAME */
-
-/* The name of the server config file */
-#ifndef SERVER_CONFIG_FILE
-#define SERVER_CONFIG_FILE "conf/httpd.conf"
-#endif
-
-/* The name of the document config file */
-#ifndef RESOURCE_CONFIG_FILE
-#define RESOURCE_CONFIG_FILE "conf/srm.conf"
-#endif
-
-/* The name of the MIME types file */
-#ifndef TYPES_CONFIG_FILE
-#define TYPES_CONFIG_FILE "conf/mime.types"
-#endif
-
-/* The name of the access file */
-#ifndef ACCESS_CONFIG_FILE
-#define ACCESS_CONFIG_FILE "conf/access.conf"
-#endif
-
-/* Whether we should enable rfc1413 identity checking */
-#ifndef DEFAULT_RFC1413
-#define DEFAULT_RFC1413 0
-#endif
-/* The default directory in user's home dir */
-#ifndef DEFAULT_USER_DIR
-#define DEFAULT_USER_DIR "public_html"
-#endif
-
-/* The default path for CGI scripts if none is currently set */
-#ifndef DEFAULT_PATH
-#define DEFAULT_PATH "/bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin"
-#endif
-
-/* The path to the shell interpreter, for parsed docs */
-#ifndef SHELL_PATH
-#define SHELL_PATH "/bin/sh"
-#endif /* SHELL_PATH */
-
-/* The path to the suExec wrapper, can be overridden in Configuration */
-#ifndef SUEXEC_BIN
-#define SUEXEC_BIN  HTTPD_ROOT "/bin/suexec"
-#endif
-
-/* The default string lengths */
-#define MAX_STRING_LEN HUGE_STRING_LEN
-#define HUGE_STRING_LEN 8192
-
-/* The timeout for waiting for messages */
-#ifndef DEFAULT_TIMEOUT
-#define DEFAULT_TIMEOUT 300
-#endif
-
-/* The timeout for waiting for keepalive timeout until next request */
-#ifndef DEFAULT_KEEPALIVE_TIMEOUT
-#define DEFAULT_KEEPALIVE_TIMEOUT 15
-#endif
-
-/* The number of requests to entertain per connection */
-#ifndef DEFAULT_KEEPALIVE
-#define DEFAULT_KEEPALIVE 100
-#endif
-
-/* The size of the server's internal read-write buffers */
-#define IOBUFSIZE 8192
-
-/* The max number of regex captures that can be expanded by ap_pregsub */
-#define AP_MAX_REG_MATCH 10
-
-/* Number of servers to spawn off by default --- also, if fewer than
- * this free when the caretaker checks, it will spawn more.
- */
-#ifndef DEFAULT_START_DAEMON
-#define DEFAULT_START_DAEMON 5
-#endif
-
-/* Maximum number of *free* server processes --- more than this, and
- * they will die off.
- */
-
-#ifndef DEFAULT_MAX_FREE_DAEMON
-#define DEFAULT_MAX_FREE_DAEMON 10
-#endif
-
-/* Minimum --- fewer than this, and more will be created */
-
-#ifndef DEFAULT_MIN_FREE_DAEMON
-#define DEFAULT_MIN_FREE_DAEMON 5
-#endif
-
-/* Limit on the total --- clients will be locked out if more servers than
- * this are needed.  It is intended solely to keep the server from crashing
- * when things get out of hand.
- *
- * We keep a hard maximum number of servers, for two reasons --- first off,
- * in case something goes seriously wrong, we want to stop the fork bomb
- * short of actually crashing the machine we're running on by filling some
- * kernel table.  Secondly, it keeps the size of the scoreboard file small
- * enough that we can read the whole thing without worrying too much about
- * the overhead.
- */
-#ifndef HARD_SERVER_LIMIT
-#define HARD_SERVER_LIMIT 256
-#endif
-
-/*
- * Special Apache error codes. These are basically used
- *  in http_main.c so we can keep track of various errors.
- *
- *   APEXIT_OK:
- *     A normal exit
- *   APEXIT_INIT:
- *     A fatal error arising during the server's init sequence
- *   APEXIT_CHILDINIT:
- *     The child died during it's init sequence
- *   APEXIT_CHILDFATAL:
- *     A fatal error, resulting in the whole server aborting.
- *     If a child exits with this error, the parent process
- *     considers this a server-wide fatal error and aborts.
- *
- */
-#define APEXIT_OK		0x0
-#define APEXIT_INIT		0x2
-#define APEXIT_CHILDINIT	0x3
-#define APEXIT_CHILDFATAL	0xf
-
-/*
- * (Unix, OS/2 only)
- * Interval, in microseconds, between scoreboard maintenance.  During
- * each scoreboard maintenance cycle the parent decides if it needs to
- * spawn a new child (to meet MinSpareServers requirements), or kill off
- * a child (to meet MaxSpareServers requirements).  It will only spawn or
- * kill one child per cycle.  Setting this too low will chew cpu.  The
- * default is probably sufficient for everyone.  But some people may want
- * to raise this on servers which aren't dedicated to httpd and where they
- * don't like the httpd waking up each second to see what's going on.
- */
-#ifndef SCOREBOARD_MAINTENANCE_INTERVAL
-#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000
-#endif
-
-/*
- * Unix only:
- * Path to Shared Memory Files
- */
-#ifndef EAPI_MM_CORE_PATH
-#define EAPI_MM_CORE_PATH "logs/mm"
-#endif
-#ifndef EAPI_MM_CORE_MAXSIZE
-#define EAPI_MM_CORE_MAXSIZE 1024*1024*1 /* max. 1MB */
-#endif
-
-/* Number of requests to try to handle in a single process.  If <= 0,
- * the children don't die off.  That's the default here, since I'm still
- * interested in finding and stanching leaks.
- */
-
-#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD
-#define DEFAULT_MAX_REQUESTS_PER_CHILD 0
-#endif
-
-#ifndef DEFAULT_THREADS_PER_CHILD
-#define DEFAULT_THREADS_PER_CHILD 50
-#endif
-#ifndef DEFAULT_EXCESS_REQUESTS_PER_CHILD
-#define DEFAULT_EXCESS_REQUESTS_PER_CHILD 0
-#endif
-
-/* Constrain the rlimits of the child processes */
-#ifndef DEFAULT_MAX_CPU_PER_CHILD
-#define DEFAULT_MAX_CPU_PER_CHILD 0
-#endif
-#ifndef DEFAULT_MAX_DATA_PER_CHILD
-#define DEFAULT_MAX_DATA_PER_CHILD 0
-#endif
-#ifndef DEFAULT_MAX_NOFILE_PER_CHILD
-#define DEFAULT_MAX_NOFILE_PER_CHILD 0
-#endif
-#ifndef DEFAULT_MAX_RSS_PER_CHILD
-#define DEFAULT_MAX_RSS_PER_CHILD 0
-#endif
-#ifndef DEFAULT_MAX_STACK_PER_CHILD
-#define DEFAULT_MAX_STACK_PER_CHILD 0
-#endif
-
-/* The maximum length of the queue of pending connections, as defined
- * by listen(2).  Under some systems, it should be increased if you
- * are experiencing a heavy TCP SYN flood attack.
- *
- * It defaults to 511 instead of 512 because some systems store it
- * as an 8-bit datatype; 512 truncated to 8-bits is 0, while 511 is
- * 255 when truncated.
- */
-
-#ifndef DEFAULT_LISTENBACKLOG
-#define DEFAULT_LISTENBACKLOG 511
-#endif
-
-/* Limits on the size of various request items.  These limits primarily
- * exist to prevent simple denial-of-service attacks on a server based
- * on misuse of the protocol.  The recommended values will depend on the
- * nature of the server resources -- CGI scripts and database backends
- * might require large values, but most servers could get by with much
- * smaller limits than we use below.  The request message body size can
- * be limited by the per-dir config directive LimitRequestBody.
- *
- * Internal buffer sizes are two bytes more than the DEFAULT_LIMIT_REQUEST_LINE
- * and DEFAULT_LIMIT_REQUEST_FIELDSIZE below, which explains the 8190.
- * These two limits can be lowered (but not raised) by the server config
- * directives LimitRequestLine and LimitRequestFieldsize, respectively.
- *
- * DEFAULT_LIMIT_REQUEST_FIELDS can be modified or disabled (set = 0) by
- * the server config directive LimitRequestFields.
- */
-#ifndef DEFAULT_LIMIT_REQUEST_LINE
-#define DEFAULT_LIMIT_REQUEST_LINE 8190
-#endif /* default limit on bytes in Request-Line (Method+URI+HTTP-version) */
-#ifndef DEFAULT_LIMIT_REQUEST_FIELDSIZE
-#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8190
-#endif /* default limit on bytes in any one header field  */
-#ifndef DEFAULT_LIMIT_REQUEST_FIELDS
-#define DEFAULT_LIMIT_REQUEST_FIELDS 100
-#endif /* default limit on number of request header fields */
-
-/*
- * The default default character set name to add if AddDefaultCharset is
- * enabled.  Overridden with AddDefaultCharsetName.
- */
-#define DEFAULT_ADD_DEFAULT_CHARSET_NAME "iso-8859-1"
-
-/*
- * The below defines the base string of the Server: header. Additional
- * tokens can be added via the ap_add_version_component() API call.
- *
- * The tokens are listed in order of their significance for identifying the
- * application.
- *
- * "Product tokens should be short and to the point -- use of them for
- * advertizing or other non-essential information is explicitly forbidden."
- *
- * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
- */
-
-#define SERVER_BASEVENDOR   "Apache Group"
-#define SERVER_BASEPRODUCT  "Apache"
-#define SERVER_BASEREVISION "1.3.29"
-#define SERVER_BASEVERSION  SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
-
-#define SERVER_PRODUCT  SERVER_BASEPRODUCT
-#define SERVER_REVISION SERVER_BASEREVISION
-#define SERVER_VERSION  SERVER_PRODUCT "/" SERVER_REVISION
-enum server_token_type {
-	SrvTk_MIN,	   /* eg: Apache/1.3.0 */
-	SrvTk_OS,	   /* eg: Apache/1.3.0 (UNIX) */
-	SrvTk_FULL,	   /* eg: Apache/1.3.0 (UNIX) PHP/3.0 FooBar/1.2b */
-	SrvTk_PRODUCT_ONLY /* eg: Apache */
-};
-
-API_EXPORT(const char *) ap_get_server_version(void);
-API_EXPORT(void) ap_add_version_component(const char *component);
-API_EXPORT(const char *) ap_get_server_built(void);
-API_EXPORT(void) ap_add_config_define(const char *define);
-
-/* Numeric release version identifier: MMNNFFRBB: major minor fix final beta
- * Always increases along the same track as the source branch.
- * For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'.
- */
-#define APACHE_RELEASE 10329100
-
-#define SERVER_PROTOCOL "HTTP/1.1"
-#ifndef SERVER_SUPPORT
-#define SERVER_SUPPORT "http://www.apache.org/"
-#endif
-
-#define DECLINED -1		/* Module declines to handle */
-#define DONE -2			/* Module has served the response completely
-				 *  - it's safe to die() with no more output
-				 */
-#define OK 0			/* Module has handled this stage. */
-
-
-/* ----------------------- HTTP Status Codes  ------------------------- */
-
-/* The size of the static array in http_protocol.c for storing
- * all of the potential response status-lines (a sparse table).
- * A future version should dynamically generate the table at startup.
- */
-#define RESPONSE_CODES 55
-
-#define HTTP_CONTINUE                      100
-#define HTTP_SWITCHING_PROTOCOLS           101
-#define HTTP_PROCESSING                    102
-#define HTTP_OK                            200
-#define HTTP_CREATED                       201
-#define HTTP_ACCEPTED                      202
-#define HTTP_NON_AUTHORITATIVE             203
-#define HTTP_NO_CONTENT                    204
-#define HTTP_RESET_CONTENT                 205
-#define HTTP_PARTIAL_CONTENT               206
-#define HTTP_MULTI_STATUS                  207
-#define HTTP_MULTIPLE_CHOICES              300
-#define HTTP_MOVED_PERMANENTLY             301
-#define HTTP_MOVED_TEMPORARILY             302
-#define HTTP_SEE_OTHER                     303
-#define HTTP_NOT_MODIFIED                  304
-#define HTTP_USE_PROXY                     305
-#define HTTP_TEMPORARY_REDIRECT            307
-#define HTTP_BAD_REQUEST                   400
-#define HTTP_UNAUTHORIZED                  401
-#define HTTP_PAYMENT_REQUIRED              402
-#define HTTP_FORBIDDEN                     403
-#define HTTP_NOT_FOUND                     404
-#define HTTP_METHOD_NOT_ALLOWED            405
-#define HTTP_NOT_ACCEPTABLE                406
-#define HTTP_PROXY_AUTHENTICATION_REQUIRED 407
-#define HTTP_REQUEST_TIME_OUT              408
-#define HTTP_CONFLICT                      409
-#define HTTP_GONE                          410
-#define HTTP_LENGTH_REQUIRED               411
-#define HTTP_PRECONDITION_FAILED           412
-#define HTTP_REQUEST_ENTITY_TOO_LARGE      413
-#define HTTP_REQUEST_URI_TOO_LARGE         414
-#define HTTP_UNSUPPORTED_MEDIA_TYPE        415
-#define HTTP_RANGE_NOT_SATISFIABLE         416
-#define HTTP_EXPECTATION_FAILED            417
-#define HTTP_UNPROCESSABLE_ENTITY          422
-#define HTTP_LOCKED                        423
-#define HTTP_FAILED_DEPENDENCY             424
-#define HTTP_INTERNAL_SERVER_ERROR         500
-#define HTTP_NOT_IMPLEMENTED               501
-#define HTTP_BAD_GATEWAY                   502
-#define HTTP_SERVICE_UNAVAILABLE           503
-#define HTTP_GATEWAY_TIME_OUT              504
-#define HTTP_VERSION_NOT_SUPPORTED         505
-#define HTTP_VARIANT_ALSO_VARIES           506
-#define HTTP_INSUFFICIENT_STORAGE          507
-#define HTTP_NOT_EXTENDED                  510
-
-#define DOCUMENT_FOLLOWS    HTTP_OK
-#define PARTIAL_CONTENT     HTTP_PARTIAL_CONTENT
-#define MULTIPLE_CHOICES    HTTP_MULTIPLE_CHOICES
-#define MOVED               HTTP_MOVED_PERMANENTLY
-#define REDIRECT            HTTP_MOVED_TEMPORARILY
-#define USE_LOCAL_COPY      HTTP_NOT_MODIFIED
-#define BAD_REQUEST         HTTP_BAD_REQUEST
-#define AUTH_REQUIRED       HTTP_UNAUTHORIZED
-#define FORBIDDEN           HTTP_FORBIDDEN
-#define NOT_FOUND           HTTP_NOT_FOUND
-#define METHOD_NOT_ALLOWED  HTTP_METHOD_NOT_ALLOWED
-#define NOT_ACCEPTABLE      HTTP_NOT_ACCEPTABLE
-#define LENGTH_REQUIRED     HTTP_LENGTH_REQUIRED
-#define PRECONDITION_FAILED HTTP_PRECONDITION_FAILED
-#define SERVER_ERROR        HTTP_INTERNAL_SERVER_ERROR
-#define NOT_IMPLEMENTED     HTTP_NOT_IMPLEMENTED
-#define BAD_GATEWAY         HTTP_BAD_GATEWAY
-#define VARIANT_ALSO_VARIES HTTP_VARIANT_ALSO_VARIES
-
-#define ap_is_HTTP_INFO(x)         (((x) >= 100)&&((x) < 200))
-#define ap_is_HTTP_SUCCESS(x)      (((x) >= 200)&&((x) < 300))
-#define ap_is_HTTP_REDIRECT(x)     (((x) >= 300)&&((x) < 400))
-#define ap_is_HTTP_ERROR(x)        (((x) >= 400)&&((x) < 600))
-#define ap_is_HTTP_CLIENT_ERROR(x) (((x) >= 400)&&((x) < 500))
-#define ap_is_HTTP_SERVER_ERROR(x) (((x) >= 500)&&((x) < 600))
-
-#define ap_status_drops_connection(x) \
-                                   (((x) == HTTP_BAD_REQUEST)           || \
-                                    ((x) == HTTP_REQUEST_TIME_OUT)      || \
-                                    ((x) == HTTP_LENGTH_REQUIRED)       || \
-                                    ((x) == HTTP_REQUEST_ENTITY_TOO_LARGE) || \
-                                    ((x) == HTTP_REQUEST_URI_TOO_LARGE) || \
-                                    ((x) == HTTP_INTERNAL_SERVER_ERROR) || \
-                                    ((x) == HTTP_SERVICE_UNAVAILABLE) || \
-				    ((x) == HTTP_NOT_IMPLEMENTED))
-
-/* Methods recognized (but not necessarily handled) by the server.
- * These constants are used in bit shifting masks of size int, so it is
- * unsafe to have more methods than bits in an int.  HEAD == M_GET.
- */
-#define M_GET        0
-#define M_PUT        1
-#define M_POST       2
-#define M_DELETE     3
-#define M_CONNECT    4
-#define M_OPTIONS    5
-#define M_TRACE      6
-#define M_PATCH      7
-#define M_PROPFIND   8
-#define M_PROPPATCH  9
-#define M_MKCOL     10
-#define M_COPY      11
-#define M_MOVE      12
-#define M_LOCK      13
-#define M_UNLOCK    14
-#define M_INVALID   15
-
-#define METHODS     16
-
-#define CGI_MAGIC_TYPE "application/x-httpd-cgi"
-#define INCLUDES_MAGIC_TYPE "text/x-server-parsed-html"
-#define INCLUDES_MAGIC_TYPE3 "text/x-server-parsed-html3"
-#define MAP_FILE_MAGIC_TYPE "application/x-type-map"
-#define ASIS_MAGIC_TYPE "httpd/send-as-is"
-#define DIR_MAGIC_TYPE "httpd/unix-directory"
-#define STATUS_MAGIC_TYPE "application/x-httpd-status"
-
-/*
- * Define the HTML doctype strings centrally.
- */
-#define DOCTYPE_HTML_2_0  "<!DOCTYPE HTML PUBLIC \"-//IETF//" \
-                          "DTD HTML 2.0//EN\">\n"
-#define DOCTYPE_HTML_3_2  "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
-                          "DTD HTML 3.2 Final//EN\">\n"
-#define DOCTYPE_HTML_4_0S "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
-                          "DTD HTML 4.0//EN\"\n" \
-                          "\"http://www.w3.org/TR/REC-html40/strict.dtd\">\n"
-#define DOCTYPE_HTML_4_0T "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
-                          "DTD HTML 4.0 Transitional//EN\"\n" \
-                          "\"http://www.w3.org/TR/REC-html40/loose.dtd\">\n"
-#define DOCTYPE_HTML_4_0F "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
-                          "DTD HTML 4.0 Frameset//EN\"\n" \
-                          "\"http://www.w3.org/TR/REC-html40/frameset.dtd\">\n"
-
-/* Just in case your linefeed isn't the one the other end is expecting. */
-#define LF 10
-#define CR 13
-#define CRLF "\015\012"
-#define OS_ASC(c) (c)
-
-/* Possible values for request_rec.read_body (set by handling module):
- *    REQUEST_NO_BODY          Send 413 error if message has any body
- *    REQUEST_CHUNKED_ERROR    Send 411 error if body without Content-Length
- *    REQUEST_CHUNKED_DECHUNK  If chunked, remove the chunks for me.
- *    REQUEST_CHUNKED_PASS     Pass the chunks to me without removal.
- */
-#define REQUEST_NO_BODY          0
-#define REQUEST_CHUNKED_ERROR    1
-#define REQUEST_CHUNKED_DECHUNK  2
-#define REQUEST_CHUNKED_PASS     3
-
-/* Things which may vary per file-lookup WITHIN a request ---
- * e.g., state of MIME config.  Basically, the name of an object, info
- * about the object, and any other info we may ahve which may need to
- * change as we go poking around looking for it (e.g., overridden by
- * .htaccess files).
- *
- * Note how the default state of almost all these things is properly
- * zero, so that allocating it with pcalloc does the right thing without
- * a whole lot of hairy initialization... so long as we are willing to
- * make the (fairly) portable assumption that the bit pattern of a NULL
- * pointer is, in fact, zero.
- */
-
-/* This represents the result of calling htaccess; these are cached for
- * each request.
- */
-struct htaccess_result {
-	char *dir;	/* the directory to which this applies */
-	int override;	/* the overrides allowed for the .htaccess file */
-	void *htaccess;	/* the configuration directives */
-	/* the next one, or NULL if no more; N.B. never change this */
-	const struct htaccess_result *next;
-};
-
-typedef struct conn_rec conn_rec;
-typedef struct server_rec server_rec;
-typedef struct request_rec request_rec;
-typedef struct listen_rec listen_rec;
-
-#include "util_uri.h"
-
-enum proxyreqtype {
-    NOT_PROXY=0,
-    STD_PROXY,
-    PROXY_PASS
-};
-
-struct request_rec {
-
-	ap_pool *pool;
-	conn_rec *connection;
-	server_rec *server;
-
-	request_rec *next;		/* If we wind up getting redirected,
-				 * pointer to the request we redirected to.
-				 */
-	request_rec *prev;		/* If this is an internal redirect,
-				 * pointer to where we redirected *from*.
-				 */
-
-	request_rec *main;	/* If this is a sub_request (see request.h) 
-				 * pointer back to the main request.
-				 */
-
-	/* Info about the request itself... we begin with stuff that only
-	* protocol.c should ever touch...
-	*/
-
-	char *the_request;	/* First line of request, so we can log it */
-	int assbackwards;		/* HTTP/0.9, "simple" request */
-	enum proxyreqtype proxyreq;/* A proxy request (calculated during
-				 * post_read_request or translate_name) */
-	int header_only;		/* HEAD request, as opposed to GET */
-	char *protocol;		/* Protocol, as given to us, or HTTP/0.9 */
-	int proto_num;		/* Number version of protocol; 1.1 = 1001 */
-	const char *hostname;	/* Host, as set by full URI or Host: */
-
-	time_t request_time;	/* When the request started */
-
-	const char *status_line;	/* Status line, if set by script */
-	int status;			/* In any case */
-
-	/* Request method, two ways; also, protocol, etc..
-	* Outside of protocol.c,
-	* look, but don't touch.
-	*/
-
-	const char *method;		/* GET, HEAD, POST, etc. */
-	int method_number;		/* M_GET, M_POST, etc. */
-
-	/*
-	allowed is a bitvector of the allowed methods.
-
-	A handler must ensure that the request method is one that
-	it is capable of handling.  Generally modules should DECLINE
-	any request methods they do not handle.  Prior to aborting the
-	handler like this the handler should set r->allowed to the list
-	of methods that it is willing to handle.  This bitvector is used
-	to construct the "Allow:" header required for OPTIONS requests,
-	and METHOD_NOT_ALLOWED and NOT_IMPLEMENTED status codes.
-
-	Since the default_handler deals with OPTIONS, all modules can
-	usually decline to deal with OPTIONS.  TRACE is always allowed,
-	modules don't need to set it explicitly.
-
-	Since the default_handler will always handle a GET, a
-	module which does *not* implement GET should probably return
-	METHOD_NOT_ALLOWED.  Unfortunately this means that a Script GET
-	handler can't be installed by mod_actions.
-	*/
-	int allowed;		/* Allowed methods - for 405, OPTIONS, etc */
-
-	int sent_bodyct;		/* byte count in stream is for body */
-	off_t bytes_sent;		/* body byte count, for easy access */
-	time_t mtime;		/* Time the resource was last modified */
-
-	/* HTTP/1.1 connection-level features */
-
-	int chunked;		/* sending chunked transfer-coding */
-	int byterange;		/* number of byte ranges */
-	char *boundary;		/* multipart/byteranges boundary */
-	const char *range;		/* The Range: header */
-	off_t clength;		/* The "real" content length */
-
-	long remaining;		/* bytes left to read */
-	long read_length;		/* bytes that have been read */
-	int read_body;		/* how the request body should be read */
-	int read_chunked;		/* reading chunked transfer-coding */
-	unsigned expecting_100;	/* is client waiting for a 100 response? */
-
-	/* MIME header environments, in and out.  Also, an array containing
-	* environment variables to be passed to subprocesses, so people can
-	* write modules to add to that environment.
-	*
-	* The difference between headers_out and err_headers_out is that the
-	* latter are printed even on error, and persist across internal
-	* redirects (so the headers printed for ErrorDocument handlers will
-	* have them).
-	*
-	* The 'notes' table is for notes from one module to another, with no
-	* other set purpose in mind...
-	*/
-
-	table *headers_in;
-	table *headers_out;
-	table *err_headers_out;
-	table *subprocess_env;
-	table *notes;
-
-	/* content_type, handler, content_encoding, content_language, and all
-	* content_languages MUST be lowercased strings.  They may be pointers
-	* to static strings; they should not be modified in place.
-	*/
-	const char *content_type;	/* Break these out we dispatch on 'em */
-	const char *handler;	/* What we *really* dispatch on */
-
-	const char *content_encoding;
-	const char *content_language;	/* for back-compat. only- do not use */
-	array_header *content_languages;	/* array of (char*) */
-
-	char *vlist_validator;      /* variant list validator (if negotiated) */
-
-	int no_cache;
-	int no_local_copy;
-
-	/* What object is being requested (either directly, or via include
-	* or content-negotiation mapping).
-	*/
-
-	char *unparsed_uri;	/* the uri without any parsing performed */
-	char *uri;			/* the path portion of the URI */
-	char *filename;		/* filename if found, otherwise NULL */
-	char *path_info;
-	char *args;			/* QUERY_ARGS, if any */
-	struct stat finfo;	/* ST_MODE set to zero if no such file */
-	uri_components parsed_uri;	/* components of uri, dismantled */
-
-	/* Various other config info which may change with .htaccess files
-	* These are config vectors, with one void* pointer for each module
-	* (the thing pointed to being the module's business).
-	*/
-
-	void *per_dir_config;	/* Options set in config files, etc. */
-	void *request_config;	/* Notes on *this* request */
-
-	/*
-	* a linked list of the configuration directives in the .htaccess files
-	* accessed by this request.
-	* N.B. always add to the head of the list, _never_ to the end.
-	* that way, a sub request's list can (temporarily) point to a parent's
-	* list
-	*/
-	const struct htaccess_result *htaccess;
-
-	/* On systems with case insensitive file systems (Windows, OS/2, etc.),
-	* r->filename is case canonicalized (folded to either lower or upper
-	* case, depending on the specific system) to accomodate file access
-	* checking. case_preserved_filename is the same as r->filename
-	* except case is preserved. There is at least one instance where Apache
-	* needs access to the case preserved filename: Java class files
-	* published with WebDAV need to preserve filename case to make the
-	* Java compiler happy.
-	*/
-	char *case_preserved_filename;
-
-	/* Things placed at the end of the record to avoid breaking binary
-	* compatibility.  It would be nice to remember to reorder the entire
-	* record to improve 64bit alignment the next time we need to break
-	* binary compatibility for some other reason.
-	*/
-
-	ap_ctx *ctx;
-};
-
-
-/* Things which are per connection
- */
-
-struct conn_rec {
-
-	ap_pool *pool;
-	server_rec *server;
-	server_rec *base_server;/* Physical vhost this conn come in on */
-	void *vhost_lookup_data;	/* used by http_vhost.c */
-
-	/* Information about the connection itself */
-
-	int child_num;		/* The number of the child handling conn_rec */
-	BUFF *client;		/* Connection to the guy */
-
-	/* Who is the client? */
-
-	struct sockaddr_storage local_addr;	/* local address */
-	struct sockaddr_storage remote_addr;	/* remote address */
-	char *remote_ip;		/* Client's IP address */
-	char *remote_host;		/* Client's DNS name, if known.
-				 * NULL if DNS hasn't been checked,
-				 * "" if it has and no address was found.
-				 * N.B. Only access this though
-				 * get_remote_host() */
-	char *remote_logname;	/* Only ever set if doing rfc1413 lookups.
-				 * N.B. Only access this through
-				 * get_remote_logname() */
-	char *user;			/* If an authentication check was made,
-				 * this gets set to the user name.  We assume
-				 * that there's only one user per connection(!)
-				 */
-	char *ap_auth_type;		/* Ditto. */
-
-	unsigned aborted:1;		/* Are we still talking? */
-	signed int keepalive:2;	/* Are we using HTTP Keep-Alive?
-				 * -1 fatal error, 0 undecided, 1 yes */
-	unsigned keptalive:1;	/* Did we use HTTP Keep-Alive? */
-	signed int double_reverse:2;/* have we done double-reverse DNS?
-				 * -1 yes/failure, 0 not yet, 1 yes/success */
-	int keepalives;		/* How many times have we used it? */
-	char *local_ip;		/* server IP address */
-	char *local_host;		/* used for ap_get_server_name when
-				 * UseCanonicalName is set to DNS
-				 * (ignores setting of HostnameLookups) */
-	ap_ctx *ctx;
-};
-
-/* Per-vhost config... */
-
-/* The address 255.255.255.255, when used as a virtualhost address,
- * will become the "default" server when the ip doesn't match other vhosts.
- */
-#define DEFAULT_VHOST_ADDR 0xfffffffful
-
-typedef struct server_addr_rec server_addr_rec;
-struct server_addr_rec {
-	server_addr_rec *next;
-	struct sockaddr_storage host_addr;	/* The bound address, for this server */
-	unsigned short host_port;	/* The bound port, for this server */
-	char *virthost;			/* The name given in <VirtualHost> */
-};
-
-struct server_rec {
-
-	server_rec *next;
-
-	/* description of where the definition came from */
-	const char *defn_name;
-	unsigned defn_line_number;
-
-	/* Full locations of server config info */
-
-	char *srm_confname;
-	char *access_confname;
-
-	/* Contact information */
-
-	char *server_admin;
-	char *server_hostname;
-	unsigned short port;	/* for redirects, etc. */
-
-	/* Log files --- note that transfer log is now in the modules... */
-
-	char *error_fname;
-	FILE *error_log;
-	int loglevel;
-
-	/* Module-specific configuration for server, and defaults... */
-
-	int is_virtual;		/* true if this is the virtual server */
-	void *module_config;	/* Config vector containing pointers to
-				 * modules' per-server config structures.
-				 */
-	void *lookup_defaults;	/* MIME type info, etc., before we start
-				 * checking per-directory info.
-				 */
-	/* Transaction handling */
-
-	server_addr_rec *addrs;
-	int timeout;		/* Timeout, in seconds, before we give up */
-	int keep_alive_timeout;	/* Seconds we'll wait for another request */
-	int keep_alive_max;		/* Maximum requests per connection */
-	int keep_alive;		/* Use persistent connections? */
-	int send_buffer_size;	/* size of TCP send buffer (in bytes) */
-
-	char *path;			/* Pathname for ServerPath */
-	int pathlen;		/* Length of path */
-
-	array_header *names;	/* Normal names for ServerAlias servers */
-	array_header *wild_names;/* Wildcarded names for ServerAlias servers */
-
-	uid_t server_uid;     /* effective user id when calling exec wrapper */
-	gid_t server_gid;    /* effective group id when calling exec wrapper */
-
-	int limit_req_line;      /* limit on size of the HTTP request line    */
-	int limit_req_fieldsize; /* limit on size of any request header field */
-	int limit_req_fields;    /* limit on number of request header fields  */
-
-	ap_ctx *ctx;
-};
-
-/* These are more like real hosts than virtual hosts */
-struct listen_rec {
-	listen_rec *next;
-	struct sockaddr_storage local_addr;	/* local IP address and port */
-	int fd;
-	int used;			/* Only used during restart */
-	/* more stuff here, like which protocol is bound to the port */
-};
-
-/* Prototypes for utilities... util.c.  */
-extern void ap_util_init(void);
-
-/* Time */
-extern API_VAR_EXPORT const char ap_month_snames[12][4];
-extern API_VAR_EXPORT const char ap_day_snames[7][4];
-
-API_EXPORT(struct tm *) ap_get_gmtoff(int *tz);
-API_EXPORT(char *) ap_get_time(void);
-API_EXPORT(char *) ap_field_noparam(pool *p, const char *intype);
-API_EXPORT(char *) ap_ht_time(pool *p, time_t t, const char *fmt, int gmt);
-API_EXPORT(char *) ap_gm_timestr_822(pool *p, time_t t);
-
-/* String handling. The *_nc variants allow you to use non-const char **s as
-   arguments (unfortunately C won't automatically convert a char ** to a const
-   char **) */
-
-API_EXPORT(char *) ap_getword(pool *p, const char **line, char stop);
-API_EXPORT(char *) ap_getword_nc(pool *p, char **line, char stop);
-API_EXPORT(char *) ap_getword_white(pool *p, const char **line);
-API_EXPORT(char *) ap_getword_white_nc(pool *p, char **line);
-API_EXPORT(char *) ap_getword_nulls(pool *p, const char **line, char stop);
-API_EXPORT(char *) ap_getword_nulls_nc(pool *p, char **line, char stop);
-API_EXPORT(char *) ap_getword_conf(pool *p, const char **line);
-API_EXPORT(char *) ap_getword_conf_nc(pool *p, char **line);
-
-API_EXPORT(const char *) ap_size_list_item(const char **field, int *len);
-API_EXPORT(char *) ap_get_list_item(pool *p, const char **field);
-API_EXPORT(int) ap_find_list_item(pool *p, const char *line, const char *tok);
-
-API_EXPORT(char *) ap_get_token(pool *p, const char **accept_line,
-    int accept_white);
-API_EXPORT(int) ap_find_token(pool *p, const char *line, const char *tok);
-API_EXPORT(int) ap_find_last_token(pool *p, const char *line, const char *tok);
-
-API_EXPORT(int) ap_is_url(const char *u);
-API_EXPORT(int) ap_unescape_url(char *url);
-API_EXPORT(void) ap_no2slash(char *name);
-API_EXPORT(void) ap_getparents(char *name);
-API_EXPORT(char *) ap_escape_path_segment(pool *p, const char *s);
-API_EXPORT(char *) ap_os_escape_path(pool *p, const char *path, int partial);
-#define ap_escape_uri(ppool,path) ap_os_escape_path(ppool,path,1)
-API_EXPORT(char *) ap_escape_html(pool *p, const char *s);
-API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname,
-    unsigned port, const request_rec *r);
-API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str);
-API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
-    size_t buflen);
-API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s);
-
-API_EXPORT(int) ap_count_dirs(const char *path);
-API_EXPORT(char *) ap_make_dirstr_prefix(char *d, const char *s, int n);
-API_EXPORT(char *) ap_make_dirstr_parent(pool *p, const char *s);
-/* deprecated.  The previous two routines are preferred. */
-API_EXPORT(char *) ap_make_dirstr(pool *a, const char *s, int n);
-API_EXPORT(char *) ap_make_full_path(pool *a, const char *dir, const char *f);
-
-API_EXPORT(int) ap_is_matchexp(const char *str);
-API_EXPORT(int) ap_strcmp_match(const char *str, const char *exp);
-API_EXPORT(int) ap_strcasecmp_match(const char *str, const char *exp);
-API_EXPORT(char *) ap_stripprefix(const char *bigstring, const char *prefix);
-API_EXPORT(char *) ap_strcasestr(const char *s1, const char *s2);
-API_EXPORT(char *) ap_pbase64decode(pool *p, const char *bufcoded);
-API_EXPORT(char *) ap_pbase64encode(pool *p, char *string);
-API_EXPORT(char *) ap_uudecode(pool *p, const char *bufcoded);
-API_EXPORT(char *) ap_uuencode(pool *p, char *string);
-
-API_EXPORT(int)    ap_regexec(const regex_t *preg, const char *string,
-    size_t nmatch, regmatch_t pmatch[], int eflags);
-API_EXPORT(size_t) ap_regerror(int errcode, const regex_t *preg,
-    char *errbuf, size_t errbuf_size);
-API_EXPORT(char *) ap_pregsub(pool *p, const char *input, const char *source,
-    size_t nmatch, regmatch_t pmatch[]);
-
-API_EXPORT(void) ap_content_type_tolower(char *);
-API_EXPORT(void) ap_str_tolower(char *);
-API_EXPORT(int) ap_ind(const char *, char);	/* Sigh... */
-API_EXPORT(int) ap_rind(const char *, char);
-
-API_EXPORT(char *) ap_escape_quotes (pool *p, const char *instring);
-API_EXPORT(void) ap_remove_spaces(char *dest, char *src);
-
-/* Common structure for reading of config files / passwd files etc. */
-typedef struct {
-    int (*getch) (void *param);	/* a getc()-like function */
-    /* a fgets()-like function */
-    void *(*getstr) (void *buf, size_t bufsiz, void *param);
-    int (*close) (void *param);	/* a close hander function */
-    void *param;		/* the argument passed to getch/getstr/close */
-    const char *name;		/* the filename / description */
-    unsigned line_number;	/* current line number, starting at 1 */
-} configfile_t;
-
-/* Open a configfile_t as FILE, return open configfile_t struct pointer */
-API_EXPORT(configfile_t *) ap_pcfg_openfile(pool *p, const char *name);
-
-/* Allocate a configfile_t handle with user defined functions and params */
-API_EXPORT(configfile_t *) ap_pcfg_open_custom(pool *p, const char *descr,
-    void *param, int(*getc_func)(void*),
-    void *(*gets_func) (void *buf, size_t bufsiz, void *param),
-    int(*close_func)(void *param));
-
-/* Read one line from open configfile_t, strip LF, increase line number */
-API_EXPORT(int) ap_cfg_getline(char *buf, size_t bufsize, configfile_t *cfp);
-
-/* Read one char from open configfile_t, increase line number upon LF */
-API_EXPORT(int) ap_cfg_getc(configfile_t *cfp);
-
-/* Detach from open configfile_t, calling the close handler */
-API_EXPORT(int) ap_cfg_closefile(configfile_t *cfp);
-
-/* Misc system hackery */
-
-API_EXPORT(uid_t) ap_uname2id(const char *name);
-API_EXPORT(gid_t) ap_gname2id(const char *name);
-API_EXPORT(int) ap_is_directory(const char *name);
-API_EXPORT(int) ap_is_rdirectory(const char *name);
-API_EXPORT(int) ap_can_exec(const struct stat *);
-API_EXPORT(void) ap_chdir_file(const char *file);
-
-#ifndef HAVE_CANONICAL_FILENAME
-/*
- *  We can't define these in os.h because of dependence on pool pointer.
- */
-#define ap_os_canonical_filename(p,f)  (f)
-#define ap_os_case_canonical_filename(p,f)  (f)
-#define ap_os_systemcase_filename(p,f)  (f)
-#else
-API_EXPORT(char *) ap_os_canonical_filename(pool *p, const char *file);
-#define ap_os_case_canonical_filename(p,f) ap_os_canonical_filename(p,f)
-#define ap_os_systemcase_filename(p,f) ap_os_canonical_filename(p,f)
-#endif
-
-
-API_EXPORT(char *) ap_get_local_host(pool *);
-API_EXPORT(struct sockaddr *) ap_get_virthost_addr(char *hostname,
-    unsigned short *port);
-
-extern API_VAR_EXPORT time_t ap_restart_time;
-
-/*
- * Apache tries to keep all of its long term filehandles (such as log files,
- * and sockets) above this number.  This is to workaround problems in many
- * third party libraries that are compiled with a small FD_SETSIZE.  There
- * should be no reason to lower this, because it's only advisory.  If a file
- * can't be allocated above this number then it will remain in the "slack"
- * area.
- *
- * Only the low slack line is used by default.
- */
-#ifndef LOW_SLACK_LINE
-#define LOW_SLACK_LINE	15
-#endif
-
-/*
- * The ap_slack() function takes a fd, and tries to move it above the indicated
- * line.  It returns an fd which may or may not have moved above the line, and
- * never fails.  If the high line was requested and it fails it will also try
- * the low line.
- */
-int ap_slack(int fd, int line);
-#define AP_SLACK_LOW	1
-#define AP_SLACK_HIGH	2
-
-API_EXPORT(char *) ap_escape_quotes(pool *p, const char *instr);
-
-/*
- * Redefine assert() to something more useful for an Apache...
- */
-API_EXPORT(void) ap_log_assert(const char *szExp, const char *szFile, int nLine)
-    __attribute__((noreturn));
-#define ap_assert(exp) ((exp) ? (void)0 : ap_log_assert(#exp,__FILE__,0))
-
-#define OPTIMIZE_TIMEOUTS
-
-/* A set of flags which indicate places where the server should raise(SIGSTOP).
- * This is useful for debugging, because you can then attach to that process
- * with gdb and continue.  This is important in cases where one_process
- * debugging isn't possible.
- */
-#define SIGSTOP_DETACH			1
-#define SIGSTOP_MAKE_CHILD		2
-#define SIGSTOP_SPAWN_CHILD		4
-#define SIGSTOP_PIPED_LOG_SPAWN		8
-#define SIGSTOP_CGI_CHILD		16
-
-#ifdef DEBUG_SIGSTOP
-extern int raise_sigstop_flags;
-#define RAISE_SIGSTOP(x)	do { \
-	if (raise_sigstop_flags & SIGSTOP_##x) raise(SIGSTOP);\
-    } while (0)
-#else
-#define RAISE_SIGSTOP(x)
-#endif
-
-API_EXPORT(extern const char *) ap_psignature(const char *prefix, request_rec *r);
-
-/* strtoul does not exist on sunos4. */
-#ifdef strtoul
-#undef strtoul
-#endif
-#define strtoul strtoul_is_not_a_portable_function_use_strtol_instead
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTPD_H */
diff --git a/usr.sbin/httpd/src/include/multithread.h b/usr.sbin/httpd/src/include/multithread.h
deleted file mode 100644
index 86a429e7575..00000000000
--- a/usr.sbin/httpd/src/include/multithread.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/* $OpenBSD: multithread.h,v 1.6 2005/03/28 23:26:51 niallo Exp $ */
-
-#ifndef APACHE_MULTITHREAD_H
-#define APACHE_MULTITHREAD_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MULTI_OK (0)
-#define MULTI_TIMEOUT (1)
-#define MULTI_ERR (2)
-
-typedef void mutex;
-typedef void semaphore;
-typedef void thread;
-typedef void event;
-
-/*
- * Ambarish: Need to do the right stuff on multi-threaded unix
- * I believe this is terribly ugly
- */
-#define APACHE_TLS
-/* Only define the ones actually used, for now */
-extern void *ap_dummy_mutex;
-
-#define ap_create_mutex(name)	((mutex *)ap_dummy_mutex)
-#define ap_acquire_mutex(mutex_id)	((int)MULTI_OK)
-#define ap_release_mutex(mutex_id)	((int)MULTI_OK)
-#define ap_destroy_mutex(mutex_id)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !APACHE_MULTITHREAD_H */
diff --git a/usr.sbin/httpd/src/include/rfc1413.h b/usr.sbin/httpd/src/include/rfc1413.h
deleted file mode 100644
index 43e6bfd1707..00000000000
--- a/usr.sbin/httpd/src/include/rfc1413.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* $OpenBSD: rfc1413.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_RFC1413_H
-#define APACHE_RFC1413_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-API_EXPORT(extern char *) ap_rfc1413(conn_rec *conn, server_rec *srv);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !APACHE_RFC1413_H */
diff --git a/usr.sbin/httpd/src/include/scoreboard.h b/usr.sbin/httpd/src/include/scoreboard.h
deleted file mode 100644
index ff12aab3772..00000000000
--- a/usr.sbin/httpd/src/include/scoreboard.h
+++ /dev/null
@@ -1,184 +0,0 @@
-/* $OpenBSD: scoreboard.h,v 1.13 2010/02/25 07:49:53 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_SCOREBOARD_H
-#define APACHE_SCOREBOARD_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <sys/times.h>
-
-/* Scoreboard info on a process is, for now, kept very brief --- 
- * just status value and pid (the latter so that the caretaker process
- * can properly update the scoreboard when a process dies).  We may want
- * to eventually add a separate set of long_score structures which would
- * give, for each process, the number of requests serviced, and info on
- * the current, or most recent, request.
- *
- * Status values:
- */
-
-#define SERVER_DEAD 0
-#define SERVER_STARTING 1	/* Server Starting up */
-#define SERVER_READY 2		/* Waiting for connection (or accept() lock) */
-#define SERVER_BUSY_READ 3	/* Reading a client request */
-#define SERVER_BUSY_WRITE 4	/* Processing a client request */
-#define SERVER_BUSY_KEEPALIVE 5	/* Waiting for more requests via keepalive */
-#define SERVER_BUSY_LOG 6	/* Logging the request */
-#define SERVER_BUSY_DNS 7	/* Looking up a hostname */
-#define SERVER_GRACEFUL 8	/* server is gracefully finishing request */
-#define SERVER_NUM_STATUS 9	/* number of status settings */
-
-/* A "virtual time" is simply a counter that indicates that a child is
- * making progress.  The parent checks up on each child, and when they have
- * made progress it resets the last_rtime element.  But when the child hasn't
- * made progress in a time that's roughly timeout_len seconds long, it is
- * sent a SIGALRM.
- *
- * vtime is an optimization that is used only when the scoreboard is in
- * shared memory (it's not easy/feasible to do it in a scoreboard file).
- * The essential observation is that timeouts rarely occur, the vast majority
- * of hits finish before any timeout happens.  So it really sucks to have to
- * ask the operating system to set up and destroy alarms many times during
- * a request.
- */
-typedef unsigned vtime_t;
-
-/* Type used for generation indicies.  Startup and every restart cause a
- * new generation of children to be spawned.  Children within the same
- * generation share the same configuration information -- pointers to stuff
- * created at config time in the parent are valid across children.  For
- * example, the vhostrec pointer in the scoreboard below is valid in all
- * children of the same generation.
- *
- * The safe way to access the vhost pointer is like this:
- *
- * short_score *ss = pointer to whichver slot is interesting;
- * parent_score *ps = pointer to whichver slot is interesting;
- * server_rec *vh = ss->vhostrec;
- *
- * if (ps->generation != ap_my_generation) {
- *     vh = NULL;
- * }
- *
- * then if vh is not NULL it's valid in this child.
- *
- * This avoids various race conditions around restarts.
- */
-typedef int ap_generation_t;
-
-/* stuff which the children generally write, and the parent mainly reads */
-typedef struct {
-	vtime_t cur_vtime;		/* the child's current vtime */
-	unsigned short timeout_len;	/* length of the timeout */
-	unsigned char status;
-	unsigned long access_count;
-	unsigned long long bytes_served;
-	unsigned long my_access_count;
-	unsigned long long my_bytes_served;
-	unsigned long long conn_bytes;
-	unsigned short conn_count;
-	struct timeval start_time;
-	struct timeval stop_time;
-	struct tms times;
-	char client[32];		/* Keep 'em small... */
-	char request[64];		/* We just want an idea... */
-	server_rec *vhostrec;	/* What virtual host is being accessed? */
-				/* SEE ABOVE FOR SAFE USAGE! */
-} short_score;
-
-typedef struct {
-	ap_generation_t running_generation;/* the generation of children which
-                                         * should still be serving requests. */
-} global_score;
-
-/* stuff which the parent generally writes and the children rarely read */
-typedef struct {
-	pid_t pid;
-	time_t last_rtime;		/* time(0) of the last change */
-	vtime_t last_vtime;		/* the last vtime the parent has seen */
-	ap_generation_t generation;	/* generation of this child */
-} parent_score;
-
-typedef struct {
-	short_score servers[HARD_SERVER_LIMIT];
-	parent_score parent[HARD_SERVER_LIMIT];
-	global_score global;
-} scoreboard;
-
-#define SCOREBOARD_SIZE		sizeof(scoreboard)
-
-API_EXPORT(int) ap_exists_scoreboard_image(void);
-
-API_VAR_EXPORT extern scoreboard *ap_scoreboard_image;
-
-API_VAR_EXPORT extern ap_generation_t volatile ap_my_generation;
-
-/* for time_process_request() in http_main.c */
-#define START_PREQUEST 1
-#define STOP_PREQUEST  2
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_SCOREBOARD_H */
diff --git a/usr.sbin/httpd/src/include/util_date.h b/usr.sbin/httpd/src/include/util_date.h
deleted file mode 100644
index d9538914655..00000000000
--- a/usr.sbin/httpd/src/include/util_date.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* $OpenBSD: util_date.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_UTIL_DATE_H
-#define APACHE_UTIL_DATE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * util_date.h: prototypes for date parsing utility routines
- */
-
-#include <time.h>
-
-#define BAD_DATE (time_t)0
-
-API_EXPORT(int) ap_checkmask(const char *data, const char *mask);
-API_EXPORT(time_t) ap_tm2sec(const struct tm *t);
-API_EXPORT(time_t) ap_parseHTTPdate(const char *date);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_UTIL_DATE_H */
diff --git a/usr.sbin/httpd/src/include/util_md5.h b/usr.sbin/httpd/src/include/util_md5.h
deleted file mode 100644
index a9c22a879f6..00000000000
--- a/usr.sbin/httpd/src/include/util_md5.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/* $OpenBSD: util_md5.h,v 1.8 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_UTIL_MD5_H
-#define APACHE_UTIL_MD5_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "ap_md5.h"
-
-API_EXPORT(char *) ap_md5(pool *a, const unsigned char *string);
-API_EXPORT(char *) ap_md5_binary(pool *a, const unsigned char *buf, int len);
-API_EXPORT(char *) ap_md5contextTo64(pool *p, AP_MD5_CTX * context);
-API_EXPORT(char *) ap_md5digest(pool *p, FILE *infile);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_UTIL_MD5_H */
diff --git a/usr.sbin/httpd/src/include/util_script.h b/usr.sbin/httpd/src/include/util_script.h
deleted file mode 100644
index 35d40a6b955..00000000000
--- a/usr.sbin/httpd/src/include/util_script.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/* $OpenBSD: util_script.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_UTIL_SCRIPT_H
-#define APACHE_UTIL_SCRIPT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef APACHE_ARG_MAX
-#ifdef _POSIX_ARG_MAX
-#define APACHE_ARG_MAX _POSIX_ARG_MAX
-#else
-#define APACHE_ARG_MAX 512
-#endif
-#endif
-
-API_EXPORT(char **) ap_create_environment(pool *p, table *t);
-API_EXPORT(int) ap_find_path_info(const char *uri, const char *path_info);
-API_EXPORT(void) ap_add_cgi_vars(request_rec *r);
-API_EXPORT(void) ap_add_common_vars(request_rec *r);
-API_EXPORT(int) ap_scan_script_header_err(request_rec *r, FILE *f,
-    char *buffer);
-API_EXPORT(int) ap_scan_script_header_err_buff(request_rec *r, BUFF *f,
-    char *buffer);
-API_EXPORT(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
-    int (*getsfunc) (char *, int, void *), void *getsfunc_data);
-API_EXPORT_NONSTD(int) ap_scan_script_header_err_strs(request_rec *r,
-    char *buffer, const char **termch, int *termarg, ...);
-API_EXPORT(void) ap_send_size(size_t size, request_rec *r);
-API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
-    char **env, int shellcmd);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_UTIL_SCRIPT_H */
diff --git a/usr.sbin/httpd/src/include/util_uri.h b/usr.sbin/httpd/src/include/util_uri.h
deleted file mode 100644
index cd47d801980..00000000000
--- a/usr.sbin/httpd/src/include/util_uri.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/* $OpenBSD: util_uri.h,v 1.6 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * util_uri.h: External Interface of util_uri.c
- */
-
-#ifndef UTIL_URI_H
-#define UTIL_URI_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct {
-	const char *name;
-	unsigned short default_port;
-} schemes_t;
-
-#define	DEFAULT_FTP_DATA_PORT	20
-#define	DEFAULT_FTP_PORT	21
-#define	DEFAULT_GOPHER_PORT	70
-#define	DEFAULT_NNTP_PORT	119
-#define	DEFAULT_WAIS_PORT	210
-#define	DEFAULT_SNEWS_PORT	563
-#define	DEFAULT_PROSPERO_PORT	1525	/* WARNING: conflict w/Oracle */
-
-#define DEFAULT_URI_SCHEME "http"
-
-/* Flags passed to unparse_uri_components(): */
-
-/* suppress "scheme://user@site:port" */
-#define UNP_OMITSITEPART	(1U<<0)	
-/* Just omit user */
-#define	UNP_OMITUSER		(1U<<1)	
-/* Just omit password */
-#define	UNP_OMITPASSWORD	(1U<<2)	
-/* omit "user:password@" part */
-#define	UNP_OMITUSERINFO	(UNP_OMITUSER|UNP_OMITPASSWORD)	
-/* Show plain text password (default: show XXXXXXXX) */
-#define	UNP_REVEALPASSWORD	(1U<<3)	
-/* Show "scheme://user@site:port" only */
-#define UNP_OMITPATHINFO	(1U<<4)	
-/* Omit the "?queryarg" from the path */
-#define UNP_OMITQUERY	        (1U<<5)	
-
-typedef struct {
-	char *scheme;		/* scheme ("http"/"ftp"/...) */
-	char *hostinfo;             /* combined [user[:password]@]host[:port] */
-	char *user;	/* user name, as in http://user:passwd@host:port/ */
-	char *password;	/* password, as in http://user:passwd@host:port/ */
-	char *hostname;	/* hostname from URI (or from Host: header) */
-	char *port_str;	/* port string (integer representation is in "port") */
-	char *path;/* request path (or "/" if only scheme://host was given)*/
-	char *query;	/* Everything after a '?' in the path, if present */
-	char *fragment;		/* Trailing "#fragment" string, if present */
-
-	struct hostent *hostent;
-
-	unsigned short port;	/* The port number, numeric, valid only if
-				 * port_str != NULL
-				 */
-
-	unsigned is_initialized:1;
-
-	unsigned dns_looked_up:1;
-	unsigned dns_resolved:1;
-
-} uri_components;
-
-/* util_uri.c */
-API_EXPORT(unsigned short) ap_default_port_for_scheme(const char *scheme_str);
-API_EXPORT(unsigned short) ap_default_port_for_request(const request_rec *r);
-API_EXPORT(struct hostent *) ap_pduphostent(pool *p, const struct hostent *hp);
-API_EXPORT(struct hostent *) ap_pgethostbyname(pool *p, const char *hostname);
-API_EXPORT(char *) ap_unparse_uri_components(pool *p,
-    const uri_components *uptr, unsigned flags);
-API_EXPORT(int) ap_parse_uri_components(pool *p, const char *uri,
-    uri_components *uptr);
-API_EXPORT(int) ap_parse_hostinfo_components(pool *p, const char *hostinfo,
-    uri_components *uptr);
-/* called by the core in main() */
-extern void ap_util_uri_init(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /*UTIL_URI_H*/
diff --git a/usr.sbin/httpd/src/lib/expat-lite/CHANGES b/usr.sbin/httpd/src/lib/expat-lite/CHANGES
deleted file mode 100644
index 0340d07ee1a..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/CHANGES
+++ /dev/null
@@ -1,65 +0,0 @@
-=== PURPOSE ===
-
-This file documents the changes made by the Apache Group to James
-Clark's Expat parser. The original Expat distribution can be found at
-http://www.jclark.com/xml/expat.html.
-
-
-=== SUBSET INFORMATION ===
-
-Apache does not choose (or need) to use the entire Expat parser
-distribution. The subset that Apache will use will be referred to as
-"expat-lite". In particular, this directory contains the files from
-the following Expat distribution subdirectories:
-
-  expat/xmltok/*
-  expat/xmlparse/*
-
-We also retain expat/expat.html for attribution to James Clark and
-licensing information.
-
-Note that Apache has replaced (with custom versions) the .dsp files
-normally distributed with Expat. Other changes are detailed further
-below.
-
-
-=== FILES ADDED ===
-
-This file (CHANGES) has been added to document changes from the
-original Expat distribution.
-
-Makefile.tmpl has been created from scratch to provide build
-instructions to the Apache build system.
-
-xmlparse.def and xmltok.def have been added.
-
-.cvsignore has been added.
-
-
-=== CHANGES TO ORIGINAL ===
-
-The files, in their original state from the Expat distribution, have
-been tagged within CVS with the "EXPAT_1_1" tag. That tag may be used
-as a reference for changes made by the Apache Group.
-
-The following changes have been made:
-
-June, 1999:
-
-  - modified xmldef.h to define XML_BYTE_ORDER in terms of the
-    AP_BYTE_ORDER symbol.
-  - removed compilation warnings from: xmlparse.c, xmltok.c, xmltok.h, 
-    xmltok_impl.c, xmltok_ns.c
-
-November, 1999:
-
-  - xmlparse.{def,dsp,mak} and xmltok.{def,dsp,mak} were added.
-    NOTE: the .dsp files are different from the standard Expat
-	  distribution.
-  - dllmain.c (from the Expat distribution) was added
-
-January, 2000:
-
-  - Renamed lookup() in hashtable.[ch] to hashTableLookup() to prevent
-    possible conflicts with third-party libraries and modules. Updated
-    calls in xmlparse.c accordingly.
diff --git a/usr.sbin/httpd/src/lib/expat-lite/Makefile.tmpl b/usr.sbin/httpd/src/lib/expat-lite/Makefile.tmpl
deleted file mode 100644
index 646af3b9810..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/Makefile.tmpl
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# default definition of these two. dunno how to get it prepended when the
-# Makefile is built, so we do it manually
-#
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) -DAPACHE
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-
-OBJS=xmltok.o xmlrole.o xmlparse.o hashtable.o
-
-all lib: libexpat.a
-
-libexpat.a: $(OBJS)
-	rm -f libexpat.a
-	ar cr libexpat.a $(OBJS)
-	$(RANLIB) libexpat.a
-
-clean:
-	rm -f $(OBJS) libexpat.a
-
-distclean: clean
-	-rm -f Makefile
-
-.SUFFIXES: .o
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
diff --git a/usr.sbin/httpd/src/lib/expat-lite/asciitab.h b/usr.sbin/httpd/src/lib/expat-lite/asciitab.h
deleted file mode 100644
index 8a8a2dd388d..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/asciitab.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-/* 0x00 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x04 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x08 */ BT_NONXML, BT_S, BT_LF, BT_NONXML,
-/* 0x0C */ BT_NONXML, BT_CR, BT_NONXML, BT_NONXML,
-/* 0x10 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x14 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x18 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x1C */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x20 */ BT_S, BT_EXCL, BT_QUOT, BT_NUM,
-/* 0x24 */ BT_OTHER, BT_PERCNT, BT_AMP, BT_APOS,
-/* 0x28 */ BT_LPAR, BT_RPAR, BT_AST, BT_PLUS,
-/* 0x2C */ BT_COMMA, BT_MINUS, BT_NAME, BT_SOL,
-/* 0x30 */ BT_DIGIT, BT_DIGIT, BT_DIGIT, BT_DIGIT,
-/* 0x34 */ BT_DIGIT, BT_DIGIT, BT_DIGIT, BT_DIGIT,
-/* 0x38 */ BT_DIGIT, BT_DIGIT, BT_COLON, BT_SEMI,
-/* 0x3C */ BT_LT, BT_EQUALS, BT_GT, BT_QUEST,
-/* 0x40 */ BT_OTHER, BT_HEX, BT_HEX, BT_HEX,
-/* 0x44 */ BT_HEX, BT_HEX, BT_HEX, BT_NMSTRT,
-/* 0x48 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x4C */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x50 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x54 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x58 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_LSQB,
-/* 0x5C */ BT_OTHER, BT_RSQB, BT_OTHER, BT_NMSTRT,
-/* 0x60 */ BT_OTHER, BT_HEX, BT_HEX, BT_HEX,
-/* 0x64 */ BT_HEX, BT_HEX, BT_HEX, BT_NMSTRT,
-/* 0x68 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x6C */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x70 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x74 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x78 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_OTHER,
-/* 0x7C */ BT_VERBAR, BT_OTHER, BT_OTHER, BT_OTHER,
diff --git a/usr.sbin/httpd/src/lib/expat-lite/dllmain.c b/usr.sbin/httpd/src/lib/expat-lite/dllmain.c
deleted file mode 100644
index deb7fafc81a..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/dllmain.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#define STRICT 1
-#define WIN32_LEAN_AND_MEAN 1
-
-#include <windows.h>
-
-BOOL WINAPI DllMain(HANDLE hInst, ULONG ul_reason_for_call, LPVOID lpReserved)
-{
-  return TRUE;
-}
-
diff --git a/usr.sbin/httpd/src/lib/expat-lite/expat.html b/usr.sbin/httpd/src/lib/expat-lite/expat.html
deleted file mode 100644
index 3806ca8d0e2..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/expat.html
+++ /dev/null
@@ -1,73 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
-"http://www.w3.org/TR/REC-html40/loose.dtd">
-
-<HTML>
-
-<TITLE>expat</TITLE>
-
-<BODY>
-
-<H1>expat - XML Parser Toolkit</H1>
-
-<H3>Version 1.1</H3>
-
-<P>Copyright (c) 1998, 1999 James Clark.  Expat is subject to the <A
-HREF="http://www.mozilla.org/NPL/NPL-1_1Final.html">Mozilla Public
-License Version 1.1</A>.  Alternatively you may use expat under the <A
-href="http://www.gnu.org/copyleft/gpl.html">GNU General Public
-License</A> instead.  Please contact me if you wish to negotiate an
-alternative license.</P>
-
-<P>Expat is an <A
-HREF="http://www.w3.org/TR/1998/REC-xml-19980210">XML 1.0</A> parser
-written in C. It aims to be fully conforming.  It is currently not a
-validating XML processor.  The current production version of expat can
-be downloaded from <A href = "ftp://ftp.jclark.com/pub/xml/expat.zip"
->ftp://ftp.jclark.com/pub/xml/expat.zip</A>.</P>
-
-<P>The directory <SAMP>xmltok</SAMP> contains a low-level library for
-tokenizing XML.  The interface is documented in
-<SAMP>xmltok/xmltok.h</SAMP>.</P>
-
-<P>The directory <SAMP>xmlparse</SAMP> contains an XML parser library
-which is built on top of the <SAMP>xmltok</SAMP> library.  The
-interface is documented in <SAMP>xmlparse/xmlparse.h</SAMP>.  The
-directory <SAMP>sample</SAMP> contains a simple example program using
-this interface; <SAMP>sample/build.bat</SAMP> is a batch file to build
-the example using Visual C++.</P>
-
-<P>The directory <SAMP>xmlwf</SAMP> contains the <SAMP>xmlwf</SAMP>
-application, which uses the <SAMP>xmlparse</SAMP> library. The
-arguments to <SAMP>xmlwf</SAMP> are one or more files which are each
-to be checked for well-formedness. An option <SAMP>-d
-<VAR>dir</VAR></SAMP> can be specified; for each well-formed input
-file the corresponding <A
-href="http://www.jclark.com/xml/canonxml.html">canonical XML</A> will
-be written to <SAMP>dir/<VAR>f</VAR></SAMP>, where
-<SAMP><VAR>f</VAR></SAMP> is the filename (without any path) of the
-input file.  A <CODE>-x</CODE> option will cause references to
-external general entities to be processed.  A <CODE>-s</CODE> option
-will make documents that are not standalone cause an error (a document
-is considered standalone if either it is intrinsically standalone
-because it has no external subset and no references to parameter
-entities in the internal subset or it is declared as standalone in the
-XML declaration).</P>
-
-<P>The <SAMP>bin</SAMP> directory contains Win32 executables.  The
-<SAMP>lib</SAMP> directory contains Win32 import libraries.</P>
-
-<P>Answers to some frequently asked questions about expat can be found
-in the <A HREF="http://www.jclark.com/xml/expatfaq.html">expat
-FAQ</A>.</P>
-
-<P></P>
-
-<ADDRESS>
-
-<A HREF="mailto:jjc@jclark.com">James Clark</A>
-
-</ADDRESS>
-
-</BODY>
-
-</HTML>
diff --git a/usr.sbin/httpd/src/lib/expat-lite/hashtable.c b/usr.sbin/httpd/src/lib/expat-lite/hashtable.c
deleted file mode 100644
index 26a3b444f74..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/hashtable.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-csompliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include "xmldef.h"
-
-#ifdef XML_UNICODE_WCHAR_T
-#ifndef XML_UNICODE
-#define XML_UNICODE
-#endif
-#endif
-
-#include "hashtable.h"
-
-#define INIT_SIZE 64
-
-static
-int keyeq(KEY s1, KEY s2)
-{
-  for (; *s1 == *s2; s1++, s2++)
-    if (*s1 == 0)
-      return 1;
-  return 0;
-}
-
-static
-unsigned long hash(KEY s)
-{
-  unsigned long h = 0;
-  while (*s)
-    h = (h << 5) + h + (unsigned char)*s++;
-  return h;
-}
-
-NAMED *hashTableLookup(HASH_TABLE *table, KEY name, size_t createSize)
-{
-  size_t i;
-  if (table->size == 0) {
-    if (!createSize)
-      return 0;
-    table->v = calloc(INIT_SIZE, sizeof(NAMED *));
-    if (!table->v)
-      return 0;
-    table->size = INIT_SIZE;
-    table->usedLim = INIT_SIZE / 2;
-    i = hash(name) & (table->size - 1);
-  }
-  else {
-    unsigned long h = hash(name);
-    for (i = h & (table->size - 1);
-         table->v[i];
-         i == 0 ? i = table->size - 1 : --i) {
-      if (keyeq(name, table->v[i]->name))
-	return table->v[i];
-    }
-    if (!createSize)
-      return 0;
-    if (table->used == table->usedLim) {
-      /* check for overflow */
-      size_t newSize = table->size * 2;
-      NAMED **newV = calloc(newSize, sizeof(NAMED *));
-      if (!newV)
-	return 0;
-      for (i = 0; i < table->size; i++)
-	if (table->v[i]) {
-	  size_t j;
-	  for (j = hash(table->v[i]->name) & (newSize - 1);
-	       newV[j];
-	       j == 0 ? j = newSize - 1 : --j)
-	    ;
-	  newV[j] = table->v[i];
-	}
-      free(table->v);
-      table->v = newV;
-      table->size = newSize;
-      table->usedLim = newSize/2;
-      for (i = h & (table->size - 1);
-	   table->v[i];
-	   i == 0 ? i = table->size - 1 : --i)
-	;
-    }
-  }
-  table->v[i] = calloc(1, createSize);
-  if (!table->v[i])
-    return 0;
-  table->v[i]->name = name;
-  (table->used)++;
-  return table->v[i];
-}
-
-void hashTableDestroy(HASH_TABLE *table)
-{
-  size_t i;
-  for (i = 0; i < table->size; i++) {
-    NAMED *p = table->v[i];
-    if (p)
-      free(p);
-  }
-  free(table->v);
-}
-
-void hashTableInit(HASH_TABLE *p)
-{
-  p->size = 0;
-  p->usedLim = 0;
-  p->used = 0;
-  p->v = 0;
-}
-
-void hashTableIterInit(HASH_TABLE_ITER *iter, const HASH_TABLE *table)
-{
-  iter->p = table->v;
-  iter->end = iter->p + table->size;
-}
-
-NAMED *hashTableIterNext(HASH_TABLE_ITER *iter)
-{
-  while (iter->p != iter->end) {
-    NAMED *tem = *(iter->p)++;
-    if (tem)
-      return tem;
-  }
-  return 0;
-}
-
diff --git a/usr.sbin/httpd/src/lib/expat-lite/hashtable.h b/usr.sbin/httpd/src/lib/expat-lite/hashtable.h
deleted file mode 100644
index 5c3f38cbb2e..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/hashtable.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-
-#include <stddef.h>
-
-#ifdef XML_UNICODE
-
-#ifdef XML_UNICODE_WCHAR_T
-typedef const wchar_t *KEY;
-#else /* not XML_UNICODE_WCHAR_T */
-typedef const unsigned short *KEY;
-#endif /* not XML_UNICODE_WCHAR_T */
-
-#else /* not XML_UNICODE */
-
-typedef const char *KEY;
-
-#endif /* not XML_UNICODE */
-
-typedef struct {
-  KEY name;
-} NAMED;
-
-typedef struct {
-  NAMED **v;
-  size_t size;
-  size_t used;
-  size_t usedLim;
-} HASH_TABLE;
-
-NAMED *hashTableLookup(HASH_TABLE *table, KEY name, size_t createSize);
-void hashTableInit(HASH_TABLE *);
-void hashTableDestroy(HASH_TABLE *);
-
-typedef struct {
-  NAMED **p;
-  NAMED **end;
-} HASH_TABLE_ITER;
-
-void hashTableIterInit(HASH_TABLE_ITER *, const HASH_TABLE *);
-NAMED *hashTableIterNext(HASH_TABLE_ITER *);
diff --git a/usr.sbin/httpd/src/lib/expat-lite/iasciitab.h b/usr.sbin/httpd/src/lib/expat-lite/iasciitab.h
deleted file mode 100644
index 333d6bb779d..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/iasciitab.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-/* Like asciitab.h, except that 0xD has code BT_S rather than BT_CR */
-/* 0x00 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x04 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x08 */ BT_NONXML, BT_S, BT_LF, BT_NONXML,
-/* 0x0C */ BT_NONXML, BT_S, BT_NONXML, BT_NONXML,
-/* 0x10 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x14 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x18 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x1C */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x20 */ BT_S, BT_EXCL, BT_QUOT, BT_NUM,
-/* 0x24 */ BT_OTHER, BT_PERCNT, BT_AMP, BT_APOS,
-/* 0x28 */ BT_LPAR, BT_RPAR, BT_AST, BT_PLUS,
-/* 0x2C */ BT_COMMA, BT_MINUS, BT_NAME, BT_SOL,
-/* 0x30 */ BT_DIGIT, BT_DIGIT, BT_DIGIT, BT_DIGIT,
-/* 0x34 */ BT_DIGIT, BT_DIGIT, BT_DIGIT, BT_DIGIT,
-/* 0x38 */ BT_DIGIT, BT_DIGIT, BT_COLON, BT_SEMI,
-/* 0x3C */ BT_LT, BT_EQUALS, BT_GT, BT_QUEST,
-/* 0x40 */ BT_OTHER, BT_HEX, BT_HEX, BT_HEX,
-/* 0x44 */ BT_HEX, BT_HEX, BT_HEX, BT_NMSTRT,
-/* 0x48 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x4C */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x50 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x54 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x58 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_LSQB,
-/* 0x5C */ BT_OTHER, BT_RSQB, BT_OTHER, BT_NMSTRT,
-/* 0x60 */ BT_OTHER, BT_HEX, BT_HEX, BT_HEX,
-/* 0x64 */ BT_HEX, BT_HEX, BT_HEX, BT_NMSTRT,
-/* 0x68 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x6C */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x70 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x74 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x78 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_OTHER,
-/* 0x7C */ BT_VERBAR, BT_OTHER, BT_OTHER, BT_OTHER,
diff --git a/usr.sbin/httpd/src/lib/expat-lite/latin1tab.h b/usr.sbin/httpd/src/lib/expat-lite/latin1tab.h
deleted file mode 100644
index 48609aa8f9f..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/latin1tab.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-/* 0x80 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x84 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x88 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x8C */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x90 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x94 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x98 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x9C */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xA0 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xA4 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xA8 */ BT_OTHER, BT_OTHER, BT_NMSTRT, BT_OTHER,
-/* 0xAC */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xB0 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xB4 */ BT_OTHER, BT_NMSTRT, BT_OTHER, BT_NAME,
-/* 0xB8 */ BT_OTHER, BT_OTHER, BT_NMSTRT, BT_OTHER,
-/* 0xBC */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xC0 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xC4 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xC8 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xCC */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xD0 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xD4 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_OTHER,
-/* 0xD8 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xDC */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xE0 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xE4 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xE8 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xEC */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xF0 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xF4 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_OTHER,
-/* 0xF8 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xFC */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
diff --git a/usr.sbin/httpd/src/lib/expat-lite/nametab.h b/usr.sbin/httpd/src/lib/expat-lite/nametab.h
deleted file mode 100644
index b05e62c77a6..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/nametab.h
+++ /dev/null
@@ -1,150 +0,0 @@
-static const unsigned namingBitmap[] = {
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0x00000000, 0x04000000, 0x87FFFFFE, 0x07FFFFFE,
-0x00000000, 0x00000000, 0xFF7FFFFF, 0xFF7FFFFF,
-0xFFFFFFFF, 0x7FF3FFFF, 0xFFFFFDFE, 0x7FFFFFFF,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFE00F, 0xFC31FFFF,
-0x00FFFFFF, 0x00000000, 0xFFFF0000, 0xFFFFFFFF,
-0xFFFFFFFF, 0xF80001FF, 0x00000003, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFD740, 0xFFFFFFFB, 0x547F7FFF, 0x000FFFFD,
-0xFFFFDFFE, 0xFFFFFFFF, 0xDFFEFFFF, 0xFFFFFFFF,
-0xFFFF0003, 0xFFFFFFFF, 0xFFFF199F, 0x033FCFFF,
-0x00000000, 0xFFFE0000, 0x027FFFFF, 0xFFFFFFFE,
-0x0000007F, 0x00000000, 0xFFFF0000, 0x000707FF,
-0x00000000, 0x07FFFFFE, 0x000007FE, 0xFFFE0000,
-0xFFFFFFFF, 0x7CFFFFFF, 0x002F7FFF, 0x00000060,
-0xFFFFFFE0, 0x23FFFFFF, 0xFF000000, 0x00000003,
-0xFFF99FE0, 0x03C5FDFF, 0xB0000000, 0x00030003,
-0xFFF987E0, 0x036DFDFF, 0x5E000000, 0x001C0000,
-0xFFFBAFE0, 0x23EDFDFF, 0x00000000, 0x00000001,
-0xFFF99FE0, 0x23CDFDFF, 0xB0000000, 0x00000003,
-0xD63DC7E0, 0x03BFC718, 0x00000000, 0x00000000,
-0xFFFDDFE0, 0x03EFFDFF, 0x00000000, 0x00000003,
-0xFFFDDFE0, 0x03EFFDFF, 0x40000000, 0x00000003,
-0xFFFDDFE0, 0x03FFFDFF, 0x00000000, 0x00000003,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFFFFE, 0x000D7FFF, 0x0000003F, 0x00000000,
-0xFEF02596, 0x200D6CAE, 0x0000001F, 0x00000000,
-0x00000000, 0x00000000, 0xFFFFFEFF, 0x000003FF,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0x00000000, 0xFFFFFFFF, 0xFFFF003F, 0x007FFFFF,
-0x0007DAED, 0x50000000, 0x82315001, 0x002C62AB,
-0x40000000, 0xF580C900, 0x00000007, 0x02010800,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0x0FFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x03FFFFFF,
-0x3F3FFFFF, 0xFFFFFFFF, 0xAAFF3F3F, 0x3FFFFFFF,
-0xFFFFFFFF, 0x5FDFFFFF, 0x0FCF1FDC, 0x1FDC1FFF,
-0x00000000, 0x00004C40, 0x00000000, 0x00000000,
-0x00000007, 0x00000000, 0x00000000, 0x00000000,
-0x00000080, 0x000003FE, 0xFFFFFFFE, 0xFFFFFFFF,
-0x001FFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0x07FFFFFF,
-0xFFFFFFE0, 0x00001FFF, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0xFFFFFFFF, 0x0000003F, 0x00000000, 0x00000000,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0xFFFFFFFF, 0x0000000F, 0x00000000, 0x00000000,
-0x00000000, 0x07FF6000, 0x87FFFFFE, 0x07FFFFFE,
-0x00000000, 0x00800000, 0xFF7FFFFF, 0xFF7FFFFF,
-0x00FFFFFF, 0x00000000, 0xFFFF0000, 0xFFFFFFFF,
-0xFFFFFFFF, 0xF80001FF, 0x00030003, 0x00000000,
-0xFFFFFFFF, 0xFFFFFFFF, 0x0000003F, 0x00000003,
-0xFFFFD7C0, 0xFFFFFFFB, 0x547F7FFF, 0x000FFFFD,
-0xFFFFDFFE, 0xFFFFFFFF, 0xDFFEFFFF, 0xFFFFFFFF,
-0xFFFF007B, 0xFFFFFFFF, 0xFFFF199F, 0x033FCFFF,
-0x00000000, 0xFFFE0000, 0x027FFFFF, 0xFFFFFFFE,
-0xFFFE007F, 0xBBFFFFFB, 0xFFFF0016, 0x000707FF,
-0x00000000, 0x07FFFFFE, 0x0007FFFF, 0xFFFF03FF,
-0xFFFFFFFF, 0x7CFFFFFF, 0xFFEF7FFF, 0x03FF3DFF,
-0xFFFFFFEE, 0xF3FFFFFF, 0xFF1E3FFF, 0x0000FFCF,
-0xFFF99FEE, 0xD3C5FDFF, 0xB080399F, 0x0003FFCF,
-0xFFF987E4, 0xD36DFDFF, 0x5E003987, 0x001FFFC0,
-0xFFFBAFEE, 0xF3EDFDFF, 0x00003BBF, 0x0000FFC1,
-0xFFF99FEE, 0xF3CDFDFF, 0xB0C0398F, 0x0000FFC3,
-0xD63DC7EC, 0xC3BFC718, 0x00803DC7, 0x0000FF80,
-0xFFFDDFEE, 0xC3EFFDFF, 0x00603DDF, 0x0000FFC3,
-0xFFFDDFEC, 0xC3EFFDFF, 0x40603DDF, 0x0000FFC3,
-0xFFFDDFEC, 0xC3FFFDFF, 0x00803DCF, 0x0000FFC3,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFFFFE, 0x07FF7FFF, 0x03FF7FFF, 0x00000000,
-0xFEF02596, 0x3BFF6CAE, 0x03FF3F5F, 0x00000000,
-0x03000000, 0xC2A003FF, 0xFFFFFEFF, 0xFFFE03FF,
-0xFEBF0FDF, 0x02FE3FFF, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x1FFF0000, 0x00000002,
-0x000000A0, 0x003EFFFE, 0xFFFFFFFE, 0xFFFFFFFF,
-0x661FFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0x77FFFFFF,
-};
-static const unsigned char nmstrtPages[] = {
-0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00,
-0x00, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-0x10, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x13,
-0x00, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x15, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x17,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x18,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-static const unsigned char namePages[] = {
-0x19, 0x03, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x00,
-0x00, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
-0x10, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x13,
-0x26, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x27, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x17,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x18,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
diff --git a/usr.sbin/httpd/src/lib/expat-lite/utf8tab.h b/usr.sbin/httpd/src/lib/expat-lite/utf8tab.h
deleted file mode 100644
index a38fe624e88..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/utf8tab.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-
-/* 0x80 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x84 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x88 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x8C */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x90 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x94 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x98 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x9C */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xA0 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xA4 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xA8 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xAC */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xB0 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xB4 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xB8 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xBC */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xC0 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xC4 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xC8 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xCC */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xD0 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xD4 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xD8 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xDC */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xE0 */ BT_LEAD3, BT_LEAD3, BT_LEAD3, BT_LEAD3,
-/* 0xE4 */ BT_LEAD3, BT_LEAD3, BT_LEAD3, BT_LEAD3,
-/* 0xE8 */ BT_LEAD3, BT_LEAD3, BT_LEAD3, BT_LEAD3,
-/* 0xEC */ BT_LEAD3, BT_LEAD3, BT_LEAD3, BT_LEAD3,
-/* 0xF0 */ BT_LEAD4, BT_LEAD4, BT_LEAD4, BT_LEAD4,
-/* 0xF4 */ BT_LEAD4, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0xF8 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0xFC */ BT_NONXML, BT_NONXML, BT_MALFORM, BT_MALFORM,
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmldef.h b/usr.sbin/httpd/src/lib/expat-lite/xmldef.h
deleted file mode 100644
index dc9145c8d71..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmldef.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include <string.h>
-#include <stdlib.h>
-#include <sys/endian.h>
-#if _BYTE_ORDER == _BIG_ENDIAN
-#define XML_BYTE_ORDER 21
-#elif _BYTE_ORDER == _LITTLE_ENDIAN
-#define XML_BYTE_ORDER 12
-#else
-#error Unsupported byte order
-#endif
-
-/* This file can be used for any definitions needed in
-particular environments. */
-
-#ifdef MOZILLA
-
-#include "nspr.h"
-#define malloc(x) PR_Malloc(x)
-#define realloc(x, y) PR_Realloc((x), (y))
-#define calloc(x, y) PR_Calloc((x),(y))
-#define free(x) PR_Free(x)
-#define int int32
-
-#endif /* MOZILLA */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.c b/usr.sbin/httpd/src/lib/expat-lite/xmlparse.c
deleted file mode 100644
index 578f95e1fe0..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.c
+++ /dev/null
@@ -1,3209 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include "xmldef.h"
-#include "xmlparse.h"
-
-#ifdef XML_UNICODE
-#define XML_ENCODE_MAX XML_UTF16_ENCODE_MAX
-#define XmlConvert XmlUtf16Convert
-#define XmlGetInternalEncoding XmlGetUtf16InternalEncoding
-#define XmlGetInternalEncodingNS XmlGetUtf16InternalEncodingNS
-#define XmlEncode XmlUtf16Encode
-#define MUST_CONVERT(enc, s) (!(enc)->isUtf16 || (((unsigned long)s) & 1))
-typedef unsigned short ICHAR;
-#else
-#define XML_ENCODE_MAX XML_UTF8_ENCODE_MAX
-#define XmlConvert XmlUtf8Convert
-#define XmlGetInternalEncoding XmlGetUtf8InternalEncoding
-#define XmlGetInternalEncodingNS XmlGetUtf8InternalEncodingNS
-#define XmlEncode XmlUtf8Encode
-#define MUST_CONVERT(enc, s) (!(enc)->isUtf8)
-typedef char ICHAR;
-#endif
-
-
-#ifndef XML_NS
-
-#define XmlInitEncodingNS XmlInitEncoding
-#define XmlInitUnknownEncodingNS XmlInitUnknownEncoding
-#undef XmlGetInternalEncodingNS
-#define XmlGetInternalEncodingNS XmlGetInternalEncoding
-#define XmlParseXmlDeclNS XmlParseXmlDecl
-
-#endif
-
-
-#ifdef XML_UNICODE_WCHAR_T
-#define XML_T(x) L ## x
-#else
-#define XML_T(x) x
-#endif
-
-/* Round up n to be a multiple of sz, where sz is a power of 2. */
-#define ROUND_UP(n, sz) (((n) + ((sz) - 1)) & ~((sz) - 1))
-
-#include "xmltok.h"
-#include "xmlrole.h"
-#include "hashtable.h"
-
-#define INIT_TAG_BUF_SIZE 32  /* must be a multiple of sizeof(XML_Char) */
-#define INIT_DATA_BUF_SIZE 1024
-#define INIT_ATTS_SIZE 16
-#define INIT_BLOCK_SIZE 1024
-#define INIT_BUFFER_SIZE 1024
-
-#define EXPAND_SPARE 24
-
-typedef struct binding {
-  struct prefix *prefix;
-  struct binding *nextTagBinding;
-  struct binding *prevPrefixBinding;
-  const struct attribute_id *attId;
-  XML_Char *uri;
-  int uriLen;
-  int uriAlloc;
-} BINDING;
-
-typedef struct prefix {
-  const XML_Char *name;
-  BINDING *binding;
-} PREFIX;
-
-typedef struct {
-  const XML_Char *str;
-  const XML_Char *localPart;
-  int uriLen;
-} TAG_NAME;
-
-typedef struct tag {
-  struct tag *parent;
-  const char *rawName;
-  int rawNameLength;
-  TAG_NAME name;
-  char *buf;
-  char *bufEnd;
-  BINDING *bindings;
-} TAG;
-
-typedef struct {
-  const XML_Char *name;
-  const XML_Char *textPtr;
-  int textLen;
-  const XML_Char *systemId;
-  const XML_Char *base;
-  const XML_Char *publicId;
-  const XML_Char *notation;
-  char open;
-} ENTITY;
-
-typedef struct block {
-  struct block *next;
-  int size;
-  XML_Char s[1];
-} BLOCK;
-
-typedef struct {
-  BLOCK *blocks;
-  BLOCK *freeBlocks;
-  const XML_Char *end;
-  XML_Char *ptr;
-  XML_Char *start;
-} STRING_POOL;
-
-/* The XML_Char before the name is used to determine whether
-an attribute has been specified. */
-typedef struct attribute_id {
-  XML_Char *name;
-  PREFIX *prefix;
-  char maybeTokenized;
-  char xmlns;
-} ATTRIBUTE_ID;
-
-typedef struct {
-  const ATTRIBUTE_ID *id;
-  char isCdata;
-  const XML_Char *value;
-} DEFAULT_ATTRIBUTE;
-
-typedef struct {
-  const XML_Char *name;
-  PREFIX *prefix;
-  int nDefaultAtts;
-  int allocDefaultAtts;
-  DEFAULT_ATTRIBUTE *defaultAtts;
-} ELEMENT_TYPE;
-
-typedef struct {
-  HASH_TABLE generalEntities;
-  HASH_TABLE elementTypes;
-  HASH_TABLE attributeIds;
-  HASH_TABLE prefixes;
-  STRING_POOL pool;
-  int complete;
-  int standalone;
-  const XML_Char *base;
-  PREFIX defaultPrefix;
-} DTD;
-
-typedef struct open_internal_entity {
-  const char *internalEventPtr;
-  const char *internalEventEndPtr;
-  struct open_internal_entity *next;
-  ENTITY *entity;
-} OPEN_INTERNAL_ENTITY;
-
-typedef enum XML_Error Processor(XML_Parser parser,
-				 const char *start,
-				 const char *end,
-				 const char **endPtr);
-
-static Processor prologProcessor;
-static Processor prologInitProcessor;
-static Processor contentProcessor;
-static Processor cdataSectionProcessor;
-static Processor epilogProcessor;
-static Processor externalEntityInitProcessor;
-static Processor externalEntityInitProcessor2;
-static Processor externalEntityInitProcessor3;
-static Processor externalEntityContentProcessor;
-
-static enum XML_Error
-handleUnknownEncoding(XML_Parser parser, const XML_Char *encodingName);
-static enum XML_Error
-processXmlDecl(XML_Parser parser, int isGeneralTextEntity, const char *, const char *);
-static enum XML_Error
-initializeEncoding(XML_Parser parser);
-static enum XML_Error
-doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
-	  const char *start, const char *end, const char **endPtr);
-static enum XML_Error
-doCdataSection(XML_Parser parser, const ENCODING *, const char **startPtr, const char *end, const char **nextPtr);
-static enum XML_Error storeAtts(XML_Parser parser, const ENCODING *, const char *s,
-				TAG_NAME *tagNamePtr, BINDING **bindingsPtr);
-static
-int addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, const XML_Char *uri, BINDING **bindingsPtr);
-static int
-defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *, int isCdata, const XML_Char *dfltValue);
-static enum XML_Error
-storeAttributeValue(XML_Parser parser, const ENCODING *, int isCdata, const char *, const char *,
-		    STRING_POOL *);
-static enum XML_Error
-appendAttributeValue(XML_Parser parser, const ENCODING *, int isCdata, const char *, const char *,
-		    STRING_POOL *);
-static ATTRIBUTE_ID *
-getAttributeId(XML_Parser parser, const ENCODING *enc, const char *start, const char *end);
-static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *);
-static enum XML_Error
-storeEntityValue(XML_Parser parser, const char *start, const char *end);
-static int
-reportProcessingInstruction(XML_Parser parser, const ENCODING *enc, const char *start, const char *end);
-static int
-reportComment(XML_Parser parser, const ENCODING *enc, const char *start, const char *end);
-static void
-reportDefault(XML_Parser parser, const ENCODING *enc, const char *start, const char *end);
-
-static const XML_Char *getContext(XML_Parser parser);
-static int setContext(XML_Parser parser, const XML_Char *context);
-static void normalizePublicId(XML_Char *s);
-static int dtdInit(DTD *);
-static void dtdDestroy(DTD *);
-static int dtdCopy(DTD *newDtd, const DTD *oldDtd);
-static void poolInit(STRING_POOL *);
-static void poolClear(STRING_POOL *);
-static void poolDestroy(STRING_POOL *);
-static XML_Char *poolAppend(STRING_POOL *pool, const ENCODING *enc,
-			    const char *ptr, const char *end);
-static XML_Char *poolStoreString(STRING_POOL *pool, const ENCODING *enc,
-				  const char *ptr, const char *end);
-static int poolGrow(STRING_POOL *pool);
-static const XML_Char *poolCopyString(STRING_POOL *pool, const XML_Char *s);
-static const XML_Char *poolCopyStringN(STRING_POOL *pool, const XML_Char *s, int n);
-
-#define poolStart(pool) ((pool)->start)
-#define poolEnd(pool) ((pool)->ptr)
-#define poolLength(pool) ((pool)->ptr - (pool)->start)
-#define poolChop(pool) ((void)--(pool->ptr))
-#define poolLastChar(pool) (((pool)->ptr)[-1])
-#define poolDiscard(pool) ((pool)->ptr = (pool)->start)
-#define poolFinish(pool) ((pool)->start = (pool)->ptr)
-#define poolAppendChar(pool, c) \
-  (((pool)->ptr == (pool)->end && !poolGrow(pool)) \
-   ? 0 \
-   : ((*((pool)->ptr)++ = c), 1))
-
-typedef struct {
-  /* The first member must be userData so that the XML_GetUserData macro works. */
-  void *m_userData;
-  void *m_handlerArg;
-  char *m_buffer;
-  /* first character to be parsed */
-  const char *m_bufferPtr;
-  /* past last character to be parsed */
-  char *m_bufferEnd;
-  /* allocated end of buffer */
-  const char *m_bufferLim;
-  long m_parseEndByteIndex;
-  const char *m_parseEndPtr;
-  XML_Char *m_dataBuf;
-  XML_Char *m_dataBufEnd;
-  XML_StartElementHandler m_startElementHandler;
-  XML_EndElementHandler m_endElementHandler;
-  XML_CharacterDataHandler m_characterDataHandler;
-  XML_ProcessingInstructionHandler m_processingInstructionHandler;
-  XML_CommentHandler m_commentHandler;
-  XML_StartCdataSectionHandler m_startCdataSectionHandler;
-  XML_EndCdataSectionHandler m_endCdataSectionHandler;
-  XML_DefaultHandler m_defaultHandler;
-  XML_UnparsedEntityDeclHandler m_unparsedEntityDeclHandler;
-  XML_NotationDeclHandler m_notationDeclHandler;
-  XML_StartNamespaceDeclHandler m_startNamespaceDeclHandler;
-  XML_EndNamespaceDeclHandler m_endNamespaceDeclHandler;
-  XML_NotStandaloneHandler m_notStandaloneHandler;
-  XML_ExternalEntityRefHandler m_externalEntityRefHandler;
-  void *m_externalEntityRefHandlerArg;
-  XML_UnknownEncodingHandler m_unknownEncodingHandler;
-  const ENCODING *m_encoding;
-  INIT_ENCODING m_initEncoding;
-  const XML_Char *m_protocolEncodingName;
-  int m_ns;
-  void *m_unknownEncodingMem;
-  void *m_unknownEncodingData;
-  void *m_unknownEncodingHandlerData;
-  void (*m_unknownEncodingRelease)(void *);
-  PROLOG_STATE m_prologState;
-  Processor *m_processor;
-  enum XML_Error m_errorCode;
-  const char *m_eventPtr;
-  const char *m_eventEndPtr;
-  const char *m_positionPtr;
-  OPEN_INTERNAL_ENTITY *m_openInternalEntities;
-  int m_defaultExpandInternalEntities;
-  int m_tagLevel;
-  ENTITY *m_declEntity;
-  const XML_Char *m_declNotationName;
-  const XML_Char *m_declNotationPublicId;
-  ELEMENT_TYPE *m_declElementType;
-  ATTRIBUTE_ID *m_declAttributeId;
-  char m_declAttributeIsCdata;
-  DTD m_dtd;
-  TAG *m_tagStack;
-  TAG *m_freeTagList;
-  BINDING *m_inheritedBindings;
-  BINDING *m_freeBindingList;
-  int m_attsSize;
-  int m_nSpecifiedAtts;
-  ATTRIBUTE *m_atts;
-  POSITION m_position;
-  STRING_POOL m_tempPool;
-  STRING_POOL m_temp2Pool;
-  char *m_groupConnector;
-  unsigned m_groupSize;
-  int m_hadExternalDoctype;
-  XML_Char m_namespaceSeparator;
-} Parser;
-
-#define userData (((Parser *)parser)->m_userData)
-#define handlerArg (((Parser *)parser)->m_handlerArg)
-#define startElementHandler (((Parser *)parser)->m_startElementHandler)
-#define endElementHandler (((Parser *)parser)->m_endElementHandler)
-#define characterDataHandler (((Parser *)parser)->m_characterDataHandler)
-#define processingInstructionHandler (((Parser *)parser)->m_processingInstructionHandler)
-#define commentHandler (((Parser *)parser)->m_commentHandler)
-#define startCdataSectionHandler (((Parser *)parser)->m_startCdataSectionHandler)
-#define endCdataSectionHandler (((Parser *)parser)->m_endCdataSectionHandler)
-#define defaultHandler (((Parser *)parser)->m_defaultHandler)
-#define unparsedEntityDeclHandler (((Parser *)parser)->m_unparsedEntityDeclHandler)
-#define notationDeclHandler (((Parser *)parser)->m_notationDeclHandler)
-#define startNamespaceDeclHandler (((Parser *)parser)->m_startNamespaceDeclHandler)
-#define endNamespaceDeclHandler (((Parser *)parser)->m_endNamespaceDeclHandler)
-#define notStandaloneHandler (((Parser *)parser)->m_notStandaloneHandler)
-#define externalEntityRefHandler (((Parser *)parser)->m_externalEntityRefHandler)
-#define externalEntityRefHandlerArg (((Parser *)parser)->m_externalEntityRefHandlerArg)
-#define unknownEncodingHandler (((Parser *)parser)->m_unknownEncodingHandler)
-#define encoding (((Parser *)parser)->m_encoding)
-#define initEncoding (((Parser *)parser)->m_initEncoding)
-#define unknownEncodingMem (((Parser *)parser)->m_unknownEncodingMem)
-#define unknownEncodingData (((Parser *)parser)->m_unknownEncodingData)
-#define unknownEncodingHandlerData \
-  (((Parser *)parser)->m_unknownEncodingHandlerData)
-#define unknownEncodingRelease (((Parser *)parser)->m_unknownEncodingRelease)
-#define protocolEncodingName (((Parser *)parser)->m_protocolEncodingName)
-#define ns (((Parser *)parser)->m_ns)
-#define prologState (((Parser *)parser)->m_prologState)
-#define processor (((Parser *)parser)->m_processor)
-#define errorCode (((Parser *)parser)->m_errorCode)
-#define eventPtr (((Parser *)parser)->m_eventPtr)
-#define eventEndPtr (((Parser *)parser)->m_eventEndPtr)
-#define positionPtr (((Parser *)parser)->m_positionPtr)
-#define position (((Parser *)parser)->m_position)
-#define openInternalEntities (((Parser *)parser)->m_openInternalEntities)
-#define defaultExpandInternalEntities (((Parser *)parser)->m_defaultExpandInternalEntities)
-#define tagLevel (((Parser *)parser)->m_tagLevel)
-#define buffer (((Parser *)parser)->m_buffer)
-#define bufferPtr (((Parser *)parser)->m_bufferPtr)
-#define bufferEnd (((Parser *)parser)->m_bufferEnd)
-#define parseEndByteIndex (((Parser *)parser)->m_parseEndByteIndex)
-#define parseEndPtr (((Parser *)parser)->m_parseEndPtr)
-#define bufferLim (((Parser *)parser)->m_bufferLim)
-#define dataBuf (((Parser *)parser)->m_dataBuf)
-#define dataBufEnd (((Parser *)parser)->m_dataBufEnd)
-#define dtd (((Parser *)parser)->m_dtd)
-#define declEntity (((Parser *)parser)->m_declEntity)
-#define declNotationName (((Parser *)parser)->m_declNotationName)
-#define declNotationPublicId (((Parser *)parser)->m_declNotationPublicId)
-#define declElementType (((Parser *)parser)->m_declElementType)
-#define declAttributeId (((Parser *)parser)->m_declAttributeId)
-#define declAttributeIsCdata (((Parser *)parser)->m_declAttributeIsCdata)
-#define freeTagList (((Parser *)parser)->m_freeTagList)
-#define freeBindingList (((Parser *)parser)->m_freeBindingList)
-#define inheritedBindings (((Parser *)parser)->m_inheritedBindings)
-#define tagStack (((Parser *)parser)->m_tagStack)
-#define atts (((Parser *)parser)->m_atts)
-#define attsSize (((Parser *)parser)->m_attsSize)
-#define nSpecifiedAtts (((Parser *)parser)->m_nSpecifiedAtts)
-#define tempPool (((Parser *)parser)->m_tempPool)
-#define temp2Pool (((Parser *)parser)->m_temp2Pool)
-#define groupConnector (((Parser *)parser)->m_groupConnector)
-#define groupSize (((Parser *)parser)->m_groupSize)
-#define hadExternalDoctype (((Parser *)parser)->m_hadExternalDoctype)
-#define namespaceSeparator (((Parser *)parser)->m_namespaceSeparator)
-
-XML_Parser XML_ParserCreate(const XML_Char *encodingName)
-{
-  XML_Parser parser = malloc(sizeof(Parser));
-  if (!parser)
-    return parser;
-  processor = prologInitProcessor;
-  XmlPrologStateInit(&prologState);
-  userData = 0;
-  handlerArg = 0;
-  startElementHandler = 0;
-  endElementHandler = 0;
-  characterDataHandler = 0;
-  processingInstructionHandler = 0;
-  commentHandler = 0;
-  startCdataSectionHandler = 0;
-  endCdataSectionHandler = 0;
-  defaultHandler = 0;
-  unparsedEntityDeclHandler = 0;
-  notationDeclHandler = 0;
-  startNamespaceDeclHandler = 0;
-  endNamespaceDeclHandler = 0;
-  notStandaloneHandler = 0;
-  externalEntityRefHandler = 0;
-  externalEntityRefHandlerArg = parser;
-  unknownEncodingHandler = 0;
-  buffer = 0;
-  bufferPtr = 0;
-  bufferEnd = 0;
-  parseEndByteIndex = 0;
-  parseEndPtr = 0;
-  bufferLim = 0;
-  declElementType = 0;
-  declAttributeId = 0;
-  declEntity = 0;
-  declNotationName = 0;
-  declNotationPublicId = 0;
-  memset(&position, 0, sizeof(POSITION));
-  errorCode = XML_ERROR_NONE;
-  eventPtr = 0;
-  eventEndPtr = 0;
-  positionPtr = 0;
-  openInternalEntities = 0;
-  tagLevel = 0;
-  tagStack = 0;
-  freeTagList = 0;
-  freeBindingList = 0;
-  inheritedBindings = 0;
-  attsSize = INIT_ATTS_SIZE;
-  atts = malloc(attsSize * sizeof(ATTRIBUTE));
-  nSpecifiedAtts = 0;
-  dataBuf = malloc(INIT_DATA_BUF_SIZE * sizeof(XML_Char));
-  groupSize = 0;
-  groupConnector = 0;
-  hadExternalDoctype = 0;
-  unknownEncodingMem = 0;
-  unknownEncodingRelease = 0;
-  unknownEncodingData = 0;
-  unknownEncodingHandlerData = 0;
-  namespaceSeparator = '!';
-  ns = 0;
-  poolInit(&tempPool);
-  poolInit(&temp2Pool);
-  protocolEncodingName = encodingName ? poolCopyString(&tempPool, encodingName) : 0;
-  if (!dtdInit(&dtd) || !atts || !dataBuf
-      || (encodingName && !protocolEncodingName)) {
-    XML_ParserFree(parser);
-    return 0;
-  }
-  dataBufEnd = dataBuf + INIT_DATA_BUF_SIZE;
-  XmlInitEncoding(&initEncoding, &encoding, 0);
-  return parser;
-}
-
-XML_Parser XML_ParserCreateNS(const XML_Char *encodingName, XML_Char nsSep)
-{
-  static
-  const XML_Char implicitContext[] = {
-    XML_T('x'), XML_T('m'), XML_T('l'), XML_T('='),
-    XML_T('h'), XML_T('t'), XML_T('t'), XML_T('p'), XML_T(':'),
-    XML_T('/'), XML_T('/'), XML_T('w'), XML_T('w'), XML_T('w'),
-    XML_T('.'), XML_T('w'), XML_T('3'),
-    XML_T('.'), XML_T('o'), XML_T('r'), XML_T('g'),
-    XML_T('/'), XML_T('X'), XML_T('M'), XML_T('L'),
-    XML_T('/'), XML_T('1'), XML_T('9'), XML_T('9'), XML_T('8'),
-    XML_T('/'), XML_T('n'), XML_T('a'), XML_T('m'), XML_T('e'),
-    XML_T('s'), XML_T('p'), XML_T('a'), XML_T('c'), XML_T('e'),
-    XML_T('\0')
-  };
-
-  XML_Parser parser = XML_ParserCreate(encodingName);
-  if (parser) {
-    XmlInitEncodingNS(&initEncoding, &encoding, 0);
-    ns = 1;
-    namespaceSeparator = nsSep;
-  }
-  if (!setContext(parser, implicitContext)) {
-    XML_ParserFree(parser);
-    return 0;
-  }
-  return parser;
-}
-
-int XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName)
-{
-  if (!encodingName)
-    protocolEncodingName = 0;
-  else {
-    protocolEncodingName = poolCopyString(&tempPool, encodingName);
-    if (!protocolEncodingName)
-      return 0;
-  }
-  return 1;
-}
-
-XML_Parser XML_ExternalEntityParserCreate(XML_Parser oldParser,
-					  const XML_Char *context,
-					  const XML_Char *encodingName)
-{
-  XML_Parser parser = oldParser;
-  DTD *oldDtd = &dtd;
-  XML_StartElementHandler oldStartElementHandler = startElementHandler;
-  XML_EndElementHandler oldEndElementHandler = endElementHandler;
-  XML_CharacterDataHandler oldCharacterDataHandler = characterDataHandler;
-  XML_ProcessingInstructionHandler oldProcessingInstructionHandler = processingInstructionHandler;
-  XML_CommentHandler oldCommentHandler = commentHandler;
-  XML_StartCdataSectionHandler oldStartCdataSectionHandler = startCdataSectionHandler;
-  XML_EndCdataSectionHandler oldEndCdataSectionHandler = endCdataSectionHandler;
-  XML_DefaultHandler oldDefaultHandler = defaultHandler;
-  XML_StartNamespaceDeclHandler oldStartNamespaceDeclHandler = startNamespaceDeclHandler;
-  XML_EndNamespaceDeclHandler oldEndNamespaceDeclHandler = endNamespaceDeclHandler;
-  XML_NotStandaloneHandler oldNotStandaloneHandler = notStandaloneHandler;
-  XML_ExternalEntityRefHandler oldExternalEntityRefHandler = externalEntityRefHandler;
-  XML_UnknownEncodingHandler oldUnknownEncodingHandler = unknownEncodingHandler;
-  void *oldUserData = userData;
-  void *oldHandlerArg = handlerArg;
-  int oldDefaultExpandInternalEntities = defaultExpandInternalEntities;
-  void *oldExternalEntityRefHandlerArg = externalEntityRefHandlerArg;
- 
-  parser = (ns
-            ? XML_ParserCreateNS(encodingName, namespaceSeparator)
-	    : XML_ParserCreate(encodingName));
-  if (!parser)
-    return 0;
-  startElementHandler = oldStartElementHandler;
-  endElementHandler = oldEndElementHandler;
-  characterDataHandler = oldCharacterDataHandler;
-  processingInstructionHandler = oldProcessingInstructionHandler;
-  commentHandler = oldCommentHandler;
-  startCdataSectionHandler = oldStartCdataSectionHandler;
-  endCdataSectionHandler = oldEndCdataSectionHandler;
-  defaultHandler = oldDefaultHandler;
-  startNamespaceDeclHandler = oldStartNamespaceDeclHandler;
-  endNamespaceDeclHandler = oldEndNamespaceDeclHandler;
-  notStandaloneHandler = oldNotStandaloneHandler;
-  externalEntityRefHandler = oldExternalEntityRefHandler;
-  unknownEncodingHandler = oldUnknownEncodingHandler;
-  userData = oldUserData;
-  if (oldUserData == oldHandlerArg)
-    handlerArg = userData;
-  else
-    handlerArg = parser;
-  if (oldExternalEntityRefHandlerArg != oldParser)
-    externalEntityRefHandlerArg = oldExternalEntityRefHandlerArg;
-  defaultExpandInternalEntities = oldDefaultExpandInternalEntities;
-  if (!dtdCopy(&dtd, oldDtd) || !setContext(parser, context)) {
-    XML_ParserFree(parser);
-    return 0;
-  }
-  processor = externalEntityInitProcessor;
-  return parser;
-}
-
-static
-void destroyBindings(BINDING *bindings)
-{
-  for (;;) {
-    BINDING *b = bindings;
-    if (!b)
-      break;
-    bindings = b->nextTagBinding;
-    free(b->uri);
-    free(b);
-  }
-}
-
-void XML_ParserFree(XML_Parser parser)
-{
-  for (;;) {
-    TAG *p;
-    if (tagStack == 0) {
-      if (freeTagList == 0)
-	break;
-      tagStack = freeTagList;
-      freeTagList = 0;
-    }
-    p = tagStack;
-    tagStack = tagStack->parent;
-    free(p->buf);
-    destroyBindings(p->bindings);
-    free(p);
-  }
-  destroyBindings(freeBindingList);
-  destroyBindings(inheritedBindings);
-  poolDestroy(&tempPool);
-  poolDestroy(&temp2Pool);
-  dtdDestroy(&dtd);
-  free((void *)atts);
-  free(groupConnector);
-  free(buffer);
-  free(dataBuf);
-  free(unknownEncodingMem);
-  if (unknownEncodingRelease)
-    unknownEncodingRelease(unknownEncodingData);
-  free(parser);
-}
-
-void XML_UseParserAsHandlerArg(XML_Parser parser)
-{
-  handlerArg = parser;
-}
-
-void XML_SetUserData(XML_Parser parser, void *p)
-{
-  if (handlerArg == userData)
-    handlerArg = userData = p;
-  else
-    userData = p;
-}
-
-int XML_SetBase(XML_Parser parser, const XML_Char *p)
-{
-  if (p) {
-    p = poolCopyString(&dtd.pool, p);
-    if (!p)
-      return 0;
-    dtd.base = p;
-  }
-  else
-    dtd.base = 0;
-  return 1;
-}
-
-const XML_Char *XML_GetBase(XML_Parser parser)
-{
-  return dtd.base;
-}
-
-int XML_GetSpecifiedAttributeCount(XML_Parser parser)
-{
-  return nSpecifiedAtts;
-}
-
-void XML_SetElementHandler(XML_Parser parser,
-			   XML_StartElementHandler start,
-			   XML_EndElementHandler end)
-{
-  startElementHandler = start;
-  endElementHandler = end;
-}
-
-void XML_SetCharacterDataHandler(XML_Parser parser,
-				 XML_CharacterDataHandler handler)
-{
-  characterDataHandler = handler;
-}
-
-void XML_SetProcessingInstructionHandler(XML_Parser parser,
-					 XML_ProcessingInstructionHandler handler)
-{
-  processingInstructionHandler = handler;
-}
-
-void XML_SetCommentHandler(XML_Parser parser,
-			   XML_CommentHandler handler)
-{
-  commentHandler = handler;
-}
-
-void XML_SetCdataSectionHandler(XML_Parser parser,
-				XML_StartCdataSectionHandler start,
-			        XML_EndCdataSectionHandler end)
-{
-  startCdataSectionHandler = start;
-  endCdataSectionHandler = end;
-}
-
-void XML_SetDefaultHandler(XML_Parser parser,
-			   XML_DefaultHandler handler)
-{
-  defaultHandler = handler;
-  defaultExpandInternalEntities = 0;
-}
-
-void XML_SetDefaultHandlerExpand(XML_Parser parser,
-				 XML_DefaultHandler handler)
-{
-  defaultHandler = handler;
-  defaultExpandInternalEntities = 1;
-}
-
-void XML_SetUnparsedEntityDeclHandler(XML_Parser parser,
-				      XML_UnparsedEntityDeclHandler handler)
-{
-  unparsedEntityDeclHandler = handler;
-}
-
-void XML_SetNotationDeclHandler(XML_Parser parser,
-				XML_NotationDeclHandler handler)
-{
-  notationDeclHandler = handler;
-}
-
-void XML_SetNamespaceDeclHandler(XML_Parser parser,
-				 XML_StartNamespaceDeclHandler start,
-				 XML_EndNamespaceDeclHandler end)
-{
-  startNamespaceDeclHandler = start;
-  endNamespaceDeclHandler = end;
-}
-
-void XML_SetNotStandaloneHandler(XML_Parser parser,
-				 XML_NotStandaloneHandler handler)
-{
-  notStandaloneHandler = handler;
-}
-
-void XML_SetExternalEntityRefHandler(XML_Parser parser,
-				     XML_ExternalEntityRefHandler handler)
-{
-  externalEntityRefHandler = handler;
-}
-
-void XML_SetExternalEntityRefHandlerArg(XML_Parser parser, void *arg)
-{
-  if (arg)
-    externalEntityRefHandlerArg = arg;
-  else
-    externalEntityRefHandlerArg = parser;
-}
-
-void XML_SetUnknownEncodingHandler(XML_Parser parser,
-				   XML_UnknownEncodingHandler handler,
-				   void *data)
-{
-  unknownEncodingHandler = handler;
-  unknownEncodingHandlerData = data;
-}
-
-int XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
-{
-  if (len == 0) {
-    if (!isFinal)
-      return 1;
-    positionPtr = bufferPtr;
-    errorCode = processor(parser, bufferPtr, parseEndPtr = bufferEnd, 0);
-    if (errorCode == XML_ERROR_NONE)
-      return 1;
-    eventEndPtr = eventPtr;
-    return 0;
-  }
-  else if (bufferPtr == bufferEnd) {
-    const char *end;
-    int nLeftOver;
-    parseEndByteIndex += len;
-    positionPtr = s;
-    if (isFinal) {
-      errorCode = processor(parser, s, parseEndPtr = s + len, 0);
-      if (errorCode == XML_ERROR_NONE)
-	return 1;
-      eventEndPtr = eventPtr;
-      return 0;
-    }
-    errorCode = processor(parser, s, parseEndPtr = s + len, &end);
-    if (errorCode != XML_ERROR_NONE) {
-      eventEndPtr = eventPtr;
-      return 0;
-    }
-    XmlUpdatePosition(encoding, positionPtr, end, &position);
-    nLeftOver = s + len - end;
-    if (nLeftOver) {
-      if (buffer == 0 || nLeftOver > bufferLim - buffer) {
-	/* FIXME avoid integer overflow */
-	buffer = buffer == 0 ? malloc(len * 2) : realloc(buffer, len * 2);
-	if (!buffer) {
-	  errorCode = XML_ERROR_NO_MEMORY;
-	  eventPtr = eventEndPtr = 0;
-	  return 0;
-	}
-	bufferLim = buffer + len * 2;
-      }
-      memcpy(buffer, end, nLeftOver);
-      bufferPtr = buffer;
-      bufferEnd = buffer + nLeftOver;
-    }
-    return 1;
-  }
-  else {
-    memcpy(XML_GetBuffer(parser, len), s, len);
-    return XML_ParseBuffer(parser, len, isFinal);
-  }
-}
-
-int XML_ParseBuffer(XML_Parser parser, int len, int isFinal)
-{
-  const char *start = bufferPtr;
-  positionPtr = start;
-  bufferEnd += len;
-  parseEndByteIndex += len;
-  errorCode = processor(parser, start, parseEndPtr = bufferEnd,
-			isFinal ? (const char **)0 : &bufferPtr);
-  if (errorCode == XML_ERROR_NONE) {
-    if (!isFinal)
-      XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position);
-    return 1;
-  }
-  else {
-    eventEndPtr = eventPtr;
-    return 0;
-  }
-}
-
-void *XML_GetBuffer(XML_Parser parser, int len)
-{
-  if (len > bufferLim - bufferEnd) {
-    /* FIXME avoid integer overflow */
-    int neededSize = len + (bufferEnd - bufferPtr);
-    if (neededSize  <= bufferLim - buffer) {
-      memmove(buffer, bufferPtr, bufferEnd - bufferPtr);
-      bufferEnd = buffer + (bufferEnd - bufferPtr);
-      bufferPtr = buffer;
-    }
-    else {
-      char *newBuf;
-      int bufferSize = bufferLim - bufferPtr;
-      if (bufferSize == 0)
-	bufferSize = INIT_BUFFER_SIZE;
-      do {
-	bufferSize *= 2;
-      } while (bufferSize < neededSize);
-      newBuf = malloc(bufferSize);
-      if (newBuf == 0) {
-	errorCode = XML_ERROR_NO_MEMORY;
-	return 0;
-      }
-      bufferLim = newBuf + bufferSize;
-      if (bufferPtr) {
-	memcpy(newBuf, bufferPtr, bufferEnd - bufferPtr);
-	free(buffer);
-      }
-      bufferEnd = newBuf + (bufferEnd - bufferPtr);
-      bufferPtr = buffer = newBuf;
-    }
-  }
-  return bufferEnd;
-}
-
-enum XML_Error XML_GetErrorCode(XML_Parser parser)
-{
-  return errorCode;
-}
-
-long XML_GetCurrentByteIndex(XML_Parser parser)
-{
-  if (eventPtr)
-    return parseEndByteIndex - (parseEndPtr - eventPtr);
-  return -1;
-}
-
-int XML_GetCurrentByteCount(XML_Parser parser)
-{
-  if (eventEndPtr && eventPtr)
-    return eventEndPtr - eventPtr;
-  return 0;
-}
-
-int XML_GetCurrentLineNumber(XML_Parser parser)
-{
-  if (eventPtr) {
-    XmlUpdatePosition(encoding, positionPtr, eventPtr, &position);
-    positionPtr = eventPtr;
-  }
-  return position.lineNumber + 1;
-}
-
-int XML_GetCurrentColumnNumber(XML_Parser parser)
-{
-  if (eventPtr) {
-    XmlUpdatePosition(encoding, positionPtr, eventPtr, &position);
-    positionPtr = eventPtr;
-  }
-  return position.columnNumber;
-}
-
-void XML_DefaultCurrent(XML_Parser parser)
-{
-  if (defaultHandler) {
-    if (openInternalEntities)
-      reportDefault(parser,
-	            ns ? XmlGetInternalEncodingNS() : XmlGetInternalEncoding(),
-		    openInternalEntities->internalEventPtr,
-		    openInternalEntities->internalEventEndPtr);
-    else
-      reportDefault(parser, encoding, eventPtr, eventEndPtr);
-  }
-}
-
-const XML_LChar *XML_ErrorString(int code)
-{
-  static const XML_LChar *message[] = {
-    0,
-    XML_T("out of memory"),
-    XML_T("syntax error"),
-    XML_T("no element found"),
-    XML_T("not well-formed"),
-    XML_T("unclosed token"),
-    XML_T("unclosed token"),
-    XML_T("mismatched tag"),
-    XML_T("duplicate attribute"),
-    XML_T("junk after document element"),
-    XML_T("illegal parameter entity reference"),
-    XML_T("undefined entity"),
-    XML_T("recursive entity reference"),
-    XML_T("asynchronous entity"),
-    XML_T("reference to invalid character number"),
-    XML_T("reference to binary entity"),
-    XML_T("reference to external entity in attribute"),
-    XML_T("xml processing instruction not at start of external entity"),
-    XML_T("unknown encoding"),
-    XML_T("encoding specified in XML declaration is incorrect"),
-    XML_T("unclosed CDATA section"),
-    XML_T("error in processing external entity reference"),
-    XML_T("document is not standalone")
-  };
-  if (code > 0 && code < sizeof(message)/sizeof(message[0]))
-    return message[code];
-  return 0;
-}
-
-static
-enum XML_Error contentProcessor(XML_Parser parser,
-				const char *start,
-				const char *end,
-				const char **endPtr)
-{
-  return doContent(parser, 0, encoding, start, end, endPtr);
-}
-
-static
-enum XML_Error externalEntityInitProcessor(XML_Parser parser,
-					   const char *start,
-					   const char *end,
-					   const char **endPtr)
-{
-  enum XML_Error result = initializeEncoding(parser);
-  if (result != XML_ERROR_NONE)
-    return result;
-  processor = externalEntityInitProcessor2;
-  return externalEntityInitProcessor2(parser, start, end, endPtr);
-}
-
-static
-enum XML_Error externalEntityInitProcessor2(XML_Parser parser,
-					    const char *start,
-					    const char *end,
-					    const char **endPtr)
-{
-  const char *next;
-  int tok = XmlContentTok(encoding, start, end, &next);
-  switch (tok) {
-  case XML_TOK_BOM:
-    start = next;
-    break;
-  case XML_TOK_PARTIAL:
-    if (endPtr) {
-      *endPtr = start;
-      return XML_ERROR_NONE;
-    }
-    eventPtr = start;
-    return XML_ERROR_UNCLOSED_TOKEN;
-  case XML_TOK_PARTIAL_CHAR:
-    if (endPtr) {
-      *endPtr = start;
-      return XML_ERROR_NONE;
-    }
-    eventPtr = start;
-    return XML_ERROR_PARTIAL_CHAR;
-  }
-  processor = externalEntityInitProcessor3;
-  return externalEntityInitProcessor3(parser, start, end, endPtr);
-}
-
-static
-enum XML_Error externalEntityInitProcessor3(XML_Parser parser,
-					    const char *start,
-					    const char *end,
-					    const char **endPtr)
-{
-  const char *next;
-  int tok = XmlContentTok(encoding, start, end, &next);
-  switch (tok) {
-  case XML_TOK_XML_DECL:
-    {
-      enum XML_Error result = processXmlDecl(parser, 1, start, next);
-      if (result != XML_ERROR_NONE)
-	return result;
-      start = next;
-    }
-    break;
-  case XML_TOK_PARTIAL:
-    if (endPtr) {
-      *endPtr = start;
-      return XML_ERROR_NONE;
-    }
-    eventPtr = start;
-    return XML_ERROR_UNCLOSED_TOKEN;
-  case XML_TOK_PARTIAL_CHAR:
-    if (endPtr) {
-      *endPtr = start;
-      return XML_ERROR_NONE;
-    }
-    eventPtr = start;
-    return XML_ERROR_PARTIAL_CHAR;
-  }
-  processor = externalEntityContentProcessor;
-  tagLevel = 1;
-  return doContent(parser, 1, encoding, start, end, endPtr);
-}
-
-static
-enum XML_Error externalEntityContentProcessor(XML_Parser parser,
-					      const char *start,
-					      const char *end,
-					      const char **endPtr)
-{
-  return doContent(parser, 1, encoding, start, end, endPtr);
-}
-
-static enum XML_Error
-doContent(XML_Parser parser,
-	  int startTagLevel,
-	  const ENCODING *enc,
-	  const char *s,
-	  const char *end,
-	  const char **nextPtr)
-{
-  const ENCODING *internalEnc = ns ? XmlGetInternalEncodingNS() : XmlGetInternalEncoding();
-  const char **eventPP;
-  const char **eventEndPP;
-  if (enc == encoding) {
-    eventPP = &eventPtr;
-    eventEndPP = &eventEndPtr;
-  }
-  else {
-    eventPP = &(openInternalEntities->internalEventPtr);
-    eventEndPP = &(openInternalEntities->internalEventEndPtr);
-  }
-  *eventPP = s;
-  for (;;) {
-    const char *next = s; /* XmlContentTok doesn't always set the last arg */
-    int tok = XmlContentTok(enc, s, end, &next);
-    *eventEndPP = next;
-    switch (tok) {
-    case XML_TOK_TRAILING_CR:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      *eventEndPP = end;
-      if (characterDataHandler) {
-	XML_Char c = 0xA;
-	characterDataHandler(handlerArg, &c, 1);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, end);
-      if (startTagLevel == 0)
-	return XML_ERROR_NO_ELEMENTS;
-      if (tagLevel != startTagLevel)
-	return XML_ERROR_ASYNC_ENTITY;
-      return XML_ERROR_NONE;
-    case XML_TOK_NONE:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      if (startTagLevel > 0) {
-	if (tagLevel != startTagLevel)
-	  return XML_ERROR_ASYNC_ENTITY;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_NO_ELEMENTS;
-    case XML_TOK_INVALID:
-      *eventPP = next;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_PARTIAL:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_UNCLOSED_TOKEN;
-    case XML_TOK_PARTIAL_CHAR:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_PARTIAL_CHAR;
-    case XML_TOK_ENTITY_REF:
-      {
-	const XML_Char *name;
-	ENTITY *entity;
-	XML_Char ch = XmlPredefinedEntityName(enc,
-					      s + enc->minBytesPerChar,
-					      next - enc->minBytesPerChar);
-	if (ch) {
-	  if (characterDataHandler)
-	    characterDataHandler(handlerArg, &ch, 1);
-	  else if (defaultHandler)
-	    reportDefault(parser, enc, s, next);
-	  break;
-	}
-	name = poolStoreString(&dtd.pool, enc,
-				s + enc->minBytesPerChar,
-				next - enc->minBytesPerChar);
-	if (!name)
-	  return XML_ERROR_NO_MEMORY;
-	entity = (ENTITY *)hashTableLookup(&dtd.generalEntities, name, 0);
-	poolDiscard(&dtd.pool);
-	if (!entity) {
-	  if (dtd.complete || dtd.standalone)
-	    return XML_ERROR_UNDEFINED_ENTITY;
-	  if (defaultHandler)
-	    reportDefault(parser, enc, s, next);
-	  break;
-	}
-	if (entity->open)
-	  return XML_ERROR_RECURSIVE_ENTITY_REF;
-	if (entity->notation)
-	  return XML_ERROR_BINARY_ENTITY_REF;
-	if (entity) {
-	  if (entity->textPtr) {
-	    enum XML_Error result;
-	    OPEN_INTERNAL_ENTITY openEntity;
-	    if (defaultHandler && !defaultExpandInternalEntities) {
-	      reportDefault(parser, enc, s, next);
-	      break;
-	    }
-	    entity->open = 1;
-	    openEntity.next = openInternalEntities;
-	    openInternalEntities = &openEntity;
-	    openEntity.entity = entity;
-	    openEntity.internalEventPtr = 0;
-	    openEntity.internalEventEndPtr = 0;
-	    result = doContent(parser,
-			       tagLevel,
-			       internalEnc,
-			       (char *)entity->textPtr,
-			       (char *)(entity->textPtr + entity->textLen),
-			       0);
-	    entity->open = 0;
-	    openInternalEntities = openEntity.next;
-	    if (result)
-	      return result;
-	  }
-	  else if (externalEntityRefHandler) {
-	    const XML_Char *context;
-	    entity->open = 1;
-	    context = getContext(parser);
-	    entity->open = 0;
-	    if (!context)
-	      return XML_ERROR_NO_MEMORY;
-	    if (!externalEntityRefHandler(externalEntityRefHandlerArg,
-				          context,
-					  dtd.base,
-					  entity->systemId,
-					  entity->publicId))
-	      return XML_ERROR_EXTERNAL_ENTITY_HANDLING;
-	    poolDiscard(&tempPool);
-	  }
-	  else if (defaultHandler)
-	    reportDefault(parser, enc, s, next);
-	}
-	break;
-      }
-    case XML_TOK_START_TAG_WITH_ATTS:
-      if (!startElementHandler) {
-	enum XML_Error result = storeAtts(parser, enc, s, 0, 0);
-	if (result)
-	  return result;
-      }
-      /* fall through */
-    case XML_TOK_START_TAG_NO_ATTS:
-      {
-	TAG *tag;
-	if (freeTagList) {
-	  tag = freeTagList;
-	  freeTagList = freeTagList->parent;
-	}
-	else {
-	  tag = malloc(sizeof(TAG));
-	  if (!tag)
-	    return XML_ERROR_NO_MEMORY;
-	  tag->buf = malloc(INIT_TAG_BUF_SIZE);
-	  if (!tag->buf)
-	    return XML_ERROR_NO_MEMORY;
-	  tag->bufEnd = tag->buf + INIT_TAG_BUF_SIZE;
-	}
-	tag->bindings = 0;
-	tag->parent = tagStack;
-	tagStack = tag;
-	tag->name.localPart = 0;
-	tag->rawName = s + enc->minBytesPerChar;
-	tag->rawNameLength = XmlNameLength(enc, tag->rawName);
-	if (nextPtr) {
-	  /* Need to guarantee that:
-	     tag->buf + ROUND_UP(tag->rawNameLength, sizeof(XML_Char)) <= tag->bufEnd - sizeof(XML_Char) */
-	  if (tag->rawNameLength + (int)(sizeof(XML_Char) - 1) + (int)sizeof(XML_Char) > tag->bufEnd - tag->buf) {
-	    int bufSize = tag->rawNameLength * 4;
-	    bufSize = ROUND_UP(bufSize, sizeof(XML_Char));
-	    tag->buf = realloc(tag->buf, bufSize);
-	    if (!tag->buf)
-	      return XML_ERROR_NO_MEMORY;
-	    tag->bufEnd = tag->buf + bufSize;
-	  }
-	  memcpy(tag->buf, tag->rawName, tag->rawNameLength);
-	  tag->rawName = tag->buf;
-	}
-	++tagLevel;
-	if (startElementHandler) {
-	  enum XML_Error result;
-	  XML_Char *toPtr;
-	  for (;;) {
-	    const char *rawNameEnd = tag->rawName + tag->rawNameLength;
-	    const char *fromPtr = tag->rawName;
-	    int bufSize;
-	    if (nextPtr)
-	      toPtr = (XML_Char *)(tag->buf + ROUND_UP(tag->rawNameLength, sizeof(XML_Char)));
-	    else
-	      toPtr = (XML_Char *)tag->buf;
-	    tag->name.str = toPtr;
-	    XmlConvert(enc,
-		       &fromPtr, rawNameEnd,
-		       (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
-	    if (fromPtr == rawNameEnd)
-	      break;
-	    bufSize = (tag->bufEnd - tag->buf) << 1;
-	    tag->buf = realloc(tag->buf, bufSize);
-	    if (!tag->buf)
-	      return XML_ERROR_NO_MEMORY;
-	    tag->bufEnd = tag->buf + bufSize;
-	    if (nextPtr)
-	      tag->rawName = tag->buf;
-	  }
-	  *toPtr = XML_T('\0');
-	  result = storeAtts(parser, enc, s, &(tag->name), &(tag->bindings));
-	  if (result)
-	    return result;
-	  startElementHandler(handlerArg, tag->name.str, (const XML_Char **)atts);
-	  poolClear(&tempPool);
-	}
-	else {
-	  tag->name.str = 0;
-	  if (defaultHandler)
-	    reportDefault(parser, enc, s, next);
-	}
-	break;
-      }
-    case XML_TOK_EMPTY_ELEMENT_WITH_ATTS:
-      if (!startElementHandler) {
-	enum XML_Error result = storeAtts(parser, enc, s, 0, 0);
-	if (result)
-	  return result;
-      }
-      /* fall through */
-    case XML_TOK_EMPTY_ELEMENT_NO_ATTS:
-      if (startElementHandler || endElementHandler) {
-	const char *rawName = s + enc->minBytesPerChar;
-	enum XML_Error result;
-	BINDING *bindings = 0;
-	TAG_NAME name;
-	name.str = poolStoreString(&tempPool, enc, rawName,
-				   rawName + XmlNameLength(enc, rawName));
-	if (!name.str)
-	  return XML_ERROR_NO_MEMORY;
-	poolFinish(&tempPool);
-	result = storeAtts(parser, enc, s, &name, &bindings);
-	if (result)
-	  return result;
-	poolFinish(&tempPool);
-	if (startElementHandler)
-	  startElementHandler(handlerArg, name.str, (const XML_Char **)atts);
-	if (endElementHandler) {
-	  if (startElementHandler)
-	    *eventPP = *eventEndPP;
-	  endElementHandler(handlerArg, name.str);
-	}
-	poolClear(&tempPool);
-	while (bindings) {
-	  BINDING *b = bindings;
-	  if (endNamespaceDeclHandler)
-	    endNamespaceDeclHandler(handlerArg, b->prefix->name);
-	  bindings = bindings->nextTagBinding;
-	  b->nextTagBinding = freeBindingList;
-	  freeBindingList = b;
-	  b->prefix->binding = b->prevPrefixBinding;
-	}
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      if (tagLevel == 0)
-	return epilogProcessor(parser, next, end, nextPtr);
-      break;
-    case XML_TOK_END_TAG:
-      if (tagLevel == startTagLevel)
-        return XML_ERROR_ASYNC_ENTITY;
-      else {
-	int len;
-	const char *rawName;
-	TAG *tag = tagStack;
-	tagStack = tag->parent;
-	tag->parent = freeTagList;
-	freeTagList = tag;
-	rawName = s + enc->minBytesPerChar*2;
-	len = XmlNameLength(enc, rawName);
-	if (len != tag->rawNameLength
-	    || memcmp(tag->rawName, rawName, len) != 0) {
-	  *eventPP = rawName;
-	  return XML_ERROR_TAG_MISMATCH;
-	}
-	--tagLevel;
-	if (endElementHandler && tag->name.str) {
-	  if (tag->name.localPart) {
-	    XML_Char *to = (XML_Char *)tag->name.str + tag->name.uriLen;
-	    const XML_Char *from = tag->name.localPart;
-	    while ((*to++ = *from++) != 0)
-	      ;
-	  }
-	  endElementHandler(handlerArg, tag->name.str);
-	}
-	else if (defaultHandler)
-	  reportDefault(parser, enc, s, next);
-	while (tag->bindings) {
-	  BINDING *b = tag->bindings;
-	  if (endNamespaceDeclHandler)
-	    endNamespaceDeclHandler(handlerArg, b->prefix->name);
-	  tag->bindings = tag->bindings->nextTagBinding;
-	  b->nextTagBinding = freeBindingList;
-	  freeBindingList = b;
-	  b->prefix->binding = b->prevPrefixBinding;
-	}
-	if (tagLevel == 0)
-	  return epilogProcessor(parser, next, end, nextPtr);
-      }
-      break;
-    case XML_TOK_CHAR_REF:
-      {
-	int n = XmlCharRefNumber(enc, s);
-	if (n < 0)
-	  return XML_ERROR_BAD_CHAR_REF;
-	if (characterDataHandler) {
-	  XML_Char buf[XML_ENCODE_MAX];
-	  characterDataHandler(handlerArg, buf, XmlEncode(n, (ICHAR *)buf));
-	}
-	else if (defaultHandler)
-	  reportDefault(parser, enc, s, next);
-      }
-      break;
-    case XML_TOK_XML_DECL:
-      return XML_ERROR_MISPLACED_XML_PI;
-    case XML_TOK_DATA_NEWLINE:
-      if (characterDataHandler) {
-	XML_Char c = 0xA;
-	characterDataHandler(handlerArg, &c, 1);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    case XML_TOK_CDATA_SECT_OPEN:
-      {
-	enum XML_Error result;
-	if (startCdataSectionHandler)
-  	  startCdataSectionHandler(handlerArg);
-	else if (defaultHandler)
-	  reportDefault(parser, enc, s, next);
-	result = doCdataSection(parser, enc, &next, end, nextPtr);
-	if (!next) {
-	  processor = cdataSectionProcessor;
-	  return result;
-	}
-      }
-      break;
-    case XML_TOK_TRAILING_RSQB:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      if (characterDataHandler) {
-	if (MUST_CONVERT(enc, s)) {
-	  ICHAR *dataPtr = (ICHAR *)dataBuf;
-	  XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
-	  characterDataHandler(handlerArg, dataBuf, dataPtr - (ICHAR *)dataBuf);
-	}
-	else
-	  characterDataHandler(handlerArg,
-		  	       (XML_Char *)s,
-			       (XML_Char *)end - (XML_Char *)s);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, end);
-      if (startTagLevel == 0) {
-        *eventPP = end;
-	return XML_ERROR_NO_ELEMENTS;
-      }
-      if (tagLevel != startTagLevel) {
-	*eventPP = end;
-	return XML_ERROR_ASYNC_ENTITY;
-      }
-      return XML_ERROR_NONE;
-    case XML_TOK_DATA_CHARS:
-      if (characterDataHandler) {
-	if (MUST_CONVERT(enc, s)) {
-	  for (;;) {
-	    ICHAR *dataPtr = (ICHAR *)dataBuf;
-	    XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-	    *eventEndPP = s;
-	    characterDataHandler(handlerArg, dataBuf, dataPtr - (ICHAR *)dataBuf);
-	    if (s == next)
-	      break;
-	    *eventPP = s;
-	  }
-	}
-	else
-	  characterDataHandler(handlerArg,
-			       (XML_Char *)s,
-			       (XML_Char *)next - (XML_Char *)s);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    case XML_TOK_PI:
-      if (!reportProcessingInstruction(parser, enc, s, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_COMMENT:
-      if (!reportComment(parser, enc, s, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    default:
-      if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    }
-    *eventPP = s = next;
-  }
-  /* not reached */
-}
-
-/* If tagNamePtr is non-null, build a real list of attributes,
-otherwise just check the attributes for well-formedness. */
-
-static enum XML_Error storeAtts(XML_Parser parser, const ENCODING *enc,
-				const char *s, TAG_NAME *tagNamePtr,
-				BINDING **bindingsPtr)
-{
-  ELEMENT_TYPE *elementType = 0;
-  int nDefaultAtts = 0;
-  const XML_Char **appAtts;
-  int attIndex = 0;
-  int i;
-  int n;
-  int nPrefixes = 0;
-  BINDING *binding;
-  const XML_Char *localPart;
-
-  if (tagNamePtr) {
-    elementType = (ELEMENT_TYPE *)hashTableLookup(&dtd.elementTypes, tagNamePtr->str, 0);
-    if (!elementType) {
-      tagNamePtr->str = poolCopyString(&dtd.pool, tagNamePtr->str);
-      if (!tagNamePtr->str)
-	return XML_ERROR_NO_MEMORY;
-      elementType = (ELEMENT_TYPE *)hashTableLookup(&dtd.elementTypes, tagNamePtr->str, sizeof(ELEMENT_TYPE));
-      if (!elementType)
-        return XML_ERROR_NO_MEMORY;
-      if (ns && !setElementTypePrefix(parser, elementType))
-        return XML_ERROR_NO_MEMORY;
-    }
-    nDefaultAtts = elementType->nDefaultAtts;
-  }
-  n = XmlGetAttributes(enc, s, attsSize, atts);
-  if (n + nDefaultAtts > attsSize) {
-    int oldAttsSize = attsSize;
-    attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
-    atts = realloc((void *)atts, attsSize * sizeof(ATTRIBUTE));
-    if (!atts)
-      return XML_ERROR_NO_MEMORY;
-    if (n > oldAttsSize)
-      XmlGetAttributes(enc, s, n, atts);
-  }
-  appAtts = (const XML_Char **)atts;
-  for (i = 0; i < n; i++) {
-    ATTRIBUTE_ID *attId = getAttributeId(parser, enc, atts[i].name,
-					 atts[i].name
-					 + XmlNameLength(enc, atts[i].name));
-    if (!attId)
-      return XML_ERROR_NO_MEMORY;
-    if ((attId->name)[-1]) {
-      if (enc == encoding)
-	eventPtr = atts[i].name;
-      return XML_ERROR_DUPLICATE_ATTRIBUTE;
-    }
-    (attId->name)[-1] = 1;
-    appAtts[attIndex++] = attId->name;
-    if (!atts[i].normalized) {
-      enum XML_Error result;
-      int isCdata = 1;
-
-      if (attId->maybeTokenized) {
-	int j;
-	for (j = 0; j < nDefaultAtts; j++) {
-	  if (attId == elementType->defaultAtts[j].id) {
-	    isCdata = elementType->defaultAtts[j].isCdata;
-	    break;
-	  }
-	}
-      }
-
-      result = storeAttributeValue(parser, enc, isCdata,
-				   atts[i].valuePtr, atts[i].valueEnd,
-			           &tempPool);
-      if (result)
-	return result;
-      if (tagNamePtr) {
-	appAtts[attIndex] = poolStart(&tempPool);
-	poolFinish(&tempPool);
-      }
-      else
-	poolDiscard(&tempPool);
-    }
-    else if (tagNamePtr) {
-      appAtts[attIndex] = poolStoreString(&tempPool, enc, atts[i].valuePtr, atts[i].valueEnd);
-      if (appAtts[attIndex] == 0)
-	return XML_ERROR_NO_MEMORY;
-      poolFinish(&tempPool);
-    }
-    if (attId->prefix && tagNamePtr) {
-      if (attId->xmlns) {
-        if (!addBinding(parser, attId->prefix, attId, appAtts[attIndex], bindingsPtr))
-          return XML_ERROR_NO_MEMORY;
-        --attIndex;
-      }
-      else {
-        attIndex++;
-        nPrefixes++;
-        (attId->name)[-1] = 2;
-      }
-    }
-    else
-      attIndex++;
-  }
-  nSpecifiedAtts = attIndex;
-  if (tagNamePtr) {
-    int j;
-    for (j = 0; j < nDefaultAtts; j++) {
-      const DEFAULT_ATTRIBUTE *da = elementType->defaultAtts + j;
-      if (!(da->id->name)[-1] && da->value) {
-        if (da->id->prefix) {
-          if (da->id->xmlns) {
-	    if (!addBinding(parser, da->id->prefix, da->id, da->value, bindingsPtr))
-	      return XML_ERROR_NO_MEMORY;
-	  }
-          else {
-	    (da->id->name)[-1] = 2;
-	    nPrefixes++;
-  	    appAtts[attIndex++] = da->id->name;
-	    appAtts[attIndex++] = da->value;
-	  }
-	}
-	else {
-	  (da->id->name)[-1] = 1;
-	  appAtts[attIndex++] = da->id->name;
-	  appAtts[attIndex++] = da->value;
-	}
-      }
-    }
-    appAtts[attIndex] = 0;
-  }
-  i = 0;
-  if (nPrefixes) {
-    for (; i < attIndex; i += 2) {
-      if (appAtts[i][-1] == 2) {
-        ATTRIBUTE_ID *id;
-        ((XML_Char *)(appAtts[i]))[-1] = 0;
-	id = (ATTRIBUTE_ID *)hashTableLookup(&dtd.attributeIds, appAtts[i], 0);
-	if (id->prefix->binding) {
-	  int j;
-	  const BINDING *b = id->prefix->binding;
-	  const XML_Char *ss = appAtts[i];
-	  for (j = 0; j < b->uriLen; j++) {
-	    if (!poolAppendChar(&tempPool, b->uri[j]))
-	      return XML_ERROR_NO_MEMORY;
-	  }
-	  while (*ss++ != ':')
-	    ;
-	  do {
-	    if (!poolAppendChar(&tempPool, *ss))
-	      return XML_ERROR_NO_MEMORY;
-	  } while (*ss++);
-	  appAtts[i] = poolStart(&tempPool);
-	  poolFinish(&tempPool);
-	}
-	if (!--nPrefixes)
-	  break;
-      }
-      else
-	((XML_Char *)(appAtts[i]))[-1] = 0;
-    }
-  }
-  for (; i < attIndex; i += 2)
-    ((XML_Char *)(appAtts[i]))[-1] = 0;
-  if (!tagNamePtr)
-    return XML_ERROR_NONE;
-  for (binding = *bindingsPtr; binding; binding = binding->nextTagBinding)
-    binding->attId->name[-1] = 0;
-  if (elementType->prefix) {
-    binding = elementType->prefix->binding;
-    if (!binding)
-      return XML_ERROR_NONE;
-    localPart = tagNamePtr->str;
-    while (*localPart++ != XML_T(':'))
-      ;
-  }
-  else if (dtd.defaultPrefix.binding) {
-    binding = dtd.defaultPrefix.binding;
-    localPart = tagNamePtr->str;
-  }
-  else
-    return XML_ERROR_NONE;
-  tagNamePtr->localPart = localPart;
-  tagNamePtr->uriLen = binding->uriLen;
-  i = binding->uriLen;
-  do {
-    if (i == binding->uriAlloc) {
-      binding->uri = realloc(binding->uri, binding->uriAlloc *= 2);
-      if (!binding->uri)
-	return XML_ERROR_NO_MEMORY;
-    }
-    binding->uri[i++] = *localPart;
-  } while (*localPart++);
-  tagNamePtr->str = binding->uri;
-  return XML_ERROR_NONE;
-}
-
-static
-int addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, const XML_Char *uri, BINDING **bindingsPtr)
-{
-  BINDING *b;
-  int len;
-  for (len = 0; uri[len]; len++)
-    ;
-  if (namespaceSeparator)
-    len++;
-  if (freeBindingList) {
-    b = freeBindingList;
-    if (len > b->uriAlloc) {
-      b->uri = realloc(b->uri, len + EXPAND_SPARE);
-      if (!b->uri)
-	return 0;
-      b->uriAlloc = len + EXPAND_SPARE;
-    }
-    freeBindingList = b->nextTagBinding;
-  }
-  else {
-    b = malloc(sizeof(BINDING));
-    if (!b)
-      return 0;
-    b->uri = malloc(sizeof(XML_Char) * len + EXPAND_SPARE);
-    if (!b->uri) {
-      free(b);
-      return 0;
-    }
-    b->uriAlloc = len;
-  }
-  b->uriLen = len;
-  memcpy(b->uri, uri, len * sizeof(XML_Char));
-  if (namespaceSeparator)
-    b->uri[len - 1] = namespaceSeparator;
-  b->prefix = prefix;
-  b->attId = attId;
-  b->prevPrefixBinding = prefix->binding;
-  if (*uri == XML_T('\0') && prefix == &dtd.defaultPrefix)
-    prefix->binding = 0;
-  else
-    prefix->binding = b;
-  b->nextTagBinding = *bindingsPtr;
-  *bindingsPtr = b;
-  if (startNamespaceDeclHandler)
-    startNamespaceDeclHandler(handlerArg, prefix->name,
-			      prefix->binding ? uri : 0);
-  return 1;
-}
-
-/* The idea here is to avoid using stack for each CDATA section when
-the whole file is parsed with one call. */
-
-static
-enum XML_Error cdataSectionProcessor(XML_Parser parser,
-				     const char *start,
-			    	     const char *end,
-				     const char **endPtr)
-{
-  enum XML_Error result = doCdataSection(parser, encoding, &start, end, endPtr);
-  if (start) {
-    processor = contentProcessor;
-    return contentProcessor(parser, start, end, endPtr);
-  }
-  return result;
-}
-
-/* startPtr gets set to non-null is the section is closed, and to null if
-the section is not yet closed. */
-
-static
-enum XML_Error doCdataSection(XML_Parser parser,
-			      const ENCODING *enc,
-			      const char **startPtr,
-			      const char *end,
-			      const char **nextPtr)
-{
-  const char *s = *startPtr;
-  const char **eventPP;
-  const char **eventEndPP;
-  if (enc == encoding) {
-    eventPP = &eventPtr;
-    *eventPP = s;
-    eventEndPP = &eventEndPtr;
-  }
-  else {
-    eventPP = &(openInternalEntities->internalEventPtr);
-    eventEndPP = &(openInternalEntities->internalEventEndPtr);
-  }
-  *eventPP = s;
-  *startPtr = 0;
-  for (;;) {
-    const char *next;
-    int tok = XmlCdataSectionTok(enc, s, end, &next);
-    *eventEndPP = next;
-    switch (tok) {
-    case XML_TOK_CDATA_SECT_CLOSE:
-      if (endCdataSectionHandler)
-	endCdataSectionHandler(handlerArg);
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      *startPtr = next;
-      return XML_ERROR_NONE;
-    case XML_TOK_DATA_NEWLINE:
-      if (characterDataHandler) {
-	XML_Char c = 0xA;
-	characterDataHandler(handlerArg, &c, 1);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    case XML_TOK_DATA_CHARS:
-      if (characterDataHandler) {
-	if (MUST_CONVERT(enc, s)) {
-	  for (;;) {
-  	    ICHAR *dataPtr = (ICHAR *)dataBuf;
-	    XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-	    *eventEndPP = next;
-	    characterDataHandler(handlerArg, dataBuf, dataPtr - (ICHAR *)dataBuf);
-	    if (s == next)
-	      break;
-	    *eventPP = s;
-	  }
-	}
-	else
-	  characterDataHandler(handlerArg,
-		  	       (XML_Char *)s,
-			       (XML_Char *)next - (XML_Char *)s);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    case XML_TOK_INVALID:
-      *eventPP = next;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_PARTIAL_CHAR:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_PARTIAL_CHAR;
-    case XML_TOK_PARTIAL:
-    case XML_TOK_NONE:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_UNCLOSED_CDATA_SECTION;
-    default:
-      abort();
-    }
-    *eventPP = s = next;
-  }
-  /* not reached */
-}
-
-static enum XML_Error
-initializeEncoding(XML_Parser parser)
-{
-  const char *s;
-#ifdef XML_UNICODE
-  char encodingBuf[128];
-  if (!protocolEncodingName)
-    s = 0;
-  else {
-    int i;
-    for (i = 0; protocolEncodingName[i]; i++) {
-      if (i == sizeof(encodingBuf) - 1
-	  || protocolEncodingName[i] >= 0x80
-	  || protocolEncodingName[i] < 0) {
-	encodingBuf[0] = '\0';
-	break;
-      }
-      encodingBuf[i] = (char)protocolEncodingName[i];
-    }
-    encodingBuf[i] = '\0';
-    s = encodingBuf;
-  }
-#else
-  s = protocolEncodingName;
-#endif
-  if ((ns ? XmlInitEncodingNS : XmlInitEncoding)(&initEncoding, &encoding, s))
-    return XML_ERROR_NONE;
-  return handleUnknownEncoding(parser, protocolEncodingName);
-}
-
-static enum XML_Error
-processXmlDecl(XML_Parser parser, int isGeneralTextEntity,
-	       const char *s, const char *next)
-{
-  const char *encodingName = 0;
-  const ENCODING *newEncoding = 0;
-  const char *version;
-  int standalone = -1;
-  if (!(ns
-        ? XmlParseXmlDeclNS
-	: XmlParseXmlDecl)(isGeneralTextEntity,
-		           encoding,
-		           s,
-		           next,
-		           &eventPtr,
-		           &version,
-		           &encodingName,
-		           &newEncoding,
-		           &standalone))
-    return XML_ERROR_SYNTAX;
-  if (!isGeneralTextEntity && standalone == 1)
-    dtd.standalone = 1;
-  if (defaultHandler)
-    reportDefault(parser, encoding, s, next);
-  if (!protocolEncodingName) {
-    if (newEncoding) {
-      if (newEncoding->minBytesPerChar != encoding->minBytesPerChar) {
-	eventPtr = encodingName;
-	return XML_ERROR_INCORRECT_ENCODING;
-      }
-      encoding = newEncoding;
-    }
-    else if (encodingName) {
-      enum XML_Error result;
-      const XML_Char *ss = poolStoreString(&tempPool,
-					  encoding,
-					  encodingName,
-					  encodingName
-					  + XmlNameLength(encoding, encodingName));
-      if (!ss)
-	return XML_ERROR_NO_MEMORY;
-      result = handleUnknownEncoding(parser, ss);
-      poolDiscard(&tempPool);
-      if (result == XML_ERROR_UNKNOWN_ENCODING)
-	eventPtr = encodingName;
-      return result;
-    }
-  }
-  return XML_ERROR_NONE;
-}
-
-static enum XML_Error
-handleUnknownEncoding(XML_Parser parser, const XML_Char *encodingName)
-{
-  if (unknownEncodingHandler) {
-    XML_Encoding info;
-    int i;
-    for (i = 0; i < 256; i++)
-      info.map[i] = -1;
-    info.convert = 0;
-    info.data = 0;
-    info.release = 0;
-    if (unknownEncodingHandler(unknownEncodingHandlerData, encodingName, &info)) {
-      ENCODING *enc;
-      unknownEncodingMem = malloc(XmlSizeOfUnknownEncoding());
-      if (!unknownEncodingMem) {
-	if (info.release)
-	  info.release(info.data);
-	return XML_ERROR_NO_MEMORY;
-      }
-      enc = (ns
-	     ? XmlInitUnknownEncodingNS
-	     : XmlInitUnknownEncoding)(unknownEncodingMem,
-				       info.map,
-				       info.convert,
-				       info.data);
-      if (enc) {
-	unknownEncodingData = info.data;
-	unknownEncodingRelease = info.release;
-	encoding = enc;
-	return XML_ERROR_NONE;
-      }
-    }
-    if (info.release)
-      info.release(info.data);
-  }
-  return XML_ERROR_UNKNOWN_ENCODING;
-}
-
-static enum XML_Error
-prologInitProcessor(XML_Parser parser,
-		    const char *s,
-		    const char *end,
-		    const char **nextPtr)
-{
-  enum XML_Error result = initializeEncoding(parser);
-  if (result != XML_ERROR_NONE)
-    return result;
-  processor = prologProcessor;
-  return prologProcessor(parser, s, end, nextPtr);
-}
-
-static enum XML_Error
-prologProcessor(XML_Parser parser,
-		const char *s,
-		const char *end,
-		const char **nextPtr)
-{
-  for (;;) {
-    const char *next;
-    int tok = XmlPrologTok(encoding, s, end, &next);
-    if (tok <= 0) {
-      if (nextPtr != 0 && tok != XML_TOK_INVALID) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      switch (tok) {
-      case XML_TOK_INVALID:
-	eventPtr = next;
-	return XML_ERROR_INVALID_TOKEN;
-      case XML_TOK_NONE:
-	return XML_ERROR_NO_ELEMENTS;
-      case XML_TOK_PARTIAL:
-	return XML_ERROR_UNCLOSED_TOKEN;
-      case XML_TOK_PARTIAL_CHAR:
-	return XML_ERROR_PARTIAL_CHAR;
-      case XML_TOK_TRAILING_CR:
-	eventPtr = s + encoding->minBytesPerChar;
-	return XML_ERROR_NO_ELEMENTS;
-      default:
-	abort();
-      }
-    }
-    switch (XmlTokenRole(&prologState, tok, s, next, encoding)) {
-    case XML_ROLE_XML_DECL:
-      {
-	enum XML_Error result = processXmlDecl(parser, 0, s, next);
-	if (result != XML_ERROR_NONE)
-	  return result;
-      }
-      break;
-    case XML_ROLE_DOCTYPE_SYSTEM_ID:
-      if (!dtd.standalone
-	  && notStandaloneHandler
-	  && !notStandaloneHandler(handlerArg))
-	return XML_ERROR_NOT_STANDALONE;
-      hadExternalDoctype = 1;
-      break;
-    case XML_ROLE_DOCTYPE_PUBLIC_ID:
-    case XML_ROLE_ENTITY_PUBLIC_ID:
-      if (!XmlIsPublicId(encoding, s, next, &eventPtr))
-	return XML_ERROR_SYNTAX;
-      if (declEntity) {
-	XML_Char *tem = poolStoreString(&dtd.pool,
-	                                encoding,
-					s + encoding->minBytesPerChar,
-	  				next - encoding->minBytesPerChar);
-	if (!tem)
-	  return XML_ERROR_NO_MEMORY;
-	normalizePublicId(tem);
-	declEntity->publicId = tem;
-	poolFinish(&dtd.pool);
-      }
-      break;
-    case XML_ROLE_INSTANCE_START:
-      processor = contentProcessor;
-      if (hadExternalDoctype)
-	dtd.complete = 0;
-      return contentProcessor(parser, s, end, nextPtr);
-    case XML_ROLE_ATTLIST_ELEMENT_NAME:
-      {
-	const XML_Char *name = poolStoreString(&dtd.pool, encoding, s, next);
-	if (!name)
-	  return XML_ERROR_NO_MEMORY;
-	declElementType = (ELEMENT_TYPE *)hashTableLookup(&dtd.elementTypes, name, sizeof(ELEMENT_TYPE));
-	if (!declElementType)
-	  return XML_ERROR_NO_MEMORY;
-	if (declElementType->name != name)
-	  poolDiscard(&dtd.pool);
-	else {
-	  poolFinish(&dtd.pool);
-	  if (!setElementTypePrefix(parser, declElementType))
-            return XML_ERROR_NO_MEMORY;
-	}
-	break;
-      }
-    case XML_ROLE_ATTRIBUTE_NAME:
-      declAttributeId = getAttributeId(parser, encoding, s, next);
-      if (!declAttributeId)
-	return XML_ERROR_NO_MEMORY;
-      declAttributeIsCdata = 0;
-      break;
-    case XML_ROLE_ATTRIBUTE_TYPE_CDATA:
-      declAttributeIsCdata = 1;
-      break;
-    case XML_ROLE_IMPLIED_ATTRIBUTE_VALUE:
-    case XML_ROLE_REQUIRED_ATTRIBUTE_VALUE:
-      if (dtd.complete
-	  && !defineAttribute(declElementType, declAttributeId, declAttributeIsCdata, 0))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE:
-    case XML_ROLE_FIXED_ATTRIBUTE_VALUE:
-      {
-	const XML_Char *attVal;
-	enum XML_Error result
-	  = storeAttributeValue(parser, encoding, declAttributeIsCdata,
-				s + encoding->minBytesPerChar,
-			        next - encoding->minBytesPerChar,
-			        &dtd.pool);
-	if (result)
-	  return result;
-	attVal = poolStart(&dtd.pool);
-	poolFinish(&dtd.pool);
-	if (dtd.complete
-	    && !defineAttribute(declElementType, declAttributeId, declAttributeIsCdata, attVal))
-	  return XML_ERROR_NO_MEMORY;
-	break;
-      }
-    case XML_ROLE_ENTITY_VALUE:
-      {
-	enum XML_Error result = storeEntityValue(parser, s, next);
-	if (result != XML_ERROR_NONE)
-	  return result;
-      }
-      break;
-    case XML_ROLE_ENTITY_SYSTEM_ID:
-      if (declEntity) {
-	declEntity->systemId = poolStoreString(&dtd.pool, encoding,
-	                                       s + encoding->minBytesPerChar,
-	  				       next - encoding->minBytesPerChar);
-	if (!declEntity->systemId)
-	  return XML_ERROR_NO_MEMORY;
-	declEntity->base = dtd.base;
-	poolFinish(&dtd.pool);
-      }
-      break;
-    case XML_ROLE_ENTITY_NOTATION_NAME:
-      if (declEntity) {
-	declEntity->notation = poolStoreString(&dtd.pool, encoding, s, next);
-	if (!declEntity->notation)
-	  return XML_ERROR_NO_MEMORY;
-	poolFinish(&dtd.pool);
-	if (unparsedEntityDeclHandler) {
-	  eventPtr = eventEndPtr = s;
-	  unparsedEntityDeclHandler(handlerArg,
-				    declEntity->name,
-				    declEntity->base,
-				    declEntity->systemId,
-				    declEntity->publicId,
-				    declEntity->notation);
-	}
-
-      }
-      break;
-    case XML_ROLE_GENERAL_ENTITY_NAME:
-      {
-	const XML_Char *name;
-	if (XmlPredefinedEntityName(encoding, s, next)) {
-	  declEntity = 0;
-	  break;
-	}
-	name = poolStoreString(&dtd.pool, encoding, s, next);
-	if (!name)
-	  return XML_ERROR_NO_MEMORY;
-	if (dtd.complete) {
-	  declEntity = (ENTITY *)hashTableLookup(&dtd.generalEntities, name, sizeof(ENTITY));
-	  if (!declEntity)
-	    return XML_ERROR_NO_MEMORY;
-	  if (declEntity->name != name) {
-	    poolDiscard(&dtd.pool);
-	    declEntity = 0;
-	  }
-	  else
-	    poolFinish(&dtd.pool);
-	}
-	else {
-	  poolDiscard(&dtd.pool);
-	  declEntity = 0;
-	}
-      }
-      break;
-    case XML_ROLE_PARAM_ENTITY_NAME:
-      declEntity = 0;
-      break;
-    case XML_ROLE_NOTATION_NAME:
-      declNotationPublicId = 0;
-      declNotationName = 0;
-      if (notationDeclHandler) {
-	declNotationName = poolStoreString(&tempPool, encoding, s, next);
-	if (!declNotationName)
-	  return XML_ERROR_NO_MEMORY;
-	poolFinish(&tempPool);
-      }
-      break;
-    case XML_ROLE_NOTATION_PUBLIC_ID:
-      if (!XmlIsPublicId(encoding, s, next, &eventPtr))
-	return XML_ERROR_SYNTAX;
-      if (declNotationName) {
-	XML_Char *tem = poolStoreString(&tempPool,
-	                                encoding,
-					s + encoding->minBytesPerChar,
-	  				next - encoding->minBytesPerChar);
-	if (!tem)
-	  return XML_ERROR_NO_MEMORY;
-	normalizePublicId(tem);
-	declNotationPublicId = tem;
-	poolFinish(&tempPool);
-      }
-      break;
-    case XML_ROLE_NOTATION_SYSTEM_ID:
-      if (declNotationName && notationDeclHandler) {
-	const XML_Char *systemId
-	  = poolStoreString(&tempPool, encoding,
-			    s + encoding->minBytesPerChar,
-	  		    next - encoding->minBytesPerChar);
-	if (!systemId)
-	  return XML_ERROR_NO_MEMORY;
-	eventPtr = eventEndPtr = s;
-	notationDeclHandler(handlerArg,
-			    declNotationName,
-			    dtd.base,
-			    systemId,
-			    declNotationPublicId);
-      }
-      poolClear(&tempPool);
-      break;
-    case XML_ROLE_NOTATION_NO_SYSTEM_ID:
-      if (declNotationPublicId && notationDeclHandler) {
-	eventPtr = eventEndPtr = s;
-	notationDeclHandler(handlerArg,
-			    declNotationName,
-			    dtd.base,
-			    0,
-			    declNotationPublicId);
-      }
-      poolClear(&tempPool);
-      break;
-    case XML_ROLE_ERROR:
-      eventPtr = s;
-      switch (tok) {
-      case XML_TOK_PARAM_ENTITY_REF:
-	return XML_ERROR_PARAM_ENTITY_REF;
-      case XML_TOK_XML_DECL:
-	return XML_ERROR_MISPLACED_XML_PI;
-      default:
-	return XML_ERROR_SYNTAX;
-      }
-    case XML_ROLE_GROUP_OPEN:
-      if (prologState.level >= groupSize) {
-	if (groupSize)
-	  groupConnector = realloc(groupConnector, groupSize *= 2);
-	else
-	  groupConnector = malloc(groupSize = 32);
-	if (!groupConnector)
-	  return XML_ERROR_NO_MEMORY;
-      }
-      groupConnector[prologState.level] = 0;
-      break;
-    case XML_ROLE_GROUP_SEQUENCE:
-      if (groupConnector[prologState.level] == '|') {
-	eventPtr = s;
-	return XML_ERROR_SYNTAX;
-      }
-      groupConnector[prologState.level] = ',';
-      break;
-    case XML_ROLE_GROUP_CHOICE:
-      if (groupConnector[prologState.level] == ',') {
-	eventPtr = s;
-	return XML_ERROR_SYNTAX;
-      }
-      groupConnector[prologState.level] = '|';
-      break;
-    case XML_ROLE_PARAM_ENTITY_REF:
-      if (!dtd.standalone
-	  && notStandaloneHandler
-	  && !notStandaloneHandler(handlerArg))
-	return XML_ERROR_NOT_STANDALONE;
-      dtd.complete = 0;
-      break;
-    case XML_ROLE_NONE:
-      switch (tok) {
-      case XML_TOK_PI:
-	eventPtr = s;
-	eventEndPtr = next;
-	if (!reportProcessingInstruction(parser, encoding, s, next))
-	  return XML_ERROR_NO_MEMORY;
-	break;
-      case XML_TOK_COMMENT:
-	eventPtr = s;
-	eventEndPtr = next;
-	if (!reportComment(parser, encoding, s, next))
-	  return XML_ERROR_NO_MEMORY;
-	break;
-      }
-      break;
-    }
-    if (defaultHandler) {
-      switch (tok) {
-      case XML_TOK_PI:
-      case XML_TOK_COMMENT:
-      case XML_TOK_BOM:
-      case XML_TOK_XML_DECL:
-	break;
-      default:
-	eventPtr = s;
-	eventEndPtr = next;
-	reportDefault(parser, encoding, s, next);
-      }
-    }
-    s = next;
-  }
-  /* not reached */
-}
-
-static
-enum XML_Error epilogProcessor(XML_Parser parser,
-			       const char *s,
-			       const char *end,
-			       const char **nextPtr)
-{
-  processor = epilogProcessor;
-  eventPtr = s;
-  for (;;) {
-    const char *next;
-    int tok = XmlPrologTok(encoding, s, end, &next);
-    eventEndPtr = next;
-    switch (tok) {
-    case XML_TOK_TRAILING_CR:
-      if (defaultHandler) {
-	eventEndPtr = end;
-	reportDefault(parser, encoding, s, end);
-      }
-      /* fall through */
-    case XML_TOK_NONE:
-      if (nextPtr)
-	*nextPtr = end;
-      return XML_ERROR_NONE;
-    case XML_TOK_PROLOG_S:
-      if (defaultHandler)
-	reportDefault(parser, encoding, s, next);
-      break;
-    case XML_TOK_PI:
-      if (!reportProcessingInstruction(parser, encoding, s, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_COMMENT:
-      if (!reportComment(parser, encoding, s, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_INVALID:
-      eventPtr = next;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_PARTIAL:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_UNCLOSED_TOKEN;
-    case XML_TOK_PARTIAL_CHAR:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_PARTIAL_CHAR;
-    default:
-      return XML_ERROR_JUNK_AFTER_DOC_ELEMENT;
-    }
-    eventPtr = s = next;
-  }
-}
-
-static enum XML_Error
-storeAttributeValue(XML_Parser parser, const ENCODING *enc, int isCdata,
-		    const char *ptr, const char *end,
-		    STRING_POOL *pool)
-{
-  enum XML_Error result = appendAttributeValue(parser, enc, isCdata, ptr, end, pool);
-  if (result)
-    return result;
-  if (!isCdata && poolLength(pool) && poolLastChar(pool) == 0x20)
-    poolChop(pool);
-  if (!poolAppendChar(pool, XML_T('\0')))
-    return XML_ERROR_NO_MEMORY;
-  return XML_ERROR_NONE;
-}
-
-static enum XML_Error
-appendAttributeValue(XML_Parser parser, const ENCODING *enc, int isCdata,
-		     const char *ptr, const char *end,
-		     STRING_POOL *pool)
-{
-  const ENCODING *internalEnc = ns ? XmlGetInternalEncodingNS() : XmlGetInternalEncoding();
-  for (;;) {
-    const char *next;
-    int tok = XmlAttributeValueTok(enc, ptr, end, &next);
-    switch (tok) {
-    case XML_TOK_NONE:
-      return XML_ERROR_NONE;
-    case XML_TOK_INVALID:
-      if (enc == encoding)
-	eventPtr = next;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_PARTIAL:
-      if (enc == encoding)
-	eventPtr = ptr;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_CHAR_REF:
-      {
-	XML_Char buf[XML_ENCODE_MAX];
-	int i;
-	int n = XmlCharRefNumber(enc, ptr);
-	if (n < 0) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-      	  return XML_ERROR_BAD_CHAR_REF;
-	}
-	if (!isCdata
-	    && n == 0x20 /* space */
-	    && (poolLength(pool) == 0 || poolLastChar(pool) == 0x20))
-	  break;
-	n = XmlEncode(n, (ICHAR *)buf);
-	if (!n) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-	  return XML_ERROR_BAD_CHAR_REF;
-	}
-	for (i = 0; i < n; i++) {
-	  if (!poolAppendChar(pool, buf[i]))
-	    return XML_ERROR_NO_MEMORY;
-	}
-      }
-      break;
-    case XML_TOK_DATA_CHARS:
-      if (!poolAppend(pool, enc, ptr, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_TRAILING_CR:
-      next = ptr + enc->minBytesPerChar;
-      /* fall through */
-    case XML_TOK_ATTRIBUTE_VALUE_S:
-    case XML_TOK_DATA_NEWLINE:
-      if (!isCdata && (poolLength(pool) == 0 || poolLastChar(pool) == 0x20))
-	break;
-      if (!poolAppendChar(pool, 0x20))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_ENTITY_REF:
-      {
-	const XML_Char *name;
-	ENTITY *entity;
-	XML_Char ch = XmlPredefinedEntityName(enc,
-					      ptr + enc->minBytesPerChar,
-					      next - enc->minBytesPerChar);
-	if (ch) {
-	  if (!poolAppendChar(pool, ch))
-  	    return XML_ERROR_NO_MEMORY;
-	  break;
-	}
-	name = poolStoreString(&temp2Pool, enc,
-			       ptr + enc->minBytesPerChar,
-			       next - enc->minBytesPerChar);
-	if (!name)
-	  return XML_ERROR_NO_MEMORY;
-	entity = (ENTITY *)hashTableLookup(&dtd.generalEntities, name, 0);
-	poolDiscard(&temp2Pool);
-	if (!entity) {
-	  if (dtd.complete) {
-	    if (enc == encoding)
-	      eventPtr = ptr;
-	    return XML_ERROR_UNDEFINED_ENTITY;
-	  }
-	}
-	else if (entity->open) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-	  return XML_ERROR_RECURSIVE_ENTITY_REF;
-	}
-	else if (entity->notation) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-	  return XML_ERROR_BINARY_ENTITY_REF;
-	}
-	else if (!entity->textPtr) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-  	  return XML_ERROR_ATTRIBUTE_EXTERNAL_ENTITY_REF;
-	}
-	else {
-	  enum XML_Error result;
-	  const XML_Char *textEnd = entity->textPtr + entity->textLen;
-	  entity->open = 1;
-	  result = appendAttributeValue(parser, internalEnc, isCdata, (char *)entity->textPtr, (char *)textEnd, pool);
-	  entity->open = 0;
-	  if (result)
-	    return result;
-	}
-      }
-      break;
-    default:
-      abort();
-    }
-    ptr = next;
-  }
-  /* not reached */
-}
-
-static
-enum XML_Error storeEntityValue(XML_Parser parser,
-				const char *entityTextPtr,
-				const char *entityTextEnd)
-{
-  STRING_POOL *pool = &(dtd.pool);
-  entityTextPtr += encoding->minBytesPerChar;
-  entityTextEnd -= encoding->minBytesPerChar;
-  for (;;) {
-    const char *next;
-    int tok = XmlEntityValueTok(encoding, entityTextPtr, entityTextEnd, &next);
-    switch (tok) {
-    case XML_TOK_PARAM_ENTITY_REF:
-      eventPtr = entityTextPtr;
-      return XML_ERROR_SYNTAX;
-    case XML_TOK_NONE:
-      if (declEntity) {
-	declEntity->textPtr = pool->start;
-	declEntity->textLen = pool->ptr - pool->start;
-	poolFinish(pool);
-      }
-      else
-	poolDiscard(pool);
-      return XML_ERROR_NONE;
-    case XML_TOK_ENTITY_REF:
-    case XML_TOK_DATA_CHARS:
-      if (!poolAppend(pool, encoding, entityTextPtr, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_TRAILING_CR:
-      next = entityTextPtr + encoding->minBytesPerChar;
-      /* fall through */
-    case XML_TOK_DATA_NEWLINE:
-      if (pool->end == pool->ptr && !poolGrow(pool))
-	return XML_ERROR_NO_MEMORY;
-      *(pool->ptr)++ = 0xA;
-      break;
-    case XML_TOK_CHAR_REF:
-      {
-	XML_Char buf[XML_ENCODE_MAX];
-	int i;
-	int n = XmlCharRefNumber(encoding, entityTextPtr);
-	if (n < 0) {
-	  eventPtr = entityTextPtr;
-	  return XML_ERROR_BAD_CHAR_REF;
-	}
-	n = XmlEncode(n, (ICHAR *)buf);
-	if (!n) {
-	  eventPtr = entityTextPtr;
-	  return XML_ERROR_BAD_CHAR_REF;
-	}
-	for (i = 0; i < n; i++) {
-	  if (pool->end == pool->ptr && !poolGrow(pool))
-	    return XML_ERROR_NO_MEMORY;
-	  *(pool->ptr)++ = buf[i];
-	}
-      }
-      break;
-    case XML_TOK_PARTIAL:
-      eventPtr = entityTextPtr;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_INVALID:
-      eventPtr = next;
-      return XML_ERROR_INVALID_TOKEN;
-    default:
-      abort();
-    }
-    entityTextPtr = next;
-  }
-  /* not reached */
-}
-
-static void
-normalizeLines(XML_Char *s)
-{
-  XML_Char *p;
-  for (;; s++) {
-    if (*s == XML_T('\0'))
-      return;
-    if (*s == 0xD)
-      break;
-  }
-  p = s;
-  do {
-    if (*s == 0xD) {
-      *p++ = 0xA;
-      if (*++s == 0xA)
-        s++;
-    }
-    else
-      *p++ = *s++;
-  } while (*s);
-  *p = XML_T('\0');
-}
-
-static int
-reportProcessingInstruction(XML_Parser parser, const ENCODING *enc, const char *start, const char *end)
-{
-  const XML_Char *target;
-  XML_Char *data;
-  const char *tem;
-  if (!processingInstructionHandler) {
-    if (defaultHandler)
-      reportDefault(parser, enc, start, end);
-    return 1;
-  }
-  start += enc->minBytesPerChar * 2;
-  tem = start + XmlNameLength(enc, start);
-  target = poolStoreString(&tempPool, enc, start, tem);
-  if (!target)
-    return 0;
-  poolFinish(&tempPool);
-  data = poolStoreString(&tempPool, enc,
-			XmlSkipS(enc, tem),
-			end - enc->minBytesPerChar*2);
-  if (!data)
-    return 0;
-  normalizeLines(data);
-  processingInstructionHandler(handlerArg, target, data);
-  poolClear(&tempPool);
-  return 1;
-}
-
-static int
-reportComment(XML_Parser parser, const ENCODING *enc, const char *start, const char *end)
-{
-  XML_Char *data;
-  if (!commentHandler) {
-    if (defaultHandler)
-      reportDefault(parser, enc, start, end);
-    return 1;
-  }
-  data = poolStoreString(&tempPool,
-                         enc,
-                         start + enc->minBytesPerChar * 4, 
-			 end - enc->minBytesPerChar * 3);
-  if (!data)
-    return 0;
-  normalizeLines(data);
-  commentHandler(handlerArg, data);
-  poolClear(&tempPool);
-  return 1;
-}
-
-static void
-reportDefault(XML_Parser parser, const ENCODING *enc, const char *s, const char *end)
-{
-  if (MUST_CONVERT(enc, s)) {
-    const char **eventPP;
-    const char **eventEndPP;
-    if (enc == encoding) {
-      eventPP = &eventPtr;
-      eventEndPP = &eventEndPtr;
-    }
-    else {
-      eventPP = &(openInternalEntities->internalEventPtr);
-      eventEndPP = &(openInternalEntities->internalEventEndPtr);
-    }
-    do {
-      ICHAR *dataPtr = (ICHAR *)dataBuf;
-      XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
-      *eventEndPP = s;
-      defaultHandler(handlerArg, dataBuf, dataPtr - (ICHAR *)dataBuf);
-      *eventPP = s;
-    } while (s != end);
-  }
-  else
-    defaultHandler(handlerArg, (XML_Char *)s, (XML_Char *)end - (XML_Char *)s);
-}
-
-
-static int
-defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, int isCdata, const XML_Char *value)
-{
-  DEFAULT_ATTRIBUTE *att;
-  if (type->nDefaultAtts == type->allocDefaultAtts) {
-    if (type->allocDefaultAtts == 0) {
-      type->allocDefaultAtts = 8;
-      type->defaultAtts = malloc(type->allocDefaultAtts*sizeof(DEFAULT_ATTRIBUTE));
-    }
-    else {
-      type->allocDefaultAtts *= 2;
-      type->defaultAtts = realloc(type->defaultAtts,
-				  type->allocDefaultAtts*sizeof(DEFAULT_ATTRIBUTE));
-    }
-    if (!type->defaultAtts)
-      return 0;
-  }
-  att = type->defaultAtts + type->nDefaultAtts;
-  att->id = attId;
-  att->value = value;
-  att->isCdata = isCdata;
-  if (!isCdata)
-    attId->maybeTokenized = 1;
-  type->nDefaultAtts += 1;
-  return 1;
-}
-
-static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
-{
-  const XML_Char *name;
-  for (name = elementType->name; *name; name++) {
-    if (*name == XML_T(':')) {
-      PREFIX *prefix;
-      const XML_Char *s;
-      for (s = elementType->name; s != name; s++) {
-	if (!poolAppendChar(&dtd.pool, *s))
-	  return 0;
-      }
-      if (!poolAppendChar(&dtd.pool, XML_T('\0')))
-	return 0;
-      prefix = (PREFIX *)hashTableLookup(&dtd.prefixes, poolStart(&dtd.pool), sizeof(PREFIX));
-      if (!prefix)
-	return 0;
-      if (prefix->name == poolStart(&dtd.pool))
-	poolFinish(&dtd.pool);
-      else
-	poolDiscard(&dtd.pool);
-      elementType->prefix = prefix;
-
-    }
-  }
-  return 1;
-}
-
-static ATTRIBUTE_ID *
-getAttributeId(XML_Parser parser, const ENCODING *enc, const char *start, const char *end)
-{
-  ATTRIBUTE_ID *id;
-  const XML_Char *name;
-  if (!poolAppendChar(&dtd.pool, XML_T('\0')))
-    return 0;
-  name = poolStoreString(&dtd.pool, enc, start, end);
-  if (!name)
-    return 0;
-  ++name;
-  id = (ATTRIBUTE_ID *)hashTableLookup(&dtd.attributeIds, name, sizeof(ATTRIBUTE_ID));
-  if (!id)
-    return 0;
-  if (id->name != name)
-    poolDiscard(&dtd.pool);
-  else {
-    poolFinish(&dtd.pool);
-    if (!ns)
-      ;
-    else if (name[0] == 'x'
-	&& name[1] == 'm'
-	&& name[2] == 'l'
-	&& name[3] == 'n'
-	&& name[4] == 's'
-	&& (name[5] == XML_T('\0') || name[5] == XML_T(':'))) {
-      if (name[5] == '\0')
-	id->prefix = &dtd.defaultPrefix;
-      else
-	id->prefix = (PREFIX *)hashTableLookup(&dtd.prefixes, name + 6, sizeof(PREFIX));
-      id->xmlns = 1;
-    }
-    else {
-      int i;
-      for (i = 0; name[i]; i++) {
-	if (name[i] == XML_T(':')) {
-	  int j;
-	  for (j = 0; j < i; j++) {
-	    if (!poolAppendChar(&dtd.pool, name[j]))
-	      return 0;
-	  }
-	  if (!poolAppendChar(&dtd.pool, XML_T('\0')))
-	    return 0;
-	  id->prefix = (PREFIX *)hashTableLookup(&dtd.prefixes, poolStart(&dtd.pool), sizeof(PREFIX));
-	  if (id->prefix->name == poolStart(&dtd.pool))
-	    poolFinish(&dtd.pool);
-	  else
-	    poolDiscard(&dtd.pool);
-	  break;
-	}
-      }
-    }
-  }
-  return id;
-}
-
-#define CONTEXT_SEP XML_T('\f')
-
-static
-const XML_Char *getContext(XML_Parser parser)
-{
-  HASH_TABLE_ITER iter;
-  int needSep = 0;
-
-  if (dtd.defaultPrefix.binding) {
-    int i;
-    int len;
-    if (!poolAppendChar(&tempPool, XML_T('=')))
-      return 0;
-    len = dtd.defaultPrefix.binding->uriLen;
-    if (namespaceSeparator != XML_T('\0'))
-      len--;
-    for (i = 0; i < len; i++)
-      if (!poolAppendChar(&tempPool, dtd.defaultPrefix.binding->uri[i]))
-  	return 0;
-    needSep = 1;
-  }
-
-  hashTableIterInit(&iter, &(dtd.prefixes));
-  for (;;) {
-    int i;
-    int len;
-    const XML_Char *s;
-    PREFIX *prefix = (PREFIX *)hashTableIterNext(&iter);
-    if (!prefix)
-      break;
-    if (!prefix->binding)
-      continue;
-    if (needSep && !poolAppendChar(&tempPool, CONTEXT_SEP))
-      return 0;
-    for (s = prefix->name; *s; s++)
-      if (!poolAppendChar(&tempPool, *s))
-        return 0;
-    if (!poolAppendChar(&tempPool, XML_T('=')))
-      return 0;
-    len = prefix->binding->uriLen;
-    if (namespaceSeparator != XML_T('\0'))
-      len--;
-    for (i = 0; i < len; i++)
-      if (!poolAppendChar(&tempPool, prefix->binding->uri[i]))
-        return 0;
-    needSep = 1;
-  }
-
-
-  hashTableIterInit(&iter, &(dtd.generalEntities));
-  for (;;) {
-    const XML_Char *s;
-    ENTITY *e = (ENTITY *)hashTableIterNext(&iter);
-    if (!e)
-      break;
-    if (!e->open)
-      continue;
-    if (needSep && !poolAppendChar(&tempPool, CONTEXT_SEP))
-      return 0;
-    for (s = e->name; *s; s++)
-      if (!poolAppendChar(&tempPool, *s))
-        return 0;
-    needSep = 1;
-  }
-
-  if (!poolAppendChar(&tempPool, XML_T('\0')))
-    return 0;
-  return tempPool.start;
-}
-
-static
-int setContext(XML_Parser parser, const XML_Char *context)
-{
-  const XML_Char *s = context;
-
-  while (*context != XML_T('\0')) {
-    if (*s == CONTEXT_SEP || *s == XML_T('\0')) {
-      ENTITY *e;
-      if (!poolAppendChar(&tempPool, XML_T('\0')))
-	return 0;
-      e = (ENTITY *)hashTableLookup(&dtd.generalEntities, poolStart(&tempPool), 0);
-      if (e)
-	e->open = 1;
-      if (*s != XML_T('\0'))
-	s++;
-      context = s;
-      poolDiscard(&tempPool);
-    }
-    else if (*s == '=') {
-      PREFIX *prefix;
-      if (poolLength(&tempPool) == 0)
-	prefix = &dtd.defaultPrefix;
-      else {
-	if (!poolAppendChar(&tempPool, XML_T('\0')))
-	  return 0;
-	prefix = (PREFIX *)hashTableLookup(&dtd.prefixes, poolStart(&tempPool), sizeof(PREFIX));
-	if (!prefix)
-	  return 0;
-        if (prefix->name == poolStart(&tempPool))
-          poolFinish(&tempPool);
-        else
-	  poolDiscard(&tempPool);
-      }
-      for (context = s + 1; *context != CONTEXT_SEP && *context != XML_T('\0'); context++)
-        if (!poolAppendChar(&tempPool, *context))
-          return 0;
-      if (!poolAppendChar(&tempPool, XML_T('\0')))
-	return 0;
-      if (!addBinding(parser, prefix, 0, poolStart(&tempPool), &inheritedBindings))
-	return 0;
-      poolDiscard(&tempPool);
-      if (*context != XML_T('\0'))
-	++context;
-      s = context;
-    }
-    else {
-      if (!poolAppendChar(&tempPool, *s))
-	return 0;
-      s++;
-    }
-  }
-  return 1;
-}
-
-
-static
-void normalizePublicId(XML_Char *publicId)
-{
-  XML_Char *p = publicId;
-  XML_Char *s;
-  for (s = publicId; *s; s++) {
-    switch (*s) {
-    case 0x20:
-    case 0xD:
-    case 0xA:
-      if (p != publicId && p[-1] != 0x20)
-	*p++ = 0x20;
-      break;
-    default:
-      *p++ = *s;
-    }
-  }
-  if (p != publicId && p[-1] == 0x20)
-    --p;
-  *p = XML_T('\0');
-}
-
-static int dtdInit(DTD *p)
-{
-  poolInit(&(p->pool));
-  hashTableInit(&(p->generalEntities));
-  hashTableInit(&(p->elementTypes));
-  hashTableInit(&(p->attributeIds));
-  hashTableInit(&(p->prefixes));
-  p->complete = 1;
-  p->standalone = 0;
-  p->base = 0;
-  p->defaultPrefix.name = 0;
-  p->defaultPrefix.binding = 0;
-  return 1;
-}
-
-static void dtdDestroy(DTD *p)
-{
-  HASH_TABLE_ITER iter;
-  hashTableIterInit(&iter, &(p->elementTypes));
-  for (;;) {
-    ELEMENT_TYPE *e = (ELEMENT_TYPE *)hashTableIterNext(&iter);
-    if (!e)
-      break;
-    if (e->allocDefaultAtts != 0)
-      free(e->defaultAtts);
-  }
-  hashTableDestroy(&(p->generalEntities));
-  hashTableDestroy(&(p->elementTypes));
-  hashTableDestroy(&(p->attributeIds));
-  hashTableDestroy(&(p->prefixes));
-  poolDestroy(&(p->pool));
-}
-
-/* Do a deep copy of the DTD.  Return 0 for out of memory; non-zero otherwise.
-The new DTD has already been initialized. */
-
-static int dtdCopy(DTD *newDtd, const DTD *oldDtd)
-{
-  HASH_TABLE_ITER iter;
-
-  if (oldDtd->base) {
-    const XML_Char *tem = poolCopyString(&(newDtd->pool), oldDtd->base);
-    if (!tem)
-      return 0;
-    newDtd->base = tem;
-  }
-
-  /* Copy the prefix table. */
-
-  hashTableIterInit(&iter, &(oldDtd->prefixes));
-  for (;;) {
-    const XML_Char *name;
-    const PREFIX *oldP = (PREFIX *)hashTableIterNext(&iter);
-    if (!oldP)
-      break;
-    name = poolCopyString(&(newDtd->pool), oldP->name);
-    if (!name)
-      return 0;
-    if (!hashTableLookup(&(newDtd->prefixes), name, sizeof(PREFIX)))
-      return 0;
-  }
-
-  hashTableIterInit(&iter, &(oldDtd->attributeIds));
-
-  /* Copy the attribute id table. */
-
-  for (;;) {
-    ATTRIBUTE_ID *newA;
-    const XML_Char *name;
-    const ATTRIBUTE_ID *oldA = (ATTRIBUTE_ID *)hashTableIterNext(&iter);
-
-    if (!oldA)
-      break;
-    /* Remember to allocate the scratch byte before the name. */
-    if (!poolAppendChar(&(newDtd->pool), XML_T('\0')))
-      return 0;
-    name = poolCopyString(&(newDtd->pool), oldA->name);
-    if (!name)
-      return 0;
-    ++name;
-    newA = (ATTRIBUTE_ID *)hashTableLookup(&(newDtd->attributeIds), name, sizeof(ATTRIBUTE_ID));
-    if (!newA)
-      return 0;
-    newA->maybeTokenized = oldA->maybeTokenized;
-    if (oldA->prefix) {
-      newA->xmlns = oldA->xmlns;
-      if (oldA->prefix == &oldDtd->defaultPrefix)
-	newA->prefix = &newDtd->defaultPrefix;
-      else
-	newA->prefix = (PREFIX *)hashTableLookup(&(newDtd->prefixes), oldA->prefix->name, 0);
-    }
-  }
-
-  /* Copy the element type table. */
-
-  hashTableIterInit(&iter, &(oldDtd->elementTypes));
-
-  for (;;) {
-    int i;
-    ELEMENT_TYPE *newE;
-    const XML_Char *name;
-    const ELEMENT_TYPE *oldE = (ELEMENT_TYPE *)hashTableIterNext(&iter);
-    if (!oldE)
-      break;
-    name = poolCopyString(&(newDtd->pool), oldE->name);
-    if (!name)
-      return 0;
-    newE = (ELEMENT_TYPE *)hashTableLookup(&(newDtd->elementTypes), name, sizeof(ELEMENT_TYPE));
-    if (!newE)
-      return 0;
-    if (oldE->nDefaultAtts) {
-      newE->defaultAtts = (DEFAULT_ATTRIBUTE *)malloc(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
-      if (!newE->defaultAtts)
-	return 0;
-    }
-    newE->allocDefaultAtts = newE->nDefaultAtts = oldE->nDefaultAtts;
-    if (oldE->prefix)
-      newE->prefix = (PREFIX *)hashTableLookup(&(newDtd->prefixes), oldE->prefix->name, 0);
-    for (i = 0; i < newE->nDefaultAtts; i++) {
-      newE->defaultAtts[i].id = (ATTRIBUTE_ID *)hashTableLookup(&(newDtd->attributeIds), oldE->defaultAtts[i].id->name, 0);
-      newE->defaultAtts[i].isCdata = oldE->defaultAtts[i].isCdata;
-      if (oldE->defaultAtts[i].value) {
-	newE->defaultAtts[i].value = poolCopyString(&(newDtd->pool), oldE->defaultAtts[i].value);
-	if (!newE->defaultAtts[i].value)
-  	  return 0;
-      }
-      else
-	newE->defaultAtts[i].value = 0;
-    }
-  }
-
-  /* Copy the entity table. */
-
-  hashTableIterInit(&iter, &(oldDtd->generalEntities));
-
-  for (;;) {
-    ENTITY *newE;
-    const XML_Char *name;
-    const ENTITY *oldE = (ENTITY *)hashTableIterNext(&iter);
-    if (!oldE)
-      break;
-    name = poolCopyString(&(newDtd->pool), oldE->name);
-    if (!name)
-      return 0;
-    newE = (ENTITY *)hashTableLookup(&(newDtd->generalEntities), name, sizeof(ENTITY));
-    if (!newE)
-      return 0;
-    if (oldE->systemId) {
-      const XML_Char *tem = poolCopyString(&(newDtd->pool), oldE->systemId);
-      if (!tem)
-	return 0;
-      newE->systemId = tem;
-      if (oldE->base) {
-	if (oldE->base == oldDtd->base)
-	  newE->base = newDtd->base;
-	tem = poolCopyString(&(newDtd->pool), oldE->base);
-	if (!tem)
-	  return 0;
-	newE->base = tem;
-      }
-    }
-    else {
-      const XML_Char *tem = poolCopyStringN(&(newDtd->pool), oldE->textPtr, oldE->textLen);
-      if (!tem)
-	return 0;
-      newE->textPtr = tem;
-      newE->textLen = oldE->textLen;
-    }
-    if (oldE->notation) {
-      const XML_Char *tem = poolCopyString(&(newDtd->pool), oldE->notation);
-      if (!tem)
-	return 0;
-      newE->notation = tem;
-    }
-  }
-
-  newDtd->complete = oldDtd->complete;
-  newDtd->standalone = oldDtd->standalone;
-  return 1;
-}
-
-static
-void poolInit(STRING_POOL *pool)
-{
-  pool->blocks = 0;
-  pool->freeBlocks = 0;
-  pool->start = 0;
-  pool->ptr = 0;
-  pool->end = 0;
-}
-
-static
-void poolClear(STRING_POOL *pool)
-{
-  if (!pool->freeBlocks)
-    pool->freeBlocks = pool->blocks;
-  else {
-    BLOCK *p = pool->blocks;
-    while (p) {
-      BLOCK *tem = p->next;
-      p->next = pool->freeBlocks;
-      pool->freeBlocks = p;
-      p = tem;
-    }
-  }
-  pool->blocks = 0;
-  pool->start = 0;
-  pool->ptr = 0;
-  pool->end = 0;
-}
-
-static
-void poolDestroy(STRING_POOL *pool)
-{
-  BLOCK *p = pool->blocks;
-  while (p) {
-    BLOCK *tem = p->next;
-    free(p);
-    p = tem;
-  }
-  pool->blocks = 0;
-  p = pool->freeBlocks;
-  while (p) {
-    BLOCK *tem = p->next;
-    free(p);
-    p = tem;
-  }
-  pool->freeBlocks = 0;
-  pool->ptr = 0;
-  pool->start = 0;
-  pool->end = 0;
-}
-
-static
-XML_Char *poolAppend(STRING_POOL *pool, const ENCODING *enc,
-		     const char *ptr, const char *end)
-{
-  if (!pool->ptr && !poolGrow(pool))
-    return 0;
-  for (;;) {
-    XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
-    if (ptr == end)
-      break;
-    if (!poolGrow(pool))
-      return 0;
-  }
-  return pool->start;
-}
-
-static const XML_Char *poolCopyString(STRING_POOL *pool, const XML_Char *s)
-{
-  do {
-    if (!poolAppendChar(pool, *s))
-      return 0;
-  } while (*s++);
-  s = pool->start;
-  poolFinish(pool);
-  return s;
-}
-
-static const XML_Char *poolCopyStringN(STRING_POOL *pool, const XML_Char *s, int n)
-{
-  if (!pool->ptr && !poolGrow(pool))
-    return 0;
-  for (; n > 0; --n, s++) {
-    if (!poolAppendChar(pool, *s))
-      return 0;
-
-  }
-  s = pool->start;
-  poolFinish(pool);
-  return s;
-}
-
-static
-XML_Char *poolStoreString(STRING_POOL *pool, const ENCODING *enc,
-			  const char *ptr, const char *end)
-{
-  if (!poolAppend(pool, enc, ptr, end))
-    return 0;
-  if (pool->ptr == pool->end && !poolGrow(pool))
-    return 0;
-  *(pool->ptr)++ = 0;
-  return pool->start;
-}
-
-static
-int poolGrow(STRING_POOL *pool)
-{
-  if (pool->freeBlocks) {
-    if (pool->start == 0) {
-      pool->blocks = pool->freeBlocks;
-      pool->freeBlocks = pool->freeBlocks->next;
-      pool->blocks->next = 0;
-      pool->start = pool->blocks->s;
-      pool->end = pool->start + pool->blocks->size;
-      pool->ptr = pool->start;
-      return 1;
-    }
-    if (pool->end - pool->start < pool->freeBlocks->size) {
-      BLOCK *tem = pool->freeBlocks->next;
-      pool->freeBlocks->next = pool->blocks;
-      pool->blocks = pool->freeBlocks;
-      pool->freeBlocks = tem;
-      memcpy(pool->blocks->s, pool->start, (pool->end - pool->start) * sizeof(XML_Char));
-      pool->ptr = pool->blocks->s + (pool->ptr - pool->start);
-      pool->start = pool->blocks->s;
-      pool->end = pool->start + pool->blocks->size;
-      return 1;
-    }
-  }
-  if (pool->blocks && pool->start == pool->blocks->s) {
-    int blockSize = (pool->end - pool->start)*2;
-    pool->blocks = realloc(pool->blocks, offsetof(BLOCK, s) + blockSize * sizeof(XML_Char));
-    if (!pool->blocks)
-      return 0;
-    pool->blocks->size = blockSize;
-    pool->ptr = pool->blocks->s + (pool->ptr - pool->start);
-    pool->start = pool->blocks->s;
-    pool->end = pool->start + blockSize;
-  }
-  else {
-    BLOCK *tem;
-    int blockSize = pool->end - pool->start;
-    if (blockSize < INIT_BLOCK_SIZE)
-      blockSize = INIT_BLOCK_SIZE;
-    else
-      blockSize *= 2;
-    tem = malloc(offsetof(BLOCK, s) + blockSize * sizeof(XML_Char));
-    if (!tem)
-      return 0;
-    tem->size = blockSize;
-    tem->next = pool->blocks;
-    pool->blocks = tem;
-    memcpy(tem->s, pool->start, (pool->ptr - pool->start) * sizeof(XML_Char));
-    pool->ptr = tem->s + (pool->ptr - pool->start);
-    pool->start = tem->s;
-    pool->end = tem->s + blockSize;
-  }
-  return 1;
-}
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.def b/usr.sbin/httpd/src/lib/expat-lite/xmlparse.def
deleted file mode 100644
index c309076f479..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.def
+++ /dev/null
@@ -1,41 +0,0 @@
-; xmlparse.def
-
-LIBRARY xmlparse
-DESCRIPTION ''
-
-EXPORTS
-   XML_DefaultCurrent                    @1
-   XML_ErrorString                       @2
-   XML_ExternalEntityParserCreate        @3
-   XML_GetBase                           @4
-   XML_GetBuffer                         @5
-   XML_GetCurrentByteCount               @6
-   XML_GetCurrentByteIndex               @7
-   XML_GetCurrentColumnNumber            @8
-   XML_GetCurrentLineNumber              @9
-   XML_GetErrorCode                      @10
-   XML_GetSpecifiedAttributeCount        @11
-   XML_Parse                             @12
-   XML_ParseBuffer                       @13
-   XML_ParserCreate                      @14
-   XML_ParserCreateNS                    @15
-   XML_ParserFree                        @16
-   XML_SetBase                           @17
-   XML_SetCdataSectionHandler            @18
-   XML_SetCharacterDataHandler           @19
-   XML_SetCommentHandler                 @20
-   XML_SetDefaultHandler                 @21
-   XML_SetDefaultHandlerExpand           @22
-   XML_SetElementHandler                 @23
-   XML_SetEncoding                       @24
-   XML_SetExternalEntityRefHandler       @25
-   XML_SetExternalEntityRefHandlerArg    @26
-   XML_SetNamespaceDeclHandler           @27
-   XML_SetNotStandaloneHandler           @28
-   XML_SetNotationDeclHandler            @29
-   XML_SetProcessingInstructionHandler   @30
-   XML_SetUnknownEncodingHandler         @31
-   XML_SetUnparsedEntityDeclHandler      @32
-   XML_SetUserData                       @33
-   XML_UseParserAsHandlerArg             @34
-
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.h b/usr.sbin/httpd/src/lib/expat-lite/xmlparse.h
deleted file mode 100644
index f2f9c9be1c0..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.h
+++ /dev/null
@@ -1,482 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#ifndef XmlParse_INCLUDED
-#define XmlParse_INCLUDED 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef XMLPARSEAPI
-#define XMLPARSEAPI /* as nothing */
-#endif
-
-typedef void *XML_Parser;
-
-#ifdef XML_UNICODE_WCHAR_T
-
-/* XML_UNICODE_WCHAR_T will work only if sizeof(wchar_t) == 2 and wchar_t
-uses Unicode. */
-/* Information is UTF-16 encoded as wchar_ts */
-
-#ifndef XML_UNICODE
-#define XML_UNICODE
-#endif
-
-#include <stddef.h>
-typedef wchar_t XML_Char;
-typedef wchar_t XML_LChar;
-
-#else /* not XML_UNICODE_WCHAR_T */
-
-#ifdef XML_UNICODE
-
-/* Information is UTF-16 encoded as unsigned shorts */
-typedef unsigned short XML_Char;
-typedef char XML_LChar;
-
-#else /* not XML_UNICODE */
-
-/* Information is UTF-8 encoded. */
-typedef char XML_Char;
-typedef char XML_LChar;
-
-#endif /* not XML_UNICODE */
-
-#endif /* not XML_UNICODE_WCHAR_T */
-
-
-/* Constructs a new parser; encoding is the encoding specified by the external
-protocol or null if there is none specified. */
-
-XML_Parser XMLPARSEAPI
-XML_ParserCreate(const XML_Char *encoding);
-
-/* Constructs a new parser and namespace processor.  Element type names
-and attribute names that belong to a namespace will be expanded;
-unprefixed attribute names are never expanded; unprefixed element type
-names are expanded only if there is a default namespace. The expanded
-name is the concatenation of the namespace URI, the namespace separator character,
-and the local part of the name.  If the namespace separator is '\0' then
-the namespace URI and the local part will be concatenated without any
-separator.  When a namespace is not declared, the name and prefix will be
-passed through without expansion. */
-
-XML_Parser XMLPARSEAPI
-XML_ParserCreateNS(const XML_Char *encoding, XML_Char namespaceSeparator);
-
-
-/* atts is array of name/value pairs, terminated by 0;
-   names and values are 0 terminated. */
-
-typedef void (*XML_StartElementHandler)(void *userData,
-					const XML_Char *name,
-					const XML_Char **atts);
-
-typedef void (*XML_EndElementHandler)(void *userData,
-				      const XML_Char *name);
-
-/* s is not 0 terminated. */
-typedef void (*XML_CharacterDataHandler)(void *userData,
-					 const XML_Char *s,
-					 int len);
-
-/* target and data are 0 terminated */
-typedef void (*XML_ProcessingInstructionHandler)(void *userData,
-						 const XML_Char *target,
-						 const XML_Char *data);
-
-/* data is 0 terminated */
-typedef void (*XML_CommentHandler)(void *userData, const XML_Char *data);
-
-typedef void (*XML_StartCdataSectionHandler)(void *userData);
-typedef void (*XML_EndCdataSectionHandler)(void *userData);
-
-/* This is called for any characters in the XML document for
-which there is no applicable handler.  This includes both
-characters that are part of markup which is of a kind that is
-not reported (comments, markup declarations), or characters
-that are part of a construct which could be reported but
-for which no handler has been supplied. The characters are passed
-exactly as they were in the XML document except that
-they will be encoded in UTF-8.  Line boundaries are not normalized.
-Note that a byte order mark character is not passed to the default handler.
-There are no guarantees about how characters are divided between calls
-to the default handler: for example, a comment might be split between
-multiple calls. */
-
-typedef void (*XML_DefaultHandler)(void *userData,
-				   const XML_Char *s,
-				   int len);
-
-/* This is called for a declaration of an unparsed (NDATA)
-entity.  The base argument is whatever was set by XML_SetBase.
-The entityName, systemId and notationName arguments will never be null.
-The other arguments may be. */
-
-typedef void (*XML_UnparsedEntityDeclHandler)(void *userData,
-					      const XML_Char *entityName,
-					      const XML_Char *base,
-					      const XML_Char *systemId,
-					      const XML_Char *publicId,
-					      const XML_Char *notationName);
-
-/* This is called for a declaration of notation.
-The base argument is whatever was set by XML_SetBase.
-The notationName will never be null.  The other arguments can be. */
-
-typedef void (*XML_NotationDeclHandler)(void *userData,
-					const XML_Char *notationName,
-					const XML_Char *base,
-					const XML_Char *systemId,
-					const XML_Char *publicId);
-
-/* When namespace processing is enabled, these are called once for
-each namespace declaration. The call to the start and end element
-handlers occur between the calls to the start and end namespace
-declaration handlers. For an xmlns attribute, prefix will be null.
-For an xmlns="" attribute, uri will be null. */
-
-typedef void (*XML_StartNamespaceDeclHandler)(void *userData,
-					      const XML_Char *prefix,
-					      const XML_Char *uri);
-
-typedef void (*XML_EndNamespaceDeclHandler)(void *userData,
-					    const XML_Char *prefix);
-
-/* This is called if the document is not standalone (it has an
-external subset or a reference to a parameter entity, but does not
-have standalone="yes"). If this handler returns 0, then processing
-will not continue, and the parser will return a
-XML_ERROR_NOT_STANDALONE error. */
-
-typedef int (*XML_NotStandaloneHandler)(void *userData);
-
-/* This is called for a reference to an external parsed general entity.
-The referenced entity is not automatically parsed.
-The application can parse it immediately or later using
-XML_ExternalEntityParserCreate.
-The parser argument is the parser parsing the entity containing the reference;
-it can be passed as the parser argument to XML_ExternalEntityParserCreate.
-The systemId argument is the system identifier as specified in the entity declaration;
-it will not be null.
-The base argument is the system identifier that should be used as the base for
-resolving systemId if systemId was relative; this is set by XML_SetBase;
-it may be null.
-The publicId argument is the public identifier as specified in the entity declaration,
-or null if none was specified; the whitespace in the public identifier
-will have been normalized as required by the XML spec.
-The context argument specifies the parsing context in the format
-expected by the context argument to
-XML_ExternalEntityParserCreate; context is valid only until the handler
-returns, so if the referenced entity is to be parsed later, it must be copied.
-The handler should return 0 if processing should not continue because of
-a fatal error in the handling of the external entity.
-In this case the calling parser will return an XML_ERROR_EXTERNAL_ENTITY_HANDLING
-error.
-Note that unlike other handlers the first argument is the parser, not userData. */
-
-typedef int (*XML_ExternalEntityRefHandler)(XML_Parser parser,
-					    const XML_Char *context,
-					    const XML_Char *base,
-					    const XML_Char *systemId,
-					    const XML_Char *publicId);
-
-/* This structure is filled in by the XML_UnknownEncodingHandler
-to provide information to the parser about encodings that are unknown
-to the parser.
-The map[b] member gives information about byte sequences
-whose first byte is b.
-If map[b] is c where c is >= 0, then b by itself encodes the Unicode scalar value c.
-If map[b] is -1, then the byte sequence is malformed.
-If map[b] is -n, where n >= 2, then b is the first byte of an n-byte
-sequence that encodes a single Unicode scalar value.
-The data member will be passed as the first argument to the convert function.
-The convert function is used to convert multibyte sequences;
-s will point to a n-byte sequence where map[(unsigned char)*s] == -n.
-The convert function must return the Unicode scalar value
-represented by this byte sequence or -1 if the byte sequence is malformed.
-The convert function may be null if the encoding is a single-byte encoding,
-that is if map[b] >= -1 for all bytes b.
-When the parser is finished with the encoding, then if release is not null,
-it will call release passing it the data member;
-once release has been called, the convert function will not be called again.
-
-Expat places certain restrictions on the encodings that are supported
-using this mechanism.
-
-1. Every ASCII character that can appear in a well-formed XML document,
-other than the characters
-
-  $@\^`{}~
-
-must be represented by a single byte, and that byte must be the
-same byte that represents that character in ASCII.
-
-2. No character may require more than 4 bytes to encode.
-
-3. All characters encoded must have Unicode scalar values <= 0xFFFF,
-(ie characters that would be encoded by surrogates in UTF-16
-are  not allowed).  Note that this restriction doesn't apply to
-the built-in support for UTF-8 and UTF-16.
-
-4. No Unicode character may be encoded by more than one distinct sequence
-of bytes. */
-
-typedef struct {
-  int map[256];
-  void *data;
-  int (*convert)(void *data, const char *s);
-  void (*release)(void *data);
-} XML_Encoding;
-
-/* This is called for an encoding that is unknown to the parser.
-The encodingHandlerData argument is that which was passed as the
-second argument to XML_SetUnknownEncodingHandler.
-The name argument gives the name of the encoding as specified in
-the encoding declaration.
-If the callback can provide information about the encoding,
-it must fill in the XML_Encoding structure, and return 1.
-Otherwise it must return 0.
-If info does not describe a suitable encoding,
-then the parser will return an XML_UNKNOWN_ENCODING error. */
-
-typedef int (*XML_UnknownEncodingHandler)(void *encodingHandlerData,
-					  const XML_Char *name,
-					  XML_Encoding *info);
-
-void XMLPARSEAPI
-XML_SetElementHandler(XML_Parser parser,
-		      XML_StartElementHandler start,
-		      XML_EndElementHandler end);
-
-void XMLPARSEAPI
-XML_SetCharacterDataHandler(XML_Parser parser,
-			    XML_CharacterDataHandler handler);
-
-void XMLPARSEAPI
-XML_SetProcessingInstructionHandler(XML_Parser parser,
-				    XML_ProcessingInstructionHandler handler);
-void XMLPARSEAPI
-XML_SetCommentHandler(XML_Parser parser,
-                      XML_CommentHandler handler);
-
-void XMLPARSEAPI
-XML_SetCdataSectionHandler(XML_Parser parser,
-			   XML_StartCdataSectionHandler start,
-			   XML_EndCdataSectionHandler end);
-
-/* This sets the default handler and also inhibits expansion of internal entities.
-The entity reference will be passed to the default handler. */
-
-void XMLPARSEAPI
-XML_SetDefaultHandler(XML_Parser parser,
-		      XML_DefaultHandler handler);
-
-/* This sets the default handler but does not inhibit expansion of internal entities.
-The entity reference will not be passed to the default handler. */
-
-void XMLPARSEAPI
-XML_SetDefaultHandlerExpand(XML_Parser parser,
-		            XML_DefaultHandler handler);
-
-void XMLPARSEAPI
-XML_SetUnparsedEntityDeclHandler(XML_Parser parser,
-				 XML_UnparsedEntityDeclHandler handler);
-
-void XMLPARSEAPI
-XML_SetNotationDeclHandler(XML_Parser parser,
-			   XML_NotationDeclHandler handler);
-
-void XMLPARSEAPI
-XML_SetNamespaceDeclHandler(XML_Parser parser,
-			    XML_StartNamespaceDeclHandler start,
-			    XML_EndNamespaceDeclHandler end);
-
-void XMLPARSEAPI
-XML_SetNotStandaloneHandler(XML_Parser parser,
-			    XML_NotStandaloneHandler handler);
-
-void XMLPARSEAPI
-XML_SetExternalEntityRefHandler(XML_Parser parser,
-				XML_ExternalEntityRefHandler handler);
-
-/* If a non-null value for arg is specified here, then it will be passed
-as the first argument to the external entity ref handler instead
-of the parser object. */
-void XMLPARSEAPI
-XML_SetExternalEntityRefHandlerArg(XML_Parser, void *arg);
-
-void XMLPARSEAPI
-XML_SetUnknownEncodingHandler(XML_Parser parser,
-			      XML_UnknownEncodingHandler handler,
-			      void *encodingHandlerData);
-
-/* This can be called within a handler for a start element, end element,
-processing instruction or character data.  It causes the corresponding
-markup to be passed to the default handler. */
-void XMLPARSEAPI XML_DefaultCurrent(XML_Parser parser);
-
-/* This value is passed as the userData argument to callbacks. */
-void XMLPARSEAPI
-XML_SetUserData(XML_Parser parser, void *userData);
-
-/* Returns the last value set by XML_SetUserData or null. */
-#define XML_GetUserData(parser) (*(void **)(parser))
-
-/* This is equivalent to supplying an encoding argument
-to XML_CreateParser. It must not be called after XML_Parse
-or XML_ParseBuffer. */
-
-int XMLPARSEAPI
-XML_SetEncoding(XML_Parser parser, const XML_Char *encoding);
-
-/* If this function is called, then the parser will be passed
-as the first argument to callbacks instead of userData.
-The userData will still be accessible using XML_GetUserData. */
-
-void XMLPARSEAPI
-XML_UseParserAsHandlerArg(XML_Parser parser);
-
-/* Sets the base to be used for resolving relative URIs in system identifiers in
-declarations.  Resolving relative identifiers is left to the application:
-this value will be passed through as the base argument to the
-XML_ExternalEntityRefHandler, XML_NotationDeclHandler
-and XML_UnparsedEntityDeclHandler. The base argument will be copied.
-Returns zero if out of memory, non-zero otherwise. */
-
-int XMLPARSEAPI
-XML_SetBase(XML_Parser parser, const XML_Char *base);
-
-const XML_Char XMLPARSEAPI *
-XML_GetBase(XML_Parser parser);
-
-/* Returns the number of the attributes passed in last call to the
-XML_StartElementHandler that were specified in the start-tag rather
-than defaulted. */
-
-int XMLPARSEAPI XML_GetSpecifiedAttributeCount(XML_Parser parser);
-
-/* Parses some input. Returns 0 if a fatal error is detected.
-The last call to XML_Parse must have isFinal true;
-len may be zero for this call (or any other). */
-int XMLPARSEAPI
-XML_Parse(XML_Parser parser, const char *s, int len, int isFinal);
-
-void XMLPARSEAPI *
-XML_GetBuffer(XML_Parser parser, int len);
-
-int XMLPARSEAPI
-XML_ParseBuffer(XML_Parser parser, int len, int isFinal);
-
-/* Creates an XML_Parser object that can parse an external general entity;
-context is a '\0'-terminated string specifying the parse context;
-encoding is a '\0'-terminated string giving the name of the externally specified encoding,
-or null if there is no externally specified encoding.
-The context string consists of a sequence of tokens separated by formfeeds (\f);
-a token consisting of a name specifies that the general entity of the name
-is open; a token of the form prefix=uri specifies the namespace for a particular
-prefix; a token of the form =uri specifies the default namespace.
-This can be called at any point after the first call to an ExternalEntityRefHandler
-so longer as the parser has not yet been freed.
-The new parser is completely independent and may safely be used in a separate thread.
-The handlers and userData are initialized from the parser argument.
-Returns 0 if out of memory.  Otherwise returns a new XML_Parser object. */
-XML_Parser XMLPARSEAPI
-XML_ExternalEntityParserCreate(XML_Parser parser,
-			       const XML_Char *context,
-			       const XML_Char *encoding);
-
-enum XML_Error {
-  XML_ERROR_NONE,
-  XML_ERROR_NO_MEMORY,
-  XML_ERROR_SYNTAX,
-  XML_ERROR_NO_ELEMENTS,
-  XML_ERROR_INVALID_TOKEN,
-  XML_ERROR_UNCLOSED_TOKEN,
-  XML_ERROR_PARTIAL_CHAR,
-  XML_ERROR_TAG_MISMATCH,
-  XML_ERROR_DUPLICATE_ATTRIBUTE,
-  XML_ERROR_JUNK_AFTER_DOC_ELEMENT,
-  XML_ERROR_PARAM_ENTITY_REF,
-  XML_ERROR_UNDEFINED_ENTITY,
-  XML_ERROR_RECURSIVE_ENTITY_REF,
-  XML_ERROR_ASYNC_ENTITY,
-  XML_ERROR_BAD_CHAR_REF,
-  XML_ERROR_BINARY_ENTITY_REF,
-  XML_ERROR_ATTRIBUTE_EXTERNAL_ENTITY_REF,
-  XML_ERROR_MISPLACED_XML_PI,
-  XML_ERROR_UNKNOWN_ENCODING,
-  XML_ERROR_INCORRECT_ENCODING,
-  XML_ERROR_UNCLOSED_CDATA_SECTION,
-  XML_ERROR_EXTERNAL_ENTITY_HANDLING,
-  XML_ERROR_NOT_STANDALONE
-};
-
-/* If XML_Parse or XML_ParseBuffer have returned 0, then XML_GetErrorCode
-returns information about the error. */
-
-enum XML_Error XMLPARSEAPI XML_GetErrorCode(XML_Parser parser);
-
-/* These functions return information about the current parse location.
-They may be called when XML_Parse or XML_ParseBuffer return 0;
-in this case the location is the location of the character at which
-the error was detected.
-They may also be called from any other callback called to report
-some parse event; in this the location is the location of the first
-of the sequence of characters that generated the event. */
-
-int XMLPARSEAPI XML_GetCurrentLineNumber(XML_Parser parser);
-int XMLPARSEAPI XML_GetCurrentColumnNumber(XML_Parser parser);
-long XMLPARSEAPI XML_GetCurrentByteIndex(XML_Parser parser);
-
-/* Return the number of bytes in the current event.
-Returns 0 if the event is in an internal entity. */
-
-int XMLPARSEAPI XML_GetCurrentByteCount(XML_Parser parser);
-
-/* For backwards compatibility with previous versions. */
-#define XML_GetErrorLineNumber XML_GetCurrentLineNumber
-#define XML_GetErrorColumnNumber XML_GetCurrentColumnNumber
-#define XML_GetErrorByteIndex XML_GetCurrentByteIndex
-
-/* Frees memory used by the parser. */
-void XMLPARSEAPI
-XML_ParserFree(XML_Parser parser);
-
-/* Returns a string describing the error. */
-const XML_LChar XMLPARSEAPI *XML_ErrorString(int code);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* not XmlParse_INCLUDED */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.imp b/usr.sbin/httpd/src/lib/expat-lite/xmlparse.imp
deleted file mode 100644
index b5bd84ffd90..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.imp
+++ /dev/null
@@ -1,34 +0,0 @@
- XML_DefaultCurrent,
- XML_ErrorString,
- XML_ExternalEntityParserCreate,
- XML_GetBase,
- XML_GetBuffer,
- XML_GetCurrentByteCount,
- XML_GetCurrentByteIndex,
- XML_GetCurrentColumnNumber,
- XML_GetCurrentLineNumber,
- XML_GetErrorCode,
- XML_GetSpecifiedAttributeCount,
- XML_Parse,
- XML_ParseBuffer,
- XML_ParserCreate,
- XML_ParserCreateNS,
- XML_ParserFree,
- XML_SetBase,
- XML_SetCdataSectionHandler,
- XML_SetCharacterDataHandler,
- XML_SetCommentHandler,
- XML_SetDefaultHandler,
- XML_SetDefaultHandlerExpand,
- XML_SetElementHandler,
- XML_SetEncoding,
- XML_SetExternalEntityRefHandler,
- XML_SetExternalEntityRefHandlerArg,
- XML_SetNamespaceDeclHandler,
- XML_SetNotStandaloneHandler,
- XML_SetNotationDeclHandler,
- XML_SetProcessingInstructionHandler,
- XML_SetUnknownEncodingHandler,
- XML_SetUnparsedEntityDeclHandler,
- XML_SetUserData,
- XML_UseParserAsHandlerArg
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparsenw.def b/usr.sbin/httpd/src/lib/expat-lite/xmlparsenw.def
deleted file mode 100644
index ab0141987f3..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparsenw.def
+++ /dev/null
@@ -1,2 +0,0 @@
-MODULE xmltok
-EXPORT @xmlparse.imp
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlrole.c b/usr.sbin/httpd/src/lib/expat-lite/xmlrole.c
deleted file mode 100644
index 0be7ddae1c0..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlrole.c
+++ /dev/null
@@ -1,1093 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include "xmldef.h"
-#include "xmlrole.h"
-
-/* Doesn't check:
-
- that ,| are not mixed in a model group
- content of literals
-
-*/
-
-#ifndef MIN_BYTES_PER_CHAR
-#define MIN_BYTES_PER_CHAR(enc) ((enc)->minBytesPerChar)
-#endif
-
-typedef int PROLOG_HANDLER(struct prolog_state *state,
-			   int tok,
-			   const char *ptr,
-			   const char *end,
-			   const ENCODING *enc);
-
-static PROLOG_HANDLER
-  prolog0, prolog1, prolog2,
-  doctype0, doctype1, doctype2, doctype3, doctype4, doctype5,
-  internalSubset,
-  entity0, entity1, entity2, entity3, entity4, entity5, entity6,
-  entity7, entity8, entity9,
-  notation0, notation1, notation2, notation3, notation4,
-  attlist0, attlist1, attlist2, attlist3, attlist4, attlist5, attlist6,
-  attlist7, attlist8, attlist9,
-  element0, element1, element2, element3, element4, element5, element6,
-  element7,
-  declClose,
-  error;
-
-static
-int syntaxError(PROLOG_STATE *);
-
-static
-int prolog0(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    state->handler = prolog1;
-    return XML_ROLE_NONE;
-  case XML_TOK_XML_DECL:
-    state->handler = prolog1;
-    return XML_ROLE_XML_DECL;
-  case XML_TOK_PI:
-    state->handler = prolog1;
-    return XML_ROLE_NONE;
-  case XML_TOK_COMMENT:
-    state->handler = prolog1;
-  case XML_TOK_BOM:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_OPEN:
-    if (!XmlNameMatchesAscii(enc,
-			     ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			     "DOCTYPE"))
-      break;
-    state->handler = doctype0;
-    return XML_ROLE_NONE;
-  case XML_TOK_INSTANCE_START:
-    state->handler = error;
-    return XML_ROLE_INSTANCE_START;
-  }
-  return syntaxError(state);
-}
-
-static
-int prolog1(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_PI:
-  case XML_TOK_COMMENT:
-  case XML_TOK_BOM:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_OPEN:
-    if (!XmlNameMatchesAscii(enc,
-			     ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			     "DOCTYPE"))
-      break;
-    state->handler = doctype0;
-    return XML_ROLE_NONE;
-  case XML_TOK_INSTANCE_START:
-    state->handler = error;
-    return XML_ROLE_INSTANCE_START;
-  }
-  return syntaxError(state);
-}
-
-static
-int prolog2(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_PI:
-  case XML_TOK_COMMENT:
-    return XML_ROLE_NONE;
-  case XML_TOK_INSTANCE_START:
-    state->handler = error;
-    return XML_ROLE_INSTANCE_START;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype0(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = doctype1;
-    return XML_ROLE_DOCTYPE_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype1(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_OPEN_BRACKET:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = prolog2;
-    return XML_ROLE_DOCTYPE_CLOSE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "SYSTEM")) {
-      state->handler = doctype3;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "PUBLIC")) {
-      state->handler = doctype2;
-      return XML_ROLE_NONE;
-    }
-    break;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype2(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = doctype3;
-    return XML_ROLE_DOCTYPE_PUBLIC_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype3(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = doctype4;
-    return XML_ROLE_DOCTYPE_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype4(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_OPEN_BRACKET:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = prolog2;
-    return XML_ROLE_DOCTYPE_CLOSE;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype5(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = prolog2;
-    return XML_ROLE_DOCTYPE_CLOSE;
-  }
-  return syntaxError(state);
-}
-
-static
-int internalSubset(PROLOG_STATE *state,
-		   int tok,
-		   const char *ptr,
-		   const char *end,
-		   const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_OPEN:
-    if (XmlNameMatchesAscii(enc,
-			    ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			    "ENTITY")) {
-      state->handler = entity0;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			    "ATTLIST")) {
-      state->handler = attlist0;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			    "ELEMENT")) {
-      state->handler = element0;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			    "NOTATION")) {
-      state->handler = notation0;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_PI:
-  case XML_TOK_COMMENT:
-    return XML_ROLE_NONE;
-  case XML_TOK_PARAM_ENTITY_REF:
-    return XML_ROLE_PARAM_ENTITY_REF;
-  case XML_TOK_CLOSE_BRACKET:
-    state->handler = doctype5;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity0(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_PERCENT:
-    state->handler = entity1;
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = entity2;
-    return XML_ROLE_GENERAL_ENTITY_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity1(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = entity7;
-    return XML_ROLE_PARAM_ENTITY_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity2(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "SYSTEM")) {
-      state->handler = entity4;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "PUBLIC")) {
-      state->handler = entity3;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_ENTITY_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity3(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = entity4;
-    return XML_ROLE_ENTITY_PUBLIC_ID;
-  }
-  return syntaxError(state);
-}
-
-
-static
-int entity4(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = entity5;
-    return XML_ROLE_ENTITY_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity5(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "NDATA")) {
-      state->handler = entity6;
-      return XML_ROLE_NONE;
-    }
-    break;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity6(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = declClose;
-    return XML_ROLE_ENTITY_NOTATION_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity7(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "SYSTEM")) {
-      state->handler = entity9;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "PUBLIC")) {
-      state->handler = entity8;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_ENTITY_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity8(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = entity9;
-    return XML_ROLE_ENTITY_PUBLIC_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity9(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_ENTITY_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation0(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = notation1;
-    return XML_ROLE_NOTATION_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation1(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "SYSTEM")) {
-      state->handler = notation3;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "PUBLIC")) {
-      state->handler = notation2;
-      return XML_ROLE_NONE;
-    }
-    break;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation2(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = notation4;
-    return XML_ROLE_NOTATION_PUBLIC_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation3(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_NOTATION_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation4(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_NOTATION_SYSTEM_ID;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = internalSubset;
-    return XML_ROLE_NOTATION_NO_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist0(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = attlist1;
-    return XML_ROLE_ATTLIST_ELEMENT_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist1(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = attlist2;
-    return XML_ROLE_ATTRIBUTE_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist2(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    {
-      static const char *types[] = {
-	"CDATA",
-        "ID",
-        "IDREF",
-        "IDREFS",
-        "ENTITY",
-        "ENTITIES",
-        "NMTOKEN",
-        "NMTOKENS",
-      };
-      int i;
-      for (i = 0; i < (int)(sizeof(types)/sizeof(types[0])); i++)
-	if (XmlNameMatchesAscii(enc, ptr, types[i])) {
-	  state->handler = attlist8;
-	  return XML_ROLE_ATTRIBUTE_TYPE_CDATA + i;
-	}
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "NOTATION")) {
-      state->handler = attlist5;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_OPEN_PAREN:
-    state->handler = attlist3;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist3(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NMTOKEN:
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = attlist4;
-    return XML_ROLE_ATTRIBUTE_ENUM_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist4(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN:
-    state->handler = attlist8;
-    return XML_ROLE_NONE;
-  case XML_TOK_OR:
-    state->handler = attlist3;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist5(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_OPEN_PAREN:
-    state->handler = attlist6;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-
-static
-int attlist6(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = attlist7;
-    return XML_ROLE_ATTRIBUTE_NOTATION_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist7(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN:
-    state->handler = attlist8;
-    return XML_ROLE_NONE;
-  case XML_TOK_OR:
-    state->handler = attlist6;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-/* default value */
-static
-int attlist8(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_POUND_NAME:
-    if (XmlNameMatchesAscii(enc,
-			    ptr + MIN_BYTES_PER_CHAR(enc),
-			    "IMPLIED")) {
-      state->handler = attlist1;
-      return XML_ROLE_IMPLIED_ATTRIBUTE_VALUE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + MIN_BYTES_PER_CHAR(enc),
-			    "REQUIRED")) {
-      state->handler = attlist1;
-      return XML_ROLE_REQUIRED_ATTRIBUTE_VALUE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + MIN_BYTES_PER_CHAR(enc),
-			    "FIXED")) {
-      state->handler = attlist9;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_LITERAL:
-    state->handler = attlist1;
-    return XML_ROLE_DEFAULT_ATTRIBUTE_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist9(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = attlist1;
-    return XML_ROLE_FIXED_ATTRIBUTE_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int element0(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = element1;
-    return XML_ROLE_ELEMENT_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int element1(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "EMPTY")) {
-      state->handler = declClose;
-      return XML_ROLE_CONTENT_EMPTY;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "ANY")) {
-      state->handler = declClose;
-      return XML_ROLE_CONTENT_ANY;
-    }
-    break;
-  case XML_TOK_OPEN_PAREN:
-    state->handler = element2;
-    state->level = 1;
-    return XML_ROLE_GROUP_OPEN;
-  }
-  return syntaxError(state);
-}
-
-static
-int element2(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_POUND_NAME:
-    if (XmlNameMatchesAscii(enc,
-			    ptr + MIN_BYTES_PER_CHAR(enc),
-			    "PCDATA")) {
-      state->handler = element3;
-      return XML_ROLE_CONTENT_PCDATA;
-    }
-    break;
-  case XML_TOK_OPEN_PAREN:
-    state->level = 2;
-    state->handler = element6;
-    return XML_ROLE_GROUP_OPEN;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT;
-  case XML_TOK_NAME_QUESTION:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_OPT;
-  case XML_TOK_NAME_ASTERISK:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_REP;
-  case XML_TOK_NAME_PLUS:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_PLUS;
-  }
-  return syntaxError(state);
-}
-
-static
-int element3(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN:
-  case XML_TOK_CLOSE_PAREN_ASTERISK:
-    state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_REP;
-  case XML_TOK_OR:
-    state->handler = element4;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int element4(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = element5;
-    return XML_ROLE_CONTENT_ELEMENT;
-  }
-  return syntaxError(state);
-}
-
-static
-int element5(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN_ASTERISK:
-    state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_REP;
-  case XML_TOK_OR:
-    state->handler = element4;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int element6(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_OPEN_PAREN:
-    state->level += 1;
-    return XML_ROLE_GROUP_OPEN;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT;
-  case XML_TOK_NAME_QUESTION:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_OPT;
-  case XML_TOK_NAME_ASTERISK:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_REP;
-  case XML_TOK_NAME_PLUS:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_PLUS;
-  }
-  return syntaxError(state);
-}
-
-static
-int element7(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN:
-    state->level -= 1;
-    if (state->level == 0)
-      state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE;
-  case XML_TOK_CLOSE_PAREN_ASTERISK:
-    state->level -= 1;
-    if (state->level == 0)
-      state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_REP;
-  case XML_TOK_CLOSE_PAREN_QUESTION:
-    state->level -= 1;
-    if (state->level == 0)
-      state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_OPT;
-  case XML_TOK_CLOSE_PAREN_PLUS:
-    state->level -= 1;
-    if (state->level == 0)
-      state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_PLUS;
-  case XML_TOK_COMMA:
-    state->handler = element6;
-    return XML_ROLE_GROUP_SEQUENCE;
-  case XML_TOK_OR:
-    state->handler = element6;
-    return XML_ROLE_GROUP_CHOICE;
-  }
-  return syntaxError(state);
-}
-
-static
-int declClose(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int error(PROLOG_STATE *state,
-	   int tok,
-	   const char *ptr,
-	   const char *end,
-	   const ENCODING *enc)
-{
-  return XML_ROLE_NONE;
-}
-
-static
-int syntaxError(PROLOG_STATE *state)
-{
-  state->handler = error;
-  return XML_ROLE_ERROR;
-}
-
-void XmlPrologStateInit(PROLOG_STATE *state)
-{
-  state->handler = prolog0;
-}
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlrole.h b/usr.sbin/httpd/src/lib/expat-lite/xmlrole.h
deleted file mode 100644
index 877c40ba1f8..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlrole.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#ifndef XmlRole_INCLUDED
-#define XmlRole_INCLUDED 1
-
-#include "xmltok.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-enum {
-  XML_ROLE_ERROR = -1,
-  XML_ROLE_NONE = 0,
-  XML_ROLE_XML_DECL,
-  XML_ROLE_INSTANCE_START,
-  XML_ROLE_DOCTYPE_NAME,
-  XML_ROLE_DOCTYPE_SYSTEM_ID,
-  XML_ROLE_DOCTYPE_PUBLIC_ID,
-  XML_ROLE_DOCTYPE_CLOSE,
-  XML_ROLE_GENERAL_ENTITY_NAME,
-  XML_ROLE_PARAM_ENTITY_NAME,
-  XML_ROLE_ENTITY_VALUE,
-  XML_ROLE_ENTITY_SYSTEM_ID,
-  XML_ROLE_ENTITY_PUBLIC_ID,
-  XML_ROLE_ENTITY_NOTATION_NAME,
-  XML_ROLE_NOTATION_NAME,
-  XML_ROLE_NOTATION_SYSTEM_ID,
-  XML_ROLE_NOTATION_NO_SYSTEM_ID,
-  XML_ROLE_NOTATION_PUBLIC_ID,
-  XML_ROLE_ATTRIBUTE_NAME,
-  XML_ROLE_ATTRIBUTE_TYPE_CDATA,
-  XML_ROLE_ATTRIBUTE_TYPE_ID,
-  XML_ROLE_ATTRIBUTE_TYPE_IDREF,
-  XML_ROLE_ATTRIBUTE_TYPE_IDREFS,
-  XML_ROLE_ATTRIBUTE_TYPE_ENTITY,
-  XML_ROLE_ATTRIBUTE_TYPE_ENTITIES,
-  XML_ROLE_ATTRIBUTE_TYPE_NMTOKEN,
-  XML_ROLE_ATTRIBUTE_TYPE_NMTOKENS,
-  XML_ROLE_ATTRIBUTE_ENUM_VALUE,
-  XML_ROLE_ATTRIBUTE_NOTATION_VALUE,
-  XML_ROLE_ATTLIST_ELEMENT_NAME,
-  XML_ROLE_IMPLIED_ATTRIBUTE_VALUE,
-  XML_ROLE_REQUIRED_ATTRIBUTE_VALUE,
-  XML_ROLE_DEFAULT_ATTRIBUTE_VALUE,
-  XML_ROLE_FIXED_ATTRIBUTE_VALUE,
-  XML_ROLE_ELEMENT_NAME,
-  XML_ROLE_CONTENT_ANY,
-  XML_ROLE_CONTENT_EMPTY,
-  XML_ROLE_CONTENT_PCDATA,
-  XML_ROLE_GROUP_OPEN,
-  XML_ROLE_GROUP_CLOSE,
-  XML_ROLE_GROUP_CLOSE_REP,
-  XML_ROLE_GROUP_CLOSE_OPT,
-  XML_ROLE_GROUP_CLOSE_PLUS,
-  XML_ROLE_GROUP_CHOICE,
-  XML_ROLE_GROUP_SEQUENCE,
-  XML_ROLE_CONTENT_ELEMENT,
-  XML_ROLE_CONTENT_ELEMENT_REP,
-  XML_ROLE_CONTENT_ELEMENT_OPT,
-  XML_ROLE_CONTENT_ELEMENT_PLUS,
-  XML_ROLE_PARAM_ENTITY_REF
-};
-
-typedef struct prolog_state {
-  int (*handler)(struct prolog_state *state,
-	         int tok,
-		 const char *ptr,
-		 const char *end,
-		 const ENCODING *enc);
-  unsigned level;
-} PROLOG_STATE;
-
-void XMLTOKAPI XmlPrologStateInit(PROLOG_STATE *);
-
-#define XmlTokenRole(state, tok, ptr, end, enc) \
- (((state)->handler)(state, tok, ptr, end, enc))
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* not XmlRole_INCLUDED */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok.c b/usr.sbin/httpd/src/lib/expat-lite/xmltok.c
deleted file mode 100644
index f0c15b1b7cf..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok.c
+++ /dev/null
@@ -1,1384 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include "xmldef.h"
-#include "xmltok.h"
-#include "nametab.h"
-
-#define VTABLE1 \
-  { PREFIX(prologTok), PREFIX(contentTok), PREFIX(cdataSectionTok) }, \
-  { PREFIX(attributeValueTok), PREFIX(entityValueTok) }, \
-  PREFIX(sameName), \
-  PREFIX(nameMatchesAscii), \
-  PREFIX(nameLength), \
-  PREFIX(skipS), \
-  PREFIX(getAtts), \
-  PREFIX(charRefNumber), \
-  PREFIX(predefinedEntityName), \
-  PREFIX(updatePosition), \
-  PREFIX(isPublicId)
-
-#define VTABLE VTABLE1, PREFIX(toUtf8), PREFIX(toUtf16)
-
-#define UCS2_GET_NAMING(pages, hi, lo) \
-   (namingBitmap[(pages[hi] << 3) + ((lo) >> 5)] & (1 << ((lo) & 0x1F)))
-
-/* A 2 byte UTF-8 representation splits the characters 11 bits
-between the bottom 5 and 6 bits of the bytes.
-We need 8 bits to index into pages, 3 bits to add to that index and
-5 bits to generate the mask. */
-#define UTF8_GET_NAMING2(pages, byte) \
-    (namingBitmap[((pages)[(((byte)[0]) >> 2) & 7] << 3) \
-                      + ((((byte)[0]) & 3) << 1) \
-                      + ((((byte)[1]) >> 5) & 1)] \
-         & (1 << (((byte)[1]) & 0x1F)))
-
-/* A 3 byte UTF-8 representation splits the characters 16 bits
-between the bottom 4, 6 and 6 bits of the bytes.
-We need 8 bits to index into pages, 3 bits to add to that index and
-5 bits to generate the mask. */
-#define UTF8_GET_NAMING3(pages, byte) \
-  (namingBitmap[((pages)[((((byte)[0]) & 0xF) << 4) \
-                             + ((((byte)[1]) >> 2) & 0xF)] \
-		       << 3) \
-                      + ((((byte)[1]) & 3) << 1) \
-                      + ((((byte)[2]) >> 5) & 1)] \
-         & (1 << (((byte)[2]) & 0x1F)))
-
-#define UTF8_GET_NAMING(pages, p, n) \
-  ((n) == 2 \
-  ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \
-  : ((n) == 3 \
-     ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
-     : 0))
-
-#define UTF8_INVALID3(p) \
-  ((*p) == 0xED \
-  ? (((p)[1] & 0x20) != 0) \
-  : ((*p) == 0xEF \
-     ? ((p)[1] == 0xBF && ((p)[2] == 0xBF || (p)[2] == 0xBE)) \
-     : 0))
-
-#define UTF8_INVALID4(p) ((*p) == 0xF4 && ((p)[1] & 0x30) != 0)
-
-static
-int isNever(const ENCODING *enc, const char *p)
-{
-  return 0;
-}
-
-static
-int utf8_isName2(const ENCODING *enc, const char *p)
-{
-  return UTF8_GET_NAMING2(namePages, (const unsigned char *)p);
-}
-
-static
-int utf8_isName3(const ENCODING *enc, const char *p)
-{
-  return UTF8_GET_NAMING3(namePages, (const unsigned char *)p);
-}
-
-#define utf8_isName4 isNever
-
-static
-int utf8_isNmstrt2(const ENCODING *enc, const char *p)
-{
-  return UTF8_GET_NAMING2(nmstrtPages, (const unsigned char *)p);
-}
-
-static
-int utf8_isNmstrt3(const ENCODING *enc, const char *p)
-{
-  return UTF8_GET_NAMING3(nmstrtPages, (const unsigned char *)p);
-}
-
-#define utf8_isNmstrt4 isNever
-
-#define utf8_isInvalid2 isNever
-
-static
-int utf8_isInvalid3(const ENCODING *enc, const char *p)
-{
-  return UTF8_INVALID3((const unsigned char *)p);
-}
-
-static
-int utf8_isInvalid4(const ENCODING *enc, const char *p)
-{
-  return UTF8_INVALID4((const unsigned char *)p);
-}
-
-struct normal_encoding {
-  ENCODING enc;
-  unsigned char type[256];
-  int (*isName2)(const ENCODING *, const char *);
-  int (*isName3)(const ENCODING *, const char *);
-  int (*isName4)(const ENCODING *, const char *);
-  int (*isNmstrt2)(const ENCODING *, const char *);
-  int (*isNmstrt3)(const ENCODING *, const char *);
-  int (*isNmstrt4)(const ENCODING *, const char *);
-  int (*isInvalid2)(const ENCODING *, const char *);
-  int (*isInvalid3)(const ENCODING *, const char *);
-  int (*isInvalid4)(const ENCODING *, const char *);
-};
-
-#define STANDARD_VTABLE(E) /* as nothing */
-
-#define NORMAL_VTABLE(E) \
- E ## isName2, \
- E ## isName3, \
- E ## isName4, \
- E ## isNmstrt2, \
- E ## isNmstrt3, \
- E ## isNmstrt4, \
- E ## isInvalid2, \
- E ## isInvalid3, \
- E ## isInvalid4
-
-static int checkCharRefNumber(int);
-
-#include "xmltok_impl.h"
-
-
-/* minimum bytes per character */
-#define MINBPC(enc) 1
-
-#define SB_BYTE_TYPE(enc, p) \
-  (((struct normal_encoding *)(enc))->type[(unsigned char)*(p)])
-
-#define BYTE_TYPE(enc, p) SB_BYTE_TYPE(enc, p)
-
-#define BYTE_TO_ASCII(enc, p) (*p)
-
-#define IS_NAME_CHAR(enc, p, n) \
- (((const struct normal_encoding *)(enc))->isName ## n(enc, p))
-#define IS_NMSTRT_CHAR(enc, p, n) \
- (((const struct normal_encoding *)(enc))->isNmstrt ## n(enc, p))
-#define IS_INVALID_CHAR(enc, p, n) \
- (((const struct normal_encoding *)(enc))->isInvalid ## n(enc, p))
-
-#define IS_NAME_CHAR_MINBPC(enc, p) (0)
-#define IS_NMSTRT_CHAR_MINBPC(enc, p) (0)
-
-/* c is an ASCII character */
-#define CHAR_MATCHES(enc, p, c) (*(p) == c)
-
-#define PREFIX(ident) normal_ ## ident
-#include "xmltok_impl.c"
-
-#undef MINBPC
-#undef BYTE_TYPE
-#undef BYTE_TO_ASCII
-#undef CHAR_MATCHES
-#undef IS_NAME_CHAR
-#undef IS_NAME_CHAR_MINBPC
-#undef IS_NMSTRT_CHAR
-#undef IS_NMSTRT_CHAR_MINBPC
-#undef IS_INVALID_CHAR
-
-enum {  /* UTF8_cvalN is value of masked first byte of N byte sequence */
-  UTF8_cval1 = 0x00,
-  UTF8_cval2 = 0xc0,
-  UTF8_cval3 = 0xe0,
-  UTF8_cval4 = 0xf0
-};
-
-static
-void utf8_toUtf8(const ENCODING *enc,
-		 const char **fromP, const char *fromLim,
-		 char **toP, const char *toLim)
-{
-  char *to;
-  const char *from;
-  if (fromLim - *fromP > toLim - *toP) {
-    /* Avoid copying partial characters. */
-    for (fromLim = *fromP + (toLim - *toP); fromLim > *fromP; fromLim--)
-      if (((unsigned char)fromLim[-1] & 0xc0) != 0x80)
-	break;
-  }
-  for (to = *toP, from = *fromP; from != fromLim; from++, to++)
-    *to = *from;
-  *fromP = from;
-  *toP = to;
-}
-
-static
-void utf8_toUtf16(const ENCODING *enc,
-		  const char **fromP, const char *fromLim,
-		  unsigned short **toP, const unsigned short *toLim)
-{
-  unsigned short *to = *toP;
-  const char *from = *fromP;
-  while (from != fromLim && to != toLim) {
-    switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {
-    case BT_LEAD2:
-      *to++ = ((from[0] & 0x1f) << 6) | (from[1] & 0x3f);
-      from += 2;
-      break;
-    case BT_LEAD3:
-      *to++ = ((from[0] & 0xf) << 12) | ((from[1] & 0x3f) << 6) | (from[2] & 0x3f);
-      from += 3;
-      break;
-    case BT_LEAD4:
-      {
-	unsigned long n;
-	if (to + 1 == toLim)
-	  break;
-	n = ((from[0] & 0x7) << 18) | ((from[1] & 0x3f) << 12) | ((from[2] & 0x3f) << 6) | (from[3] & 0x3f);
-	n -= 0x10000;
-	to[0] = (unsigned short)((n >> 10) | 0xD800);
-	to[1] = (unsigned short)((n & 0x3FF) | 0xDC00);
-	to += 2;
-	from += 4;
-      }
-      break;
-    default:
-      *to++ = *from++;
-      break;
-    }
-  }
-  *fromP = from;
-  *toP = to;
-}
-
-#ifdef XML_NS
-static const struct normal_encoding utf8_encoding_ns = {
-  { VTABLE1, utf8_toUtf8, utf8_toUtf16, 1, 1, 0 },
-  {
-#include "asciitab.h"
-#include "utf8tab.h"
-  },
-  STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
-};
-#endif
-
-static const struct normal_encoding utf8_encoding = {
-  { VTABLE1, utf8_toUtf8, utf8_toUtf16, 1, 1, 0 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-#include "utf8tab.h"
-  },
-  STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
-};
-
-#ifdef XML_NS
-
-static const struct normal_encoding internal_utf8_encoding_ns = {
-  { VTABLE1, utf8_toUtf8, utf8_toUtf16, 1, 1, 0 },
-  {
-#include "iasciitab.h"
-#include "utf8tab.h"
-  },
-  STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
-};
-
-#endif
-
-static const struct normal_encoding internal_utf8_encoding = {
-  { VTABLE1, utf8_toUtf8, utf8_toUtf16, 1, 1, 0 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "iasciitab.h"
-#undef BT_COLON
-#include "utf8tab.h"
-  },
-  STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
-};
-
-static
-void latin1_toUtf8(const ENCODING *enc,
-		   const char **fromP, const char *fromLim,
-		   char **toP, const char *toLim)
-{
-  for (;;) {
-    unsigned char c;
-    if (*fromP == fromLim)
-      break;
-    c = (unsigned char)**fromP;
-    if (c & 0x80) {
-      if (toLim - *toP < 2)
-	break;
-      *(*toP)++ = ((c >> 6) | UTF8_cval2);
-      *(*toP)++ = ((c & 0x3f) | 0x80);
-      (*fromP)++;
-    }
-    else {
-      if (*toP == toLim)
-	break;
-      *(*toP)++ = *(*fromP)++;
-    }
-  }
-}
-
-static
-void latin1_toUtf16(const ENCODING *enc,
-		    const char **fromP, const char *fromLim,
-		    unsigned short **toP, const unsigned short *toLim)
-{
-  while (*fromP != fromLim && *toP != toLim)
-    *(*toP)++ = (unsigned char)*(*fromP)++;
-}
-
-#ifdef XML_NS
-
-static const struct normal_encoding latin1_encoding_ns = {
-  { VTABLE1, latin1_toUtf8, latin1_toUtf16, 1, 0, 0 },
-  {
-#include "asciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(sb_)
-};
-
-#endif
-
-static const struct normal_encoding latin1_encoding = {
-  { VTABLE1, latin1_toUtf8, latin1_toUtf16, 1, 0, 0 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(sb_)
-};
-
-static
-void ascii_toUtf8(const ENCODING *enc,
-		  const char **fromP, const char *fromLim,
-		  char **toP, const char *toLim)
-{
-  while (*fromP != fromLim && *toP != toLim)
-    *(*toP)++ = *(*fromP)++;
-}
-
-#ifdef XML_NS
-
-static const struct normal_encoding ascii_encoding_ns = {
-  { VTABLE1, ascii_toUtf8, latin1_toUtf16, 1, 1, 0 },
-  {
-#include "asciitab.h"
-/* BT_NONXML == 0 */
-  },
-  STANDARD_VTABLE(sb_)
-};
-
-#endif
-
-static const struct normal_encoding ascii_encoding = {
-  { VTABLE1, ascii_toUtf8, latin1_toUtf16, 1, 1, 0 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-/* BT_NONXML == 0 */
-  },
-  STANDARD_VTABLE(sb_)
-};
-
-static int unicode_byte_type(char hi, char lo)
-{
-  switch ((unsigned char)hi) {
-  case 0xD8: case 0xD9: case 0xDA: case 0xDB:
-    return BT_LEAD4;
-  case 0xDC: case 0xDD: case 0xDE: case 0xDF:
-    return BT_TRAIL;
-  case 0xFF:
-    switch ((unsigned char)lo) {
-    case 0xFF:
-    case 0xFE:
-      return BT_NONXML;
-    }
-    break;
-  }
-  return BT_NONASCII;
-}
-
-#define DEFINE_UTF16_TO_UTF8(E) \
-static \
-void E ## toUtf8(const ENCODING *enc, \
-		 const char **fromP, const char *fromLim, \
-		 char **toP, const char *toLim) \
-{ \
-  const char *from; \
-  for (from = *fromP; from != fromLim; from += 2) { \
-    int plane; \
-    unsigned char lo2; \
-    unsigned char lo = GET_LO(from); \
-    unsigned char hi = GET_HI(from); \
-    switch (hi) { \
-    case 0: \
-      if (lo < 0x80) { \
-        if (*toP == toLim) { \
-          *fromP = from; \
-	  return; \
-        } \
-        *(*toP)++ = lo; \
-        break; \
-      } \
-      /* fall through */ \
-    case 0x1: case 0x2: case 0x3: \
-    case 0x4: case 0x5: case 0x6: case 0x7: \
-      if (toLim -  *toP < 2) { \
-        *fromP = from; \
-	return; \
-      } \
-      *(*toP)++ = ((lo >> 6) | (hi << 2) |  UTF8_cval2); \
-      *(*toP)++ = ((lo & 0x3f) | 0x80); \
-      break; \
-    default: \
-      if (toLim -  *toP < 3)  { \
-        *fromP = from; \
-	return; \
-      } \
-      /* 16 bits divided 4, 6, 6 amongst 3 bytes */ \
-      *(*toP)++ = ((hi >> 4) | UTF8_cval3); \
-      *(*toP)++ = (((hi & 0xf) << 2) | (lo >> 6) | 0x80); \
-      *(*toP)++ = ((lo & 0x3f) | 0x80); \
-      break; \
-    case 0xD8: case 0xD9: case 0xDA: case 0xDB: \
-      if (toLim -  *toP < 4) { \
-	*fromP = from; \
-	return; \
-      } \
-      plane = (((hi & 0x3) << 2) | ((lo >> 6) & 0x3)) + 1; \
-      *(*toP)++ = ((plane >> 2) | UTF8_cval4); \
-      *(*toP)++ = (((lo >> 2) & 0xF) | ((plane & 0x3) << 4) | 0x80); \
-      from += 2; \
-      lo2 = GET_LO(from); \
-      *(*toP)++ = (((lo & 0x3) << 4) \
-	           | ((GET_HI(from) & 0x3) << 2) \
-		   | (lo2 >> 6) \
-		   | 0x80); \
-      *(*toP)++ = ((lo2 & 0x3f) | 0x80); \
-      break; \
-    } \
-  } \
-  *fromP = from; \
-}
-
-#define DEFINE_UTF16_TO_UTF16(E) \
-static \
-void E ## toUtf16(const ENCODING *enc, \
-		  const char **fromP, const char *fromLim, \
-		  unsigned short **toP, const unsigned short *toLim) \
-{ \
-  /* Avoid copying first half only of surrogate */ \
-  if (fromLim - *fromP > ((toLim - *toP) << 1) \
-      && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) \
-    fromLim -= 2; \
-  for (; *fromP != fromLim && *toP != toLim; *fromP += 2) \
-    *(*toP)++ = (GET_HI(*fromP) << 8) | GET_LO(*fromP); \
-}
-
-#define SET2(ptr, ch) \
-  (((ptr)[0] = ((ch) & 0xff)), ((ptr)[1] = ((ch) >> 8)))
-#define GET_LO(ptr) ((unsigned char)(ptr)[0])
-#define GET_HI(ptr) ((unsigned char)(ptr)[1])
-
-DEFINE_UTF16_TO_UTF8(little2_)
-DEFINE_UTF16_TO_UTF16(little2_)
-
-#undef SET2
-#undef GET_LO
-#undef GET_HI
-
-#define SET2(ptr, ch) \
-  (((ptr)[0] = ((ch) >> 8)), ((ptr)[1] = ((ch) & 0xFF)))
-#define GET_LO(ptr) ((unsigned char)(ptr)[1])
-#define GET_HI(ptr) ((unsigned char)(ptr)[0])
-
-DEFINE_UTF16_TO_UTF8(big2_)
-DEFINE_UTF16_TO_UTF16(big2_)
-
-#undef SET2
-#undef GET_LO
-#undef GET_HI
-
-#define LITTLE2_BYTE_TYPE(enc, p) \
- ((p)[1] == 0 \
-  ? ((struct normal_encoding *)(enc))->type[(unsigned char)*(p)] \
-  : unicode_byte_type((p)[1], (p)[0]))
-#define LITTLE2_BYTE_TO_ASCII(enc, p) ((p)[1] == 0 ? (p)[0] : -1)
-#define LITTLE2_CHAR_MATCHES(enc, p, c) ((p)[1] == 0 && (p)[0] == c)
-#define LITTLE2_IS_NAME_CHAR_MINBPC(enc, p) \
-  UCS2_GET_NAMING(namePages, (unsigned char)p[1], (unsigned char)p[0])
-#define LITTLE2_IS_NMSTRT_CHAR_MINBPC(enc, p) \
-  UCS2_GET_NAMING(nmstrtPages, (unsigned char)p[1], (unsigned char)p[0])
-
-#undef PREFIX
-#define PREFIX(ident) little2_ ## ident
-#define MINBPC(enc) 2
-/* CHAR_MATCHES is guaranteed to have MINBPC bytes available. */
-#define BYTE_TYPE(enc, p) LITTLE2_BYTE_TYPE(enc, p)
-#define BYTE_TO_ASCII(enc, p) LITTLE2_BYTE_TO_ASCII(enc, p) 
-#define CHAR_MATCHES(enc, p, c) LITTLE2_CHAR_MATCHES(enc, p, c)
-#define IS_NAME_CHAR(enc, p, n) 0
-#define IS_NAME_CHAR_MINBPC(enc, p) LITTLE2_IS_NAME_CHAR_MINBPC(enc, p)
-#define IS_NMSTRT_CHAR(enc, p, n) (0)
-#define IS_NMSTRT_CHAR_MINBPC(enc, p) LITTLE2_IS_NMSTRT_CHAR_MINBPC(enc, p)
-
-#include "xmltok_impl.c"
-
-#undef MINBPC
-#undef BYTE_TYPE
-#undef BYTE_TO_ASCII
-#undef CHAR_MATCHES
-#undef IS_NAME_CHAR
-#undef IS_NAME_CHAR_MINBPC
-#undef IS_NMSTRT_CHAR
-#undef IS_NMSTRT_CHAR_MINBPC
-#undef IS_INVALID_CHAR
-
-#ifdef XML_NS
-
-static const struct normal_encoding little2_encoding_ns = { 
-  { VTABLE, 2, 0,
-#if XML_BYTE_ORDER == 12
-    1
-#else
-    0
-#endif
-  },
-  {
-#include "asciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(little2_)
-};
-
-#endif
-
-static const struct normal_encoding little2_encoding = { 
-  { VTABLE, 2, 0,
-#if XML_BYTE_ORDER == 12
-    1
-#else
-    0
-#endif
-  },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(little2_)
-};
-
-#if XML_BYTE_ORDER != 21
-
-#ifdef XML_NS
-
-static const struct normal_encoding internal_little2_encoding_ns = { 
-  { VTABLE, 2, 0, 1 },
-  {
-#include "iasciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(little2_)
-};
-
-#endif
-
-static const struct normal_encoding internal_little2_encoding = { 
-  { VTABLE, 2, 0, 1 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "iasciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(little2_)
-};
-
-#endif
-
-
-#define BIG2_BYTE_TYPE(enc, p) \
- ((p)[0] == 0 \
-  ? ((struct normal_encoding *)(enc))->type[(unsigned char)(p)[1]] \
-  : unicode_byte_type((p)[0], (p)[1]))
-#define BIG2_BYTE_TO_ASCII(enc, p) ((p)[0] == 0 ? (p)[1] : -1)
-#define BIG2_CHAR_MATCHES(enc, p, c) ((p)[0] == 0 && (p)[1] == c)
-#define BIG2_IS_NAME_CHAR_MINBPC(enc, p) \
-  UCS2_GET_NAMING(namePages, (unsigned char)p[0], (unsigned char)p[1])
-#define BIG2_IS_NMSTRT_CHAR_MINBPC(enc, p) \
-  UCS2_GET_NAMING(nmstrtPages, (unsigned char)p[0], (unsigned char)p[1])
-
-#undef PREFIX
-#define PREFIX(ident) big2_ ## ident
-#define MINBPC(enc) 2
-/* CHAR_MATCHES is guaranteed to have MINBPC bytes available. */
-#define BYTE_TYPE(enc, p) BIG2_BYTE_TYPE(enc, p)
-#define BYTE_TO_ASCII(enc, p) BIG2_BYTE_TO_ASCII(enc, p) 
-#define CHAR_MATCHES(enc, p, c) BIG2_CHAR_MATCHES(enc, p, c)
-#define IS_NAME_CHAR(enc, p, n) 0
-#define IS_NAME_CHAR_MINBPC(enc, p) BIG2_IS_NAME_CHAR_MINBPC(enc, p)
-#define IS_NMSTRT_CHAR(enc, p, n) (0)
-#define IS_NMSTRT_CHAR_MINBPC(enc, p) BIG2_IS_NMSTRT_CHAR_MINBPC(enc, p)
-
-#include "xmltok_impl.c"
-
-#undef MINBPC
-#undef BYTE_TYPE
-#undef BYTE_TO_ASCII
-#undef CHAR_MATCHES
-#undef IS_NAME_CHAR
-#undef IS_NAME_CHAR_MINBPC
-#undef IS_NMSTRT_CHAR
-#undef IS_NMSTRT_CHAR_MINBPC
-#undef IS_INVALID_CHAR
-
-#ifdef XML_NS
-
-static const struct normal_encoding big2_encoding_ns = {
-  { VTABLE, 2, 0,
-#if XML_BYTE_ORDER == 21
-  1
-#else
-  0
-#endif
-  },
-  {
-#include "asciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(big2_)
-};
-
-#endif
-
-static const struct normal_encoding big2_encoding = {
-  { VTABLE, 2, 0,
-#if XML_BYTE_ORDER == 21
-  1
-#else
-  0
-#endif
-  },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(big2_)
-};
-
-#if XML_BYTE_ORDER != 12
-
-#ifdef XML_NS
-
-static const struct normal_encoding internal_big2_encoding_ns = {
-  { VTABLE, 2, 0, 1 },
-  {
-#include "iasciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(big2_)
-};
-
-#endif
-
-static const struct normal_encoding internal_big2_encoding = {
-  { VTABLE, 2, 0, 1 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "iasciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(big2_)
-};
-
-#endif
-
-#undef PREFIX
-
-static
-int streqci(const char *s1, const char *s2)
-{
-  for (;;) {
-    char c1 = *s1++;
-    char c2 = *s2++;
-    if ('a' <= c1 && c1 <= 'z')
-      c1 += 'A' - 'a';
-    if ('a' <= c2 && c2 <= 'z')
-      c2 += 'A' - 'a';
-    if (c1 != c2)
-      return 0;
-    if (!c1)
-      break;
-  }
-  return 1;
-}
-
-static
-void initUpdatePosition(const ENCODING *enc, const char *ptr,
-			const char *end, POSITION *pos)
-{
-  normal_updatePosition(&utf8_encoding.enc, ptr, end, pos);
-}
-
-static
-int toAscii(const ENCODING *enc, const char *ptr, const char *end)
-{
-  char buf[1];
-  char *p = buf;
-  XmlUtf8Convert(enc, &ptr, end, &p, p + 1);
-  if (p == buf)
-    return -1;
-  else
-    return buf[0];
-}
-
-static
-int isSpace(int c)
-{
-  switch (c) {
-  case 0x20:
-  case 0xD:
-  case 0xA:
-  case 0x9:	
-    return 1;
-  }
-  return 0;
-}
-
-/* Return 1 if there's just optional white space
-or there's an S followed by name=val. */
-static
-int parsePseudoAttribute(const ENCODING *enc,
-			 const char *ptr,
-			 const char *end,
-			 const char **namePtr,
-			 const char **valPtr,
-			 const char **nextTokPtr)
-{
-  int c;
-  char openchar;
-  if (ptr == end) {
-    *namePtr = 0;
-    return 1;
-  }
-  if (!isSpace(toAscii(enc, ptr, end))) {
-    *nextTokPtr = ptr;
-    return 0;
-  }
-  do {
-    ptr += enc->minBytesPerChar;
-  } while (isSpace(toAscii(enc, ptr, end)));
-  if (ptr == end) {
-    *namePtr = 0;
-    return 1;
-  }
-  *namePtr = ptr;
-  for (;;) {
-    c = toAscii(enc, ptr, end);
-    if (c == -1) {
-      *nextTokPtr = ptr;
-      return 0;
-    }
-    if (c == '=')
-      break;
-    if (isSpace(c)) {
-      do {
-	ptr += enc->minBytesPerChar;
-      } while (isSpace(c = toAscii(enc, ptr, end)));
-      if (c != '=') {
-	*nextTokPtr = ptr;
-	return 0;
-      }
-      break;
-    }
-    ptr += enc->minBytesPerChar;
-  }
-  if (ptr == *namePtr) {
-    *nextTokPtr = ptr;
-    return 0;
-  }
-  ptr += enc->minBytesPerChar;
-  c = toAscii(enc, ptr, end);
-  while (isSpace(c)) {
-    ptr += enc->minBytesPerChar;
-    c = toAscii(enc, ptr, end);
-  }
-  if (c != '"' && c != '\'') {
-    *nextTokPtr = ptr;
-    return 0;
-  }
-  openchar = c;
-  ptr += enc->minBytesPerChar;
-  *valPtr = ptr;
-  for (;; ptr += enc->minBytesPerChar) {
-    c = toAscii(enc, ptr, end);
-    if (c == openchar)
-      break;
-    if (!('a' <= c && c <= 'z')
-	&& !('A' <= c && c <= 'Z')
-	&& !('0' <= c && c <= '9')
-	&& c != '.'
-	&& c != '-'
-	&& c != '_') {
-      *nextTokPtr = ptr;
-      return 0;
-    }
-  }
-  *nextTokPtr = ptr + enc->minBytesPerChar;
-  return 1;
-}
-
-static
-int doParseXmlDecl(const ENCODING *(*encodingFinder)(const ENCODING *,
-		                                     const char *,
-						     const char *),
-		   int isGeneralTextEntity,
-		   const ENCODING *enc,
-		   const char *ptr,
-		   const char *end,
-		   const char **badPtr,
-		   const char **versionPtr,
-		   const char **encodingName,
-		   const ENCODING **encoding,
-		   int *standalone)
-{
-  const char *val = 0;
-  const char *name = 0;
-  ptr += 5 * enc->minBytesPerChar;
-  end -= 2 * enc->minBytesPerChar;
-  if (!parsePseudoAttribute(enc, ptr, end, &name, &val, &ptr) || !name) {
-    *badPtr = ptr;
-    return 0;
-  }
-  if (!XmlNameMatchesAscii(enc, name, "version")) {
-    if (!isGeneralTextEntity) {
-      *badPtr = name;
-      return 0;
-    }
-  }
-  else {
-    if (versionPtr)
-      *versionPtr = val;
-    if (!parsePseudoAttribute(enc, ptr, end, &name, &val, &ptr)) {
-      *badPtr = ptr;
-      return 0;
-    }
-    if (!name) {
-      if (isGeneralTextEntity) {
-	/* a TextDecl must have an EncodingDecl */
-	*badPtr = ptr;
-	return 0;
-      }
-      return 1;
-    }
-  }
-  if (XmlNameMatchesAscii(enc, name, "encoding")) {
-    int c = toAscii(enc, val, end);
-    if (!('a' <= c && c <= 'z') && !('A' <= c && c <= 'Z')) {
-      *badPtr = val;
-      return 0;
-    }
-    if (encodingName)
-      *encodingName = val;
-    if (encoding)
-      *encoding = encodingFinder(enc, val, ptr - enc->minBytesPerChar);
-    if (!parsePseudoAttribute(enc, ptr, end, &name, &val, &ptr)) {
-      *badPtr = ptr;
-      return 0;
-    }
-    if (!name)
-      return 1;
-  }
-  if (!XmlNameMatchesAscii(enc, name, "standalone") || isGeneralTextEntity) {
-    *badPtr = name;
-    return 0;
-  }
-  if (XmlNameMatchesAscii(enc, val, "yes")) {
-    if (standalone)
-      *standalone = 1;
-  }
-  else if (XmlNameMatchesAscii(enc, val, "no")) {
-    if (standalone)
-      *standalone = 0;
-  }
-  else {
-    *badPtr = val;
-    return 0;
-  }
-  while (isSpace(toAscii(enc, ptr, end)))
-    ptr += enc->minBytesPerChar;
-  if (ptr != end) {
-    *badPtr = ptr;
-    return 0;
-  }
-  return 1;
-}
-
-static
-int checkCharRefNumber(int result)
-{
-  switch (result >> 8) {
-  case 0xD8: case 0xD9: case 0xDA: case 0xDB:
-  case 0xDC: case 0xDD: case 0xDE: case 0xDF:
-    return -1;
-  case 0:
-    if (latin1_encoding.type[result] == BT_NONXML)
-      return -1;
-    break;
-  case 0xFF:
-    if (result == 0xFFFE || result == 0xFFFF)
-      return -1;
-    break;
-  }
-  return result;
-}
-
-int XmlUtf8Encode(int c, char *buf)
-{
-  enum {
-    /* minN is minimum legal resulting value for N byte sequence */
-    min2 = 0x80,
-    min3 = 0x800,
-    min4 = 0x10000
-  };
-
-  if (c < 0)
-    return 0;
-  if (c < min2) {
-    buf[0] = (c | UTF8_cval1);
-    return 1;
-  }
-  if (c < min3) {
-    buf[0] = ((c >> 6) | UTF8_cval2);
-    buf[1] = ((c & 0x3f) | 0x80);
-    return 2;
-  }
-  if (c < min4) {
-    buf[0] = ((c >> 12) | UTF8_cval3);
-    buf[1] = (((c >> 6) & 0x3f) | 0x80);
-    buf[2] = ((c & 0x3f) | 0x80);
-    return 3;
-  }
-  if (c < 0x110000) {
-    buf[0] = ((c >> 18) | UTF8_cval4);
-    buf[1] = (((c >> 12) & 0x3f) | 0x80);
-    buf[2] = (((c >> 6) & 0x3f) | 0x80);
-    buf[3] = ((c & 0x3f) | 0x80);
-    return 4;
-  }
-  return 0;
-}
-
-int XmlUtf16Encode(int charNum, unsigned short *buf)
-{
-  if (charNum < 0)
-    return 0;
-  if (charNum < 0x10000) {
-    buf[0] = charNum;
-    return 1;
-  }
-  if (charNum < 0x110000) {
-    charNum -= 0x10000;
-    buf[0] = (charNum >> 10) + 0xD800;
-    buf[1] = (charNum & 0x3FF) + 0xDC00;
-    return 2;
-  }
-  return 0;
-}
-
-struct unknown_encoding {
-  struct normal_encoding normal;
-  int (*convert)(void *userData, const char *p);
-  void *userData;
-  unsigned short utf16[256];
-  char utf8[256][4];
-};
-
-int XmlSizeOfUnknownEncoding(void)
-{
-  return sizeof(struct unknown_encoding);
-}
-
-static
-int unknown_isName(const ENCODING *enc, const char *p)
-{
-  int c = ((const struct unknown_encoding *)enc)
-	  ->convert(((const struct unknown_encoding *)enc)->userData, p);
-  if (c & ~0xFFFF)
-    return 0;
-  return UCS2_GET_NAMING(namePages, c >> 8, c & 0xFF);
-}
-
-static
-int unknown_isNmstrt(const ENCODING *enc, const char *p)
-{
-  int c = ((const struct unknown_encoding *)enc)
-	  ->convert(((const struct unknown_encoding *)enc)->userData, p);
-  if (c & ~0xFFFF)
-    return 0;
-  return UCS2_GET_NAMING(nmstrtPages, c >> 8, c & 0xFF);
-}
-
-static
-int unknown_isInvalid(const ENCODING *enc, const char *p)
-{
-  int c = ((const struct unknown_encoding *)enc)
-	   ->convert(((const struct unknown_encoding *)enc)->userData, p);
-  return (c & ~0xFFFF) || checkCharRefNumber(c) < 0;
-}
-
-static
-void unknown_toUtf8(const ENCODING *enc,
-		    const char **fromP, const char *fromLim,
-		    char **toP, const char *toLim)
-{
-  char buf[XML_UTF8_ENCODE_MAX];
-  for (;;) {
-    const char *utf8;
-    int n;
-    if (*fromP == fromLim)
-      break;
-    utf8 = ((const struct unknown_encoding *)enc)->utf8[(unsigned char)**fromP];
-    n = *utf8++;
-    if (n == 0) {
-      int c = ((const struct unknown_encoding *)enc)
-	      ->convert(((const struct unknown_encoding *)enc)->userData, *fromP);
-      n = XmlUtf8Encode(c, buf);
-      if (n > toLim - *toP)
-	break;
-      utf8 = buf;
-      *fromP += ((const struct normal_encoding *)enc)->type[(unsigned char)**fromP]
-	         - (BT_LEAD2 - 2);
-    }
-    else {
-      if (n > toLim - *toP)
-	break;
-      (*fromP)++;
-    }
-    do {
-      *(*toP)++ = *utf8++;
-    } while (--n != 0);
-  }
-}
-
-static
-void unknown_toUtf16(const ENCODING *enc,
-		     const char **fromP, const char *fromLim,
-		     unsigned short **toP, const unsigned short *toLim)
-{
-  while (*fromP != fromLim && *toP != toLim) {
-    unsigned short c
-      = ((const struct unknown_encoding *)enc)->utf16[(unsigned char)**fromP];
-    if (c == 0) {
-      c = (unsigned short)((const struct unknown_encoding *)enc)
-	   ->convert(((const struct unknown_encoding *)enc)->userData, *fromP);
-      *fromP += ((const struct normal_encoding *)enc)->type[(unsigned char)**fromP]
-	         - (BT_LEAD2 - 2);
-    }
-    else
-      (*fromP)++;
-    *(*toP)++ = c;
-  }
-}
-
-ENCODING *
-XmlInitUnknownEncoding(void *mem,
-		       int *table,
-		       int (*convert)(void *userData, const char *p),
-		       void *userData)
-{
-  int i;
-  struct unknown_encoding *e = mem;
-  for (i = 0; i < sizeof(struct normal_encoding); i++)
-    ((char *)mem)[i] = ((char *)&latin1_encoding)[i];
-  for (i = 0; i < 128; i++)
-    if (latin1_encoding.type[i] != BT_OTHER
-        && latin1_encoding.type[i] != BT_NONXML
-	&& table[i] != i)
-      return 0;
-  for (i = 0; i < 256; i++) {
-    int c = table[i];
-    if (c == -1) {
-      e->normal.type[i] = BT_MALFORM;
-      /* This shouldn't really get used. */
-      e->utf16[i] = 0xFFFF;
-      e->utf8[i][0] = 1;
-      e->utf8[i][1] = 0;
-    }
-    else if (c < 0) {
-      if (c < -4)
-	return 0;
-      e->normal.type[i] = BT_LEAD2 - (c + 2);
-      e->utf8[i][0] = 0;
-      e->utf16[i] = 0;
-    }
-    else if (c < 0x80) {
-      if (latin1_encoding.type[c] != BT_OTHER
-	  && latin1_encoding.type[c] != BT_NONXML
-	  && c != i)
-	return 0;
-      e->normal.type[i] = latin1_encoding.type[c];
-      e->utf8[i][0] = 1;
-      e->utf8[i][1] = (char)c;
-      e->utf16[i] = c == 0 ? 0xFFFF : c;
-    }
-    else if (checkCharRefNumber(c) < 0) {
-      e->normal.type[i] = BT_NONXML;
-      /* This shouldn't really get used. */
-      e->utf16[i] = 0xFFFF;
-      e->utf8[i][0] = 1;
-      e->utf8[i][1] = 0;
-    }
-    else {
-      if (c > 0xFFFF)
-	return 0;
-      if (UCS2_GET_NAMING(nmstrtPages, c >> 8, c & 0xff))
-	e->normal.type[i] = BT_NMSTRT;
-      else if (UCS2_GET_NAMING(namePages, c >> 8, c & 0xff))
-	e->normal.type[i] = BT_NAME;
-      else
-	e->normal.type[i] = BT_OTHER;
-      e->utf8[i][0] = (char)XmlUtf8Encode(c, e->utf8[i] + 1);
-      e->utf16[i] = c;
-    }
-  }
-  e->userData = userData;
-  e->convert = convert;
-  if (convert) {
-    e->normal.isName2 = unknown_isName;
-    e->normal.isName3 = unknown_isName;
-    e->normal.isName4 = unknown_isName;
-    e->normal.isNmstrt2 = unknown_isNmstrt;
-    e->normal.isNmstrt3 = unknown_isNmstrt;
-    e->normal.isNmstrt4 = unknown_isNmstrt;
-    e->normal.isInvalid2 = unknown_isInvalid;
-    e->normal.isInvalid3 = unknown_isInvalid;
-    e->normal.isInvalid4 = unknown_isInvalid;
-  }
-  e->normal.enc.utf8Convert = unknown_toUtf8;
-  e->normal.enc.utf16Convert = unknown_toUtf16;
-  return &(e->normal.enc);
-}
-
-/* If this enumeration is changed, getEncodingIndex and encodings
-must also be changed. */
-enum {
-  UNKNOWN_ENC = -1,
-  ISO_8859_1_ENC = 0,
-  US_ASCII_ENC,
-  UTF_8_ENC,
-  UTF_16_ENC,
-  UTF_16BE_ENC,
-  UTF_16LE_ENC,
-  /* must match encodingNames up to here */
-  NO_ENC
-};
-
-static
-int getEncodingIndex(const char *name)
-{
-  static const char *encodingNames[] = {
-    "ISO-8859-1",
-    "US-ASCII",
-    "UTF-8",
-    "UTF-16",
-    "UTF-16BE"
-    "UTF-16LE",
-  };
-  int i;
-  if (name == 0)
-    return NO_ENC;
-  for (i = 0; i < sizeof(encodingNames)/sizeof(encodingNames[0]); i++)
-    if (streqci(name, encodingNames[i]))
-      return i;
-  return UNKNOWN_ENC;
-}
-
-/* For binary compatibility, we store the index of the encoding specified
-at initialization in the isUtf16 member. */
-
-#define INIT_ENC_INDEX(enc) ((enc)->initEnc.isUtf16)
-
-/* This is what detects the encoding.
-encodingTable maps from encoding indices to encodings;
-INIT_ENC_INDEX(enc) is the index of the external (protocol) specified encoding;
-state is XML_CONTENT_STATE if we're parsing an external text entity,
-and XML_PROLOG_STATE otherwise.
-*/
-
-
-static
-int initScan(const ENCODING **encodingTable,
-	     const INIT_ENCODING *enc,
-	     int state,
-	     const char *ptr,
-	     const char *end,
-	     const char **nextTokPtr)
-{
-  const ENCODING **encPtr;
-
-  if (ptr == end)
-    return XML_TOK_NONE;
-  encPtr = enc->encPtr;
-  if (ptr + 1 == end) {
-    /* only a single byte available for auto-detection */
-    /* a well-formed document entity must have more than one byte */
-    if (state != XML_CONTENT_STATE)
-      return XML_TOK_PARTIAL;
-    /* so we're parsing an external text entity... */
-    /* if UTF-16 was externally specified, then we need at least 2 bytes */
-    switch (INIT_ENC_INDEX(enc)) {
-    case UTF_16_ENC:
-    case UTF_16LE_ENC:
-    case UTF_16BE_ENC:
-      return XML_TOK_PARTIAL;
-    }
-    switch ((unsigned char)*ptr) {
-    case 0xFE:
-    case 0xFF:
-    case 0xEF: /* possibly first byte of UTF-8 BOM */
-      if (INIT_ENC_INDEX(enc) == ISO_8859_1_ENC
-	  && state == XML_CONTENT_STATE)
-	break;
-      /* fall through */
-    case 0x00:
-    case 0x3C:
-      return XML_TOK_PARTIAL;
-    }
-  }
-  else {
-    switch (((unsigned char)ptr[0] << 8) | (unsigned char)ptr[1]) {
-    case 0xFEFF:
-      if (INIT_ENC_INDEX(enc) == ISO_8859_1_ENC
-	  && state == XML_CONTENT_STATE)
-	break;
-      *nextTokPtr = ptr + 2;
-      *encPtr = encodingTable[UTF_16BE_ENC];
-      return XML_TOK_BOM;
-    /* 00 3C is handled in the default case */
-    case 0x3C00:
-      if ((INIT_ENC_INDEX(enc) == UTF_16BE_ENC
-	   || INIT_ENC_INDEX(enc) == UTF_16_ENC)
-	  && state == XML_CONTENT_STATE)
-	break;
-      *encPtr = encodingTable[UTF_16LE_ENC];
-      return XmlTok(*encPtr, state, ptr, end, nextTokPtr);
-    case 0xFFFE:
-      if (INIT_ENC_INDEX(enc) == ISO_8859_1_ENC
-	  && state == XML_CONTENT_STATE)
-	break;
-      *nextTokPtr = ptr + 2;
-      *encPtr = encodingTable[UTF_16LE_ENC];
-      return XML_TOK_BOM;
-    case 0xEFBB:
-      /* Maybe a UTF-8 BOM (EF BB BF) */
-      /* If there's an explicitly specified (external) encoding
-         of ISO-8859-1 or some flavour of UTF-16
-         and this is an external text entity,
-	 don't look for the BOM,
-         because it might be a legal data. */
-      if (state == XML_CONTENT_STATE) {
-	int e = INIT_ENC_INDEX(enc);
-	if (e == ISO_8859_1_ENC || e == UTF_16BE_ENC || e == UTF_16LE_ENC || e == UTF_16_ENC)
-	  break;
-      }
-      if (ptr + 2 == end)
-	return XML_TOK_PARTIAL;
-      if ((unsigned char)ptr[2] == 0xBF) {
-	*encPtr = encodingTable[UTF_8_ENC];
-	return XML_TOK_BOM;
-      }
-      break;
-    default:
-      if (ptr[0] == '\0') {
-	/* 0 isn't a legal data character. Furthermore a document entity can only
-	   start with ASCII characters.  So the only way this can fail to be big-endian
-	   UTF-16 if it it's an external parsed general entity that's labelled as
-	   UTF-16LE. */
-	if (state == XML_CONTENT_STATE && INIT_ENC_INDEX(enc) == UTF_16LE_ENC)
-	  break;
-	*encPtr = encodingTable[UTF_16BE_ENC];
-	return XmlTok(*encPtr, state, ptr, end, nextTokPtr);
-      }
-      else if (ptr[1] == '\0') {
-	/* We could recover here in the case:
-	    - parsing an external entity
-	    - second byte is 0
-	    - no externally specified encoding
-	    - no encoding declaration
-	   by assuming UTF-16LE.  But we don't, because this would mean when
-	   presented just with a single byte, we couldn't reliably determine
-	   whether we needed further bytes. */
-	if (state == XML_CONTENT_STATE)
-	  break;
-	*encPtr = encodingTable[UTF_16LE_ENC];
-	return XmlTok(*encPtr, state, ptr, end, nextTokPtr);
-      }
-      break;
-    }
-  }
-  *encPtr = encodingTable[(int)INIT_ENC_INDEX(enc)];
-  return XmlTok(*encPtr, state, ptr, end, nextTokPtr);
-}
-
-
-#define NS(x) x
-#define ns(x) x
-#include "xmltok_ns.c"
-#undef NS
-#undef ns
-
-#ifdef XML_NS
-
-#define NS(x) x ## NS
-#define ns(x) x ## _ns
-
-#include "xmltok_ns.c"
-
-#undef NS
-#undef ns
-
-ENCODING *
-XmlInitUnknownEncodingNS(void *mem,
-		         int *table,
-		         int (*convert)(void *userData, const char *p),
-		         void *userData)
-{
-  ENCODING *enc = XmlInitUnknownEncoding(mem, table, convert, userData);
-  if (enc)
-    ((struct normal_encoding *)enc)->type[':'] = BT_COLON;
-  return enc;
-}
-
-#endif /* XML_NS */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok.def b/usr.sbin/httpd/src/lib/expat-lite/xmltok.def
deleted file mode 100644
index 3be476c555b..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok.def
+++ /dev/null
@@ -1,15 +0,0 @@
-; xmltok.def
-
-LIBRARY xmltok
-DESCRIPTION ''
-
-EXPORTS
-   XmlGetUtf16InternalEncoding  @1
-   XmlGetUtf8InternalEncoding   @2
-   XmlInitEncoding              @3
-   XmlInitUnknownEncoding       @4
-   XmlParseXmlDecl              @5
-   XmlPrologStateInit           @6
-   XmlSizeOfUnknownEncoding     @7
-   XmlUtf16Encode               @8
-   XmlUtf8Encode                @9
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok.h b/usr.sbin/httpd/src/lib/expat-lite/xmltok.h
deleted file mode 100644
index fd0ed08e34b..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok.h
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#ifndef XmlTok_INCLUDED
-#define XmlTok_INCLUDED 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef XMLTOKAPI
-#define XMLTOKAPI /* as nothing */
-#endif
-
-/* The following token may be returned by XmlContentTok */
-#define XML_TOK_TRAILING_RSQB -5 /* ] or ]] at the end of the scan; might be start of
-                                    illegal ]]> sequence */
-/* The following tokens may be returned by both XmlPrologTok and XmlContentTok */
-#define XML_TOK_NONE -4    /* The string to be scanned is empty */
-#define XML_TOK_TRAILING_CR -3 /* A CR at the end of the scan;
-                                  might be part of CRLF sequence */ 
-#define XML_TOK_PARTIAL_CHAR -2 /* only part of a multibyte sequence */
-#define XML_TOK_PARTIAL -1 /* only part of a token */
-#define XML_TOK_INVALID 0
-
-/* The following tokens are returned by XmlContentTok; some are also
-  returned by XmlAttributeValueTok, XmlEntityTok, XmlCdataSectionTok */
-
-#define XML_TOK_START_TAG_WITH_ATTS 1
-#define XML_TOK_START_TAG_NO_ATTS 2
-#define XML_TOK_EMPTY_ELEMENT_WITH_ATTS 3 /* empty element tag <e/> */
-#define XML_TOK_EMPTY_ELEMENT_NO_ATTS 4
-#define XML_TOK_END_TAG 5
-#define XML_TOK_DATA_CHARS 6
-#define XML_TOK_DATA_NEWLINE 7
-#define XML_TOK_CDATA_SECT_OPEN 8
-#define XML_TOK_ENTITY_REF 9
-#define XML_TOK_CHAR_REF 10     /* numeric character reference */
-
-/* The following tokens may be returned by both XmlPrologTok and XmlContentTok */
-#define XML_TOK_PI 11      /* processing instruction */
-#define XML_TOK_XML_DECL 12 /* XML decl or text decl */
-#define XML_TOK_COMMENT 13
-#define XML_TOK_BOM 14     /* Byte order mark */
-
-/* The following tokens are returned only by XmlPrologTok */
-#define XML_TOK_PROLOG_S 15
-#define XML_TOK_DECL_OPEN 16 /* <!foo */
-#define XML_TOK_DECL_CLOSE 17 /* > */
-#define XML_TOK_NAME 18
-#define XML_TOK_NMTOKEN 19
-#define XML_TOK_POUND_NAME 20 /* #name */
-#define XML_TOK_OR 21 /* | */
-#define XML_TOK_PERCENT 22
-#define XML_TOK_OPEN_PAREN 23
-#define XML_TOK_CLOSE_PAREN 24
-#define XML_TOK_OPEN_BRACKET 25
-#define XML_TOK_CLOSE_BRACKET 26
-#define XML_TOK_LITERAL 27
-#define XML_TOK_PARAM_ENTITY_REF 28
-#define XML_TOK_INSTANCE_START 29
-
-/* The following occur only in element type declarations */
-#define XML_TOK_NAME_QUESTION 30 /* name? */
-#define XML_TOK_NAME_ASTERISK 31 /* name* */
-#define XML_TOK_NAME_PLUS 32 /* name+ */
-#define XML_TOK_COND_SECT_OPEN 33 /* <![ */
-#define XML_TOK_COND_SECT_CLOSE 34 /* ]]> */
-#define XML_TOK_CLOSE_PAREN_QUESTION 35 /* )? */
-#define XML_TOK_CLOSE_PAREN_ASTERISK 36 /* )* */
-#define XML_TOK_CLOSE_PAREN_PLUS 37 /* )+ */
-#define XML_TOK_COMMA 38
-
-/* The following token is returned only by XmlAttributeValueTok */
-#define XML_TOK_ATTRIBUTE_VALUE_S 39
-
-/* The following token is returned only by XmlCdataSectionTok */
-#define XML_TOK_CDATA_SECT_CLOSE 40
-
-/* With namespace processing this is returned by XmlPrologTok
-   for a name with a colon. */
-#define XML_TOK_PREFIXED_NAME 41
-
-#define XML_N_STATES 3
-#define XML_PROLOG_STATE 0
-#define XML_CONTENT_STATE 1
-#define XML_CDATA_SECTION_STATE 2
-
-#define XML_N_LITERAL_TYPES 2
-#define XML_ATTRIBUTE_VALUE_LITERAL 0
-#define XML_ENTITY_VALUE_LITERAL 1
-
-/* The size of the buffer passed to XmlUtf8Encode must be at least this. */
-#define XML_UTF8_ENCODE_MAX 4
-/* The size of the buffer passed to XmlUtf16Encode must be at least this. */
-#define XML_UTF16_ENCODE_MAX 2
-
-typedef struct position {
-  /* first line and first column are 0 not 1 */
-  unsigned long lineNumber;
-  unsigned long columnNumber;
-} POSITION;
-
-typedef struct {
-  const char *name;
-  const char *valuePtr;
-  const char *valueEnd;
-  char normalized;
-} ATTRIBUTE;
-
-struct encoding;
-typedef struct encoding ENCODING;
-
-struct encoding {
-  int (*scanners[XML_N_STATES])(const ENCODING *,
-			        const char *,
-			        const char *,
-			        const char **);
-  int (*literalScanners[XML_N_LITERAL_TYPES])(const ENCODING *,
-					      const char *,
-					      const char *,
-					      const char **);
-  int (*sameName)(const ENCODING *,
-	          const char *, const char *);
-  int (*nameMatchesAscii)(const ENCODING *,
-			  const char *, const char *);
-  int (*nameLength)(const ENCODING *, const char *);
-  const char *(*skipS)(const ENCODING *, const char *);
-  int (*getAtts)(const ENCODING *enc, const char *ptr,
-	         int attsMax, ATTRIBUTE *atts);
-  int (*charRefNumber)(const ENCODING *enc, const char *ptr);
-  int (*predefinedEntityName)(const ENCODING *, const char *, const char *);
-  void (*updatePosition)(const ENCODING *,
-			 const char *ptr,
-			 const char *end,
-			 POSITION *);
-  int (*isPublicId)(const ENCODING *enc, const char *ptr, const char *end,
-		    const char **badPtr);
-  void (*utf8Convert)(const ENCODING *enc,
-		      const char **fromP,
-		      const char *fromLim,
-		      char **toP,
-		      const char *toLim);
-  void (*utf16Convert)(const ENCODING *enc,
-		       const char **fromP,
-		       const char *fromLim,
-		       unsigned short **toP,
-		       const unsigned short *toLim);
-  int minBytesPerChar;
-  char isUtf8;
-  char isUtf16;
-};
-
-/*
-Scan the string starting at ptr until the end of the next complete token,
-but do not scan past eptr.  Return an integer giving the type of token.
-
-Return XML_TOK_NONE when ptr == eptr; nextTokPtr will not be set.
-
-Return XML_TOK_PARTIAL when the string does not contain a complete token;
-nextTokPtr will not be set.
-
-Return XML_TOK_INVALID when the string does not start a valid token; nextTokPtr
-will be set to point to the character which made the token invalid.
-
-Otherwise the string starts with a valid token; nextTokPtr will be set to point
-to the character following the end of that token.
-
-Each data character counts as a single token, but adjacent data characters
-may be returned together.  Similarly for characters in the prolog outside
-literals, comments and processing instructions.
-*/
-
-
-#define XmlTok(enc, state, ptr, end, nextTokPtr) \
-  (((enc)->scanners[state])(enc, ptr, end, nextTokPtr))
-
-#define XmlPrologTok(enc, ptr, end, nextTokPtr) \
-   XmlTok(enc, XML_PROLOG_STATE, ptr, end, nextTokPtr)
-
-#define XmlContentTok(enc, ptr, end, nextTokPtr) \
-   XmlTok(enc, XML_CONTENT_STATE, ptr, end, nextTokPtr)
-
-#define XmlCdataSectionTok(enc, ptr, end, nextTokPtr) \
-   XmlTok(enc, XML_CDATA_SECTION_STATE, ptr, end, nextTokPtr)
-
-/* This is used for performing a 2nd-level tokenization on
-the content of a literal that has already been returned by XmlTok. */ 
-
-#define XmlLiteralTok(enc, literalType, ptr, end, nextTokPtr) \
-  (((enc)->literalScanners[literalType])(enc, ptr, end, nextTokPtr))
-
-#define XmlAttributeValueTok(enc, ptr, end, nextTokPtr) \
-   XmlLiteralTok(enc, XML_ATTRIBUTE_VALUE_LITERAL, ptr, end, nextTokPtr)
-
-#define XmlEntityValueTok(enc, ptr, end, nextTokPtr) \
-   XmlLiteralTok(enc, XML_ENTITY_VALUE_LITERAL, ptr, end, nextTokPtr)
-
-#define XmlSameName(enc, ptr1, ptr2) (((enc)->sameName)(enc, ptr1, ptr2))
-
-#define XmlNameMatchesAscii(enc, ptr1, ptr2) \
-  (((enc)->nameMatchesAscii)(enc, ptr1, ptr2))
-
-#define XmlNameLength(enc, ptr) \
-  (((enc)->nameLength)(enc, ptr))
-
-#define XmlSkipS(enc, ptr) \
-  (((enc)->skipS)(enc, ptr))
-
-#define XmlGetAttributes(enc, ptr, attsMax, atts) \
-  (((enc)->getAtts)(enc, ptr, attsMax, atts))
-
-#define XmlCharRefNumber(enc, ptr) \
-  (((enc)->charRefNumber)(enc, ptr))
-
-#define XmlPredefinedEntityName(enc, ptr, end) \
-  (((enc)->predefinedEntityName)(enc, ptr, end))
-
-#define XmlUpdatePosition(enc, ptr, end, pos) \
-  (((enc)->updatePosition)(enc, ptr, end, pos))
-
-#define XmlIsPublicId(enc, ptr, end, badPtr) \
-  (((enc)->isPublicId)(enc, ptr, end, badPtr))
-
-#define XmlUtf8Convert(enc, fromP, fromLim, toP, toLim) \
-  (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
-
-#define XmlUtf16Convert(enc, fromP, fromLim, toP, toLim) \
-  (((enc)->utf16Convert)(enc, fromP, fromLim, toP, toLim))
-
-typedef struct {
-  ENCODING initEnc;
-  const ENCODING **encPtr;
-} INIT_ENCODING;
-
-int XMLTOKAPI XmlParseXmlDecl(int isGeneralTextEntity,
-			      const ENCODING *enc,
-			      const char *ptr,
-	  		      const char *end,
-			      const char **badPtr,
-			      const char **versionPtr,
-			      const char **encodingNamePtr,
-			      const ENCODING **namedEncodingPtr,
-			      int *standalonePtr);
-
-int XMLTOKAPI XmlInitEncoding(INIT_ENCODING *, const ENCODING **, const char *name);
-const ENCODING XMLTOKAPI *XmlGetUtf8InternalEncoding(void);
-const ENCODING XMLTOKAPI *XmlGetUtf16InternalEncoding(void);
-int XMLTOKAPI XmlUtf8Encode(int charNumber, char *buf);
-int XMLTOKAPI XmlUtf16Encode(int charNumber, unsigned short *buf);
-
-int XMLTOKAPI XmlSizeOfUnknownEncoding(void);
-ENCODING XMLTOKAPI *
-XmlInitUnknownEncoding(void *mem,
-		       int *table,
-		       int (*conv)(void *userData, const char *p),
-		       void *userData);
-
-int XMLTOKAPI XmlParseXmlDeclNS(int isGeneralTextEntity,
-			        const ENCODING *enc,
-			        const char *ptr,
-	  		        const char *end,
-			        const char **badPtr,
-			        const char **versionPtr,
-			        const char **encodingNamePtr,
-			        const ENCODING **namedEncodingPtr,
-			        int *standalonePtr);
-int XMLTOKAPI XmlInitEncodingNS(INIT_ENCODING *, const ENCODING **, const char *name);
-const ENCODING XMLTOKAPI *XmlGetUtf8InternalEncodingNS(void);
-const ENCODING XMLTOKAPI *XmlGetUtf16InternalEncodingNS(void);
-ENCODING XMLTOKAPI *
-XmlInitUnknownEncodingNS(void *mem,
-		         int *table,
-		         int (*conv)(void *userData, const char *p),
-		         void *userData);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* not XmlTok_INCLUDED */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok.imp b/usr.sbin/httpd/src/lib/expat-lite/xmltok.imp
deleted file mode 100644
index 6f3ea1ecd77..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok.imp
+++ /dev/null
@@ -1,9 +0,0 @@
- XmlGetUtf16InternalEncoding,
- XmlGetUtf8InternalEncoding,
- XmlInitEncoding,
- XmlInitUnknownEncoding,
- XmlParseXmlDecl,
- XmlPrologStateInit,
- XmlSizeOfUnknownEncoding,
- XmlUtf16Encode,
- XmlUtf8Encode
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.c b/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.c
deleted file mode 100644
index 5dfe29f1b9e..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.c
+++ /dev/null
@@ -1,1746 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#ifndef IS_INVALID_CHAR
-#define IS_INVALID_CHAR(enc, ptr, n) (0)
-#endif
-
-#define INVALID_LEAD_CASE(n, ptr, nextTokPtr) \
-    case BT_LEAD ## n: \
-      if (end - ptr < n) \
-	return XML_TOK_PARTIAL_CHAR; \
-      if (IS_INVALID_CHAR(enc, ptr, n)) { \
-        *(nextTokPtr) = (ptr); \
-        return XML_TOK_INVALID; \
-      } \
-      ptr += n; \
-      break;
-
-#define INVALID_CASES(ptr, nextTokPtr) \
-  INVALID_LEAD_CASE(2, ptr, nextTokPtr) \
-  INVALID_LEAD_CASE(3, ptr, nextTokPtr) \
-  INVALID_LEAD_CASE(4, ptr, nextTokPtr) \
-  case BT_NONXML: \
-  case BT_MALFORM: \
-  case BT_TRAIL: \
-    *(nextTokPtr) = (ptr); \
-    return XML_TOK_INVALID;
-
-#define CHECK_NAME_CASE(n, enc, ptr, end, nextTokPtr) \
-   case BT_LEAD ## n: \
-     if (end - ptr < n) \
-       return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NAME_CHAR(enc, ptr, n)) { \
-       *nextTokPtr = ptr; \
-       return XML_TOK_INVALID; \
-     } \
-     ptr += n; \
-     break;
-
-#define CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) \
-  case BT_NONASCII: \
-    if (!IS_NAME_CHAR_MINBPC(enc, ptr)) { \
-      *nextTokPtr = ptr; \
-      return XML_TOK_INVALID; \
-    } \
-  case BT_NMSTRT: \
-  case BT_HEX: \
-  case BT_DIGIT: \
-  case BT_NAME: \
-  case BT_MINUS: \
-    ptr += MINBPC(enc); \
-    break; \
-  CHECK_NAME_CASE(2, enc, ptr, end, nextTokPtr) \
-  CHECK_NAME_CASE(3, enc, ptr, end, nextTokPtr) \
-  CHECK_NAME_CASE(4, enc, ptr, end, nextTokPtr)
-
-#define CHECK_NMSTRT_CASE(n, enc, ptr, end, nextTokPtr) \
-   case BT_LEAD ## n: \
-     if (end - ptr < n) \
-       return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
-       *nextTokPtr = ptr; \
-       return XML_TOK_INVALID; \
-     } \
-     ptr += n; \
-     break;
-
-#define CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr) \
-  case BT_NONASCII: \
-    if (!IS_NMSTRT_CHAR_MINBPC(enc, ptr)) { \
-      *nextTokPtr = ptr; \
-      return XML_TOK_INVALID; \
-    } \
-  case BT_NMSTRT: \
-  case BT_HEX: \
-    ptr += MINBPC(enc); \
-    break; \
-  CHECK_NMSTRT_CASE(2, enc, ptr, end, nextTokPtr) \
-  CHECK_NMSTRT_CASE(3, enc, ptr, end, nextTokPtr) \
-  CHECK_NMSTRT_CASE(4, enc, ptr, end, nextTokPtr)
-
-#ifndef PREFIX
-#define PREFIX(ident) ident
-#endif
-
-/* ptr points to character following "<!-" */
-
-static
-int PREFIX(scanComment)(const ENCODING *enc, const char *ptr, const char *end,
-			const char **nextTokPtr)
-{
-  if (ptr != end) {
-    if (!CHAR_MATCHES(enc, ptr, '-')) {
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-    ptr += MINBPC(enc);
-    while (ptr != end) {
-      switch (BYTE_TYPE(enc, ptr)) {
-      INVALID_CASES(ptr, nextTokPtr)
-      case BT_MINUS:
-	if ((ptr += MINBPC(enc)) == end)
-	  return XML_TOK_PARTIAL;
-	if (CHAR_MATCHES(enc, ptr, '-')) {
-	  if ((ptr += MINBPC(enc)) == end)
-	    return XML_TOK_PARTIAL;
-	  if (!CHAR_MATCHES(enc, ptr, '>')) {
-	    *nextTokPtr = ptr;
-	    return XML_TOK_INVALID;
-	  }
-	  *nextTokPtr = ptr + MINBPC(enc);
-	  return XML_TOK_COMMENT;
-	}
-	break;
-      default:
-	ptr += MINBPC(enc);
-	break;
-      }
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-/* ptr points to character following "<!" */
-
-static
-int PREFIX(scanDecl)(const ENCODING *enc, const char *ptr, const char *end,
-		     const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  case BT_MINUS:
-    return PREFIX(scanComment)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_LSQB:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_COND_SECT_OPEN;
-  case BT_NMSTRT:
-  case BT_HEX:
-    ptr += MINBPC(enc);
-    break;
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_PERCNT:
-      if (ptr + MINBPC(enc) == end)
-	return XML_TOK_PARTIAL;
-      /* don't allow <!ENTITY% foo "whatever"> */
-      switch (BYTE_TYPE(enc, ptr + MINBPC(enc))) {
-      case BT_S: case BT_CR: case BT_LF: case BT_PERCNT:
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      /* fall through */
-    case BT_S: case BT_CR: case BT_LF:
-      *nextTokPtr = ptr;
-      return XML_TOK_DECL_OPEN;
-    case BT_NMSTRT:
-    case BT_HEX:
-      ptr += MINBPC(enc);
-      break;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(checkPiTarget)(const ENCODING *enc, const char *ptr, const char *end, int *tokPtr)
-{
-  int upper = 0;
-  *tokPtr = XML_TOK_PI;
-  if (end - ptr != MINBPC(enc)*3)
-    return 1;
-  switch (BYTE_TO_ASCII(enc, ptr)) {
-  case 'x':
-    break;
-  case 'X':
-    upper = 1;
-    break;
-  default:
-    return 1;
-  }
-  ptr += MINBPC(enc);
-  switch (BYTE_TO_ASCII(enc, ptr)) {
-  case 'm':
-    break;
-  case 'M':
-    upper = 1;
-    break;
-  default:
-    return 1;
-  }
-  ptr += MINBPC(enc);
-  switch (BYTE_TO_ASCII(enc, ptr)) {
-  case 'l':
-    break;
-  case 'L':
-    upper = 1;
-    break;
-  default:
-    return 1;
-  }
-  if (upper)
-    return 0;
-  *tokPtr = XML_TOK_XML_DECL;
-  return 1;
-}
-
-/* ptr points to character following "<?" */
-
-static
-int PREFIX(scanPi)(const ENCODING *enc, const char *ptr, const char *end,
-		   const char **nextTokPtr)
-{
-  int tok;
-  const char *target = ptr;
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_S: case BT_CR: case BT_LF:
-      if (!PREFIX(checkPiTarget)(enc, target, ptr, &tok)) {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      ptr += MINBPC(enc);
-      while (ptr != end) {
-        switch (BYTE_TYPE(enc, ptr)) {
-        INVALID_CASES(ptr, nextTokPtr)
-	case BT_QUEST:
-	  ptr += MINBPC(enc);
-	  if (ptr == end)
-	    return XML_TOK_PARTIAL;
-	  if (CHAR_MATCHES(enc, ptr, '>')) {
-	    *nextTokPtr = ptr + MINBPC(enc);
-	    return tok;
-	  }
-	  break;
-	default:
-	  ptr += MINBPC(enc);
-	  break;
-	}
-      }
-      return XML_TOK_PARTIAL;
-    case BT_QUEST:
-      if (!PREFIX(checkPiTarget)(enc, target, ptr, &tok)) {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      if (CHAR_MATCHES(enc, ptr, '>')) {
-	*nextTokPtr = ptr + MINBPC(enc);
-	return tok;
-      }
-      /* fall through */
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-
-static
-int PREFIX(scanCdataSection)(const ENCODING *enc, const char *ptr, const char *end,
-			     const char **nextTokPtr)
-{
-  int i;
-  /* CDATA[ */
-  if (end - ptr < 6 * MINBPC(enc))
-    return XML_TOK_PARTIAL;
-  for (i = 0; i < 6; i++, ptr += MINBPC(enc)) {
-    if (!CHAR_MATCHES(enc, ptr, "CDATA["[i])) {
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_CDATA_SECT_OPEN;
-}
-
-static
-int PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr, const char *end,
-			    const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_NONE;
-  if (MINBPC(enc) > 1) {
-    size_t n = end - ptr;
-    if (n & (MINBPC(enc) - 1)) {
-      n &= ~(MINBPC(enc) - 1);
-      if (n == 0)
-	return XML_TOK_PARTIAL;
-      end = ptr + n;
-    }
-  }
-  switch (BYTE_TYPE(enc, ptr)) {
-  case BT_RSQB:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    if (!CHAR_MATCHES(enc, ptr, ']'))
-      break;
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    if (!CHAR_MATCHES(enc, ptr, '>')) {
-      ptr -= MINBPC(enc);
-      break;
-    }
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_CDATA_SECT_CLOSE;
-  case BT_CR:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    if (BYTE_TYPE(enc, ptr) == BT_LF)
-      ptr += MINBPC(enc);
-    *nextTokPtr = ptr;
-    return XML_TOK_DATA_NEWLINE;
-  case BT_LF:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_DATA_NEWLINE;
-  INVALID_CASES(ptr, nextTokPtr)
-  default:
-    ptr += MINBPC(enc);
-    break;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: \
-      if (end - ptr < n || IS_INVALID_CHAR(enc, ptr, n)) { \
-	*nextTokPtr = ptr; \
-	return XML_TOK_DATA_CHARS; \
-      } \
-      ptr += n; \
-      break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_NONXML:
-    case BT_MALFORM:
-    case BT_TRAIL:
-    case BT_CR:
-    case BT_LF:
-    case BT_RSQB:
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_DATA_CHARS;
-}
-
-/* ptr points to character following "</" */
-
-static
-int PREFIX(scanEndTag)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_S: case BT_CR: case BT_LF:
-      for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-	switch (BYTE_TYPE(enc, ptr)) {
-	case BT_S: case BT_CR: case BT_LF:
-	  break;
-	case BT_GT:
-	  *nextTokPtr = ptr + MINBPC(enc);
-          return XML_TOK_END_TAG;
-	default:
-	  *nextTokPtr = ptr;
-	  return XML_TOK_INVALID;
-	}
-      }
-      return XML_TOK_PARTIAL;
-#ifdef XML_NS
-    case BT_COLON:
-      /* no need to check qname syntax here, since end-tag must match exactly */
-      ptr += MINBPC(enc);
-      break;
-#endif
-    case BT_GT:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_END_TAG;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-/* ptr points to character following "&#X" */
-
-static
-int PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr, const char *end,
-			   const char **nextTokPtr)
-{
-  if (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_DIGIT:
-    case BT_HEX:
-      break;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-    for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-      switch (BYTE_TYPE(enc, ptr)) {
-      case BT_DIGIT:
-      case BT_HEX:
-	break;
-      case BT_SEMI:
-	*nextTokPtr = ptr + MINBPC(enc);
-	return XML_TOK_CHAR_REF;
-      default:
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-/* ptr points to character following "&#" */
-
-static
-int PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr, const char *end,
-			const char **nextTokPtr)
-{
-  if (ptr != end) {
-    if (CHAR_MATCHES(enc, ptr, 'x'))
-      return PREFIX(scanHexCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_DIGIT:
-      break;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-    for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-      switch (BYTE_TYPE(enc, ptr)) {
-      case BT_DIGIT:
-	break;
-      case BT_SEMI:
-	*nextTokPtr = ptr + MINBPC(enc);
-	return XML_TOK_CHAR_REF;
-      default:
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-/* ptr points to character following "&" */
-
-static
-int PREFIX(scanRef)(const ENCODING *enc, const char *ptr, const char *end,
-		    const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  case BT_NUM:
-    return PREFIX(scanCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_SEMI:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_ENTITY_REF;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-/* ptr points to character following first character of attribute name */
-
-static
-int PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,
-		     const char **nextTokPtr)
-{
-#ifdef XML_NS
-  int hadColon = 0;
-#endif
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-#ifdef XML_NS
-    case BT_COLON:
-      if (hadColon) {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      hadColon = 1;
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      switch (BYTE_TYPE(enc, ptr)) {
-      CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-      default:
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      break;
-#endif
-    case BT_S: case BT_CR: case BT_LF:
-      for (;;) {
-	int t;
-
-	ptr += MINBPC(enc);
-	if (ptr == end)
-	  return XML_TOK_PARTIAL;
-	t = BYTE_TYPE(enc, ptr);
-	if (t == BT_EQUALS)
-	  break;
-	switch (t) {
-	case BT_S:
-	case BT_LF:
-	case BT_CR:
-	  break;
-	default:
-	  *nextTokPtr = ptr;
-	  return XML_TOK_INVALID;
-	}
-      }
-    /* fall through */
-    case BT_EQUALS:
-      {
-	int opentype;
-#ifdef XML_NS
-	hadColon = 0;
-#endif
-	for (;;) {
-	  
-	  ptr += MINBPC(enc);
-	  if (ptr == end)
-	    return XML_TOK_PARTIAL;
-	  opentype = BYTE_TYPE(enc, ptr);
-	  if (opentype == BT_QUOT || opentype == BT_APOS)
-	    break;
-	  switch (opentype) {
-	  case BT_S:
-	  case BT_LF:
-	  case BT_CR:
-	    break;
-	  default:
-	    *nextTokPtr = ptr;
-	    return XML_TOK_INVALID;
-	  }
-	}
-	ptr += MINBPC(enc);
-	/* in attribute value */
-	for (;;) {
-	  int t;
-	  if (ptr == end)
-	    return XML_TOK_PARTIAL;
-	  t = BYTE_TYPE(enc, ptr);
-	  if (t == opentype)
-	    break;
-	  switch (t) {
-	  INVALID_CASES(ptr, nextTokPtr)
-	  case BT_AMP:
-	    {
-	      int tok = PREFIX(scanRef)(enc, ptr + MINBPC(enc), end, &ptr);
-	      if (tok <= 0) {
-		if (tok == XML_TOK_INVALID)
-		  *nextTokPtr = ptr;
-		return tok;
-	      }
-	      break;
-	    }
-	  case BT_LT:
-	    *nextTokPtr = ptr;
-	    return XML_TOK_INVALID;
-	  default:
-	    ptr += MINBPC(enc);
-	    break;
-	  }
-	}
-	ptr += MINBPC(enc);
-	if (ptr == end)
-	  return XML_TOK_PARTIAL;
-	switch (BYTE_TYPE(enc, ptr)) {
-	case BT_S:
-	case BT_CR:
-	case BT_LF:
-	  break;
-	case BT_SOL:
-	  goto sol;
-	case BT_GT:
-	  goto gt;
-	default:
-	  *nextTokPtr = ptr;
-	  return XML_TOK_INVALID;
-	}
-	/* ptr points to closing quote */
-	for (;;) {
-	  ptr += MINBPC(enc);
-	  if (ptr == end)
-	    return XML_TOK_PARTIAL;
-	  switch (BYTE_TYPE(enc, ptr)) {
-	  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-	  case BT_S: case BT_CR: case BT_LF:
-	    continue;
-	  case BT_GT:
-          gt:
-	    *nextTokPtr = ptr + MINBPC(enc);
-	    return XML_TOK_START_TAG_WITH_ATTS;
-	  case BT_SOL:
-          sol:
-	    ptr += MINBPC(enc);
-	    if (ptr == end)
-	      return XML_TOK_PARTIAL;
-	    if (!CHAR_MATCHES(enc, ptr, '>')) {
-	      *nextTokPtr = ptr;
-	      return XML_TOK_INVALID;
-	    }
-	    *nextTokPtr = ptr + MINBPC(enc);
-	    return XML_TOK_EMPTY_ELEMENT_WITH_ATTS;
-	  default:
-	    *nextTokPtr = ptr;
-	    return XML_TOK_INVALID;
-	  }
-	  break;
-	}
-	break;
-      }
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-/* ptr points to character following "<" */
-
-static
-int PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,
-		   const char **nextTokPtr)
-{
-#ifdef XML_NS
-  int hadColon;
-#endif
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  case BT_EXCL:
-    if ((ptr += MINBPC(enc)) == end)
-      return XML_TOK_PARTIAL;
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_MINUS:
-      return PREFIX(scanComment)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-    case BT_LSQB:
-      return PREFIX(scanCdataSection)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  case BT_QUEST:
-    return PREFIX(scanPi)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_SOL:
-    return PREFIX(scanEndTag)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-#ifdef XML_NS
-  hadColon = 0;
-#endif
-  /* we have a start-tag */
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-#ifdef XML_NS
-    case BT_COLON:
-      if (hadColon) {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      hadColon = 1;
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      switch (BYTE_TYPE(enc, ptr)) {
-      CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-      default:
-        *nextTokPtr = ptr;
-        return XML_TOK_INVALID;
-      }
-      break;
-#endif
-    case BT_S: case BT_CR: case BT_LF:
-      {
-        ptr += MINBPC(enc);
-	while (ptr != end) {
-	  switch (BYTE_TYPE(enc, ptr)) {
-	  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-	  case BT_GT:
-	    goto gt;
-	  case BT_SOL:
-	    goto sol;
-	  case BT_S: case BT_CR: case BT_LF:
-	    ptr += MINBPC(enc);
-	    continue;
-	  default:
-	    *nextTokPtr = ptr;
-	    return XML_TOK_INVALID;
-	  }
-	  return PREFIX(scanAtts)(enc, ptr, end, nextTokPtr);
-	}
-	return XML_TOK_PARTIAL;
-      }
-    case BT_GT:
-    gt:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_START_TAG_NO_ATTS;
-    case BT_SOL:
-    sol:
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      if (!CHAR_MATCHES(enc, ptr, '>')) {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_EMPTY_ELEMENT_NO_ATTS;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_NONE;
-  if (MINBPC(enc) > 1) {
-    size_t n = end - ptr;
-    if (n & (MINBPC(enc) - 1)) {
-      n &= ~(MINBPC(enc) - 1);
-      if (n == 0)
-	return XML_TOK_PARTIAL;
-      end = ptr + n;
-    }
-  }
-  switch (BYTE_TYPE(enc, ptr)) {
-  case BT_LT:
-    return PREFIX(scanLt)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_AMP:
-    return PREFIX(scanRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_CR:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_TRAILING_CR;
-    if (BYTE_TYPE(enc, ptr) == BT_LF)
-      ptr += MINBPC(enc);
-    *nextTokPtr = ptr;
-    return XML_TOK_DATA_NEWLINE;
-  case BT_LF:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_DATA_NEWLINE;
-  case BT_RSQB:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_TRAILING_RSQB;
-    if (!CHAR_MATCHES(enc, ptr, ']'))
-      break;
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_TRAILING_RSQB;
-    if (!CHAR_MATCHES(enc, ptr, '>')) {
-      ptr -= MINBPC(enc);
-      break;
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  INVALID_CASES(ptr, nextTokPtr)
-  default:
-    ptr += MINBPC(enc);
-    break;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: \
-      if (end - ptr < n || IS_INVALID_CHAR(enc, ptr, n)) { \
-	*nextTokPtr = ptr; \
-	return XML_TOK_DATA_CHARS; \
-      } \
-      ptr += n; \
-      break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_RSQB:
-      if (ptr + MINBPC(enc) != end) {
-	 if (!CHAR_MATCHES(enc, ptr + MINBPC(enc), ']')) {
-	   ptr += MINBPC(enc);
-	   break;
-	 }
-	 if (ptr + 2*MINBPC(enc) != end) {
-	   if (!CHAR_MATCHES(enc, ptr + 2*MINBPC(enc), '>')) {
-	     ptr += MINBPC(enc);
-	     break;
-	   }
-	   *nextTokPtr = ptr + 2*MINBPC(enc);
-	   return XML_TOK_INVALID;
-	 }
-      }
-      /* fall through */
-    case BT_AMP:
-    case BT_LT:
-    case BT_NONXML:
-    case BT_MALFORM:
-    case BT_TRAIL:
-    case BT_CR:
-    case BT_LF:
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_DATA_CHARS;
-}
-
-/* ptr points to character following "%" */
-
-static
-int PREFIX(scanPercent)(const ENCODING *enc, const char *ptr, const char *end,
-			const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  case BT_S: case BT_LF: case BT_CR: case BT_PERCNT:
-    *nextTokPtr = ptr;
-    return XML_TOK_PERCENT;
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_SEMI:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_PARAM_ENTITY_REF;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(scanPoundName)(const ENCODING *enc, const char *ptr, const char *end,
-			  const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_CR: case BT_LF: case BT_S:
-    case BT_RPAR: case BT_GT: case BT_PERCNT: case BT_VERBAR:
-      *nextTokPtr = ptr;
-      return XML_TOK_POUND_NAME;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(scanLit)(int opentype, const ENCODING *enc,
-		    const char *ptr, const char *end,
-		    const char **nextTokPtr)
-{
-  while (ptr != end) {
-    int t = BYTE_TYPE(enc, ptr);
-    switch (t) {
-    INVALID_CASES(ptr, nextTokPtr)
-    case BT_QUOT:
-    case BT_APOS:
-      ptr += MINBPC(enc);
-      if (t != opentype)
-	break;
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      *nextTokPtr = ptr;
-      switch (BYTE_TYPE(enc, ptr)) {
-      case BT_S: case BT_CR: case BT_LF:
-      case BT_GT: case BT_PERCNT: case BT_LSQB:
-	return XML_TOK_LITERAL;
-      default:
-	return XML_TOK_INVALID;
-      }
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
-		      const char **nextTokPtr)
-{
-  int tok;
-  if (ptr == end)
-    return XML_TOK_NONE;
-  if (MINBPC(enc) > 1) {
-    size_t n = end - ptr;
-    if (n & (MINBPC(enc) - 1)) {
-      n &= ~(MINBPC(enc) - 1);
-      if (n == 0)
-	return XML_TOK_PARTIAL;
-      end = ptr + n;
-    }
-  }
-  switch (BYTE_TYPE(enc, ptr)) {
-  case BT_QUOT:
-    return PREFIX(scanLit)(BT_QUOT, enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_APOS:
-    return PREFIX(scanLit)(BT_APOS, enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_LT:
-    {
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      switch (BYTE_TYPE(enc, ptr)) {
-      case BT_EXCL:
-	return PREFIX(scanDecl)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      case BT_QUEST:
-	return PREFIX(scanPi)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      case BT_NMSTRT:
-      case BT_HEX:
-      case BT_NONASCII:
-      case BT_LEAD2:
-      case BT_LEAD3:
-      case BT_LEAD4:
-	*nextTokPtr = ptr - MINBPC(enc);
-	return XML_TOK_INSTANCE_START;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  case BT_CR:
-    if (ptr + MINBPC(enc) == end)
-      return XML_TOK_TRAILING_CR;
-    /* fall through */
-  case BT_S: case BT_LF:
-    for (;;) {
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	break;
-      switch (BYTE_TYPE(enc, ptr)) {
-      case BT_S: case BT_LF:
-	break;
-      case BT_CR:
-	/* don't split CR/LF pair */
-	if (ptr + MINBPC(enc) != end)
-	  break;
-	/* fall through */
-      default:
-	*nextTokPtr = ptr;
-	return XML_TOK_PROLOG_S;
-      }
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_PROLOG_S;
-  case BT_PERCNT:
-    return PREFIX(scanPercent)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_COMMA:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_COMMA;
-  case BT_LSQB:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_OPEN_BRACKET;
-  case BT_RSQB:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    if (CHAR_MATCHES(enc, ptr, ']')) {
-      if (ptr + MINBPC(enc) == end)
-	return XML_TOK_PARTIAL;
-      if (CHAR_MATCHES(enc, ptr + MINBPC(enc), '>')) {
-	*nextTokPtr = ptr + 2*MINBPC(enc);
-	return XML_TOK_COND_SECT_CLOSE;
-      }
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_CLOSE_BRACKET;
-  case BT_LPAR:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_OPEN_PAREN;
-  case BT_RPAR:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_AST:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_CLOSE_PAREN_ASTERISK;
-    case BT_QUEST:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_CLOSE_PAREN_QUESTION;
-    case BT_PLUS:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_CLOSE_PAREN_PLUS;
-    case BT_CR: case BT_LF: case BT_S:
-    case BT_GT: case BT_COMMA: case BT_VERBAR:
-    case BT_RPAR:
-      *nextTokPtr = ptr;
-      return XML_TOK_CLOSE_PAREN;
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  case BT_VERBAR:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_OR;
-  case BT_GT:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_DECL_CLOSE;
-  case BT_NUM:
-    return PREFIX(scanPoundName)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-#define LEAD_CASE(n) \
-  case BT_LEAD ## n: \
-    if (end - ptr < n) \
-      return XML_TOK_PARTIAL_CHAR; \
-    if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
-      ptr += n; \
-      tok = XML_TOK_NAME; \
-      break; \
-    } \
-    if (IS_NAME_CHAR(enc, ptr, n)) { \
-      ptr += n; \
-      tok = XML_TOK_NMTOKEN; \
-      break; \
-    } \
-    *nextTokPtr = ptr; \
-    return XML_TOK_INVALID;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-  case BT_NMSTRT:
-  case BT_HEX:
-    tok = XML_TOK_NAME;
-    ptr += MINBPC(enc);
-    break;
-  case BT_DIGIT:
-  case BT_NAME:
-  case BT_MINUS:
-#ifdef XML_NS
-  case BT_COLON:
-#endif
-    tok = XML_TOK_NMTOKEN;
-    ptr += MINBPC(enc);
-    break;
-  case BT_NONASCII:
-    if (IS_NMSTRT_CHAR_MINBPC(enc, ptr)) {
-      ptr += MINBPC(enc);
-      tok = XML_TOK_NAME;
-      break;
-    }
-    if (IS_NAME_CHAR_MINBPC(enc, ptr)) {
-      ptr += MINBPC(enc);
-      tok = XML_TOK_NMTOKEN;
-      break;
-    }
-    /* fall through */
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_GT: case BT_RPAR: case BT_COMMA:
-    case BT_VERBAR: case BT_LSQB: case BT_PERCNT:
-    case BT_S: case BT_CR: case BT_LF:
-      *nextTokPtr = ptr;
-      return tok;
-#ifdef XML_NS
-    case BT_COLON:
-      ptr += MINBPC(enc);
-      switch (tok) {
-      case XML_TOK_NAME:
-	if (ptr == end)
-	  return XML_TOK_PARTIAL;
-	tok = XML_TOK_PREFIXED_NAME;
-	switch (BYTE_TYPE(enc, ptr)) {
-	CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-	default:
-	  tok = XML_TOK_NMTOKEN;
-	  break;
-	}
-	break;
-      case XML_TOK_PREFIXED_NAME:
-	tok = XML_TOK_NMTOKEN;
-	break;
-      }
-      break;
-#endif
-    case BT_PLUS:
-      if (tok == XML_TOK_NMTOKEN)  {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_NAME_PLUS;
-    case BT_AST:
-      if (tok == XML_TOK_NMTOKEN)  {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_NAME_ASTERISK;
-    case BT_QUEST:
-      if (tok == XML_TOK_NMTOKEN)  {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_NAME_QUESTION;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr, const char *end,
-			      const char **nextTokPtr)
-{
-  const char *start;
-  if (ptr == end)
-    return XML_TOK_NONE;
-  start = ptr;
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: ptr += n; break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_AMP:
-      if (ptr == start)
-	return PREFIX(scanRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_LT:
-      /* this is for inside entity references */
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    case BT_LF:
-      if (ptr == start) {
-	*nextTokPtr = ptr + MINBPC(enc);
-	return XML_TOK_DATA_NEWLINE;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_CR:
-      if (ptr == start) {
-	ptr += MINBPC(enc);
-	if (ptr == end)
-	  return XML_TOK_TRAILING_CR;
-	if (BYTE_TYPE(enc, ptr) == BT_LF)
-	  ptr += MINBPC(enc);
-	*nextTokPtr = ptr;
-	return XML_TOK_DATA_NEWLINE;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_S:
-      if (ptr == start) {
-	*nextTokPtr = ptr + MINBPC(enc);
-	return XML_TOK_ATTRIBUTE_VALUE_S;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_DATA_CHARS;
-}
-
-static
-int PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr, const char *end,
-			   const char **nextTokPtr)
-{
-  const char *start;
-  if (ptr == end)
-    return XML_TOK_NONE;
-  start = ptr;
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: ptr += n; break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_AMP:
-      if (ptr == start)
-	return PREFIX(scanRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_PERCNT:
-      if (ptr == start)
-	return PREFIX(scanPercent)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_LF:
-      if (ptr == start) {
-	*nextTokPtr = ptr + MINBPC(enc);
-	return XML_TOK_DATA_NEWLINE;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_CR:
-      if (ptr == start) {
-	ptr += MINBPC(enc);
-	if (ptr == end)
-	  return XML_TOK_TRAILING_CR;
-	if (BYTE_TYPE(enc, ptr) == BT_LF)
-	  ptr += MINBPC(enc);
-	*nextTokPtr = ptr;
-	return XML_TOK_DATA_NEWLINE;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_DATA_CHARS;
-}
-
-static
-int PREFIX(isPublicId)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **badPtr)
-{
-  ptr += MINBPC(enc);
-  end -= MINBPC(enc);
-  for (; ptr != end; ptr += MINBPC(enc)) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_DIGIT:
-    case BT_HEX:
-    case BT_MINUS:
-    case BT_APOS:
-    case BT_LPAR:
-    case BT_RPAR:
-    case BT_PLUS:
-    case BT_COMMA:
-    case BT_SOL:
-    case BT_EQUALS:
-    case BT_QUEST:
-    case BT_CR:
-    case BT_LF:
-    case BT_SEMI:
-    case BT_EXCL:
-    case BT_AST:
-    case BT_PERCNT:
-    case BT_NUM:
-#ifdef XML_NS
-    case BT_COLON:
-#endif
-      break;
-    case BT_S:
-      if (CHAR_MATCHES(enc, ptr, '\t')) {
-	*badPtr = ptr;
-	return 0;
-      }
-      break;
-    case BT_NAME:
-    case BT_NMSTRT:
-      if (!(BYTE_TO_ASCII(enc, ptr) & ~0x7f))
-	break;
-    default:
-      switch (BYTE_TO_ASCII(enc, ptr)) {
-      case 0x24: /* $ */
-      case 0x40: /* @ */
-	break;
-      default:
-	*badPtr = ptr;
-	return 0;
-      }
-      break;
-    }
-  }
-  return 1;
-}
-
-/* This must only be called for a well-formed start-tag or empty element tag.
-Returns the number of attributes.  Pointers to the first attsMax attributes 
-are stored in atts. */
-
-static
-int PREFIX(getAtts)(const ENCODING *enc, const char *ptr,
-		    int attsMax, ATTRIBUTE *atts)
-{
-  enum { other, inName, inValue } state = inName;
-  int nAtts = 0;
-  int opentype = 0;
-
-  for (ptr += MINBPC(enc);; ptr += MINBPC(enc)) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define START_NAME \
-      if (state == other) { \
-	if (nAtts < attsMax) { \
-	  atts[nAtts].name = ptr; \
-	  atts[nAtts].normalized = 1; \
-	} \
-	state = inName; \
-      }
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: START_NAME ptr += (n - MINBPC(enc)); break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_NONASCII:
-    case BT_NMSTRT:
-    case BT_HEX:
-      START_NAME
-      break;
-#undef START_NAME
-    case BT_QUOT:
-      if (state != inValue) {
-	if (nAtts < attsMax)
-	  atts[nAtts].valuePtr = ptr + MINBPC(enc);
-        state = inValue;
-        opentype = BT_QUOT;
-      }
-      else if (opentype == BT_QUOT) {
-        state = other;
-	if (nAtts < attsMax)
-	  atts[nAtts].valueEnd = ptr;
-	nAtts++;
-      }
-      break;
-    case BT_APOS:
-      if (state != inValue) {
-	if (nAtts < attsMax)
-	  atts[nAtts].valuePtr = ptr + MINBPC(enc);
-        state = inValue;
-        opentype = BT_APOS;
-      }
-      else if (opentype == BT_APOS) {
-        state = other;
-	if (nAtts < attsMax)
-	  atts[nAtts].valueEnd = ptr;
-	nAtts++;
-      }
-      break;
-    case BT_AMP:
-      if (nAtts < attsMax)
-	atts[nAtts].normalized = 0;
-      break;
-    case BT_S:
-      if (state == inName)
-        state = other;
-      else if (state == inValue
-	       && nAtts < attsMax
-	       && atts[nAtts].normalized
-	       && (ptr == atts[nAtts].valuePtr
-		   || BYTE_TO_ASCII(enc, ptr) != ' '
-		   || BYTE_TO_ASCII(enc, ptr + MINBPC(enc)) == ' '
-	           || BYTE_TYPE(enc, ptr + MINBPC(enc)) == opentype))
-	atts[nAtts].normalized = 0;
-      break;
-    case BT_CR: case BT_LF:
-      /* This case ensures that the first attribute name is counted
-         Apart from that we could just change state on the quote. */
-      if (state == inName)
-        state = other;
-      else if (state == inValue && nAtts < attsMax)
-	atts[nAtts].normalized = 0;
-      break;
-    case BT_GT:
-    case BT_SOL:
-      if (state != inValue)
-	return nAtts;
-      break;
-    default:
-      break;
-    }
-  }
-  /* not reached */
-}
-
-static
-int PREFIX(charRefNumber)(const ENCODING *enc, const char *ptr)
-{
-  int result = 0;
-  /* skip &# */
-  ptr += 2*MINBPC(enc);
-  if (CHAR_MATCHES(enc, ptr, 'x')) {
-    for (ptr += MINBPC(enc); !CHAR_MATCHES(enc, ptr, ';'); ptr += MINBPC(enc)) {
-      int c = BYTE_TO_ASCII(enc, ptr);
-      switch (c) {
-      case '0': case '1': case '2': case '3': case '4':
-      case '5': case '6': case '7': case '8': case '9':
-	result <<= 4;
-	result |= (c - '0');
-	break;
-      case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
-	result <<= 4;
-	result += 10 + (c - 'A');
-	break;
-      case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
-	result <<= 4;
-	result += 10 + (c - 'a');
-	break;
-      }
-      if (result >= 0x110000)
-	return -1;
-    }
-  }
-  else {
-    for (; !CHAR_MATCHES(enc, ptr, ';'); ptr += MINBPC(enc)) {
-      int c = BYTE_TO_ASCII(enc, ptr);
-      result *= 10;
-      result += (c - '0');
-      if (result >= 0x110000)
-	return -1;
-    }
-  }
-  return checkCharRefNumber(result);
-}
-
-static
-int PREFIX(predefinedEntityName)(const ENCODING *enc, const char *ptr, const char *end)
-{
-  switch ((end - ptr)/MINBPC(enc)) {
-  case 2:
-    if (CHAR_MATCHES(enc, ptr + MINBPC(enc), 't')) {
-      switch (BYTE_TO_ASCII(enc, ptr)) {
-      case 'l':
-	return '<';
-      case 'g':
-	return '>';
-      }
-    }
-    break;
-  case 3:
-    if (CHAR_MATCHES(enc, ptr, 'a')) {
-      ptr += MINBPC(enc);
-      if (CHAR_MATCHES(enc, ptr, 'm')) {
-	ptr += MINBPC(enc);
-	if (CHAR_MATCHES(enc, ptr, 'p'))
-	  return '&';
-      }
-    }
-    break;
-  case 4:
-    switch (BYTE_TO_ASCII(enc, ptr)) {
-    case 'q':
-      ptr += MINBPC(enc);
-      if (CHAR_MATCHES(enc, ptr, 'u')) {
-	ptr += MINBPC(enc);
-	if (CHAR_MATCHES(enc, ptr, 'o')) {
-	  ptr += MINBPC(enc);
-  	  if (CHAR_MATCHES(enc, ptr, 't'))
-	    return '"';
-	}
-      }
-      break;
-    case 'a':
-      ptr += MINBPC(enc);
-      if (CHAR_MATCHES(enc, ptr, 'p')) {
-	ptr += MINBPC(enc);
-	if (CHAR_MATCHES(enc, ptr, 'o')) {
-	  ptr += MINBPC(enc);
-  	  if (CHAR_MATCHES(enc, ptr, 's'))
-	    return '\'';
-	}
-      }
-      break;
-    }
-  }
-  return 0;
-}
-
-static
-int PREFIX(sameName)(const ENCODING *enc, const char *ptr1, const char *ptr2)
-{
-  for (;;) {
-    switch (BYTE_TYPE(enc, ptr1)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: \
-      if (*ptr1++ != *ptr2++) \
-	return 0;
-    LEAD_CASE(4) LEAD_CASE(3) LEAD_CASE(2)
-#undef LEAD_CASE
-      /* fall through */
-      if (*ptr1++ != *ptr2++)
-	return 0;
-      break;
-    case BT_NONASCII:
-    case BT_NMSTRT:
-#ifdef XML_NS
-    case BT_COLON:
-#endif
-    case BT_HEX:
-    case BT_DIGIT:
-    case BT_NAME:
-    case BT_MINUS:
-      if (*ptr2++ != *ptr1++)
-	return 0;
-      if (MINBPC(enc) > 1) {
-	if (*ptr2++ != *ptr1++)
-	  return 0;
-	if (MINBPC(enc) > 2) {
-	  if (*ptr2++ != *ptr1++)
-	    return 0;
-          if (MINBPC(enc) > 3) {
-	    if (*ptr2++ != *ptr1++)
-      	      return 0;
-	  }
-	}
-      }
-      break;
-    default:
-      if (MINBPC(enc) == 1 && *ptr1 == *ptr2)
-	return 1;
-      switch (BYTE_TYPE(enc, ptr2)) {
-      case BT_LEAD2:
-      case BT_LEAD3:
-      case BT_LEAD4:
-      case BT_NONASCII:
-      case BT_NMSTRT:
-#ifdef XML_NS
-      case BT_COLON:
-#endif
-      case BT_HEX:
-      case BT_DIGIT:
-      case BT_NAME:
-      case BT_MINUS:
-	return 0;
-      default:
-	return 1;
-      }
-    }
-  }
-  /* not reached */
-}
-
-static
-int PREFIX(nameMatchesAscii)(const ENCODING *enc, const char *ptr1, const char *ptr2)
-{
-  for (; *ptr2; ptr1 += MINBPC(enc), ptr2++) {
-    if (!CHAR_MATCHES(enc, ptr1, *ptr2))
-      return 0;
-  }
-  switch (BYTE_TYPE(enc, ptr1)) {
-  case BT_LEAD2:
-  case BT_LEAD3:
-  case BT_LEAD4:
-  case BT_NONASCII:
-  case BT_NMSTRT:
-#ifdef XML_NS
-  case BT_COLON:
-#endif
-  case BT_HEX:
-  case BT_DIGIT:
-  case BT_NAME:
-  case BT_MINUS:
-    return 0;
-  default:
-    return 1;
-  }
-}
-
-static
-int PREFIX(nameLength)(const ENCODING *enc, const char *ptr)
-{
-  const char *start = ptr;
-  for (;;) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: ptr += n; break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_NONASCII:
-    case BT_NMSTRT:
-#ifdef XML_NS
-    case BT_COLON:
-#endif
-    case BT_HEX:
-    case BT_DIGIT:
-    case BT_NAME:
-    case BT_MINUS:
-      ptr += MINBPC(enc);
-      break;
-    default:
-      return ptr - start;
-    }
-  }
-}
-
-static
-const char *PREFIX(skipS)(const ENCODING *enc, const char *ptr)
-{
-  for (;;) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_LF:
-    case BT_CR:
-    case BT_S:
-      ptr += MINBPC(enc);
-      break;
-    default:
-      return ptr;
-    }
-  }
-}
-
-static
-void PREFIX(updatePosition)(const ENCODING *enc,
-			    const char *ptr,
-			    const char *end,
-			    POSITION *pos)
-{
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: \
-      ptr += n; \
-      break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_LF:
-      pos->columnNumber = (unsigned)-1;
-      pos->lineNumber++;
-      ptr += MINBPC(enc);
-      break;
-    case BT_CR:
-      pos->lineNumber++;
-      ptr += MINBPC(enc);
-      if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF)
-	ptr += MINBPC(enc);
-      pos->columnNumber = (unsigned)-1;
-      break;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-    pos->columnNumber++;
-  }
-}
-
-#undef DO_LEAD_CASE
-#undef MULTIBYTE_CASES
-#undef INVALID_CASES
-#undef CHECK_NAME_CASE
-#undef CHECK_NAME_CASES
-#undef CHECK_NMSTRT_CASE
-#undef CHECK_NMSTRT_CASES
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.h b/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.h
deleted file mode 100644
index e72b225c838..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-enum {
-  BT_NONXML,
-  BT_MALFORM,
-  BT_LT,
-  BT_AMP,
-  BT_RSQB,
-  BT_LEAD2,
-  BT_LEAD3,
-  BT_LEAD4,
-  BT_TRAIL,
-  BT_CR,
-  BT_LF,
-  BT_GT,
-  BT_QUOT,
-  BT_APOS,
-  BT_EQUALS,
-  BT_QUEST,
-  BT_EXCL,
-  BT_SOL,
-  BT_SEMI,
-  BT_NUM,
-  BT_LSQB,
-  BT_S,
-  BT_NMSTRT,
-  BT_COLON,
-  BT_HEX,
-  BT_DIGIT,
-  BT_NAME,
-  BT_MINUS,
-  BT_OTHER, /* known not to be a name or name start character */
-  BT_NONASCII, /* might be a name or name start character */
-  BT_PERCNT,
-  BT_LPAR,
-  BT_RPAR,
-  BT_AST,
-  BT_PLUS,
-  BT_COMMA,
-  BT_VERBAR
-};
-
-#include <stddef.h>
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok_ns.c b/usr.sbin/httpd/src/lib/expat-lite/xmltok_ns.c
deleted file mode 100644
index a32c5774580..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok_ns.c
+++ /dev/null
@@ -1,96 +0,0 @@
-const ENCODING *NS(XmlGetUtf8InternalEncoding)(void)
-{
-  return &ns(internal_utf8_encoding).enc;
-}
-
-const ENCODING *NS(XmlGetUtf16InternalEncoding)(void)
-{
-#if XML_BYTE_ORDER == 12
-  return &ns(internal_little2_encoding).enc;
-#elif XML_BYTE_ORDER == 21
-  return &ns(internal_big2_encoding).enc;
-#else
-  const short n = 1;
-  return *(const char *)&n ? &ns(internal_little2_encoding).enc : &ns(internal_big2_encoding).enc;
-#endif
-}
-
-static
-const ENCODING *NS(encodings)[] = {
-  &ns(latin1_encoding).enc,
-  &ns(ascii_encoding).enc,
-  &ns(utf8_encoding).enc,
-  &ns(big2_encoding).enc,
-  &ns(big2_encoding).enc,
-  &ns(little2_encoding).enc,
-  &ns(utf8_encoding).enc /* NO_ENC */
-};
-
-static
-int NS(initScanProlog)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **nextTokPtr)
-{
-  return initScan(NS(encodings), (const INIT_ENCODING *)enc, XML_PROLOG_STATE, ptr, end, nextTokPtr);
-}
-
-static
-int NS(initScanContent)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **nextTokPtr)
-{
-  return initScan(NS(encodings), (const INIT_ENCODING *)enc, XML_CONTENT_STATE, ptr, end, nextTokPtr);
-}
-
-int NS(XmlInitEncoding)(INIT_ENCODING *p, const ENCODING **encPtr, const char *name)
-{
-  int i = getEncodingIndex(name);
-  if (i == UNKNOWN_ENC)
-    return 0;
-  INIT_ENC_INDEX(p) = (char)i;
-  p->initEnc.scanners[XML_PROLOG_STATE] = NS(initScanProlog);
-  p->initEnc.scanners[XML_CONTENT_STATE] = NS(initScanContent);
-  p->initEnc.updatePosition = initUpdatePosition;
-  p->encPtr = encPtr;
-  *encPtr = &(p->initEnc);
-  return 1;
-}
-
-static
-const ENCODING *NS(findEncoding)(const ENCODING *enc, const char *ptr, const char *end)
-{
-#define ENCODING_MAX 128
-  char buf[ENCODING_MAX];
-  char *p = buf;
-  int i;
-  XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
-  if (ptr != end)
-    return 0;
-  *p = 0;
-  if (streqci(buf, "UTF-16") && enc->minBytesPerChar == 2)
-    return enc;
-  i = getEncodingIndex(buf);
-  if (i == UNKNOWN_ENC)
-    return 0;
-  return NS(encodings)[i];
-}
-
-int NS(XmlParseXmlDecl)(int isGeneralTextEntity,
-			const ENCODING *enc,
-			const char *ptr,
-			const char *end,
-			const char **badPtr,
-			const char **versionPtr,
-			const char **encodingName,
-			const ENCODING **encoding,
-			int *standalone)
-{
-  return doParseXmlDecl(NS(findEncoding),
-			isGeneralTextEntity,
-			enc,
-			ptr,
-			end,
-			badPtr,
-			versionPtr,
-			encodingName,
-			encoding,
-			standalone);
-}
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltoknw.def b/usr.sbin/httpd/src/lib/expat-lite/xmltoknw.def
deleted file mode 100644
index 093cda90411..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltoknw.def
+++ /dev/null
@@ -1 +0,0 @@
-EXPORT @xmltok.imp
diff --git a/usr.sbin/httpd/src/main/.indent.pro b/usr.sbin/httpd/src/main/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/main/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/main/Makefile.tmpl b/usr.sbin/httpd/src/main/Makefile.tmpl
deleted file mode 100644
index fd59e52b4a3..00000000000
--- a/usr.sbin/httpd/src/main/Makefile.tmpl
+++ /dev/null
@@ -1,166 +0,0 @@
-
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-
-LIB=  libmain.a
-HEADERS= test_char.h uri_delims.h 
-
-OBJS= alloc.o buff.o \
-      http_config.o http_core.o http_log.o \
-      http_main.o http_protocol.o http_request.o http_vhost.o \
-      util.o util_date.o util_script.o util_uri.o util_md5.o \
-      rfc1413.o fdcache.o
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-all: $(HEADERS) $(LIB)
-
-$(LIB): $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-clean:
-	rm -f *.o $(LIB) uri_delims.h gen_uri_delims test_char.h gen_test_char
-
-distclean: clean
-	-rm -f Makefile
-
-uri_delims.h: gen_uri_delims
-	./gen_uri_delims >uri_delims.h
-
-gen_uri_delims: gen_uri_delims.o
-	$(CC) $(CFLAGS) $(LDFLAGS) -o gen_uri_delims gen_uri_delims.o $(LIBS)
-
-test_char.h: gen_test_char
-	./gen_test_char >test_char.h
-
-gen_test_char: gen_test_char.o
-	$(CC) $(CFLAGS) $(LDFLAGS) -o gen_test_char gen_test_char.o $(LIBS)
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-#Dependencies
-
-$(OBJS): Makefile
-
-# DO NOT REMOVE
-alloc.o: alloc.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/multithread.h $(INCDIR)/http_log.h
-buff.o: buff.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h
-gen_test_char.o: gen_test_char.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h
-gen_uri_delims.o: gen_uri_delims.c
-http_config.o: http_config.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_vhost.h $(INCDIR)/explain.h
-http_core.o: http_core.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_vhost.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h $(INCDIR)/rfc1413.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/fnmatch.h
-http_log.o: http_log.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h
-http_main.o: http_main.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_vhost.h $(INCDIR)/util_script.h \
- $(INCDIR)/scoreboard.h $(INCDIR)/multithread.h $(INCDIR)/explain.h
-http_protocol.o: http_protocol.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_vhost.h $(INCDIR)/http_log.h $(INCDIR)/util_date.h \
- $(INCDIR)/http_conf_globals.h
-http_request.o: http_request.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_main.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/fnmatch.h
-http_vhost.o: http_vhost.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_vhost.h \
- $(INCDIR)/http_protocol.h
-rfc1413.o: rfc1413.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_log.h $(INCDIR)/rfc1413.h $(INCDIR)/http_main.h
-util.o: util.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_log.h test_char.h
-util_date.o: util_date.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/util_date.h
-util_md5.o: util_md5.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h
-util_script.o: util_script.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_request.h $(INCDIR)/util_script.h \
- $(INCDIR)/util_date.h
-util_uri.o: util_uri.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_conf_globals.h uri_delims.h
-fdcache.o: fdcache.c
diff --git a/usr.sbin/httpd/src/main/alloc.c b/usr.sbin/httpd/src/main/alloc.c
deleted file mode 100644
index 2bf4c880344..00000000000
--- a/usr.sbin/httpd/src/main/alloc.c
+++ /dev/null
@@ -1,2681 +0,0 @@
-/*	$OpenBSD: alloc.c,v 1.19 2008/05/23 08:41:48 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Resource allocation code... the code here is responsible for making
- * sure that nothing leaks.
- *
- * rst --- 4/95 --- 6/95
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "multithread.h"
-#include "http_log.h"
-
-#include <stdarg.h>
-
-/* debugging support, define this to enable code which helps detect re-use
- * of freed memory and other such nonsense.
- *
- * The theory is simple.  The FILL_BYTE (0xa5) is written over all malloc'd
- * memory as we receive it, and is written over everything that we free up
- * during a clear_pool.  We check that blocks on the free list always
- * have the FILL_BYTE in them, and we check during palloc() that the bytes
- * still have FILL_BYTE in them.  If you ever see garbage URLs or whatnot
- * containing lots of 0xa5s then you know something used data that's been
- * freed or uninitialized.
- */
-/* #define ALLOC_DEBUG */
-
-/* debugging support, if defined all allocations will be done with
- * malloc and free()d appropriately at the end.  This is intended to be
- * used with something like Electric Fence or Purify to help detect
- * memory problems.  Note that if you're using efence then you should also
- * add in ALLOC_DEBUG.  But don't add in ALLOC_DEBUG if you're using Purify
- * because ALLOC_DEBUG would hide all the uninitialized read errors that
- * Purify can diagnose.
- */
-/* #define ALLOC_USE_MALLOC */
-
-/* Pool debugging support.  This is intended to detect cases where the
- * wrong pool is used when assigning data to an object in another pool.
- * In particular, it causes the table_{set,add,merge}n routines to check
- * that their arguments are safe for the table they're being placed in.
- * It currently only works with the unix multiprocess model, but could
- * be extended to others.
- */
-/* #define POOL_DEBUG */
-
-/* Provide diagnostic information about make_table() calls which are
- * possibly too small.  This requires a recent gcc which supports
- * __builtin_return_address().  The error_log output will be a
- * message such as:
- *    table_push: table created by 0x804d874 hit limit of 10
- * Use "l *0x804d874" to find the source that corresponds to.  It
- * indicates that a table allocated by a call at that address has
- * possibly too small an initial table size guess.
- */
-/* #define MAKE_TABLE_PROFILE */
-
-#ifdef POOL_DEBUG
-#ifdef ALLOC_USE_MALLOC
-# error "sorry, no support for ALLOC_USE_MALLOC and POOL_DEBUG at the same time"
-#endif
-#endif
-
-#ifdef ALLOC_USE_MALLOC
-#undef BLOCK_MINFREE
-#undef BLOCK_MINALLOC
-#define BLOCK_MINFREE	0
-#define BLOCK_MINALLOC	0
-#endif
-
-#if defined(EAPI_MM)
-static AP_MM *mm = NULL;
-#endif
-
-/*****************************************************************
- *
- * Managing free storage blocks...
- */
-
-union align {
-	/*
-	 * Types which are likely to have the longest RELEVANT alignment
-	 * restrictions...
-	 */
-	char	*cp;
-	void	(*f)(void);
-	long	 l;
-	FILE	*fp;
-	double	 d;
-};
-
-#define CLICK_SZ (sizeof(union align))
-
-union block_hdr {
-	union align a;
-
-	/* Actual header... */
-
-	struct {
-		char		*endp;
-		union		 block_hdr *next;
-		char		*first_avail;
-#if defined(EAPI_MM)
-		int		 is_shm;
-#endif
-#ifdef POOL_DEBUG
-		union block_hdr	*global_next;
-		struct pool	*owning_pool;
-#endif
-	} h;
-};
-
-static union block_hdr *block_freelist = NULL;
-static mutex *alloc_mutex = NULL;
-static mutex *spawn_mutex = NULL;
-#ifdef POOL_DEBUG
-static char *known_stack_point;
-static int stack_direction;
-static union block_hdr *global_block_list;
-#define FREE_POOL	((struct pool *)(-1))
-#endif
-
-#ifdef ALLOC_DEBUG
-#define FILL_BYTE	((char)(0xa5))
-
-#define debug_fill(ptr,size)	((void)memset((ptr), FILL_BYTE, (size)))
-
-static ap_inline void
-debug_verify_filled(const char *ptr, const char *endp, const char *error_msg)
-{
-	for (; ptr < endp; ++ptr) {
-		if (*ptr != FILL_BYTE) {
-			fputs(error_msg, stderr);
-			abort();
-			exit(1);
-		}
-	}
-}
-
-#else
-#define debug_fill(a,b)
-#define debug_verify_filled(a,b,c)
-#endif
-
-
-/* Get a completely new block from the system pool. Note that we rely on
-   malloc() to provide aligned memory. */
-
-#if defined(EAPI_MM)
-static union block_hdr
-*malloc_block(int size, int is_shm)
-#else
-static union block_hdr
-*malloc_block(int size)
-#endif
-{
-	union block_hdr *blok;
-	int request_size;
-
-#ifdef ALLOC_DEBUG
-	/*
-	 * make some room at the end which we'll fill and expect to be
-	 * always filled
-	 */
-	size += CLICK_SZ;
-#endif
-	request_size = size + sizeof(union block_hdr);
-#if defined(EAPI_MM)
-	if (is_shm)
-		blok = (union block_hdr *)ap_mm_malloc(mm, request_size);
-	else
-#endif
-		blok = (union block_hdr *) malloc(request_size);
-	if (blok == NULL) {
-		fprintf(stderr, "Ouch!  malloc(%d) failed in malloc_block()\n",
-		    request_size);
-		exit(1);
-	}
-	debug_fill(blok, size + sizeof(union block_hdr));
-#if defined(EAPI_MM)
-	blok->h.is_shm = is_shm;
-#endif
-	blok->h.next = NULL;
-	blok->h.first_avail = (char *)(blok + 1);
-	blok->h.endp = size + blok->h.first_avail;
-#ifdef ALLOC_DEBUG
-	blok->h.endp -= CLICK_SZ;
-#endif
-#ifdef POOL_DEBUG
-	blok->h.global_next = global_block_list;
-	global_block_list = blok;
-	blok->h.owning_pool = NULL;
-#endif
-
-	return blok;
-}
-
-#if defined(ALLOC_DEBUG) && !defined(ALLOC_USE_MALLOC)
-static void
-chk_on_blk_list(union block_hdr *blok, union block_hdr *free_blk)
-{
-	debug_verify_filled(blok->h.endp, blok->h.endp + CLICK_SZ,
-	    "Ouch!  Someone trounced the padding at the end of a block!\n");
-	while (free_blk) {
-		if (free_blk == blok) {
-			fprintf(stderr, "Ouch!  Freeing free block\n");
-			abort();
-			exit(1);
-		}
-		free_blk = free_blk->h.next;
-	}
-}
-#else
-#define chk_on_blk_list(_x, _y)
-#endif
-
-/* Free a chain of blocks --- must be called with alarms blocked. */
-static void
-free_blocks(union block_hdr *blok)
-{
-#ifdef ALLOC_USE_MALLOC
-	union block_hdr *next;
-
-	for (; blok; blok = next) {
-		next = blok->h.next;
-		free(blok);
-	}
-#else
-	/*
-	 * First, put new blocks at the head of the free list ---
-	 * we'll eventually bash the 'next' pointer of the last block
-	 * in the chain to point to the free blocks we already had.
-	 */
-	union block_hdr *old_free_list;
-
-	/* Sanity check --- freeing empty pool? */
-	if (blok == NULL)
-		return;
-
-#if defined(EAPI_MM)
-	if (blok->h.is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void) ap_acquire_mutex(alloc_mutex);
-	old_free_list = block_freelist;
-	block_freelist = blok;
-
-	/*
-	 * Next, adjust first_avail pointers of each block --- have to do it
-	 * sooner or later, and it simplifies the search in new_block to do it
-	 * now.
-	 */
-	while (blok->h.next != NULL) {
-		chk_on_blk_list(blok, old_free_list);
-		blok->h.first_avail = (char *)(blok + 1);
-		debug_fill(blok->h.first_avail,
-		    blok->h.endp - blok->h.first_avail);
-#ifdef POOL_DEBUG
-		blok->h.owning_pool = FREE_POOL;
-#endif
-		blok = blok->h.next;
-	}
-
-	chk_on_blk_list(blok, old_free_list);
-	blok->h.first_avail = (char *)(blok + 1);
-	debug_fill(blok->h.first_avail, blok->h.endp - blok->h.first_avail);
-#ifdef POOL_DEBUG
-	blok->h.owning_pool = FREE_POOL;
-#endif
-
-	/* Finally, reset next pointer to get the old free blocks back */
-	blok->h.next = old_free_list;
-
-	(void) ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (blok->h.is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-#endif
-}
-
-
-/* 
- * Get a new block, from our own free list if possible, from the system
- * if necessary.  Must be called with alarms blocked.
- */
-#if defined(EAPI_MM)
-static union block_hdr
-*new_block(int min_size, int is_shm)
-#else
-static union block_hdr
-*new_block(int min_size)
-#endif
-{
-	union block_hdr **lastptr = &block_freelist;
-	union block_hdr *blok = block_freelist;
-
-	/*
-	 * First, see if we have anything of the required size
-	 * on the free list...
-	 */
-	while (blok != NULL) {
-#if defined(EAPI_MM)
-		if (blok->h.is_shm == is_shm &&
-		    min_size + BLOCK_MINFREE <= blok->h.endp -
-		    blok->h.first_avail) {
-#else
-		if (min_size + BLOCK_MINFREE <= blok->h.endp -
-		    blok->h.first_avail) {
-#endif
-			*lastptr = blok->h.next;
-			blok->h.next = NULL;
-			debug_verify_filled(blok->h.first_avail, blok->h.endp,
-			    "Ouch!  Someone trounced a block on the free "
-			    "list!\n");
-			return blok;
-		}
-		else {
-			lastptr = &blok->h.next;
-			blok = blok->h.next;
-		}
-	}
-
-	/* Nope. */
-	min_size += BLOCK_MINFREE;
-#if defined(EAPI_MM)
-	blok = malloc_block((min_size > BLOCK_MINALLOC) ?
-	    min_size : BLOCK_MINALLOC, is_shm);
-#else
-	blok = malloc_block((min_size > BLOCK_MINALLOC) ?
-	    min_size : BLOCK_MINALLOC);
-#endif
-	return blok;
-}
-
-
-/* Accounting */
-static long
-bytes_in_block_list(union block_hdr *blok)
-{
-	long size = 0;
-
-	while (blok) {
-		size += blok->h.endp - (char *)(blok + 1);
-		blok = blok->h.next;
-	}
-
-	return size;
-}
-
-
-/*****************************************************************
- *
- * Pool internals and management...
- * NB that subprocesses are not handled by the generic cleanup code,
- * basically because we don't want cleanups for multiple subprocesses
- * to result in multiple three-second pauses.
- */
-
-struct process_chain;
-struct cleanup;
-
-static void run_cleanups(struct cleanup *);
-static void free_proc_chain(struct process_chain *);
-
-struct pool {
-	union block_hdr		*first;
-	union block_hdr		*last;
-	struct cleanup		*cleanups;
-	struct process_chain	*subprocesses;
-	struct pool		*sub_pools;
-	struct pool		*sub_next;
-	struct pool		*sub_prev;
-	struct pool		*parent;
-	char			*free_first_avail;
-#ifdef ALLOC_USE_MALLOC
-	void			*allocation_list;
-#endif
-#ifdef POOL_DEBUG
-	struct pool		*joined;
-#endif
-#if defined(EAPI_MM)
-	int			 is_shm;
-#endif
-};
-
-static pool *permanent_pool;
-
-/* Each pool structure is allocated in the start of its own first block,
- * so we need to know how many bytes that is (once properly aligned...).
- * This also means that when a pool's sub-pool is destroyed, the storage
- * associated with it is *completely* gone, so we have to make sure it
- * gets taken off the parent's sub-pool list...
- */
-
-#define POOL_HDR_CLICKS (1 + ((sizeof(struct pool) - 1) / CLICK_SZ))
-#define POOL_HDR_BYTES (POOL_HDR_CLICKS * CLICK_SZ)
-
-#if defined(EAPI_MM)
-static struct pool
-*make_sub_pool_internal(struct pool *p, int is_shm)
-#else
-API_EXPORT(struct pool *)
-ap_make_sub_pool(struct pool *p)
-#endif
-{
-	union block_hdr *blok;
-	pool *new_pool;
-
-	ap_block_alarms();
-
-#if defined(EAPI_MM)
-	if (is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void) ap_acquire_mutex(alloc_mutex);
-
-#if defined(EAPI_MM)
-	blok = new_block(POOL_HDR_BYTES, is_shm);
-#else
-	blok = new_block(POOL_HDR_BYTES);
-#endif
-	new_pool = (pool *)blok->h.first_avail;
-	blok->h.first_avail += POOL_HDR_BYTES;
-#ifdef POOL_DEBUG
-	blok->h.owning_pool = new_pool;
-#endif
-
-	memset((char *)new_pool, '\0', sizeof(struct pool));
-	new_pool->free_first_avail = blok->h.first_avail;
-	new_pool->first = new_pool->last = blok;
-
-	if (p) {
-		new_pool->parent = p;
-		new_pool->sub_next = p->sub_pools;
-		if (new_pool->sub_next)
-			new_pool->sub_next->sub_prev = new_pool;
-		p->sub_pools = new_pool;
-	}
-
-#if defined(EAPI_MM)
-	new_pool->is_shm = is_shm;
-#endif
-
-	(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-	ap_unblock_alarms();
-
-	return new_pool;
-}
-
-#if defined(EAPI_MM)
-API_EXPORT(struct pool *)
-ap_make_sub_pool(struct pool *p)
-{
-	return make_sub_pool_internal(p, 0);
-}
-API_EXPORT(struct pool *)
-ap_make_shared_sub_pool(struct pool *p)
-{
-	return make_sub_pool_internal(p, 1);
-}
-#else
-API_EXPORT(struct pool *)
-ap_make_shared_sub_pool(struct pool *p)
-{
-	return NULL;
-}
-#endif
-
-#ifdef POOL_DEBUG
-static void
-stack_var_init(char *s)
-{
-	char t;
-
-	if (s < &t)
-		stack_direction = 1; /* stack grows up */
-	else
-		stack_direction = -1; /* stack grows down */
-}
-#endif
-
-int
-ap_shared_pool_possible(void)
-{
-	return ap_mm_useable();
-}
-
-API_EXPORT(pool *)
-ap_init_alloc(void)
-{
-#ifdef POOL_DEBUG
-	char s;
-
-	known_stack_point = &s;
-	stack_var_init(&s);
-#endif
-	alloc_mutex = ap_create_mutex(NULL);
-	spawn_mutex = ap_create_mutex(NULL);
-	permanent_pool = ap_make_sub_pool(NULL);
-	return permanent_pool;
-}
-
-void
-ap_init_alloc_shared(int early)
-{
-#if defined(EAPI_MM)
-	int mm_size;
-	char *mm_path;
-	char *err1, *err2;
-
-	if (early) {
-		/* process very early on startup */
-		mm_size = ap_mm_maxsize();
-		if (mm_size > EAPI_MM_CORE_MAXSIZE)
-			mm_size = EAPI_MM_CORE_MAXSIZE;
-		mm_path = ap_server_root_relative(permanent_pool, 
-		ap_psprintf(permanent_pool, "%s.%ld", 
-		EAPI_MM_CORE_PATH, (long)getpid()));
-		if ((mm = ap_mm_create(mm_size, mm_path)) == NULL) {
-			fprintf(stderr, "Ouch! ap_mm_create(%d, \"%s\") "
-			    "failed\n", mm_size, mm_path);
-			err1 = ap_mm_error();
-			if (err1 == NULL)
-				err1 = "-unknown-";
-			err2 = strerror(errno);
-			if (err2 == NULL)
-				err2 = "-unknown-";
-			fprintf(stderr, "Error: MM: %s: OS: %s\n", err1, err2);
-			exit(1);
-		}
-	} else {
-		/* process a lot later on startup */
-		ap_mm_permission(mm, (S_IRUSR|S_IWUSR), ap_user_id, -1);
-	}
-#endif /* EAPI_MM */
-	return; 
-}
-
-void
-ap_kill_alloc_shared(void)
-{
-#if defined(EAPI_MM)
-	if (mm != NULL) {
-		ap_mm_destroy(mm);
-		mm = NULL;
-	}
-#endif /* EAPI_MM */
-	return;
-}
-
-void
-ap_cleanup_alloc(void)
-{
-	ap_destroy_mutex(alloc_mutex);
-	ap_destroy_mutex(spawn_mutex);
-}
-
-API_EXPORT(void)
-ap_clear_pool(struct pool *a)
-{
-	ap_block_alarms();
-
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void) ap_acquire_mutex(alloc_mutex);
-	while (a->sub_pools)
-		ap_destroy_pool(a->sub_pools);
-	(void) ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (a->is_shm)
-	(	void)ap_mm_unlock(mm);
-#endif
-	/* Don't hold the mutex during cleanups. */
-	run_cleanups(a->cleanups);
-	a->cleanups = NULL;
-	free_proc_chain(a->subprocesses);
-	a->subprocesses = NULL;
-	free_blocks(a->first->h.next);
-	a->first->h.next = NULL;
-
-	a->last = a->first;
-	a->first->h.first_avail = a->free_first_avail;
-	debug_fill(a->first->h.first_avail,
-	a->first->h.endp - a->first->h.first_avail);
-
-#ifdef ALLOC_USE_MALLOC
-	{
-		void *c, *n;
-
-		for (c = a->allocation_list; c; c = n) {
-			n = *(void **)c;
-			free(c);
-		}
-		a->allocation_list = NULL;
-	}
-#endif
-
-	ap_unblock_alarms();
-}
-
-API_EXPORT(void)
-ap_destroy_pool(pool *a)
-{
-	ap_block_alarms();
-	ap_clear_pool(a);
-
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void)ap_acquire_mutex(alloc_mutex);
-	if (a->parent) {
-		if (a->parent->sub_pools == a)
-			a->parent->sub_pools = a->sub_next;
-		if (a->sub_prev)
-			a->sub_prev->sub_next = a->sub_next;
-		if (a->sub_next)
-			a->sub_next->sub_prev = a->sub_prev;
-	}
-	(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-
-	free_blocks(a->first);
-	ap_unblock_alarms();
-}
-
-API_EXPORT(long)
-ap_bytes_in_pool(pool *p)
-{
-	return bytes_in_block_list(p->first);
-}
-API_EXPORT(long)
-ap_bytes_in_free_blocks(void)
-{
-	return bytes_in_block_list(block_freelist);
-}
-
-API_EXPORT(int)
-ap_acquire_pool(pool *p, ap_pool_lock_mode mode)
-{
-#if defined(EAPI_MM)
-	if (!p->is_shm)
-		return 1;
-	return ap_mm_lock(mm, mode == AP_POOL_RD ?
-	    AP_MM_LOCK_RD : AP_MM_LOCK_RW);
-#else
-	return 1;
-#endif
-}
-
-API_EXPORT(int)
-ap_release_pool(pool *p)
-{
-#if defined(EAPI_MM)
-	if (!p->is_shm)
-		return 1;
-	return ap_mm_unlock(mm);
-#else
-	return 1;
-#endif
-}
-
-/*****************************************************************
- * POOL_DEBUG support
- */
-#ifdef POOL_DEBUG
-
-/* the unix linker defines this symbol as the last byte + 1 of
- * the executable... so it includes TEXT, BSS, and DATA
- */
-extern char _end;
-
-/* is ptr in the range [lo,hi) */
-#define is_ptr_in_range(ptr, lo, hi)	\
-    (((unsigned long)(ptr) - (unsigned long)(lo)) \
-	< \
-	(unsigned long)(hi) - (unsigned long)(lo))
-
-/* Find the pool that ts belongs to, return NULL if it doesn't
- * belong to any pool.
- */
-API_EXPORT(pool *)
-ap_find_pool(const void *ts)
-{
-	const char *s = ts;
-	union block_hdr **pb;
-	union block_hdr *b;
-
-	/* short-circuit stuff which is in TEXT, BSS, or DATA */
-	if (is_ptr_in_range(s, 0, &_end))
-		return NULL;
-
-	/* consider stuff on the stack to also be in the NULL pool...
-	* XXX: there's cases where we don't want to assume this
-	*/
-	if ((stack_direction == -1 &&
-	    is_ptr_in_range(s, &ts, known_stack_point))
-	    || (stack_direction == 1 &&
-	    is_ptr_in_range(s, known_stack_point, &ts))) {
-		abort();
-		return NULL;
-	}
-	ap_block_alarms();
-	/* search the global_block_list */
-	for (pb = &global_block_list; *pb; pb = &b->h.global_next) {
-		b = *pb;
-		if (is_ptr_in_range(s, b, b->h.endp)) {
-			if (b->h.owning_pool == FREE_POOL) {
-				fprintf(stderr,
-				    "Ouch!  find_pool() called on pointer in "
-				    "a free block\n");
-				abort();
-				exit(1);
-			}
-			if (b != global_block_list) {
-				/* 
-				 * promote b to front of list, this is a
-				 * hack to speed up the lookup
-				 */
-				*pb = b->h.global_next;
-				b->h.global_next = global_block_list;
-				global_block_list = b;
-			}
-			ap_unblock_alarms();
-			return b->h.owning_pool;
-		}
-	}
-	ap_unblock_alarms();
-	return NULL;
-}
-
-/* return TRUE iff a is an ancestor of b
- * NULL is considered an ancestor of all pools
- */
-API_EXPORT(int)
-ap_pool_is_ancestor(pool *a, pool *b)
-{
-	if (a == NULL)
-		return 1;
-
-	while (a->joined)
-		a = a->joined;
-
-	while (b) {
-		if (a == b)
-			return 1;
-		b = b->parent;
-	}
-	return 0;
-}
-
-/* All blocks belonging to sub will be changed to point to p
- * instead.  This is a guarantee by the caller that sub will not
- * be destroyed before p is.
- */
-API_EXPORT(void)
-ap_pool_join(pool *p, pool *sub)
-{
-	union block_hdr *b;
-
-	/* We could handle more general cases... but this is it for now. */
-	if (sub->parent != p) {
-		fprintf(stderr, "pool_join: p is not parent of sub\n");
-		abort();
-	}
-	ap_block_alarms();
-	while (p->joined)
-		p = p->joined;
-
-	sub->joined = p;
-	for (b = global_block_list; b; b = b->h.global_next) {
-		if (b->h.owning_pool == sub)
-			b->h.owning_pool = p;
-	}
-	ap_unblock_alarms();
-}
-#endif
-
-/*****************************************************************
- *
- * Allocating stuff...
- */
-
-
-API_EXPORT(void *)
-ap_palloc(struct pool *a, int reqsize)
-{
-#ifdef ALLOC_USE_MALLOC
-	int size = reqsize + CLICK_SZ;
-	void *ptr;
-
-	ap_block_alarms();
-	ptr = malloc(size);
-	if (ptr == NULL) {
-		fputs("Ouch!  Out of memory!\n", stderr);
-		exit(1);
-	}
-	debug_fill(ptr, size); /* might as well get uninitialized protection */
-	*(void **)ptr = a->allocation_list;
-	a->allocation_list = ptr;
-	ap_unblock_alarms();
-	return (char *)ptr + CLICK_SZ;
-#else
-
-	/*
-	 * Round up requested size to an even number of alignment units
-	 * (core clicks)
-	 */
-	int nclicks = 1 + ((reqsize - 1) / CLICK_SZ);
-	int size = nclicks * CLICK_SZ;
-
-	/*
-	 * First, see if we have space in the block most recently
-	 * allocated to this pool
-	 */
-	union block_hdr *blok = a->last;
-	char *first_avail = blok->h.first_avail;
-	char *new_first_avail;
-
-	if (reqsize <= 0)
-		return NULL;
-
-	new_first_avail = first_avail + size;
-
-	if (new_first_avail <= blok->h.endp) {
-		debug_verify_filled(first_avail, blok->h.endp,
-		    "Ouch!  Someone trounced past the end of their "
-		    "allocation!\n");
-		blok->h.first_avail = new_first_avail;
-		return (void *)first_avail;
-	}
-
-	/* Nope --- get a new one that's guaranteed to be big enough */
-	ap_block_alarms();
-
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void) ap_acquire_mutex(alloc_mutex);
-
-#if defined(EAPI_MM)
-	blok = new_block(size, a->is_shm);
-#else
-	blok = new_block(size);
-#endif
-	a->last->h.next = blok;
-	a->last = blok;
-#ifdef POOL_DEBUG
-	blok->h.owning_pool = a;
-#endif
-#if defined(EAPI_MM)
-	blok->h.is_shm = a->is_shm;
-#endif
-
-	(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-
-	ap_unblock_alarms();
-
-	first_avail = blok->h.first_avail;
-	blok->h.first_avail += size;
-
-	return (void *)first_avail;
-#endif
-}
-
-API_EXPORT(void *)
-ap_pcalloc(struct pool *a, int size)
-{
-	void *res = ap_palloc(a, size);
-	memset(res, '\0', size);
-	return res;
-}
-
-API_EXPORT(char *)
-ap_pstrdup(struct pool *a, const char *s)
-{
-	char *res;
-	size_t len;
-
-	if (s == NULL)
-		return NULL;
-	len = strlen(s) + 1;
-	res = ap_palloc(a, len);
-	memcpy(res, s, len);
-	return res;
-}
-
-API_EXPORT(char *)
-ap_pstrndup(struct pool *a, const char *s, int n)
-{
-	char *res;
-
-	if (s == NULL)
-		return NULL;
-	res = ap_palloc(a, n + 1);
-	memcpy(res, s, n);
-	res[n] = '\0';
-	return res;
-}
-
-API_EXPORT_NONSTD(char *) ap_pstrcat(pool *a,...)
-{
-	char *cp, *argp, *res;
-
-	/* Pass one --- find length of required string */
-	int len = 0;
-	va_list adummy;
-
-	va_start(adummy, a);
-
-	while ((cp = va_arg(adummy, char *)) != NULL)
-		len += strlen(cp);
-
-	va_end(adummy);
-
-	/* Allocate the required string */
-	res = (char *) ap_palloc(a, len + 1);
-	cp = res;
-	*cp = '\0';
-
-	/* Pass two --- copy the argument strings into the result space */
-	va_start(adummy, a);
-
-	while ((argp = va_arg(adummy, char *)) != NULL) {
-		strlcpy(cp, argp, len + 1);
-		cp += strlen(argp);
-	}
-
-	va_end(adummy);
-
-	/* Return the result string */
-	return res;
-}
-
-/* ap_psprintf is implemented by writing directly into the current
- * block of the pool, starting right at first_avail.  If there's
- * insufficient room, then a new block is allocated and the earlier
- * output is copied over.  The new block isn't linked into the pool
- * until all the output is done.
- *
- * Note that this is completely safe because nothing else can
- * allocate in this pool while ap_psprintf is running.  alarms are
- * blocked, and the only thing outside of alloc.c that's invoked
- * is ap_vformatter -- which was purposefully written to be
- * self-contained with no callouts.
- */
-
-struct psprintf_data {
-	ap_vformatter_buff	 vbuff;
-#ifdef ALLOC_USE_MALLOC
-	char			*base;
-#else
-	union block_hdr		*blok;
-	int			 got_a_new_block;
-#endif
-};
-
-#define AP_PSPRINTF_MIN_SIZE 32  /* Minimum size of allowable avail block */
-
-static int
-psprintf_flush(ap_vformatter_buff *vbuff)
-{
-	struct psprintf_data *ps = (struct psprintf_data *)vbuff;
-#ifdef ALLOC_USE_MALLOC
-	int cur_len, size;
-	char *ptr;
-
-	cur_len = (char *)ps->vbuff.curpos - ps->base;
-	size = cur_len << 1;
-	if (size < AP_PSPRINTF_MIN_SIZE)
-		size = AP_PSPRINTF_MIN_SIZE;
-#if defined(EAPI_MM)
-	if (ps->block->h.is_shm)
-		ptr = ap_mm_realloc(ps->base, size);
-	else
-#endif
-	ptr = realloc(ps->base, size);
-	if (ptr == NULL) {
-		fputs("Ouch!  Out of memory!\n", stderr);
-		exit(1);
-	}
-	ps->base = ptr;
-	ps->vbuff.curpos = ptr + cur_len;
-	ps->vbuff.endpos = ptr + size - 1;
-	return 0;
-#else
-	union block_hdr *blok;
-	union block_hdr *nblok;
-	size_t cur_len, size;
-	char *strp;
-
-	blok = ps->blok;
-	strp = ps->vbuff.curpos;
-	cur_len = strp - blok->h.first_avail;
-	size = cur_len << 1;
-	if (size < AP_PSPRINTF_MIN_SIZE)
-		size = AP_PSPRINTF_MIN_SIZE;
-
-	/* must try another blok */
-#if defined(EAPI_MM)
-	if (blok->h.is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void)ap_acquire_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	nblok = new_block(size, blok->h.is_shm);
-#else
-	nblok = new_block(size);
-#endif
-	(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (blok->h.is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-	memcpy(nblok->h.first_avail, blok->h.first_avail, cur_len);
-	ps->vbuff.curpos = nblok->h.first_avail + cur_len;
-	/* save a byte for the NUL terminator */
-	ps->vbuff.endpos = nblok->h.endp - 1;
-
-	/* did we allocate the current blok? if so free it up */
-	if (ps->got_a_new_block) {
-		debug_fill(blok->h.first_avail,
-		    blok->h.endp - blok->h.first_avail);
-#if defined(EAPI_MM)
-		if (blok->h.is_shm)
-			(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-		(void)ap_acquire_mutex(alloc_mutex);
-		blok->h.next = block_freelist;
-		block_freelist = blok;
-		(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-		if (blok->h.is_shm)
-			(void)ap_mm_unlock(mm);
-#endif
-	}
-	ps->blok = nblok;
-	ps->got_a_new_block = 1;
-	/*
-	 * note that we've deliberately not linked the new block onto
-	 * the pool yet... because we may need to flush again later, and
-	 * we'd have to spend more effort trying to unlink the block.
-	 */
-	return 0;
-#endif
-}
-
-API_EXPORT(char *)
-ap_pvsprintf(pool *p, const char *fmt, va_list ap)
-{
-#ifdef ALLOC_USE_MALLOC
-	struct psprintf_data ps;
-	void *ptr;
-
-	ap_block_alarms();
-#if defined(EAPI_MM)
-	if (p->is_shm)
-		ps.base = ap_mm_malloc(mm, 512);
-	else
-#endif
-	ps.base = malloc(512);
-	if (ps.base == NULL) {
-		fputs("Ouch!  Out of memory!\n", stderr);
-		exit(1);
-	}
-	/* need room at beginning for allocation_list */
-	ps.vbuff.curpos = ps.base + CLICK_SZ;
-	ps.vbuff.endpos = ps.base + 511;
-	ap_vformatter(psprintf_flush, &ps.vbuff, fmt, ap);
-	*ps.vbuff.curpos++ = '\0';
-	ptr = ps.base;
-	/* shrink */
-#if defined(EAPI_MM)
-	if (p->is_shm)
-		ptr = ap_mm_realloc(ptr, (char *)ps.vbuff.curpos - (char *)ptr);
-	else
-#endif
-	ptr = realloc(ptr, (char *)ps.vbuff.curpos - (char *)ptr);
-	if (ptr == NULL) {
-		fputs("Ouch!  Out of memory!\n", stderr);
-		exit(1);
-	}
-	*(void **)ptr = p->allocation_list;
-	p->allocation_list = ptr;
-	ap_unblock_alarms();
-	return (char *)ptr + CLICK_SZ;
-#else
-	struct psprintf_data ps;
-	char *strp;
-	int size;
-
-	ap_block_alarms();
-	ps.blok = p->last;
-	ps.vbuff.curpos = ps.blok->h.first_avail;
-	ps.vbuff.endpos = ps.blok->h.endp - 1;	/* save one for NUL */
-	ps.got_a_new_block = 0;
-
-	if (ps.blok->h.first_avail == ps.blok->h.endp)
-		psprintf_flush(&ps.vbuff);	/* ensure room for NUL */
-	ap_vformatter(psprintf_flush, &ps.vbuff, fmt, ap);
-
-	strp = ps.vbuff.curpos;
-	*strp++ = '\0';
-
-	size = strp - ps.blok->h.first_avail;
-	size = (1 + ((size - 1) / CLICK_SZ)) * CLICK_SZ;
-	strp = ps.blok->h.first_avail;	/* save away result pointer */
-	ps.blok->h.first_avail += size;
-
-	/* have to link the block in if it's a new one */
-	if (ps.got_a_new_block) {
-		p->last->h.next = ps.blok;
-		p->last = ps.blok;
-#ifdef POOL_DEBUG
-		ps.blok->h.owning_pool = p;
-#endif
-	}
-	ap_unblock_alarms();
-
-	return strp;
-#endif
-}
-
-API_EXPORT_NONSTD(char *)
-ap_psprintf(pool *p, const char *fmt, ...)
-{
-	va_list ap;
-	char *res;
-
-	va_start(ap, fmt);
-	res = ap_pvsprintf(p, fmt, ap);
-	va_end(ap);
-	return res;
-}
-
-/*****************************************************************
- *
- * The 'array' functions...
- */
-
-static void
-make_array_core(array_header *res, pool *p, int nelts, int elt_size)
-{
-	if (nelts < 1)
-		nelts = 1;	/* Assure sanity if someone asks for
-				 * array of zero elts.
-				 */
-
-	res->elts = ap_pcalloc(p, nelts * elt_size);
-
-	res->pool = p;
-	res->elt_size = elt_size;
-	res->nelts = 0;		/* No active elements yet... */
-	res->nalloc = nelts;	/* ...but this many allocated */
-}
-
-API_EXPORT(array_header *)
-ap_make_array(pool *p, int nelts, int elt_size)
-{
-	array_header *res = (array_header *)ap_palloc(p, sizeof(array_header));
-
-	make_array_core(res, p, nelts, elt_size);
-	return res;
-}
-
-API_EXPORT(void *)
-ap_push_array(array_header *arr)
-{
-	if (arr->nelts == arr->nalloc) {
-		int new_size = (arr->nalloc <= 0) ? 1 : arr->nalloc * 2;
-		char *new_data;
-
-		new_data = ap_pcalloc(arr->pool, arr->elt_size * new_size);
-
-		memcpy(new_data, arr->elts, arr->nalloc * arr->elt_size);
-		arr->elts = new_data;
-		arr->nalloc = new_size;
-	}
-
-	++arr->nelts;
-	return arr->elts + (arr->elt_size * (arr->nelts - 1));
-}
-
-API_EXPORT(void)
-ap_array_cat(array_header *dst, const array_header *src)
-{
-	int elt_size = dst->elt_size;
-
-	if (dst->nelts + src->nelts > dst->nalloc) {
-		int new_size = (dst->nalloc <= 0) ? 1 : dst->nalloc * 2;
-		char *new_data;
-
-		while (dst->nelts + src->nelts > new_size)
-			new_size *= 2;
-
-		new_data = ap_pcalloc(dst->pool, elt_size * new_size);
-		memcpy(new_data, dst->elts, dst->nalloc * elt_size);
-
-		dst->elts = new_data;
-		dst->nalloc = new_size;
-	}
-
-	memcpy(dst->elts + dst->nelts * elt_size, src->elts,
-	    elt_size * src->nelts);
-	dst->nelts += src->nelts;
-}
-
-API_EXPORT(array_header *)
-ap_copy_array(pool *p, const array_header *arr)
-{
-	array_header *res = ap_make_array(p, arr->nalloc, arr->elt_size);
-
-	memcpy(res->elts, arr->elts, arr->elt_size * arr->nelts);
-	res->nelts = arr->nelts;
-	return res;
-}
-
-/* This cute function copies the array header *only*, but arranges
- * for the data section to be copied on the first push or arraycat.
- * It's useful when the elements of the array being copied are
- * read only, but new stuff *might* get added on the end; we have the
- * overhead of the full copy only where it is really needed.
- */
-
-static ap_inline void
-copy_array_hdr_core(array_header *res, const array_header *arr)
-{
-	res->elts = arr->elts;
-	res->elt_size = arr->elt_size;
-	res->nelts = arr->nelts;
-	res->nalloc = arr->nelts;	/* Force overflow on push */
-}
-
-API_EXPORT(array_header *)
-ap_copy_array_hdr(pool *p, const array_header *arr)
-{
-	array_header *res = (array_header *) ap_palloc(p, sizeof(array_header));
-
-	res->pool = p;
-	copy_array_hdr_core(res, arr);
-	return res;
-}
-
-/* The above is used here to avoid consing multiple new array bodies... */
-
-API_EXPORT(array_header *)
-ap_append_arrays(pool *p, const array_header *first, const array_header *second)
-{
-	array_header *res = ap_copy_array_hdr(p, first);
-
-	ap_array_cat(res, second);
-	return res;
-}
-
-/* ap_array_pstrcat generates a new string from the pool containing
- * the concatenated sequence of substrings referenced as elements within
- * the array.  The string will be empty if all substrings are empty or null,
- * or if there are no elements in the array.
- * If sep is non-NUL, it will be inserted between elements as a separator.
- */
-API_EXPORT(char *)
-ap_array_pstrcat(pool *p, const array_header *arr, const char sep)
-{
-	char *cp, *res, **strpp;
-	int i, len;
-
-	if (arr->nelts <= 0 || arr->elts == NULL)      /* Empty table? */
-		return (char *)ap_pcalloc(p, 1);
-
-	/* Pass one --- find length of required string */
-	len = 0;
-	for (i = 0, strpp = (char **)arr->elts; ; ++strpp) {
-		if (strpp && *strpp != NULL)
-			len += strlen(*strpp);
-
-		if (++i >= arr->nelts)
-			break;
-		if (sep)
-			++len;
-	}
-
-	/* Allocate the required string */
-	res = (char *)ap_palloc(p, len + 1);
-	cp = res;
-
-	/* Pass two --- copy the argument strings into the result space */
-	for (i = 0, strpp = (char **)arr->elts; ; ++strpp) {
-		if (strpp && *strpp != NULL) {
-			len = strlen(*strpp);
-			memcpy(cp, *strpp, len);
-			cp += len;
-		}
-		if (++i >= arr->nelts)
-			break;
-		if (sep)
-			*cp++ = sep;
-	}
-
-	*cp = '\0';
-
-	/* Return the result string */
-	return res;
-}
-
-
-/*****************************************************************
- *
- * The "table" functions.
- */
-
-/* XXX: if you tweak this you should look at is_empty_table() and table_elts()
- * in ap_alloc.h */
-struct table {
-	/* This has to be first to promote backwards compatibility with
-	 * older modules which cast a table * to an array_header *...
-	 * they should use the table_elts() function for most of the
-	 * cases they do this for.
-	 */
-	array_header	 a;
-#ifdef MAKE_TABLE_PROFILE
-	void		*creator;
-#endif
-};
-
-#ifdef MAKE_TABLE_PROFILE
-static table_entry
-*table_push(table *t)
-{
-	if (t->a.nelts == t->a.nalloc) {
-		fprintf(stderr,
-		    "table_push: table created by %p hit limit of %u\n",
-		    t->creator, t->a.nalloc);
-	}
-	return (table_entry *)ap_push_array(&t->a);
-}
-#else
-#define table_push(t)	((table_entry *)ap_push_array(&(t)->a))
-#endif
-
-API_EXPORT(table *)
-ap_make_table(pool *p, int nelts)
-{
-	table *t = ap_palloc(p, sizeof(table));
-
-	make_array_core(&t->a, p, nelts, sizeof(table_entry));
-#ifdef MAKE_TABLE_PROFILE
-	t->creator = __builtin_return_address(0);
-#endif
-	return t;
-}
-
-API_EXPORT(table *)
-ap_copy_table(pool *p, const table *t)
-{
-	table *new = ap_palloc(p, sizeof(table));
-
-#ifdef POOL_DEBUG
-	/* we don't copy keys and values, so it's necessary that t->a.pool
-	 * have a life span at least as long as p
-	 */
-	if (!ap_pool_is_ancestor(t->a.pool, p)) {
-		fprintf(stderr, "copy_table: t's pool is not an "
-		    "ancestor of p\n");
-		abort();
-	}
-#endif
-	make_array_core(&new->a, p, t->a.nalloc, sizeof(table_entry));
-	memcpy(new->a.elts, t->a.elts, t->a.nelts * sizeof(table_entry));
-	new->a.nelts = t->a.nelts;
-	return new;
-}
-
-API_EXPORT(void)
-ap_clear_table(table *t)
-{
-	t->a.nelts = 0;
-}
-
-API_EXPORT(const char *)
-ap_table_get(const table *t, const char *key)
-{
-	table_entry *elts = (table_entry *) t->a.elts;
-	int i;
-
-	if (key == NULL)
-		return NULL;
-
-	for (i = 0; i < t->a.nelts; ++i)
-		if (!strcasecmp(elts[i].key, key))
-			return elts[i].val;
-
-	return NULL;
-}
-
-API_EXPORT(void)
-ap_table_set(table *t, const char *key, const char *val)
-{
-	int i, j, k;
-	table_entry *elts = (table_entry *) t->a.elts;
-	int done = 0;
-
-	for (i = 0; i < t->a.nelts; ) {
-		if (!strcasecmp(elts[i].key, key)) {
-			if (!done) {
-				elts[i].val = ap_pstrdup(t->a.pool, val);
-				done = 1;
-				++i;
-			} else {	/* delete an extraneous element */
-				for (j = i, k = i + 1; k < t->a.nelts;
-				    ++j, ++k) {
-					elts[j].key = elts[k].key;
-					elts[j].val = elts[k].val;
-				}
-				--t->a.nelts;
-			}
-		} else
-			++i;
-	}
-
-	if (!done) {
-		elts = (table_entry *)table_push(t);
-		elts->key = ap_pstrdup(t->a.pool, key);
-		elts->val = ap_pstrdup(t->a.pool, val);
-	}
-}
-
-API_EXPORT(void)
-ap_table_setn(table *t, const char *key, const char *val)
-{
-	int i, j, k;
-	table_entry *elts = (table_entry *) t->a.elts;
-	int done = 0;
-
-#ifdef POOL_DEBUG
-	if (!ap_pool_is_ancestor(ap_find_pool(key), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-	if (!ap_pool_is_ancestor(ap_find_pool(val), t->a.pool)) {
-		fprintf(stderr, "table_set: val not in ancestor pool of t\n");
-		abort();
-	}
-#endif
-
-	for (i = 0; i < t->a.nelts; ) {
-		if (!strcasecmp(elts[i].key, key)) {
-			if (!done) {
-				elts[i].val = (char *)val;
-				done = 1;
-				++i;
-			} else {	/* delete an extraneous element */
-				for (j = i, k = i + 1; k < t->a.nelts;
-				    ++j, ++k) {
-					elts[j].key = elts[k].key;
-					elts[j].val = elts[k].val;
-				}
-				--t->a.nelts;
-			}
-		} else
-			++i;
-	}
-
-	if (!done) {
-		elts = (table_entry *)table_push(t);
-		elts->key = (char *)key;
-		elts->val = (char *)val;
-	}
-}
-
-API_EXPORT(void)
-ap_table_unset(table *t, const char *key)
-{
-	int i, j, k;
-	table_entry *elts = (table_entry *) t->a.elts;
-
-	for (i = 0; i < t->a.nelts;) {
-		if (!strcasecmp(elts[i].key, key)) {
-
-                        /* found an element to skip over there are any
-			 * number of ways to remove an element from a
-			 * contiguous block of memory.  I've chosen one
-			 * that doesn't do a memcpy/bcopy/array_delete,
-			 * *shrug*...
-                         */
-			for (j = i, k = i + 1; k < t->a.nelts; ++j, ++k) {
-				elts[j].key = elts[k].key;
-				elts[j].val = elts[k].val;
-			}
-			--t->a.nelts;
-		} else
-			++i;
-	}
-}
-
-API_EXPORT(void)
-ap_table_merge(table *t, const char *key, const char *val)
-{
-	table_entry *elts = (table_entry *) t->a.elts;
-	int i;
-
-	for (i = 0; i < t->a.nelts; ++i)
-		if (!strcasecmp(elts[i].key, key)) {
-			elts[i].val = ap_pstrcat(t->a.pool, elts[i].val,
-			    ", ", val, NULL);
-			return;
-		}
-
-	elts = (table_entry *)table_push(t);
-	elts->key = ap_pstrdup(t->a.pool, key);
-	elts->val = ap_pstrdup(t->a.pool, val);
-}
-
-API_EXPORT(void)
-ap_table_mergen(table *t, const char *key, const char *val)
-{
-	table_entry *elts = (table_entry *)t->a.elts;
-	int i;
-
-#ifdef POOL_DEBUG
-	if (!ap_pool_is_ancestor(ap_find_pool(key), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-	if (!ap_pool_is_ancestor(ap_find_pool(val), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-#endif
-
-	for (i = 0; i < t->a.nelts; ++i) {
-		if (!strcasecmp(elts[i].key, key)) {
-			elts[i].val = ap_pstrcat(t->a.pool, elts[i].val,
-			    ", ", val, NULL);
-			return;
-		}
-	}
-
-	elts = (table_entry *)table_push(t);
-	elts->key = (char *)key;
-	elts->val = (char *)val;
-}
-
-API_EXPORT(void)
-ap_table_add(table *t, const char *key, const char *val)
-{
-	table_entry *elts = (table_entry *)t->a.elts;
-
-	elts = (table_entry *)table_push(t);
-	elts->key = ap_pstrdup(t->a.pool, key);
-	elts->val = ap_pstrdup(t->a.pool, val);
-}
-
-API_EXPORT(void)
-ap_table_addn(table *t, const char *key, const char *val)
-{
-	table_entry *elts = (table_entry *) t->a.elts;
-
-#ifdef POOL_DEBUG
-	if (!ap_pool_is_ancestor(ap_find_pool(key), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-	if (!ap_pool_is_ancestor(ap_find_pool(val), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-#endif
-
-	elts = (table_entry *)table_push(t);
-	elts->key = (char *)key;
-	elts->val = (char *)val;
-}
-
-API_EXPORT(table *)
-ap_overlay_tables(pool *p, const table *overlay, const table *base)
-{
-	table *res;
-
-#ifdef POOL_DEBUG
-	/* we don't copy keys and values, so it's necessary that
-	 * overlay->a.pool and base->a.pool have a life span at least
-	 * as long as p
-	 */
-	if (!ap_pool_is_ancestor(overlay->a.pool, p)) {
-		fprintf(stderr, "overlay_tables: overlay's pool is not an "
-		    "ancestor of p\n");
-		abort();
-	}
-	if (!ap_pool_is_ancestor(base->a.pool, p)) {
-		fprintf(stderr, "overlay_tables: base's pool is not an "
-		    "ancestor of p\n");
-		abort();
-	}
-#endif
-
-	res = ap_palloc(p, sizeof(table));
-	/* behave like append_arrays */
-	res->a.pool = p;
-	copy_array_hdr_core(&res->a, &overlay->a);
-	ap_array_cat(&res->a, &base->a);
-
-	return res;
-}
-
-/* And now for something completely abstract ...
-
- * For each key value given as a vararg:
- *   run the function pointed to as
- *     int comp(void *r, char *key, char *value);
- *   on each valid key-value pair in the table t that matches the vararg key,
- *   or once for every valid key-value pair if the vararg list is empty,
- *   until the function returns false (0) or we finish the table.
- *
- * Note that we restart the traversal for each vararg, which means that
- * duplicate varargs will result in multiple executions of the function
- * for each matching key.  Note also that if the vararg list is empty,
- * only one traversal will be made and will cut short if comp returns 0.
- *
- * Note that the table_get and table_merge functions assume that each key in
- * the table is unique (i.e., no multiple entries with the same key).  This
- * function does not make that assumption, since it (unfortunately) isn't
- * true for some of Apache's tables.
- *
- * Note that rec is simply passed-on to the comp function, so that the
- * caller can pass additional info for the task.
- */
-API_EXPORT_NONSTD(void)
-ap_table_do(int (*comp)(void *, const char *, const char *), void *rec,
-    const table *t,...)
-{
-	va_list vp;
-	char *argp;
-	table_entry *elts = (table_entry *)t->a.elts;
-	int rv, i;
-
-	va_start(vp, t);
-
-	argp = va_arg(vp, char *);
-
-	do {
-		for (rv = 1, i = 0; rv && (i < t->a.nelts); ++i) {
-			if (elts[i].key && (!argp ||
-			    !strcasecmp(elts[i].key, argp)))
-				rv = (*comp) (rec, elts[i].key, elts[i].val);
-		}
-	} while (argp && ((argp = va_arg(vp, char *)) != NULL));
-
-	va_end(vp);
-}
-
-/* Curse libc and the fact that it doesn't guarantee a stable sort.  We
- * have to enforce stability ourselves by using the order field.  If it
- * provided a stable sort then we wouldn't even need temporary storage to
- * do the work below. -djg
- *
- * ("stable sort" means that equal keys retain their original relative
- * ordering in the output.)
- */
-typedef struct {
-	char	*key;
-	char	*val;
-	int	 order;
-} overlap_key;
-
-static int
-sort_overlap(const void *va, const void *vb)
-{
-	const overlap_key *a = va;
-	const overlap_key *b = vb;
-	int r;
-
-	r = strcasecmp(a->key, b->key);
-	if (r)
-		return r;
-	return a->order - b->order;
-}
-
-/* prefer to use the stack for temp storage for overlaps smaller than this */
-#ifndef AP_OVERLAP_TABLES_ON_STACK
-#define AP_OVERLAP_TABLES_ON_STACK	(512)
-#endif
-
-API_EXPORT(void)
-ap_overlap_tables(table *a, const table *b, unsigned flags)
-{
-	overlap_key cat_keys_buf[AP_OVERLAP_TABLES_ON_STACK];
-	overlap_key *cat_keys;
-	int nkeys;
-	table_entry *e;
-	table_entry *last_e;
-	overlap_key *left;
-	overlap_key *right;
-	overlap_key *last;
-
-	nkeys = a->a.nelts + b->a.nelts;
-	if (nkeys < AP_OVERLAP_TABLES_ON_STACK) {
-		cat_keys = cat_keys_buf;
-	} else {
-		/* XXX: could use scratch free space in a or b's pool instead...
-		* which could save an allocation in b's pool.
-		*/
-		cat_keys = ap_palloc(b->a.pool, sizeof(overlap_key) * nkeys);
-	}
-
-	nkeys = 0;
-
-	/* Create a list of the entries from a concatenated with the entries
-	* from b.
-	*/
-	e = (table_entry *)a->a.elts;
-	last_e = e + a->a.nelts;
-	while (e < last_e) {
-		cat_keys[nkeys].key = e->key;
-		cat_keys[nkeys].val = e->val;
-		cat_keys[nkeys].order = nkeys;
-		++nkeys;
-		++e;
-	}
-
-	e = (table_entry *)b->a.elts;
-	last_e = e + b->a.nelts;
-	while (e < last_e) {
-		cat_keys[nkeys].key = e->key;
-		cat_keys[nkeys].val = e->val;
-		cat_keys[nkeys].order = nkeys;
-		++nkeys;
-		++e;
-	}
-
-	qsort(cat_keys, nkeys, sizeof(overlap_key), sort_overlap);
-
-	/* Now iterate over the sorted list and rebuild a.
-	 * Start by making sure it has enough space.
-	 */
-	a->a.nelts = 0;
-	if (a->a.nalloc < nkeys) {
-		a->a.elts = ap_palloc(a->a.pool, a->a.elt_size * nkeys * 2);
-		a->a.nalloc = nkeys * 2;
-	}
-
-	/*
-	 * In both the merge and set cases we retain the invariant:
-	 *
-	 * left->key, (left+1)->key, (left+2)->key, ..., (right-1)->key
-	 * are all equal keys.  (i.e. strcasecmp returns 0)
-	 *
-	 * We essentially need to find the maximal
-	 * right for each key, then we can do a quick merge or set as
-	 * appropriate.
-	 */
-
-	if (flags & AP_OVERLAP_TABLES_MERGE) {
-		left = cat_keys;
-		last = left + nkeys;
-		while (left < last) {
-			right = left + 1;
-			if (right == last
-			    || strcasecmp(left->key, right->key)) {
-				ap_table_addn(a, left->key, left->val);
-				left = right;
-			} else {
-				char *strp;
-				char *value;
-				size_t len;
-
-				/* Have to merge some headers.  Let's re-use
-				 * the order field, since it's handy... we'll
-				 * store the length of val there.
-				 */
-				left->order = strlen(left->val);
-				len = left->order;
-				do {
-					right->order = strlen(right->val);
-					len += 2 + right->order;
-					++right;
-				} while (right < last
-				&& !strcasecmp(left->key, right->key));
-				/* right points one past the last header to
-				 * merge
-				 */
-				value = ap_palloc(a->a.pool, len + 1);
-				strp = value;
-				for (;;) {
-					memcpy(strp, left->val, left->order);
-					strp += left->order;
-					++left;
-					if (left == right) break;
-					*strp++ = ',';
-					*strp++ = ' ';
-				}
-				*strp = 0;
-				ap_table_addn(a, (left-1)->key, value);
-			}
-		}
-	} else {
-		left = cat_keys;
-		last = left + nkeys;
-		while (left < last) {
-			right = left + 1;
-			while (right < last
-			    && !strcasecmp(left->key, right->key)) {
-				++right;
-			}
-			ap_table_addn(a, (right-1)->key, (right-1)->val);
-			left = right;
-		}
-	}
-}
-
-/*****************************************************************
- *
- * Managing generic cleanups.  
- */
-
-struct cleanup {
-	void		*data;
-	void		(*plain_cleanup)(void *);
-	void		(*child_cleanup)(void *);
-	struct cleanup	*next;
-};
-
-API_EXPORT(void)
-ap_register_cleanup_ex(pool *p, void *data, void (*plain_cleanup)(void *),
-    void (*child_cleanup)(void *), int (*magic_cleanup)(void *))
-{
-	struct cleanup *c;
-	if (p) {
-		c = (struct cleanup *)ap_palloc(p, sizeof(struct cleanup));
-		c->data = data;
-		c->plain_cleanup = plain_cleanup;
-		c->child_cleanup = child_cleanup;
-		c->next = p->cleanups;
-		p->cleanups = c;
-	}
-	/* attempt to do magic even if not passed a pool. Allows us
-	 * to perform the magic, therefore, "whenever" we want/need */
-	if (magic_cleanup) {
-		if (!magic_cleanup(data)) 
-			ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-			    "exec() may not be safe");
-	}
-}
-
-API_EXPORT(void)
-ap_register_cleanup(pool *p, void *data, void (*plain_cleanup)(void *),
-    void (*child_cleanup)(void *))
-{
-	ap_register_cleanup_ex(p, data, plain_cleanup, child_cleanup, NULL);
-}
-
-API_EXPORT(void)
-ap_kill_cleanup(pool *p, void *data, void (*cleanup)(void *))
-{
-	struct cleanup *c = p->cleanups;
-	struct cleanup **lastp = &p->cleanups;
-
-	while (c) {
-		if (c->data == data && c->plain_cleanup == cleanup) {
-			*lastp = c->next;
-			break;
-		}
-
-		lastp = &c->next;
-		c = c->next;
-	}
-}
-
-API_EXPORT(void)
-ap_run_cleanup(pool *p, void *data, void (*cleanup)(void *))
-{
-	ap_block_alarms();		/* Run cleanup only once! */
-	(*cleanup)(data);
-	ap_kill_cleanup(p, data, cleanup);
-	ap_unblock_alarms();
-}
-
-static void
-run_cleanups(struct cleanup *c)
-{
-	while (c) {
-		(*c->plain_cleanup)(c->data);
-		c = c->next;
-	}
-}
-
-static void
-run_child_cleanups(struct cleanup *c)
-{
-	while (c) {
-		(*c->child_cleanup)(c->data);
-		c = c->next;
-	}
-}
-
-static void
-cleanup_pool_for_exec(pool *p)
-{
-	run_child_cleanups(p->cleanups);
-	p->cleanups = NULL;
-
-	for (p = p->sub_pools; p; p = p->sub_next)
-		cleanup_pool_for_exec(p);
-}
-
-API_EXPORT(void)
-ap_cleanup_for_exec(void)
-{
-	/*
-	 * Don't need to do anything on NT, NETWARE or OS/2, because I
-	 * am actually going to spawn the new process - not
-	 * exec it. All handles that are not inheritable, will
-	 * be automajically closed. The only problem is with
-	 * file handles that are open, but there isn't much
-	 * I can do about that (except if the child decides
-	 * to go out and close them
-	 */
-	ap_block_alarms();
-	cleanup_pool_for_exec(permanent_pool);
-	ap_unblock_alarms();
-}
-
-API_EXPORT_NONSTD(void)
-ap_null_cleanup(void *data)
-{
-	/* do nothing cleanup routine */
-}
-
-/*****************************************************************
- *
- * Files and file descriptors; these are just an application of the
- * generic cleanup interface.
- */
-
-int
-ap_close_fd_on_exec(int fd)
-{
-	/* Protect the fd so that it will not be inherited by child processes */
-	if(fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_ERR, NULL,
-		    "fcntl(%d, F_SETFD, FD_CLOEXEC) failed", fd);
-		return 0;
-	}
-
-	return 1;
-}
-
-static void
-fd_cleanup(void *fdv)
-{
-	close((int)(long)fdv);
-}
-
-static int
-fd_magic_cleanup(void *fdv)
-{
-	return ap_close_fd_on_exec((int)(long)fdv);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_fd_ex(pool *p, int fd, int domagic)
-{
-	ap_register_cleanup_ex(p, (void *)(long)fd, fd_cleanup, fd_cleanup,
-	    domagic ? fd_magic_cleanup : NULL);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_fd(pool *p, int fd)
-{
-	ap_note_cleanups_for_fd_ex(p, fd, 0);
-}
-
-API_EXPORT(void)
-ap_kill_cleanups_for_fd(pool *p, int fd)
-{
-	ap_kill_cleanup(p, (void *)(long)fd, fd_cleanup);
-}
-
-API_EXPORT(int)
-ap_popenf_ex(pool *a, const char *name, int flg, int mode, int domagic)
-{
-	int fd;
-	int save_errno;
-
-	ap_block_alarms();
-	fd = open(name, flg, mode);
-	save_errno = errno;
-	if (fd >= 0) {
-		fd = ap_slack(fd, AP_SLACK_HIGH);
-		ap_note_cleanups_for_fd_ex(a, fd, domagic);
-	}
-	ap_unblock_alarms();
-	errno = save_errno;
-	return fd;
-}
-
-API_EXPORT(int)
-ap_popenf(pool *a, const char *name, int flg, int mode)
-{
-	return ap_popenf_ex(a, name, flg, mode, 0);
-}
-
-API_EXPORT(int)
-ap_pclosef(pool *a, int fd)
-{
-	int res;
-	int save_errno;
-
-	ap_block_alarms();
-	res = close(fd);
-	save_errno = errno;
-	ap_kill_cleanup(a, (void *)(long)fd, fd_cleanup);
-	ap_unblock_alarms();
-	errno = save_errno;
-	return res;
-}
-
-
-/* Note that we have separate plain_ and child_ cleanups for FILE *s,
- * since fclose() would flush I/O buffers, which is extremely undesirable;
- * we just close the descriptor.
- */
-
-static void
-file_cleanup(void *fpv)
-{
-	fclose((FILE *)fpv);
-}
-
-static void
-file_child_cleanup(void *fpv)
-{
-	close(fileno((FILE *)fpv));
-}
-
-static int
-file_magic_cleanup(void *fpv)
-{
-	return ap_close_fd_on_exec(fileno((FILE *)fpv));
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_file_ex(pool *p, FILE *fp, int domagic)
-{
-	ap_register_cleanup_ex(p, (void *)fp, file_cleanup, file_child_cleanup,
-	    domagic ? file_magic_cleanup : NULL);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_file(pool *p, FILE *fp)
-{
-	ap_note_cleanups_for_file_ex(p, fp, 0);
-}
-
-API_EXPORT(FILE *)
-ap_pfopen(pool *a, const char *name, const char *mode)
-{
-	FILE *fd = NULL;
-	int baseFlag, desc;
-	int modeFlags = 0;
-	int saved_errno;
-
-	modeFlags = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
-
-	ap_block_alarms();
-
-	if (*mode == 'a') {
-		/* Work around faulty implementations of fopen */
-		baseFlag = (*(mode + 1) == '+') ? O_RDWR : O_WRONLY;
-		desc = open(name, baseFlag | O_APPEND | O_CREAT,
-		modeFlags);
-		if (desc >= 0) {
-			desc = ap_slack(desc, AP_SLACK_LOW);
-			fd = ap_fdopen(desc, mode);
-		}
-	} else {
-		fd = fopen(name, mode);
-	}
-	saved_errno = errno;
-	if (fd != NULL)
-		ap_note_cleanups_for_file(a, fd);
-	ap_unblock_alarms();
-	errno = saved_errno;
-	return fd;
-}
-
-API_EXPORT(FILE *)
-ap_pfdopen(pool *a, int fd, const char *mode)
-{
-	FILE *f;
-	int saved_errno;
-
-	ap_block_alarms();
-	f = ap_fdopen(fd, mode);
-	saved_errno = errno;
-	if (f != NULL)
-		ap_note_cleanups_for_file(a, f);
-	ap_unblock_alarms();
-	errno = saved_errno;
-	return f;
-}
-
-
-API_EXPORT(int)
-ap_pfclose(pool *a, FILE *fd)
-{
-	int res;
-
-	ap_block_alarms();
-	res = fclose(fd);
-	ap_kill_cleanup(a, (void *)fd, file_cleanup);
-	ap_unblock_alarms();
-	return res;
-}
-
-/*
- * DIR * with cleanup
- */
-
-static void
-dir_cleanup(void *dv)
-{
-	closedir((DIR *) dv);
-}
-
-API_EXPORT(DIR *)
-ap_popendir(pool *p, const char *name)
-{
-	DIR *d;
-	int save_errno;
-
-	ap_block_alarms();
-	d = opendir(name);
-	if (d == NULL) {
-		save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return NULL;
-	}
-	ap_register_cleanup(p, (void *)d, dir_cleanup, dir_cleanup);
-	ap_unblock_alarms();
-	return d;
-}
-
-API_EXPORT(void)
-ap_pclosedir(pool *p, DIR * d)
-{
-	ap_block_alarms();
-	ap_kill_cleanup(p, (void *)d, dir_cleanup);
-	closedir(d);
-	ap_unblock_alarms();
-}
-
-/*****************************************************************
- *
- * Files and file descriptors; these are just an application of the
- * generic cleanup interface.
- */
-
-static void
-socket_cleanup(void *fdv)
-{
-	closesocket((int)(long)fdv);
-}
-
-static int
-socket_magic_cleanup(void *fpv)
-{
-	return ap_close_fd_on_exec((int)(long)fpv);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_socket_ex(pool *p, int fd, int domagic)
-{
-	ap_register_cleanup_ex(p, (void *)(long) fd, socket_cleanup,
-	    socket_cleanup, domagic ? socket_magic_cleanup : NULL);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_socket(pool *p, int fd)
-{
-	ap_note_cleanups_for_socket_ex(p, fd, 0);
-}
-
-API_EXPORT(void)
-ap_kill_cleanups_for_socket(pool *p, int sock)
-{
-	ap_kill_cleanup(p, (void *)(long)sock, socket_cleanup);
-}
-
-API_EXPORT(int)
-ap_psocket_ex(pool *p, int domain, int type, int protocol, int domagic)
-{
-	int fd;
-
-	ap_block_alarms();
-	fd = socket(domain, type, protocol);
-	if (fd == -1) {
-		int save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return -1;
-	}
-	ap_note_cleanups_for_socket_ex(p, fd, domagic);
-	ap_unblock_alarms();
-	return fd;
-}
-
-API_EXPORT(int)
-ap_psocket(pool *p, int domain, int type, int protocol)
-{
-	return ap_psocket_ex(p, domain, type, protocol, 0);
-}
-
-API_EXPORT(int)
-ap_pclosesocket(pool *a, int sock)
-{
-	int res;
-	int save_errno;
-
-	ap_block_alarms();
-	res = closesocket(sock);
-	save_errno = errno;
-	ap_kill_cleanup(a, (void *)(long)sock, socket_cleanup);
-	ap_unblock_alarms();
-	errno = save_errno;
-	return res;
-}
-
-
-/*
- * Here's a pool-based interface to POSIX regex's regcomp().
- * Note that we return regex_t instead of being passed one.
- * The reason is that if you use an already-used regex_t structure,
- * the memory that you've already allocated gets forgotten, and
- * regfree() doesn't clear it. So we don't allow it.
- */
-
-static void
-regex_cleanup(void *preg)
-{
-	regfree((regex_t *)preg);
-}
-
-API_EXPORT(regex_t *)
-ap_pregcomp(pool *p, const char *pattern, int cflags)
-{
-	regex_t *preg = ap_palloc(p, sizeof(regex_t));
-
-	if (regcomp(preg, pattern, cflags))
-		return NULL;
-
-	ap_register_cleanup(p, (void *)preg, regex_cleanup, regex_cleanup);
-
-	return preg;
-}
-
-
-API_EXPORT(void)
-ap_pregfree(pool *p, regex_t *reg)
-{
-	ap_block_alarms();
-	regfree(reg);
-	ap_kill_cleanup(p, (void *)reg, regex_cleanup);
-	ap_unblock_alarms();
-}
-
-/*****************************************************************
- *
- * More grotty system stuff... subprocesses.  Frump.  These don't use
- * the generic cleanup interface because I don't want multiple
- * subprocesses to result in multiple three-second pauses; the
- * subprocesses have to be "freed" all at once.  If someone comes
- * along with another resource they want to allocate which has the
- * same property, we might want to fold support for that into the
- * generic interface, but for now, it's a special case
- */
-
-struct process_chain {
-	pid_t			 pid;
-	enum kill_conditions	 kill_how;
-	struct process_chain	*next;
-};
-
-API_EXPORT(void)
-ap_note_subprocess(pool *a, pid_t pid, enum kill_conditions how)
-{
-	struct process_chain *new =
-	    (struct process_chain *)ap_palloc(a, sizeof(struct process_chain));
-
-	new->pid = pid;
-	new->kill_how = how;
-	new->next = a->subprocesses;
-	a->subprocesses = new;
-}
-
-#define os_pipe(fds) pipe(fds)
-
-/* for ap_fdopen, to get binary mode */
-#define BINMODE
-
-static pid_t
-spawn_child_core(pool *p, int (*func)(void *, child_info *), void *data,
-enum kill_conditions kill_how, int *pipe_in, int *pipe_out, int *pipe_err)
-{
-	pid_t pid;
-	int in_fds[2];
-	int out_fds[2];
-	int err_fds[2];
-	int save_errno;
-
-	if (pipe_in && os_pipe(in_fds) < 0)
-		return 0;
-
-	if (pipe_out && os_pipe(out_fds) < 0) {
-		save_errno = errno;
-		if (pipe_in) {
-			close(in_fds[0]);
-			close(in_fds[1]);
-		}
-		errno = save_errno;
-		return 0;
-	}
-
-	if (pipe_err && os_pipe(err_fds) < 0) {
-		save_errno = errno;
-		if (pipe_in) {
-			close(in_fds[0]);
-			close(in_fds[1]);
-		}
-		if (pipe_out) {
-			close(out_fds[0]);
-			close(out_fds[1]);
-		}
-		errno = save_errno;
-		return 0;
-	}
-
-	if ((pid = fork()) < 0) {
-		save_errno = errno;
-		if (pipe_in) {
-			close(in_fds[0]);
-			close(in_fds[1]);
-		}
-		if (pipe_out) {
-			close(out_fds[0]);
-			close(out_fds[1]);
-		}
-		if (pipe_err) {
-			close(err_fds[0]);
-			close(err_fds[1]);
-		}
-		errno = save_errno;
-		return 0;
-	}
-
-	if (!pid) {
-		/* Child process */
-		RAISE_SIGSTOP(SPAWN_CHILD);
-
-		if (pipe_out) {
-			close(out_fds[0]);
-			dup2(out_fds[1], STDOUT_FILENO);
-			close(out_fds[1]);
-		}
-
-		if (pipe_in) {
-			close(in_fds[1]);
-			dup2(in_fds[0], STDIN_FILENO);
-			close(in_fds[0]);
-		}
-
-		if (pipe_err) {
-			close(err_fds[0]);
-			dup2(err_fds[1], STDERR_FILENO);
-			close(err_fds[1]);
-		}
-
-		/* HP-UX SIGCHLD fix goes here, if someone will remind me
-		 * what it is... */
-		signal(SIGCHLD, SIG_DFL);	/* Was that it? */
-
-		func(data, NULL);
-		exit(1);			/* Should only get here if
-						 * the exec in func() failed
-						 */
-	}
-
-	/* Parent process */
-	ap_note_subprocess(p, pid, kill_how);
-
-	if (pipe_out) {
-		close(out_fds[1]);
-		*pipe_out = out_fds[0];
-	}
-
-	if (pipe_in) {
-		close(in_fds[0]);
-		*pipe_in = in_fds[1];
-	}
-
-	if (pipe_err) {
-		close(err_fds[1]);
-		*pipe_err = err_fds[0];
-	}
-
-	return pid;
-}
-
-
-API_EXPORT(int)
-ap_spawn_child(pool *p, int (*func)(void *, child_info *), void *data,
-    enum kill_conditions kill_how, FILE **pipe_in, FILE **pipe_out,
-    FILE **pipe_err)
-{
-	int fd_in, fd_out, fd_err;
-	pid_t pid;
-	int save_errno;
-
-	ap_block_alarms();
-
-	pid = spawn_child_core(p, func, data, kill_how,
-	    pipe_in ? &fd_in : NULL,
-	    pipe_out ? &fd_out : NULL,
-	    pipe_err ? &fd_err : NULL);
-
-	if (pid == 0) {
-		save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return 0;
-	}
-
-	if (pipe_out) {
-		*pipe_out = ap_fdopen(fd_out, "r" BINMODE);
-		if (*pipe_out)
-			ap_note_cleanups_for_file(p, *pipe_out);
-		else
-			close(fd_out);
-	}
-
-	if (pipe_in) {
-		*pipe_in = ap_fdopen(fd_in, "w" BINMODE);
-		if (*pipe_in)
-			ap_note_cleanups_for_file(p, *pipe_in);
-		else
-			close(fd_in);
-	}
-
-	if (pipe_err) {
-		*pipe_err = ap_fdopen(fd_err, "r" BINMODE);
-		if (*pipe_err)
-			ap_note_cleanups_for_file(p, *pipe_err);
-		else
-			close(fd_err);
-	}
-
-	ap_unblock_alarms();
-	return pid;
-}
-
-API_EXPORT(int)
-ap_bspawn_child(pool *p, int (*func)(void *, child_info *), void *data,
-    enum kill_conditions kill_how, BUFF **pipe_in, BUFF **pipe_out,
-    BUFF **pipe_err)
-{
-	int fd_in, fd_out, fd_err;
-	pid_t pid;
-	int save_errno;
-
-	ap_block_alarms();
-
-	pid = spawn_child_core(p, func, data, kill_how,
-	    pipe_in ? &fd_in : NULL,
-	    pipe_out ? &fd_out : NULL,
-	    pipe_err ? &fd_err : NULL);
-
-	if (pid == 0) {
-		save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return 0;
-	}
-
-	if (pipe_out) {
-		*pipe_out = ap_bcreate(p, B_RD);
-		ap_note_cleanups_for_fd_ex(p, fd_out, 0);
-		ap_bpushfd(*pipe_out, fd_out, fd_out);
-	}
-
-	if (pipe_in) {
-		*pipe_in = ap_bcreate(p, B_WR);
-		ap_note_cleanups_for_fd_ex(p, fd_in, 0);
-		ap_bpushfd(*pipe_in, fd_in, fd_in);
-	}
-
-	if (pipe_err) {
-		*pipe_err = ap_bcreate(p, B_RD);
-		ap_note_cleanups_for_fd_ex(p, fd_err, 0);
-		ap_bpushfd(*pipe_err, fd_err, fd_err);
-	}
-
-	ap_unblock_alarms();
-	return pid;
-}
-
-
-/* 
- * Timing constants for killing subprocesses
- * There is a total 3-second delay between sending a SIGINT 
- * and sending of the final SIGKILL.
- * TIMEOUT_INTERVAL should be set to TIMEOUT_USECS / 64
- * for the exponential timeout algorithm.
- */
-#define TIMEOUT_USECS    3000000
-#define TIMEOUT_INTERVAL   46875
-
-static void
-free_proc_chain(struct process_chain *procs)
-{
-	/* Dispose of the subprocesses we've spawned off in the course of
-	* whatever it was we're cleaning up now.  This may involve killing
-	* some of them off...
-	*/
-	struct process_chain *p;
-	int need_timeout = 0;
-	int status;
-	int timeout_interval;
-	struct timeval tv;
-
-	if (procs == NULL)
-		return;			/* No work.  Whew! */
-
-	/* First, check to see if we need to do the SIGTERM, sleep, SIGKILL
-	 * dance with any of the processes we're cleaning up.  If we've got
-	 * any kill-on-sight subprocesses, ditch them now as well, so they
-	 * don't waste any more cycles doing whatever it is that they shouldn't
-	 * be doing anymore.
-	 */
-	/* Pick up all defunct processes */
-	for (p = procs; p; p = p->next) {
-		if (waitpid(p->pid, (int *) 0, WNOHANG) > 0) {
-			p->kill_how = kill_never;
-		}
-	}
-
-	for (p = procs; p; p = p->next) {
-		if ((p->kill_how == kill_after_timeout)
-		    || (p->kill_how == kill_only_once)) {
-			/*
-			 * This is totally bogus, but seems to be the
-			 * only portable (as in reliable) way to accomplish
-			 * this. Note that this implies an unavoidable
-			 * delay.
-			 */
-			ap_os_kill(p->pid, SIGTERM);
-			need_timeout = 1;
-		} else if (p->kill_how == kill_always) {
-			kill(p->pid, SIGKILL);
-		}
-	}
-
-	/* Sleep only if we have to. The sleep algorithm grows
-	 * by a factor of two on each iteration. TIMEOUT_INTERVAL
-	 * is equal to TIMEOUT_USECS / 64.
-	 */
-	if (need_timeout) {
-		timeout_interval = TIMEOUT_INTERVAL;
-		tv.tv_sec = 0;
-		tv.tv_usec = timeout_interval;
-		ap_select(0, NULL, NULL, NULL, &tv);
-
-		do {
-			need_timeout = 0;
-			for (p = procs; p; p = p->next) {
-				if (p->kill_how == kill_after_timeout) {
-					if (waitpid(p->pid, (int *)0,
-					    WNOHANG | WUNTRACED) > 0)
-						p->kill_how = kill_never;
-					else
-						need_timeout = 1;
-				}
-			}
-			if (need_timeout) {
-				if (timeout_interval >= TIMEOUT_USECS)
-					break;
-				tv.tv_sec = timeout_interval / 1000000;
-				tv.tv_usec = timeout_interval % 1000000;
-				ap_select(0, NULL, NULL, NULL, &tv);
-				timeout_interval *= 2;
-			}
-		} while (need_timeout);
-	}
-
-	/* OK, the scripts we just timed out for have had a chance to clean up
-	 * --- now, just get rid of them, and also clean up the system
-	 * accounting goop...
-	 */
-	for (p = procs; p; p = p->next) {
-		if (p->kill_how == kill_after_timeout)
-		kill(p->pid, SIGKILL);
-
-		if (p->kill_how != kill_never)
-			waitpid(p->pid, &status, 0);
-	}
-}
diff --git a/usr.sbin/httpd/src/main/buff.c b/usr.sbin/httpd/src/main/buff.c
deleted file mode 100644
index 91174f5f324..00000000000
--- a/usr.sbin/httpd/src/main/buff.c
+++ /dev/null
@@ -1,1246 +0,0 @@
-/*	$OpenBSD: buff.c,v 1.21 2010/02/25 07:49:53 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "buff.h"
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/uio.h>
-
-#ifndef DEFAULT_BUFSIZE
-#define DEFAULT_BUFSIZE (4096)
-#endif
-/* This must be enough to represent (DEFAULT_BUFSIZE - 3) in hex,
- * plus two extra characters.
- */
-#ifndef CHUNK_HEADER_SIZE
-#define CHUNK_HEADER_SIZE (5)
-#endif
-
-#define ascii_CRLF "\015\012"	/* A CRLF which won't pass the conversion
-				 * machinery */
-
-/* bwrite()s of greater than this size can result in a large_write() call,
- * which can result in a writev().  It's a little more work to set up the
- * writev() rather than copy bytes into the buffer, so we don't do it for small
- * writes.  This is especially important when chunking (which is a very likely
- * source of small writes if it's a module using ap_bputc/ap_bputs)...because we
- * have the expense of actually building two chunks for each writev().
- */
-#ifndef LARGE_WRITE_THRESHOLD
-#define LARGE_WRITE_THRESHOLD 31
-#endif
-
-
-/*
- * Buffered I/O routines.
- * These are a replacement for the stdio routines.
- * Advantages:
- *  Known semantics for handling of file-descriptors (on close etc.)
- *  No problems reading and writing simultanously to the same descriptor
- *  No limits on the number of open file handles.
- *  Only uses memory resources; no need to ensure the close routine
- *  is called.
- *  Extra code could be inserted between the buffered and un-buffered routines.
- *  Timeouts could be handled by using select or poll before read or write.
- *  Extra error handling could be introduced; e.g.
- *   keep an address to which we should longjump(), or
- *   keep a stack of routines to call on error.
- */
-
-/* Notes:
- *  On reading EOF, EOF will set in the flags and no further Input will
- * be done.
- *
- * On an error except for EAGAIN, ERROR will be set in the flags and no
- * further I/O will be done
- */
-
-
-/* the lowest level reading primitive */
-static int
-ap_read(BUFF *fb, void *buf, int nbyte)
-{
-	int rv;
-
-	if (!ap_hook_call("ap::buff::read", &rv, fb, buf, nbyte))
-		rv = read(fb->fd_in, buf, nbyte);
-
-	return rv;
-}
-
-static ap_inline int
-buff_read(BUFF *fb, void *buf, int nbyte)
-{
-	int rv;
-
-	rv = ap_read(fb, buf, nbyte);
-	return rv;
-}
-
-/* the lowest level writing primitive */
-static int
-ap_write(BUFF *fb, const void *buf, int nbyte)
-{
-	int rv;
-
-	if (!ap_hook_call("ap::buff::write", &rv, fb, buf, nbyte))
-		rv = write(fb->fd, buf, nbyte);
-	return rv;
-}
-
-static ap_inline int
-buff_write(BUFF *fb, const void *buf, int nbyte)
-{
-	int rv;
-
-	if (fb->filter_callback != NULL)
-		fb->filter_callback(fb, buf, nbyte);
-
-	rv = ap_write(fb, buf, nbyte);
-	return rv;
-}
-
-static void
-doerror(BUFF *fb, int direction)
-{
-	int errsave = errno;	/* Save errno to prevent overwriting it below */
-
-	fb->flags |= (direction == B_RD ? B_RDERR : B_WRERR);
-	if (fb->error != NULL)
-		(*fb->error)(fb, direction, fb->error_data);
-
-	errno = errsave;
-}
-
-/* Buffering routines */
-/*
- * Create a new buffered stream
- */
-API_EXPORT(BUFF *)
-ap_bcreate(pool *p, int flags)
-{
-	BUFF *fb;
-
-	fb = ap_palloc(p, sizeof(BUFF));
-	fb->pool = p;
-	fb->bufsiz = DEFAULT_BUFSIZE;
-	fb->flags = flags & (B_RDWR | B_SOCKET);
-
-	if (flags & B_RD)
-		fb->inbase = ap_palloc(p, fb->bufsiz);
-	else
-		fb->inbase = NULL;
-
-	/* overallocate so that we can put a chunk trailer of CRLF into this
-	 * buffer
-	 */
-	if (flags & B_WR)
-		fb->outbase = ap_palloc(p, fb->bufsiz + 2);
-	else
-		fb->outbase = NULL;
-
-	fb->inptr = fb->inbase;
-
-	fb->incnt = 0;
-	fb->outcnt = 0;
-	fb->outchunk = -1;
-	fb->error = NULL;
-	fb->bytes_sent = 0LL;
-
-	fb->fd = -1;
-	fb->fd_in = -1;
-
-	fb->callback_data = NULL;
-	fb->filter_callback = NULL;
-
-	fb->ctx = ap_ctx_new(p);
-
-	return fb;
-}
-
-/*
- * Push some I/O file descriptors onto the stream
- */
-API_EXPORT(void)
-ap_bpushfd(BUFF *fb, int fd_in, int fd_out)
-{
-	fb->fd = fd_out;
-	fb->fd_in = fd_in;
-}
-
-API_EXPORT(int)
-ap_bsetopt(BUFF *fb, int optname, const void *optval)
-{
-	if (optname == BO_BYTECT) {
-		fb->bytes_sent = *(off_t *)optval -
-		    (off_t)fb->outcnt;
-		return 0;
-	}
-	else {
-		errno = EINVAL;
-		return -1;
-	}
-}
-
-API_EXPORT(int)
-ap_bgetopt(BUFF *fb, int optname, void *optval)
-{
-	if (optname == BO_BYTECT) {
-		off_t bs = fb->bytes_sent + fb->outcnt;
-		if (bs < 0LL)
-			bs = 0LL;
-		*(off_t *)optval = bs;
-		return 0;
-	}
-	else {
-		errno = EINVAL;
-		return -1;
-	}
-}
-
-static int bflush_core(BUFF *fb);
-
-/*
- * Start chunked encoding.
- *
- * Note that in order for ap_bputc() to be an efficient macro we have to guarantee
- * that start_chunk() has always been called on the buffer before we leave any
- * routine in this file.  Said another way, if a routine here uses end_chunk()
- * and writes something on the wire, then it has to call start_chunk() or set
- * an error condition before returning.
- */
-static void
-start_chunk(BUFF *fb)
-{
-	if (fb->outchunk != -1) {
-		/* already chunking */
-		return;
-	}
-	if ((fb->flags & (B_WRERR | B_EOUT | B_WR)) != B_WR) {
-		/* unbuffered writes */
-		return;
-	}
-
-	/* we need at least the header_len + at least 1 data byte
-	 * remember that we've overallocated fb->outbase so that we can always
-	 * fit the two byte CRLF trailer
-	 */
-	if (fb->bufsiz - fb->outcnt < CHUNK_HEADER_SIZE + 1)
-		bflush_core(fb);
-
-	fb->outchunk = fb->outcnt;
-	fb->outcnt += CHUNK_HEADER_SIZE;
-}
-
-
-/*
- * end a chunk -- tweak the chunk_header from start_chunk, and add a trailer
- */
-static void
-end_chunk(BUFF *fb)
-{
-	int i;
-	unsigned char *strp;
-
-	if (fb->outchunk == -1) {
-		/* not chunking */
-		return;
-	}
-
-	if (fb->outchunk + CHUNK_HEADER_SIZE == fb->outcnt) {
-		/* nothing was written into this chunk, and we can't write a
-		 * 0 size chunk because that signifies EOF, so just erase it
-		 */
-		fb->outcnt = fb->outchunk;
-		fb->outchunk = -1;
-		return;
-	}
-
-	/* we know this will fit because of how we wrote it in start_chunk() */
-	i = ap_snprintf((char *)&fb->outbase[fb->outchunk], CHUNK_HEADER_SIZE,
-	    "%x", fb->outcnt - fb->outchunk - CHUNK_HEADER_SIZE);
-
-	/* we may have to tack some trailing spaces onto the number we just
-	 * wrote in case it was smaller than our estimated size.  We've also
-	 * written a \0 into the buffer with ap_snprintf so we might have to
-	 * put a \r back in.
-	 */
-	strp = &fb->outbase[fb->outchunk + i];
-	while (i < CHUNK_HEADER_SIZE - 2) {
-		*strp++ = ' ';
-		++i;
-	}
-	*strp++ = CR;
-	*strp = LF;
-
-	/* tack on the trailing CRLF, we've reserved room for this */
-	fb->outbase[fb->outcnt++] = CR;
-	fb->outbase[fb->outcnt++] = LF;
-
-	fb->outchunk = -1;
-}
-
-
-/*
- * Set a flag on (1) or off (0).
- */
-API_EXPORT(int)
-ap_bsetflag(BUFF *fb, int flag, int value)
-{
-	if (value) {
-		fb->flags |= flag;
-		if (flag & B_CHUNK)
-			start_chunk(fb);
-	} else {
-		fb->flags &= ~flag;
-		if (flag & B_CHUNK)
-			end_chunk(fb);
-	}
-	return value;
-}
-
-
-API_EXPORT(int)
-ap_bnonblock(BUFF *fb, int direction)
-{
-	int fd;
-
-	fd = (direction == B_RD) ? fb->fd_in : fb->fd;
-	return fcntl(fd, F_SETFL, O_NONBLOCK);
-}
-
-API_EXPORT(int)
-ap_bfileno(BUFF *fb, int direction)
-{
-	return (direction == B_RD) ? fb->fd_in : fb->fd;
-}
-
-/*
- * This is called instead of read() everywhere in here.  It implements
- * the B_SAFEREAD functionality -- which is to force a flush() if a read()
- * would block.  It also deals with the EINTR errno result from read().
- * return code is like read() except EINTR is eliminated.
- */
-
-#define saferead saferead_guts
-
-/* Test the descriptor and flush the output buffer if it looks like
- * we will block on the next read.
- *
- * Note we assume the caller has ensured that fb->fd_in <= FD_SETSIZE
- */
-API_EXPORT(void)
-ap_bhalfduplex(BUFF *fb)
-{
-	int rv;
-	fd_set fds;
-	struct timeval tv;
-
-	/* We don't need to do anything if the connection has been closed
-	* or there is something readable in the incoming buffer
-	* or there is nothing flushable in the output buffer.
-	*/
-	if (fb == NULL || fb->fd_in < 0 || fb->incnt > 0 || fb->outcnt == 0)
-		return;
-
-	/* test for a block */
-	do {
-		FD_ZERO(&fds);
-		FD_SET(fb->fd_in, &fds);
-		tv.tv_sec = 0;
-		tv.tv_usec = 0;
-		rv = ap_select(fb->fd_in + 1, &fds, NULL, NULL, &tv);
-	} while (rv < 0 && errno == EINTR && !(fb->flags & B_EOUT));
-
-	/* treat any error as if it would block as well */
-	if (rv != 1)
-		ap_bflush(fb);
-}
-
-static ap_inline int
-saferead_guts(BUFF *fb, void *buf, int nbyte)
-{
-	int rv;
-
-	if (fb->flags & B_SAFEREAD)
-		ap_bhalfduplex(fb);
-
-	do {
-		rv = buff_read(fb, buf, nbyte);
-	} while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
-	return (rv);
-}
-
-
-/* A wrapper around saferead which does error checking and EOF checking
- * yeah, it's confusing, this calls saferead, which calls buff_read...
- * and then there's the SFIO case.  Note that saferead takes care
- * of EINTR.
- */
-static int
-read_with_errors(BUFF *fb, void *buf, int nbyte)
-{
-	int rv;
-
-	rv = saferead(fb, buf, nbyte);
-	if (rv == 0)
-		fb->flags |= B_EOF;
-	else if (rv == -1 && errno != EAGAIN)
-		doerror(fb, B_RD);
-	return rv;
-}
-
-
-/*
- * Read up to nbyte bytes into buf.
- * If fewer than byte bytes are currently available, then return those.
- * Returns 0 for EOF, -1 for error.
- * NOTE EBCDIC: The readahead buffer _always_ contains *unconverted* data.
- * Only when the caller retrieves data from the buffer (calls bread)
- * is a conversion done, if the conversion flag is set at that time.
- */
-API_EXPORT(int)
-ap_bread(BUFF *fb, void *buf, int nbyte)
-{
-	int i, nrd;
-
-	if (fb->flags & B_RDERR)
-		return -1;
-	if (nbyte == 0)
-		return 0;
-
-	if (!(fb->flags & B_RD)) {
-		/* Unbuffered reading.  First check if there was something in
-		 * the buffer from before we went unbuffered. */
-		if (fb->incnt) {
-			i = (fb->incnt > nbyte) ? nbyte : fb->incnt;
-			memcpy(buf, fb->inptr, i);
-			fb->incnt -= i;
-			fb->inptr += i;
-			return i;
-		}
-		i = read_with_errors(fb, buf, nbyte);
-		return i;
-	}
-
-	nrd = fb->incnt;
-	/* can we fill the buffer */
-	if (nrd >= nbyte) {
-		memcpy(buf, fb->inptr, nbyte);
-		fb->incnt = nrd - nbyte;
-		fb->inptr += nbyte;
-		return nbyte;
-	}
-
-	if (nrd > 0) {
-		memcpy(buf, fb->inptr, nrd);
-		nbyte -= nrd;
-		buf = nrd + (char *)buf;
-		fb->incnt = 0;
-	}
-	if (fb->flags & B_EOF)
-		return nrd;
-
-	/* do a single read */
-	if (nbyte >= fb->bufsiz) {
-		/* read directly into caller's buffer */
-		i = read_with_errors(fb, buf, nbyte);
-		if (i == -1)
-			return nrd ? nrd : -1;
-	}
-	else {
-		/* read into hold buffer, then memcpy */
-		fb->inptr = fb->inbase;
-		i = read_with_errors(fb, fb->inptr, fb->bufsiz);
-		if (i == -1)
-			return nrd ? nrd : -1;
-		fb->incnt = i;
-		if (i > nbyte)
-			i = nbyte;
-		memcpy(buf, fb->inptr, i);
-		fb->incnt -= i;
-		fb->inptr += i;
-	}
-	return nrd + i;
-}
-
-
-/*
- * Reads from the stream into the array pointed to by buff, until
- * a (CR)LF sequence is read, or end-of-file condition is encountered
- * or until n-1 bytes have been stored in buff. If a CRLF sequence is
- * read, it is replaced by a newline character.  The string is then
- * terminated with a null character.
- *
- * Returns the number of bytes stored in buff, or zero on end of
- * transmission, or -1 on an error.
- *
- * Notes:
- *  If null characters are expected in the data stream, then
- * buff should not be treated as a null terminated C string; instead
- * the returned count should be used to determine the length of the
- * string.
- *  CR characters in the byte stream not immediately followed by a LF
- * will be preserved.
- */
-API_EXPORT(int)
-ap_bgets(char *buff, int n, BUFF *fb)
-{
-	int i, ch, ct;
-
-	/* Can't do bgets on an unbuffered stream */
-	if (!(fb->flags & B_RD)) {
-		errno = EINVAL;
-		return -1;
-	}
-	if (fb->flags & B_RDERR)
-		return -1;
-
-	ct = 0;
-	i = 0;
-	for (;;) {
-		if (i == fb->incnt) {
-			/* no characters left */
-			fb->inptr = fb->inbase;
-			fb->incnt = 0;
-			if (fb->flags & B_EOF)
-				break;
-			i = read_with_errors(fb, fb->inptr, fb->bufsiz);
-			if (i == -1) {
-				buff[ct] = '\0';
-				return ct ? ct : -1;
-			}
-			fb->incnt = i;
-			if (i == 0)
-				break;		/* EOF */
-			i = 0;
-			continue;		/* restart with the new data */
-		}
-
-		ch = fb->inptr[i++];
-		if (ch == LF) {  /* got LF */
-			if (ct == 0)
-				buff[ct++] = '\n';
-			/* if just preceded by CR, replace CR with LF */
-			else if (buff[ct - 1] == CR)
-				buff[ct - 1] = '\n';
-			else if (ct < n - 1)
-				buff[ct++] = '\n';
-			else
-				i--;		/* no room for LF */
-			break;
-		}
-		if (ct == n - 1) {
-			i--;		/* push back ch */
-			break;
-		}
-
-		buff[ct++] = ch;
-	}
-	fb->incnt -= i;
-	fb->inptr += i;
-
-	buff[ct] = '\0';
-	return ct;
-}
-
-/*
- * Looks at the stream fb and places the first character into buff
- * without removing it from the stream buffer.
- *
- * Returns 1 on success, zero on end of transmission, or -1 on an error.
- *
- */
-API_EXPORT(int)
-ap_blookc(char *buff, BUFF *fb)
-{
-	int i;
-
-	*buff = '\0';
-
-	if (!(fb->flags & B_RD)) {	/* Can't do blookc on an unbuffered
-					 * stream */
-		errno = EINVAL;
-		return -1;
-	}
-	if (fb->flags & B_RDERR)
-		return -1;
-
-	if (fb->incnt == 0) {	/* no characters left in stream buffer */
-		fb->inptr = fb->inbase;
-		if (fb->flags & B_EOF)
-			return 0;
-
-		i = read_with_errors(fb, fb->inptr, fb->bufsiz);
-		if (i <= 0)
-			return i;
-		fb->incnt = i;
-	}
-
-	*buff = fb->inptr[0];
-	return 1;
-}
-
-/*
- * Skip data until a linefeed character is read
- * Returns 1 on success, 0 if no LF found, or -1 on error
- */
-API_EXPORT(int)
-ap_bskiplf(BUFF *fb)
-{
-	unsigned char *x;
-	int i;
-
-	/* Can't do bskiplf on an unbuffered stream */
-	if (!(fb->flags & B_RD)) {
-		errno = EINVAL;
-		return -1;
-	}
-	if (fb->flags & B_RDERR)
-		return -1;
-
-	for (;;) {
-		x = (unsigned char *)memchr(fb->inptr, '\012', fb->incnt);
-		if (x != NULL) {
-			x++;
-			fb->incnt -= x - fb->inptr;
-			fb->inptr = x;
-			return 1;
-		}
-
-		fb->inptr = fb->inbase;
-		fb->incnt = 0;
-		if (fb->flags & B_EOF)
-			return 0;
-		i = read_with_errors(fb, fb->inptr, fb->bufsiz);
-		if (i <= 0)
-			return i;
-		fb->incnt = i;
-	}
-}
-
-/*
- * output a single character.  Used by ap_bputs when the buffer
- * is full... and so it'll cause the buffer to be flushed first.
- */
-API_EXPORT(int)
-ap_bflsbuf(int c, BUFF *fb)
-{
-	char ss[1];
-
-	ss[0] = c;
-	return ap_bwrite(fb, ss, 1);
-}
-
-/*
- * Fill the buffer and read a character from it
- */
-API_EXPORT(int)
-ap_bfilbuf(BUFF *fb)
-{
-	int i;
-	char buf[1];
-
-	i = ap_bread(fb, buf, 1);
-	if (i == 0)
-		errno = 0;		/* no error; EOF */
-	if (i != 1)
-		return EOF;
-	else
-		return buf[0];
-}
-
-
-/*
- * When doing chunked encodings we really have to write everything in the
- * chunk before proceeding onto anything else.  This routine either writes
- * nbytes and returns 0 or returns -1 indicating a failure.
- *
- * This is *seriously broken* if used on a non-blocking fd.  It will poll.
- *
- * Deals with calling doerror and setting bytes_sent.
- */
-static int
-write_it_all(BUFF *fb, const void *buf, int nbyte)
-{
-	int i;
-
-	if (fb->flags & (B_WRERR | B_EOUT))
-		return -1;
-
-	while (nbyte > 0) {
-		i = buff_write(fb, buf, nbyte);
-		if (i < 0) {
-			if (errno != EAGAIN && errno != EINTR) {
-				doerror(fb, B_WR);
-				return -1;
-			}
-		}
-		else {
-			nbyte -= i;
-			buf = i + (const char *) buf;
-			fb->bytes_sent += i;
-		}
-		if (fb->flags & B_EOUT)
-			return -1;
-	}
-	return 0;
-}
-
-
-/* Similar to previous, but uses writev.  Note that it modifies vec.
- * return 0 if successful, -1 otherwise.
- *
- * Deals with doerror() and bytes_sent.
- */
-static int
-writev_it_all(BUFF *fb, struct iovec *vec, int nvec)
-{
-	int i, rv;
-
-	if (fb->filter_callback != NULL) {
-		for (i = 0; i < nvec; i++)
-			fb->filter_callback(fb, vec[i].iov_base,
-			    vec[i].iov_len);
-	}
-
-	/* while it's nice an easy to build the vector and crud, it's painful
-	 * to deal with a partial writev()
-	 */
-	i = 0;
-	while (i < nvec) {
-		do
-			if (!ap_hook_call("ap::buff::writev", &rv, fb, &vec[i],
-			    nvec -i))
-				rv = writev(fb->fd, &vec[i], nvec - i);
-		while (rv == -1 && (errno == EINTR || errno == EAGAIN)
-		    && !(fb->flags & B_EOUT));
-		if (rv == -1) {
-			if (errno != EINTR && errno != EAGAIN)
-				doerror(fb, B_WR);
-
-			return -1;
-		}
-		fb->bytes_sent += rv;
-		/* recalculate vec to deal with partial writes */
-		while (rv > 0) {
-			if (rv < vec[i].iov_len) {
-				vec[i].iov_base = (char *)vec[i].iov_base + rv;
-				vec[i].iov_len -= rv;
-				rv = 0;
-			} else {
-				rv -= vec[i].iov_len;
-				++i;
-			}
-		}
-		if (fb->flags & B_EOUT)
-			return -1;
-	}
-	/* if we got here, we wrote it all */
-	return 0;
-}
-
-/* A wrapper for buff_write which deals with error conditions and
- * bytes_sent.  Also handles non-blocking writes.
- */
-static int
-write_with_errors(BUFF *fb, const void *buf, int nbyte)
-{
-	int rv;
-
-	do
-		rv = buff_write(fb, buf, nbyte);
-	while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
-	if (rv == -1) {
-		if (errno != EAGAIN)
-			doerror(fb, B_WR);
-		return -1;
-	} else if (rv == 0) {
-		errno = EAGAIN;
-		return -1;
-	}
-	fb->bytes_sent += rv;
-	return rv;
-}
-
-
-/*
- * A hook to write() that deals with chunking. This is really a protocol-
- * level issue, but we deal with it here because it's simpler; this is
- * an interim solution pending a complete rewrite of all this stuff in
- * 2.0, using something like sfio stacked disciplines or BSD's funopen().
- *
- * Can be used on non-blocking descriptors, but only if they're not chunked.
- * Deals with doerror() and bytes_sent.
- */
-static int
-bcwrite(BUFF *fb, const void *buf, int nbyte)
-{
-	char chunksize[16];		/* Big enough for practically anything */
-	struct iovec vec[3];
-
-	if (fb->flags & (B_WRERR | B_EOUT))
-		return -1;
-
-	if (!(fb->flags & B_CHUNK))
-		return write_with_errors(fb, buf, nbyte);
-
-	vec[0].iov_base = chunksize;
-	vec[0].iov_len = ap_snprintf(chunksize, sizeof(chunksize), "%x" CRLF,
-	    nbyte);
-	vec[1].iov_base = (void *)buf;	/* cast is to avoid const warning */
-	vec[1].iov_len = nbyte;
-	vec[2].iov_base = ascii_CRLF;
-	vec[2].iov_len = 2;
-
-	return writev_it_all(fb, vec,
-	    (sizeof(vec) / sizeof(vec[0]))) ? -1 : nbyte;
-}
-
-
-/*
- * Used to combine the contents of the fb buffer, and a large buffer
- * passed in.
- */
-static int
-large_write(BUFF *fb, const void *buf, int nbyte)
-{
-	struct iovec vec[4];
-	int nvec;
-	char chunksize[16];
-
-	/* it's easiest to end the current chunk */
-	if (fb->flags & B_CHUNK)
-		end_chunk(fb);
-
-	nvec = 0;
-	if (fb->outcnt > 0) {
-		vec[nvec].iov_base = (void *)fb->outbase;
-		vec[nvec].iov_len = fb->outcnt;
-		++nvec;
-	}
-	if (fb->flags & B_CHUNK) {
-		vec[nvec].iov_base = chunksize;
-		vec[nvec].iov_len = ap_snprintf(chunksize, sizeof(chunksize),
-		"%x" CRLF, nbyte);
-		++nvec;
-		vec[nvec].iov_base = (void *)buf;
-		vec[nvec].iov_len = nbyte;
-		++nvec;
-		vec[nvec].iov_base = ascii_CRLF;
-		vec[nvec].iov_len = 2;
-		++nvec;
-	} else {
-		vec[nvec].iov_base = (void *)buf;
-		vec[nvec].iov_len = nbyte;
-		++nvec;
-	}
-
-	fb->outcnt = 0;
-	if (writev_it_all(fb, vec, nvec))
-		return -1;
-	else if (fb->flags & B_CHUNK)
-		start_chunk(fb);
-
-	return nbyte;
-}
-
-
-/*
- * Write nbyte bytes.
- * Only returns fewer than nbyte if an error ocurred.
- * Returns -1 if no bytes were written before the error ocurred.
- * It is worth noting that if an error occurs, the buffer is in an unknown
- * state.
- */
-API_EXPORT(int)
-ap_bwrite(BUFF *fb, const void *buf, int nbyte)
-{
-	int i, nwr, useable_bufsiz;
-
-	if (fb->flags & (B_WRERR | B_EOUT))
-		return -1;
-	if (nbyte == 0)
-		return 0;
-
-	if (!(fb->flags & B_WR)) {
-		/* unbuffered write -- have to use bcwrite since we aren't
-		 * taking care of chunking any other way
-		 */
-		return bcwrite(fb, buf, nbyte);
-	}
-
-	/*
-	 * Detect case where we're asked to write a large buffer, and combine our
-	 * current buffer with it in a single writev().  Note we don't consider
-	 * the case nbyte == 1 because modules which use rputc() loops will cause
-	 * us to use writev() too frequently.  In those cases we really should just
-	 * start a new buffer.
-	 */
-	if (fb->outcnt > 0 && nbyte > LARGE_WRITE_THRESHOLD
-	     && nbyte + fb->outcnt >= fb->bufsiz)
-		return large_write(fb, buf, nbyte);
-
-
-	/*
-	 * Whilst there is data in the buffer, keep on adding to it and
-	 * writing it out
-	 */
-	nwr = 0;
-	while (fb->outcnt > 0) {
-		/* can we accept some data? */
-		i = fb->bufsiz - fb->outcnt;
-		if (i > 0) {
-			if (i > nbyte)
-				i = nbyte;
-			memcpy(fb->outbase + fb->outcnt, buf, i);
-			fb->outcnt += i;
-			nbyte -= i;
-			buf = i + (const char *)buf;
-			nwr += i;
-			if (nbyte == 0)
-				return nwr;	/* return if none left */
-		}
-
-		/* the buffer must be full */
-		if (fb->flags & B_CHUNK) {
-			end_chunk(fb);
-			/* it is just too painful to try to re-cram the buffer while
-			* chunking
-			*/
-			if (write_it_all(fb, fb->outbase, fb->outcnt) == -1) {
-				/* we cannot continue after a chunked error */
-				return -1;
-			}
-			fb->outcnt = 0;
-			break;
-		}
-		i = write_with_errors(fb, fb->outbase, fb->outcnt);
-		if (i <= 0)
-			return nwr ? nwr : -1;
-
-		/* deal with a partial write */
-		if (i < fb->outcnt) {
-			int j, n = fb->outcnt;
-			unsigned char *x = fb->outbase;
-			for (j = i; j < n; j++)
-			x[j - i] = x[j];
-			fb->outcnt -= i;
-		} else
-			fb->outcnt = 0;
-
-		if (fb->flags & B_EOUT)
-		return -1;
-	}
-	/* we have emptied the file buffer. Now try to write the data from the
-	 * original buffer until there is less than bufsiz left.  Note that we
-	 * use bcwrite() to do this for us, it will do the chunking so that
-	 * we don't have to dink around building a chunk in our own buffer.
-	 *
-	 * Note also that bcwrite never does a partial write if we're chunking,
-	 * so we're guaranteed to either end in an error state, or make it
-	 * out of this loop and call start_chunk() below.
-	 *
-	 * Remember we may not be able to use the entire buffer if we're
-	 * chunking.
-	 */
-	useable_bufsiz = fb->bufsiz;
-	if (fb->flags & B_CHUNK)
-		useable_bufsiz -= CHUNK_HEADER_SIZE;
-	while (nbyte >= useable_bufsiz) {
-		i = bcwrite(fb, buf, nbyte);
-		if (i <= 0)
-			return nwr ? nwr : -1;
-
-		buf = i + (const char *)buf;
-		nwr += i;
-		nbyte -= i;
-
-		if (fb->flags & B_EOUT)
-			return -1;
-	}
-	/* copy what's left to the file buffer */
-	fb->outcnt = 0;
-	if (fb->flags & B_CHUNK)
-		start_chunk(fb);
-	if (nbyte > 0)
-		memcpy(fb->outbase + fb->outcnt, buf, nbyte);
-	fb->outcnt += nbyte;
-	nwr += nbyte;
-	return nwr;
-}
-
-
-static int
-bflush_core(BUFF *fb)
-{
-	int i;
-
-	while (fb->outcnt > 0) {
-		i = write_with_errors(fb, fb->outbase, fb->outcnt);
-		if (i <= 0)
-			return -1;
-
-		/*
-		 * We should have written all the data, but if the fd was in a
-		 * strange (non-blocking) mode, then we might not have done so.
-		 */
-		if (i < fb->outcnt) {
-			int j, n = fb->outcnt;
-			unsigned char *x = fb->outbase;
-			for (j = i; j < n; j++)
-			x[j - i] = x[j];
-		}
-		fb->outcnt -= i;
-
-		/* If a soft timeout occurs while flushing, the handler should
-		 * have set the buffer flag B_EOUT.
-		 */
-		if (fb->flags & B_EOUT)
-			return -1;
-	}
-	return 0;
-}
-
-/*
- * Flushes the buffered stream.
- * Returns 0 on success or -1 on error
- */
-API_EXPORT(int)
-ap_bflush(BUFF *fb)
-{
-	int ret;
-
-	if ((fb->flags & (B_WRERR | B_EOUT | B_WR)) != B_WR)
-		return -1;
-
-	if (fb->flags & B_CHUNK)
-		end_chunk(fb);
-
-	ret = bflush_core(fb);
-
-	if (ret == 0 && (fb->flags & B_CHUNK))
-		start_chunk(fb);
-
-	return ret;
-}
-
-/*
- * Flushes and closes the file, even if an error occurred.
- * Discards an data that was not read, or not written by bflush()
- * Sets the EOF flag to indicate no further data can be read,
- * and the EOUT flag to indicate no further data can be written.
- */
-API_EXPORT(int)
-ap_bclose(BUFF *fb)
-{
-	int rc1, rc2, rc3;
-
-	if (fb->flags & B_WR)
-		rc1 = ap_bflush(fb);
-	else
-		rc1 = 0;
-	if (fb->flags & B_SOCKET) {
-		rc2 = ap_pclosesocket(fb->pool, fb->fd);
-		if (fb->fd_in != fb->fd)
-			rc3 = ap_pclosesocket(fb->pool, fb->fd_in);
-		else
-			rc3 = 0;
-	} else {
-		rc2 = ap_pclosef(fb->pool, fb->fd);
-		if (fb->fd_in != fb->fd)
-			rc3 = ap_pclosef(fb->pool, fb->fd_in);
-		else
-			rc3 = 0;
-	}
-
-	fb->inptr = fb->inbase;
-	fb->incnt = 0;
-	fb->outcnt = 0;
-
-	fb->flags |= B_EOF | B_EOUT;
-	fb->fd = -1;
-	fb->fd_in = -1;
-
-	if (rc1 != 0)
-		return rc1;
-	else if (rc2 != 0)
-		return rc2;
-	else
-		return rc3;
-}
-
-/*
- * returns the number of bytes written or -1 on error
- */
-API_EXPORT(int)
-ap_bputs(const char *x, BUFF *fb)
-{
-	int i, j = strlen(x);
-	i = ap_bwrite(fb, x, j);
-	if (i != j)
-		return -1;
-	else
-		return j;
-}
-
-/*
- * returns the number of bytes written or -1 on error
- */
-API_EXPORT_NONSTD(int)
-ap_bvputs(BUFF *fb,...)
-{
-	int i, j, k;
-	va_list v;
-	const char *x;
-
-	va_start(v, fb);
-	for (k = 0;;) {
-		x = va_arg(v, const char *);
-		if (x == NULL)
-			break;
-		j = strlen(x);
-		i = ap_bwrite(fb, x, j);
-		if (i != j) {
-			va_end(v);
-			return -1;
-		}
-		k += i;
-	}
-
-	va_end(v);
-
-	return k;
-}
-
-API_EXPORT(void)
-ap_bonerror(BUFF *fb, void (*error) (BUFF *, int, void *), void *data)
-{
-	fb->error = error;
-	fb->error_data = data;
-}
-
-struct bprintf_data {
-    ap_vformatter_buff	 vbuff;
-    BUFF		*fb;
-};
-
-static int
-bprintf_flush(ap_vformatter_buff *vbuff)
-{
-	struct bprintf_data *b = (struct bprintf_data *)vbuff;
-	BUFF *fb = b->fb;
-
-	fb->outcnt += b->vbuff.curpos - (char *)&fb->outbase[fb->outcnt];
-	if (fb->outcnt == fb->bufsiz)
-		if (ap_bflush(fb))
-			return -1;
-
-	vbuff->curpos = (char *)&fb->outbase[fb->outcnt];
-	vbuff->endpos = (char *)&fb->outbase[fb->bufsiz];
-	return 0;
-}
-
-API_EXPORT_NONSTD(int)
-ap_bprintf(BUFF *fb, const char *fmt, ...)
-{
-	va_list ap;
-	int res;
-	struct bprintf_data b;
-
-	/* XXX: only works with buffered writes */
-	if ((fb->flags & (B_WRERR | B_EOUT | B_WR)) != B_WR)
-		return -1;
-	b.vbuff.curpos = (char *)&fb->outbase[fb->outcnt];
-	b.vbuff.endpos = (char *)&fb->outbase[fb->bufsiz];
-	b.fb = fb;
-	va_start(ap, fmt);
-	res = ap_vformatter(bprintf_flush, &b.vbuff, fmt, ap);
-	va_end(ap);
-	if (res != -1)
-		fb->outcnt += b.vbuff.curpos - (char *)&fb->outbase[fb->outcnt];
-	return res;
-}
-
-API_EXPORT(int) 
-ap_vbprintf(BUFF *fb, const char *fmt, va_list ap)
-{
-	struct bprintf_data b;
-	int res;
-
-	/* XXX: only works with buffered writes */
-	if ((fb->flags & (B_WRERR | B_EOUT | B_WR)) != B_WR)
-		return -1;
-	b.vbuff.curpos = (char *)&fb->outbase[fb->outcnt];
-	b.vbuff.endpos = (char *)&fb->outbase[fb->bufsiz];
-	b.fb = fb;
-	res = ap_vformatter(bprintf_flush, &b.vbuff, fmt, ap);
-	if (res != -1)
-		fb->outcnt += b.vbuff.curpos - (char *)&fb->outbase[fb->outcnt];
-	return res;
-}
- 
diff --git a/usr.sbin/httpd/src/main/fdcache.c b/usr.sbin/httpd/src/main/fdcache.c
deleted file mode 100644
index 1ec95f97580..00000000000
--- a/usr.sbin/httpd/src/main/fdcache.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*	$OpenBSD: fdcache.c,v 1.11 2008/05/14 13:47:05 mbalmer Exp $ */
-
-/*
- * Copyright (c) 2002, 2003 Henning Brauer
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *    - Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    - Redistributions in binary form must reproduce the above
- *      copyright notice, this list of conditions and the following
- *      disclaimer in the documentation and/or other materials provided
- *      with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <err.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-struct fdcache {
-	char		*fname;
-	int		 fd;
-	struct fdcache	*next;
-};
-
-struct fdcache	*fdc;
-
-int
-fdcache_open(char *fn, int flags, mode_t mode)
-{
-	struct fdcache *fdcp = NULL, *tmp = NULL;
-
-	for (fdcp = fdc; fdcp && strcmp(fn, fdcp->fname); fdcp = fdcp->next);
-		/* nothing */
-
-	if (fdcp == NULL) {
-		/* need to open */
-		if ((tmp = calloc(1, sizeof(struct fdcache))) == NULL)
-			err(1, "calloc");
-		if ((tmp->fname = strdup(fn)) == NULL)
-			err(1, "strdup");
-		if ((tmp->fd = open(fn, flags, mode)) < 0)
-			err(1, "Cannot open %s", tmp->fname);
-		tmp->next = fdc;
-		fdc = tmp;
-		return(fdc->fd);
-	} else
-		return(fdcp->fd);	/* fd cached */
-}
-
-void
-fdcache_closeall(void)
-{
-	struct fdcache *fdcp = NULL, *tmp = NULL;
-
-	for (fdcp = fdc; fdcp != NULL; ) {
-		tmp = fdcp;
-		fdcp = tmp->next;
-		if (tmp->fd > 0)
-			close(tmp->fd);
-		free(tmp->fname);
-		free(tmp);
-	}
-}
-
diff --git a/usr.sbin/httpd/src/main/gen_test_char.c b/usr.sbin/httpd/src/main/gen_test_char.c
deleted file mode 100644
index b28200d88b8..00000000000
--- a/usr.sbin/httpd/src/main/gen_test_char.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*	$OpenBSD: gen_test_char.c,v 1.6 2008/05/15 06:05:43 mbalmer Exp $ */
-
-/* we need some of the portability definitions... for strchr */
-#include "httpd.h"
-
-/* A bunch of functions in util.c scan strings looking for certain characters.
- * To make that more efficient we encode a lookup table.
- */
-#define T_ESCAPE_SHELL_CMD	(0x01)
-#define T_ESCAPE_PATH_SEGMENT	(0x02)
-#define T_OS_ESCAPE_PATH	(0x04)
-#define T_HTTP_TOKEN_STOP	(0x08)
-#define T_ESCAPE_LOGITEM	(0x10)
-
-int
-main(int argc, char *argv[])
-{
-	unsigned c;
-	unsigned char flags;
-
-	printf(
-	    "/* this file is automatically generated by gen_test_char, "
-	    "do not edit */\n"
-	    "#define T_ESCAPE_SHELL_CMD	0x%02x "
-	    "/* chars with special meaning in the shell */\n"
-	    "#define T_ESCAPE_PATH_SEGMENT	0x%02x "
-	    "/* find path segment, as defined in RFC1808 */\n"
-	    "#define T_OS_ESCAPE_PATH	0x%02x "
-	    "/* escape characters in a path or uri */\n"
-	    "#define T_HTTP_TOKEN_STOP	0x%02x "
-	    "/* find http tokens, as defined in RFC2616 */\n"
-	    "#define T_ESCAPE_LOGITEM	0x%02x "
-	    "/* filter what should go in the log file */\n"
-	    "\n",
-	    T_ESCAPE_SHELL_CMD,
-	    T_ESCAPE_PATH_SEGMENT,
-	    T_OS_ESCAPE_PATH,
-	    T_HTTP_TOKEN_STOP,
-	    T_ESCAPE_LOGITEM);
-
-	/* we explicitly dealt with NUL above
-	 * in case some strchr() do bogosity with it
-	  */
-
-	printf("static const unsigned char test_char_table[256] = {\n"
-	    "    0x00, ");    /* print initial item */
-
-	for (c = 1; c < 256; ++c) {
-		flags = 0;
-
-		/* escape_shell_cmd */
-		if (strchr("&;`'\"|*?~<>^()[]{}$\\\n", c))
-			flags |= T_ESCAPE_SHELL_CMD;
-
-		if (!ap_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c))
-			flags |= T_ESCAPE_PATH_SEGMENT;
-
-		if (!ap_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c))
-			flags |= T_OS_ESCAPE_PATH;
-
-		/* these are the "tspecials" from RFC2068 */
-		if (ap_iscntrl(c) || strchr(" \t()<>@,;:\\/[]?={}", c))
-			flags |= T_HTTP_TOKEN_STOP;
-
-		/* For logging, escape all control characters, double quotes
-	         * (because they delimit the request in the log file)
-		 * backslashes (because we use backslash for escaping)
-		 * and 8-bit chars with the high bit set
-		 */
-		if (!ap_isprint(c) || c == '"' || c == '\\' || ap_iscntrl(c))
-			flags |= T_ESCAPE_LOGITEM;
-		printf("0x%02x%s", flags, (c < 255) ? ", " : "  ");
-
-		if ((c % 8) == 7)
-			printf(" /*0x%02x...0x%02x*/\n    ", c-7, c);
-	}
-	printf("\n};\n");
-
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/main/gen_uri_delims.c b/usr.sbin/httpd/src/main/gen_uri_delims.c
deleted file mode 100644
index 8d11e752048..00000000000
--- a/usr.sbin/httpd/src/main/gen_uri_delims.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/*	$OpenBSD: gen_uri_delims.c,v 1.3 2008/05/15 06:05:43 mbalmer Exp $ */
-
-#include <stdio.h>
-
-/* generate a table of 256 values, where certain characters are
- * marked "interesting"... for the uri parsing process.
- */
-
-int
-main(int argc, char *argv[])
-{
-	int i;
-	char *value;
-
-	printf("/* this file is automatically generated by "
-	    "gen_uri_delims, do not edit */\n");
-	printf("static const unsigned char uri_delims[256] = {");
-	for (i = 0; i < 256; ++i) {
-		if (i % 20 == 0)
-			printf("\n    ");
-		switch (i) {
-		case ':': 	value = "T_COLON";	break;
-		case '/': 	value = "T_SLASH";	break;
-		case '?': 	value = "T_QUESTION";	break;
-		case '#': 	value = "T_HASH";	break;
-		case '\0': 	value = "T_NUL";	break;
-		default:	value = "0";		break;
-		}
-		printf("%s%c", value, (i < 255) ? ',' : ' ');
-	}
-	printf("\n};\n");
-
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/main/http_config.c b/usr.sbin/httpd/src/main/http_config.c
deleted file mode 100644
index b9027cfc0a2..00000000000
--- a/usr.sbin/httpd/src/main/http_config.c
+++ /dev/null
@@ -1,1885 +0,0 @@
-/* $OpenBSD: http_config.c,v 1.21 2008/05/14 16:11:22 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_config.c: once was auxillary functions for reading httpd's config
- * file and converting filenames into a namespace
- *
- * Rob McCool 
- * 
- * Wall-to-wall rewrite for Apache... commands which are part of the
- * server core can now be found next door in "http_core.c".  Now contains
- * general command loop, and functions which do bookkeeping for the new
- * Apache config stuff (modules and configuration vectors).
- *
- * rst
- *
- */
-
-#define CORE_PRIVATE
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"		/* for errors in parse_htaccess */
-#include "http_main.h"
-#include "http_request.h"	/* for default_handler (see invoke_handler) */
-#include "http_conf_globals.h"	/* Sigh... */
-#include "http_vhost.h"
-#include "explain.h"
-#include "fnmatch.h"
-
-DEF_Explain
-
-/****************************************************************
- *
- * We begin with the functions which deal with the linked list
- * of modules which control just about all of the server operation.
- */
-
-/* total_modules is the number of modules that have been linked
- * into the server.
- */
-static int total_modules = 0;
-/* dynamic_modules is the number of modules that have been added
- * after the pre-loaded ones have been set up. It shouldn't be larger
- * than DYNAMIC_MODULE_LIMIT.
- */
-static int dynamic_modules = 0;
-API_VAR_EXPORT module *top_module = NULL;
-API_VAR_EXPORT module **ap_loaded_modules=NULL;
-
-typedef int (*handler_func) (request_rec *);
-typedef void *(*dir_maker_func) (pool *, char *);
-typedef void *(*merger_func) (pool *, void *, void *);
-
-/* Dealing with config vectors.  These are associated with per-directory,
- * per-server, and per-request configuration, and have a void* pointer for
- * each modules.  The nature of the structure pointed to is private to the
- * module in question... the core doesn't (and can't) know.  However, there
- * are defined interfaces which allow it to create instances of its private
- * per-directory and per-server structures, and to merge the per-directory
- * structures of a directory and its subdirectory (producing a new one in
- * which the defaults applying to the base directory have been properly
- * overridden).
- */
-
-#ifndef ap_get_module_config
-API_EXPORT(void *)
-ap_get_module_config(void *conf_vector, module *m)
-{
-	void **confv = (void **)conf_vector;
-	return confv[m->module_index];
-}
-#endif
-
-#ifndef ap_set_module_config
-API_EXPORT(void)
-ap_set_module_config(void *conf_vector, module *m, void *val)
-{
-	void **confv = (void **) conf_vector;
-	confv[m->module_index] = val;
-}
-#endif
-
-static void *
-create_empty_config(pool *p)
-{
-	void **conf_vector = (void **)ap_pcalloc(p, sizeof(void *) *
-	    (total_modules + DYNAMIC_MODULE_LIMIT));
-	return (void *)conf_vector;
-}
-
-static void *
-create_default_per_dir_config(pool *p)
-{
-	void **conf_vector = (void **)ap_pcalloc(p, sizeof(void *) * 
-	    (total_modules + DYNAMIC_MODULE_LIMIT));
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		dir_maker_func df = modp->create_dir_config;
-
-		if (df)
-			conf_vector[modp->module_index] = (*df) (p, NULL);
-	}
-
-	return (void *) conf_vector;
-}
-
-CORE_EXPORT(void *)
-ap_merge_per_dir_configs(pool *p, void *base, void *new)
-{
-	void **conf_vector = (void **)ap_palloc(p, sizeof(void *) * total_modules);
-	void **base_vector = (void **)base;
-	void **new_vector = (void **)new;
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		merger_func df = modp->merge_dir_config;
-		int i = modp->module_index;
-
-		if (df && new_vector[i])
-			conf_vector[i] = (*df) (p, base_vector[i],
-			    new_vector[i]);
-		else
-			conf_vector[i] = new_vector[i] ?
-			    new_vector[i] : base_vector[i];
-	}
-
-	return (void *) conf_vector;
-}
-
-static void *
-create_server_config(pool *p, server_rec *s)
-{
-	void **conf_vector = (void **)ap_pcalloc(p, sizeof(void *) *
-	    (total_modules + DYNAMIC_MODULE_LIMIT));
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		if (modp->create_server_config)
-			conf_vector[modp->module_index] =
-			    (*modp->create_server_config) (p, s);
-	}
-
-	return (void *)conf_vector;
-}
-
-static void
-merge_server_configs(pool *p, void *base, void *virt)
-{
-	/* Can reuse the 'virt' vector for the spine of it, since we don't
-	* have to deal with the moral equivalent of .htaccess files here...
-	*/
-
-	void **base_vector = (void **)base;
-	void **virt_vector = (void **)virt;
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		merger_func df = modp->merge_server_config;
-		int i = modp->module_index;
-
-		if (!virt_vector[i])
-			virt_vector[i] = base_vector[i];
-		else if (df)
-			virt_vector[i] = (*df)(p, base_vector[i],
-			    virt_vector[i]);
-	}
-}
-
-CORE_EXPORT(void *)
-ap_create_request_config(pool *p)
-{
-	return create_empty_config(p);
-}
-
-CORE_EXPORT(void *)
-ap_create_per_dir_config(pool *p)
-{
-	return create_empty_config(p);
-}
-
-#ifdef EXPLAIN
-
-struct {
-	int	 offset;
-	char	*method;
-} aMethods[] = {
-#define m(meth)	{ XtOffsetOf(module,meth),#meth }
-	m(translate_handler),
-	m(ap_check_user_id),
-	m(auth_checker),
-	m(type_checker),
-	m(fixer_upper),
-	m(logger),
-	{ -1, "?" },
-#undef m
-};
-
-char *
-ShowMethod(module *modp, int offset)
-{
-	int n;
-	static char buf[200];
-
-	for (n = 0; aMethods[n].offset >= 0; ++n)
-		if (aMethods[n].offset == offset)
-			break;
-	ap_snprintf(buf, sizeof(buf), "%s:%s", modp->name, aMethods[n].method);
-	return buf;
-}
-#else
-#define ShowMethod(modp,offset)
-#endif
-
-/****************************************************************
- *
- * Dispatch through the modules to find handlers for various phases
- * of request handling.  These are invoked by http_request.c to actually
- * do the dirty work of slogging through the module structures.
- */
-
-/*
- * Optimized run_method routines.  The observation here is that many modules
- * have NULL for most of the methods.  So we build optimized lists of
- * everything.  If you think about it, this is really just like a sparse array
- * implementation to avoid scanning the zero entries.
- */
-static const int method_offsets[] =
-{
-	XtOffsetOf(module, translate_handler),
-	XtOffsetOf(module, ap_check_user_id),
-	XtOffsetOf(module, auth_checker),
-	XtOffsetOf(module, access_checker),
-	XtOffsetOf(module, type_checker),
-	XtOffsetOf(module, fixer_upper),
-	XtOffsetOf(module, logger),
-	XtOffsetOf(module, header_parser),
-	XtOffsetOf(module, post_read_request)
-};
-#define NMETHODS	(sizeof (method_offsets)/sizeof (method_offsets[0]))
-
-static struct {
-	int translate_handler;
-	int ap_check_user_id;
-	int auth_checker;
-	int access_checker;
-	int type_checker;
-	int fixer_upper;
-	int logger;
-	int header_parser;
-	int post_read_request;
-} offsets_into_method_ptrs;
-
-/*
- * This is just one big array of method_ptrs.  It's constructed such that,
- * for example, method_ptrs[ offsets_into_method_ptrs.logger ] is the first
- * logger function.  You go one-by-one from there until you hit a NULL.
- * This structure was designed to hopefully maximize cache-coolness.
- */
-static handler_func *method_ptrs;
-
-void
-ap_cleanup_method_ptrs()
-{
-	if (method_ptrs)
-		free(method_ptrs);
-}
-
-/* routine to reconstruct all these shortcuts... called after every
- * add_module.
- * XXX: this breaks if modules dink with their methods pointers
- */
-static void
-build_method_shortcuts(void)
-{
-	module *modp;
-	int how_many_ptrs;
-	int i;
-	int next_ptr;
-	handler_func fp;
-
-	if (method_ptrs)
-		/* free up any previous set of method_ptrs */
-		free(method_ptrs);
-
-	/* first we count how many functions we have */
-	how_many_ptrs = 0;
-	for (modp = top_module; modp; modp = modp->next) {
-		for (i = 0; i < NMETHODS; ++i) {
-			if (*(handler_func *)(method_offsets[i] + (char *)modp))
-				++how_many_ptrs;
-		}
-	}
-	method_ptrs = malloc((how_many_ptrs + NMETHODS) * sizeof(handler_func));
-	if (method_ptrs == NULL)
-		fprintf(stderr, "Ouch!  Out of memory in "
-		    "build_method_shortcuts()!\n");
-
-	next_ptr = 0;
-	for (i = 0; i < NMETHODS; ++i) {
-		/* XXX: This is an itsy bit presumptuous about the alignment
-		* constraints on offsets_into_method_ptrs.  I can't remember if
-		* ANSI says this has to be true... -djg */
-		((int *)&offsets_into_method_ptrs)[i] = next_ptr;
-		for (modp = top_module; modp; modp = modp->next) {
-			fp = *(handler_func *)(method_offsets[i] +
-			    (char *)modp);
-			if (fp)
-				method_ptrs[next_ptr++] = fp;
-		}
-		method_ptrs[next_ptr++] = NULL;
-	}
-}
-
-
-static int
-run_method(request_rec *r, int offset, int run_all)
-{
-	int i;
-
-	for (i = offset; method_ptrs[i]; ++i) {
-		handler_func mod_handler = method_ptrs[i];
-
-		if (mod_handler) {
-			int result;
-
-			result = (*mod_handler) (r);
-
-			if (result != DECLINED && (!run_all || result != OK))
-				return result;
-		}
-	}
-
-	return run_all ? OK : DECLINED;
-}
-
-API_EXPORT(int)
-ap_translate_name(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.translate_handler, 0);
-}
-
-API_EXPORT(int)
-ap_check_access(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.access_checker, 1);
-}
-
-API_EXPORT(int)
-ap_find_types(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.type_checker, 0);
-}
-
-API_EXPORT(int)
-ap_run_fixups(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.fixer_upper, 1);
-}
-
-API_EXPORT(int)
-ap_log_transaction(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.logger, 1);
-}
-
-API_EXPORT(int)
-ap_header_parse(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.header_parser, 1);
-}
-
-API_EXPORT(int)
-ap_run_post_read_request(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.post_read_request, 1);
-}
-
-/* Auth stuff --- anything that defines one of these will presumably
- * want to define something for the other.  Note that check_auth is
- * separate from check_access to make catching some config errors easier.
- */
-
-API_EXPORT(int)
-ap_check_user_id(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.ap_check_user_id, 0);
-}
-
-API_EXPORT(int)
-ap_check_auth(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.auth_checker, 0);
-}
-
-/*
- * For speed/efficiency we generate a compact list of all the handlers
- * and wildcard handlers.  This means we won't have to scan the entire
- * module list looking for handlers... where we'll find a whole whack
- * of NULLs.
- */
-typedef struct {
-	handler_rec	hr;
-	size_t		len;
-} fast_handler_rec;
-
-static fast_handler_rec *handlers;
-static fast_handler_rec *wildhandlers;
-
-static void
-init_handlers(pool *p)
-{
-	module *modp;
-	int nhandlers = 0;
-	int nwildhandlers = 0;
-	const handler_rec *handp;
-	fast_handler_rec *ph, *pw;
-	char *starp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		if (!modp->handlers)
-			continue;
-		for (handp = modp->handlers; handp->content_type; ++handp) {
-			if (strchr(handp->content_type, '*'))
-				nwildhandlers ++;
-			else
-				nhandlers ++;
-		}
-	}
-	ph = handlers = ap_palloc(p, sizeof(*ph) * (nhandlers + 1));
-	pw = wildhandlers = ap_palloc(p, sizeof(*pw) * (nwildhandlers + 1));
-	for (modp = top_module; modp; modp = modp->next) {
-		if (!modp->handlers)
-			continue;
-		for (handp = modp->handlers; handp->content_type; ++handp) {
-			if ((starp = strchr(handp->content_type, '*'))) {
-				pw->hr.content_type = handp->content_type;
-				pw->hr.handler = handp->handler;
-				pw->len = starp - handp->content_type;
-				pw ++;
-			} else {
-				ph->hr.content_type = handp->content_type;
-				ph->hr.handler = handp->handler;
-				ph->len = strlen(handp->content_type);
-				ph ++;
-			}
-		}
-	}
-	pw->hr.content_type = NULL;
-	pw->hr.handler = NULL;
-	ph->hr.content_type = NULL;
-	ph->hr.handler = NULL;
-}
-
-API_EXPORT(int)
-ap_invoke_handler(request_rec *r)
-{
-	fast_handler_rec *handp;
-	const char *handler;
-	char *p;
-	size_t handler_len;
-	int result = HTTP_INTERNAL_SERVER_ERROR;
-
-	if (r->handler) {
-		handler = r->handler;
-		handler_len = strlen(handler);
-	} else {
-		handler = r->content_type ?
-		    r->content_type : ap_default_type(r);
-		if ((p = strchr(handler, ';')) != NULL) {
-			/* MIME type arguments */
-			while (p > handler && p[-1] == ' ')
-				--p;		/* strip trailing spaces */
-			handler_len = p - handler;
-		} else
-			handler_len = strlen(handler);
-	}
-
-	/* Pass one --- direct matches */
-	for (handp = handlers; handp->hr.content_type; ++handp) {
-		if (handler_len == handp->len
-		    && !strncmp(handler, handp->hr.content_type, handler_len)) {
-			result = (*handp->hr.handler) (r);
-
-			if (result != DECLINED)
-				return result;
-		}
-	}
-
-	/* Pass two --- wildcard matches */
-	for (handp = wildhandlers; handp->hr.content_type; ++handp) {
-		if (handler_len >= handp->len
-		    && !strncmp(handler, handp->hr.content_type, handp->len)) {
-			result = (*handp->hr.handler) (r);
-
-			if (result != DECLINED)
-				return result;
-		}
-	}
-
-	if (result == HTTP_INTERNAL_SERVER_ERROR && r->handler && r->filename) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
-		    "handler \"%s\" not found for: %s", r->handler,
-		    r->filename);
-	}
-	return HTTP_INTERNAL_SERVER_ERROR;
-}
-
-/* One-time setup for precompiled modules --- NOT to be done on restart */
-
-API_EXPORT(void)
-ap_add_module(module *m)
-{
-	/* This could be called from an AddModule httpd.conf command,
-	* after the file has been linked and the module structure within it
-	* teased out...
-	*/
-
-	if (m->version != MODULE_MAGIC_NUMBER_MAJOR) {
-		fprintf(stderr, "%s: module \"%s\" is not compatible with this "
-		    "version of Apache.\n", ap_server_argv0, m->name);
-		fprintf(stderr, "Please contact the vendor for the correct "
-		    "version.\n");
-		exit(1);
-	}
-
-	if (m->next == NULL) {
-		m->next = top_module;
-		top_module = m;
-	}
-	if (m->module_index == -1) {
-		m->module_index = total_modules++;
-		dynamic_modules++;
-
-		if (dynamic_modules > DYNAMIC_MODULE_LIMIT) {
-			fprintf(stderr, "%s: module \"%s\" could not be "
-			    "loaded, because the dynamic\n", ap_server_argv0,
-			    m->name);
-			fprintf(stderr, "module limit was reached. Please "
-			    "increase DYNAMIC_MODULE_LIMIT and recompile.\n");
-			exit(1);
-		}
-	}
-
-	/* Some C compilers put a complete path into __FILE__, but we want
-	* only the filename (e.g. mod_includes.c). So check for path
-	* components (Unix and DOS), and remove them.
-	*/
-
-	if (strrchr(m->name, '/'))
-		m->name = 1 + strrchr(m->name, '/');
-	if (strrchr(m->name, '\\'))
-		m->name = 1 + strrchr(m->name, '\\');
-
-	/*
-	* Invoke the `add_module' hook inside the now existing set
-	* of modules to let them all now that this module was added.
-	*/
-	{
-		module *m2;
-		for (m2 = top_module; m2 != NULL; m2 = m2->next)
-			if (m2->magic == MODULE_MAGIC_COOKIE_EAPI)
-				if (m2->add_module != NULL)
-					(*m2->add_module)(m);
-	}
-}
-
-/* 
- * remove_module undoes what add_module did. There are some caveats:
- * when the module is removed, its slot is lost so all the current
- * per-dir and per-server configurations are invalid. So we should
- * only ever call this function when you are invalidating almost
- * all our current data. I.e. when doing a restart.
- */
-
-API_EXPORT(void)
-ap_remove_module(module *m)
-{
-	module *modp;
-
-	/*
-	* Invoke the `remove_module' hook inside the now existing
-	* set of modules to let them all now that this module is
-	* beeing removed.
-	*/
-	{
-		module *m2;
-		for (m2 = top_module; m2 != NULL; m2 = m2->next)
-			if (m2->magic == MODULE_MAGIC_COOKIE_EAPI)
-				if (m2->remove_module != NULL)
-					(*m2->remove_module)(m);
-	}
-
-	modp = top_module;
-	if (modp == m) {
-		/* We are the top module, special case */
-		top_module = modp->next;
-		m->next = NULL;
-	} else {
-		/* Not the top module, find use. When found modp will
-		* point to the module _before_ us in the list
-		*/
-
-		while (modp && modp->next != m)
-			modp = modp->next;
-
-		if (!modp) {
-			/* Uh-oh, this module doesn't exist */
-			ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, NULL,
-			    "Cannot remove module %s: not found in module list",
-			    m->name);
-			return;
-		}
-		/* Eliminate us from the module list */
-		modp->next = modp->next->next;
-	}
-
-	m->module_index = -1;	/* simulate being unloaded, should
-	 * be unnecessary */
-	dynamic_modules--;
-	total_modules--;
-}
-
-API_EXPORT(void)
-ap_add_loaded_module(module *mod)
-{
-	module **m;
-
-	/* 
-	*  Add module pointer to top of chained module list 
-	*/
-	ap_add_module(mod);
-
-	/* 
-	*  And module pointer to list of loaded modules 
-	*
-	*  Notes: 1. ap_add_module() would already complain if no more space
-	*            exists for adding a dynamically loaded module
-	*         2. ap_add_module() accepts double-inclusion, so we have
-	*            to accept this, too.
-	*/
-	for (m = ap_loaded_modules; *m != NULL; m++)
-		;
-	*m++ = mod;
-	*m = NULL;
-}
-
-API_EXPORT(void)
-ap_remove_loaded_module(module *mod)
-{
-	module **m;
-	module **m2;
-	int done;
-
-	/* 
-	*  Remove module pointer from chained module list 
-	*/
-	ap_remove_module(mod);
-
-	/* 
-	*  Remove module pointer from list of loaded modules
-	*
-	*  Note: 1. We cannot determine if the module was successfully
-	*           removed by ap_remove_module().
-	*        2. We have not to complain explicity when the module
-	*           is not found because ap_remove_module() did it
-	*           for us already.
-	*/
-	for (m = m2 = ap_loaded_modules, done = 0; *m2 != NULL; m2++) {
-		if (*m2 == mod && done == 0)
-			done = 1;
-		else
-			*m++ = *m2;
-	}
-	*m = NULL;
-}
-
-API_EXPORT(void)
-ap_setup_prelinked_modules(void)
-{
-	module **m;
-	module **m2;
-
-	/*
-	*  Initialise total_modules variable and module indices
-	*/
-	total_modules = 0;
-	for (m = ap_preloaded_modules; *m != NULL; m++)
-		(*m)->module_index = total_modules++;
-
-	/* 
-	*  Initialise list of loaded modules
-	*/
-	ap_loaded_modules = (module **)malloc(
-	sizeof(module *)*(total_modules+DYNAMIC_MODULE_LIMIT+1));
-	if (ap_loaded_modules == NULL) {
-		fprintf(stderr, "Ouch!  Out of memory in "
-		    "ap_setup_prelinked_modules()!\n");
-		exit(1);
-	}
-	for (m = ap_preloaded_modules, m2 = ap_loaded_modules; *m != NULL; )
-		*m2++ = *m++;
-	*m2 = NULL;
-
-	/*
-	*   Initialize chain of linked (=activate) modules
-	*/
-	for (m = ap_prelinked_modules; *m != NULL; m++)
-		ap_add_module(*m);
-}
-
-API_EXPORT(const char *)
-ap_find_module_name(module *m)
-{
-	return m->name;
-}
-
-API_EXPORT(module *)
-ap_find_linked_module(const char *name)
-{
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		if (strcmp(modp->name, name) == 0)
-			return modp;
-	}
-	return NULL;
-}
-
-/* Add a named module.  Returns 1 if module found, 0 otherwise.  */
-API_EXPORT(int)
-ap_add_named_module(const char *name)
-{
-	module *modp;
-	int i = 0;
-
-	for (modp = ap_loaded_modules[i]; modp; modp = ap_loaded_modules[++i]) {
-		if (strcmp(modp->name, name) == 0) {
-			/* Only add modules that are not already enabled.  */
-			if (modp->next == NULL)
-				ap_add_module(modp);
-			return 1;
-		}
-	}
-	return 0;
-}
-
-/* Clear the internal list of modules, in preparation for starting over. */
-API_EXPORT(void)
-ap_clear_module_list()
-{
-	module **m = &top_module;
-	module **next_m;
-
-	while (*m) {
-		next_m = &((*m)->next);
-		*m = NULL;
-		m = next_m;
-	}
-
-	/* This is required; so we add it always.  */
-	ap_add_named_module("http_core.c");
-}
-
-/*****************************************************************
- *
- * Resource, access, and .htaccess config files now parsed by a common
- * command loop.
- *
- * Let's begin with the basics; parsing the line and
- * invoking the function...
- */
-
-static const char *
-invoke_cmd(const command_rec *cmd, cmd_parms *parms, void *mconfig,
-    const char *args)
-{
-	char *w, *w2, *w3;
-	const char *errmsg;
-
-	if ((parms->override & cmd->req_override) == 0)
-		return ap_pstrcat(parms->pool, cmd->name, " not allowed here",
-		    NULL);
-
-	parms->info = cmd->cmd_data;
-	parms->cmd = cmd;
-
-	switch (cmd->args_how) {
-	case RAW_ARGS:
-		return ((const char *(*)(cmd_parms *, void *, const char *))
-		    (cmd->func))(parms, mconfig, args);
-
-	case NO_ARGS:
-		if (*args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes no arguments", NULL);
-
-		return ((const char *(*)(cmd_parms *, void *))
-		    (cmd->func))(parms, mconfig);
-
-	case TAKE1:
-		w = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes one argument", cmd->errmsg ? ", " : NULL,
-			    cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *))
-		    (cmd->func))(parms, mconfig, w);
-
-	case TAKE2:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *w2 == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes two arguments", cmd->errmsg ? ", " : NULL,
-			    cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *))(cmd->func))(parms, mconfig, w, w2);
-
-	case TAKE12:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes 1-2 arguments", cmd->errmsg ? ", " : NULL,
-			    cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *))(cmd->func))(parms, mconfig, w,
-		    *w2 ? w2 : NULL);
-
-	case TAKE3:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = ap_getword_conf(parms->pool, &args);
-		w3 = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *w2 == '\0' || *w3 == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes three arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *, const char *))(cmd->func))(parms, mconfig,
-		    w, w2, w3);
-
-	case TAKE23:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = ap_getword_conf(parms->pool, &args);
-		w3 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-
-		if (*w == '\0' || *w2 == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes two or three arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *, const char *)) (cmd->func)) (parms,
-		    mconfig, w, w2, w3);
-
-	case TAKE123:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-		w3 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-
-		if (*w == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes one, two or three arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *, const char *))(cmd->func))(parms, mconfig,
-		    w, w2, w3);
-
-	case TAKE13:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-		w3 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-
-		if (*w == '\0' || (w2 && *w2 && !w3) || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes one or three arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *, const char *))(cmd->func))(parms,
-		    mconfig, w, w2, w3);
-
-	case ITERATE:
-		while (*(w = ap_getword_conf(parms->pool, &args)) != '\0')
-			if ((errmsg = ((const char *(*)(cmd_parms *, void *,
-			    const char *))(cmd->func))(parms, mconfig, w)))
-				return errmsg;
-
-		return NULL;
-
-	case ITERATE2:
-		w = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *args == 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " requires at least two arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-
-		while (*(w2 = ap_getword_conf(parms->pool, &args)) != '\0')
-			if   ((errmsg = ((const char *(*)(cmd_parms *, void *,
-			    const char *, const char *)) (cmd->func)) (parms,
-			    mconfig, w, w2)))
-				return errmsg;
-
-		return NULL;
-
-	case FLAG:
-		w = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || (strcasecmp(w, "on") && strcasecmp(w, "off")))
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " must be On or Off", NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, int))
-		    (cmd->func))(parms, mconfig, strcasecmp(w, "off") != 0);
-
-	default:
-		return ap_pstrcat(parms->pool, cmd->name,
-		    " is improperly configured internally (server bug)", NULL);
-	}
-}
-
-CORE_EXPORT(const command_rec *)
-ap_find_command(const char *name, const command_rec *cmds)
-{
-	while (cmds->name)
-		if (!strcasecmp(name, cmds->name))
-			return cmds;
-		else
-			++cmds;
-
-	return NULL;
-}
-
-CORE_EXPORT(const command_rec *)
-ap_find_command_in_modules(const char *cmd_name, module **mod)
-{
-	const command_rec *cmdp;
-	module *modp;
-
-	for (modp = *mod; modp; modp = modp->next)
-		if (modp->cmds &&
-		    (cmdp = ap_find_command(cmd_name, modp->cmds))) {
-			*mod = modp;
-			return cmdp;
-		}
-
-	return NULL;
-}
-
-CORE_EXPORT(void *)
-ap_set_config_vectors(cmd_parms *parms, void *config, module *mod)
-{
-	void *mconfig = ap_get_module_config(config, mod);
-	void *sconfig = ap_get_module_config(parms->server->module_config, mod);
-
-	if (!mconfig && mod->create_dir_config) {
-		mconfig = (*mod->create_dir_config)(parms->pool, parms->path);
-		ap_set_module_config(config, mod, mconfig);
-	}
-
-	if (!sconfig && mod->create_server_config) {
-		sconfig = (*mod->create_server_config)(parms->pool,
-		    parms->server);
-		ap_set_module_config(parms->server->module_config, mod,
-		    sconfig);
-	}
-	return mconfig;
-}
-
-CORE_EXPORT(const char *)
-ap_handle_command(cmd_parms *parms, void *config, const char *l)
-{
-	void *oldconfig;
-	const char *args, *cmd_name, *retval;
-	const command_rec *cmd;
-	module *mod = top_module;
-
-	/*
-	* Invoke the `rewrite_command' of modules to allow
-	* they to rewrite the directive line before we
-	* process it.
-	*/
-	{
-		module *m;
-		char *cp;
-		for (m = top_module; m != NULL; m = m->next) {
-			if (m->magic == MODULE_MAGIC_COOKIE_EAPI) {
-				if (m->rewrite_command != NULL) {
-					cp = (m->rewrite_command)(parms,
-					    config, l);
-					if (cp != NULL)
-						l = cp;
-				}
-			}
-		}
-	}
-
-	if ((l[0] == '#') || (!l[0]))
-		return NULL;
-
-	args = l;
-	cmd_name = ap_getword_conf(parms->temp_pool, &args);
-	if (*cmd_name == '\0')
-		return NULL;
-
-	oldconfig = parms->context;
-	parms->context = config;
-	do {
-		if (!(cmd = ap_find_command_in_modules(cmd_name, &mod))) {
-			errno = EINVAL;
-			return ap_pstrcat(parms->pool, "Invalid command '",
-			    cmd_name, "', perhaps mis-spelled or defined by "
-			    "a module not included in the server configuration",
-			    NULL);
-		} else {
-			void *mconfig = ap_set_config_vectors(parms,config,
-			    mod);
-
-			retval = invoke_cmd(cmd, parms, mconfig, args);
-			mod = mod->next;	/* Next time around, 
-						 * skip this one
-						 */
-		}
-	} while (retval && !strcmp(retval, DECLINE_CMD));
-	parms->context = oldconfig;
-
-	return retval;
-}
-
-API_EXPORT(const char *)
-ap_srm_command_loop(cmd_parms *parms, void *config)
-{
-	char l[MAX_STRING_LEN];
-
-	while (!(ap_cfg_getline(l, MAX_STRING_LEN, parms->config_file))) {
-		const char *errmsg = ap_handle_command(parms, config, l);
-		if (errmsg)
-			return errmsg;
-	}
-
-	return NULL;
-}
-
-/*
- * Generic command functions...
- */
-
-API_EXPORT_NONSTD(const char *)
-ap_set_string_slot(cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-	/* This one's pretty generic... */
-
-	int offset = (int)(long)cmd->info;
-	*(char **)(struct_ptr + offset) = arg;
-	return NULL;
-}
-
-API_EXPORT_NONSTD(const char *)
-ap_set_string_slot_lower(cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-	/* This one's pretty generic... */
-
-	int offset = (int)(long)cmd->info;
-	ap_str_tolower(arg);
-	*(char **)(struct_ptr + offset) = arg;
-	return NULL;
-}
-
-API_EXPORT_NONSTD(const char *)
-ap_set_flag_slot(cmd_parms *cmd, char *struct_ptr, int arg)
-{
-	/* This one's pretty generic too... */
-
-	int offset = (int)(long)cmd->info;
-	*(int *)(struct_ptr + offset) = arg ? 1 : 0;
-	return NULL;
-}
-
-API_EXPORT_NONSTD(const char *)
-ap_set_file_slot(cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-	/* Prepend server_root to relative arg.
-	This allows .htaccess to be independent of server_root,
-	so the server can be moved or mirrored with less pain.  */
-	char *p;
-	int offset = (int)(long)cmd->info;
-	arg = ap_os_canonical_filename(cmd->pool, arg);
-	if (ap_os_is_path_absolute(arg))
-		p = arg;
-	else
-		p = ap_make_full_path(cmd->pool, ap_server_root, arg);
-	*(char **)(struct_ptr + offset) = p;
-	return NULL;
-}
-
-/*****************************************************************
- *
- * Reading whole config files...
- */
-
-static cmd_parms default_parms =
-    {NULL, 0, -1, NULL, NULL, NULL, NULL, NULL, NULL, NULL};
-
-API_EXPORT(char *)
-ap_server_root_relative(pool *p, char *file)
-{
-	file = ap_os_canonical_filename(p, file);
-	if(ap_os_is_path_absolute(file))
-		return file;
-	return ap_make_full_path(p, ap_server_root, file);
-}
-
-
-/* This structure and the following functions are needed for the
- * table-based config file reading. They are passed to the
- * cfg_open_custom() routine.
- */
-
-/* Structure to be passed to cfg_open_custom(): it contains an
- * index which is incremented from 0 to nelts on each call to
- * cfg_getline() (which in turn calls arr_elts_getstr())
- * and an array_header pointer for the string array.
- */
-typedef struct {
-	array_header	*array;
-	int		 curr_idx;
-} arr_elts_param_t;
-
-
-/* arr_elts_getstr() returns the next line from the string array. */
-static void *
-arr_elts_getstr(void *buf, size_t bufsiz, void *param)
-{
-	arr_elts_param_t *arr_param = (arr_elts_param_t *) param;
-
-	/* End of array reached? */
-	if (++arr_param->curr_idx > arr_param->array->nelts)
-		return NULL;
-
-	/* return the line */
-	ap_cpystrn(buf,
-	    ((char **)arr_param->array->elts)[arr_param->curr_idx - 1], bufsiz);
-
-	return buf;
-}
-
-
-/* arr_elts_close(): dummy close routine (makes sure no more lines can be read) */
-static int
-arr_elts_close(void *param)
-{
-	arr_elts_param_t *arr_param = (arr_elts_param_t *)param;
-	arr_param->curr_idx = arr_param->array->nelts;
-	return 0;
-}
-
-static void
-process_command_config(server_rec *s, array_header *arr, pool *p, pool *ptemp)
-{
-	const char *errmsg;
-	cmd_parms parms;
-	arr_elts_param_t arr_parms;
-
-	arr_parms.curr_idx = 0;
-	arr_parms.array = arr;
-
-	parms = default_parms;
-	parms.pool = p;
-	parms.temp_pool = ptemp;
-	parms.server = s;
-	parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
-	parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives",
-	    &arr_parms, NULL, arr_elts_getstr, arr_elts_close);
-
-	errmsg = ap_srm_command_loop(&parms, s->lookup_defaults);
-
-	if (errmsg) {
-		fprintf(stderr, "Syntax error in -C/-c directive:\n%s\n",
-		    errmsg);
-		exit(1);
-	}
-
-	ap_cfg_closefile(parms.config_file);
-}
-
-typedef struct {
-	char *fname;
-} fnames;
-
-static int
-fname_alphasort(const void *fn1, const void *fn2)
-{
-	const fnames *f1 = fn1;
-	const fnames *f2 = fn2;
-
-	return strcmp(f1->fname,f2->fname);
-}
-
-CORE_EXPORT(void)
-ap_process_resource_config(server_rec *s, char *fname, pool *p, pool *ptemp)
-{
-	const char *errmsg;
-	cmd_parms parms;
-	struct stat finfo;
-	int ispatt;
-	fname = ap_server_root_relative(p, fname);
-
-	if (!(strcmp(fname, ap_server_root_relative(p, RESOURCE_CONFIG_FILE)))
-	    || !(strcmp(fname, ap_server_root_relative(p, ACCESS_CONFIG_FILE))))
-		if (stat(fname, &finfo) == -1)
-			return;
-
-	/* if we are already chrooted here, it's a restart. strip chroot
-	 * then. */
-	ap_server_strip_chroot(fname, 0);
-
-	/* don't require conf/httpd.conf if we have a -C or -c switch */
-	if((ap_server_pre_read_config->nelts
-	    || ap_server_post_read_config->nelts)
-	    && !(strcmp(fname, ap_server_root_relative(p, SERVER_CONFIG_FILE))))
-		if (stat(fname, &finfo) == -1)
-			return;
-
-	/* 
-	* here we want to check if the candidate file is really a
-	* directory, and most definitely NOT a symlink (to prevent
-	* horrible loops).  If so, let's recurse and toss it back into
-	* the function.
-	*/
-	ispatt = ap_is_fnmatch(fname);
-	if (ispatt || ap_is_rdirectory(fname)) {
-		DIR *dirp;
-		struct DIR_TYPE *dir_entry;
-		int current;
-		array_header *candidates = NULL;
-		fnames *fnew;
-		char *path = ap_pstrdup(p,fname);
-		char *pattern = NULL;
-
-		if(ispatt && (pattern = strrchr(path, '/')) != NULL) {
-			*pattern++ = '\0';
-			if (ap_is_fnmatch(path)) {
-				fprintf(stderr, "%s: wildcard patterns not "
-				    "allowed in Include %s\n", ap_server_argv0,
-				    fname);
-				exit(1);
-			}
-
-			if (!ap_is_rdirectory(path)){ 
-				fprintf(stderr, "%s: Include directory '%s' "
-				    "not found", ap_server_argv0, path);
-				exit(1);
-			}
-			if (!ap_is_fnmatch(pattern)) {
-				fprintf(stderr, "%s: must include a wildcard "
-				    "pattern for Include %s\n", ap_server_argv0,
-				    fname);
-				exit(1);
-			}
-		}
-
-
-		/*
-		* first course of business is to grok all the directory
-		* entries here and store 'em away. Recall we need full
-		* pathnames for this.
-		*/
-		if (ap_configtestonly)
-			fprintf(stdout, "Processing config directory: %s\n",
-			    fname);
-		dirp = ap_popendir(p, path);
-		if (dirp == NULL) {
-			perror("fopen");
-			fprintf(stderr, "%s: could not open config directory "
-			    "%s\n", ap_server_argv0, path);
-			exit(1);
-		}
-		candidates = ap_make_array(p, 1, sizeof(fnames));
-		while ((dir_entry = readdir(dirp)) != NULL) {
-			/* strip out '.' and '..' */
-			if (strcmp(dir_entry->d_name, ".") &&
-			strcmp(dir_entry->d_name, "..") &&
-			(!ispatt ||
-			!ap_fnmatch(pattern,dir_entry->d_name, FNM_PERIOD))) {
-				fnew = (fnames *) ap_push_array(candidates);
-				fnew->fname = ap_make_full_path(p, path,
-				    dir_entry->d_name);
-			}
-		}
-		ap_pclosedir(p, dirp);
-		if (candidates->nelts != 0) {
-			qsort((void *)candidates->elts, candidates->nelts,
-			    sizeof(fnames), fname_alphasort);
-			/*
-			* Now recurse these... we handle errors and
-			* subdirectories via the recursion, which is nice
-			*/
-			for (current = 0; current < candidates->nelts;
-			    ++current) {
-				fnew = &((fnames *) candidates->elts)[current];
-				if (ap_configtestonly)
-					fprintf(stdout, " Processing config "
-					    "file: %s\n", fnew->fname);
-				ap_process_resource_config(s, fnew->fname, p,
-				    ptemp);
-			}
-		}
-		return;
-	}
-    
-	/* GCC's initialization extensions are soooo nice here... */
-
-	parms = default_parms;
-	parms.pool = p;
-	parms.temp_pool = ptemp;
-	parms.server = s;
-	parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
-
-	if (!(parms.config_file = ap_pcfg_openfile(p,fname))) {
-		perror("fopen");
-		fprintf(stderr, "%s: could not open document config file %s\n",
-		    ap_server_argv0, fname);
-		exit(1);
-	}
-
-	errmsg = ap_srm_command_loop(&parms, s->lookup_defaults);
-
-	if (errmsg) {
-		fprintf(stderr, "Syntax error on line %d of %s:\n",
-		    parms.config_file->line_number, parms.config_file->name);
-		fprintf(stderr, "%s\n", errmsg);
-		exit(1);
-	}
-
-	ap_cfg_closefile(parms.config_file);
-}
-
-CORE_EXPORT(int)
-ap_parse_htaccess(void **result, request_rec *r, int override, const char *d,
-const char *access_name)
-	{
-	configfile_t *f = NULL;
-	cmd_parms parms;
-	const char *errmsg;
-	char *filename = NULL;
-	const struct htaccess_result *cache;
-	struct htaccess_result *new;
-	void *dc = NULL;
-
-	/* firstly, search cache */
-	for (cache = r->htaccess; cache != NULL; cache = cache->next)
-		if (cache->override == override && strcmp(cache->dir, d) == 0) {
-			if (cache->htaccess != NULL)
-				*result = cache->htaccess;
-			return OK;
-		}
-
-	parms = default_parms;
-	parms.override = override;
-	parms.pool = r->pool;
-	parms.temp_pool = r->pool;
-	parms.server = r->server;
-	parms.path = ap_pstrdup(r->pool, d);
-
-	/* loop through the access names and find the first one */
-
-	while (access_name[0]) {
-		filename = ap_make_full_path(r->pool, d,
-		    ap_getword_conf(r->pool, &access_name));
-
-		if ((f = ap_pcfg_openfile(r->pool, filename)) != NULL) {
-
-			dc = ap_create_per_dir_config(r->pool);
-
-			parms.config_file = f;
-
-			errmsg = ap_srm_command_loop(&parms, dc);
-
-			ap_cfg_closefile(f);
-
-			if (errmsg) {
-				ap_log_rerror(APLOG_MARK,
-				    APLOG_ALERT|APLOG_NOERRNO, r,
-				    "%s: %s", filename, errmsg);
-				return HTTP_INTERNAL_SERVER_ERROR;
-			}
-			*result = dc;
-			break;
-		} else if (errno != ENOENT && errno != ENOTDIR) {
-			ap_log_rerror(APLOG_MARK, APLOG_CRIT, r,
-			    "%s pcfg_openfile: unable to check htaccess file, "
-			    "ensure it is readable",
-			    filename);
-			ap_table_setn(r->notes, "error-notes",
-			    "Server unable to read htaccess file, denying "
-			    "access to be safe");
-			return HTTP_FORBIDDEN;
-		}
-	}
-
-	/* cache it */
-	new = ap_palloc(r->pool, sizeof(struct htaccess_result));
-	new->dir = parms.path;
-	new->override = override;
-	new->htaccess = dc;
-	/* add to head of list */
-	new->next = r->htaccess;
-	r->htaccess = new;
-
-	return OK;
-}
-
-
-CORE_EXPORT(const char *)
-ap_init_virtual_host(pool *p, const char *hostname, server_rec *main_server,
-    server_rec **ps)
-{
-	server_rec *s = (server_rec *) ap_pcalloc(p, sizeof(server_rec));
-
-	struct rlimit limits;
-
-	getrlimit(RLIMIT_NOFILE, &limits);
-	if (limits.rlim_cur < limits.rlim_max) {
-		limits.rlim_cur += 2;
-		if (setrlimit(RLIMIT_NOFILE, &limits) < 0) {
-			perror("setrlimit(RLIMIT_NOFILE)");
-			fprintf(stderr, "Cannot exceed hard limit for open "
-			    "files");
-		}
-	}
-
-	s->server_admin = NULL;
-	s->server_hostname = NULL;
-	s->error_fname = NULL;
-	s->srm_confname = NULL;
-	s->access_confname = NULL;
-	s->timeout = 0;
-	s->keep_alive_timeout = 0;
-	s->keep_alive = -1;
-	s->keep_alive_max = -1;
-	s->error_log = main_server->error_log;
-	s->loglevel = main_server->loglevel;
-	/* useful default, otherwise we get a port of 0 on redirects */
-	s->port = main_server->port;
-	s->next = NULL;
-
-	s->is_virtual = 1;
-	s->names = ap_make_array(p, 4, sizeof(char **));
-	s->wild_names = ap_make_array(p, 4, sizeof(char **));
-
-	s->module_config = create_empty_config(p);
-	s->lookup_defaults = ap_create_per_dir_config(p);
-
-	s->server_uid = ap_user_id;
-	s->server_gid = ap_group_id;
-
-	s->limit_req_line = main_server->limit_req_line;
-	s->limit_req_fieldsize = main_server->limit_req_fieldsize;
-	s->limit_req_fields = main_server->limit_req_fields;
-
-	s->ctx = ap_ctx_new(p);
-
-	*ps = s;
-
-	return ap_parse_vhost_addrs(p, hostname, s);
-}
-
-
-static void
-fixup_virtual_hosts(pool *p, server_rec *main_server)
-{
-	server_rec *virt;
-
-	for (virt = main_server->next; virt; virt = virt->next) {
-		merge_server_configs(p, main_server->module_config,
-		    virt->module_config);
-
-		virt->lookup_defaults =
-		    ap_merge_per_dir_configs(p, main_server->lookup_defaults,
-		    virt->lookup_defaults);
-
-		if (virt->server_admin == NULL)
-			virt->server_admin = main_server->server_admin;
-
-		if (virt->srm_confname == NULL)
-			virt->srm_confname = main_server->srm_confname;
-
-		if (virt->access_confname == NULL)
-			virt->access_confname = main_server->access_confname;
-
-		if (virt->timeout == 0)
-			virt->timeout = main_server->timeout;
-
-		if (virt->keep_alive_timeout == 0)
-			virt->keep_alive_timeout =
-			    main_server->keep_alive_timeout;
-
-		if (virt->keep_alive == -1)
-			virt->keep_alive = main_server->keep_alive;
-
-		if (virt->keep_alive_max == -1)
-			virt->keep_alive_max = main_server->keep_alive_max;
-
-		if (virt->send_buffer_size == 0)
-			virt->send_buffer_size = main_server->send_buffer_size;
-
-		/* XXX: this is really something that should be dealt with
-		 * by a post-config api phase */
-		ap_core_reorder_directories(p, virt);
-	}
-	ap_core_reorder_directories(p, main_server);
-}
-
-/*****************************************************************
- *
- * Getting *everything* configured... 
- */
-
-static void
-init_config_globals(pool *p)
-{
-	/* ServerRoot, server_confname set in httpd.c */
-
-	ap_standalone = 1;
-	ap_user_name = DEFAULT_USER;
-	if (!ap_server_is_chrooted()) { 
-		/* can't work, just keep old setting */
-		ap_user_id = ap_uname2id(DEFAULT_USER);
-		ap_group_id = ap_gname2id(DEFAULT_GROUP);
-	}
-	ap_daemons_to_start = DEFAULT_START_DAEMON;
-	ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
-	ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
-	ap_daemons_limit = HARD_SERVER_LIMIT;
-	ap_pid_fname = DEFAULT_PIDLOG;
-	ap_scoreboard_fname = DEFAULT_SCOREBOARD;
-	ap_lock_fname = DEFAULT_LOCKFILE;
-	ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD;
-	ap_max_cpu_per_child = DEFAULT_MAX_CPU_PER_CHILD;
-	ap_max_data_per_child = DEFAULT_MAX_DATA_PER_CHILD;
-	ap_max_nofile_per_child = DEFAULT_MAX_NOFILE_PER_CHILD;
-	ap_max_rss_per_child = DEFAULT_MAX_RSS_PER_CHILD;
-	ap_max_stack_per_child = DEFAULT_MAX_STACK_PER_CHILD;
-	ap_listeners = NULL;
-	ap_listenbacklog = DEFAULT_LISTENBACKLOG;
-	ap_extended_status = 0;
-
-	/* Global virtual host hash bucket pointers.  Init to null. */
-	ap_init_vhost_config(p);
-
-	ap_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir));
-}
-
-static server_rec *init_server_config(pool *p)
-{
-	server_rec *s = (server_rec *)ap_pcalloc(p, sizeof(server_rec));
-
-	s->port = 0;
-	s->server_admin = DEFAULT_ADMIN;
-	s->server_hostname = NULL;
-	s->error_fname = DEFAULT_ERRORLOG;
-	s->error_log = stderr;
-	s->loglevel = DEFAULT_LOGLEVEL;
-	s->srm_confname = RESOURCE_CONFIG_FILE;
-	s->access_confname = ACCESS_CONFIG_FILE;
-	s->limit_req_line = DEFAULT_LIMIT_REQUEST_LINE;
-	s->limit_req_fieldsize = DEFAULT_LIMIT_REQUEST_FIELDSIZE;
-	s->limit_req_fields = DEFAULT_LIMIT_REQUEST_FIELDS;
-	s->timeout = DEFAULT_TIMEOUT;
-	s->keep_alive_timeout = DEFAULT_KEEPALIVE_TIMEOUT;
-	s->keep_alive_max = DEFAULT_KEEPALIVE;
-	s->keep_alive = 1;
-	s->next = NULL;
-	s->addrs = ap_pcalloc(p, sizeof(server_addr_rec));
-	/* NOT virtual host; don't match any real network interface */
-	memset(&s->addrs->host_addr, 0, sizeof(s->addrs->host_addr));
-#if 0
-	s->addrs->host_addr.ss_family = ap_default_family;
-	/* XXX: needed?, XXX: PF_xxx can be different from AF_xxx */
-#endif
-#ifdef HAVE_SOCKADDR_LEN
-	s->addrs->host_addr.ss_len = sizeof(s->addrs->host_addr); 
-	/* XXX: needed ? */
-#endif
-	s->addrs->host_port = 0;	/* matches any port */
-	s->addrs->virthost = "";	/* must be non-NULL */
-	s->names = s->wild_names = NULL;
-
-	s->module_config = create_server_config(p, s);
-	s->lookup_defaults = create_default_per_dir_config(p);
-
-	s->ctx = ap_ctx_new(p);
-
-	return s;
-}
-
-
-static void
-default_listeners(pool *p, server_rec *s)
-{
-	listen_rec *new;
-	struct addrinfo hints, *res0, *res;
-	int gai;
-	char servbuf[NI_MAXSERV];
-
-	if (ap_listeners != NULL)
-		return;
-
-	ap_snprintf(servbuf, sizeof(servbuf), "%d", s->port ?
-	    s->port : DEFAULT_HTTP_PORT);
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_family = ap_default_family;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_flags = AI_PASSIVE;
-	gai = getaddrinfo(NULL, servbuf, &hints, &res0);
-	if (gai){
-		fprintf(stderr, "default_listeners(): getaddrinfo(PASSIVE) "
-		    "for family %u: %s\n", ap_default_family,
-		    gai_strerror(gai));
-		exit (1);
-	}
-	/* allocate a default listener */
-	new = ap_pcalloc(p, sizeof(listen_rec));
-	memcpy(&new->local_addr, res0->ai_addr, res0->ai_addrlen);
-	new->fd = -1;
-	new->used = 0;
-	new->next = NULL;
-	ap_listeners = new;
-
-	freeaddrinfo(res0);
-}
-
-
-API_EXPORT(server_rec *)
-ap_read_config(pool *p, pool *ptemp, char *confname)
-{
-	server_rec *s = init_server_config(p);
-
-	init_config_globals(p);
-
-	/* All server-wide config files now have the SAME syntax... */
-
-	process_command_config(s, ap_server_pre_read_config, p, ptemp);
-
-	ap_process_resource_config(s, confname, p, ptemp);
-	ap_process_resource_config(s, s->srm_confname, p, ptemp);
-	ap_process_resource_config(s, s->access_confname, p, ptemp);
-
-	process_command_config(s, ap_server_post_read_config, p, ptemp);
-
-	fixup_virtual_hosts(p, s);
-	default_listeners(p, s);
-	ap_fini_vhost_config(p, s);
-
-	return s;
-}
-
-API_EXPORT(void)
-ap_single_module_configure(pool *p, server_rec *s, module *m)
-{
-	if (m->create_server_config)
-		ap_set_module_config(s->module_config, m,
-		    (*m->create_server_config)(p, s));
-	if (m->create_dir_config)
-		ap_set_module_config(s->lookup_defaults, m,
-		    (*m->create_dir_config)(p, NULL));
-}
-
-API_EXPORT(void)
-ap_init_modules(pool *p, server_rec *s)
-{
-	module *m;
-
-	for (m = top_module; m; m = m->next)
-		if (m->init)
-			(*m->init) (s, p);
-	build_method_shortcuts();
-	init_handlers(p);
-}
-
-API_EXPORT(void)
-ap_child_init_modules(pool *p, server_rec *s)
-{
-	module *m;
-
-	for (m = top_module; m; m = m->next)
-		if (m->child_init)
-			(*m->child_init) (s, p);
-}
-
-API_EXPORT(void)
-ap_child_exit_modules(pool *p, server_rec *s)
-{
-	module *m;
-
-	signal(SIGHUP, SIG_IGN);
-	signal(SIGUSR1, SIG_IGN);
-
-	for (m = top_module; m; m = m->next)
-		if (m->child_exit)
-			(*m->child_exit) (s, p);
-
-}
-
-/********************************************************************
- * Configuration directives are restricted in terms of where they may
- * appear in the main configuration files and/or .htaccess files according
- * to the bitmask req_override in the command_rec structure.
- * If any of the overrides set in req_override are also allowed in the
- * context in which the command is read, then the command is allowed.
- * The context is determined as follows:
- *
- *    inside *.conf --> override = (RSRC_CONF|OR_ALL)&~(OR_AUTHCFG|OR_LIMIT);
- *    within <Directory> or <Location> --> override = OR_ALL|ACCESS_CONF;
- *    within .htaccess --> override = AllowOverride for current directory;
- *
- * the result is, well, a rather confusing set of possibilities for when
- * a particular directive is allowed to be used.  This procedure prints
- * in English where the given (pc) directive can be used.
- */
-static void
-show_overrides(const command_rec *pc, module *pm)
-{
-	int n = 0;
-
-	printf("\tAllowed in *.conf ");
-	if ((pc->req_override & (OR_OPTIONS | OR_FILEINFO | OR_INDEXES)) ||
-	    ((pc->req_override & RSRC_CONF) &&
-	    ((pc->req_override & (ACCESS_CONF | OR_AUTHCFG | OR_LIMIT)))))
-		printf("anywhere");
-	else if (pc->req_override & RSRC_CONF)
-		printf("only outside <Directory>, <Files> or <Location>");
-	else
-		printf("only inside <Directory>, <Files> or <Location>");
-
-	/* Warn if the directive is allowed inside <Directory> or .htaccess
-	 * but module doesn't support per-dir configuration */
-
-	if ((pc->req_override & (OR_ALL | ACCESS_CONF))
-	    && !pm->create_dir_config)
-		printf(" [no per-dir config]");
-
-	if (pc->req_override & OR_ALL) {
-		printf(" and in .htaccess\n\twhen AllowOverride");
-
-		if ((pc->req_override & OR_ALL) == OR_ALL)
-			printf(" isn't None");
-		else {
-			printf(" includes ");
-
-			if (pc->req_override & OR_AUTHCFG) {
-				if (n++)
-					printf(" or ");
-				printf("AuthConfig");
-			}
-			if (pc->req_override & OR_LIMIT) {
-				if (n++)
-					printf(" or ");
-				printf("Limit");
-			}
-			if (pc->req_override & OR_OPTIONS) {
-				if (n++)
-					printf(" or ");
-				printf("Options");
-			}
-			if (pc->req_override & OR_FILEINFO) {
-				if (n++)
-					printf(" or ");
-				printf("FileInfo");
-			}
-			if (pc->req_override & OR_INDEXES) {
-				if (n++)
-					printf(" or ");
-				printf("Indexes");
-			}
-		}
-	}
-	printf("\n");
-}
-
-/* Show the preloaded configuration directives, the help string explaining
- * the directive arguments, in what module they are handled, and in
- * what parts of the configuration they are allowed.  Used for httpd -L.
- */
-API_EXPORT(void)
-ap_show_directives(void)
-{
-	const command_rec *pc;
-	int n;
-
-	for (n = 0; ap_loaded_modules[n]; ++n)
-		for (pc = ap_loaded_modules[n]->cmds; pc && pc->name; ++pc) {
-			printf("%s (%s)\n", pc->name,
-			    ap_loaded_modules[n]->name);
-			if (pc->errmsg)
-				printf("\t%s\n", pc->errmsg);
-			show_overrides(pc, ap_loaded_modules[n]);
-		}
-}
-
-/* Show the preloaded module names.  Used for httpd -l. */
-API_EXPORT(void)
-ap_show_modules(void)
-{
-	int n;
-
-	printf("Compiled-in modules:\n");
-	for (n = 0; ap_loaded_modules[n]; ++n)
-		printf("  %s\n", ap_loaded_modules[n]->name);
-
-	printf("suexec: %s\n", ap_suexec_enabled
-	    ? "enabled; valid wrapper " SUEXEC_BIN
-	    : "disabled; invalid wrapper " SUEXEC_BIN);
-}
diff --git a/usr.sbin/httpd/src/main/http_core.c b/usr.sbin/httpd/src/main/http_core.c
deleted file mode 100644
index 5f416f0ea3a..00000000000
--- a/usr.sbin/httpd/src/main/http_core.c
+++ /dev/null
@@ -1,3545 +0,0 @@
-/* $OpenBSD: http_core.c,v 1.27 2010/05/10 02:00:50 krw Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_protocol.h"	/* For index_of_response().  Grump. */
-#include "http_request.h"
-#include "http_conf_globals.h"
-#include "http_vhost.h"
-#include "http_main.h"		/* For the default_handler below... */
-#include "http_log.h"
-#include "rfc1413.h"
-#include "util_md5.h"
-#include "scoreboard.h"
-#include "fnmatch.h"
-
-#include <sys/mman.h>
-
-/* mmap support for static files based on ideas from John Heidemann's
- * patch against 1.0.5.  See
- * <http://www.isi.edu/~johnh/SOFTWARE/APACHE/index.html>.
- */
-
-/* Files have to be at least this big before they're mmap()d.  This is to deal
- * with systems where the expense of doing an mmap() and an munmap() outweighs
- * the benefit for small files.  It shouldn't be set lower than 1.
- */
-#ifndef MMAP_THRESHOLD
-#define MMAP_THRESHOLD		1
-#endif
-#ifndef MMAP_LIMIT
-#define MMAP_LIMIT              (4*1024*1024)
-#endif
-
-/* Server core module... This module provides support for really basic
- * server operations, including options and commands which control the
- * operation of other modules.  Consider this the bureaucracy module.
- *
- * The core module also defines handlers, etc., do handle just enough
- * to allow a server with the core module ONLY to actually serve documents
- * (though it slaps DefaultType on all of 'em); this was useful in testing,
- * but may not be worth preserving.
- *
- * This file could almost be mod_core.c, except for the stuff which affects
- * the http_conf_globals.
- */
-
-static void *
-create_core_dir_config(pool *a, char *dir)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_pcalloc(a, sizeof(core_dir_config));
-	if (!dir || dir[strlen(dir) - 1] == '/')
-		conf->d = dir;
-	else if (strncmp(dir, "proxy:", 6) == 0)
-		conf->d = ap_pstrdup(a, dir);
-	else
-		conf->d = ap_pstrcat(a, dir, "/", NULL);
-
-	conf->d_is_fnmatch = conf->d ? (ap_is_fnmatch(conf->d) != 0) : 0;
-	conf->d_components = conf->d ? ap_count_dirs(conf->d) : 0;
-
-	conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL;
-	conf->opts_add = conf->opts_remove = OPT_NONE;
-	conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL;
-
-	conf->content_md5 = 2;
-
-	conf->use_canonical_name = USE_CANONICAL_NAME_UNSET;
-
-	conf->hostname_lookups = HOSTNAME_LOOKUP_UNSET;
-	conf->do_rfc1413 = DEFAULT_RFC1413 | 2; /* set bit 1 to indicate
-						 * default
-						 */
-	conf->satisfy = SATISFY_NOSPEC;
-
-	conf->limit_cpu = NULL;
-	conf->limit_mem = NULL;
-	conf->limit_nproc = NULL;
-	conf->limit_nofile = NULL;
-
-	conf->limit_req_body = 0;
-	conf->sec = ap_make_array(a, 2, sizeof(void *));
-
-	conf->server_signature = srv_sig_unset;
-
-	conf->add_default_charset = ADD_DEFAULT_CHARSET_UNSET;
-	conf->add_default_charset_name = DEFAULT_ADD_DEFAULT_CHARSET_NAME;
-
-	/* Flag for use of inodes in ETags. */
-	conf->etag_bits = ETAG_UNSET;
-	conf->etag_add = ETAG_UNSET;
-	conf->etag_remove = ETAG_UNSET;
-
-	return (void *)conf;
-}
-
-static void *
-merge_core_dir_configs(pool *a, void *basev, void *newv)
-{
-	core_dir_config *base = (core_dir_config *)basev;
-	core_dir_config *new = (core_dir_config *)newv;
-	core_dir_config *conf;
-	int i;
-
-	conf = (core_dir_config *)ap_palloc(a, sizeof(core_dir_config));
-	memcpy((char *)conf, (const char *)base, sizeof(core_dir_config));
-	if (base->response_code_strings) {
-		conf->response_code_strings =
-		ap_palloc(a, sizeof(*conf->response_code_strings)
-		    * RESPONSE_CODES);
-		memcpy(conf->response_code_strings, base->response_code_strings,
-		    sizeof(*conf->response_code_strings) * RESPONSE_CODES);
-	}
-
-	conf->d = new->d;
-	conf->d_is_fnmatch = new->d_is_fnmatch;
-	conf->d_components = new->d_components;
-	conf->r = new->r;
-
-	if (new->opts & OPT_UNSET) {
-		/* there was no explicit setting of new->opts, so we merge
-		* preserve the invariant (opts_add & opts_remove) == 0
-		*/
-		conf->opts_add = (conf->opts_add & ~new->opts_remove) |
-		    new->opts_add;
-		conf->opts_remove = (conf->opts_remove & ~new->opts_add) |
-		    new->opts_remove;
-		conf->opts = (conf->opts & ~conf->opts_remove) | conf->opts_add;
-		if ((base->opts & OPT_INCNOEXEC) && (new->opts & OPT_INCLUDES))
-			conf->opts = (conf->opts & ~OPT_INCNOEXEC) |
-			    OPT_INCLUDES;
-	} else {
-		/* otherwise we just copy, because an explicit opts setting
-		* overrides all earlier +/- modifiers
-		*/
-		conf->opts = new->opts;
-		conf->opts_add = new->opts_add;
-		conf->opts_remove = new->opts_remove;
-	}
-
-	if (!(new->override & OR_UNSET))
-		conf->override = new->override;
-	if (new->ap_default_type)
-		conf->ap_default_type = new->ap_default_type;
-	if (new->ap_auth_type)
-		conf->ap_auth_type = new->ap_auth_type;
-	if (new->ap_auth_name)
-		conf->ap_auth_name = new->ap_auth_name;
-	if (new->ap_auth_nonce)
-		conf->ap_auth_nonce = new->ap_auth_nonce;
-	if (new->ap_requires)
-		conf->ap_requires = new->ap_requires;
-
-	if (new->response_code_strings) {
-		if (conf->response_code_strings == NULL) {
-			conf->response_code_strings = ap_palloc(a,
-			    sizeof(*conf->response_code_strings) *
-			    RESPONSE_CODES);
-			memcpy(conf->response_code_strings,
-			    new->response_code_strings,
-			    sizeof(*conf->response_code_strings) *
-			    RESPONSE_CODES);
-		} else {
-			for (i = 0; i < RESPONSE_CODES; ++i) {
-				if (new->response_code_strings[i] != NULL)
-					conf->response_code_strings[i]
-					    = new->response_code_strings[i];
-			}
-		}
-	}
-	if (new->hostname_lookups != HOSTNAME_LOOKUP_UNSET)
-		conf->hostname_lookups = new->hostname_lookups;
-	if ((new->do_rfc1413 & 2) == 0)
-		conf->do_rfc1413 = new->do_rfc1413;
-	if ((new->content_md5 & 2) == 0)
-		conf->content_md5 = new->content_md5;
-	if (new->use_canonical_name != USE_CANONICAL_NAME_UNSET)
-		conf->use_canonical_name = new->use_canonical_name;
-
-	if (new->limit_cpu)
-		conf->limit_cpu = new->limit_cpu;
-	if (new->limit_mem)
-		conf->limit_mem = new->limit_mem;
-	if (new->limit_nproc)
-		conf->limit_nproc = new->limit_nproc;
-	if (new->limit_nofile)
-		conf->limit_nofile = new->limit_nofile;
-
-	if (new->limit_req_body)
-		conf->limit_req_body = new->limit_req_body;
-
-	conf->sec = ap_append_arrays(a, base->sec, new->sec);
-
-	if (new->satisfy != SATISFY_NOSPEC)
-		conf->satisfy = new->satisfy;
-
-	if (new->server_signature != srv_sig_unset)
-		conf->server_signature = new->server_signature;
-
-	if (new->add_default_charset != ADD_DEFAULT_CHARSET_UNSET) {
-		conf->add_default_charset = new->add_default_charset;
-		if (new->add_default_charset_name)
-			conf->add_default_charset_name =
-			    new->add_default_charset_name;
-	}
-
-	/* Now merge the setting of the FileETag directive. */
-	if (new->etag_bits == ETAG_UNSET) {
-		conf->etag_add =
-		    (conf->etag_add & (~ new->etag_remove)) | new->etag_add;
-		conf->etag_remove =
-		    (conf->opts_remove & (~ new->etag_add)) | new->etag_remove;
-		conf->etag_bits =
-		    (conf->etag_bits & (~ conf->etag_remove)) | conf->etag_add;
-	} else {
-		conf->etag_bits = new->etag_bits;
-		conf->etag_add = new->etag_add;
-		conf->etag_remove = new->etag_remove;
-	}
-	if (conf->etag_bits != ETAG_NONE)
-		conf->etag_bits &= (~ ETAG_NONE);
-
-	if (new->cgi_command_args != AP_FLAG_UNSET)
-		conf->cgi_command_args = new->cgi_command_args;
-	ap_server_strip_chroot(conf->d, 0);
-
-	return (void*)conf;
-}
-
-static void *
-create_core_server_config(pool *a, server_rec *s)
-{
-	core_server_config *conf;
-	int is_virtual = s->is_virtual;
-
-	conf = (core_server_config *)ap_pcalloc(a, sizeof(core_server_config));
-#ifdef GPROF
-	conf->gprof_dir = NULL;
-#endif
-	conf->access_name = is_virtual ? NULL : DEFAULT_ACCESS_FNAME;
-	conf->ap_document_root = is_virtual ? NULL : DOCUMENT_LOCATION;
-	conf->sec = ap_make_array(a, 40, sizeof(void *));
-	conf->sec_url = ap_make_array(a, 40, sizeof(void *));
-
-	/* recursion stopper */
-	conf->redirect_limit = 0;
-	conf->subreq_limit = 0;
-	conf->recursion_limit_set = 0;
-
-	return (void *)conf;
-}
-
-static void *
-merge_core_server_configs(pool *p, void *basev, void *virtv)
-{
-	core_server_config *base = (core_server_config *)basev;
-	core_server_config *virt = (core_server_config *)virtv;
-	core_server_config *conf;
-
-	conf = (core_server_config *)ap_pcalloc(p, sizeof(core_server_config));
-	*conf = *virt;
-	if (!conf->access_name)
-		conf->access_name = base->access_name;
-	if (!conf->ap_document_root)
-		conf->ap_document_root = base->ap_document_root;
-
-	conf->sec = ap_append_arrays(p, base->sec, virt->sec);
-	conf->sec_url = ap_append_arrays(p, base->sec_url, virt->sec_url);
-
-	conf->redirect_limit = virt->recursion_limit_set
-	    ? virt->redirect_limit : base->redirect_limit;
-
-	conf->subreq_limit = virt->recursion_limit_set
-	    ? virt->subreq_limit : base->subreq_limit;
-
-	return conf;
-}
-
-/* Add per-directory configuration entry (for <directory> section);
- * these are part of the core server config.
- */
-
-CORE_EXPORT(void)
-ap_add_per_dir_conf(server_rec *s, void *dir_config)
-{
-	core_server_config *sconf = ap_get_module_config(s->module_config,
-	    &core_module);
-	void **new_space = (void **)ap_push_array(sconf->sec);
-
-	*new_space = dir_config;
-}
-
-CORE_EXPORT(void)
-ap_add_per_url_conf(server_rec *s, void *url_config)
-{
-	core_server_config *sconf = ap_get_module_config(s->module_config,
-	    &core_module);
-	void **new_space = (void **)ap_push_array(sconf->sec_url);
-
-	*new_space = url_config;
-}
-
-CORE_EXPORT(void)
-ap_add_file_conf(core_dir_config *conf, void *url_config)
-{
-	void **new_space = (void **)ap_push_array(conf->sec);
-
-	*new_space = url_config;
-}
-
-/* core_reorder_directories reorders the directory sections such that the
- * 1-component sections come first, then the 2-component, and so on, finally
- * followed by the "special" sections.  A section is "special" if it's a regex,
- * or if it doesn't start with / -- consider proxy: matching.  All movements
- * are in-order to preserve the ordering of the sections from the config files.
- * See directory_walk().
- */
-
-#define IS_SPECIAL(entry_core)	\
-    ((entry_core)->r != NULL || (entry_core)->d[0] != '/')
-
-/* We need to do a stable sort, qsort isn't stable.  So to make it stable
- * we'll be maintaining the original index into the list, and using it
- * as the minor key during sorting.  The major key is the number of
- * components (where a "special" section has infinite components).
- */
-struct reorder_sort_rec {
-	void	*elt;
-	int	 orig_index;
-};
-
-static int
-reorder_sorter(const void *va, const void *vb)
-{
-	const struct reorder_sort_rec *a = va;
-	const struct reorder_sort_rec *b = vb;
-	core_dir_config *core_a;
-	core_dir_config *core_b;
-
-	core_a = (core_dir_config *)ap_get_module_config(a->elt, &core_module);
-	core_b = (core_dir_config *)ap_get_module_config(b->elt, &core_module);
-	if (IS_SPECIAL(core_a)) {
-		if (!IS_SPECIAL(core_b))
-			return 1;
-	} else if (IS_SPECIAL(core_b))
-		return -1;
-	else {
-		/* we know they're both not special */
-		if (core_a->d_components < core_b->d_components)
-			return -1;
-		else if (core_a->d_components > core_b->d_components)
-			return 1;
-	}
-	/* Either they're both special, or they're both not special and have the
-	* same number of components.  In any event, we now have to compare
-	* the minor key. */
-	return a->orig_index - b->orig_index;
-}
-
-CORE_EXPORT(void)
-ap_core_reorder_directories(pool *p, server_rec *s)
-{
-	core_server_config *sconf;
-	array_header *sec;
-	struct reorder_sort_rec *sortbin;
-	int nelts;
-	void **elts;
-	int i;
-	pool *tmp;
-
-	sconf = ap_get_module_config(s->module_config, &core_module);
-	sec = sconf->sec;
-	nelts = sec->nelts;
-	elts = (void **)sec->elts;
-
-	/* we have to allocate tmp space to do a stable sort */
-	tmp = ap_make_sub_pool(p);
-	sortbin = ap_palloc(tmp, sec->nelts * sizeof(*sortbin));
-	for (i = 0; i < nelts; ++i) {
-		sortbin[i].orig_index = i;
-		sortbin[i].elt = elts[i];
-	}
-
-	qsort(sortbin, nelts, sizeof(*sortbin), reorder_sorter);
-
-	/* and now copy back to the original array */
-	for (i = 0; i < nelts; ++i)
-		elts[i] = sortbin[i].elt;
-
-	ap_destroy_pool(tmp);
-}
-
-/*****************************************************************
- *
- * There are some elements of the core config structures in which
- * other modules have a legitimate interest (this is ugly, but necessary
- * to preserve NCSA back-compatibility).  So, we have a bunch of accessors
- * here...
- */
-
-API_EXPORT(int)
-ap_allow_options(request_rec *r)
-{
-	core_dir_config *conf = 
-	    (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-
-	return conf->opts; 
-} 
-
-API_EXPORT(int)
-ap_allow_overrides(request_rec *r) 
-{ 
-	core_dir_config *conf;
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-
-	return conf->override; 
-} 
-
-API_EXPORT(const char *)
-ap_auth_type(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-	return conf->ap_auth_type;
-}
-
-API_EXPORT(const char *)
-ap_auth_name(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-	return conf->ap_auth_name;
-}
-
-API_EXPORT(const char *)
-ap_auth_nonce(request_rec *r)
-{
-	core_dir_config *conf;
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-	if (conf->ap_auth_nonce)
-		return conf->ap_auth_nonce;
-
-	/* Ideally we'd want to mix in some per-directory style
-	 * information; as we are likely to want to detect replay
-	 * across those boundaries and some randomness. But that
-	 * is harder due to the adhoc nature of .htaccess memory
-	 * structures, restarts and forks.
-	 *
-	 * But then again - you should use AuthDigestRealmSeed in your config
-	 * file if you care. So the adhoc value should do.
-	 */
-	return ap_psprintf(r->pool,"%pp%pp%pp%pp%pp",
-	    (void *)&(r->connection->local_host),
-	    (void *)ap_user_name,
-	    (void *)ap_listeners,
-	    (void *)ap_server_argv0,
-	    (void *)ap_pid_fname);
-}
-
-API_EXPORT(const char *)
-ap_default_type(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-	return conf->ap_default_type 
-	    ? conf->ap_default_type : DEFAULT_CONTENT_TYPE;
-}
-
-API_EXPORT(const char *)
-ap_document_root(request_rec *r) /* Don't use this! */
-{
-	core_server_config *conf;
-
-	conf =
-	    (core_server_config *)ap_get_module_config(r->server->module_config,
-	    &core_module); 
-	return conf->ap_document_root;
-}
-
-API_EXPORT(const array_header *)
-ap_requires(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-	return conf->ap_requires;
-}
-
-API_EXPORT(int)
-ap_satisfies(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	return conf->satisfy;
-}
-
-/* Should probably just get rid of this... the only code that cares is
- * part of the core anyway (and in fact, it isn't publicised to other
- * modules).
- */
-API_EXPORT(char *)
-ap_response_code_string(request_rec *r, int error_index)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-
-	if (conf->response_code_strings == NULL)
-		return NULL;
-
-	return conf->response_code_strings[error_index];
-}
-
-
-/* Code from Harald Hanche-Olsen <hanche@imf.unit.no> */
-/* Note: the function returns its result in conn->double_reverse:
- *       +1: forward lookup of the previously reverse-looked-up
- *           hostname in conn->remote_host succeeded, and at
- *           least one of its IP addresses matches the client.
- *       -1: forward lookup of conn->remote_host failed, or
- *           none of the addresses found matches the client connection
- *           (possible DNS spoof in the reverse zone!)
- *       If do_double_reverse() returns -1, then it also invalidates
- *       conn->remote_host to prevent an invalid name from appearing
- *       in the log files. Conn->remote_host is set to "", because
- *       a setting of NULL would allow another reverse lookup,
- *       depending on the flags given to ap_get_remote_host().
- */
-static ap_inline void
-do_double_reverse(conn_rec *conn)
-{
-	struct addrinfo hints, *res, *res0;
-	char hostbuf1[128], hostbuf2[128]; /* INET6_ADDRSTRLEN(=46) is enough */
-	int ok = 0;
-
-	if (conn->double_reverse)
-		/* already done */
-		return;
-
-	if (conn->remote_host == NULL || conn->remote_host[0] == '\0') {
-		/* single reverse failed, so don't bother */
-		conn->double_reverse = -1;
-		conn->remote_host = ""; /* prevent another lookup */
-		return;
-	}
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	if (getaddrinfo(conn->remote_host, NULL, &hints, &res0)) {
-		conn->double_reverse = -1;
-		return;
-	}
-	for (res = res0; res; res = res->ai_next) {
-		if (res->ai_addr->sa_family != conn->remote_addr.ss_family ||
-		    !(res->ai_family == AF_INET 
-		    || res->ai_family == AF_INET6))
-			continue;
-#ifndef HAVE_SOCKADDR_LEN
-		if (res->ai_addrlen !=
-		    SA_LEN((struct sockaddr *)&conn->remote_addr))
-#else
-		if (res->ai_addr->sa_len != conn->remote_addr.ss_len)
-#endif
-			continue;
-		if (getnameinfo(res->ai_addr, res->ai_addrlen,
-		    hostbuf1, sizeof(hostbuf1), NULL, 0, NI_NUMERICHOST))
-			continue;
-		if (getnameinfo(((struct sockaddr *)&conn->remote_addr),
-		    res->ai_addrlen, hostbuf2, sizeof(hostbuf2), NULL, 0,
-		    NI_NUMERICHOST))
-			continue;
-		if (strcmp(hostbuf1, hostbuf2) == 0){
-			ok = 1;
-			break;
-		}
-	}
-	conn->double_reverse = ok ? 1 : -1;
-	freeaddrinfo(res0);
-}
-
-API_EXPORT(const char *)
-ap_get_remote_host(conn_rec *conn, void *dir_config, int type)
-{
-	int hostname_lookups;
-	int old_stat = SERVER_DEAD;	/* we shouldn't ever be in this state */
-	char hostnamebuf[MAXHOSTNAMELEN];
-
-	/* If we haven't checked the host name, and we want to */
-	if (dir_config) {
-		hostname_lookups =
-		    ((core_dir_config *)ap_get_module_config(dir_config,
-		    &core_module))->hostname_lookups;
-		if (hostname_lookups == HOSTNAME_LOOKUP_UNSET)
-			hostname_lookups = HOSTNAME_LOOKUP_OFF;
-
-	} else
-		/* the default */
-		hostname_lookups = HOSTNAME_LOOKUP_OFF;
-
-	if (type != REMOTE_NOLOOKUP && conn->remote_host == NULL
-	    && (type == REMOTE_DOUBLE_REV
-	    || hostname_lookups != HOSTNAME_LOOKUP_OFF)) {
-		old_stat = ap_update_child_status(conn->child_num,
-		    SERVER_BUSY_DNS, (request_rec*)NULL);
-		if (!getnameinfo((struct sockaddr *)&conn->remote_addr,
-		    conn->remote_addr.ss_len,
-		    hostnamebuf, sizeof(hostnamebuf), NULL, 0, 0)) {
-			conn->remote_host = ap_pstrdup(conn->pool,
-			    (void *)hostnamebuf);
-			ap_str_tolower(conn->remote_host);
-
-			if (hostname_lookups == HOSTNAME_LOOKUP_DOUBLE)
-				do_double_reverse(conn);
-		}
-		/* if failed, set it to the NULL string to indicate error */
-		if (conn->remote_host == NULL)
-			conn->remote_host = "";
-	}
-	if (type == REMOTE_DOUBLE_REV) {
-		do_double_reverse(conn);
-		if (conn->double_reverse == -1)
-			return NULL;
-	}
-	if (old_stat != SERVER_DEAD)
-		(void)ap_update_child_status(conn->child_num, old_stat,
-		    (request_rec*)NULL);
-
-	/*
-	 * Return the desired information; either the remote DNS name, if found,
-	 * or either NULL (if the hostname was requested) or the IP address
-	 * (if any identifier was requested).
-	 */
-	if (conn->remote_host != NULL && conn->remote_host[0] != '\0')
-		return conn->remote_host;
-	else {
-		if (type == REMOTE_HOST || type == REMOTE_DOUBLE_REV)
-			return NULL;
-		else
-			return conn->remote_ip;
-	}
-}
-
-API_EXPORT(const char *)
-ap_get_remote_logname(request_rec *r)
-{
-	core_dir_config *dir_conf;
-
-	if (r->connection->remote_logname != NULL)
-		return r->connection->remote_logname;
-
-	/* If we haven't checked the identity, and we want to */
-	dir_conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	if (dir_conf->do_rfc1413 & 1)
-		return ap_rfc1413(r->connection, r->server);
-	else
-		return NULL;
-}
-
-/* There are two options regarding what the "name" of a server is.  The
- * "canonical" name as defined by ServerName and Port, or the "client's
- * name" as supplied by a possible Host: header or full URI.  We never
- * trust the port passed in the client's headers, we always use the
- * port of the actual socket.
- *
- * The DNS option to UseCanonicalName causes this routine to do a
- * reverse lookup on the local IP address of the connectiona and use
- * that for the ServerName. This makes its value more reliable while
- * at the same time allowing Demon's magic virtual hosting to work.
- * The assumption is that DNS lookups are sufficiently quick...
- * -- fanf 1998-10-03
- */
-API_EXPORT(const char *)
-ap_get_server_name(request_rec *r)
-{
-	conn_rec *conn = r->connection;
-	core_dir_config *d;
-	char hbuf[MAXHOSTNAMELEN];
-
-	d = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	if (d->use_canonical_name == USE_CANONICAL_NAME_OFF)
-		return r->hostname ? r->hostname : r->server->server_hostname;
-
-	if (d->use_canonical_name == USE_CANONICAL_NAME_DNS) {
-		if (conn->local_host == NULL) {
-			int old_stat;
-			old_stat = ap_update_child_status(conn->child_num,
-			    SERVER_BUSY_DNS, r);
-			if (getnameinfo((struct sockaddr *)&conn->local_addr,
-			    conn->local_addr.ss_len,
-			    hbuf, sizeof(hbuf), NULL, 0, 0) == 0)
-				conn->local_host = ap_pstrdup(conn->pool, hbuf);
-			else
-				conn->local_host = ap_pstrdup(conn->pool,
-				    r->server->server_hostname);
-			ap_str_tolower(conn->local_host);
-			(void)ap_update_child_status(conn->child_num, old_stat,
-			    r);
-		}
-		return conn->local_host;
-	}
-	/* default */
-	return r->server->server_hostname;
-}
-
-API_EXPORT(unsigned)
-ap_get_server_port(const request_rec *r)
-{
-	unsigned port;
-	core_dir_config *d =
-	    (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	port = r->server->port ? r->server->port : ap_default_port(r);
-
-	if (d->use_canonical_name == USE_CANONICAL_NAME_OFF
-	    || d->use_canonical_name == USE_CANONICAL_NAME_DNS) {
-		return r->hostname
-		    ? ntohs(((struct sockaddr_in *)
-		    &r->connection->local_addr)->sin_port)
-		    : port;
-	}
-	return r->hostname
-	    ? ntohs(((struct sockaddr_in *)
-	    &r->connection->local_addr)->sin_port)
-	    : port;
-}
-
-API_EXPORT(char *)
-ap_construct_url(pool *p, const char *uri, request_rec *r)
-{
-	unsigned port = ap_get_server_port(r);
-	const char *host = ap_get_server_name(r);
-
-	if (ap_is_default_port(port, r))
-		return ap_pstrcat(p, ap_http_method(r), "://", host, uri, NULL);
-	return ap_psprintf(p, "%s://%s:%u%s", ap_http_method(r), host, port,
-	    uri);
-}
-
-API_EXPORT(unsigned long)
-ap_get_limit_req_body(const request_rec *r)
-{
-	core_dir_config *d =
-	    (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	return d->limit_req_body;
-}
-
-
-/*****************************************************************
- *
- * Commands... this module handles almost all of the NCSA httpd.conf
- * commands, but most of the old srm.conf is in the the modules.
- */
-
-static const char end_directory_section[] = "</Directory>";
-static const char end_directorymatch_section[] = "</DirectoryMatch>";
-static const char end_location_section[] = "</Location>";
-static const char end_locationmatch_section[] = "</LocationMatch>";
-static const char end_files_section[] = "</Files>";
-static const char end_filesmatch_section[] = "</FilesMatch>";
-static const char end_virtualhost_section[] = "</VirtualHost>";
-static const char end_ifmodule_section[] = "</IfModule>";
-static const char end_ifdefine_section[] = "</IfDefine>";
-
-
-API_EXPORT(const char *) ap_check_cmd_context(cmd_parms *cmd,
-					      unsigned forbidden)
-{
-    const char *gt = (cmd->cmd->name[0] == '<'
-		      && cmd->cmd->name[strlen(cmd->cmd->name)-1] != '>')
-                         ? ">" : "";
-
-    if ((forbidden & NOT_IN_VIRTUALHOST) && cmd->server->is_virtual) {
-	return ap_pstrcat(cmd->pool, cmd->cmd->name, gt,
-			  " cannot occur within <VirtualHost> section", NULL);
-    }
-
-    if ((forbidden & NOT_IN_LIMIT) && cmd->limited != -1) {
-	return ap_pstrcat(cmd->pool, cmd->cmd->name, gt,
-			  " cannot occur within <Limit> section", NULL);
-    }
-
-    if ((forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE
-	&& cmd->path != NULL) {
-	return ap_pstrcat(cmd->pool, cmd->cmd->name, gt,
-			  " cannot occur within <Directory/Location/Files> "
-			  "section", NULL);
-    }
-    
-    if (((forbidden & NOT_IN_DIRECTORY)
-	 && (cmd->end_token == end_directory_section
-	     || cmd->end_token == end_directorymatch_section)) 
-	|| ((forbidden & NOT_IN_LOCATION)
-	    && (cmd->end_token == end_location_section
-		|| cmd->end_token == end_locationmatch_section)) 
-	|| ((forbidden & NOT_IN_FILES)
-	    && (cmd->end_token == end_files_section
-		|| cmd->end_token == end_filesmatch_section))) {
-	return ap_pstrcat(cmd->pool, cmd->cmd->name, gt,
-			  " cannot occur within <", cmd->end_token+2,
-			  " section", NULL);
-    }
-
-    return NULL;
-}
-
-static const char *set_access_name(cmd_parms *cmd, void *dummy, char *arg)
-{
-    void *sconf = cmd->server->module_config;
-    core_server_config *conf = ap_get_module_config(sconf, &core_module);
-
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    conf->access_name = ap_pstrdup(cmd->pool, arg);
-    return NULL;
-}
-
-#ifdef GPROF
-static const char *set_gprof_dir(cmd_parms *cmd, void *dummy, char *arg)
-{
-    void *sconf = cmd->server->module_config;
-    core_server_config *conf = ap_get_module_config(sconf, &core_module);
-
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    conf->gprof_dir = ap_pstrdup(cmd->pool, arg);
-    return NULL;
-}
-#endif /*GPROF*/
-
-static const char *set_add_default_charset(cmd_parms *cmd, 
-	core_dir_config *d, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-    if (!strcasecmp(arg, "Off")) {
-       d->add_default_charset = ADD_DEFAULT_CHARSET_OFF;
-    }
-    else if (!strcasecmp(arg, "On")) {
-       d->add_default_charset = ADD_DEFAULT_CHARSET_ON;
-       d->add_default_charset_name = DEFAULT_ADD_DEFAULT_CHARSET_NAME;
-    }
-    else {
-       d->add_default_charset = ADD_DEFAULT_CHARSET_ON;
-       d->add_default_charset_name = arg;
-    }
-    return NULL;
-}
-static const char *set_accept_mutex(cmd_parms *cmd, void *dummy, char *arg)
-{
-	return ap_init_mutex_method(arg);
-}
-
-static const char *set_document_root(cmd_parms *cmd, void *dummy, char *arg)
-{
-    void *sconf = cmd->server->module_config;
-    core_server_config *conf = ap_get_module_config(sconf, &core_module);
-  
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    arg = ap_os_canonical_filename(cmd->pool, arg);
-    if (ap_configtestonly && ap_docrootcheck && !ap_is_directory(arg)) {
-	if (cmd->server->is_virtual) {
-	    fprintf(stderr, "Warning: DocumentRoot [%s] does not exist\n",
-		    arg);
-	}
-	else {
-	    return "DocumentRoot must be a directory";
-	}
-    }
-    ap_server_strip_chroot(arg, 1);
-    conf->ap_document_root = arg;
-    return NULL;
-}
-
-API_EXPORT(void) ap_custom_response(request_rec *r, int status, char *string)
-{
-    core_dir_config *conf = 
-	ap_get_module_config(r->per_dir_config, &core_module);
-    int idx;
-
-    ap_server_strip_chroot(conf->d, 0);
-    if(conf->response_code_strings == NULL) {
-        conf->response_code_strings = 
-	    ap_pcalloc(r->pool,
-		    sizeof(*conf->response_code_strings) * 
-		    RESPONSE_CODES);
-    }
-
-    idx = ap_index_of_response(status);
-
-    conf->response_code_strings[idx] = 
-       ((ap_is_url(string) || (*string == '/')) && (*string != '"')) ? 
-       ap_pstrdup(r->pool, string) : ap_pstrcat(r->pool, "\"", string, NULL);
-}
-
-static const char *set_error_document(cmd_parms *cmd, core_dir_config *conf,
-				      char *line)
-{
-    int error_number, index_number, idx500;
-    char *w;
-                
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /* 1st parameter should be a 3 digit number, which we recognize;
-     * convert it into an array index
-     */
-  
-    w = ap_getword_conf_nc(cmd->pool, &line);
-    error_number = atoi(w);
-
-    idx500 = ap_index_of_response(HTTP_INTERNAL_SERVER_ERROR);
-
-    if (error_number == HTTP_INTERNAL_SERVER_ERROR) {
-        index_number = idx500;
-    }
-    else if ((index_number = ap_index_of_response(error_number)) == idx500) {
-        return ap_pstrcat(cmd->pool, "Unsupported HTTP response code ",
-			  w, NULL);
-    }
-
-    /* The entry should be ignored if it is a full URL for a 401 error */
-
-    if (error_number == 401 &&
-	line[0] != '/' && line[0] != '"') { /* Ignore it... */
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, cmd->server,
-		     "cannot use a full URL in a 401 ErrorDocument "
-		     "directive --- ignoring!");
-    }
-    else { /* Store it... */
-    	if (conf->response_code_strings == NULL) {
-	    conf->response_code_strings =
-		ap_pcalloc(cmd->pool,
-			   sizeof(*conf->response_code_strings) * RESPONSE_CODES);
-        }
-        conf->response_code_strings[index_number] = ap_pstrdup(cmd->pool, line);
-    }   
-
-    return NULL;
-}
-
-/* access.conf commands...
- *
- * The *only* thing that can appear in access.conf at top level is a
- * <Directory> section.  NB we need to have a way to cut the srm_command_loop
- * invoked by dirsection (i.e., <Directory>) short when </Directory> is seen.
- * We do that by returning an error, which dirsection itself recognizes and
- * discards as harmless.  Cheesy, but it works.
- */
-
-static const char *set_override(cmd_parms *cmd, core_dir_config *d,
-				const char *l)
-{
-    char *w;
-  
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    d->override = OR_NONE;
-    while (l[0]) {
-        w = ap_getword_conf(cmd->pool, &l);
-	if (!strcasecmp(w, "Limit")) {
-	    d->override |= OR_LIMIT;
-	}
-	else if (!strcasecmp(w, "Options")) {
-	    d->override |= OR_OPTIONS;
-	}
-	else if (!strcasecmp(w, "FileInfo")) {
-            d->override |= OR_FILEINFO;
-	}
-	else if (!strcasecmp(w, "AuthConfig")) {
-	    d->override |= OR_AUTHCFG;
-	}
-	else if (!strcasecmp(w, "Indexes")) {
-            d->override |= OR_INDEXES;
-	}
-	else if (!strcasecmp(w, "None")) {
-	    d->override = OR_NONE;
-	}
-	else if (!strcasecmp(w, "All")) {
-	    d->override = OR_ALL;
-	}
-	else {
-	    return ap_pstrcat(cmd->pool, "Illegal override option ", w, NULL);
-	}
-	d->override &= ~OR_UNSET;
-    }
-
-    return NULL;
-}
-
-static const char *set_options(cmd_parms *cmd, core_dir_config *d,
-			       const char *l)
-{
-    allow_options_t opt;
-    int first = 1;
-    char action;
-
-    while (l[0]) {
-        char *w = ap_getword_conf(cmd->pool, &l);
-	action = '\0';
-
-	if (*w == '+' || *w == '-') {
-	    action = *(w++);
-	}
-	else if (first) {
-  	    d->opts = OPT_NONE;
-            first = 0;
-        }
-	    
-	if (!strcasecmp(w, "Indexes")) {
-	    opt = OPT_INDEXES;
-	}
-	else if (!strcasecmp(w, "Includes")) {
-	    opt = OPT_INCLUDES;
-	}
-	else if (!strcasecmp(w, "IncludesNOEXEC")) {
-	    opt = (OPT_INCLUDES | OPT_INCNOEXEC);
-	}
-	else if (!strcasecmp(w, "FollowSymLinks")) {
-	    opt = OPT_SYM_LINKS;
-	}
-	else if (!strcasecmp(w, "SymLinksIfOwnerMatch")) {
-	    opt = OPT_SYM_OWNER;
-	}
-	else if (!strcasecmp(w, "execCGI")) {
-	    opt = OPT_EXECCGI;
-	}
-	else if (!strcasecmp(w, "MultiViews")) {
-	    opt = OPT_MULTI;
-	}
-	else if (!strcasecmp(w, "RunScripts")) { /* AI backcompat. Yuck */
-	    opt = OPT_MULTI|OPT_EXECCGI;
-	}
-	else if (!strcasecmp(w, "None")) {
-	    opt = OPT_NONE;
-	}
-	else if (!strcasecmp(w, "All")) {
-	    opt = OPT_ALL;
-	}
-	else {
-	    return ap_pstrcat(cmd->pool, "Illegal option ", w, NULL);
-	}
-
-	/* we ensure the invariant (d->opts_add & d->opts_remove) == 0 */
-	if (action == '-') {
-	    d->opts_remove |= opt;
-	    d->opts_add &= ~opt;
-	    d->opts &= ~opt;
-	}
-	else if (action == '+') {
-	    d->opts_add |= opt;
-	    d->opts_remove &= ~opt;
-	    d->opts |= opt;
-	}
-	else {
-	    d->opts |= opt;
-	}
-    }
-
-    return NULL;
-}
-
-static const char *satisfy(cmd_parms *cmd, core_dir_config *c, char *arg)
-{
-    if (!strcasecmp(arg, "all")) {
-        c->satisfy = SATISFY_ALL;
-    }
-    else if (!strcasecmp(arg, "any")) {
-        c->satisfy = SATISFY_ANY;
-    }
-    else {
-        return "Satisfy either 'any' or 'all'.";
-    }
-    return NULL;
-}
-
-static const char *require(cmd_parms *cmd, core_dir_config *c, char *arg)
-{
-    require_line *r;
-  
-    if (!c->ap_requires) {
-        c->ap_requires = ap_make_array(cmd->pool, 2, sizeof(require_line));
-    }
-    r = (require_line *)ap_push_array(c->ap_requires);
-    r->requirement = ap_pstrdup(cmd->pool, arg);
-    r->method_mask = cmd->limited;
-    return NULL;
-}
-
-CORE_EXPORT_NONSTD(const char *) ap_limit_section(cmd_parms *cmd, void *dummy,
-						  const char *arg)
-{
-    const char *limited_methods = ap_getword(cmd->pool, &arg, '>');
-    void *tog = cmd->cmd->cmd_data;
-    int limited = 0;
-  
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /* XXX: NB: Currently, we have no way of checking
-     * whether <Limit> or <LimitExcept> sections are closed properly.
-     * (If we would add a srm_command_loop() here we might...)
-     */
-    
-    while (limited_methods[0]) {
-        char *method = ap_getword_conf(cmd->pool, &limited_methods);
-        int  methnum = ap_method_number_of(method);
-
-        if (methnum == M_TRACE && !tog) {
-            return "TRACE cannot be controlled by <Limit>";
-        }
-        else if (methnum == M_INVALID) {
-            return ap_pstrcat(cmd->pool, "unknown method \"", method,
-                              "\" in <Limit", tog ? "Except>" : ">", NULL);
-        }
-        else {
-            limited |= (1 << methnum);
-        }
-    }
-
-    /* Killing two features with one function,
-     * if (tog == NULL) <Limit>, else <LimitExcept>
-     */
-    cmd->limited = tog ? ~limited : limited;
-    return NULL;
-}
-
-static const char *endlimit_section(cmd_parms *cmd, void *dummy, void *dummy2)
-{
-    void *tog = cmd->cmd->cmd_data;
-
-    if (cmd->limited == -1) {
-        return tog ? "</LimitExcept> unexpected" : "</Limit> unexpected";
-    }
-    
-    cmd->limited = -1;
-    return NULL;
-}
-
-/*
- * When a section is not closed properly when end-of-file is reached,
- * then an error message should be printed:
- */
-static const char *missing_endsection(cmd_parms *cmd, int nest)
-{
-    if (nest < 2) {
-	return ap_psprintf(cmd->pool, "Missing %s directive at end-of-file",
-			   cmd->end_token);
-    }
-    return ap_psprintf(cmd->pool, "%d missing %s directives at end-of-file",
-		       nest, cmd->end_token);
-}
-
-/* We use this in <DirectoryMatch> and <FilesMatch>, to ensure that 
- * people don't get bitten by wrong-cased regex matches
- */
-
-#define USE_ICASE 0
-
-static const char *end_nested_section(cmd_parms *cmd, void *dummy)
-{
-    if (cmd->end_token == NULL) {
-        return ap_pstrcat(cmd->pool, cmd->cmd->name,
-			  " without matching <", cmd->cmd->name + 2, 
-			  " section", NULL);
-    }
-    /*
-     * This '!=' may look weird on a string comparison, but it's correct --
-     * it's been set up so that checking for two pointers to the same datum
-     * is valid here.  And faster.
-     */
-    if (cmd->cmd->name != cmd->end_token) {
-	return ap_pstrcat(cmd->pool, "Expected ", cmd->end_token, " but saw ",
-			  cmd->cmd->name, NULL);
-    }
-    return cmd->end_token;
-}
-
-/*
- * Report a missing-'>' syntax error.
- */
-static char *unclosed_directive(cmd_parms *cmd)
-{
-    return ap_pstrcat(cmd->pool, cmd->cmd->name,
-		      "> directive missing closing '>'", NULL);
-}
-
-static const char *dirsection(cmd_parms *cmd, void *dummy, const char *arg)
-{
-    const char *errmsg;
-    char *endp = strrchr(arg, '>');
-    int old_overrides = cmd->override;
-    char *old_path = cmd->path;
-    core_dir_config *conf;
-    void *new_dir_conf = ap_create_per_dir_config(cmd->pool);
-    regex_t *r = NULL;
-    const char *old_end_token;
-    const command_rec *thiscmd = cmd->cmd;
-
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    cmd->path = ap_getword_conf(cmd->pool, &arg);
-    ap_server_strip_chroot(cmd->path, 1);
-    cmd->override = OR_ALL|ACCESS_CONF;
-
-    if (thiscmd->cmd_data) { /* <DirectoryMatch> */
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
-    }
-    else if (!strcmp(cmd->path, "~")) {
-	cmd->path = ap_getword_conf(cmd->pool, &arg);
-	ap_server_strip_chroot(cmd->path, 1);
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
-    }
-    else {
-	/* Ensure that the pathname is canonical */
-	cmd->path = ap_os_canonical_filename(cmd->pool, cmd->path);
-    }
-
-    old_end_token = cmd->end_token;
-    cmd->end_token = thiscmd->cmd_data ? end_directorymatch_section : end_directory_section;
-    errmsg = ap_srm_command_loop(cmd, new_dir_conf);
-    if (errmsg == NULL) {
-	errmsg = missing_endsection(cmd, 1);
-    }
-    cmd->end_token = old_end_token;
-    if (errmsg != (thiscmd->cmd_data 
-		       ? end_directorymatch_section 
-		   : end_directory_section)) {
-	return errmsg;
-    }
-
-    conf = (core_dir_config *)ap_get_module_config(new_dir_conf, &core_module);
-    conf->r = r;
-
-    ap_add_per_dir_conf(cmd->server, new_dir_conf);
-
-    if (*arg != '\0') {
-	return ap_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
-			  "> arguments not (yet) supported.", NULL);
-    }
-
-    cmd->path = old_path;
-    cmd->override = old_overrides;
-
-    return NULL;
-}
-
-static const char *urlsection(cmd_parms *cmd, void *dummy, const char *arg)
-{
-    const char *errmsg;
-    char *endp = strrchr(arg, '>');
-    int old_overrides = cmd->override;
-    char *old_path = cmd->path;
-    core_dir_config *conf;
-    regex_t *r = NULL;
-    const char *old_end_token;
-    const command_rec *thiscmd = cmd->cmd;
-
-    void *new_url_conf = ap_create_per_dir_config(cmd->pool);
-
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    cmd->path = ap_getword_conf(cmd->pool, &arg);
-    ap_server_strip_chroot(cmd->path, 0);
-    cmd->override = OR_ALL|ACCESS_CONF;
-
-    if (thiscmd->cmd_data) { /* <LocationMatch> */
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED);
-    }
-    else if (!strcmp(cmd->path, "~")) {
-	cmd->path = ap_getword_conf(cmd->pool, &arg);
-	ap_server_strip_chroot(cmd->path, 0);
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED);
-    }
-
-    old_end_token = cmd->end_token;
-    cmd->end_token = thiscmd->cmd_data ? end_locationmatch_section
-                                       : end_location_section;
-    errmsg = ap_srm_command_loop(cmd, new_url_conf);
-    if (errmsg == NULL) {
-	errmsg = missing_endsection(cmd, 1);
-    }
-    cmd->end_token = old_end_token;
-    if (errmsg != (thiscmd->cmd_data 
-		       ? end_locationmatch_section 
-		       : end_location_section)) {
-	return errmsg;
-    }
-
-    conf = (core_dir_config *)ap_get_module_config(new_url_conf, &core_module);
-    conf->d = ap_pstrdup(cmd->pool, cmd->path);	/* No mangling, please */
-    conf->d_is_fnmatch = ap_is_fnmatch(conf->d) != 0;
-    conf->r = r;
-
-    ap_add_per_url_conf(cmd->server, new_url_conf);
-    
-    if (*arg != '\0') {
-	return ap_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
-			  "> arguments not (yet) supported.", NULL);
-    }
-
-    cmd->path = old_path;
-    cmd->override = old_overrides;
-
-    return NULL;
-}
-
-static const char *filesection(cmd_parms *cmd, core_dir_config *c,
-			       const char *arg)
-{
-    const char *errmsg;
-    char *endp = strrchr(arg, '>');
-    int old_overrides = cmd->override;
-    char *old_path = cmd->path;
-    core_dir_config *conf;
-    regex_t *r = NULL;
-    const char *old_end_token;
-    const command_rec *thiscmd = cmd->cmd;
-
-    void *new_file_conf = ap_create_per_dir_config(cmd->pool);
-
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT|NOT_IN_LOCATION);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    cmd->path = ap_getword_conf(cmd->pool, &arg);
-    ap_server_strip_chroot(cmd->path, 1);
-    /* Only if not an .htaccess file */
-    if (!old_path) {
-	cmd->override = OR_ALL|ACCESS_CONF;
-    }
-
-    if (thiscmd->cmd_data) { /* <FilesMatch> */
-        r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
-    }
-    else if (!strcmp(cmd->path, "~")) {
-	cmd->path = ap_getword_conf(cmd->pool, &arg);
-	ap_server_strip_chroot(cmd->path, 1);
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
-    }
-    else {
-	/* Ensure that the pathname is canonical */
-	cmd->path = ap_os_canonical_filename(cmd->pool, cmd->path);
-    }
-
-    old_end_token = cmd->end_token;
-    cmd->end_token = thiscmd->cmd_data ? end_filesmatch_section : end_files_section;
-    errmsg = ap_srm_command_loop(cmd, new_file_conf);
-    if (errmsg == NULL) {
-	errmsg = missing_endsection(cmd, 1);
-    }
-    cmd->end_token = old_end_token;
-    if (errmsg != (thiscmd->cmd_data 
-		       ? end_filesmatch_section 
-		   : end_files_section)) {
-	return errmsg;
-    }
-
-    conf = (core_dir_config *)ap_get_module_config(new_file_conf,
-						   &core_module);
-    conf->d = cmd->path;
-    conf->d_is_fnmatch = ap_is_fnmatch(conf->d) != 0;
-    conf->r = r;
-
-    ap_add_file_conf(c, new_file_conf);
-
-    if (*arg != '\0') {
-	return ap_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
-			  "> arguments not (yet) supported.", NULL);
-    }
-
-    cmd->path = old_path;
-    cmd->override = old_overrides;
-
-    return NULL;
-}
-
-/* XXX: NB: Currently, we have no way of checking
- * whether <IfModule> sections are closed properly.
- * Extra (redundant, unpaired) </IfModule> directives are
- * simply silently ignored.
- */
-static const char *end_ifmod(cmd_parms *cmd, void *dummy)
-{
-    return NULL;
-}
-
-static const char *start_ifmod(cmd_parms *cmd, void *dummy, char *arg)
-{
-    char *endp = strrchr(arg, '>');
-    char l[MAX_STRING_LEN];
-    int not = (arg[0] == '!');
-    module *found;
-    int nest = 1;
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    if (not) {
-        arg++;
-    }
-
-    found = ap_find_linked_module(arg);
-
-    if ((!not && found) || (not && !found)) {
-        return NULL;
-    }
-
-    while (nest && !(ap_cfg_getline(l, MAX_STRING_LEN, cmd->config_file))) {
-        if (!strncasecmp(l, "<IfModule", 9)) {
-	    nest++;
-	}
-	if (!strcasecmp(l, "</IfModule>")) {
-	  nest--;
-	}
-    }
-
-    if (nest) {
-	cmd->end_token = end_ifmodule_section;
-	return missing_endsection(cmd, nest);
-    }
-    return NULL;
-}
-
-API_EXPORT(int) ap_exists_config_define(char *name)
-{
-    char **defines;
-    int i;
-
-    defines = (char **)ap_server_config_defines->elts;
-    for (i = 0; i < ap_server_config_defines->nelts; i++) {
-        if (strcmp(defines[i], name) == 0) {
-            return 1;
-	}
-    }
-    return 0;
-}
-
-static const char *end_ifdefine(cmd_parms *cmd, void *dummy) 
-{
-    return NULL;
-}
-
-static const char *start_ifdefine(cmd_parms *cmd, void *dummy, char *arg)
-{
-    char *endp;
-    char l[MAX_STRING_LEN];
-    int defined;
-    int not = 0;
-    int nest = 1;
-
-    endp = strrchr(arg, '>');
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    if (arg[0] == '!') {
-        not = 1;
-	arg++;
-    }
-
-    defined = ap_exists_config_define(arg);
-
-    if ((!not && defined) || (not && !defined)) {
-	return NULL;
-    }
-
-    while (nest && !(ap_cfg_getline(l, MAX_STRING_LEN, cmd->config_file))) {
-        if (!strncasecmp(l, "<IfDefine", 9)) {
-	    nest++;
-	}
-	if (!strcasecmp(l, "</IfDefine>")) {
-	    nest--;
-	}
-    }
-    if (nest) {
-	cmd->end_token = end_ifdefine_section;
-	return missing_endsection(cmd, nest);
-    }
-    return NULL;
-}
-
-/* httpd.conf commands... beginning with the <VirtualHost> business */
-
-static const char *virtualhost_section(cmd_parms *cmd, void *dummy, char *arg)
-{
-    server_rec *main_server = cmd->server, *s;
-    const char *errmsg;
-    char *endp = strrchr(arg, '>');
-    pool *p = cmd->pool, *ptemp = cmd->temp_pool;
-    const char *old_end_token;
-
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-    
-    /* FIXME: There's another feature waiting to happen here -- since you
-	can now put multiple addresses/names on a single <VirtualHost>
-	you might want to use it to group common definitions and then
-	define other "subhosts" with their individual differences.  But
-	personally I'd rather just do it with a macro preprocessor. -djg */
-    if (main_server->is_virtual) {
-	return "<VirtualHost> doesn't nest!";
-    }
-    
-    errmsg = ap_init_virtual_host(p, arg, main_server, &s);
-    if (errmsg) {
-	return errmsg;
-    }
-
-    s->next = main_server->next;
-    main_server->next = s;
-
-    s->defn_name = cmd->config_file->name;
-    s->defn_line_number = cmd->config_file->line_number;
-
-    old_end_token = cmd->end_token;
-    cmd->end_token = end_virtualhost_section;
-    cmd->server = s;
-    errmsg = ap_srm_command_loop(cmd, s->lookup_defaults);
-    cmd->server = main_server;
-    if (errmsg == NULL) {
-	errmsg = missing_endsection(cmd, 1);
-    }
-    cmd->end_token = old_end_token;
-
-    if (s->srm_confname) {
-	ap_process_resource_config(s, s->srm_confname, p, ptemp);
-    }
-
-    if (s->access_confname) {
-	ap_process_resource_config(s, s->access_confname, p, ptemp);
-    }
-    
-    if (errmsg == end_virtualhost_section) {
-	return NULL;
-    }
-    return errmsg;
-}
-
-static const char *set_server_alias(cmd_parms *cmd, void *dummy,
-				    const char *arg)
-{
-    if (!cmd->server->names) {
-	return "ServerAlias only used in <VirtualHost>";
-    }
-    while (*arg) {
-	char **item, *name = ap_getword_conf(cmd->pool, &arg);
-	if (ap_is_matchexp(name)) {
-	    item = (char **)ap_push_array(cmd->server->wild_names);
-	}
-	else {
-	    item = (char **)ap_push_array(cmd->server->names);
-	}
-	*item = name;
-    }
-    return NULL;
-}
-
-static const char *add_module_command(cmd_parms *cmd, void *dummy, char *arg)
-{
-    module *modp;
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    for (modp = top_module; modp; modp = modp->next) {
-        if (modp->name != NULL && strcmp(modp->name, arg) == 0) {
-            ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, cmd->server,
-                          "module %s is already added, skipping", arg);
-            return NULL;
-        }
-    }
-
-    if (!ap_add_named_module(arg)) {
-	return ap_pstrcat(cmd->pool, "Cannot add module via name '", arg, 
-			  "': not in list of loaded modules", NULL);
-    }
-    return NULL;
-}
-
-static const char *clear_module_list_command(cmd_parms *cmd, void *dummy)
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_clear_module_list();
-    return NULL;
-}
-
-static const char *set_server_string_slot(cmd_parms *cmd, void *dummy,
-					  char *arg)
-{
-    /* This one's pretty generic... */
-  
-    int offset = (int)(long)cmd->info;
-    char *struct_ptr = (char *)cmd->server;
-    
-    const char *err = ap_check_cmd_context(cmd, 
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    *(char **)(struct_ptr + offset) = arg;
-    return NULL;
-}
-
-static const char *server_type(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (!strcasecmp(arg, "inetd")) {
-        ap_standalone = 0;
-    }
-    else if (!strcasecmp(arg, "standalone")) {
-        ap_standalone = 1;
-    }
-    else {
-        return "ServerType must be either 'inetd' or 'standalone'";
-    }
-
-    return NULL;
-}
-
-static const char *server_port(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    int port;
-
-    if (err != NULL) {
-	return err;
-    }
-    port = atoi(arg);
-    if (port <= 0 || port >= 65536) { /* 65536 == 1<<16 */
-	return ap_pstrcat(cmd->temp_pool, "The port number \"", arg, 
-			  "\" is outside the appropriate range "
-			  "(i.e., 1..65535).", NULL);
-    }
-    cmd->server->port = port;
-    return NULL;
-}
-
-static const char *set_signature_flag(cmd_parms *cmd, core_dir_config *d, 
-				      char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (strcasecmp(arg, "On") == 0) {
-	d->server_signature = srv_sig_on;
-    }
-    else if (strcasecmp(arg, "Off") == 0) {
-        d->server_signature = srv_sig_off;
-    }
-    else if (strcasecmp(arg, "EMail") == 0) {
-	d->server_signature = srv_sig_withmail;
-    }
-    else {
-	return "ServerSignature: use one of: off | on | email";
-    }
-    return NULL;
-}
-
-static const char *set_send_buffer_size(cmd_parms *cmd, void *dummy, char *arg)
-{
-    int s = atoi(arg);
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (s < 512 && s != 0) {
-        return "SendBufferSize must be >= 512 bytes, or 0 for system default.";
-    }
-    cmd->server->send_buffer_size = s;
-    return NULL;
-}
-
-static const char *set_user(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /*
-     * This is, again, tricky. on restarts, we cannot use uname2id.
-     * keep the old settings for the main server.
-     * barf out on user directives in <VirtualHost> sections.
-     */ 
-
-    if (!cmd->server->is_virtual) {
-	if (!ap_server_is_chrooted()) {
-	    ap_user_name = arg;
-	    ap_user_id = ap_uname2id(arg);
-	}
-	cmd->server->server_uid = ap_user_id;
-    }
-    else {
-        if (ap_suexec_enabled) {
-	    if (ap_server_is_chrooted()) {
-		fprintf(stderr, "cannot look up uids once chrooted. Thus, User "
-		    "directives inside <VirtualHost> and restarts aren't "
-		    "possible together. Please stop httpd and start a new "
-		    "one\n");
-		exit(1);
-	    } else
-		cmd->server->server_uid = ap_uname2id(arg);
-	}
-	else {
-	    cmd->server->server_uid = ap_user_id;
-	    fprintf(stderr,
-		    "Warning: User directive in <VirtualHost> "
-		    "requires SUEXEC wrapper.\n");
-	}
-    }
-#if !defined (BIG_SECURITY_HOLE)
-    if (cmd->server->server_uid == 0) {
-	fprintf(stderr,
-		"Error:\tApache has not been designed to serve pages while\n"
-		"\trunning as root.  There are known race conditions that\n"
-		"\twill allow any local user to read any file on the system.\n"
-		"\tIf you still desire to serve pages as root then\n"
-		"\tadd -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your\n"
-		"\tsrc/Configuration file and rebuild the server.  It is\n"
-		"\tstrongly suggested that you instead modify the User\n"
-		"\tdirective in your httpd.conf file to list a non-root\n"
-		"\tuser.\n");
-	exit (1);
-    }
-#endif
-
-    return NULL;
-}
-
-static const char *set_group(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (!cmd->server->is_virtual) {
-	if (!ap_server_is_chrooted()) {
-	    ap_group_id = ap_gname2id(arg);
-	}
-	cmd->server->server_gid = ap_group_id;
-    }
-    else {
-        if (ap_suexec_enabled) {
-	    if (ap_server_is_chrooted()) {
-		fprintf(stderr, "cannot look up gids once chrooted. Thus, Group"
-		    " directives inside <VirtualHost> and restarts aren't "
-		    "possible together. Please stop httpd and start a new "
-		    "one\n");
-		exit(1);
-	    } else
-		cmd->server->server_gid = ap_gname2id(arg);
-	}
-	else {
-	    cmd->server->server_gid = ap_group_id;
-	    fprintf(stderr,
-		    "Warning: Group directive in <VirtualHost> requires "
-		    "SUEXEC wrapper.\n");
-	}
-    }
-
-    return NULL;
-}
-
-static const char *set_server_root(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-
-    if (err != NULL) {
-        return err;
-    }
-
-    arg = ap_os_canonical_filename(cmd->pool, arg);
-
-    /*
-     * This is a bit tricky. On startup we are not chrooted here.
-     * On restarts (graceful or not) we are (unless we're in unsecure mode).
-     * if we would strip off the chroot prefix, nothing (not even "/")
-     * would last.
-     * it's pointless to test whether ServerRoot is a directory if we are
-     * already chrooted into that. 
-     * Of course it's impossible to change ServerRoot without a full restart.
-     * should we abort with an error if ap_server_root != arg?
-     */
-
-    if (!ap_server_is_chrooted()) {
-	if (!ap_is_directory(arg)) {
-	    return "ServerRoot must be a valid directory";
-	}
-	/* ServerRoot is never '/' terminated */
-	while (strlen(ap_server_root) > 1 && ap_server_root[strlen(ap_server_root)-1] == '/')
-	    ap_server_root[strlen(ap_server_root)-1] = '\0';
-	ap_cpystrn(ap_server_root, arg, sizeof(ap_server_root));
-    }
-    return NULL;
-}
-
-static const char *set_timeout(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    cmd->server->timeout = atoi(arg);
-    return NULL;
-}
-
-static const char *set_keep_alive_timeout(cmd_parms *cmd, void *dummy,
-					  char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    cmd->server->keep_alive_timeout = atoi(arg);
-    return NULL;
-}
-
-static const char *set_keep_alive(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /* We've changed it to On/Off, but used to use numbers
-     * so we accept anything but "Off" or "0" as "On"
-     */
-    if (!strcasecmp(arg, "off") || !strcmp(arg, "0")) {
-	cmd->server->keep_alive = 0;
-    }
-    else {
-	cmd->server->keep_alive = 1;
-    }
-    return NULL;
-}
-
-static const char *set_keep_alive_max(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    cmd->server->keep_alive_max = atoi(arg);
-    return NULL;
-}
-
-static const char *set_pidfile(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (cmd->server->is_virtual) {
-	return "PidFile directive not allowed in <VirtualHost>";
-    }
-    ap_pid_fname = arg;
-    return NULL;
-}
-
-static const char *set_scoreboard(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_scoreboard_fname = arg;
-    return NULL;
-}
-
-static const char *set_lockfile(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_lock_fname = arg;
-    return NULL;
-}
-
-static const char *set_idcheck(cmd_parms *cmd, core_dir_config *d, int arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    d->do_rfc1413 = arg != 0;
-    return NULL;
-}
-
-static const char *set_hostname_lookups(cmd_parms *cmd, core_dir_config *d,
-					char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (!strcasecmp(arg, "on")) {
-	d->hostname_lookups = HOSTNAME_LOOKUP_ON;
-    }
-    else if (!strcasecmp(arg, "off")) {
-	d->hostname_lookups = HOSTNAME_LOOKUP_OFF;
-    }
-    else if (!strcasecmp(arg, "double")) {
-	d->hostname_lookups = HOSTNAME_LOOKUP_DOUBLE;
-    }
-    else {
-	return "parameter must be 'on', 'off', or 'double'";
-    }
-    return NULL;
-}
-
-static const char *set_serverpath(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    cmd->server->path = arg;
-    cmd->server->pathlen = strlen(arg);
-    return NULL;
-}
-
-static const char *set_content_md5(cmd_parms *cmd, core_dir_config *d, int arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    d->content_md5 = arg != 0;
-    return NULL;
-}
-
-static const char *set_use_canonical_name(cmd_parms *cmd, core_dir_config *d, 
-					  char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-	return err;
-    }
-
-    if (strcasecmp(arg, "on") == 0) {
-        d->use_canonical_name = USE_CANONICAL_NAME_ON;
-    }
-    else if (strcasecmp(arg, "off") == 0) {
-        d->use_canonical_name = USE_CANONICAL_NAME_OFF;
-    }
-    else if (strcasecmp(arg, "dns") == 0) {
-        d->use_canonical_name = USE_CANONICAL_NAME_DNS;
-    }
-    else {
-        return "parameter must be 'on', 'off', or 'dns'";
-    }
-    return NULL;
-}
-
-static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_daemons_to_start = atoi(arg);
-    return NULL;
-}
-
-static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_daemons_min_free = atoi(arg);
-    if (ap_daemons_min_free <= 0) {
-       fprintf(stderr, "WARNING: detected MinSpareServers set to non-positive.\n");
-       fprintf(stderr, "Resetting to 1 to avoid almost certain Apache failure.\n");
-       fprintf(stderr, "Please read the documentation.\n");
-       ap_daemons_min_free = 1;
-    }
-       
-    return NULL;
-}
-
-static const char *set_max_free_servers(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_daemons_max_free = atoi(arg);
-    return NULL;
-}
-
-static const char *set_server_limit (cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_daemons_limit = atoi(arg);
-    if (ap_daemons_limit > HARD_SERVER_LIMIT) {
-       fprintf(stderr, "WARNING: MaxClients of %d exceeds compile time limit "
-           "of %d servers,\n", ap_daemons_limit, HARD_SERVER_LIMIT);
-       fprintf(stderr, " lowering MaxClients to %d.  To increase, please "
-           "see the\n", HARD_SERVER_LIMIT);
-       fprintf(stderr, " HARD_SERVER_LIMIT define in src/include/httpd.h.\n");
-       ap_daemons_limit = HARD_SERVER_LIMIT;
-    } 
-    else if (ap_daemons_limit < 1) {
-	fprintf(stderr, "WARNING: Require MaxClients > 0, setting to 1\n");
-	ap_daemons_limit = 1;
-    }
-    return NULL;
-}
-
-static const char *set_child_rl_cpu(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_cpu_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_child_rl_data(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_data_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_child_rl_nofile(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_nofile_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_child_rl_rss(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_rss_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_child_rl_stack(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_stack_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_max_requests(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_requests_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_threads(cmd_parms *cmd, void *dummy, char *arg) {
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_threads_per_child = atoi(arg);
-    if (ap_threads_per_child > HARD_SERVER_LIMIT) {
-        fprintf(stderr, "WARNING: ThreadsPerChild of %d exceeds compile time limit "
-                "of %d threads,\n", ap_threads_per_child, HARD_SERVER_LIMIT);
-        fprintf(stderr, " lowering ThreadsPerChild to %d.  To increase, please "
-                "see the\n", HARD_SERVER_LIMIT);
-        fprintf(stderr, " HARD_SERVER_LIMIT define in src/include/httpd.h.\n");
-        ap_threads_per_child = HARD_SERVER_LIMIT;
-    } 
-    else if (ap_threads_per_child < 1) {
-	fprintf(stderr, "WARNING: Require ThreadsPerChild > 0, setting to 1\n");
-	ap_threads_per_child = 1;
-    }
-
-    return NULL;
-}
-
-static const char *set_excess_requests(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_excess_requests_per_child = atoi(arg);
-    return NULL;
-}
-
-
-static void set_rlimit(cmd_parms *cmd, struct rlimit **plimit, const char *arg,
-                       const char * arg2, int type)
-{
-    char *str;
-    struct rlimit *limit;
-    /* If your platform doesn't define rlim_t then typedef it in ap_config.h */
-    rlim_t cur = 0;
-    rlim_t max = 0;
-
-    *plimit = (struct rlimit *)ap_pcalloc(cmd->pool, sizeof(**plimit));
-    limit = *plimit;
-    if ((getrlimit(type, limit)) != 0)	{
-	*plimit = NULL;
-	ap_log_error(APLOG_MARK, APLOG_ERR, cmd->server,
-		     "%s: getrlimit failed", cmd->cmd->name);
-	return;
-    }
-
-    if ((str = ap_getword_conf(cmd->pool, &arg))) {
-	if (!strcasecmp(str, "max")) {
-	    cur = limit->rlim_max;
-	}
-	else {
-	    cur = atol(str);
-	}
-    }
-    else {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, cmd->server,
-		     "Invalid parameters for %s", cmd->cmd->name);
-	return;
-    }
-    
-    if (arg2 && (str = ap_getword_conf(cmd->pool, &arg2))) {
-	max = atol(str);
-    }
-
-    /* if we aren't running as root, cannot increase max */
-    if (geteuid()) {
-	limit->rlim_cur = cur;
-	if (max) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, cmd->server,
-			 "Must be uid 0 to raise maximum %s", cmd->cmd->name);
-	}
-    }
-    else {
-        if (cur) {
-	    limit->rlim_cur = cur;
-	}
-        if (max) {
-	    limit->rlim_max = max;
-	}
-    }
-}
-
-static const char *set_limit_cpu(cmd_parms *cmd, core_dir_config *conf, 
-				 char *arg, char *arg2)
-{
-    set_rlimit(cmd, &conf->limit_cpu, arg, arg2, RLIMIT_CPU);
-    return NULL;
-}
-
-static const char *set_limit_mem(cmd_parms *cmd, core_dir_config *conf, 
-				 char *arg, char * arg2)
-{
-    set_rlimit(cmd, &conf->limit_mem, arg, arg2, RLIMIT_DATA);
-    return NULL;
-}
-
-static const char *set_limit_nproc(cmd_parms *cmd, core_dir_config *conf,  
-				   char *arg, char * arg2)
-{
-    set_rlimit(cmd, &conf->limit_nproc, arg, arg2, RLIMIT_NPROC);
-    return NULL;
-}
-
-static const char *set_limit_nofile(cmd_parms *cmd, core_dir_config *conf,  
-				   char *arg, char * arg2)
-{
-    set_rlimit(cmd, &conf->limit_nofile, arg, arg2, RLIMIT_NOFILE);
-    return NULL;
-}
-
-static const char *set_bind_address(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    struct addrinfo hints, *res;
-    struct sockaddr *sa;
-    size_t sa_len;
-    int error;
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (strcmp(arg, "*") == 0)
-      arg = NULL;
-
-    sa = ap_get_virthost_addr(arg, NULL);
-#ifdef HAVE_SOCKADDR_LEN
-    sa_len = sa->sa_len;
-#else
-    sa_len = SA_LEN(sa);
-#endif
-    memcpy(&ap_bind_address, &sa, sa_len);
-    return NULL;
-}
-
-
-/* Though the AcceptFilter functionality is not available across
- * all platforms - we still allow the config directive to appear
- * on all platforms and do intentionally not tie it to the compile
- * time flag SO_ACCEPTFILTER. This makes configuration files significantly
- * more portable; especially as an <IfModule http_core.c> or some
- * other construct is not possible.
- */
-static const char *set_acceptfilter(cmd_parms *cmd, void *dummy, int flag)
-{
-    return NULL;
-}
-
-static const char *set_listener(cmd_parms *cmd, void *dummy, char *h, char *p)
-{
-    listen_rec *new;
-    char *host, *port, *endptr;
-    struct addrinfo hints, *res;
-    int error;
-    
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    host = port = NULL;
-    if (!p) {
-      port = strrchr(h, ':');
-      if (port != NULL) {
-	if (port == h) {
-	    return "Missing IP address";
-	}
-	else if (port[1] == '\0') {
-	    return "Address must end in :<port-number>";
-	}
-	*(port++) = '\0';
-	if (*h)
-	    host = h;
-      } else {
-	host = NULL;
-	port = h;
-      }
-    } else {
-      host = h;
-      port = p;
-    }
-
-    /* strip [] for ipv6 before calling getaddrinfo */
-    if (host && host[0] == '[') {
-      if (strlen(host) < 2 || host[strlen(host) - 1] != ']')
-        return "Malformed IPv6 Address in :<host>";
-      host[strlen(host) - 1] = 0;
-      host++;
-    }
-
-    if (host && strcmp(host, "*") == 0)
-      host = NULL;
-
-    new = ap_pcalloc(cmd->pool, sizeof(listen_rec));
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = host ? PF_UNSPEC : ap_default_family;
-    hints.ai_flags = AI_PASSIVE;
-    hints.ai_socktype = SOCK_STREAM;
-    error = getaddrinfo(host, port, &hints, &res);
-    if (error || !res) {
-      fprintf(stderr, "could not resolve ");
-      if (host)
-	fprintf(stderr, "host \"%s\" ", host);
-      if (port)
-        fprintf(stderr, "port \"%s\" ", port);
-      fprintf(stderr, "--- %s\n", gai_strerror(error));
-      exit(1);
-    }
-    if (res->ai_next) {
-	if (host)
-	  fprintf(stderr, "host \"%s\" ", host);
-	if (port)
-	  fprintf(stderr, "port \"%s\" ", port);
-	fprintf(stderr, "resolved to multiple addresses, ambiguous.\n");
-	exit(1);
-    }
-
-    memcpy(&new->local_addr, res->ai_addr, res->ai_addrlen);
-
-    new->fd = -1;
-    new->used = 0;
-    new->next = ap_listeners;
-    ap_listeners = new;
-    return NULL;
-}
-
-static const char *set_listenbacklog(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    int b;
-
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    b = atoi(arg);
-    if (b < 1) {
-        return "ListenBacklog must be > 0";
-    }
-    ap_listenbacklog = b;
-    return NULL;
-}
-
-static const char *set_coredumpdir (cmd_parms *cmd, void *dummy, char *arg) 
-{
-    struct stat finfo;
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    arg = ap_server_root_relative(cmd->pool, arg);
-    if ((stat(arg, &finfo) == -1) || !S_ISDIR(finfo.st_mode)) {
-	return ap_pstrcat(cmd->pool, "CoreDumpDirectory ", arg, 
-			  " does not exist or is not a directory", NULL);
-    }
-    ap_cpystrn(ap_coredump_dir, arg, sizeof(ap_coredump_dir));
-    return NULL;
-}
-
-static const char *include_config (cmd_parms *cmd, void *dummy, char *name)
-{
-    name = ap_server_root_relative(cmd->pool, name);
-    
-    ap_process_resource_config(cmd->server, name, cmd->pool, cmd->temp_pool);
-
-    return NULL;
-}
-
-static const char *set_loglevel(cmd_parms *cmd, void *dummy, const char *arg) 
-{
-    char *str;
-    
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if ((str = ap_getword_conf(cmd->pool, &arg))) {
-        if (!strcasecmp(str, "emerg")) {
-	    cmd->server->loglevel = APLOG_EMERG;
-	}
-	else if (!strcasecmp(str, "alert")) {
-	    cmd->server->loglevel = APLOG_ALERT;
-	}
-	else if (!strcasecmp(str, "crit")) {
-	    cmd->server->loglevel = APLOG_CRIT;
-	}
-	else if (!strcasecmp(str, "error")) {
-	    cmd->server->loglevel = APLOG_ERR;
-	}
-	else if (!strcasecmp(str, "warn")) {
-	    cmd->server->loglevel = APLOG_WARNING;
-	}
-	else if (!strcasecmp(str, "notice")) {
-	    cmd->server->loglevel = APLOG_NOTICE;
-	}
-	else if (!strcasecmp(str, "info")) {
-	    cmd->server->loglevel = APLOG_INFO;
-	}
-	else if (!strcasecmp(str, "debug")) {
-	    cmd->server->loglevel = APLOG_DEBUG;
-	}
-	else {
-            return "LogLevel requires level keyword: one of "
-	           "emerg/alert/crit/error/warn/notice/info/debug";
-	}
-    }
-    else {
-        return "LogLevel requires level keyword";
-    }
-
-    return NULL;
-}
-
-API_EXPORT(const char *) ap_psignature(const char *prefix, request_rec *r)
-{
-    char sport[20];
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-						   &core_module);
-    if ((conf->server_signature == srv_sig_off)
-	    || (conf->server_signature == srv_sig_unset)) {
-	return "";
-    }
-
-    ap_snprintf(sport, sizeof sport, "%u", (unsigned) ap_get_server_port(r));
-
-    if (conf->server_signature == srv_sig_withmail) {
-	return ap_pstrcat(r->pool, prefix, "<ADDRESS>" SERVER_BASEVERSION
-			  " Server at <A HREF=\"mailto:",
-			  r->server->server_admin, "\">",
-			  ap_escape_html(r->pool, ap_get_server_name(r)),
-                          "</A> Port ", sport,
-			  "</ADDRESS>\n", NULL);
-    }
-    return ap_pstrcat(r->pool, prefix, "<ADDRESS>" SERVER_BASEVERSION
-		      " Server at ",
-                      ap_escape_html(r->pool, ap_get_server_name(r)),
-                      " Port ", sport,
-		      "</ADDRESS>\n", NULL);
-}
-
-/*
- * Load an authorisation realm into our location configuration, applying the
- * usual rules that apply to realms.
- */
-static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1)
-{
-    core_dir_config *aconfig = (core_dir_config *)mconfig;
-
-    aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1);
-    return NULL;
-}
-
-/*
- * Load an authorisation nonce into our location configuration, and
- * force it to be in the 0-9/A-Z realm.
- */
-static const char *set_authnonce (cmd_parms *cmd, void *mconfig, char *word1)
-{
-    core_dir_config *aconfig = (core_dir_config *)mconfig;
-    size_t i;
-
-    aconfig->ap_auth_nonce = ap_escape_quotes(cmd->pool, word1);
-
-    if (strlen(aconfig->ap_auth_nonce) > 510)
-       return "AuthDigestRealmSeed length limited to 510 chars for browser compatibility";
-
-    for(i=0;i<strlen(aconfig->ap_auth_nonce );i++)
-       if (!ap_isalnum(aconfig->ap_auth_nonce [i]))
-         return "AuthDigestRealmSeed limited to 0-9 and A-Z range for browser compatibility";
-
-    return NULL;
-}
-
-
-static const char *set_protocol_req_check(cmd_parms *cmd,
-                                              core_dir_config *d, int arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_protocol_req_check = arg != 0;
-    return NULL;
-}
-
-static const char *set_change_shmem_uid(cmd_parms *cmd,
-                                              core_dir_config *d, int arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_change_shmem_uid = arg != 0;
-    return NULL;
-}
-
-/*
- * Handle a request to include the server's OS platform in the Server
- * response header field (the ServerTokens directive).  Unfortunately
- * this requires a new global in order to communicate the setting back to
- * http_main so it can insert the information in the right place in the
- * string.
- */
-static const char *set_serv_tokens(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (!strcasecmp(arg, "OS")) {
-        ap_server_tokens = SrvTk_OS;
-    }
-    else if (!strcasecmp(arg, "Min") || !strcasecmp(arg, "Minimal")) {
-        ap_server_tokens = SrvTk_MIN;
-    }
-    else if (!strcasecmp(arg, "Full")) {
-        ap_server_tokens = SrvTk_FULL;
-    }
-    else if (!strcasecmp(arg, "Prod") || !strcasecmp(arg, "ProductOnly")) {
-        ap_server_tokens = SrvTk_PRODUCT_ONLY;
-    }
-    else {
-	return ap_pstrcat(cmd->pool, "Unrecognised ServerTokens keyword: ",
-			  arg, NULL);
-    }
-    return NULL;
-}
-
-static const char *set_limit_req_line(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd,
-                                           NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    int lim;
-
-    if (err != NULL) {
-        return err;
-    }
-    lim = atoi(arg);
-    if (lim < 0) {
-        return ap_pstrcat(cmd->temp_pool, "LimitRequestLine \"", arg, 
-                          "\" must be a non-negative integer", NULL);
-    }
-    if (lim > DEFAULT_LIMIT_REQUEST_LINE) {
-        return ap_psprintf(cmd->temp_pool, "LimitRequestLine \"%s\" "
-                           "must not exceed the precompiled maximum of %d",
-                           arg, DEFAULT_LIMIT_REQUEST_LINE);
-    }
-    cmd->server->limit_req_line = lim;
-    return NULL;
-}
-
-static const char *set_limit_req_fieldsize(cmd_parms *cmd, void *dummy,
-                                           char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd,
-                                           NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    int lim;
-
-    if (err != NULL) {
-        return err;
-    }
-    lim = atoi(arg);
-    if (lim < 0) {
-        return ap_pstrcat(cmd->temp_pool, "LimitRequestFieldsize \"", arg, 
-                          "\" must be a non-negative integer (0 = no limit)",
-                          NULL);
-    }
-    if (lim > DEFAULT_LIMIT_REQUEST_FIELDSIZE) {
-        return ap_psprintf(cmd->temp_pool, "LimitRequestFieldsize \"%s\" "
-                          "must not exceed the precompiled maximum of %d",
-                           arg, DEFAULT_LIMIT_REQUEST_FIELDSIZE);
-    }
-    cmd->server->limit_req_fieldsize = lim;
-    return NULL;
-}
-
-static const char *set_limit_req_fields(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd,
-                                           NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    int lim;
-
-    if (err != NULL) {
-        return err;
-    }
-    lim = atoi(arg);
-    if (lim < 0) {
-        return ap_pstrcat(cmd->temp_pool, "LimitRequestFields \"", arg, 
-                          "\" must be a non-negative integer (0 = no limit)",
-                          NULL);
-    }
-    cmd->server->limit_req_fields = lim;
-    return NULL;
-}
-
-static const char *set_limit_req_body(cmd_parms *cmd, core_dir_config *conf,
-                                      char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /* WTF: If strtoul is not portable, then write a replacement.
-     *      Instead we have an idiotic define in httpd.h that prevents
-     *      it from being used even when it is available. Sheesh.
-     */
-    conf->limit_req_body = (unsigned long)ap_strtol(arg, (char **)NULL, 10);
-    return NULL;
-}
-
-
-static const char *set_cgi_command_args(cmd_parms *cmd,
-                                              void *mconfig,
-                                              int arg)
-{
-    core_dir_config *cfg = (core_dir_config *)mconfig;
-    cfg->cgi_command_args = arg ? AP_FLAG_ON : AP_FLAG_OFF;
-    return NULL;
-}
-
-/*
- * Note what data should be used when forming file ETag values.
- * It would be nicer to do this as an ITERATE, but then we couldn't
- * remember the +/- state properly.
- */
-static const char *set_etag_bits(cmd_parms *cmd, void *mconfig,
-                                 const char *args_p)
-{
-    core_dir_config *cfg;
-    etag_components_t bit;
-    char action;
-    char *token;
-    const char *args;
-    int valid;
-    int first;
-    int explicit;
-
-    cfg = (core_dir_config *) mconfig;
-
-    args = args_p;
-    first = 1;
-    explicit = 0;
-    while (args[0] != '\0') {
-        action = '*';
-        bit = ETAG_UNSET;
-        valid = 1;
-        token = ap_getword_conf(cmd->pool, &args);
-        if ((*token == '+') || (*token == '-')) {
-            action = *token;
-            token++;
-        }
-        else {
-            /*
-             * The occurrence of an absolute setting wipes
-             * out any previous relative ones.  The first such
-             * occurrence forgets any inherited ones, too.
-             */
-            if (first) {
-                cfg->etag_bits = ETAG_UNSET;
-                cfg->etag_add = ETAG_UNSET;
-                cfg->etag_remove = ETAG_UNSET;
-                first = 0;
-            }
-        }
-
-        if (strcasecmp(token, "None") == 0) {
-            if (action != '*') {
-                valid = 0;
-            }
-            else {
-                cfg->etag_bits = bit = ETAG_NONE;
-                explicit = 1;
-            }
-        }
-        else if (strcasecmp(token, "All") == 0) {
-            if (action != '*') {
-                valid = 0;
-            }
-            else {
-                explicit = 1;
-                cfg->etag_bits = bit = ETAG_ALL;
-            }
-        }
-        else if (strcasecmp(token, "Size") == 0) {
-            bit = ETAG_SIZE;
-        }
-        else if ((strcasecmp(token, "LMTime") == 0)
-                 || (strcasecmp(token, "MTime") == 0)
-                 || (strcasecmp(token, "LastModified") == 0)) {
-            bit = ETAG_MTIME;
-        }
-        else if (strcasecmp(token, "INode") == 0) {
-            bit = ETAG_INODE;
-        }
-        else {
-            return ap_pstrcat(cmd->pool, "Unknown keyword '",
-                              token, "' for ", cmd->cmd->name,
-                              " directive", NULL);
-        }
-
-        if (! valid) {
-            return ap_pstrcat(cmd->pool, cmd->cmd->name, " keyword '",
-                              token, "' cannot be used with '+' or '-'",
-                              NULL);
-        }
-
-        if (action == '+') {
-            /*
-             * Make sure it's in the 'add' list and absent from the
-             * 'subtract' list.
-             */
-            cfg->etag_add |= bit;
-            cfg->etag_remove &= (~ bit);
-        }
-        else if (action == '-') {
-            cfg->etag_remove |= bit;
-            cfg->etag_add &= (~ bit);
-        }
-        else {
-            /*
-             * Non-relative values wipe out any + or - values
-             * accumulated so far.
-             */
-            cfg->etag_bits |= bit;
-            cfg->etag_add = ETAG_UNSET;
-            cfg->etag_remove = ETAG_UNSET;
-            explicit = 1;
-        }
-    }
-
-    /*
-     * Any setting at all will clear the 'None' and 'Unset' bits.
-     */
-
-    if (cfg->etag_add != ETAG_UNSET) {
-        cfg->etag_add &= (~ ETAG_UNSET);
-    }
-    if (cfg->etag_remove != ETAG_UNSET) {
-        cfg->etag_remove &= (~ ETAG_UNSET);
-    }
-    if (explicit) {
-        cfg->etag_bits &= (~ ETAG_UNSET);
-        if ((cfg->etag_bits & ETAG_NONE) != ETAG_NONE) {
-            cfg->etag_bits &= (~ ETAG_NONE);
-        }
-    }
-    return NULL;
-}
-
-static const char *set_recursion_limit(cmd_parms *cmd, void *dummy,
-                                       const char *arg1, const char *arg2)
-{
-    core_server_config *conf = ap_get_module_config(cmd->server->module_config,
-                                                    &core_module);
-    int limit = atoi(arg1);
-
-    if (limit < 0) {
-        return "The redirect recursion limit cannot be less than zero.";
-    }
-    if (limit && limit < 4) {
-        ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, cmd->server,
-                     "Limiting internal redirects to very low numbers may "
-                     "cause normal requests to fail.");
-    }
-
-    conf->redirect_limit = limit;
-
-    if (arg2) {
-        limit = atoi(arg2);
-
-        if (limit < 0) {
-            return "The subrequest recursion limit cannot be less than zero.";
-        }
-        if (limit && limit < 4) {
-            ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, cmd->server,
-                         "Limiting the subrequest depth to a very low level may"
-                         " cause normal requests to fail.");
-        }
-    }
-
-    conf->subreq_limit = limit;
-    conf->recursion_limit_set = 1;
-
-    return NULL;
-}
-
-static void log_backtrace(const request_rec *r)
-{
-    const request_rec *top = r;
-
-    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                  "r->uri = %s", r->uri ? r->uri : "(unexpectedly NULL)");
-
-    while (top && (top->prev || top->main)) {
-        if (top->prev) {
-            top = top->prev;
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                          "redirected from r->uri = %s",
-                          top->uri ? top->uri : "(unexpectedly NULL)");
-        }
-
-        if (!top->prev && top->main) {
-            top = top->main;
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                          "subrequested from r->uri = %s",
-                          top->uri ? top->uri : "(unexpectedly NULL)");
-        }
-    }
-}
-
-/*
- * check whether redirect limit is reached
- */
-API_EXPORT(int) ap_is_recursion_limit_exceeded(const request_rec *r)
-{
-    core_server_config *conf = ap_get_module_config(r->server->module_config,
-                                                    &core_module);
-    const request_rec *top = r;
-    int redirects = 0, subreqs = 0;
-    int rlimit = conf->recursion_limit_set
-                 ? conf->redirect_limit
-                 : AP_DEFAULT_MAX_INTERNAL_REDIRECTS;
-    int slimit = conf->recursion_limit_set
-                 ? conf->subreq_limit
-                 : AP_DEFAULT_MAX_SUBREQ_DEPTH;
-
-    /* fast exit (unlimited) */
-    if (!rlimit && !slimit) {
-        return 0;
-    }
-
-    while (top->prev || top->main) {
-        if (top->prev) {
-            if (rlimit && ++redirects >= rlimit) {
-                /* uuh, too much. */
-                ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-                              "Request exceeded the limit of %d internal "
-                              "redirects due to probable configuration error. "
-                              "Use 'LimitInternalRecursion' to increase the "
-                              "limit if necessary. Use 'LogLevel debug' to get "
-                              "a backtrace.", rlimit);
-
-                /* post backtrace */
-                log_backtrace(r);
-
-                /* return failure */
-                return 1;
-            }
-
-            top = top->prev;
-        }
-
-        if (!top->prev && top->main) {
-            if (slimit && ++subreqs >= slimit) {
-                /* uuh, too much. */
-                ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-                              "Request exceeded the limit of %d subrequest "
-                              "nesting levels due to probable confguration "
-                              "error. Use 'LimitInternalRecursion' to increase "
-                              "the limit if necessary. Use 'LogLevel debug' to "
-                              "get a backtrace.", slimit);
-
-                /* post backtrace */
-                log_backtrace(r);
-
-                /* return failure */
-                return 1;
-            }
-
-            top = top->main;
-        }
-    }
-
-    /* recursion state: ok */
-    return 0;
-}
-
-/* Note --- ErrorDocument will now work from .htaccess files.  
- * The AllowOverride of Fileinfo allows webmasters to turn it off
- */
-
-static const command_rec core_cmds[] = {
-
-/* Old access config file commands */
-
-{ "<Directory", dirsection, NULL, RSRC_CONF, RAW_ARGS,
-  "Container for directives affecting resources located in the specified "
-  "directories" },
-{ end_directory_section, end_nested_section, NULL, ACCESS_CONF, NO_ARGS,
-  "Marks end of <Directory>" },
-{ "<Location", urlsection, NULL, RSRC_CONF, RAW_ARGS,
-  "Container for directives affecting resources accessed through the "
-  "specified URL paths" },
-{ end_location_section, end_nested_section, NULL, ACCESS_CONF, NO_ARGS,
-  "Marks end of <Location>" },
-{ "<VirtualHost", virtualhost_section, NULL, RSRC_CONF, RAW_ARGS,
-  "Container to map directives to a particular virtual host, takes one or "
-  "more host addresses" },
-{ end_virtualhost_section, end_nested_section, NULL, RSRC_CONF, NO_ARGS,
-  "Marks end of <VirtualHost>" },
-{ "<Files", filesection, NULL, OR_ALL, RAW_ARGS, "Container for directives "
-  "affecting files matching specified patterns" },
-{ end_files_section, end_nested_section, NULL, OR_ALL, NO_ARGS,
-  "Marks end of <Files>" },
-{ "<Limit", ap_limit_section, NULL, OR_ALL, RAW_ARGS, "Container for "
-  "authentication directives when accessed using specified HTTP methods" },
-{ "</Limit>", endlimit_section, NULL, OR_ALL, NO_ARGS,
-  "Marks end of <Limit>" },
-{ "<LimitExcept", ap_limit_section, (void*)1, OR_ALL, RAW_ARGS,
-  "Container for authentication directives to be applied when any HTTP "
-  "method other than those specified is used to access the resource" },
-{ "</LimitExcept>", endlimit_section, (void*)1, OR_ALL, NO_ARGS,
-  "Marks end of <LimitExcept>" },
-{ "<IfModule", start_ifmod, NULL, OR_ALL, TAKE1,
-  "Container for directives based on existance of specified modules" },
-{ end_ifmodule_section, end_ifmod, NULL, OR_ALL, NO_ARGS,
-  "Marks end of <IfModule>" },
-{ "<IfDefine", start_ifdefine, NULL, OR_ALL, TAKE1,
-  "Container for directives based on existance of command line defines" },
-{ end_ifdefine_section, end_ifdefine, NULL, OR_ALL, NO_ARGS,
-  "Marks end of <IfDefine>" },
-{ "<DirectoryMatch", dirsection, (void*)1, RSRC_CONF, RAW_ARGS,
-  "Container for directives affecting resources located in the "
-  "specified directories" },
-{ end_directorymatch_section, end_nested_section, NULL, ACCESS_CONF, NO_ARGS,
-  "Marks end of <DirectoryMatch>" },
-{ "<LocationMatch", urlsection, (void*)1, RSRC_CONF, RAW_ARGS,
-  "Container for directives affecting resources accessed through the "
-  "specified URL paths" },
-{ end_locationmatch_section, end_nested_section, NULL, ACCESS_CONF, NO_ARGS,
-  "Marks end of <LocationMatch>" },
-{ "<FilesMatch", filesection, (void*)1, OR_ALL, RAW_ARGS,
-  "Container for directives affecting files matching specified patterns" },
-{ end_filesmatch_section, end_nested_section, NULL, OR_ALL, NO_ARGS,
-  "Marks end of <FilesMatch>" },
-{ "AuthType", ap_set_string_slot,
-  (void*)XtOffsetOf(core_dir_config, ap_auth_type), OR_AUTHCFG, TAKE1,
-  "An HTTP authorization type (e.g., \"Basic\")" },
-{ "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1,
-  "The authentication realm (e.g. \"Members Only\")" },
-{ "AuthDigestRealmSeed", set_authnonce, NULL, OR_AUTHCFG, TAKE1,
-  "An authentication token which should be different for each logical realm. "\
-  "A random value or the servers IP may be a good choise.\n" },
-{ "Require", require, NULL, OR_AUTHCFG, RAW_ARGS,
-  "Selects which authenticated users or groups may access a protected space" },
-{ "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
-  "access policy if both allow and require used ('all' or 'any')" },    
-#ifdef GPROF
-{ "GprofDir", set_gprof_dir, NULL, RSRC_CONF, TAKE1,
-  "Directory to plop gmon.out files" },
-#endif
-{ "AddDefaultCharset", set_add_default_charset, NULL, OR_FILEINFO, 
-  TAKE1, "The name of the default charset to add to any Content-Type without one or 'Off' to disable" },
-
-/* Old resource config file commands */
-  
-{ "AccessFileName", set_access_name, NULL, RSRC_CONF, RAW_ARGS,
-  "Name(s) of per-directory config files (default: .htaccess)" },
-{ "DocumentRoot", set_document_root, NULL, RSRC_CONF, TAKE1,
-  "Root directory of the document tree"  },
-{ "ErrorDocument", set_error_document, NULL, OR_FILEINFO, RAW_ARGS,
-  "Change responses for HTTP errors" },
-{ "AllowOverride", set_override, NULL, ACCESS_CONF, RAW_ARGS,
-  "Controls what groups of directives can be configured by per-directory "
-  "config files" },
-{ "Options", set_options, NULL, OR_OPTIONS, RAW_ARGS,
-  "Set a number of attributes for a given directory" },
-{ "DefaultType", ap_set_string_slot,
-  (void*)XtOffsetOf (core_dir_config, ap_default_type),
-  OR_FILEINFO, TAKE1, "the default MIME type for untypable files" },
-
-/* Old server config file commands */
-
-{ "ServerType", server_type, NULL, RSRC_CONF, TAKE1,
-  "'inetd' or 'standalone'"},
-{ "Port", server_port, NULL, RSRC_CONF, TAKE1, "A TCP port number"},
-{ "HostnameLookups", set_hostname_lookups, NULL, ACCESS_CONF|RSRC_CONF, TAKE1,
-  "\"on\" to enable, \"off\" to disable reverse DNS lookups, or \"double\" to "
-  "enable double-reverse DNS lookups" },
-{ "User", set_user, NULL, RSRC_CONF, TAKE1,
-  "Effective user id for this server"},
-{ "Group", set_group, NULL, RSRC_CONF, TAKE1,
-  "Effective group id for this server"},
-{ "ServerAdmin", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, server_admin), RSRC_CONF, TAKE1,
-  "The email address of the server administrator" },
-{ "ServerName", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, server_hostname), RSRC_CONF, TAKE1,
-  "The hostname of the server" },
-{ "ServerSignature", set_signature_flag, NULL, OR_ALL, TAKE1,
-  "En-/disable server signature (on|off|email)" },
-{ "ServerRoot", set_server_root, NULL, RSRC_CONF, TAKE1,
-  "Common directory of server-related files (logs, confs, etc.)" },
-{ "ErrorLog", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, error_fname), RSRC_CONF, TAKE1,
-  "The filename of the error log" },
-{ "PidFile", set_pidfile, NULL, RSRC_CONF, TAKE1,
-    "A file for logging the server process ID"},
-{ "ScoreBoardFile", set_scoreboard, NULL, RSRC_CONF, TAKE1,
-    "A file for Apache to maintain runtime process management information"},
-{ "LockFile", set_lockfile, NULL, RSRC_CONF, TAKE1,
-    "The lockfile used when Apache needs to lock the accept() call"},
-{ "AccessConfig", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, access_confname), RSRC_CONF, TAKE1,
-  "The filename of the access config file" },
-{ "ResourceConfig", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, srm_confname), RSRC_CONF, TAKE1,
-  "The filename of the resource config file" },
-{ "ServerAlias", set_server_alias, NULL, RSRC_CONF, RAW_ARGS,
-  "A name or names alternately used to access the server" },
-{ "ServerPath", set_serverpath, NULL, RSRC_CONF, TAKE1,
-  "The pathname the server can be reached at" },
-{ "Timeout", set_timeout, NULL, RSRC_CONF, TAKE1, "Timeout duration (sec)" },
-{ "KeepAliveTimeout", set_keep_alive_timeout, NULL, RSRC_CONF, TAKE1,
-  "Keep-Alive timeout duration (sec)"},
-{ "MaxKeepAliveRequests", set_keep_alive_max, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of Keep-Alive requests per connection, or 0 for infinite" },
-{ "KeepAlive", set_keep_alive, NULL, RSRC_CONF, TAKE1,
-  "Whether persistent connections should be On or Off" },
-{ "IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF, FLAG,
-  "Enable identd (RFC 1413) user lookups - SLOW" },
-{ "ContentDigest", set_content_md5, NULL, OR_OPTIONS,
-  FLAG, "whether or not to send a Content-MD5 header with each request" },
-{ "UseCanonicalName", set_use_canonical_name, NULL,
-  RSRC_CONF|ACCESS_CONF, TAKE1,
-  "How to work out the ServerName : Port when constructing URLs" },
-{ "StartServers", set_daemons_to_start, NULL, RSRC_CONF, TAKE1,
-  "Number of child processes launched at server startup" },
-{ "MinSpareServers", set_min_free_servers, NULL, RSRC_CONF, TAKE1,
-  "Minimum number of idle children, to handle request spikes" },
-{ "MaxSpareServers", set_max_free_servers, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of idle children" },
-{ "MaxServers", set_max_free_servers, NULL, RSRC_CONF, TAKE1,
-  "Deprecated equivalent to MaxSpareServers" },
-{ "ServersSafetyLimit", set_server_limit, NULL, RSRC_CONF, TAKE1,
-  "Deprecated equivalent to MaxClients" },
-{ "MaxClients", set_server_limit, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of children alive at the same time" },
-{ "MaxRequestsPerChild", set_max_requests, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of requests a particular child serves before dying." },
-{ "MaxCPUPerChild", set_child_rl_cpu, NULL, RSRC_CONF, TAKE1,
-  "Maximum amount of CPU time a child can use (rlimit)." },
-{ "MaxDATAPerChild", set_child_rl_data, NULL, RSRC_CONF, TAKE1,
-  "Maximum size of the data segment for a child process (rlimit)." },
-{ "MaxNOFILEPerChild", set_child_rl_nofile, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of open file descriptors a child can have (rlimit)." },
-{ "MaxRSSPerChild", set_child_rl_rss, NULL, RSRC_CONF, TAKE1,
-  "Maximum amount of physical memory a child can use (rlimit)." },
-{ "MaxSTACKPerChild", set_child_rl_stack, NULL, RSRC_CONF, TAKE1,
-  "Maximum amount of stack space a child can use (rlimit)." },
-{ "RLimitCPU",
-  set_limit_cpu, (void*)XtOffsetOf(core_dir_config, limit_cpu),
-  OR_ALL, TAKE12, "Soft/hard limits for max CPU usage in seconds" },
-{ "RLimitMEM",
-  set_limit_mem, (void*)XtOffsetOf(core_dir_config, limit_mem),
-  OR_ALL, TAKE12, "Soft/hard limits for max memory usage per process" },
-{ "RLimitNPROC",
-  set_limit_nproc, (void*)XtOffsetOf(core_dir_config, limit_nproc),
-   OR_ALL, TAKE12, "soft/hard limits for max number of processes per uid" },
-{ "RLimitNOFILE",
-  set_limit_nofile, (void*)XtOffsetOf(core_dir_config, limit_nofile),
-   OR_ALL, TAKE12, "soft/hard limits for max number of files per process" },
-{ "BindAddress", set_bind_address, NULL, RSRC_CONF, TAKE1,
-  "'*', a numeric IP address, or the name of a host with a unique IP address"},
-{ "Listen", set_listener, NULL, RSRC_CONF, TAKE12,
-  "A port number or a numeric IP address and a port number"},
-{ "SendBufferSize", set_send_buffer_size, NULL, RSRC_CONF, TAKE1,
-  "Send buffer size in bytes"},
-{ "AddModule", add_module_command, NULL, RSRC_CONF, ITERATE,
-  "The name of a module" },
-{ "ClearModuleList", clear_module_list_command, NULL, RSRC_CONF, NO_ARGS, 
-  NULL },
-{ "ThreadsPerChild", set_threads, NULL, RSRC_CONF, TAKE1,
-  "Number of threads a child creates" },
-{ "ExcessRequestsPerChild", set_excess_requests, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of requests a particular child serves after it is ready "
-  "to die." },
-{ "ListenBacklog", set_listenbacklog, NULL, RSRC_CONF, TAKE1,
-  "Maximum length of the queue of pending connections, as used by listen(2)" },
-{ "AcceptFilter", set_acceptfilter, NULL, RSRC_CONF, FLAG,
-  "Switch AcceptFiltering on/off (default is "
-	"on"
-	")."
-	"This feature is currently not compiled in; so this directive "
-	"is ignored."
-   },
-{ "CoreDumpDirectory", set_coredumpdir, NULL, RSRC_CONF, TAKE1,
-  "The location of the directory Apache changes to before dumping core" },
-{ "Include", include_config, NULL, (RSRC_CONF | ACCESS_CONF), TAKE1,
-  "Name of the config file to be included" },
-{ "LogLevel", set_loglevel, NULL, RSRC_CONF, TAKE1,
-  "Level of verbosity in error logging" },
-{ "NameVirtualHost", ap_set_name_virtual_host, NULL, RSRC_CONF, TAKE12,
-  "A numeric IP address:port, or the name of a host" },
-{ "CGICommandArgs", set_cgi_command_args, NULL, OR_OPTIONS, FLAG,
-  "Allow or Disallow CGI requests to pass args on the command line" },
-{ "ServerTokens", set_serv_tokens, NULL, RSRC_CONF, TAKE1,
-  "Tokens displayed in the Server: header - Min[imal], OS, Prod[uctOnly], Full" },
-{ "LimitRequestLine", set_limit_req_line, NULL, RSRC_CONF, TAKE1,
-  "Limit on maximum size of an HTTP request line"},
-{ "LimitRequestFieldsize", set_limit_req_fieldsize, NULL, RSRC_CONF, TAKE1,
-  "Limit on maximum size of an HTTP request header field"},
-{ "LimitRequestFields", set_limit_req_fields, NULL, RSRC_CONF, TAKE1,
-  "Limit (0 = unlimited) on max number of header fields in a request message"},
-{ "LimitRequestBody", set_limit_req_body,
-  (void*)XtOffsetOf(core_dir_config, limit_req_body),
-  OR_ALL, TAKE1,
-  "Limit (in bytes) on maximum size of request message body" },
-{ "ProtocolReqCheck", set_protocol_req_check, NULL, RSRC_CONF, FLAG,
-  "Enable strict checking of Protocol type in requests" },
-{ "ShmemUIDisUser", set_change_shmem_uid, NULL, RSRC_CONF, FLAG,
-  "Enable the setting of SysV shared memory scoreboard uid/gid to User/Group" },
-{ "AcceptMutex", set_accept_mutex, NULL, RSRC_CONF, TAKE1,
-  "Serialized Accept Mutex; the methods " 
-    "'sysvsem' "
-    "'flock' "
-    "are compiled in"
-},
-
-{ "FileETag", set_etag_bits, NULL, OR_FILEINFO, RAW_ARGS,
-  "Specify components used to construct a file's ETag"},
-
-{ "LimitInternalRecursion", set_recursion_limit, NULL, RSRC_CONF, TAKE12,
-  "maximum recursion depth of internal redirects and subrequests"},
-
-{ NULL }
-};
-
-/*****************************************************************
- *
- * Core handlers for various phases of server operation...
- */
-
-static int core_translate(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    core_server_config *conf = ap_get_module_config(sconf, &core_module);
-  
-    if (r->proxyreq != NOT_PROXY) {
-        return HTTP_FORBIDDEN;
-    }
-    if ((r->uri[0] != '/') && strcmp(r->uri, "*")) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		     "Invalid URI in request %s", r->the_request);
-	return BAD_REQUEST;
-    }
-    
-    if (r->server->path 
-	&& !strncmp(r->uri, r->server->path, r->server->pathlen)
-	&& (r->server->path[r->server->pathlen - 1] == '/'
-	    || r->uri[r->server->pathlen] == '/'
-	    || r->uri[r->server->pathlen] == '\0')) {
-        r->filename = ap_pstrcat(r->pool, conf->ap_document_root,
-				 (r->uri + r->server->pathlen), NULL);
-    }
-    else {
-	/*
-         * Make sure that we do not mess up the translation by adding two
-         * /'s in a row.  This happens under windows when the document
-         * root ends with a /
-         */
-        if ((conf->ap_document_root[strlen(conf->ap_document_root)-1] == '/')
-	    && (*(r->uri) == '/')) {
-	    r->filename = ap_pstrcat(r->pool, conf->ap_document_root, r->uri+1,
-				     NULL);
-	}
-	else {
-	    r->filename = ap_pstrcat(r->pool, conf->ap_document_root, r->uri,
-				     NULL);
-	}
-    }
-
-    return OK;
-}
-
-static int do_nothing(request_rec *r) { return OK; }
-
-struct mmap_rec {
-    void *mm;
-    size_t length;
-};
-
-static void mmap_cleanup(void *mmv)
-{
-    struct mmap_rec *mmd = mmv;
-
-    if (munmap(mmd->mm, mmd->length) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, NULL,
-                     "Failed to munmap memory of length %ld at 0x%lx",
-                     (long) mmd->length, (long) mmd->mm);
-    }
-}
-
-/*
- * Default handler for MIME types without other handlers.  Only GET
- * and OPTIONS at this point... anyone who wants to write a generic
- * handler for PUT or POST is free to do so, but it seems unwise to provide
- * any defaults yet... So, for now, we assume that this will always be
- * the last handler called and return 405 or 501.
- */
-
-static int default_handler(request_rec *r)
-{
-    core_dir_config *d =
-      (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
-    int rangestatus, errstatus;
-    FILE *f;
-    caddr_t mm;
-
-    /* This handler has no use for a request body (yet), but we still
-     * need to read and discard it if the client sent one.
-     */
-    if ((errstatus = ap_discard_request_body(r)) != OK) {
-        return errstatus;
-    }
-
-    r->allowed |= (1 << M_GET) | (1 << M_OPTIONS);
-
-    if (r->method_number == M_INVALID) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "Invalid method in request %s",
-		    ap_escape_logitem(r->pool, r->the_request));
-	return NOT_IMPLEMENTED;
-    }
-    if (r->method_number == M_OPTIONS) {
-        return ap_send_http_options(r);
-    }
-    if (r->method_number == M_PUT) {
-        return METHOD_NOT_ALLOWED;
-    }
-
-    if (r->finfo.st_mode == 0 || (r->path_info && *r->path_info)) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-		      "File does not exist: %s",r->path_info ?
-		      ap_pstrcat(r->pool, r->filename, r->path_info, NULL)
-		      : r->filename);
-	return HTTP_NOT_FOUND;
-    }
-    if (r->method_number != M_GET) {
-        return METHOD_NOT_ALLOWED;
-    }
-	
-    f = ap_pfopen(r->pool, r->filename, "r");
-
-    if (f == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		     "file permissions deny server access: %s", r->filename);
-        return FORBIDDEN;
-    }
-	
-    ap_update_mtime(r, r->finfo.st_mtime);
-    ap_set_last_modified(r);
-    ap_set_etag(r);
-    ap_table_setn(r->headers_out, "Accept-Ranges", "bytes");
-    if (((errstatus = ap_meets_conditions(r)) != OK)
-	|| (errstatus = ap_set_content_length(r, r->finfo.st_size))) {
-        return errstatus;
-    }
-
-    ap_block_alarms();
-    if ((r->finfo.st_size >= MMAP_THRESHOLD)
-	&& (r->finfo.st_size < MMAP_LIMIT)
-	&& (!r->header_only || (d->content_md5 & 1))) {
-	/* we need to protect ourselves in case we die while we've got the
- 	 * file mmapped */
-	mm = mmap(NULL, r->finfo.st_size, PROT_READ, MAP_PRIVATE,
-		  fileno(f), 0);
-	if (mm == (caddr_t)-1) {
-	    ap_log_rerror(APLOG_MARK, APLOG_CRIT, r,
-			 "default_handler: mmap failed: %s", r->filename);
-	}
-    }
-    else {
-	mm = (caddr_t)-1;
-    }
-
-    if (mm == (caddr_t)-1) {
-	ap_unblock_alarms();
-
-	if (d->content_md5 & 1) {
-	    ap_table_setn(r->headers_out, "Content-MD5",
-			  ap_md5digest(r->pool, f));
-	}
-
-	rangestatus = ap_set_byterange(r);
-
-	ap_send_http_header(r);
-	
-	if (!r->header_only) {
-	    if (!rangestatus) {
-		ap_send_fd(f, r);
-	    }
-	    else {
-		off_t offset, length;
-		while (ap_each_byterange(r, &offset, &length)) {
-		    /*
-		     * Non zero returns are more portable than checking
-		     * for a return of -1.
-		     */
-		    if (fseeko(f, offset, SEEK_SET)) {
-			ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-			      "Failed to fseeko for byterange (%qd, %qd): %s",
-			      offset, length, r->filename);
-		    }
-		    else {
-			ap_send_fd_length(f, r, length);
-		    }
-		}
-	    }
-	}
-
-    }
-    else {
-	struct mmap_rec *mmd;
-
-	mmd = ap_palloc(r->pool, sizeof(*mmd));
-	mmd->mm = mm;
-	mmd->length = r->finfo.st_size;
-	ap_register_cleanup(r->pool, (void *)mmd, mmap_cleanup, mmap_cleanup);
-	ap_unblock_alarms();
-
-	if (d->content_md5 & 1) {
-	    AP_MD5_CTX context;
-	    
-	    ap_MD5Init(&context);
-	    ap_MD5Update(&context, (void *)mm, (unsigned int)r->finfo.st_size);
-	    ap_table_setn(r->headers_out, "Content-MD5",
-			  ap_md5contextTo64(r->pool, &context));
-	}
-
-	rangestatus = ap_set_byterange(r);
-	ap_send_http_header(r);
-	
-	if (!r->header_only) {
-	    if (!rangestatus) {
-		ap_send_mmap(mm, r, 0, r->finfo.st_size);
-	    }
-	    else {
-		off_t offset, length;
-		while (ap_each_byterange(r, &offset, &length)) {
-		    ap_send_mmap(mm, r, offset, length);
-		}
-	    }
-	}
-    }
-
-    ap_pfclose(r->pool, f);
-    return OK;
-}
-
-static const handler_rec core_handlers[] = {
-{ "*/*", default_handler },
-{ "default-handler", default_handler },
-{ NULL, NULL }
-};
-
-API_VAR_EXPORT module core_module = {
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_core_dir_config,	/* create per-directory config structure */
-    merge_core_dir_configs,	/* merge per-directory config structures */
-    create_core_server_config,	/* create per-server config structure */
-    merge_core_server_configs,	/* merge per-server config structures */
-    core_cmds,			/* command table */
-    core_handlers,		/* handlers */
-    core_translate,		/* translate_handler */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    do_nothing,			/* check access */
-    do_nothing,			/* type_checker */
-    NULL,			/* pre-run fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post_read_request */
-};
diff --git a/usr.sbin/httpd/src/main/http_log.c b/usr.sbin/httpd/src/main/http_log.c
deleted file mode 100644
index 81ba126074b..00000000000
--- a/usr.sbin/httpd/src/main/http_log.c
+++ /dev/null
@@ -1,585 +0,0 @@
-/*	$OpenBSD: http_log.c,v 1.20 2013/08/18 16:32:24 guenther Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_log.c: Dealing with the logs and errors
- * 
- * Rob McCool
- * 
- */
-
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_conf_globals.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-
-#include <stdarg.h>
-
-typedef struct {
-	char	*t_name;
-	int	 t_val;
-} TRANS;
-
-static const TRANS facilities[] = {
-	{"auth",	LOG_AUTH},
-	{"authpriv",	LOG_AUTHPRIV},
-	{"cron", 	LOG_CRON},
-	{"daemon",	LOG_DAEMON},
-	{"ftp",		LOG_FTP},
-	{"kern",	LOG_KERN},
-	{"lpr",		LOG_LPR},
-	{"mail",	LOG_MAIL},
-	{"news",	LOG_NEWS},
-	{"syslog",	LOG_SYSLOG},
-	{"user",	LOG_USER},
-	{"uucp",	LOG_UUCP},
-	{"local0",	LOG_LOCAL0},
-	{"local1",	LOG_LOCAL1},
-	{"local2",	LOG_LOCAL2},
-	{"local3",	LOG_LOCAL3},
-	{"local4",	LOG_LOCAL4},
-	{"local5",	LOG_LOCAL5},
-	{"local6",	LOG_LOCAL6},
-	{"local7",	LOG_LOCAL7},
-	{NULL,				-1},
-};
-
-static const TRANS priorities[] = {
-	{"emerg",	APLOG_EMERG},
-	{"alert",	APLOG_ALERT},
-	{"crit",	APLOG_CRIT},
-	{"error",	APLOG_ERR},
-	{"warn",	APLOG_WARNING},
-	{"notice",	APLOG_NOTICE},
-	{"info",	APLOG_INFO},
-	{"debug",	APLOG_DEBUG},
-	{NULL,		-1},
-};
-
-static int
-error_log_child(void *cmd, child_info *pinfo)
-{
-	/* Child process code for 'ErrorLog "|..."';
-	 * may want a common framework for this, since I expect it will
-	 * be common for other foo-loggers to want this sort of thing...
-	 */
-	int child_pid = 0;
-
-	ap_cleanup_for_exec();
-	/* No concept of a child process on Win32 */
-	signal(SIGHUP, SIG_IGN);
-	execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, (char *)NULL);
-	exit(1);
-	/* NOT REACHED */
-	return(child_pid);
-}
-
-static void
-open_error_log(server_rec *s, pool *p)
-{
-	char *fname;
-
-	if (*s->error_fname == '|') {
-		FILE *dummy;
-		if (!ap_spawn_child(p, error_log_child,
-		    (void *)(s->error_fname+1), kill_after_timeout, &dummy,
-		    NULL, NULL)) {
-			perror("ap_spawn_child");
-			fprintf(stderr, "Couldn't fork child for ErrorLog "
-			    "process\n");
-			exit(1);
-		}
-
-		s->error_log = dummy;
-	} else if (!strncasecmp(s->error_fname, "syslog", 6)) {
-		if ((fname = strchr(s->error_fname, ':'))) {
-			const TRANS *fac;
-
-			fname++;
-			for (fac = facilities; fac->t_name; fac++) {
-				if (!strcasecmp(fname, fac->t_name)) {
-					openlog(ap_server_argv0,
-					    LOG_NDELAY|LOG_CONS|LOG_PID,
-					    fac->t_val);
-					s->error_log = NULL;
-					return;
-				}
-			}
-		} else
-			openlog(ap_server_argv0, LOG_NDELAY|LOG_CONS|LOG_PID,
-			    LOG_LOCAL7);
-
-		s->error_log = NULL;
-	} else {
-		fname = ap_server_root_relative(p, s->error_fname);
-		if (!(s->error_log = ap_pfopen(p, fname, "a"))) {
-			perror("fopen");
-			fprintf(stderr, "%s: could not open error log file "
-			    "%s.\n", ap_server_argv0, fname);
-			exit(1);
-		}
-	}
-}
-
-API_EXPORT(void)
-ap_open_logs(server_rec *s_main, pool *p)
-{
-	server_rec *virt, *q;
-	int replace_stderr;
-
-
-	open_error_log(s_main, p);
-
-	replace_stderr = 1;
-	if (s_main->error_log) {
-		/* replace stderr with this new log */
-		fflush(stderr);
-		if (dup2(fileno(s_main->error_log), STDERR_FILENO) == -1)
-			ap_log_error(APLOG_MARK, APLOG_CRIT, s_main,
-			    "unable to replace stderr with error_log");
-		else
-			replace_stderr = 0;
-	}
-	/* note that stderr may still need to be replaced with something
-	 * because it points to the old error log, or back to the tty
-	 * of the submitter.
-	 */
-	if (replace_stderr && freopen("/dev/null", "w", stderr) == NULL)
-		ap_log_error(APLOG_MARK, APLOG_CRIT, s_main,
-		    "unable to replace stderr with /dev/null");
-
-	for (virt = s_main->next; virt; virt = virt->next) {
-		if (virt->error_fname) {
-			for (q=s_main; q != virt; q = q->next)
-				if (q->error_fname != NULL &&
-				    strcmp(q->error_fname, virt->error_fname)
-				    == 0)
-					break;
-			if (q == virt)
-				open_error_log(virt, p);
-			else 
-				virt->error_log = q->error_log;
-		} else
-			virt->error_log = s_main->error_log;
-	}
-}
-
-API_EXPORT(void)
-ap_error_log2stderr(server_rec *s)
-{
-	if (s->error_log != NULL && fileno(s->error_log) != STDERR_FILENO)
-		dup2(fileno(s->error_log), STDERR_FILENO);
-}
-
-static void
-log_error_core(const char *file, int line, int level, const server_rec *s,
-    const request_rec *r, const char *fmt, va_list args)
-{
-	char errstr[MAX_STRING_LEN];
-	char scratch[MAX_STRING_LEN];
-	size_t len;
-	int save_errno = errno;
-	FILE *logf;
-
-	if (s == NULL) {
-		/*
-		 * If we are doing stderr logging (startup), don't log messages
-		 * that are above the default server log level unless it is a
-		 * startup/shutdown notice
-		 */
-		if (((level & APLOG_LEVELMASK) != APLOG_NOTICE) &&
-		    ((level & APLOG_LEVELMASK) > DEFAULT_LOGLEVEL))
-			return;
-		logf = stderr;
-	} else if (s->error_log) {
-		/*
-		 * If we are doing normal logging, don't log messages that are
-		 * above the server log level unless it is a startup/shutdown
-		 * notice
-		 */
-		if (((level & APLOG_LEVELMASK) != APLOG_NOTICE) &&
-		    ((level & APLOG_LEVELMASK) > s->loglevel))
-			return;
-		logf = s->error_log;
-	} else {
-		/*
-		 * If we are doing syslog logging, don't log messages that are
-		 * above the server log level (including a startup/shutdown
-		 * notice)
-		 */
-		if ((level & APLOG_LEVELMASK) > s->loglevel)
-			return;
-		logf = NULL;
-	}
-
-	if (logf)
-		len = ap_snprintf(errstr, sizeof(errstr), "[%s] ",
-		    ap_get_time());
-	else
-		len = 0;
-
-	len += ap_snprintf(errstr + len, sizeof(errstr) - len,
-			"[%s] ", priorities[level & APLOG_LEVELMASK].t_name);
-
-	if (file && (level & APLOG_LEVELMASK) == APLOG_DEBUG)
-		len += ap_snprintf(errstr + len, sizeof(errstr) - len,
-		    "%s(%d): ", file, line);
-	if (r)
-		/* XXX: TODO: add a method of selecting whether logged client
-		 * addresses are in dotted quad or resolved form... dotted
-		 * quad is the most secure, which is why I'm implementing it
-		 * first. -djg
-		 */
-		len += ap_snprintf(errstr + len, sizeof(errstr) - len,
-		    "[client %s] ", r->connection->remote_ip);
-
-	if (!(level & APLOG_NOERRNO) && (save_errno != 0))
-		len += ap_snprintf(errstr + len, sizeof(errstr) - len,
-		    "(%d)%s: ", save_errno, strerror(save_errno));
-
-	if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args))
-		len += ap_escape_errorlog_item(errstr + len, scratch,
-		    sizeof(errstr) - len);
-
-	/* NULL if we are logging to syslog */
-	if (logf) {
-		fputs(errstr, logf);
-		fputc('\n', logf);
-		fflush(logf);
-	} else
-		syslog(level & APLOG_LEVELMASK, "%s", errstr);
-}
-	
-API_EXPORT_NONSTD(void)
-ap_log_error(const char *file, int line, int level, const server_rec *s,
-    const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	log_error_core(file, line, level, s, NULL, fmt, args);
-	va_end(args);
-}
-
-API_EXPORT_NONSTD(void)
-ap_log_rerror(const char *file, int line, int level, const request_rec *r,
-    const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	log_error_core(file, line, level, r->server, r, fmt, args);
-	/*
-	 * IF the error level is 'warning' or more severe,
-	 * AND there isn't already error text associated with this request,
-	 * THEN make the message text available to ErrorDocument and
-	 * other error processors.  This can be disabled by stuffing
-	 * something, even an empty string, into the "error-notes" cell
-	 * before calling this routine.
-	 */
-	va_end(args);
-	va_start(args,fmt); 
-	if (((level & APLOG_LEVELMASK) <= APLOG_WARNING)
-		&& (ap_table_get(r->notes, "error-notes") == NULL)) {
-		ap_table_setn(r->notes, "error-notes",
-		    ap_escape_html(r->pool, ap_pvsprintf(r->pool, fmt, args)));
-	}
-	va_end(args);
-}
-
-API_EXPORT(void)
-ap_log_pid(pool *p, char *fname)
-{
-	FILE *pid_file;
-	struct stat finfo;
-	static pid_t saved_pid = -1;
-	pid_t mypid;
-	mode_t u;
-
-	if (!fname) 
-		return;
-
-	fname = ap_server_root_relative(p, fname);
-	mypid = getpid();
-	if (!ap_server_chroot_desired() && mypid != saved_pid 
-	    && stat(fname, &finfo) == 0)
-	  /* USR1 and HUP call this on each restart.
-	   * Only warn on first time through for this pid.
-	   *
-	   * XXX: Could just write first time through too, although
-	   *	  that may screw up scripts written to do something
-	   *	  based on the last modification time of the pid file.
-	   */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL, "%s",
-		    ap_psprintf(p, "pid file %s overwritten -- Unclean shutdown"
-		    " of previous Apache run?", fname));
-
-	u = umask(022);
-	(void)umask(u | 022);
-	if(!(pid_file = fopen(fname, "w"))) {
-		perror("fopen");
-		fprintf(stderr, "%s: could not log pid to file %s\n",
-		    ap_server_argv0, fname);
-		exit(1);
-	}
-	(void)umask(u);
-	fprintf(pid_file, "%ld\n", (long)mypid);
-	fclose(pid_file);
-	saved_pid = mypid;
-}
-
-API_EXPORT(void)
-ap_log_error_old(const char *err, server_rec *s)
-{
-	ap_log_error(APLOG_MARK, APLOG_ERR, s, "%s", err);
-}
-
-API_EXPORT(void)
-ap_log_unixerr(const char *routine, const char *file, const char *msg,
-    server_rec *s)
-{
-	ap_log_error(file, 0, APLOG_ERR, s, "%s", msg);
-}
-
-API_EXPORT_NONSTD(void)
-ap_log_printf(const server_rec *s, const char *fmt, ...)
-{
-	va_list args;
-	
-	va_start(args, fmt);
-	log_error_core(APLOG_MARK, APLOG_ERR, s, NULL, fmt, args);
-	va_end(args);
-}
-
-API_EXPORT(void)
-ap_log_reason(const char *reason, const char *file, request_rec *r) 
-{
-	ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-	    "access to %s failed for %s, reason: %s", file,
-	    ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME),
-	    reason);
-}
-
-API_EXPORT(void)
-ap_log_assert(const char *szExp, const char *szFile, int nLine)
-{
-	fprintf(stderr, "[%s] file %s, line %d, assertion \"%s\" failed\n",
-	    ap_get_time(), szFile, nLine, szExp);
-	/* unix assert does an abort leading to a core dump */
-	abort();
-}
-
-/* piped log support */
-
-/* forward declaration */
-static void piped_log_maintenance(int reason, void *data, ap_wait_t status);
-
-static int
-piped_log_spawn(piped_log *pl)
-{
-	int pid;
-
-	ap_block_alarms();
-	pid = fork();
-	if (pid == 0) {
-		/* XXX: need to check what open fds the logger is actually
-		 *      passed,
-		 * XXX: and CGIs for that matter ... cleanup_for_exec *should*
-		 * XXX: close all the relevant stuff, but hey, it could be
-		 *      broken. */
-		RAISE_SIGSTOP(PIPED_LOG_SPAWN);
-		/* we're now in the child */
-		close(STDIN_FILENO);
-		dup2(pl->fds[0], STDIN_FILENO);
-
-		ap_cleanup_for_exec();
-		signal(SIGCHLD, SIG_DFL);	/* for HPUX */
-		signal(SIGHUP, SIG_IGN);
-		execl(SHELL_PATH, SHELL_PATH, "-c", pl->program, (char *)NULL);
-		fprintf(stderr,
-		    "piped_log_spawn: unable to exec %s -c '%s': %s\n",
-		    SHELL_PATH, pl->program, strerror (errno));
-		exit(1);
-	}
-	if (pid == -1) {
-		fprintf(stderr,
-		    "piped_log_spawn: unable to fork(): %s\n", strerror(errno));
-		ap_unblock_alarms();
-		return -1;
-	}
-	ap_unblock_alarms();
-	pl->pid = pid;
-	ap_register_other_child(pid, piped_log_maintenance, pl, pl->fds[1]);
-	return 0;
-}
-
-
-static void
-piped_log_maintenance(int reason, void *data, ap_wait_t status)
-{
-	piped_log *pl = data;
-
-	switch (reason) {
-	case OC_REASON_DEATH:
-	case OC_REASON_LOST:
-		pl->pid = -1;
-		ap_unregister_other_child(pl);
-		if (pl->program == NULL)
-			/* during a restart */
-			break;
-		if (piped_log_spawn(pl) == -1)
-			/* what can we do?  This could be the error log we're having
-			 * problems opening up... */
-			fprintf(stderr,
-			    "piped_log_maintenance: unable to respawn '%s': %s\n",
-			    pl->program, strerror(errno));
-		break;
-	case OC_REASON_UNWRITABLE:
-		/* We should not kill off the pipe here, since it may only be
-		 * full. If it really is locked, we should kill it off manually.
-		 */
-		break;
-	case OC_REASON_RESTART:
-		pl->program = NULL;
-		if (pl->pid != -1)
-			kill(pl->pid, SIGTERM);
-		break;
-	case OC_REASON_UNREGISTER:
-		break;
-	}
-}
-
-
-static void
-piped_log_cleanup(void *data)
-{
-	piped_log *pl = data;
-
-	if (pl->pid != -1)
-		kill(pl->pid, SIGTERM);
-	
-	ap_unregister_other_child(pl);
-	close(pl->fds[0]);
-	close(pl->fds[1]);
-}
-
-
-static void
-piped_log_cleanup_for_exec(void *data)
-{
-	piped_log *pl = data;
-
-	close(pl->fds[0]);
-	close(pl->fds[1]);
-}
-
-static int
-piped_log_magic_cleanup(void *data)
-{
-	piped_log *pl = data;
-
-	/* Yes, I _do_ mean a binary and */
-	return ap_close_fd_on_exec(pl->fds[0]) &
-	    ap_close_fd_on_exec(pl->fds[1]);
-}
-
-API_EXPORT(piped_log *)
-ap_open_piped_log(pool *p, const char *program)
-{
-	piped_log *pl;
-
-	pl = ap_palloc(p, sizeof (*pl));
-	pl->p = p;
-	pl->program = ap_pstrdup(p, program);
-	pl->pid = -1;
-	ap_block_alarms ();
-	if (pipe(pl->fds) == -1) {
-		int save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return NULL;
-	}
-	ap_register_cleanup_ex(p, pl, piped_log_cleanup,
-	    piped_log_cleanup_for_exec, piped_log_magic_cleanup);
-	if (piped_log_spawn(pl) == -1) {
-		int save_errno = errno;
-		ap_kill_cleanup(p, pl, piped_log_cleanup);
-		close(pl->fds[0]);
-		close(pl->fds[1]);
-		ap_unblock_alarms();
-		errno = save_errno;
-		return NULL;
-	}
-	ap_unblock_alarms();
-	return pl;
-}
-
-API_EXPORT(void)
-ap_close_piped_log(piped_log *pl)
-{
-	ap_block_alarms();
-	piped_log_cleanup(pl);
-	ap_kill_cleanup(pl->p, pl, piped_log_cleanup);
-	ap_unblock_alarms();
-}
diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c
deleted file mode 100644
index 62937f77dac..00000000000
--- a/usr.sbin/httpd/src/main/http_main.c
+++ /dev/null
@@ -1,3465 +0,0 @@
-/* $OpenBSD: http_main.c,v 1.55 2011/07/17 17:32:35 jcs Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * httpd.c: simple http daemon for answering WWW file requests
- *
- * 
- * 03-21-93  Rob McCool wrote original code (up to NCSA HTTPd 1.3)
- * 
- * 03-06-95  blong
- *  changed server number for child-alone processes to 0 and changed name
- *   of processes
- *
- * 03-10-95  blong
- *      Added numerous speed hacks proposed by Robert S. Thau (rst@ai.mit.edu) 
- *      including set group before fork, and call gettime before to fork
- *      to set up libraries.
- *
- * 04-14-95  rst / rh
- *      Brandon's code snarfed from NCSA 1.4, but tinkered to work with the
- *      Apache server, and also to have child processes do accept() directly.
- *
- * April-July '95 rst
- *      Extensive rework for Apache.
- */
-
-#define REALMAIN main
-
-#define CORE_PRIVATE
-
-#include "httpd.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "http_config.h"	/* for read_config */
-#include "http_protocol.h"	/* for read_request */
-#include "http_request.h"	/* for process_request */
-#include "http_conf_globals.h"
-#include "http_core.h"		/* for get_remote_host */
-#include "http_vhost.h"
-#include "util_script.h"	/* to force util_script.c linking */
-#include "util_uri.h"
-#include "fdcache.h"
-#include "scoreboard.h"
-#include "multithread.h"
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <netinet/tcp.h>
-#ifdef MOD_SSL
-#include <openssl/evp.h>
-#endif
-
-/* This next function is never used. It is here to ensure that if we
- * make all the modules into shared libraries that core httpd still
- * includes the full Apache API. Without this function the objects in
- * main/util_script.c would not be linked into a minimal httpd.
- * And the extra prototype is to make gcc -Wmissing-prototypes quiet.
- */
-API_EXPORT(void) ap_force_library_loading(void);
-API_EXPORT(void) ap_force_library_loading(void) {
-    ap_add_cgi_vars(NULL);
-}
-
-#include "explain.h"
-
-#if !defined(max)
-#define max(a,b)        (a > b ? a : b)
-#endif
-
-#define PATHSEPARATOR '/'
-
-DEF_Explain
-
-/* Defining GPROF when compiling uses the moncontrol() function to
- * disable gprof profiling in the parent, and enable it only for
- * request processing in children (or in one_process mode).  It's
- * absolutely required to get useful gprof results under linux
- * because the profile itimers and such are disabled across a
- * fork().  It's probably useful elsewhere as well.
- */
-#ifdef GPROF
-extern void moncontrol(int);
-#define MONCONTROL(x) moncontrol(x)
-#else
-#define MONCONTROL(x)
-#endif
-
-/* this just need to be anything non-NULL */
-void *ap_dummy_mutex = &ap_dummy_mutex;
-
-/*
- * Actual definitions of config globals... here because this is
- * for the most part the only code that acts on 'em.  (Hmmm... mod_main.c?)
- */
-int ap_thread_count = 0;
-API_VAR_EXPORT int ap_standalone=0;
-API_VAR_EXPORT int ap_configtestonly=0;
-int ap_docrootcheck=1;
-API_VAR_EXPORT uid_t ap_user_id=0;
-API_VAR_EXPORT char *ap_user_name=NULL;
-API_VAR_EXPORT gid_t ap_group_id=0;
-API_VAR_EXPORT int ap_max_requests_per_child=0;
-API_VAR_EXPORT int ap_max_cpu_per_child=0;
-API_VAR_EXPORT int ap_max_data_per_child=0;
-API_VAR_EXPORT int ap_max_nofile_per_child=0;
-API_VAR_EXPORT int ap_max_rss_per_child=0;
-API_VAR_EXPORT int ap_max_stack_per_child=0;
-API_VAR_EXPORT int ap_threads_per_child=0;
-API_VAR_EXPORT int ap_excess_requests_per_child=0;
-API_VAR_EXPORT char *ap_pid_fname=NULL;
-API_VAR_EXPORT char *ap_scoreboard_fname=NULL;
-API_VAR_EXPORT char *ap_lock_fname=NULL;
-API_VAR_EXPORT char *ap_server_argv0=NULL;
-API_VAR_EXPORT int ap_default_family = PF_INET;
-API_VAR_EXPORT struct sockaddr_storage ap_bind_address;
-API_VAR_EXPORT int ap_daemons_to_start=0;
-API_VAR_EXPORT int ap_daemons_min_free=0;
-API_VAR_EXPORT int ap_daemons_max_free=0;
-API_VAR_EXPORT int ap_daemons_limit=0;
-API_VAR_EXPORT time_t ap_restart_time=0;
-API_VAR_EXPORT int ap_suexec_enabled = 0;
-API_VAR_EXPORT int ap_listenbacklog=0;
-
-struct accept_mutex_methods_s {
-    void (*child_init)(pool *p);
-    void (*init)(pool *p);
-    void (*on)(void);
-    void (*off)(void);
-    char *name;
-};
-typedef struct accept_mutex_methods_s accept_mutex_methods_s;
-accept_mutex_methods_s *amutex;
-
-int ap_dump_settings = 0;
-API_VAR_EXPORT int ap_extended_status = 0;
-API_VAR_EXPORT ap_ctx *ap_global_ctx;
-
-/*
- * The max child slot ever assigned, preserved across restarts.  Necessary
- * to deal with MaxClients changes across SIGUSR1 restarts.  We use this
- * value to optimize routines that have to scan the entire scoreboard.
- */
-static int max_daemons_limit = -1;
-
-/*
- * During config time, listeners is treated as a NULL-terminated list.
- * child_main previously would start at the beginning of the list each time
- * through the loop, so a socket early on in the list could easily starve out
- * sockets later on in the list.  The solution is to start at the listener
- * after the last one processed.  But to do that fast/easily in child_main it's
- * way more convenient for listeners to be a ring that loops back on itself.
- * The routine setup_listeners() is called after config time to both open up
- * the sockets and to turn the NULL-terminated list into a ring that loops back
- * on itself.
- *
- * head_listener is used by each child to keep track of what they consider
- * to be the "start" of the ring.  It is also set by make_child to ensure
- * that new children also don't starve any sockets.
- *
- * Note that listeners != NULL is ensured by read_config().
- */
-listen_rec *ap_listeners=NULL;
-static listen_rec *head_listener;
-
-API_VAR_EXPORT char ap_server_root[MAX_STRING_LEN]="";
-API_VAR_EXPORT char ap_server_confname[MAX_STRING_LEN]="";
-API_VAR_EXPORT char ap_coredump_dir[MAX_STRING_LEN]="";
-
-API_VAR_EXPORT array_header *ap_server_pre_read_config=NULL;
-API_VAR_EXPORT array_header *ap_server_post_read_config=NULL;
-API_VAR_EXPORT array_header *ap_server_config_defines=NULL;
-
-API_VAR_EXPORT int ap_server_chroot=1;
-API_VAR_EXPORT int is_chrooted=0;
-
-/* *Non*-shared http_main globals... */
-
-static server_rec *server_conf;
-static JMP_BUF APACHE_TLS jmpbuffer;
-static int sd;
-static fd_set listenfds;
-static int listenmaxfd;
-static pid_t pgrp;
-
-/* one_process --- debugging mode variable; can be set from the command line
- * with the -X flag.  If set, this gets you the child_main loop running
- * in the process which originally started up (no detach, no make_child),
- * which is a pretty nice debugging environment.  (You'll get a SIGHUP
- * early in standalone_main; just continue through.  This is the server
- * trying to kill off any child processes which it might have lying
- * around --- Apache doesn't keep track of their pids, it just sends
- * SIGHUP to the process group, ignoring it in the root process.
- * Continue through and you'll be fine.).
- */
-
-static int one_process = 0;
-
-static int do_detach = 1;
-
-/* set if timeouts are to be handled by the children and not by the parent.
- * i.e. child_timeouts = !standalone || one_process.
- */
-static int child_timeouts;
-
-#ifdef DEBUG_SIGSTOP
-int raise_sigstop_flags;
-#endif
-
-/* used to maintain list of children which aren't part of the scoreboard */
-typedef struct other_child_rec other_child_rec;
-struct other_child_rec {
-    other_child_rec *next;
-    int pid;
-    void (*maintenance) (int, void *, ap_wait_t);
-    void *data;
-    int write_fd;
-};
-static other_child_rec *other_children;
-
-static pool *pglobal;		/* Global pool */
-static pool *pconf;		/* Pool for config stuff */
-static pool *plog;		/* Pool for error-logging files */
-static pool *ptrans;		/* Pool for per-transaction stuff */
-static pool *pchild;		/* Pool for httpd child stuff */
-static pool *pmutex;            /* Pool for accept mutex in child */
-static pool *pcommands;	/* Pool for -C and -c switches */
-
-static int APACHE_TLS my_pid;	/* it seems silly to call getpid all the time */
-static int my_child_num;
-
-
-scoreboard *ap_scoreboard_image = NULL;
-
-/*
- * Pieces for managing the contents of the Server response header
- * field.
- */
-static char *server_version = NULL;
-static int version_locked = 0;
-
-/* Global, alas, so http_core can talk to us */
-enum server_token_type ap_server_tokens = SrvTk_PRODUCT_ONLY;
-
-/* Also global, for http_core and http_protocol */
-API_VAR_EXPORT int ap_protocol_req_check = 1;
-
-API_VAR_EXPORT int ap_change_shmem_uid = 0;
-
-/*
- * This routine is called when the pconf pool is vacuumed.  It resets the
- * server version string to a known value and [re]enables modifications
- * (which are disabled by configuration completion). 
- */
-static void reset_version(void *dummy)
-{
-    version_locked = 0;
-    ap_server_tokens = SrvTk_PRODUCT_ONLY;
-    server_version = NULL;
-}
-
-API_EXPORT(const char *) ap_get_server_version(void)
-{
-    return (server_version ? server_version : SERVER_BASEVERSION);
-}
-
-API_EXPORT(void) ap_add_version_component(const char *component)
-{
-    if (! version_locked) {
-        /*
-         * If the version string is null, register our cleanup to reset the
-         * pointer on pool destruction. We also know that, if NULL,
-	 * we are adding the original SERVER_BASEVERSION string.
-         */
-        if (server_version == NULL) {
-	    ap_register_cleanup(pconf, NULL, (void (*)(void *))reset_version, 
-				ap_null_cleanup);
-	    server_version = ap_pstrdup(pconf, component);
-	}
-	else {
-	    /*
-	     * Tack the given component identifier to the end of
-	     * the existing string.
-	     */
-	    server_version = ap_pstrcat(pconf, server_version, " ",
-					component, NULL);
-	}
-    }
-}
-
-/*
- * This routine adds the real server base identity to the version string,
- * and then locks out changes until the next reconfig.
- */
-static void ap_set_version(void)
-{
-    if (ap_server_tokens == SrvTk_PRODUCT_ONLY) {
-	ap_add_version_component(SERVER_PRODUCT);
-    }
-    else if (ap_server_tokens == SrvTk_MIN) {
-	ap_add_version_component(SERVER_BASEVERSION);
-    }
-    else {
-	ap_add_version_component(SERVER_BASEVERSION " (" PLATFORM ")");
-    }
-    /*
-     * Lock the server_version string if we're not displaying
-     * the full set of tokens
-     */
-    if (ap_server_tokens != SrvTk_FULL) {
-	version_locked++;
-    }
-}
-
-API_EXPORT(void) ap_add_config_define(const char *define)
-{
-    char **var;
-    var = (char **)ap_push_array(ap_server_config_defines);
-    *var = ap_pstrdup(pcommands, define);
-    return;
-}
-
-/*
- * Invoke the `close_connection' hook of modules to let them do
- * some connection dependent actions before we close it.
- */
-static void ap_call_close_connection_hook(conn_rec *c)
-{
-    module *m;
-    for (m = top_module; m != NULL; m = m->next)
-        if (m->magic == MODULE_MAGIC_COOKIE_EAPI)
-            if (m->close_connection != NULL)
-                (*m->close_connection)(c);
-    return;
-}
-
-static APACHE_TLS int volatile exit_after_unblock = 0;
-
-#ifdef GPROF
-/* 
- * change directory for gprof to plop the gmon.out file
- * configure in httpd.conf:
- * GprofDir logs/   -> $ServerRoot/logs/gmon.out
- * GprofDir logs/%  -> $ServerRoot/logs/gprof.$pid/gmon.out
- */
-static void chdir_for_gprof(void)
-{
-    core_server_config *sconf = 
-	ap_get_module_config(server_conf->module_config, &core_module);    
-    char *dir = sconf->gprof_dir;
-
-    if(dir) {
-	char buf[512];
-	int len = strlen(sconf->gprof_dir) - 1;
-	if(*(dir + len) == '%') {
-	    dir[len] = '\0';
-	    ap_snprintf(buf, sizeof(buf), "%sgprof.%d", dir, (int)getpid());
-	} 
-	dir = ap_server_root_relative(pconf, buf[0] ? buf : dir);
-	if(mkdir(dir, 0755) < 0 && errno != EEXIST) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
-			 "gprof: error creating directory %s", dir);
-	}
-    }
-    else {
-	dir = ap_server_root_relative(pconf, "logs");
-    }
-
-    chdir(dir);
-}
-#else
-#define chdir_for_gprof()
-#endif
-
-/* a clean exit from a child with proper cleanup */
-static void clean_child_exit(int code) __attribute__ ((noreturn));
-static void clean_child_exit(int code)
-{
-    if (pchild) {
-        /* make sure the accept mutex is released before calling child
-         * exit hooks and cleanups...  otherwise, modules can segfault
-         * in such code and, depending on the mutex mechanism, leave
-         * the server deadlocked...  even if the module doesn't segfault,
-         * if it performs extensive processing it can temporarily prevent
-         * the server from accepting new connections
-         */
-        ap_clear_pool(pmutex);
-	ap_child_exit_modules(pchild, server_conf);
-	ap_destroy_pool(pchild);
-    }
-    chdir_for_gprof();
-    exit(code);
-}
-
-/*
- * Start of accept() mutex fluff:
- *  Concept: Each method has it's own distinct set of mutex functions,
- *   which it shoves in a nice struct for us. We then pick
- *   which struct to use. We tell Apache which methods we
- *   support via HAVE_FOO_SERIALIZED_ACCEPT. We can
- *   specify the default via USE_FOO_SERIALIZED_ACCEPT
- *   (this pre-1.3.21 builds which use that at the command-
- *   line during builds work as expected). Without a set
- *   method, we pick the 1st from the following order:
- *   uslock, pthread, sysvsem, fcntl, flock, os2sem, tpfcore and none.
- */
-
-static void expand_lock_fname(pool *p)
-{
-    /* XXXX possibly bogus cast */
-    ap_lock_fname = ap_psprintf(p, "%s.%lu",
-	ap_server_root_relative(p, ap_lock_fname), (unsigned long)getpid());
-}
-
-#include <sys/types.h>
-#include <sys/ipc.h>
-#include <sys/sem.h>
-
-static int sem_id = -1;
-static struct sembuf op_on;
-static struct sembuf op_off;
-
-/* We get a random semaphore ... the lame sysv semaphore interface
- * means we have to be sure to clean this up or else we'll leak
- * semaphores.
- */
-static void accept_mutex_cleanup_sysvsem(void *foo)
-{
-    union semun ick;
-
-    if (sem_id < 0)
-	return;
-    /* this is ignored anyhow */
-    ick.val = 0;
-    semctl(sem_id, 0, IPC_RMID, ick);
-}
-
-#define accept_mutex_child_init_sysvsem(x)
-
-static void accept_mutex_init_sysvsem(pool *p)
-{
-    union semun ick;
-    struct semid_ds buf;
-
-    /* acquire the semaphore */
-    sem_id = semget(IPC_PRIVATE, 1, IPC_CREAT | 0600);
-    if (sem_id < 0) {
-	perror("semget");
-	exit(APEXIT_INIT);
-    }
-    ick.val = 1;
-    if (semctl(sem_id, 0, SETVAL, ick) < 0) {
-	perror("semctl(SETVAL)");
-	exit(APEXIT_INIT);
-    }
-    if (!getuid()) {
-	/* restrict it to use only by the appropriate user_id ... not that this
-	 * stops CGIs from acquiring it and dinking around with it.
-	 */
-	buf.sem_perm.uid = ap_user_id;
-	buf.sem_perm.gid = ap_group_id;
-	buf.sem_perm.mode = 0600;
-	ick.buf = &buf;
-	if (semctl(sem_id, 0, IPC_SET, ick) < 0) {
-	    perror("semctl(IPC_SET)");
-	    exit(APEXIT_INIT);
-	}
-    }
-    ap_register_cleanup(p, NULL, accept_mutex_cleanup_sysvsem, ap_null_cleanup);
-
-    /* pre-initialize these */
-    op_on.sem_num = 0;
-    op_on.sem_op = -1;
-    op_on.sem_flg = SEM_UNDO;
-    op_off.sem_num = 0;
-    op_off.sem_op = 1;
-    op_off.sem_flg = SEM_UNDO;
-}
-
-static void accept_mutex_on_sysvsem(void)
-{
-    while (semop(sem_id, &op_on, 1) < 0) {
-	if (errno != EINTR) {
-	    perror("accept_mutex_on");
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-}
-
-static void accept_mutex_off_sysvsem(void)
-{
-    while (semop(sem_id, &op_off, 1) < 0) {
-	if (errno != EINTR) {
-	    perror("accept_mutex_off");
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-}
-
-accept_mutex_methods_s accept_mutex_sysvsem_s = {
-    NULL,
-    accept_mutex_init_sysvsem,
-    accept_mutex_on_sysvsem,
-    accept_mutex_off_sysvsem,
-    "sysvsem"
-};
-
-static int flock_fd = -1;
-
-static void accept_mutex_cleanup_flock(void *foo)
-{
-    unlink(ap_lock_fname);
-}
-
-/*
- * Initialize mutex lock.
- * Done by each child at it's birth
- */
-static void accept_mutex_child_init_flock(pool *p)
-{
-
-    flock_fd = ap_popenf_ex(p, ap_lock_fname, O_WRONLY, 0600, 1);
-    if (flock_fd == -1) {
-	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-		    "Child cannot open lock file: %s", ap_lock_fname);
-	clean_child_exit(APEXIT_CHILDINIT);
-    }
-}
-
-/*
- * Initialize mutex lock.
- * Must be safe to call this on a restart.
- */
-static void accept_mutex_init_flock(pool *p)
-{
-    expand_lock_fname(p);
-    ap_server_strip_chroot(ap_lock_fname, 0);
-    unlink(ap_lock_fname);
-    flock_fd = ap_popenf_ex(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0600, 1);
-    if (flock_fd == -1) {
-	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-		    "Parent cannot open lock file: %s", ap_lock_fname);
-	exit(APEXIT_INIT);
-    }
-    ap_register_cleanup(p, NULL, accept_mutex_cleanup_flock, ap_null_cleanup);
-}
-
-static void accept_mutex_on_flock(void)
-{
-    int ret;
-
-    while ((ret = flock(flock_fd, LOCK_EX)) < 0 && errno == EINTR)
-	continue;
-
-    if (ret < 0) {
-	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-		    "flock: LOCK_EX: Error getting accept lock. Exiting!");
-	clean_child_exit(APEXIT_CHILDFATAL);
-    }
-}
-
-static void accept_mutex_off_flock(void)
-{
-    if (flock(flock_fd, LOCK_UN) < 0) {
-	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-		    "flock: LOCK_UN: Error freeing accept lock. Exiting!");
-	clean_child_exit(APEXIT_CHILDFATAL);
-    }
-}
-
-accept_mutex_methods_s accept_mutex_flock_s = {
-    accept_mutex_child_init_flock,
-    accept_mutex_init_flock,
-    accept_mutex_on_flock,
-    accept_mutex_off_flock,
-    "flock"
-};
-
-#define AP_FPTR1(x,y)	{ if (x) ((* x)(y)); }
-#define AP_FPTR0(x)	{ if (x) ((* x)()); }
-
-#define accept_mutex_child_init(x) 	AP_FPTR1(amutex->child_init,x)
-#define accept_mutex_init(x) 		AP_FPTR1(amutex->init,x)
-#define accept_mutex_off() 		AP_FPTR0(amutex->off)
-#define accept_mutex_on() 		AP_FPTR0(amutex->on)
-
-char *ap_default_mutex_method(void)
-{
-    char *t;
-    t = "sysvsem";
-    if ((!(strcasecmp(t,"default"))) || (!(strcasecmp(t,"sysvsem"))))
-    	return "sysvsem";
-    if ((!(strcasecmp(t,"default"))) || (!(strcasecmp(t,"flock"))))
-    	return "flock";
-    fprintf(stderr, "No default accept serialization known!!\n");
-    exit(APEXIT_INIT);
-    /*NOTREACHED */
-    return "unknown";
-}
-
-char *ap_init_mutex_method(char *t)
-{
-    if (!(strcasecmp(t,"default")))
-	t = ap_default_mutex_method();
-
-    if (!(strcasecmp(t,"sysvsem"))) {
-    	amutex = &accept_mutex_sysvsem_s;
-    } else 
-    if (!(strcasecmp(t,"flock"))) {
-    	amutex = &accept_mutex_flock_s;
-    } else 
-    {
-/* Ignore this directive on Windows */
-    if (server_conf) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-                    "Requested serialization method '%s' not available",t);
-        exit(APEXIT_INIT);
-    } else {
-        fprintf(stderr, "Requested serialization method '%s' not available\n", t);
-        exit(APEXIT_INIT);
-    }
-    }
-    return NULL;
-}
-
-/* On some architectures it's safe to do unserialized accept()s in the single
- * Listen case.  But it's never safe to do it in the case where there's
- * multiple Listen statements.  Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
- * when it's safe in the single Listen case.
- */
-#define SAFE_ACCEPT(stmt) do {if(ap_listeners->next != ap_listeners) {stmt;}} while(0)
-
-static void usage(char *bin)
-{
-    char pad[MAX_STRING_LEN];
-    unsigned i;
-
-    for (i = 0; i < strlen(bin); i++)
-	pad[i] = ' ';
-    pad[i] = '\0';
-    fprintf(stderr, "Usage: %s [-46FhLlSTtUuVvX] [-C directive] [-c directive] [-D parameter]\n", bin);
-    fprintf(stderr, "       %s [-d serverroot] [-f config]\n", pad);
-    fprintf(stderr, "Options:\n");
-    fprintf(stderr, "  -C directive     : process directive before reading config files\n");
-    fprintf(stderr, "  -c directive     : process directive after  reading config files\n");
-    fprintf(stderr, "  -D parameter     : define a parameter for use in <IfDefine name> directives\n");
-    fprintf(stderr, "  -d serverroot    : specify an alternate initial ServerRoot\n");
-    fprintf(stderr, "  -4               : assume IPv4 for ambiguous directives (default)\n");
-    fprintf(stderr, "  -6               : assume IPv6 for ambiguous directives\n");
-    fprintf(stderr, "  -F               : run main process in foreground, for process supervisors\n");
-    fprintf(stderr, "  -f config        : specify an alternate ServerConfigFile\n");
-    fprintf(stderr, "  -h               : list available command line options (this page)\n");
-    fprintf(stderr, "  -L               : list available configuration directives\n");
-    fprintf(stderr, "  -l               : list compiled-in modules\n");
-    fprintf(stderr, "  -S               : show parsed settings (currently only vhost settings)\n");
-    fprintf(stderr, "  -T               : run syntax check for config files (without docroot check)\n");
-    fprintf(stderr, "  -t               : run syntax check for config files (with docroot check)\n");
-    fprintf(stderr, "  -U               : unspecified address family for ambiguous directives\n"); 
-    fprintf(stderr, "  -u               : unsecure mode: do not chroot into ServerRoot\n");
-    fprintf(stderr, "  -V               : show compile settings\n");
-    fprintf(stderr, "  -v               : show version number\n");
-    fprintf(stderr, "  -X               : run in single-process mode\n");
-
-    exit(1);
-}
-
-
-/*****************************************************************
- *
- * Timeout handling.  DISTINCTLY not thread-safe, but all this stuff
- * has to change for threads anyway.  Note that this code allows only
- * one timeout in progress at a time...
- */
-
-static APACHE_TLS conn_rec *volatile current_conn;
-static APACHE_TLS request_rec *volatile timeout_req;
-static APACHE_TLS const char *volatile timeout_name = NULL;
-static APACHE_TLS int volatile alarms_blocked = 0;
-static APACHE_TLS int volatile alarm_pending = 0;
-
-
-static void timeout(int sig)
-{
-    void *dirconf;
-    if (alarms_blocked) {
-	alarm_pending = 1;
-	return;
-    }
-    if (exit_after_unblock) {
-	clean_child_exit(0);
-    }
-
-    if (!current_conn) {
-	ap_longjmp(jmpbuffer, 1);
-    }
-
-    if (timeout_req != NULL)
-	dirconf = timeout_req->per_dir_config;
-    else
-	dirconf = current_conn->server->lookup_defaults;
-    if (!current_conn->keptalive) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
-		     current_conn->server, "[client %s] %s timed out",
-		     current_conn->remote_ip,
-		     timeout_name ? timeout_name : "request");
-    }
-
-    if (timeout_req) {
-	/* Someone has asked for this transaction to just be aborted
-	 * if it times out...
-	 */
-	request_rec *log_req = timeout_req;
-	request_rec *save_req = timeout_req;
-
-	/* avoid looping... if ap_log_transaction started another
-	 * timer (say via rfc1413.c) we could loop...
-	 */
-	timeout_req = NULL;
-
-	while (log_req->main || log_req->prev) {
-	    /* Get back to original request... */
-	    if (log_req->main)
-		log_req = log_req->main;
-	    else
-		log_req = log_req->prev;
-	}
-
-	if (!current_conn->keptalive) {
-	    /* in some cases we come here before setting the time */
-	    if (log_req->request_time == 0) {
-                log_req->request_time = time(NULL);
-	    }
-	    ap_log_transaction(log_req);
-	}
-
-	ap_call_close_connection_hook(save_req->connection);
-
-	ap_bsetflag(save_req->connection->client, B_EOUT, 1);
-	ap_bclose(save_req->connection->client);
-	
-	if (!ap_standalone)
-	    exit(0);
-        ap_longjmp(jmpbuffer, 1);
-    }
-    else {			/* abort the connection */
-	ap_call_close_connection_hook(current_conn);
-	ap_bsetflag(current_conn->client, B_EOUT, 1);
-	ap_bclose(current_conn->client);
-	current_conn->aborted = 1;
-    }
-}
-
-
-/*
- * These two called from alloc.c to protect its critical sections...
- * Note that they can nest (as when destroying the sub_pools of a pool
- * which is itself being cleared); we have to support that here.
- */
-
-API_EXPORT(void) ap_block_alarms(void)
-{
-    ++alarms_blocked;
-}
-
-API_EXPORT(void) ap_unblock_alarms(void)
-{
-    --alarms_blocked;
-    if (alarms_blocked == 0) {
-	if (exit_after_unblock) {
-	    /* We have a couple race conditions to deal with here, we can't
-	     * allow a timeout that comes in this small interval to allow
-	     * the child to jump back to the main loop.  Instead we block
-	     * alarms again, and then note that exit_after_unblock is
-	     * being dealt with.  We choose this way to solve this so that
-	     * the common path through unblock_alarms() is really short.
-	     */
-	    ++alarms_blocked;
-	    exit_after_unblock = 0;
-	    clean_child_exit(0);
-	}
-	if (alarm_pending) {
-	    alarm_pending = 0;
-	    timeout(0);
-	}
-    }
-}
-
-static APACHE_TLS void (*volatile alarm_fn) (int) = NULL;
-
-static void alrm_handler(int sig)
-{
-    if (alarm_fn) {
-	(*alarm_fn) (sig);
-    }
-}
-
-API_EXPORT(unsigned int) ap_set_callback_and_alarm(void (*fn) (int), int x)
-{
-    unsigned int old;
-
-    if (alarm_fn && x && fn != alarm_fn) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, NULL,
-	    "ap_set_callback_and_alarm: possible nested timer!");
-    }
-    alarm_fn = fn;
-    if (child_timeouts) {
-	old = alarm(x);
-    }
-    else {
-	/* Just note the timeout in our scoreboard, no need to call the system.
-	 * We also note that the virtual time has gone forward.
-	 */
-	ap_check_signals();
-	old = ap_scoreboard_image->servers[my_child_num].timeout_len;
-	ap_scoreboard_image->servers[my_child_num].timeout_len = x;
-	++ap_scoreboard_image->servers[my_child_num].cur_vtime;
-    }
-    return (old);
-}
-
-
-/* reset_timeout (request_rec *) resets the timeout in effect,
- * as long as it hasn't expired already.
- */
-
-API_EXPORT(void) ap_reset_timeout(request_rec *r)
-{
-    int i;
-    if (timeout_name) {		/* timeout has been set */
-	i = ap_set_callback_and_alarm(alarm_fn, r->server->timeout);
-	if (i == 0)		/* timeout already expired, so set it back to 0 */
-	    ap_set_callback_and_alarm(alarm_fn, 0);
-    }
-}
-
-
-
-
-API_EXPORT(void) ap_keepalive_timeout(char *name, request_rec *r)
-{
-    unsigned int to;
-    timeout_req = r;
-    timeout_name = name;
-    if (r->connection->keptalive)
-	to = r->server->keep_alive_timeout;
-    else
-	to = r->server->timeout;
-    ap_set_callback_and_alarm(timeout, to);
-}
-
-API_EXPORT(void) ap_hard_timeout(char *name, request_rec *r)
-{
-    timeout_req = r;
-    timeout_name = name;
-    ap_set_callback_and_alarm(timeout, r->server->timeout);
-}
-
-API_EXPORT(void) ap_soft_timeout(char *name, request_rec *r)
-{
-    timeout_name = name;
-    ap_set_callback_and_alarm(timeout, r->server->timeout);
-}
-
-API_EXPORT(void) ap_kill_timeout(request_rec *dummy)
-{
-    ap_check_signals();
-    ap_set_callback_and_alarm(NULL, 0);
-    timeout_req = NULL;
-    timeout_name = NULL;
-}
-
-
-/*
- * More machine-dependent networking gooo... on some systems,
- * you've got to be *really* sure that all the packets are acknowledged
- * before closing the connection, since the client will not be able
- * to see the last response if their TCP buffer is flushed by a RST
- * packet from us, which is what the server's TCP stack will send
- * if it receives any request data after closing the connection.
- *
- * In an ideal world, this function would be accomplished by simply
- * setting the socket option SO_LINGER and handling it within the
- * server's TCP stack while the process continues on to the next request.
- * Unfortunately, it seems that most (if not all) operating systems
- * block the server process on close() when SO_LINGER is used.
- * For those that don't, see USE_SO_LINGER below.  For the rest,
- * we have created a home-brew lingering_close.
- *
- * Many operating systems tend to block, puke, or otherwise mishandle
- * calls to shutdown only half of the connection.
- */
-#ifndef MAX_SECS_TO_LINGER
-#define MAX_SECS_TO_LINGER 30
-#endif
-
-#define sock_enable_linger(s)	/* NOOP */
-
-/* Special version of timeout for lingering_close */
-
-static void lingerout(int sig)
-{
-    if (alarms_blocked) {
-	alarm_pending = 1;
-	return;
-    }
-
-    if (!current_conn) {
-	ap_longjmp(jmpbuffer, 1);
-    }
-    ap_bsetflag(current_conn->client, B_EOUT, 1);
-    current_conn->aborted = 1;
-}
-
-static void linger_timeout(void)
-{
-    timeout_name = "lingering close";
-    ap_set_callback_and_alarm(lingerout, MAX_SECS_TO_LINGER);
-}
-
-/* Since many clients will abort a connection instead of closing it,
- * attempting to log an error message from this routine will only
- * confuse the webmaster.  There doesn't seem to be any portable way to
- * distinguish between a dropped connection and something that might be
- * worth logging.
- */
-static void lingering_close(request_rec *r)
-{
-    char dummybuf[512];
-    struct timeval tv;
-    fd_set lfds;
-    int select_rv;
-    int lsd;
-
-    /* Prevent a slow-drip client from holding us here indefinitely */
-
-    linger_timeout();
-
-    /* Send any leftover data to the client, but never try to again */
-
-    if (ap_bflush(r->connection->client) == -1) {
-	ap_call_close_connection_hook(r->connection);
-	ap_kill_timeout(r);
-	ap_bclose(r->connection->client);
-	return;
-    }
-    ap_call_close_connection_hook(r->connection);
-    ap_bsetflag(r->connection->client, B_EOUT, 1);
-
-    /* Close our half of the connection --- send the client a FIN */
-
-    lsd = r->connection->client->fd;
-
-    if ((shutdown(lsd, 1) != 0) || r->connection->aborted) {
-	ap_kill_timeout(r);
-	ap_bclose(r->connection->client);
-	return;
-    }
-
-    /* Set up to wait for readable data on socket... */
-
-    FD_ZERO(&lfds);
-
-    /* Wait for readable data or error condition on socket;
-     * slurp up any data that arrives...  We exit when we go for an
-     * interval of tv length without getting any more data, get an error
-     * from select(), get an error or EOF on a read, or the timer expires.
-     */
-
-    do {
-	/* We use a 2 second timeout because current (Feb 97) browsers
-	 * fail to close a connection after the server closes it.  Thus,
-	 * to avoid keeping the child busy, we are only lingering long enough
-	 * for a client that is actively sending data on a connection.
-	 * This should be sufficient unless the connection is massively
-	 * losing packets, in which case we might have missed the RST anyway.
-	 * These parameters are reset on each pass, since they might be
-	 * changed by select.
-	 */
-
-	FD_SET(lsd, &lfds);
-	tv.tv_sec = 2;
-	tv.tv_usec = 0;
-
-	select_rv = ap_select(lsd + 1, &lfds, NULL, NULL, &tv);
-
-    } while ((select_rv > 0) &&
-             (read(lsd, dummybuf, sizeof(dummybuf)) > 0));
-
-    /* Should now have seen final ack.  Safe to finally kill socket */
-
-    ap_bclose(r->connection->client);
-
-    ap_kill_timeout(r);
-}
-
-/*****************************************************************
- * dealing with other children
- */
-
-API_EXPORT(void) ap_register_other_child(int pid,
-		       void (*maintenance) (int reason, void *, ap_wait_t status),
-			  void *data, int write_fd)
-{
-    other_child_rec *ocr;
-
-    ocr = ap_palloc(pconf, sizeof(*ocr));
-    ocr->pid = pid;
-    ocr->maintenance = maintenance;
-    ocr->data = data;
-    ocr->write_fd = write_fd;
-    ocr->next = other_children;
-    other_children = ocr;
-}
-
-/* note that since this can be called by a maintenance function while we're
- * scanning the other_children list, all scanners should protect themself
- * by loading ocr->next before calling any maintenance function.
- */
-API_EXPORT(void) ap_unregister_other_child(void *data)
-{
-    other_child_rec **pocr, *nocr;
-
-    for (pocr = &other_children; *pocr; pocr = &(*pocr)->next) {
-	if ((*pocr)->data == data) {
-	    nocr = (*pocr)->next;
-	    (*(*pocr)->maintenance) (OC_REASON_UNREGISTER, (*pocr)->data, (ap_wait_t)-1);
-	    *pocr = nocr;
-	    /* XXX: um, well we've just wasted some space in pconf ? */
-	    return;
-	}
-    }
-}
-
-/* test to ensure that the write_fds are all still writable, otherwise
- * invoke the maintenance functions as appropriate */
-static void probe_writable_fds(void)
-{
-    fd_set writable_fds;
-    int fd_max;
-    other_child_rec *ocr, *nocr;
-    struct timeval tv;
-    int rc;
-
-    if (other_children == NULL)
-	return;
-
-    fd_max = 0;
-    FD_ZERO(&writable_fds);
-    do {
-	for (ocr = other_children; ocr; ocr = ocr->next) {
-	    if (ocr->write_fd == -1)
-		continue;
-	    FD_SET(ocr->write_fd, &writable_fds);
-	    if (ocr->write_fd > fd_max) {
-		fd_max = ocr->write_fd;
-	    }
-	}
-	if (fd_max == 0)
-	    return;
-
-	tv.tv_sec = 0;
-	tv.tv_usec = 0;
-	rc = ap_select(fd_max + 1, NULL, &writable_fds, NULL, &tv);
-    } while (rc == -1 && errno == EINTR);
-
-    if (rc == -1) {
-	/* XXX: uhh this could be really bad, we could have a bad file
-	 * descriptor due to a bug in one of the maintenance routines */
-	ap_log_unixerr("probe_writable_fds", "select",
-		    "could not probe writable fds", server_conf);
-	return;
-    }
-    if (rc == 0)
-	return;
-
-    for (ocr = other_children; ocr; ocr = nocr) {
-	nocr = ocr->next;
-	if (ocr->write_fd == -1)
-	    continue;
-	if (FD_ISSET(ocr->write_fd, &writable_fds))
-	    continue;
-	(*ocr->maintenance) (OC_REASON_UNWRITABLE, ocr->data, (ap_wait_t)-1);
-    }
-}
-
-/* possibly reap an other_child, return 0 if yes, -1 if not */
-static int reap_other_child(int pid, ap_wait_t status)
-{
-    other_child_rec *ocr, *nocr;
-
-    for (ocr = other_children; ocr; ocr = nocr) {
-	nocr = ocr->next;
-	if (ocr->pid != pid)
-	    continue;
-	ocr->pid = -1;
-	(*ocr->maintenance) (OC_REASON_DEATH, ocr->data, status);
-	return 0;
-    }
-    return -1;
-}
-
-/*****************************************************************
- *
- * Dealing with the scoreboard... a lot of these variables are global
- * only to avoid getting clobbered by the longjmp() that happens when
- * a hard timeout expires...
- *
- * We begin with routines which deal with the file itself... 
- */
-
-static void setup_shared_mem(pool *p)
-{
-    caddr_t m;
-
-/* BSD style */
-    m = mmap((caddr_t) 0, SCOREBOARD_SIZE,
-	     PROT_READ | PROT_WRITE, MAP_ANON | MAP_SHARED, -1, 0);
-    if (m == (caddr_t) - 1) {
-	perror("mmap");
-	fprintf(stderr, "%s: Could not mmap memory\n", ap_server_argv0);
-	exit(APEXIT_INIT);
-    }
-    ap_scoreboard_image = (scoreboard *) m;
-    ap_scoreboard_image->global.running_generation = 0;
-}
-
-/* Called by parent process */
-static void reinit_scoreboard(pool *p)
-{
-    int running_gen = 0;
-    if (ap_scoreboard_image)
-	running_gen = ap_scoreboard_image->global.running_generation;
-
-    if (ap_scoreboard_image == NULL) {
-	setup_shared_mem(p);
-    }
-    memset(ap_scoreboard_image, 0, SCOREBOARD_SIZE);
-    ap_scoreboard_image->global.running_generation = running_gen;
-}
-
-/* Routines called to deal with the scoreboard image
- * --- note that we do *not* need write locks, since update_child_status
- * only updates a *single* record in place, and only one process writes to
- * a given scoreboard slot at a time (either the child process owning that
- * slot, or the parent, noting that the child has died).
- *
- * As a final note --- setting the score entry to getpid() is always safe,
- * since when the parent is writing an entry, it's only noting SERVER_DEAD
- * anyway.
- */
-
-API_EXPORT(int) ap_exists_scoreboard_image(void)
-{
-    return (ap_scoreboard_image ? 1 : 0);
-}
-
-/* a clean exit from the parent with proper cleanup */
-static void clean_parent_exit(int code) __attribute__((noreturn));
-static void clean_parent_exit(int code)
-{
-    /* Clear the pool - including any registered cleanups */
-    ap_destroy_pool(pglobal);
-    ap_kill_alloc_shared();
-    fdcache_closeall();
-    exit(code);
-}
-
-API_EXPORT(int) ap_update_child_status(int child_num, int status, request_rec *r)
-{
-    int old_status;
-    short_score *ss;
-
-    if (child_num < 0)
-	return -1;
-
-    ap_check_signals();
-
-    ss = &ap_scoreboard_image->servers[child_num];
-    old_status = ss->status;
-    ss->status = status;
-
-    ++ss->cur_vtime;
-
-    if (ap_extended_status) {
-	if (status == SERVER_READY || status == SERVER_DEAD) {
-	    /*
-	     * Reset individual counters
-	     */
-	    if (status == SERVER_DEAD) {
-		ss->my_access_count = 0L;
-		ss->my_bytes_served = 0ULL;
-	    }
-	    ss->conn_count = (unsigned short) 0;
-	    ss->conn_bytes = 0ULL;
-	}
-        else if (status == SERVER_STARTING) {
-            /* clean out the start_time so that mod_status will print Req=0 */
-            /* Use memset to be independent from the type (struct timeval vs. clock_t) */
-            memset (&ss->start_time, '\0', sizeof ss->start_time);
-        }
-	if (r) {
-	    conn_rec *c = r->connection;
-	    ap_cpystrn(ss->client, ap_get_remote_host(c, r->per_dir_config,
-				  REMOTE_NOLOOKUP), sizeof(ss->client));
-	    if (r->the_request == NULL) {
-		    ap_cpystrn(ss->request, "NULL", sizeof(ss->request));
-	    } else if (r->parsed_uri.password == NULL) {
-		    ap_cpystrn(ss->request, r->the_request, sizeof(ss->request));
-	    } else {
-		/* Don't reveal the password in the server-status view */
-		    ap_cpystrn(ss->request, ap_pstrcat(r->pool, r->method, " ",
-					       ap_unparse_uri_components(r->pool, &r->parsed_uri, UNP_OMITPASSWORD),
-					       r->assbackwards ? NULL : " ", r->protocol, NULL),
-				       sizeof(ss->request));
-	    }
-	    ss->vhostrec =  r->server;
-	}
-    }
-    if (status == SERVER_STARTING && r == NULL) {
-	/* clean up the slot's vhostrec pointer (maybe re-used)
-	 * and mark the slot as belonging to a new generation.
-	 */
-	ss->vhostrec = NULL;
-	ap_scoreboard_image->parent[child_num].generation = ap_my_generation;
-    }
-
-    return old_status;
-}
-
-void ap_time_process_request(int child_num, int status)
-{
-    short_score *ss;
-
-    if (child_num < 0)
-	return;
-
-    ss = &ap_scoreboard_image->servers[child_num];
-
-    if (status == START_PREQUEST) {
-	if (gettimeofday(&ss->start_time, (struct timezone *) 0) < 0)
-	    ss->start_time.tv_sec =
-		ss->start_time.tv_usec = 0L;
-    }
-    else if (status == STOP_PREQUEST) {
-	if (gettimeofday(&ss->stop_time, (struct timezone *) 0) < 0)
-	    ss->stop_time.tv_sec =
-		ss->stop_time.tv_usec =
-		ss->start_time.tv_sec =
-		ss->start_time.tv_usec = 0L;
-
-    }
-}
-
-static void increment_counts(int child_num, request_rec *r)
-{
-    off_t bs = 0;
-    short_score *ss;
-
-    ss = &ap_scoreboard_image->servers[child_num];
-
-    if (r->sent_bodyct)
-	ap_bgetopt(r->connection->client, BO_BYTECT, &bs);
-
-    times(&ss->times);
-    ss->access_count++;
-    ss->my_access_count++;
-    ss->conn_count++;
-    ss->bytes_served += bs;
-    ss->my_bytes_served += bs;
-    ss->conn_bytes += bs;
-}
-
-static int find_child_by_pid(int pid)
-{
-    int i;
-
-    for (i = 0; i < max_daemons_limit; ++i)
-	if (ap_scoreboard_image->parent[i].pid == pid)
-	    return i;
-
-    return -1;
-}
-
-static int safe_child_kill(pid_t pid, int sig)
-{
-    if (getpgid(pid) == getpgrp()) {
-        return kill(pid, sig);
-    }
-    else {
-        errno = EINVAL;
-        return -1;
-    }
-}
-
-static void reclaim_child_processes(int terminate)
-{
-    int i, status;
-    long int waittime = 1024 * 16;	/* in usecs */
-    struct timeval tv;
-    int waitret, tries;
-    int not_dead_yet;
-    int ret;
-    other_child_rec *ocr, *nocr;
-
-    for (tries = terminate ? 4 : 1; tries <= 12; ++tries) {
-	/* don't want to hold up progress any more than 
-	 * necessary, but we need to allow children a few moments to exit.
-	 * Set delay with an exponential backoff. NOTE: if we get
- 	 * interrupted, we'll wait longer than expected...
-	 */
-	tv.tv_sec = waittime / 1000000;
-	tv.tv_usec = waittime % 1000000;
-	waittime = waittime * 4;
-	do {
-	    ret = ap_select(0, NULL, NULL, NULL, &tv);
-	} while (ret == -1 && errno == EINTR);
-
-	/* now see who is done */
-	not_dead_yet = 0;
-	for (i = 0; i < max_daemons_limit; ++i) {
-	    int pid = ap_scoreboard_image->parent[i].pid;
-
-	    if (pid == my_pid || pid == 0)
-		continue;
-
-	    waitret = waitpid(pid, &status, WNOHANG);
-	    if (waitret == pid || waitret == -1) {
-		ap_scoreboard_image->parent[i].pid = 0;
-		continue;
-	    }
-	    ++not_dead_yet;
-	    switch (tries) {
-	    case 1:     /*  16ms */
-	    case 2:     /*  82ms */
-		break;
-	    case 3:     /* 344ms */
-		/* perhaps it missed the SIGHUP, lets try again */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
-			    server_conf,
-		    "child process %d did not exit, sending another SIGHUP",
-			    pid);
-		safe_child_kill(pid, SIGHUP);
-		waittime = 1024 * 16;
-		break;
-	    case 4:     /*  16ms */
-	    case 5:     /*  82ms */
-	    case 6:     /* 344ms */
-		break;
-	    case 7:     /* 1.4sec */
-		/* ok, now it's being annoying */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
-			    server_conf,
-		   "child process %d still did not exit, sending a SIGTERM",
-			    pid);
-		safe_child_kill(pid, SIGTERM);
-		break;
-	    case 8:     /*  6 sec */
-		/* die child scum */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
-		   "child process %d still did not exit, sending a SIGKILL",
-			    pid);
-		safe_child_kill(pid, SIGKILL);
-		waittime = 1024 * 16; /* give them some time to die */
-		break;
-	    case 9:     /*   6 sec */
-	    case 10:    /* 6.1 sec */
-	    case 11:    /* 6.4 sec */
-		break;
-	    case 12:    /* 7.4 sec */
-		/* gave it our best shot, but alas...  If this really 
-		 * is a child we are trying to kill and it really hasn't
-		 * exited, we will likely fail to bind to the port
-		 * after the restart.
-		 */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
-			    "could not make child process %d exit, "
-			    "attempting to continue anyway", pid);
-		break;
-	    }
-	}
-	for (ocr = other_children; ocr; ocr = nocr) {
-	    nocr = ocr->next;
-	    if (ocr->pid == -1)
-		continue;
-
-	    waitret = waitpid(ocr->pid, &status, WNOHANG);
-	    if (waitret == ocr->pid) {
-		ocr->pid = -1;
-		(*ocr->maintenance) (OC_REASON_RESTART, ocr->data, (ap_wait_t)status);
-	    }
-	    else if (waitret == 0) {
-		(*ocr->maintenance) (OC_REASON_RESTART, ocr->data, (ap_wait_t)-1);
-		++not_dead_yet;
-	    }
-	    else if (waitret == -1) {
-		/* uh what the heck? they didn't call unregister? */
-		ocr->pid = -1;
-		(*ocr->maintenance) (OC_REASON_LOST, ocr->data, (ap_wait_t)-1);
-	    }
-	}
-	if (!not_dead_yet) {
-	    /* nothing left to wait for */
-	    break;
-	}
-    }
-}
-
-
-/* Finally, this routine is used by the caretaker process to wait for
- * a while...
- */
-
-/* number of calls to wait_or_timeout between writable probes */
-#ifndef INTERVAL_OF_WRITABLE_PROBES
-#define INTERVAL_OF_WRITABLE_PROBES 10
-#endif
-static int wait_or_timeout_counter;
-
-static int wait_or_timeout(ap_wait_t *status)
-{
-    struct timeval tv;
-    int ret;
-
-    ++wait_or_timeout_counter;
-    if (wait_or_timeout_counter == INTERVAL_OF_WRITABLE_PROBES) {
-	wait_or_timeout_counter = 0;
-	probe_writable_fds();
-    }
-    ret = waitpid(-1, status, WNOHANG);
-    if (ret == -1 && errno == EINTR) {
-	return -1;
-    }
-    if (ret > 0) {
-	return ret;
-    }
-    tv.tv_sec = SCOREBOARD_MAINTENANCE_INTERVAL / 1000000;
-    tv.tv_usec = SCOREBOARD_MAINTENANCE_INTERVAL % 1000000;
-    ap_select(0, NULL, NULL, NULL, &tv);
-    return -1;
-}
-
-#if defined(NSIG)
-#define NumSIG NSIG
-#elif defined(_NSIG)
-#define NumSIG _NSIG
-#elif defined(__NSIG)
-#define NumSIG __NSIG
-#else
-#define NumSIG 32   /* for 1998's unixes, this is still a good assumption */
-#endif
-
-#define SYS_SIGLIST ap_sys_siglist
-#define INIT_SIGLIST() siglist_init();
-
-const char *ap_sys_siglist[NumSIG];
-
-static void siglist_init(void)
-{
-    int sig;
-
-    ap_sys_siglist[0] = "Signal 0";
-    ap_sys_siglist[SIGHUP] = "Hangup";
-    ap_sys_siglist[SIGINT] = "Interrupt";
-    ap_sys_siglist[SIGQUIT] = "Quit";
-    ap_sys_siglist[SIGILL] = "Illegal instruction";
-    ap_sys_siglist[SIGTRAP] = "Trace/BPT trap";
-    ap_sys_siglist[SIGIOT] = "IOT instruction";
-    ap_sys_siglist[SIGABRT] = "Abort";
-    ap_sys_siglist[SIGEMT] = "Emulator trap";
-    ap_sys_siglist[SIGFPE] = "Arithmetic exception";
-    ap_sys_siglist[SIGKILL] = "Killed";
-    ap_sys_siglist[SIGBUS] = "Bus error";
-    ap_sys_siglist[SIGSEGV] = "Segmentation fault";
-    ap_sys_siglist[SIGSYS] = "Bad system call";
-    ap_sys_siglist[SIGPIPE] = "Broken pipe";
-    ap_sys_siglist[SIGALRM] = "Alarm clock";
-    ap_sys_siglist[SIGTERM] = "Terminated";
-    ap_sys_siglist[SIGUSR1] = "User defined signal 1";
-    ap_sys_siglist[SIGUSR2] = "User defined signal 2";
-    ap_sys_siglist[SIGCHLD] = "Child status change";
-    ap_sys_siglist[SIGWINCH] = "Window changed";
-    ap_sys_siglist[SIGURG] = "urgent socket condition";
-    ap_sys_siglist[SIGIO] = "socket I/O possible";
-    ap_sys_siglist[SIGSTOP] = "Stopped (signal)";
-    ap_sys_siglist[SIGTSTP] = "Stopped";
-    ap_sys_siglist[SIGCONT] = "Continued";
-    ap_sys_siglist[SIGTTIN] = "Stopped (tty input)";
-    ap_sys_siglist[SIGTTOU] = "Stopped (tty output)";
-    ap_sys_siglist[SIGVTALRM] = "virtual timer expired";
-    ap_sys_siglist[SIGPROF] = "profiling timer expired";
-    ap_sys_siglist[SIGXCPU] = "exceeded cpu limit";
-    ap_sys_siglist[SIGXFSZ] = "exceeded file size limit";
-    for (sig=0; sig < sizeof(ap_sys_siglist)/sizeof(ap_sys_siglist[0]); ++sig)
-        if (ap_sys_siglist[sig] == NULL)
-            ap_sys_siglist[sig] = "";
-}
-
-/* handle all varieties of core dumping signals */
-static void sig_coredump(int sig)
-{
-    chdir(ap_coredump_dir);
-    signal(sig, SIG_DFL);
-    kill(getpid(), sig);
-    /* At this point we've got sig blocked, because we're still inside
-     * the signal handler.  When we leave the signal handler it will
-     * be unblocked, and we'll take the signal... and coredump or whatever
-     * is appropriate for this particular Unix.  In addition the parent
-     * will see the real signal we received -- whereas if we called
-     * abort() here, the parent would only see SIGABRT.
-     */
-}
-
-/*****************************************************************
- * Connection structures and accounting...
- */
-
-static void just_die(int sig)
-{				/* SIGHUP to child process??? */
-    /* if alarms are blocked we have to wait to die otherwise we might
-     * end up with corruption in alloc.c's internal structures */
-    if (alarms_blocked) {
-	exit_after_unblock = 1;
-    }
-    else {
-	clean_child_exit(0);
-    }
-}
-
-static int volatile usr1_just_die = 1;
-static int volatile deferred_die;
-
-static void usr1_handler(int sig)
-{
-    if (usr1_just_die) {
-	just_die(sig);
-    }
-    deferred_die = 1;
-}
-
-/* volatile just in case */
-static int volatile shutdown_pending;
-static int volatile restart_pending;
-static int volatile is_graceful;
-API_VAR_EXPORT ap_generation_t volatile ap_my_generation=0;
-
-
-/*
- * ap_start_shutdown() and ap_start_restart(), below, are a first stab at
- * functions to initiate shutdown or restart without relying on signals. 
- * Previously this was initiated in sig_term() and restart() signal handlers, 
- * but we want to be able to start a shutdown/restart from other sources --
- * e.g. on Win32, from the service manager. Now the service manager can
- * call ap_start_shutdown() or ap_start_restart() as appropiate.  Note that
- * these functions can also be called by the child processes, since global
- * variables are no longer used to pass on the required action to the parent.
- */
-
-API_EXPORT(void) ap_start_shutdown(void)
-{
-    if (shutdown_pending == 1) {
-	/* Um, is this _probably_ not an error, if the user has
-	 * tried to do a shutdown twice quickly, so we won't
-	 * worry about reporting it.
-	 */
-	return;
-    }
-    shutdown_pending = 1;
-}
-
-/* do a graceful restart if graceful == 1 */
-API_EXPORT(void) ap_start_restart(int graceful)
-{
-    if (restart_pending == 1) {
-	/* Probably not an error - don't bother reporting it */
-	return;
-    }
-    restart_pending = 1;
-    is_graceful = graceful;
-}
-
-static void sig_term(int sig)
-{
-    ap_start_shutdown();
-}
-
-static void restart(int sig)
-{
-    ap_start_restart(sig == SIGUSR1);
-}
-
-static void set_signals(void)
-{
-    struct sigaction sa;
-
-    sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-
-    if (!one_process) {
-	sa.sa_handler = sig_coredump;
-	sa.sa_flags = SA_RESETHAND;
-	if (sigaction(SIGBUS, &sa, NULL) < 0)
-	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGBUS)");
-	if (sigaction(SIGABRT, &sa, NULL) < 0)
-	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGABRT)");
-	if (sigaction(SIGILL, &sa, NULL) < 0)
-	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGILL)");
-	sa.sa_flags = 0;
-    }
-    sa.sa_handler = sig_term;
-    if (sigaction(SIGTERM, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGTERM)");
-    if (sigaction(SIGINT, &sa, NULL) < 0)
-        ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGINT)");
-    sa.sa_handler = SIG_DFL;
-    if (sigaction(SIGXCPU, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGXCPU)");
-    sa.sa_handler = SIG_DFL;
-    if (sigaction(SIGXFSZ, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGXFSZ)");
-    sa.sa_handler = SIG_IGN;
-    if (sigaction(SIGPIPE, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGPIPE)");
-
-    /* we want to ignore HUPs and USR1 while we're busy processing one */
-    sigaddset(&sa.sa_mask, SIGHUP);
-    sigaddset(&sa.sa_mask, SIGUSR1);
-    sa.sa_handler = restart;
-    if (sigaction(SIGHUP, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGHUP)");
-    if (sigaction(SIGUSR1, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGUSR1)");
-}
-
-
-/*****************************************************************
- * Here follows a long bunch of generic server bookkeeping stuff...
- */
-
-static void detach(void)
-{
-    int x;
-
-    chdir("/");
-    if (do_detach) {
-        if ((x = fork()) > 0)
-            exit(0);
-        else if (x == -1) {
-            perror("fork");
-	    fprintf(stderr, "%s: unable to fork new process\n", ap_server_argv0);
-	    exit(1);
-        }
-        RAISE_SIGSTOP(DETACH);
-    }
-    if ((pgrp = setsid()) == -1) {
-	perror("setsid");
-	fprintf(stderr, "%s: setsid failed\n", ap_server_argv0);
-	if (!do_detach) 
-	    fprintf(stderr, "setsid() failed probably because you aren't "
-		"running under a process management tool like daemontools\n");
-	exit(1);
-    }
-
-    /* close out the standard file descriptors */
-    if (freopen("/dev/null", "r", stdin) == NULL) {
-	fprintf(stderr, "%s: unable to replace stdin with /dev/null: %s\n",
-		ap_server_argv0, strerror(errno));
-	/* continue anyhow -- note we can't close out descriptor 0 because we
-	 * have nothing to replace it with, and if we didn't have a descriptor
-	 * 0 the next file would be created with that value ... leading to
-	 * havoc.
-	 */
-    }
-    if (freopen("/dev/null", "w", stdout) == NULL) {
-	fprintf(stderr, "%s: unable to replace stdout with /dev/null: %s\n",
-		ap_server_argv0, strerror(errno));
-    }
-    /* stderr is a tricky one, we really want it to be the error_log,
-     * but we haven't opened that yet.  So leave it alone for now and it'll
-     * be reopened moments later.
-     */
-}
-
-/* Set group privileges.
- *
- * Note that we use the username as set in the config files, rather than
- * the lookup of to uid --- the same uid may have multiple passwd entries,
- * with different sets of groups for each.
- */
-
-static void set_group_privs(void)
-{
-    if (!geteuid()) {
-	char *name;
-
-	/* Get username if passed as a uid */
-
-	if (ap_user_name[0] == '#') {
-	    struct passwd *ent;
-	    uid_t uid = atoi(&ap_user_name[1]);
-
-	    if ((ent = getpwuid(uid)) == NULL) {
-		ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-			 "getpwuid: couldn't determine user name from uid %u, "
-			 "you probably need to modify the User directive",
-			 (unsigned)uid);
-		clean_child_exit(APEXIT_CHILDFATAL);
-	    }
-
-	    name = ent->pw_name;
-	}
-	else
-	    name = ap_user_name;
-
-	/*
-	 * Set the GID before initgroups(), since on some platforms
-	 * setgid() is known to zap the group list.
-	 */
-	if (setgid(ap_group_id) == -1) {
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-			"setgid: unable to set group id to Group %u",
-			(unsigned)ap_group_id);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-
-	/* Reset `groups' attributes. */
-
-	if (initgroups(name, ap_group_id) == -1) {
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-			"initgroups: unable to set groups for User %s "
-			"and Group %u", name, (unsigned)ap_group_id);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-}
-
-/* check to see if we have the 'suexec' setuid wrapper installed */
-static int init_suexec(void)
-{
-    int result = 0;
-
-    struct stat wrapper;
-
-    if ((stat(SUEXEC_BIN, &wrapper)) != 0) {
-	result = 0;
-    }
-    else if ((wrapper.st_mode & S_ISUID) && (wrapper.st_uid == 0)) {
-	result = 1;
-    }
-    return result;
-}
-
-/*****************************************************************
- * Connection structures and accounting...
- */
-
-
-static conn_rec *new_connection(pool *p, server_rec *server, BUFF *inout,
-			     const struct sockaddr *remaddr,
-			     const struct sockaddr *saddr,
-			     int child_num)
-{
-    conn_rec *conn = (conn_rec *) ap_pcalloc(p, sizeof(conn_rec));
-    char hostnamebuf[MAXHOSTNAMELEN];
-    size_t addr_len;
-
-    /* Got a connection structure, so initialize what fields we can
-     * (the rest are zeroed out by pcalloc).
-     */
-
-    conn->child_num = child_num;
-
-    conn->pool = p;
-    addr_len = saddr->sa_len;
-    memcpy(&conn->local_addr, saddr, addr_len);
-    getnameinfo((struct sockaddr *)&conn->local_addr, addr_len,
-	hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
-    conn->local_ip = ap_pstrdup(conn->pool, hostnamebuf);
-    conn->server = server; /* just a guess for now */
-    ap_update_vhost_given_ip(conn);
-    conn->base_server = conn->server;
-    conn->client = inout;
-
-    addr_len = remaddr->sa_len;
-    memcpy(&conn->remote_addr, remaddr, addr_len);
-    getnameinfo((struct sockaddr *)&conn->remote_addr, addr_len,
-      hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
-    conn->remote_ip = ap_pstrdup(conn->pool, hostnamebuf);
-    conn->ctx = ap_ctx_new(conn->pool);
-
-    /*
-     * Invoke the `new_connection' hook of modules to let them do
-     * some connection dependent actions before we go on with
-     * processing the request on this connection.
-     */
-    {
-        module *m;
-        for (m = top_module; m != NULL; m = m->next)
-            if (m->magic == MODULE_MAGIC_COOKIE_EAPI)
-                if (m->new_connection != NULL)
-                    (*m->new_connection)(conn);
-    }
-
-    return conn;
-}
-
-static void sock_disable_nagle(int s, struct sockaddr_in *sin_client)
-{
-    /* The Nagle algorithm says that we should delay sending partial
-     * packets in hopes of getting more data.  We don't want to do
-     * this; we are not telnet.  There are bad interactions between
-     * persistent connections and Nagle's algorithm that have very severe
-     * performance penalties.  (Failing to disable Nagle is not much of a
-     * problem with simple HTTP.)
-     *
-     * In spite of these problems, failure here is not a shooting offense.
-     */
-    int just_say_no = 1;
-
-    if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (char *) &just_say_no,
-		   sizeof(int)) < 0) {
-        if (sin_client) {
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
-                         "setsockopt: (TCP_NODELAY), client %pA probably "
-                         "dropped the connection", &sin_client->sin_addr);
-        }
-        else {
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
-                         "setsockopt: (TCP_NODELAY)");
-        }
-    }
-}
-
-static int make_sock(pool *p, const struct sockaddr *server)
-{
-    int s;
-    int one = 1;
-    char addr[INET6_ADDRSTRLEN + 128];
-    char a0[INET6_ADDRSTRLEN];
-    char p0[NI_MAXSERV];
-
-    switch(server->sa_family){
-    case AF_INET:
-    case AF_INET6:
-      break;
-    default:
-      ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-                   "make_sock: unsupported address family %u", 
-		   server->sa_family);
-      ap_unblock_alarms();
-      exit(1);
-    }
-    
-    getnameinfo(server, server->sa_len, a0, sizeof(a0), p0, sizeof(p0),
-   	NI_NUMERICHOST | NI_NUMERICSERV);
-    ap_snprintf(addr, sizeof(addr), "address %s port %s", a0, p0);
-#ifdef MPE
-    if (atoi(p0) < 1024)
-      privport++;
-#endif
-
-    /* note that because we're about to slack we don't use psocket */
-    ap_block_alarms();
-    if ((s = socket(server->sa_family, SOCK_STREAM, IPPROTO_TCP)) == -1) {
-	    ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-		    "make_sock: failed to get a socket for %s", addr);
-
-	    ap_unblock_alarms();
-	    exit(1);
-    }
-
-    s = ap_slack(s, AP_SLACK_HIGH);
-
-    ap_note_cleanups_for_socket_ex(p, s, 1);	/* arrange to close on exec or restart */
-
-    if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &one, sizeof(int)) < 0) {
-	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-		    "make_sock: for %s, setsockopt: (SO_REUSEADDR)", addr);
-	closesocket(s);
-	ap_unblock_alarms();
-	exit(1);
-    }
-    one = 1;
-    if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *) &one, sizeof(int)) < 0) {
-	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-		    "make_sock: for %s, setsockopt: (SO_KEEPALIVE)", addr);
-	closesocket(s);
-
-	ap_unblock_alarms();
-	exit(1);
-    }
-
-    sock_disable_nagle(s, NULL);
-    sock_enable_linger(s);
-
-    /*
-     * To send data over high bandwidth-delay connections at full
-     * speed we must force the TCP window to open wide enough to keep the
-     * pipe full.  The default window size on many systems
-     * is only 4kB.  Cross-country WAN connections of 100ms
-     * at 1Mb/s are not impossible for well connected sites.
-     * If we assume 100ms cross-country latency,
-     * a 4kB buffer limits throughput to 40kB/s.
-     *
-     * To avoid this problem I've added the SendBufferSize directive
-     * to allow the web master to configure send buffer size.
-     *
-     * The trade-off of larger buffers is that more kernel memory
-     * is consumed.  YMMV, know your customers and your network!
-     *
-     * -John Heidemann <johnh@isi.edu> 25-Oct-96
-     *
-     * If no size is specified, use the kernel default.
-     */
-    if (server_conf->send_buffer_size) {
-	if (setsockopt(s, SOL_SOCKET, SO_SNDBUF,
-		(char *) &server_conf->send_buffer_size, sizeof(int)) < 0) {
-	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf,
-			"make_sock: failed to set SendBufferSize for %s, "
-			"using default", addr);
-	    /* not a fatal error */
-	}
-    }
-
-    if (bind(s, server, server->sa_len) == -1) {
-	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-	    "make_sock: could not bind to %s", addr);
-
-	closesocket(s);
-	ap_unblock_alarms();
-	exit(1);
-    }
-
-    if (listen(s, ap_listenbacklog) == -1) {
-	ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
-	    "make_sock: unable to listen for connections on %s", addr);
-	closesocket(s);
-	ap_unblock_alarms();
-	exit(1);
-    }
-
-    ap_unblock_alarms();
-
-    /* protect various fd_sets */
-    if (s >= FD_SETSIZE) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
-	    "make_sock: problem listening on %s, filedescriptor (%u) "
-	    "larger than FD_SETSIZE (%u) "
-	    "found, you probably need to rebuild Apache with a "
-	    "larger FD_SETSIZE", addr, s, FD_SETSIZE);
-	closesocket(s);
-	exit(1);
-    }
-
-    return s;
-}
-
-
-/*
- * During a restart we keep track of the old listeners here, so that we
- * can re-use the sockets.  We have to do this because we won't be able
- * to re-open the sockets ("Address already in use").
- *
- * Unlike the listeners ring, old_listeners is a NULL terminated list.
- *
- * copy_listeners() makes the copy, find_listener() finds an old listener
- * and close_unused_listener() cleans up whatever wasn't used.
- */
-static listen_rec *old_listeners;
-
-/* unfortunately copy_listeners may be called before listeners is a ring */
-static void copy_listeners(pool *p)
-{
-    listen_rec *lr;
-
-    ap_assert(old_listeners == NULL);
-    if (ap_listeners == NULL) {
-	return;
-    }
-    lr = ap_listeners;
-    do {
-	listen_rec *nr = malloc(sizeof *nr);
-
-        if (nr == NULL) {
-            fprintf(stderr, "Ouch!  malloc failed in copy_listeners()\n");
-            exit(1);
-        }
-	*nr = *lr;
-	ap_kill_cleanups_for_socket(p, nr->fd);
-	nr->next = old_listeners;
-	ap_assert(!nr->used);
-	old_listeners = nr;
-	lr = lr->next;
-    } while (lr && lr != ap_listeners);
-}
-
-
-static int find_listener(listen_rec *lr)
-{
-    listen_rec *or;
-
-    for (or = old_listeners; or; or = or->next) {
-	if (!memcmp(&or->local_addr, &lr->local_addr, sizeof(or->local_addr))) {
-	    or->used = 1;
-	    return or->fd;
-	}
-    }
-    return -1;
-}
-
-
-static void close_unused_listeners(void)
-{
-    listen_rec *or, *next;
-
-    for (or = old_listeners; or; or = next) {
-	next = or->next;
-	if (!or->used)
-	    closesocket(or->fd);
-	free(or);
-    }
-    old_listeners = NULL;
-}
-
-
-/* open sockets, and turn the listeners list into a singly linked ring */
-static void setup_listeners(pool *p)
-{
-    listen_rec *lr;
-    int fd;
-
-    listenmaxfd = -1;
-    FD_ZERO(&listenfds);
-    lr = ap_listeners;
-    for (;;) {
-	fd = find_listener(lr);
-	if (fd < 0) {
-		fd = make_sock(p, (struct sockaddr *)&lr->local_addr);
-	}
-	else {
-	    ap_note_cleanups_for_socket_ex(p, fd, 1);
-	}
-	/* if we get here, (fd >= 0) && (fd < FD_SETSIZE) */
-	if (fd >= 0) {
-	    FD_SET(fd, &listenfds);
-	    if (fd > listenmaxfd)
-		listenmaxfd = fd;
-	}
-	lr->fd = fd;
-	if (lr->next == NULL)
-	    break;
-	lr = lr->next;
-    }
-    /* turn the list into a ring */
-    lr->next = ap_listeners;
-    head_listener = ap_listeners;
-    close_unused_listeners();
-
-}
-
-
-/*
- * Find a listener which is ready for accept().  This advances the
- * head_listener global.
- */
-static ap_inline listen_rec *find_ready_listener(fd_set * main_fds)
-{
-    listen_rec *lr;
-
-    lr = head_listener;
-    do {
-	if (FD_ISSET(lr->fd, main_fds)) {
-	    head_listener = lr->next;
-	    return (lr);
-	}
-	lr = lr->next;
-    } while (lr != head_listener);
-    return NULL;
-}
-
-
-static void show_compile_settings(void)
-{
-    printf("Server version: %s\n", ap_get_server_version());
-    printf("Server's Module Magic Number: %u:%u\n",
-	   MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
-    printf("Server compiled with....\n");
-    printf(" -D EAPI\n");
-#ifdef EAPI_MM
-    printf(" -D EAPI_MM\n");
-#ifdef EAPI_MM_CORE_PATH
-    printf(" -D EAPI_MM_CORE_PATH=\"" EAPI_MM_CORE_PATH "\"\n");
-#endif
-#endif
-    printf(" -D HAVE_MMAP\n");
-    printf(" -D HAVE_SHMGET\n");
-    printf(" -D USE_MMAP_SCOREBOARD\n");
-    printf(" -D USE_MMAP_FILES\n");
-#ifdef MMAP_SEGMENT_SIZE
-	printf(" -D MMAP_SEGMENT_SIZE=%ld\n",(long)MMAP_SEGMENT_SIZE);
-#endif
-    printf(" -D HAVE_FLOCK_SERIALIZED_ACCEPT\n");
-    printf(" -D HAVE_SYSVSEM_SERIALIZED_ACCEPT\n");
-    printf(" -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT\n");
-#ifdef BUFFERED_LOGS
-    printf(" -D BUFFERED_LOGS\n");
-#ifdef PIPE_BUF
-	printf(" -D PIPE_BUF=%ld\n",(long)PIPE_BUF);
-#endif
-#endif
-    printf(" -D DYNAMIC_MODULE_LIMIT=%ld\n",(long)DYNAMIC_MODULE_LIMIT);
-    printf(" -D HARD_SERVER_LIMIT=%ld\n",(long)HARD_SERVER_LIMIT);
-
-/* This list displays the compiled-in default paths: */
-#ifdef HTTPD_ROOT
-    printf(" -D HTTPD_ROOT=\"" HTTPD_ROOT "\"\n");
-#endif
-#if defined(SUEXEC_BIN)
-    printf(" -D SUEXEC_BIN=\"" SUEXEC_BIN "\"\n");
-#endif
-#ifdef DEFAULT_PIDLOG
-    printf(" -D DEFAULT_PIDLOG=\"" DEFAULT_PIDLOG "\"\n");
-#endif
-#ifdef DEFAULT_SCOREBOARD
-    printf(" -D DEFAULT_SCOREBOARD=\"" DEFAULT_SCOREBOARD "\"\n");
-#endif
-#ifdef DEFAULT_LOCKFILE
-    printf(" -D DEFAULT_LOCKFILE=\"" DEFAULT_LOCKFILE "\"\n");
-#endif
-#ifdef DEFAULT_ERRORLOG
-    printf(" -D DEFAULT_ERRORLOG=\"" DEFAULT_ERRORLOG "\"\n");
-#endif
-#ifdef TYPES_CONFIG_FILE
-    printf(" -D TYPES_CONFIG_FILE=\"" TYPES_CONFIG_FILE "\"\n");
-#endif
-#ifdef SERVER_CONFIG_FILE
-    printf(" -D SERVER_CONFIG_FILE=\"" SERVER_CONFIG_FILE "\"\n");
-#endif
-#ifdef ACCESS_CONFIG_FILE
-    printf(" -D ACCESS_CONFIG_FILE=\"" ACCESS_CONFIG_FILE "\"\n");
-#endif
-#ifdef RESOURCE_CONFIG_FILE
-    printf(" -D RESOURCE_CONFIG_FILE=\"" RESOURCE_CONFIG_FILE "\"\n");
-#endif
-}
-
-
-/* Some init code that's common between win32 and unix... well actually
- * some of it is #ifdef'd but was duplicated before anyhow.  This stuff
- * is still a mess.
- */
-static void common_init(void)
-{
-    INIT_SIGLIST()
-
-
-    pglobal = ap_init_alloc();
-    pconf = ap_make_sub_pool(pglobal);
-    plog = ap_make_sub_pool(pglobal);
-    ptrans = ap_make_sub_pool(pconf);
-
-    ap_util_init();
-    ap_util_uri_init();
-
-    pcommands = ap_make_sub_pool(NULL);
-    ap_server_pre_read_config  = ap_make_array(pcommands, 1, sizeof(char *));
-    ap_server_post_read_config = ap_make_array(pcommands, 1, sizeof(char *));
-    ap_server_config_defines   = ap_make_array(pcommands, 1, sizeof(char *));
-
-    ap_hook_init();
-    ap_hook_configure("ap::buff::read", 
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_configure("ap::buff::write",  
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_configure("ap::buff::writev",  
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_configure("ap::buff::sendwithtimeout", 
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_configure("ap::buff::recvwithtimeout", 
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-
-    ap_global_ctx = ap_ctx_new(NULL);
-}
-
-/*****************************************************************
- * Child process main loop.
- * The following vars are static to avoid getting clobbered by longjmp();
- * they are really private to child_main.
- */
-
-static int srv;
-static int csd;
-static int dupped_csd;
-static int requests_this_child;
-static fd_set main_fds;
-
-API_EXPORT(void) ap_child_terminate(request_rec *r)
-{
-    r->connection->keepalive = 0;
-    requests_this_child = ap_max_requests_per_child = 1;
-}
-
-static void child_main(int child_num_arg)
-{
-    NET_SIZE_T clen;
-    struct sockaddr_storage sa_server;
-    struct sockaddr_storage sa_client;
-    listen_rec *lr;
-    struct rlimit rlp;
-
-    /* All of initialization is a critical section, we don't care if we're
-     * told to HUP or USR1 before we're done initializing.  For example,
-     * we could be half way through child_init_modules() when a restart
-     * signal arrives, and we'd have no real way to recover gracefully
-     * and exit properly.
-     *
-     * I suppose a module could take forever to initialize, but that would
-     * be either a broken module, or a broken configuration (i.e. network
-     * problems, file locking problems, whatever). -djg
-     */
-    ap_block_alarms();
-
-    my_pid = getpid();
-    csd = -1;
-    dupped_csd = -1;
-    my_child_num = child_num_arg;
-    requests_this_child = 0;
-
-    setproctitle("child");
-
-    /*
-     * set up rlimits to keep apache+scripting from leaking horribly
-     */
-    if (ap_max_cpu_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_cpu_per_child;
-	if (setrlimit(RLIMIT_CPU, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set CPU limit to %d",
-		ap_max_cpu_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-    if (ap_max_data_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_data_per_child;
-	if (setrlimit(RLIMIT_DATA, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set data limit to %d",
-		ap_max_data_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-    if (ap_max_nofile_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_nofile_per_child;
-	if (setrlimit(RLIMIT_NOFILE, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set open file limit to %d",
-		ap_max_nofile_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-    if (ap_max_rss_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_rss_per_child;
-	if (setrlimit(RLIMIT_RSS, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set RSS limit to %d",
-		ap_max_rss_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-    if (ap_max_stack_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_stack_per_child;
-	if (setrlimit(RLIMIT_STACK, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set stack size limit to %d",
-		ap_max_stack_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-
-    /* Get a sub pool for global allocations in this child, so that
-     * we can have cleanups occur when the child exits.
-     */
-    pchild = ap_make_sub_pool(pconf);
-    /* associate accept mutex cleanup with a subpool of pchild so we can
-     * make sure the mutex is released before calling module code at
-     * termination
-     */
-    pmutex = ap_make_sub_pool(pchild);
-
-    /* needs to be done before we switch UIDs so we have permissions */
-    SAFE_ACCEPT(accept_mutex_child_init(pmutex));
-
-    set_group_privs();
-    /* 
-     * Only try to switch if we're running as root
-     * In case of Cygwin we have the special super-user named SYSTEM
-     */
-    if (!geteuid() && (
-	setuid(ap_user_id) == -1)) {
-	ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		    "setuid: unable to change to uid: %u", ap_user_id);
-	clean_child_exit(APEXIT_CHILDFATAL);
-    }
-
-    ap_child_init_modules(pchild, server_conf);
-
-    /* done with the initialization critical section */
-    ap_unblock_alarms();
-
-    (void) ap_update_child_status(my_child_num, SERVER_READY, (request_rec *) NULL);
-
-    /*
-     * Setup the jump buffers so that we can return here after a timeout 
-     */
-    ap_setjmp(jmpbuffer);
-    signal(SIGURG, timeout);
-    if (signal(SIGALRM, alrm_handler) == SIG_ERR) {
-	   fprintf(stderr, "installing signal handler for SIGALRM failed, errno %u\n", errno);
-	}
-
-
-    while (1) {
-	BUFF *conn_io;
-	request_rec *r;
-
-	/* Prepare to receive a SIGUSR1 due to graceful restart so that
-	 * we can exit cleanly.  Since we're between connections right
-	 * now it's the right time to exit, but we might be blocked in a
-	 * system call when the graceful restart request is made. */
-	usr1_just_die = 1;
-	signal(SIGUSR1, usr1_handler);
-
-	/*
-	 * (Re)initialize this child to a pre-connection state.
-	 */
-
-	ap_kill_timeout(0);	/* Cancel any outstanding alarms. */
-	current_conn = NULL;
-
-	ap_clear_pool(ptrans);
-
-	if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
-	    clean_child_exit(0);
-	}
-
-	if ((ap_max_requests_per_child > 0
-	     && requests_this_child++ >= ap_max_requests_per_child)) {
-	    clean_child_exit(0);
-	}
-
-	(void) ap_update_child_status(my_child_num, SERVER_READY, (request_rec *) NULL);
-
-	/*
-	 * Wait for an acceptable connection to arrive.
-	 */
-
-	/* Lock around "accept", if necessary */
-	SAFE_ACCEPT(accept_mutex_on());
-
-	for (;;) {
-	    if (ap_listeners->next != ap_listeners) {
-		/* more than one socket */
-		memcpy(&main_fds, &listenfds, sizeof(fd_set));
-		srv = ap_select(listenmaxfd + 1, &main_fds, NULL, NULL, NULL);
-
-		if (srv < 0 && errno != EINTR) {
-		    /* Single Unix documents select as returning errnos
-		     * EBADF, EINTR, and EINVAL... and in none of those
-		     * cases does it make sense to continue.  In fact
-		     * on Linux 2.0.x we seem to end up with EFAULT
-		     * occasionally, and we'd loop forever due to it.
-		     */
-		    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf, "select: (listen)");
-		    clean_child_exit(1);
-		}
-
-		if (srv <= 0)
-		    continue;
-
-		lr = find_ready_listener(&main_fds);
-		if (lr == NULL)
-		    continue;
-		sd = lr->fd;
-	    }
-	    else {
-		/* only one socket, just pretend we did the other stuff */
-		sd = ap_listeners->fd;
-	    }
-
-	    /* if we accept() something we don't want to die, so we have to
-	     * defer the exit
-	     */
-	    deferred_die = 0;
-	    usr1_just_die = 0;
-	    for (;;) {
-		clen = sizeof(sa_client);
-		csd = ap_accept(sd, (struct sockaddr *)&sa_client, &clen);
-		if (csd >= 0 || errno != EINTR)
-		    break;
-		if (deferred_die) {
-		    /* we didn't get a socket, and we were told to die */
-		    clean_child_exit(0);
-		}
-	    }
-
-	    if (csd >= 0)
-		break;		/* We have a socket ready for reading */
-	    else {
-
-		/* Our old behaviour here was to continue after accept()
-		 * errors.  But this leads us into lots of troubles
-		 * because most of the errors are quite fatal.  For
-		 * example, EMFILE can be caused by slow descriptor
-		 * leaks (say in a 3rd party module, or libc).  It's
-		 * foolish for us to continue after an EMFILE.  We also
-		 * seem to tickle kernel bugs on some platforms which
-		 * lead to never-ending loops here.  So it seems best
-		 * to just exit in most cases.
-		 */
-                switch (errno) {
-
-                case ECONNABORTED:
-		    /* Linux generates the rest of these, other tcp
-		     * stacks (i.e. bsd) tend to hide them behind
-		     * getsockopt() interfaces.  They occur when
-		     * the net goes sour or the client disconnects
-		     * after the three-way handshake has been done
-		     * in the kernel but before userland has picked
-		     * up the socket.
-		     */
-                case ECONNRESET:
-                case ETIMEDOUT:
-		case EHOSTUNREACH:
-		case ENETUNREACH:
-                    break;
-		case ENETDOWN:
-		     /*
-		      * When the network layer has been shut down, there
-		      * is not much use in simply exiting: the parent
-		      * would simply re-create us (and we'd fail again).
-		      * Use the CHILDFATAL code to tear the server down.
-		      * @@@ Martin's idea for possible improvement:
-		      * A different approach would be to define
-		      * a new APEXIT_NETDOWN exit code, the reception
-		      * of which would make the parent shutdown all
-		      * children, then idle-loop until it detected that
-		      * the network is up again, and restart the children.
-		      * Ben Hyde noted that temporary ENETDOWN situations
-		      * occur in mobile IP.
-		      */
-		    ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-			"accept: giving up.");
-		    clean_child_exit(APEXIT_CHILDFATAL);
-
-		default:
-		    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
-				"accept: (client socket)");
-		    clean_child_exit(1);
-		}
-	    }
-
-	    /* go around again, safe to die */
-	    usr1_just_die = 1;
-	    if (deferred_die) {
-		/* ok maybe not, see ya later */
-		clean_child_exit(0);
-	    }
-	    /* or maybe we missed a signal, you never know on systems
-	     * without reliable signals
-	     */
-	    if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
-		clean_child_exit(0);
-	    }
-	}
-
-	SAFE_ACCEPT(accept_mutex_off());	/* unlock after "accept" */
-
-
-	/* We've got a socket, let's at least process one request off the
-	 * socket before we accept a graceful restart request.
-	 */
-	signal(SIGUSR1, SIG_IGN);
-
-	ap_note_cleanups_for_socket_ex(ptrans, csd, 1);
-
-	/* protect various fd_sets */
-	if (csd >= FD_SETSIZE) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
-		"[csd] filedescriptor (%u) larger than FD_SETSIZE (%u) "
-		"found, you probably need to rebuild Apache with a "
-		"larger FD_SETSIZE", csd, FD_SETSIZE);
-	    continue;
-	}
-
-	/*
-	 * We now have a connection, so set it up with the appropriate
-	 * socket options, file descriptors, and read/write buffers.
-	 */
-
-	clen = sizeof(sa_server);
-	if (getsockname(csd, (struct sockaddr *)&sa_server, &clen) < 0) {
-	    ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf, 
-                         "getsockname, client %pA probably dropped the "
-                         "connection", 
-                         &((struct sockaddr_in *)&sa_client)->sin_addr);
-	    continue;
-	}
-
-	sock_disable_nagle(csd, (struct sockaddr_in *)&sa_client);
-
-	(void) ap_update_child_status(my_child_num, SERVER_BUSY_READ,
-				   (request_rec *) NULL);
-
-	conn_io = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
-
-	dupped_csd = csd;
-	ap_bpushfd(conn_io, csd, dupped_csd);
-
-	current_conn = new_connection(ptrans, server_conf, conn_io,
-				          (struct sockaddr *)&sa_client,
-				          (struct sockaddr *)&sa_server,
-				          my_child_num);
-
-	/*
-	 * Read and process each request found on our connection
-	 * until no requests are left or we decide to close.
-	 */
-
-	while ((r = ap_read_request(current_conn)) != NULL) {
-
-	    /* read_request_line has already done a
-	     * signal (SIGUSR1, SIG_IGN);
-	     */
-
-	    (void) ap_update_child_status(my_child_num, SERVER_BUSY_WRITE, r);
-
-	    /* process the request if it was read without error */
-
-	    if (r->status == HTTP_OK)
-		ap_process_request(r);
-
-	    if(ap_extended_status)
-		increment_counts(my_child_num, r);
-
-	    if (!current_conn->keepalive || current_conn->aborted)
-		break;
-
-	    ap_destroy_pool(r->pool);
-	    (void) ap_update_child_status(my_child_num, SERVER_BUSY_KEEPALIVE,
-				       (request_rec *) NULL);
-
-	    if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
-		ap_call_close_connection_hook(current_conn);
-		ap_bclose(conn_io);
-		clean_child_exit(0);
-	    }
-
-	    /* In case we get a graceful restart while we're blocked
-	     * waiting for the request.
-	     *
-	     * XXX: This isn't perfect, we might actually read the
-	     * request and then just die without saying anything to
-	     * the client.  This can be fixed by using deferred_die
-	     * but you have to teach buff.c about it so that it can handle
-	     * the EINTR properly.
-	     *
-	     * In practice though browsers (have to) expect keepalive
-	     * connections to close before receiving a response because
-	     * of network latencies and server timeouts.
-	     */
-	    usr1_just_die = 1;
-	    signal(SIGUSR1, usr1_handler);
-	}
-
-	/*
-	 * Close the connection, being careful to send out whatever is still
-	 * in our buffers.  If possible, try to avoid a hard close until the
-	 * client has ACKed our FIN and/or has stopped sending us data.
-	 */
-
-	if (r && r->connection
-	    && !r->connection->aborted
-	    && r->connection->client
-	    && (r->connection->client->fd >= 0)) {
-
-	    lingering_close(r);
-	}
-	else {
-	    ap_call_close_connection_hook(current_conn);
-	    ap_bsetflag(conn_io, B_EOUT, 1);
-	    ap_bclose(conn_io);
-	}
-    }
-}
-
-
-static int make_child(server_rec *s, int slot, time_t now)
-{
-    int pid;
-
-    if (slot + 1 > max_daemons_limit) {
-	max_daemons_limit = slot + 1;
-    }
-
-    if (one_process) {
-	signal(SIGHUP, just_die);
-	signal(SIGINT, just_die);
-	signal(SIGQUIT, SIG_DFL);
-	signal(SIGTERM, just_die);
-	child_main(slot);
-    }
-
-    /* avoid starvation */
-    head_listener = head_listener->next;
-
-    Explain1("Starting new child in slot %d", slot);
-    (void) ap_update_child_status(slot, SERVER_STARTING, (request_rec *) NULL);
-
-
-    if ((pid = fork()) == -1) {
-	ap_log_error(APLOG_MARK, APLOG_ERR, s, "fork: Unable to fork new process");
-
-	/* fork didn't succeed. Fix the scoreboard or else
-	 * it will say SERVER_STARTING forever and ever
-	 */
-	(void) ap_update_child_status(slot, SERVER_DEAD, (request_rec *) NULL);
-
-	/* In case system resources are maxxed out, we don't want
-	   Apache running away with the CPU trying to fork over and
-	   over and over again. */
-	sleep(10);
-
-	return -1;
-    }
-
-    if (!pid) {
-	RAISE_SIGSTOP(MAKE_CHILD);
-	MONCONTROL(1);
-	/* Disable the restart signal handlers and enable the just_die stuff.
-	 * Note that since restart() just notes that a restart has been
-	 * requested there's no race condition here.
-	 */
-	signal(SIGHUP, just_die);
-	signal(SIGUSR1, just_die);
-	signal(SIGTERM, just_die);
-	child_main(slot);
-    }
-
-    ap_scoreboard_image->parent[slot].last_rtime = now;
-    ap_scoreboard_image->parent[slot].pid = pid;
-    return 0;
-}
-
-
-/* start up a bunch of children */
-static void startup_children(int number_to_start)
-{
-    int i;
-    time_t now = time(NULL);
-
-    for (i = 0; number_to_start && i < ap_daemons_limit; ++i) {
-	if (ap_scoreboard_image->servers[i].status != SERVER_DEAD) {
-	    continue;
-	}
-	if (make_child(server_conf, i, now) < 0) {
-	    break;
-	}
-	--number_to_start;
-    }
-}
-
-
-/*
- * idle_spawn_rate is the number of children that will be spawned on the
- * next maintenance cycle if there aren't enough idle servers.  It is
- * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
- * without the need to spawn.
- */
-static int idle_spawn_rate = 1;
-#ifndef MAX_SPAWN_RATE
-#define MAX_SPAWN_RATE	(32)
-#endif
-static int hold_off_on_exponential_spawning;
-
-/*
- * Define the signal that is used to kill off children if idle_count
- * is greater then ap_daemons_max_free. Usually we will use SIGUSR1
- * to gracefully shutdown, but unfortunatly some OS will need other 
- * signals to ensure that the child process is terminated and the 
- * scoreboard pool is not growing to infinity. Also set the signal we
- * use to kill of childs that exceed timeout. This effect has been
-* seen at least on Cygwin 1.x. -- Stipe Tolj <tolj@wapme-systems.de>
- */
-#define SIG_IDLE_KILL SIGUSR1
-#define SIG_TIMEOUT_KILL SIGALRM
-
-static void perform_idle_server_maintenance(void)
-{
-    int i;
-    int to_kill;
-    int idle_count;
-    short_score *ss;
-    time_t now = time(NULL);
-    int free_length;
-    int free_slots[MAX_SPAWN_RATE];
-    int last_non_dead;
-    int total_non_dead;
-
-    /* initialize the free_list */
-    free_length = 0;
-
-    to_kill = -1;
-    idle_count = 0;
-    last_non_dead = -1;
-    total_non_dead = 0;
-
-    for (i = 0; i < ap_daemons_limit; ++i) {
-	int status;
-
-	if (i >= max_daemons_limit && free_length == idle_spawn_rate)
-	    break;
-	ss = &ap_scoreboard_image->servers[i];
-	status = ss->status;
-	if (status == SERVER_DEAD) {
-	    /* try to keep children numbers as low as possible */
-	    if (free_length < idle_spawn_rate) {
-		free_slots[free_length] = i;
-		++free_length;
-	    }
-	}
-	else {
-	    /* We consider a starting server as idle because we started it
-	     * at least a cycle ago, and if it still hasn't finished starting
-	     * then we're just going to swamp things worse by forking more.
-	     * So we hopefully won't need to fork more if we count it.
-	     * This depends on the ordering of SERVER_READY and SERVER_STARTING.
-	     */
-	    if (status <= SERVER_READY) {
-		++ idle_count;
-		/* always kill the highest numbered child if we have to...
-		 * no really well thought out reason ... other than observing
-		 * the server behaviour under linux where lower numbered children
-		 * tend to service more hits (and hence are more likely to have
-		 * their data in cpu caches).
-		 */
-		to_kill = i;
-	    }
-
-	    ++total_non_dead;
-	    last_non_dead = i;
-	    if (ss->timeout_len) {
-		/* if it's a live server, with a live timeout then
-		 * start checking its timeout */
-		parent_score *ps = &ap_scoreboard_image->parent[i];
-		if (ss->cur_vtime != ps->last_vtime) {
-		    /* it has made progress, so update its last_rtime,
-		     * last_vtime */
-		    ps->last_rtime = now;
-		    ps->last_vtime = ss->cur_vtime;
-		}
-		else if (ps->last_rtime + ss->timeout_len < now) {
-		    /* no progress, and the timeout length has been exceeded */
-		    ss->timeout_len = 0;
-		    safe_child_kill(ps->pid, SIG_TIMEOUT_KILL);
-		}
-	    }
-	}
-    }
-    max_daemons_limit = last_non_dead + 1;
-    if (idle_count > ap_daemons_max_free) {
-	/* kill off one child... we use SIGUSR1 because that'll cause it to
-	 * shut down gracefully, in case it happened to pick up a request
-	 * while we were counting. Use the define SIG_IDLE_KILL to reflect
-	 * which signal should be used on the specific OS.
-	 */
-	safe_child_kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL);
-	idle_spawn_rate = 1;
-    }
-    else if (idle_count < ap_daemons_min_free) {
-	/* terminate the free list */
-	if (free_length == 0) {
-	    /* only report this condition once */
-	    static int reported = 0;
-
-	    if (!reported) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
-			    "server reached MaxClients setting, consider"
-			    " raising the MaxClients setting");
-		reported = 1;
-	    }
-	    idle_spawn_rate = 1;
-	}
-	else {
-	    if (idle_spawn_rate >= 8) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, server_conf,
-		    "server seems busy, (you may need "
-		    "to increase StartServers, or Min/MaxSpareServers), "
-		    "spawning %d children, there are %d idle, and "
-		    "%d total children", idle_spawn_rate,
-		    idle_count, total_non_dead);
-	    }
-	    for (i = 0; i < free_length; ++i) {
-		make_child(server_conf, free_slots[i], now);
-	    }
-	    /* the next time around we want to spawn twice as many if this
-	     * wasn't good enough, but not if we've just done a graceful
-	     */
-	    if (hold_off_on_exponential_spawning) {
-		--hold_off_on_exponential_spawning;
-	    }
-	    else if (idle_spawn_rate < MAX_SPAWN_RATE) {
-		idle_spawn_rate *= 2;
-	    }
-	}
-    }
-    else {
-	idle_spawn_rate = 1;
-    }
-}
-
-
-static void process_child_status(int pid, ap_wait_t status)
-{
-    /* Child died... if it died due to a fatal error,
-	* we should simply bail out.
-	*/
-    if ((WIFEXITED(status)) &&
-	WEXITSTATUS(status) == APEXIT_CHILDFATAL) {
-        /* cleanup pid file -- it is useless after our exiting */
-        const char *pidfile = NULL;
-        pidfile = ap_server_root_relative (pconf, ap_pid_fname);
-        if ( pidfile != NULL && unlink(pidfile) == 0)
-            ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
-                         server_conf,
-                         "removed PID file %s (pid=%ld)",
-                         pidfile, (long)getpid());
-	ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server_conf,
-			"Child %d returned a Fatal error... \n"
-			"Apache is exiting!",
-			pid);
-	exit(APEXIT_CHILDFATAL);
-    }
-    if (WIFSIGNALED(status)) {
-	switch (WTERMSIG(status)) {
-	case SIGTERM:
-	case SIGHUP:
-	case SIGUSR1:
-	case SIGKILL:
-	    break;
-	default:
-	    if (WCOREDUMP(status)) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
-			     server_conf,
-			     "child pid %d exit signal %s (%d), "
-			     "possible coredump in %s",
-			     pid, (WTERMSIG(status) >= NumSIG) ? "" : 
-			     SYS_SIGLIST[WTERMSIG(status)], WTERMSIG(status),
-			     ap_coredump_dir);
-	    }
-	    else {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
-			     server_conf,
-			     "child pid %d exit signal %s (%d)", pid,
-			     SYS_SIGLIST[WTERMSIG(status)], WTERMSIG(status));
-	    }
-	}
-    }
-}
-
-
-/*****************************************************************
- * Executive routines.
- */
-
-#ifndef STANDALONE_MAIN
-#define STANDALONE_MAIN standalone_main
-
-static void standalone_main(int argc, char **argv)
-{
-    int remaining_children_to_start;
-
-
-    ap_standalone = 1;
-
-    is_graceful = 0;
-
-    if (!one_process) {
-	detach();
-    }
-    else {
-	MONCONTROL(1);
-    }
-
-    my_pid = getpid();
-
-    do {
-	copy_listeners(pconf);
-	if (!is_graceful) {
-	    ap_restart_time = time(NULL);
-	}
-	ap_clear_pool(pconf);
-	ptrans = ap_make_sub_pool(pconf);
-
-	ap_init_mutex_method(ap_default_mutex_method());
-
-	server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
-	setup_listeners(pconf);
-	ap_clear_pool(plog);
-
-	/* 
-	 * we cannot reopen the logfiles once we dropped permissions, 
-	 * we cannot write the pidfile (pointless anyway), and we can't
-	 * reload & reinit the modules.
-	 */
-
-	if (!is_chrooted) {
-	    ap_open_logs(server_conf, plog);
-	    ap_log_pid(pconf, ap_pid_fname);
-	}
-	ap_set_version();	/* create our server_version string */
-	ap_init_modules(pconf, server_conf);
-	ap_init_etag(pconf);
-	version_locked++;	/* no more changes to server_version */
-
-	if(!is_graceful && !is_chrooted)
-	    if (ap_server_chroot) {
-		if (geteuid()) {
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_EMERG, 
-			server_conf, "can't run in secure mode if not "
-			"started with root privs.");
-		    exit(1);
-		}
-
-		/* initialize /dev/crypto, XXX check for -DSSL option */
-#ifdef MOD_SSL
-		OpenSSL_add_all_algorithms();
-#endif
-
-		if (initgroups(ap_user_name, ap_group_id)) {
-		    ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-			"initgroups: unable to set groups for User %s "
-			"and Group %u", ap_user_name, (unsigned)ap_group_id);
-		    exit(1);
-		}
-
-		if (chroot(ap_server_root) < 0) {
-		    ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-			"unable to chroot into %s!", ap_server_root);
-		    exit(1);
-		}
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 
-		    server_conf, "chrooted in %s", ap_server_root);
-		chdir("/");
-		is_chrooted = 1;
-		setproctitle("parent [chroot %s]", ap_server_root);
-
-		if (setresgid(ap_group_id, ap_group_id, ap_group_id) != 0 ||
-		    setresuid(ap_user_id, ap_user_id, ap_user_id) != 0) {
-			ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-			    "can't drop privileges!");
-			exit(1);
-		} else
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
-			server_conf, "changed to uid %u, gid %u",
-			ap_user_id, ap_group_id);
-		} else
-		    setproctitle("parent");
-
-
-	SAFE_ACCEPT(accept_mutex_init(pconf));
-	if (!is_graceful) {
-	    reinit_scoreboard(pconf);
-	}
-	set_signals();
-
-	if (ap_daemons_max_free < ap_daemons_min_free + 1)	/* Don't thrash... */
-	    ap_daemons_max_free = ap_daemons_min_free + 1;
-
-	/* If we're doing a graceful_restart then we're going to see a lot
-	 * of children exiting immediately when we get into the main loop
-	 * below (because we just sent them SIGUSR1).  This happens pretty
-	 * rapidly... and for each one that exits we'll start a new one until
-	 * we reach at least daemons_min_free.  But we may be permitted to
-	 * start more than that, so we'll just keep track of how many we're
-	 * supposed to start up without the 1 second penalty between each fork.
-	 */
-	remaining_children_to_start = ap_daemons_to_start;
-	if (remaining_children_to_start > ap_daemons_limit) {
-	    remaining_children_to_start = ap_daemons_limit;
-	}
-	if (!is_graceful) {
-	    startup_children(remaining_children_to_start);
-	    remaining_children_to_start = 0;
-	}
-	else {
-	    /* give the system some time to recover before kicking into
-	     * exponential mode */
-	    hold_off_on_exponential_spawning = 10;
-	}
-
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-		    "%s configured -- resuming normal operations",
-		    ap_get_server_version());
-	if (ap_suexec_enabled) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-		         "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN);
-	}
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-		    "Accept mutex: %s (Default: %s)",
-		     amutex->name, ap_default_mutex_method());
-	restart_pending = shutdown_pending = 0;
-
-	while (!restart_pending && !shutdown_pending) {
-	    int child_slot;
-	    ap_wait_t status;
-	    int pid = wait_or_timeout(&status);
-
-	    /* XXX: if it takes longer than 1 second for all our children
-	     * to start up and get into IDLE state then we may spawn an
-	     * extra child
-	     */
-	    if (pid >= 0) {
-		process_child_status(pid, status);
-		/* non-fatal death... note that it's gone in the scoreboard. */
-		child_slot = find_child_by_pid(pid);
-		Explain2("Reaping child %d slot %d", pid, child_slot);
-		if (child_slot >= 0) {
-		    (void) ap_update_child_status(child_slot, SERVER_DEAD,
-					       (request_rec *) NULL);
-		    if (remaining_children_to_start
-			&& child_slot < ap_daemons_limit) {
-			/* we're still doing a 1-for-1 replacement of dead
-			 * children with new children
-			 */
-			make_child(server_conf, child_slot, time(NULL));
-			--remaining_children_to_start;
-		    }
-		}
-		else if (reap_other_child(pid, status) == 0) {
-		    /* handled */
-		}
-		else if (is_graceful) {
-		    /* Great, we've probably just lost a slot in the
-		     * scoreboard.  Somehow we don't know about this
-		     * child.
-		     */
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, server_conf,
-				"long lost child came home! (pid %d)", pid);
-		}
-		/* Don't perform idle maintenance when a child dies,
-		 * only do it when there's a timeout.  Remember only a
-		 * finite number of children can die, and it's pretty
-		 * pathological for a lot to die suddenly.
-		 */
-		continue;
-	    }
-	    else if (remaining_children_to_start) {
-		/* we hit a 1 second timeout in which none of the previous
-		 * generation of children needed to be reaped... so assume
-		 * they're all done, and pick up the slack if any is left.
-		 */
-		startup_children(remaining_children_to_start);
-		remaining_children_to_start = 0;
-		/* In any event we really shouldn't do the code below because
-		 * few of the servers we just started are in the IDLE state
-		 * yet, so we'd mistakenly create an extra server.
-		 */
-		continue;
-	    }
-
-	    perform_idle_server_maintenance();
-	}
-
-	if (shutdown_pending) {
-	    /* Time to gracefully shut down:
-	     * Kill child processes, tell them to call child_exit, etc...
-	     */
-	    if (ap_killpg(pgrp, SIGTERM) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGTERM");
-	    }
-	    reclaim_child_processes(1);		/* Start with SIGTERM */
-
-	    /* cleanup pid file on normal shutdown */
-	    {
-		char *pidfile = NULL;
-		pidfile = ap_server_root_relative (pconf, ap_pid_fname);
-		ap_server_strip_chroot(pidfile, 0);
-		if ( pidfile != NULL && unlink(pidfile) == 0)
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
-				 server_conf,
-				 "removed PID file %s (pid=%u)",
-				 pidfile, getpid());
-	    }
-
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-			"caught SIGTERM, shutting down");
-	    clean_parent_exit(0);
-	}
-
-	/* we've been told to restart */
-	signal(SIGHUP, SIG_IGN);
-	signal(SIGUSR1, SIG_IGN);
-
-	if (one_process) {
-	    /* not worth thinking about */
-	    clean_parent_exit(0);
-	}
-
-	/* advance to the next generation */
-	/* XXX: we really need to make sure this new generation number isn't in
-	 * use by any of the children.
-	 */
-	++ap_my_generation;
-	ap_scoreboard_image->global.running_generation = ap_my_generation;
-
-	if (is_graceful) {
-	    int i;
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-			"SIGUSR1 received.  Doing graceful restart");
-
-	    /* kill off the idle ones */
-	    if (ap_killpg(pgrp, SIGUSR1) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGUSR1");
-	    }
-	    /* This is mostly for debugging... so that we know what is still
-	     * gracefully dealing with existing request.  But we can't really
-	     * do it if we're in a SCOREBOARD_FILE because it'll cause
-	     * corruption too easily.
-	     */
-	    for (i = 0; i < ap_daemons_limit; ++i) {
-		if (ap_scoreboard_image->servers[i].status != SERVER_DEAD) {
-		    ap_scoreboard_image->servers[i].status = SERVER_GRACEFUL;
-		}
-	    }
-	}
-	else {
-	    /* Kill 'em off */
-	    if (ap_killpg(pgrp, SIGHUP) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGHUP");
-	    }
-	    reclaim_child_processes(0);		/* Not when just starting up */
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-			"SIGHUP received.  Attempting to restart");
-	}
-    } while (restart_pending);
-
-    /*add_common_vars(NULL);*/
-}				/* standalone_main */
-#else
-/* prototype */
-void STANDALONE_MAIN(int argc, char **argv);
-#endif /* STANDALONE_MAIN */
-
-extern char *optarg;
-extern int optind;
-
-int REALMAIN(int argc, char *argv[])
-{
-    int c;
-    int sock_in;
-    int sock_out;
-    char *s;
-    
-    MONCONTROL(0);
-
-    common_init();
-    
-    if ((s = strrchr(argv[0], PATHSEPARATOR)) != NULL) {
-	ap_server_argv0 = ++s;
-    }
-    else {
-	ap_server_argv0 = argv[0];
-    }
-    
-    ap_cpystrn(ap_server_root, HTTPD_ROOT, sizeof(ap_server_root));
-    ap_cpystrn(ap_server_confname, SERVER_CONFIG_FILE, sizeof(ap_server_confname));
-
-    ap_setup_prelinked_modules();
-
-    while ((c = getopt(argc, argv,
-				    "D:C:c:xXd:Ff:vVlLR:StThUu46"
-#ifdef DEBUG_SIGSTOP
-				    "Z:"
-#endif
-			)) != -1) {
-	char **new;
-	switch (c) {
-	case 'c':
-	    new = (char **)ap_push_array(ap_server_post_read_config);
-	    *new = ap_pstrdup(pcommands, optarg);
-	    break;
-	case 'C':
-	    new = (char **)ap_push_array(ap_server_pre_read_config);
-	    *new = ap_pstrdup(pcommands, optarg);
-	    break;
-	case 'D':
-	    new = (char **)ap_push_array(ap_server_config_defines);
-	    *new = ap_pstrdup(pcommands, optarg);
-	    break;
-	case 'd':
-	    ap_cpystrn(ap_server_root, optarg, sizeof(ap_server_root));
-	    break;
-	case 'F':
-	    do_detach = 0;
-	    break;
-	case 'f':
-	    ap_cpystrn(ap_server_confname, optarg, sizeof(ap_server_confname));
-	    break;
-	case 'v':
-	    ap_server_tokens = SrvTk_FULL;
-	    ap_set_version();
-	    printf("Server version: %s\n", ap_get_server_version());
-	    exit(0);
-	case 'V':
-	    ap_server_tokens = SrvTk_FULL;
-	    ap_set_version();
-	    show_compile_settings();
-	    exit(0);
-	case 'l':
-	    ap_suexec_enabled = init_suexec();
-	    ap_show_modules();
-	    exit(0);
-	case 'L':
-	    ap_show_directives();
-	    exit(0);
-	case 'X':
-	    ++one_process;	/* Weird debugging mode. */
-	    break;
-#ifdef DEBUG_SIGSTOP
-	case 'Z':
-	    raise_sigstop_flags = atoi(optarg);
-	    break;
-#endif
-	case 'S':
-	    ap_dump_settings = 1;
-	    break;
-	case 't':
-	    ap_configtestonly = 1;
-	    ap_docrootcheck = 1;
-	    break;
-	case 'T':
-	    ap_configtestonly = 1;
-	    ap_docrootcheck = 0;
-	    break;
-	case 'h':
-	    usage(argv[0]);
-	    break;
-	case '4':
-	    ap_default_family = PF_INET;
-	    break;
-	case '6':
-	    ap_default_family = PF_INET6;
-	    break;
-	case 'u':
-	    ap_server_chroot = 0;
-	    break;
-	case 'U':
-	    ap_default_family = PF_UNSPEC;
-	    break;
-	case '?':
-	    usage(argv[0]);
-	}
-    }
-    ap_init_alloc_shared(TRUE);
-
-    ap_suexec_enabled = init_suexec();
-    server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
-
-    ap_init_alloc_shared(FALSE);
-
-    if (ap_configtestonly) {
-        fprintf(stderr, "Syntax OK\n");
-        clean_parent_exit(0);
-    }
-    if (ap_dump_settings) {
-        clean_parent_exit(0);
-    }
-
-    child_timeouts = !ap_standalone || one_process;
-
-
-    if (ap_standalone) {
-	ap_open_logs(server_conf, plog);
-	ap_set_version();
-	ap_init_modules(pconf, server_conf);
-	version_locked++;
-	STANDALONE_MAIN(argc, argv);
-    }
-    else {
-	conn_rec *conn;
-	request_rec *r;
-	BUFF *cio;
-	struct sockaddr_storage sa_server, sa_client;
-	NET_SIZE_T l;
-	char servbuf[NI_MAXSERV];
-
-	ap_set_version();
-	/* Yes this is called twice. */
-	ap_init_modules(pconf, server_conf);
-	version_locked++;
-	ap_open_logs(server_conf, plog);
-	ap_init_modules(pconf, server_conf);
-	set_group_privs();
-
-    /* 
-     * Only try to switch if we're running as root
-     * In case of Cygwin we have the special super-user named SYSTEM
-     * with a pre-defined uid.
-     */
-	if (!geteuid() && setuid(ap_user_id) == -1) {
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-			"setuid: unable to change to uid: %u",
-			ap_user_id);
-	    exit(1);
-	}
-	if (ap_setjmp(jmpbuffer)) {
-	    exit(0);
-	}
-
-    sock_in = fileno(stdin);
-    sock_out = fileno(stdout);
-
-	l = sizeof(sa_client);
-	if ((getpeername(sock_in, (struct sockaddr *)&sa_client, &l)) < 0) {
-/* get peername will fail if the input isn't a socket */
-	    perror("getpeername");
-	    memset(&sa_client, '\0', sizeof(sa_client));
-	}
-
-	l = sizeof(sa_server);
-	if (getsockname(sock_in, (struct sockaddr *)&sa_server, &l) < 0) {
-	    perror("getsockname");
-	    fprintf(stderr, "Error getting local address\n");
-	    exit(1);
-	}
-	if (getnameinfo(((struct sockaddr *)&sa_server), l,
-			NULL, 0, servbuf, sizeof(servbuf), 
-			NI_NUMERICSERV)){
-	    fprintf(stderr, "getnameinfo(): family=%d\n", sa_server.ss_family);
-	    exit(1);
-	}
-	servbuf[sizeof(servbuf)-1] = '\0';
-	server_conf->port = atoi(servbuf);
-	cio = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
-        cio->fd = sock_out;
-        cio->fd_in = sock_in;
-	conn = new_connection(ptrans, server_conf, cio,
-			          (struct sockaddr *)&sa_client,
-			          (struct sockaddr *)&sa_server, -1);
-
-	while ((r = ap_read_request(conn)) != NULL) {
-
-	    if (r->status == HTTP_OK)
-		ap_process_request(r);
-
-	    if (!conn->keepalive || conn->aborted)
-		break;
-
-	    ap_destroy_pool(r->pool);
-	}
-
-	ap_call_close_connection_hook(conn);
-
-	ap_bclose(cio);
-    }
-    exit(0);
-}
-
-#include "httpd.h"
-/*
- * Force ap_validate_password() into the image so that modules like
- * mod_auth can use it even if they're dynamically loaded.
- */
-void suck_in_ap_validate_password(void);
-void suck_in_ap_validate_password(void)
-{
-    ap_validate_password("a", "b");
-}
-
-/* force Expat to be linked into the server executable */
-#if defined(USE_EXPAT)
-#include "xmlparse.h"
-const XML_LChar *suck_in_expat(void);
-const XML_LChar *suck_in_expat(void)
-{
-    return XML_ErrorString(XML_ERROR_NONE);
-}
-#endif /* USE_EXPAT */
-
-API_EXPORT(void) ap_server_strip_chroot(char *src, int force)
-{
-    char buf[MAX_STRING_LEN];
-
-    if(src != NULL && ap_server_chroot && (is_chrooted || force)) {
-	if (strncmp(ap_server_root, src, strlen(ap_server_root)) == 0) {
-	    strlcpy(buf, src+strlen(ap_server_root), MAX_STRING_LEN);
-	    strlcpy(src, buf, strlen(src));
-	} 
-    }
-}
-
-API_EXPORT(int) ap_server_is_chrooted()
-{
-    return(is_chrooted);
-}
-
-API_EXPORT(int) ap_server_chroot_desired()
-{
-    return(ap_server_chroot);
-}
diff --git a/usr.sbin/httpd/src/main/http_protocol.c b/usr.sbin/httpd/src/main/http_protocol.c
deleted file mode 100644
index f2a91318257..00000000000
--- a/usr.sbin/httpd/src/main/http_protocol.c
+++ /dev/null
@@ -1,3182 +0,0 @@
-/*	$OpenBSD: http_protocol.c,v 1.39 2013/08/22 04:43:41 guenther Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_protocol.c --- routines which directly communicate with the client.
- *
- * Code originally by Rob McCool; much redone by Robert S. Thau
- * and the Apache Group.
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_main.h"
-#include "http_request.h"
-#include "http_vhost.h"
-#include "http_log.h"           /* For errors detected in basic auth common
-                                 * support code... */
-#include "util_date.h"          /* For parseHTTPdate and BAD_DATE */
-#include <stdarg.h>
-#include "http_conf_globals.h"
-#include "util_md5.h"           /* For digestAuth */
-#include "ap_sha1.h"
-
-#define SET_BYTES_SENT(r) \
-  do { if (r->sent_bodyct) \
-          ap_bgetopt (r->connection->client, BO_BYTECT, &r->bytes_sent); \
-  } while (0)
-
-/*
- * Builds the content-type that should be sent to the client from the
- * content-type specified.  The following rules are followed:
- *    - if type is NULL, type is set to ap_default_type(r)
- *    - if charset adding is disabled, stop processing and return type.
- *    - then, if there are no parameters on type, add the default charset
- *    - return type
- */
-static const char *make_content_type(request_rec *r, const char *type) {
-    char *needcset[] = {
-	"text/plain",
-	"text/html",
-	NULL };
-    char **pcset;
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                   &core_module);
-    if (!type) {
-        type = ap_default_type(r);
-    }
-    if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) {
-        return type;
-    }
-
-    if (ap_strcasestr(type, "charset=") != NULL) {
-	/* already has parameter, do nothing */
-	/* XXX we don't check the validity */
-	;
-    }
-    else {
-    	/* see if it makes sense to add the charset. At present,
-	 * we only add it if the Content-type is one of needcset[]
-	 */
-	for (pcset = needcset; *pcset ; pcset++) {
-	    if (ap_strcasestr(type, *pcset) != NULL) {
-		type = ap_pstrcat(r->pool, type, "; charset=", 
-                                  conf->add_default_charset_name, NULL);
-		break;
-	    }
-        }
-    }
-    return type;
-}
-
-enum byterange_token {
-    BYTERANGE_OK,
-    BYTERANGE_EMPTY,
-    BYTERANGE_BADSYNTAX,
-    BYTERANGE_UNSATISFIABLE
-};
-
-static enum byterange_token
-    parse_byterange(request_rec *r, off_t *start, off_t *end)
-{
-    const char *estr;
-    /* parsing first, semantics later */
-
-    while (ap_isspace(*r->range))
-        ++r->range;
-
-    /* check for an empty range, which is OK */
-    if (*r->range == '\0') {
-	return BYTERANGE_EMPTY;
-    }
-    else if (*r->range == ',') {
-	++r->range;
-	return BYTERANGE_EMPTY;
-    }
-
-    if (ap_isdigit(*r->range))
-        *start = strtoll(r->range, (char **)&r->range, 10);
-    else
-        *start = -1;
-
-    while (ap_isspace(*r->range))
-        ++r->range;
-
-    if (*r->range != '-')
-	return BYTERANGE_BADSYNTAX;
-    ++r->range;
-
-    while (ap_isspace(*r->range))
-        ++r->range;
-
-    if (ap_isdigit(*r->range))
-        *end = strtoll(r->range, (char **)&r->range, 10);
-    else
-        *end = -1;
-
-    while (ap_isspace(*r->range))
-        ++r->range;
-
-    /* check the end of the range */
-    if (*r->range == ',') {
-	++r->range;
-    }
-    else if (*r->range != '\0') {
-	return BYTERANGE_BADSYNTAX;
-    }
-
-    /* parsing done; now check the numbers */
-
-    if (*start < 0) { /* suffix-byte-range-spec */
-	if (*end < 0) /* no numbers */
-	    return BYTERANGE_BADSYNTAX;
-	*start = r->clength - *end;
-	if (*start < 0)
-	    *start = 0;
-	*end = r->clength - 1;
-    }
-    else {
-	if (*end >= 0 && *start > *end) /* out-of-order range */
-	    return BYTERANGE_BADSYNTAX;
-	if (*end < 0 || *end >= r->clength)
-	    *end = r->clength - 1;
-    }
-    /* RFC 2616 is somewhat unclear about what we should do if the end
-     * is missing and the start is after the clength. The robustness
-     * principle says we should accept it as an unsatisfiable range.
-     * We accept suffix-byte-range-specs like -0 for the same reason.
-     */
-    if (*start >= r->clength)
-	return BYTERANGE_UNSATISFIABLE;
-
-    return BYTERANGE_OK;
-}
-
-/* If this function is called with output=1, it will spit out the
- * correct headers for a byterange chunk. If output=0 it will not
- * output anything but just return the number of bytes it would have
- * output. If start or end are less than 0 then it will do a byterange
- * chunk trailer instead of a header.
- */
-static int byterange_boundary(request_rec *r, off_t start , off_t end, int output)
-{
-    int length = 0;
-
-    if (start < 0 || end < 0) {
-	if (output)
-	    ap_rvputs(r, CRLF "--", r->boundary, "--" CRLF, NULL);
-	else
-	    length = 4 + strlen(r->boundary) + 4;
-    }
-    else {
-	const char *ct = make_content_type(r, r->content_type);
-	char ts[MAX_STRING_LEN];
-
-	ap_snprintf(ts, sizeof(ts), "%qd-%qd/%qd", start, end, r->clength);
-	if (output)
-	    ap_rvputs(r, CRLF "--", r->boundary, CRLF "Content-type: ",
-		      ct, CRLF "Content-range: bytes ", ts, CRLF CRLF,
-		      NULL);
-	else
-	    length = 4 + strlen(r->boundary) + 16
-		+ strlen(ct) + 23 + strlen(ts) + 4;
-    }
-
-    return length;
-}
-
-API_EXPORT(int) ap_set_byterange(request_rec *r)
-{
-    const char *range, *if_range, *match;
-    char *bbuf, *b;
-    u_int32_t rbuf[12]; /* 48 bytes yields 64 base64 chars */
-    off_t length, start, end, one_start = 0, one_end = 0;
-    size_t u;
-    int ranges, empty;
-    
-    if (!r->clength || r->assbackwards)
-        return 0;
-
-    /* Check for Range request-header (HTTP/1.1) or Request-Range for
-     * backwards-compatibility with second-draft Luotonen/Franks
-     * byte-ranges (e.g. Netscape Navigator 2-3).
-     *
-     * We support this form, with Request-Range, and (farther down) we
-     * send multipart/x-byteranges instead of multipart/byteranges for
-     * Request-Range based requests to work around a bug in Netscape
-     * Navigator 2-3 and MSIE 3.
-     */
-
-    if (!(range = ap_table_get(r->headers_in, "Range")))
-        range = ap_table_get(r->headers_in, "Request-Range");
-
-    if (!range || strncasecmp(range, "bytes=", 6)) {
-        return 0;
-    }
-    range += 6;
-
-    /* Check the If-Range header for Etag or Date.
-     * Note that this check will return false (as required) if either
-     * of the two etags are weak.
-     */
-    if ((if_range = ap_table_get(r->headers_in, "If-Range"))) {
-        if (if_range[0] == '"') {
-            if (!(match = ap_table_get(r->headers_out, "Etag")) ||
-                (strcmp(if_range, match) != 0))
-                return 0;
-        }
-        else if (!(match = ap_table_get(r->headers_out, "Last-Modified")) ||
-                 (strcmp(if_range, match) != 0))
-            return 0;
-    }
-
-    /*
-     * Parse the byteranges, counting how many of them there are and
-     * the total number of bytes we will send to the client. This is a
-     * dummy run for the while(ap_each_byterange()) loop that the
-     * caller will perform if we return 1.
-     */
-    r->range = range;
-    for (u = 0; u < sizeof(rbuf)/sizeof(rbuf[0]); u++)
-        rbuf[u] = htonl(arc4random());
-
-    bbuf = ap_palloc(r->pool, ap_base64encode_len(sizeof(rbuf)));
-    ap_base64encode(bbuf, (const unsigned char *)rbuf, sizeof(rbuf));
-    for (b = bbuf; *b != '\0'; b++) {
-        if (((b - bbuf) + 1) % 7 == 0)
-            *b = '-';
-        else if (!isalnum(*b))
-            *b = 'a';
-    }
-
-    r->boundary = bbuf;
-
-    length = 0;
-    ranges = 0;
-    empty = 1;
-    do {
-	switch (parse_byterange(r, &start, &end)) {
-	case BYTERANGE_UNSATISFIABLE:
-	    empty = 0;
-	    break;
-	default:
-	    /* be more defensive here? */
-	case BYTERANGE_BADSYNTAX:
-	    r->boundary = NULL;
-	    r->range = NULL;
-	    return 0;
-	case BYTERANGE_EMPTY:
-	    break;
-	case BYTERANGE_OK:
-	    ++ranges;
-	    length += byterange_boundary(r, start, end, 0)
-		+ end - start + 1;
-	    /* save in case of unsatisfiable ranges */
-	    one_start = start;
-	    one_end = end;
-	    break;
-	}
-    } while (*r->range != '\0');
-
-    if (ranges == 0) {
-	/* no ranges or only unsatisfiable ranges */
-	if (empty || if_range) {
-	    r->boundary = NULL;
-	    r->range = NULL;
-	    return 0;
-	}
-	else {
-	    ap_table_setn(r->headers_out, "Content-Range",
-		ap_psprintf(r->pool, "bytes */%qd", r->clength));
-	    ap_set_content_length(r, 0);			  
-	    r->boundary = NULL;
-	    r->range = range;
-	    r->header_only = 1;
-	    r->status = HTTP_RANGE_NOT_SATISFIABLE;
-	    return 1;
-	}
-    }
-    else if (ranges == 1) {
-	/* simple handling of a single range -- no boundaries */
-        ap_table_setn(r->headers_out, "Content-Range",
-	    ap_psprintf(r->pool, "bytes %qd-%qd/%qd",
-		one_start, one_end, r->clength));
-	ap_table_setn(r->headers_out, "Content-Length",
-	    ap_psprintf(r->pool, "%qd", one_end - one_start + 1LL));
-	r->boundary = NULL;
-	r->byterange = 1;
-	r->range = range;
-	r->status = PARTIAL_CONTENT;
-	return 1;
-    }
-    else {
-	/* multiple ranges */
-	length += byterange_boundary(r, -1, -1, 0);
-	ap_table_setn(r->headers_out, "Content-Length",
-	    ap_psprintf(r->pool, "%qd", length));
-	r->byterange = 2;
-	r->range = range;
-	r->status = PARTIAL_CONTENT;
-	return 1;
-    }
-}
-
-API_EXPORT(int) ap_each_byterange(request_rec *r, off_t *offset, off_t *length)
-{
-    off_t start, end;
-
-    do {
-	if (parse_byterange(r, &start, &end) == BYTERANGE_OK) {
-	    if (r->byterange > 1)
-		byterange_boundary(r, start, end, 1);
-	    *offset = start;
-	    *length = end - start + 1;
-	    return 1;
-	}
-    } while (*r->range != '\0');
-    if (r->byterange > 1)
-	byterange_boundary(r, -1, -1, 1);
-    return 0;
-}
-
-API_EXPORT(int) ap_set_content_length(request_rec *r, off_t clength)
-{
-    r->clength = clength;
-    ap_table_setn(r->headers_out, "Content-Length", ap_psprintf(r->pool, "%qd", clength));
-    return 0;
-}
-
-API_EXPORT(int) ap_set_keepalive(request_rec *r)
-{
-    int ka_sent = 0;
-    int wimpy = ap_find_token(r->pool,
-                           ap_table_get(r->headers_out, "Connection"), "close");
-    const char *conn = ap_table_get(r->headers_in, "Connection");
-
-    /* The following convoluted conditional determines whether or not
-     * the current connection should remain persistent after this response
-     * (a.k.a. HTTP Keep-Alive) and whether or not the output message
-     * body should use the HTTP/1.1 chunked transfer-coding.  In English,
-     *
-     *   IF  we have not marked this connection as errored;
-     *   and the response body has a defined length due to the status code
-     *       being 304 or 204, the request method being HEAD, already
-     *       having defined Content-Length or Transfer-Encoding: chunked, or
-     *       the request version being HTTP/1.1 and thus capable of being set
-     *       as chunked [we know the (r->chunked = 1) side-effect is ugly];
-     *   and the server configuration enables keep-alive;
-     *   and the server configuration has a reasonable inter-request timeout;
-     *   and there is no maximum # requests or the max hasn't been reached;
-     *   and the response status does not require a close;
-     *   and the response generator has not already indicated close;
-     *   and the client did not request non-persistence (Connection: close);
-     *   and    we haven't been configured to ignore the buggy twit
-     *       or they're a buggy twit coming through a HTTP/1.1 proxy
-     *   and    the client is requesting an HTTP/1.0-style keep-alive
-     *       or the client claims to be HTTP/1.1 compliant (perhaps a proxy);
-     *   THEN we can be persistent, which requires more headers be output.
-     *
-     * Note that the condition evaluation order is extremely important.
-     */
-    if ((r->connection->keepalive != -1) &&
-        ((r->status == HTTP_NOT_MODIFIED) ||
-         (r->status == HTTP_NO_CONTENT) ||
-         r->header_only ||
-         ap_table_get(r->headers_out, "Content-Length") ||
-         ap_find_last_token(r->pool,
-                         ap_table_get(r->headers_out, "Transfer-Encoding"),
-                         "chunked") ||
-         ((r->proto_num >= HTTP_VERSION(1,1)) &&
-	  (r->chunked = 1))) && /* THIS CODE IS CORRECT, see comment above. */
-        r->server->keep_alive &&
-        (r->server->keep_alive_timeout > 0) &&
-        ((r->server->keep_alive_max == 0) ||
-         (r->server->keep_alive_max > r->connection->keepalives)) &&
-        !ap_status_drops_connection(r->status) &&
-        !wimpy &&
-        !ap_find_token(r->pool, conn, "close") &&
-        (!ap_table_get(r->subprocess_env, "nokeepalive") ||
-         ap_table_get(r->headers_in, "Via")) &&
-        ((ka_sent = ap_find_token(r->pool, conn, "keep-alive")) ||
-         (r->proto_num >= HTTP_VERSION(1,1)))
-       ) {
-        int left = r->server->keep_alive_max - r->connection->keepalives;
-
-        r->connection->keepalive = 1;
-        r->connection->keepalives++;
-
-        /* If they sent a Keep-Alive token, send one back */
-        if (ka_sent) {
-            if (r->server->keep_alive_max)
-		ap_table_setn(r->headers_out, "Keep-Alive",
-		    ap_psprintf(r->pool, "timeout=%d, max=%d",
-                            r->server->keep_alive_timeout, left));
-            else
-		ap_table_setn(r->headers_out, "Keep-Alive",
-		    ap_psprintf(r->pool, "timeout=%d",
-                            r->server->keep_alive_timeout));
-            ap_table_mergen(r->headers_out, "Connection", "Keep-Alive");
-        }
-
-        return 1;
-    }
-
-    /* Otherwise, we need to indicate that we will be closing this
-     * connection immediately after the current response.
-     *
-     * We only really need to send "close" to HTTP/1.1 clients, but we
-     * always send it anyway, because a broken proxy may identify itself
-     * as HTTP/1.0, but pass our request along with our HTTP/1.1 tag
-     * to a HTTP/1.1 client. Better safe than sorry.
-     */
-    if (!wimpy)
-	ap_table_mergen(r->headers_out, "Connection", "close");
-
-    r->connection->keepalive = 0;
-
-    return 0;
-}
-
-/*
- * Return the latest rational time from a request/mtime (modification time)
- * pair.  We return the mtime unless it's in the future, in which case we
- * return the current time.  We use the request time as a reference in order
- * to limit the number of calls to time().  We don't check for futurosity
- * unless the mtime is at least as new as the reference.
- */
-API_EXPORT(time_t) ap_rationalize_mtime(request_rec *r, time_t mtime)
-{
-    time_t now;
-
-    /* For all static responses, it's almost certain that the file was
-     * last modified before the beginning of the request.  So there's
-     * no reason to call time(NULL) again.  But if the response has been
-     * created on demand, then it might be newer than the time the request
-     * started.  In this event we really have to call time(NULL) again
-     * so that we can give the clients the most accurate Last-Modified.  If we
-     * were given a time in the future, we return the current time - the
-     * Last-Modified can't be in the future.
-     */
-    now = (mtime < r->request_time) ? r->request_time : time(NULL);
-    return (mtime > now) ? now : mtime;
-}
-
-API_EXPORT(int) ap_meets_conditions(request_rec *r)
-{
-    const char *etag = ap_table_get(r->headers_out, "ETag");
-    const char *if_match, *if_modified_since, *if_unmodified, *if_nonematch;
-    time_t mtime;
-
-    /* Check for conditional requests --- note that we only want to do
-     * this if we are successful so far and we are not processing a
-     * subrequest or an ErrorDocument.
-     *
-     * The order of the checks is important, since ETag checks are supposed
-     * to be more accurate than checks relative to the modification time.
-     * However, not all documents are guaranteed to *have* ETags, and some
-     * might have Last-Modified values w/o ETags, so this gets a little
-     * complicated.
-     */
-
-    if (!ap_is_HTTP_SUCCESS(r->status) || r->no_local_copy) {
-        return OK;
-    }
-
-    mtime = (r->mtime != 0) ? r->mtime : time(NULL);
-
-    /* If an If-Match request-header field was given
-     * AND the field value is not "*" (meaning match anything)
-     * AND if our strong ETag does not match any entity tag in that field,
-     *     respond with a status of 412 (Precondition Failed).
-     */
-    if ((if_match = ap_table_get(r->headers_in, "If-Match")) != NULL) {
-        if (if_match[0] != '*' &&
-            (etag == NULL || etag[0] == 'W' ||
-             !ap_find_list_item(r->pool, if_match, etag))) {
-            return HTTP_PRECONDITION_FAILED;
-        }
-    }
-    else {
-        /* Else if a valid If-Unmodified-Since request-header field was given
-         * AND the requested resource has been modified since the time
-         * specified in this field, then the server MUST
-         *     respond with a status of 412 (Precondition Failed).
-         */
-        if_unmodified = ap_table_get(r->headers_in, "If-Unmodified-Since");
-        if (if_unmodified != NULL) {
-            time_t ius = ap_parseHTTPdate(if_unmodified);
-
-            if ((ius != BAD_DATE) && (mtime > ius)) {
-                return HTTP_PRECONDITION_FAILED;
-            }
-        }
-    }
-
-    /* If an If-None-Match request-header field was given
-     * AND the field value is "*" (meaning match anything)
-     *     OR our ETag matches any of the entity tags in that field, fail.
-     *
-     * If the request method was GET or HEAD, failure means the server
-     *    SHOULD respond with a 304 (Not Modified) response.
-     * For all other request methods, failure means the server MUST
-     *    respond with a status of 412 (Precondition Failed).
-     *
-     * GET or HEAD allow weak etag comparison, all other methods require
-     * strong comparison.  We can only use weak if it's not a range request.
-     */
-    if_nonematch = ap_table_get(r->headers_in, "If-None-Match");
-    if (if_nonematch != NULL) {
-        if (r->method_number == M_GET) {
-            if (if_nonematch[0] == '*')
-                return HTTP_NOT_MODIFIED;
-            if (etag != NULL) {
-                if (ap_table_get(r->headers_in, "Range")) {
-                    if (etag[0] != 'W' &&
-                        ap_find_list_item(r->pool, if_nonematch, etag)) {
-                        return HTTP_NOT_MODIFIED;
-                    }
-                }
-                else if (strstr(if_nonematch, etag)) {
-                    return HTTP_NOT_MODIFIED;
-                }
-            }
-        }
-        else if (if_nonematch[0] == '*' ||
-                 (etag != NULL &&
-                  ap_find_list_item(r->pool, if_nonematch, etag))) {
-            return HTTP_PRECONDITION_FAILED;
-        }
-    }
-    /* Else if a valid If-Modified-Since request-header field was given
-     * AND it is a GET or HEAD request
-     * AND the requested resource has not been modified since the time
-     * specified in this field, then the server MUST
-     *    respond with a status of 304 (Not Modified).
-     * A date later than the server's current request time is invalid.
-     */
-    else if ((r->method_number == M_GET)
-             && ((if_modified_since =
-                  ap_table_get(r->headers_in, "If-Modified-Since")) != NULL)) {
-        time_t ims = ap_parseHTTPdate(if_modified_since);
-
-        if ((ims >= mtime) && (ims <= r->request_time)) {
-            return HTTP_NOT_MODIFIED;
-        }
-    }
-    return OK;
-}
-
-/*
- * Construct an entity tag (ETag) from resource information.  If it's a real
- * file, build in some of the file characteristics.  If the modification time
- * is newer than (request-time minus 1 second), mark the ETag as weak - it
- * could be modified again in as short an interval.  We rationalize the
- * modification time we're given to keep it from being in the future.
- */
-API_EXPORT(char *) ap_make_etag_orig(request_rec *r, int force_weak)
-{
-    char *etag;
-    char *weak;
-    core_dir_config *cfg;
-    etag_components_t etag_bits;
-
-    cfg = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                  &core_module);
-    etag_bits = (cfg->etag_bits & (~ cfg->etag_remove)) | cfg->etag_add;
-    if (etag_bits == ETAG_UNSET) {
-        etag_bits = ETAG_BACKWARD;
-    }
-    /*
-     * Make an ETag header out of various pieces of information. We use
-     * the last-modified date and, if we have a real file, the
-     * length and inode number - note that this doesn't have to match
-     * the content-length (i.e. includes), it just has to be unique
-     * for the file.
-     *
-     * If the request was made within a second of the last-modified date,
-     * we send a weak tag instead of a strong one, since it could
-     * be modified again later in the second, and the validation
-     * would be incorrect.
-     */
-    
-    weak = ((r->request_time - r->mtime > 1) && !force_weak) ? "" : "W/";
-
-    if (r->finfo.st_mode != 0) {
-        char **ent;
-        array_header *components;
-        int i;
-
-        /*
-         * If it's a file (or we wouldn't be here) and no ETags
-         * should be set for files, return an empty string and
-         * note it for ap_send_header_field() to ignore.
-         */
-        if (etag_bits & ETAG_NONE) {
-            ap_table_setn(r->notes, "no-etag", "omit");
-            return "";
-        }
-
-        components = ap_make_array(r->pool, 4, sizeof(char *));
-        if (etag_bits & ETAG_INODE) {
-            ent = (char **) ap_push_array(components);
-            *ent = ap_psprintf(r->pool, "%qx",
-                               (unsigned long long) r->finfo.st_ino);
-        }
-        if (etag_bits & ETAG_SIZE) {
-            ent = (char **) ap_push_array(components);
-            *ent = ap_psprintf(r->pool, "%lx",
-                               (unsigned long) r->finfo.st_size);
-        }
-        if (etag_bits & ETAG_MTIME) {
-            ent = (char **) ap_push_array(components);
-            *ent = ap_psprintf(r->pool, "%lx", (unsigned long) r->mtime);
-        }
-        ent = (char **) components->elts;
-        etag = ap_pstrcat(r->pool, weak, "\"", NULL);
-        for (i = 0; i < components->nelts; ++i) {
-            etag = ap_psprintf(r->pool, "%s%s%s", etag,
-                               (i == 0 ? "" : "-"),
-                               ent[i]);
-        }
-        etag = ap_pstrcat(r->pool, etag, "\"", NULL);
-    }
-    else {
-        etag = ap_psprintf(r->pool, "%s\"%lx\"", weak,
-                    (unsigned long) r->mtime);
-    }
-
-    return etag;
-}
-
-API_EXPORT(void) ap_set_etag(request_rec *r)
-{
-    char *etag;
-    char *variant_etag, *vlv;
-    int vlv_weak;
-
-    if (!r->vlist_validator) {
-        etag = ap_make_etag(r, 0);
-
-        /* If we get a blank etag back, don't set the header. */
-        if (!etag[0]) {
-            return;
-        }
-    }
-    else {
-        /* If we have a variant list validator (vlv) due to the
-         * response being negotiated, then we create a structured
-         * entity tag which merges the variant etag with the variant
-         * list validator (vlv).  This merging makes revalidation
-         * somewhat safer, ensures that caches which can deal with
-         * Vary will (eventually) be updated if the set of variants is
-         * changed, and is also a protocol requirement for transparent
-         * content negotiation.
-         */
-
-        /* if the variant list validator is weak, we make the whole
-         * structured etag weak.  If we would not, then clients could
-         * have problems merging range responses if we have different
-         * variants with the same non-globally-unique strong etag.
-         */
-
-        vlv = r->vlist_validator;
-        vlv_weak = (vlv[0] == 'W');
-               
-        variant_etag = ap_make_etag(r, vlv_weak);
-
-        /* If we get a blank etag back, don't append vlv and stop now. */
-        if (!variant_etag[0]) {
-            return;
-        }
-
-        /* merge variant_etag and vlv into a structured etag */
-        variant_etag[strlen(variant_etag) - 1] = '\0';
-        if (vlv_weak)
-            vlv += 3;
-        else
-            vlv++;
-        etag = ap_pstrcat(r->pool, variant_etag, ";", vlv, NULL);
-    }
-
-    ap_table_setn(r->headers_out, "ETag", etag);
-}
-
-/*
- * This function sets the Last-Modified output header field to the value
- * of the mtime field in the request structure - rationalized to keep it from
- * being in the future.
- */
-API_EXPORT(void) ap_set_last_modified(request_rec *r)
-{
-    time_t mod_time = ap_rationalize_mtime(r, r->mtime);
-
-    ap_table_setn(r->headers_out, "Last-Modified",
-              ap_gm_timestr_822(r->pool, mod_time));
-}
-
-/* Get the method number associated with the given string, assumed to
- * contain an HTTP method.  Returns M_INVALID if not recognized.
- *
- * This is the first step toward placing method names in a configurable
- * list.  Hopefully it (and other routines) can eventually be moved to
- * something like a mod_http_methods.c, complete with config stuff.
- */
-API_EXPORT(int) ap_method_number_of(const char *method)
-{
-    switch (*method) {
-        case 'H':
-           if (strcmp(method, "HEAD") == 0)
-               return M_GET;   /* see header_only in request_rec */
-           break;
-        case 'G':
-           if (strcmp(method, "GET") == 0)
-               return M_GET;
-           break;
-        case 'P':
-           if (strcmp(method, "POST") == 0)
-               return M_POST;
-           if (strcmp(method, "PUT") == 0)
-               return M_PUT;
-           if (strcmp(method, "PATCH") == 0)
-               return M_PATCH;
-           if (strcmp(method, "PROPFIND") == 0)
-               return M_PROPFIND;
-           if (strcmp(method, "PROPPATCH") == 0)
-               return M_PROPPATCH;
-           break;
-        case 'D':
-           if (strcmp(method, "DELETE") == 0)
-               return M_DELETE;
-           break;
-        case 'C':
-           if (strcmp(method, "CONNECT") == 0)
-               return M_CONNECT;
-           if (strcmp(method, "COPY") == 0)
-               return M_COPY;
-           break;
-        case 'M':
-           if (strcmp(method, "MKCOL") == 0)
-               return M_MKCOL;
-           if (strcmp(method, "MOVE") == 0)
-               return M_MOVE;
-           break;
-        case 'O':
-           if (strcmp(method, "OPTIONS") == 0)
-               return M_OPTIONS;
-           break;
-        case 'L':
-           if (strcmp(method, "LOCK") == 0)
-               return M_LOCK;
-           break;
-        case 'U':
-           if (strcmp(method, "UNLOCK") == 0)
-               return M_UNLOCK;
-           break;
-    }
-    return M_INVALID;
-}
-
-/* Get a line of protocol input, including any continuation lines
- * caused by MIME folding (or broken clients) if fold != 0, and place it
- * in the buffer s, of size n bytes, without the ending newline.
- *
- * Returns -1 on error, or the length of s.
- *
- * Note: Because bgets uses 1 char for newline and 1 char for NUL,
- *       the most we can get is (n - 2) actual characters if it
- *       was ended by a newline, or (n - 1) characters if the line
- *       length exceeded (n - 1).  So, if the result == (n - 1),
- *       then the actual input line exceeded the buffer length,
- *       and it would be a good idea for the caller to puke 400 or 414.
- */
-API_EXPORT(int) ap_getline(char *s, int n, BUFF *in, int fold)
-{
-    char *pos, next;
-    int retval;
-    int total = 0;
-
-    pos = s;
-
-    do {
-        retval = ap_bgets(pos, n, in);     /* retval == -1 if error, 0 if EOF */
-
-        if (retval <= 0) {
-            total = ((retval < 0) && (total == 0)) ? -1 : total;
-            break;
-        }
-
-        /* retval is the number of characters read, not including NUL      */
-
-        n -= retval;            /* Keep track of how much of s is full     */
-        pos += (retval - 1);    /* and where s ends                        */
-        total += retval;        /* and how long s has become               */
-
-        if (*pos == '\n') {     /* Did we get a full line of input?        */
-            /*
-             * Trim any extra trailing spaces or tabs except for the first
-             * space or tab at the beginning of a blank string.  This makes
-             * it much easier to check field values for exact matches, and
-             * saves memory as well.  Terminate string at end of line.
-             */
-            while (pos > (s + 1) && (*(pos - 1) == ' ' || *(pos - 1) == '\t')) {
-                --pos;          /* trim extra trailing spaces or tabs      */
-                --total;        /* but not one at the beginning of line    */
-                ++n;
-            }
-            *pos = '\0';
-            --total;
-            ++n;
-        }
-        else
-            break;       /* if not, input line exceeded buffer size */
-
-        /* Continue appending if line folding is desired and
-         * the last line was not empty and we have room in the buffer and
-         * the next line begins with a continuation character.
-         */
-    } while (fold && (retval != 1) && (n > 1)
-                  && (ap_blookc(&next, in) == 1)
-                  && ((next == ' ') || (next == '\t')));
-
-    return total;
-}
-
-/* parse_uri: break apart the uri
- * Side Effects:
- * - sets r->args to rest after '?' (or NULL if no '?')
- * - sets r->uri to request uri (without r->args part)
- * - sets r->hostname (if not set already) from request (scheme://host:port)
- */
-CORE_EXPORT(void) ap_parse_uri(request_rec *r, const char *uri)
-{
-    int status = HTTP_OK;
-
-    r->unparsed_uri = ap_pstrdup(r->pool, uri);
-
-    if (r->method_number == M_CONNECT) {
-	status = ap_parse_hostinfo_components(r->pool, uri, &r->parsed_uri);
-    } else {
-	/* Simple syntax Errors in URLs are trapped by parse_uri_components(). */
-	status = ap_parse_uri_components(r->pool, uri, &r->parsed_uri);
-    }
-
-    if (ap_is_HTTP_SUCCESS(status)) {
-	/* if it has a scheme we may need to do absoluteURI vhost stuff */
-	if (r->parsed_uri.scheme
-	    && !strcasecmp(r->parsed_uri.scheme, ap_http_method(r))) {
-	    r->hostname = r->parsed_uri.hostname;
-	} else if (r->method_number == M_CONNECT) {
-	    r->hostname = r->parsed_uri.hostname;
-	}
-	r->args = r->parsed_uri.query;
-	r->uri = r->parsed_uri.path ? r->parsed_uri.path
-				    : ap_pstrdup(r->pool, "/");
-    }
-    else {
-	r->args = NULL;
-	r->hostname = NULL;
-	r->status = status;             /* set error status */
-	r->uri = ap_pstrdup(r->pool, uri);
-    }
-}
-
-static int read_request_line(request_rec *r)
-{
-    char l[DEFAULT_LIMIT_REQUEST_LINE + 2]; /* ap_getline's two extra for \n\0 */
-    const char *ll = l;
-    const char *uri;
-    conn_rec *conn = r->connection;
-    unsigned int major = 1, minor = 0;   /* Assume HTTP/1.0 if non-"HTTP" protocol */
-    int len = 0;
-    int valid_protocol = 1;
-
-    /* Read past empty lines until we get a real request line,
-     * a read error, the connection closes (EOF), or we timeout.
-     *
-     * We skip empty lines because browsers have to tack a CRLF on to the end
-     * of POSTs to support old CERN webservers.  But note that we may not
-     * have flushed any previous response completely to the client yet.
-     * We delay the flush as long as possible so that we can improve
-     * performance for clients that are pipelining requests.  If a request
-     * is pipelined then we won't block during the (implicit) read() below.
-     * If the requests aren't pipelined, then the client is still waiting
-     * for the final buffer flush from us, and we will block in the implicit
-     * read().  B_SAFEREAD ensures that the BUFF layer flushes if it will
-     * have to block during a read.
-     */
-    ap_bsetflag(conn->client, B_SAFEREAD, 1);
-    while ((len = ap_getline(l, sizeof(l), conn->client, 0)) <= 0) {
-        if ((len < 0) || ap_bgetflag(conn->client, B_EOF)) {
-            ap_bsetflag(conn->client, B_SAFEREAD, 0);
-	    /* this is a hack to make sure that request time is set,
-	     * it's not perfect, but it's better than nothing 
-	     */
-	    r->request_time = time(0);
-            return 0;
-        }
-    }
-    /* we've probably got something to do, ignore graceful restart requests */
-    signal(SIGUSR1, SIG_IGN);
-
-    ap_bsetflag(conn->client, B_SAFEREAD, 0);
-
-    r->request_time = time(NULL);
-    r->the_request = ap_pstrdup(r->pool, l);
-    r->method = ap_getword_white(r->pool, &ll);
-    uri = ap_getword_white(r->pool, &ll);
-
-    /* Provide quick information about the request method as soon as known */
-
-    r->method_number = ap_method_number_of(r->method);
-    if (r->method_number == M_GET && r->method[0] == 'H') {
-        r->header_only = 1;
-    }
-
-    ap_parse_uri(r, uri);
-
-    /* ap_getline returns (size of max buffer - 1) if it fills up the
-     * buffer before finding the end-of-line.  This is only going to
-     * happen if it exceeds the configured limit for a request-line.
-     */
-    if (len > r->server->limit_req_line) {
-        r->status    = HTTP_REQUEST_URI_TOO_LARGE;
-        r->proto_num = HTTP_VERSION(1,0);
-        r->protocol  = ap_pstrdup(r->pool, "HTTP/1.0");
-        return 0;
-    }
-
-    r->assbackwards = (ll[0] == '\0');
-    r->protocol = ap_pstrdup(r->pool, ll[0] ? ll : "HTTP/0.9");
-
-    /* Avoid sscanf in the common case */
-    if (strlen(r->protocol) == 8
-        && r->protocol[0] == 'H' && r->protocol[1] == 'T'
-	&& r->protocol[2] == 'T' && r->protocol[3] == 'P'
-        && r->protocol[4] == '/' && ap_isdigit(r->protocol[5])
-	&& r->protocol[6] == '.' && ap_isdigit(r->protocol[7])) {
-        r->proto_num = HTTP_VERSION(r->protocol[5] - '0', r->protocol[7] - '0');
-    }
-    else {
-        char lint[2];
-        char http[5];
-	if (3 == sscanf(r->protocol, "%4s/%u.%u%1s", http, &major, &minor, lint)
-            && (strcasecmp("http", http) == 0)
-	    && (minor < HTTP_VERSION(1,0)) ) /* don't allow HTTP/0.1000 */
-	    r->proto_num = HTTP_VERSION(major, minor);
-	else {
-	    r->proto_num = HTTP_VERSION(1,0);
-	    valid_protocol = 0;
-	}
-    }
-
-    /* Check for a valid protocol, and disallow everything but whitespace
-     * after the protocol string. A protocol string of nothing but
-     * whitespace is considered valid */
-    if (ap_protocol_req_check && !valid_protocol) {
-        int n = 0;
-	while (ap_isspace(r->protocol[n]))
-	    ++n;
-	if (r->protocol[n] != '\0') {
-	    r->status    = HTTP_BAD_REQUEST;
-	    r->proto_num = HTTP_VERSION(1,0);
-	    r->protocol  = ap_pstrdup(r->pool, "HTTP/1.0");
-	    ap_table_setn(r->notes, "error-notes",
-                     "The request line contained invalid characters "
-                     "following the protocol string.<P>\n");
-	    return 0;
-	}
-    }
-
-    return 1;
-}
-
-static void get_mime_headers(request_rec *r)
-{
-    char field[DEFAULT_LIMIT_REQUEST_FIELDSIZE + 2]; /* ap_getline's two extra */
-    conn_rec *c = r->connection;
-    char *value;
-    char *copy;
-    int len;
-    int fields_read = 0;
-    table *tmp_headers;
-
-    /* We'll use ap_overlap_tables later to merge these into r->headers_in. */
-    tmp_headers = ap_make_table(r->pool, 50);
-
-    /*
-     * Read header lines until we get the empty separator line, a read error,
-     * the connection closes (EOF), reach the server limit, or we timeout.
-     */
-    while ((len = ap_getline(field, sizeof(field), c->client, 1)) > 0) {
-
-        if (r->server->limit_req_fields &&
-            (++fields_read > r->server->limit_req_fields)) {
-            r->status = HTTP_BAD_REQUEST;
-            ap_table_setn(r->notes, "error-notes",
-                          "The number of request header fields exceeds "
-                          "this server's limit.<P>\n");
-            return;
-        }
-        /* ap_getline returns (size of max buffer - 1) if it fills up the
-         * buffer before finding the end-of-line.  This is only going to
-         * happen if it exceeds the configured limit for a field size.
-         */
-        if (len > r->server->limit_req_fieldsize) {
-            r->status = HTTP_BAD_REQUEST;
-            ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
-                "Size of a request header field exceeds server limit.<P>\n"
-                "<PRE>\n", ap_escape_html(r->pool, field), "</PRE>\n", NULL));
-            return;
-        }
-        copy = ap_palloc(r->pool, len + 1);
-        memcpy(copy, field, len + 1);
-
-        if (!(value = strchr(copy, ':'))) {     /* Find the colon separator */
-            r->status = HTTP_BAD_REQUEST;       /* or abort the bad request */
-            ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
-                "Request header field is missing colon separator.<P>\n"
-                "<PRE>\n", ap_escape_html(r->pool, copy), "</PRE>\n", NULL));
-            return;
-        }
-
-        *value = '\0';
-        ++value;
-        while (*value == ' ' || *value == '\t')
-            ++value;            /* Skip to start of value   */
-
-	ap_table_addn(tmp_headers, copy, value);
-    }
-
-    ap_overlap_tables(r->headers_in, tmp_headers, AP_OVERLAP_TABLES_MERGE);
-}
-
-API_EXPORT(request_rec *) ap_read_request(conn_rec *conn)
-{
-    request_rec *r;
-    pool *p;
-    const char *expect;
-    int access_status;
-
-    p = ap_make_sub_pool(conn->pool);
-    r = ap_pcalloc(p, sizeof(request_rec));
-    r->pool            = p;
-    r->connection      = conn;
-    conn->server       = conn->base_server;
-    r->server          = conn->server;
-
-    conn->keptalive    = conn->keepalive == 1;
-    conn->keepalive    = 0;
-
-    conn->user         = NULL;
-    conn->ap_auth_type    = NULL;
-
-    r->headers_in      = ap_make_table(r->pool, 50);
-    r->subprocess_env  = ap_make_table(r->pool, 50);
-    r->headers_out     = ap_make_table(r->pool, 12);
-    r->err_headers_out = ap_make_table(r->pool, 5);
-    r->notes           = ap_make_table(r->pool, 5);
-
-    r->request_config  = ap_create_request_config(r->pool);
-    r->per_dir_config  = r->server->lookup_defaults;
-
-    r->sent_bodyct     = 0;                      /* bytect isn't for body */
-
-    r->read_length     = 0;
-    r->read_body       = REQUEST_NO_BODY;
-
-    r->status          = HTTP_REQUEST_TIME_OUT;  /* Until we get a request */
-    r->the_request     = NULL;
-
-    r->ctx = ap_ctx_new(r->pool);
-
-    /* Get the request... */
-
-    ap_keepalive_timeout("read request line", r);
-    if (!read_request_line(r)) {
-        ap_kill_timeout(r);
-        if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
-
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                         "request failed: URI too long");
-            ap_send_error_response(r, 0);
-            ap_log_transaction(r);
-            return r;
-        }
-        else if (r->status == HTTP_BAD_REQUEST) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                         "request failed: erroneous characters after protocol string: %s",
-			 ap_escape_logitem(r->pool, r->the_request));
-            ap_send_error_response(r, 0);
-            ap_log_transaction(r);
-            return r;
-        }
-        return NULL;
-    }
-    if (!r->assbackwards) {
-        ap_hard_timeout("read request headers", r);
-        get_mime_headers(r);
-        ap_kill_timeout(r);
-        if (r->status != HTTP_REQUEST_TIME_OUT) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                         "request failed: error reading the headers");
-            ap_send_error_response(r, 0);
-            ap_log_transaction(r);
-            return r;
-        }
-    }
-    else {
-        ap_kill_timeout(r);
-
-        if (r->header_only) {
-            /*
-             * Client asked for headers only with HTTP/0.9, which doesn't send
-             * headers! Have to dink things just to make sure the error message
-             * comes through...
-             */
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                          "client sent invalid HTTP/0.9 request: HEAD %s",
-                          r->uri);
-            r->header_only = 0;
-            r->status = HTTP_BAD_REQUEST;
-            ap_send_error_response(r, 0);
-            ap_log_transaction(r);
-            return r;
-        }
-    }
-
-    r->status = HTTP_OK;                         /* Until further notice. */
-
-    /* update what we think the virtual host is based on the headers we've
-     * now read. may update status.
-     */
-    ap_update_vhost_from_headers(r);
-
-    /* we may have switched to another server */
-    r->per_dir_config = r->server->lookup_defaults;
-
-    conn->keptalive = 0;        /* We now have a request to play with */
-
-    if ((!r->hostname && (r->proto_num >= HTTP_VERSION(1,1))) ||
-        ((r->proto_num == HTTP_VERSION(1,1)) &&
-         !ap_table_get(r->headers_in, "Host"))) {
-        /*
-         * Client sent us an HTTP/1.1 or later request without telling us the
-         * hostname, either with a full URL or a Host: header. We therefore
-         * need to (as per the 1.1 spec) send an error.  As a special case,
-         * HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain
-         * a Host: header, and the server MUST respond with 400 if it doesn't.
-         */
-        r->status = HTTP_BAD_REQUEST;
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                      "client sent HTTP/1.1 request without hostname "
-                      "(see RFC2616 section 14.23): %s", r->uri);
-    }
-    if (r->status != HTTP_OK) {
-        ap_send_error_response(r, 0);
-        ap_log_transaction(r);
-        return r;
-    }
-
-    if ((access_status = ap_run_post_read_request(r))) {
-        ap_die(access_status, r);
-        ap_log_transaction(r);
-        return NULL;
-    }
-
-    if (((expect = ap_table_get(r->headers_in, "Expect")) != NULL) &&
-        (expect[0] != '\0')) {
-        /*
-         * The Expect header field was added to HTTP/1.1 after RFC 2068
-         * as a means to signal when a 100 response is desired and,
-         * unfortunately, to signal a poor man's mandatory extension that
-         * the server must understand or return 417 Expectation Failed.
-         */
-        if (strcasecmp(expect, "100-continue") == 0) {
-            r->expecting_100 = 1;
-        }
-        else {
-            r->status = HTTP_EXPECTATION_FAILED;
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-                          "client sent an unrecognized expectation value of "
-                          "Expect: %s", expect);
-            ap_send_error_response(r, 0);
-            (void) ap_discard_request_body(r);
-            ap_log_transaction(r);
-            return r;
-        }
-    }
-
-    return r;
-}
-
-/*
- * A couple of other functions which initialize some of the fields of
- * a request structure, as appropriate for adjuncts of one kind or another
- * to a request in progress.  Best here, rather than elsewhere, since
- * *someone* has to set the protocol-specific fields...
- */
-
-API_EXPORT(void) ap_set_sub_req_protocol(request_rec *rnew, const request_rec *r)
-{
-    rnew->the_request     = r->the_request;  /* Keep original request-line */
-
-    rnew->assbackwards    = 1;   /* Don't send headers from this. */
-    rnew->no_local_copy   = 1;   /* Don't try to send USE_LOCAL_COPY for a
-                                  * fragment. */
-    rnew->method          = "GET";
-    rnew->method_number   = M_GET;
-    rnew->protocol        = "INCLUDED";
-
-    rnew->status          = HTTP_OK;
-
-    rnew->headers_in      = r->headers_in;
-    rnew->subprocess_env  = ap_copy_table(rnew->pool, r->subprocess_env);
-    rnew->headers_out     = ap_make_table(rnew->pool, 5);
-    rnew->err_headers_out = ap_make_table(rnew->pool, 5);
-    rnew->notes           = ap_make_table(rnew->pool, 5);
-
-    rnew->expecting_100   = r->expecting_100;
-    rnew->read_length     = r->read_length;
-    rnew->read_body       = REQUEST_NO_BODY;
-
-    rnew->main = (request_rec *) r;
-
-    rnew->ctx = r->ctx;
-
-}
-
-API_EXPORT(void) ap_finalize_sub_req_protocol(request_rec *sub)
-{
-    SET_BYTES_SENT(sub->main);
-}
-
-/*
- * Support for the Basic authentication protocol, and a bit for Digest.
- */
-
-API_EXPORT(void) ap_note_auth_failure(request_rec *r)
-{
-    if (!strcasecmp(ap_auth_type(r), "Basic"))
-        ap_note_basic_auth_failure(r);
-    else if (!strcasecmp(ap_auth_type(r), "Digest"))
-        ap_note_digest_auth_failure(r);
-}
-
-API_EXPORT(void) ap_note_basic_auth_failure(request_rec *r)
-{
-    if (strcasecmp(ap_auth_type(r), "Basic"))
-        ap_note_auth_failure(r);
-    else
-        ap_table_setn(r->err_headers_out,
-                  r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
-		      : "WWW-Authenticate",
-                  ap_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), "\"",
-                          NULL));
-}
-
-API_EXPORT(void) ap_note_digest_auth_failure(request_rec *r)
-{
-    /* We need to create a nonce which:
-     * a) changes all the time (see r->request_time)
-     *    below and
-     * b) of which we can verify that it is our own
-     *    fairly easily when it comes to veryfing
-     *    the digest coming back in the response.
-     * c) and which as a whole should not
-     *    be unlikely to be in use anywhere else.
-     */
-    char * nonce_prefix = ap_md5(r->pool,
-           (unsigned char *)
-           ap_psprintf(r->pool, "%s%lld",
-                       ap_auth_nonce(r), (long long)r->request_time));
-
-    ap_table_setn(r->err_headers_out,
-	    r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
-		  : "WWW-Authenticate",
-           ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s%lld\"",
-               ap_auth_name(r), nonce_prefix, (long long)r->request_time));
-}
-
-API_EXPORT(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
-{
-    const char *auth_line = ap_table_get(r->headers_in,
-					 r->proxyreq == STD_PROXY
-					 ? "Proxy-Authorization"
-					 : "Authorization");
-    const char *t;
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Basic"))
-        return DECLINED;
-
-    if (!ap_auth_name(r)) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
-		    r, "need AuthName: %s", r->uri);
-        return SERVER_ERROR;
-    }
-
-    if (!auth_line) {
-        ap_note_basic_auth_failure(r);
-        return AUTH_REQUIRED;
-    }
-
-    if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
-        /* Client tried to authenticate using wrong auth scheme */
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "client used wrong authentication scheme: %s", r->uri);
-        ap_note_basic_auth_failure(r);
-        return AUTH_REQUIRED;
-    }
-
-    while (*auth_line== ' ' || *auth_line== '\t')
-        auth_line++;
-
-    t = ap_pbase64decode(r->pool, auth_line);
-    /* Note that this allocation has to be made from r->connection->pool
-     * because it has the lifetime of the connection.  The other allocations
-     * are temporary and can be tossed away any time.
-     */
-    r->connection->user = ap_getword_nulls (r->connection->pool, &t, ':');
-    r->connection->ap_auth_type = "Basic";
-
-    *pw = t;
-
-    return OK;
-}
-
-/* New Apache routine to map status codes into array indicies
- *  e.g.  100 -> 0,  101 -> 1,  200 -> 2 ...
- * The number of status lines must equal the value of RESPONSE_CODES (httpd.h)
- * and must be listed in order.
- */
-
-static const char * const status_lines[RESPONSE_CODES] =
-{
-    "100 Continue",
-    "101 Switching Protocols",
-    "102 Processing",
-#define LEVEL_200  3
-    "200 OK",
-    "201 Created",
-    "202 Accepted",
-    "203 Non-Authoritative Information",
-    "204 No Content",
-    "205 Reset Content",
-    "206 Partial Content",
-    "207 Multi-Status",
-#define LEVEL_300 11
-    "300 Multiple Choices",
-    "301 Moved Permanently",
-    "302 Found",
-    "303 See Other",
-    "304 Not Modified",
-    "305 Use Proxy",
-    "306 unused",
-    "307 Temporary Redirect",
-#define LEVEL_400 19
-    "400 Bad Request",
-    "401 Authorization Required",
-    "402 Payment Required",
-    "403 Forbidden",
-    "404 Not Found",
-    "405 Method Not Allowed",
-    "406 Not Acceptable",
-    "407 Proxy Authentication Required",
-    "408 Request Time-out",
-    "409 Conflict",
-    "410 Gone",
-    "411 Length Required",
-    "412 Precondition Failed",
-    "413 Request Entity Too Large",
-    "414 Request-URI Too Large",
-    "415 Unsupported Media Type",
-    "416 Requested Range Not Satisfiable",
-    "417 Expectation Failed",
-    "418 unused",
-    "419 unused",
-    "420 unused",
-    "421 unused",
-    "422 Unprocessable Entity",
-    "423 Locked",
-    "424 Failed Dependency",
-#define LEVEL_500 44
-    "500 Internal Server Error",
-    "501 Method Not Implemented",
-    "502 Bad Gateway",
-    "503 Service Temporarily Unavailable",
-    "504 Gateway Time-out",
-    "505 HTTP Version Not Supported",
-    "506 Variant Also Negotiates",
-    "507 Insufficient Storage",
-    "508 unused",
-    "509 unused",
-    "510 Not Extended"
-};
-
-/* The index is found by its offset from the x00 code of each level.
- * Although this is fast, it will need to be replaced if some nutcase
- * decides to define a high-numbered code before the lower numbers.
- * If that sad event occurs, replace the code below with a linear search
- * from status_lines[shortcut[i]] to status_lines[shortcut[i+1]-1];
- */
-API_EXPORT(int) ap_index_of_response(int status)
-{
-    static int shortcut[6] = {0, LEVEL_200, LEVEL_300, LEVEL_400,
-    LEVEL_500, RESPONSE_CODES};
-    int i, pos;
-
-    if (status < 100)           /* Below 100 is illegal for HTTP status */
-        return LEVEL_500;
-
-    for (i = 0; i < 5; i++) {
-        status -= 100;
-        if (status < 100) {
-            pos = (status + shortcut[i]);
-            if (pos < shortcut[i + 1])
-                return pos;
-            else
-                return LEVEL_500;       /* status unknown (falls in gap) */
-        }
-    }
-    return LEVEL_500;           /* 600 or above is also illegal */
-}
-
-/* Send a single HTTP header field to the client.  Note that this function
- * is used in calls to table_do(), so their interfaces are co-dependent.
- * In other words, don't change this one without checking table_do in alloc.c.
- * It returns true unless there was a write error of some kind.
- */
-API_EXPORT_NONSTD(int) ap_send_header_field(request_rec *r,
-                                            const char *fieldname,
-                                            const char *fieldval)
-{
-    if (strcasecmp(fieldname, "ETag") == 0) {
-        if (ap_table_get(r->notes, "no-etag") != NULL) {
-            return 1;
-        }
-    }
-    return (0 < ap_rvputs(r, fieldname, ": ", fieldval, CRLF, NULL));
-}
-
-API_EXPORT(void) ap_basic_http_header(request_rec *r)
-{
-    char *protocol;
-
-    if (r->assbackwards)
-        return;
-
-    if (!r->status_line)
-        r->status_line = status_lines[ap_index_of_response(r->status)];
-
-    /* kluge around broken browsers when indicated by force-response-1.0
-     */
-    if (r->proto_num == HTTP_VERSION(1,0)
-       && ap_table_get(r->subprocess_env, "force-response-1.0")) {
-
-        protocol = "HTTP/1.0";
-        r->connection->keepalive = -1;
-    }
-    else
-        protocol = SERVER_PROTOCOL;
-
-    /* output the HTTP/1.x Status-Line */
-    ap_rvputs(r, protocol, " ", r->status_line, CRLF, NULL);
-
-    /* output the date header */
-    ap_send_header_field(r, "Date", ap_gm_timestr_822(r->pool, r->request_time));
-
-    /* keep the set-by-proxy server header, otherwise
-     * generate a new server header */
-    if (r->proxyreq) {
-        const char *server = ap_table_get(r->headers_out, "Server");
-        if (server) {
-            ap_send_header_field(r, "Server", server);
-        }
-    }
-    else {
-        ap_send_header_field(r, "Server", ap_get_server_version());
-    }
-
-    /* unset so we don't send them again */
-    ap_table_unset(r->headers_out, "Date");        /* Avoid bogosity */
-    ap_table_unset(r->headers_out, "Server");
-}
-
-/* Navigator versions 2.x, 3.x and 4.0 betas up to and including 4.0b2
- * have a header parsing bug.  If the terminating \r\n occur starting
- * at offset 256, 257 or 258 of output then it will not properly parse
- * the headers.  Curiously it doesn't exhibit this problem at 512, 513.
- * We are guessing that this is because their initial read of a new request
- * uses a 256 byte buffer, and subsequent reads use a larger buffer.
- * So the problem might exist at different offsets as well.
- *
- * This should also work on keepalive connections assuming they use the
- * same small buffer for the first read of each new request.
- *
- * At any rate, we check the bytes written so far and, if we are about to
- * tickle the bug, we instead insert a bogus padding header.  Since the bug
- * manifests as a broken image in Navigator, users blame the server.  :(
- * It is more expensive to check the User-Agent than it is to just add the
- * bytes, so we haven't used the BrowserMatch feature here.
- */
-static void terminate_header(BUFF *client)
-{
-    off_t bs;
-
-    ap_bgetopt(client, BO_BYTECT, &bs);
-    if (bs >= 255 && bs <= 257)
-        ap_bputs("X-Pad: avoid browser bug" CRLF, client);
-
-    ap_bputs(CRLF, client);  /* Send the terminating empty line */
-}
-
-/* Build the Allow field-value from the request handler method mask.
- * Note that we always allow TRACE, since it is handled below.
- */
-static char *make_allow(request_rec *r)
-{
-    return 2 + ap_pstrcat(r->pool,
-                   (r->allowed & (1 << M_GET))       ? ", GET, HEAD" : "",
-                   (r->allowed & (1 << M_POST))      ? ", POST"      : "",
-                   (r->allowed & (1 << M_PUT))       ? ", PUT"       : "",
-                   (r->allowed & (1 << M_DELETE))    ? ", DELETE"    : "",
-                   (r->allowed & (1 << M_CONNECT))   ? ", CONNECT"   : "",
-                   (r->allowed & (1 << M_OPTIONS))   ? ", OPTIONS"   : "",
-                   (r->allowed & (1 << M_PATCH))     ? ", PATCH"     : "",
-                   (r->allowed & (1 << M_PROPFIND))  ? ", PROPFIND"  : "",
-                   (r->allowed & (1 << M_PROPPATCH)) ? ", PROPPATCH" : "",
-                   (r->allowed & (1 << M_MKCOL))     ? ", MKCOL"     : "",
-                   (r->allowed & (1 << M_COPY))      ? ", COPY"      : "",
-                   (r->allowed & (1 << M_MOVE))      ? ", MOVE"      : "",
-                   (r->allowed & (1 << M_LOCK))      ? ", LOCK"      : "",
-                   (r->allowed & (1 << M_UNLOCK))    ? ", UNLOCK"    : "",
-                   ", TRACE",
-                   NULL);
-}
-
-API_EXPORT(int) ap_send_http_trace(request_rec *r)
-{
-    int rv;
-
-    /* Get the original request */
-    while (r->prev)
-        r = r->prev;
-
-    if ((rv = ap_setup_client_block(r, REQUEST_NO_BODY)))
-        return rv;
-
-    ap_hard_timeout("send TRACE", r);
-
-    r->content_type = "message/http";
-    ap_send_http_header(r);
-
-    /* Now we recreate the request, and echo it back */
-
-    ap_rvputs(r, r->the_request, CRLF, NULL);
-
-    ap_table_do((int (*) (void *, const char *, const char *))
-                ap_send_header_field, (void *) r, r->headers_in, NULL);
-    ap_rputs(CRLF, r);
-
-    ap_kill_timeout(r);
-    return OK;
-}
-
-API_EXPORT(int) ap_send_http_options(request_rec *r)
-{
-    const off_t zero = 0LL;
-
-    if (r->assbackwards)
-        return DECLINED;
-
-    ap_hard_timeout("send OPTIONS", r);
-
-    ap_basic_http_header(r);
-
-    ap_table_setn(r->headers_out, "Content-Length", "0");
-    ap_table_setn(r->headers_out, "Allow", make_allow(r));
-    ap_set_keepalive(r);
-
-    ap_table_do((int (*) (void *, const char *, const char *)) ap_send_header_field,
-             (void *) r, r->headers_out, NULL);
-
-    terminate_header(r->connection->client);
-
-    ap_kill_timeout(r);
-    ap_bsetopt(r->connection->client, BO_BYTECT, &zero);
-
-    return OK;
-}
-
-/*
- * Here we try to be compatible with clients that want multipart/x-byteranges
- * instead of multipart/byteranges (also see above), as per HTTP/1.1. We
- * look for the Request-Range header (e.g. Netscape 2 and 3) as an indication
- * that the browser supports an older protocol. We also check User-Agent
- * for Microsoft Internet Explorer 3, which needs this as well.
- */
-static int use_range_x(request_rec *r)
-{
-    const char *ua;
-    return (ap_table_get(r->headers_in, "Request-Range") ||
-            ((ua = ap_table_get(r->headers_in, "User-Agent"))
-             && strstr(ua, "MSIE 3")));
-}
-
-/* This routine is called by ap_table_do and merges all instances of
- * the passed field values into a single array that will be further
- * processed by some later routine.  Originally intended to help split
- * and recombine multiple Vary fields, though it is generic to any field
- * consisting of comma/space-separated tokens.
- */
-static int uniq_field_values(void *d, const char *key, const char *val)
-{
-    array_header *values;
-    char *start;
-    char *e;
-    char **strpp;
-    int  i;
-
-    values = (array_header *)d;
-
-    e = ap_pstrdup(values->pool, val);
-
-    do {
-        /* Find a non-empty fieldname */
-
-        while (*e == ',' || ap_isspace(*e)) {
-            ++e;
-        }
-        if (*e == '\0') {
-            break;
-        }
-        start = e;
-        while (*e != '\0' && *e != ',' && !ap_isspace(*e)) {
-            ++e;
-        }
-        if (*e != '\0') {
-            *e++ = '\0';
-        }
-
-        /* Now add it to values if it isn't already represented.
-         * Could be replaced by a ap_array_strcasecmp() if we had one.
-         */
-        for (i = 0, strpp = (char **) values->elts; i < values->nelts;
-             ++i, ++strpp) {
-            if (*strpp && strcasecmp(*strpp, start) == 0) {
-                break;
-            }
-        }
-        if (i == values->nelts) {  /* if not found */
-           *(char **)ap_push_array(values) = start;
-        }
-    } while (*e != '\0');
-
-    return 1;
-}
-
-/*
- * Since some clients choke violently on multiple Vary fields, or
- * Vary fields with duplicate tokens, combine any multiples and remove
- * any duplicates.
- */
-static void fixup_vary(request_rec *r)
-{
-    array_header *varies;
-
-    varies = ap_make_array(r->pool, 5, sizeof(char *));
-
-    /* Extract all Vary fields from the headers_out, separate each into
-     * its comma-separated fieldname values, and then add them to varies
-     * if not already present in the array.
-     */
-    ap_table_do((int (*)(void *, const char *, const char *))uniq_field_values,
-		(void *) varies, r->headers_out, "Vary", NULL);
-
-    /* If we found any, replace old Vary fields with unique-ified value */
-
-    if (varies->nelts > 0) {
-	ap_table_setn(r->headers_out, "Vary",
-		      ap_array_pstrcat(r->pool, varies, ','));
-    }
-}
-
-API_EXPORT(void) ap_send_http_header(request_rec *r)
-{
-    int i;
-    const off_t zero = 0LL;
-
-    if (r->assbackwards) {
-        if (!r->main)
-            ap_bsetopt(r->connection->client, BO_BYTECT, &zero);
-        r->sent_bodyct = 1;
-        return;
-    }
-
-    /*
-     * Now that we are ready to send a response, we need to combine the two
-     * header field tables into a single table.  If we don't do this, our
-     * later attempts to set or unset a given fieldname might be bypassed.
-     */
-    if (!ap_is_empty_table(r->err_headers_out))
-        r->headers_out = ap_overlay_tables(r->pool, r->err_headers_out,
-                                        r->headers_out);
-
-    /*
-     * Remove the 'Vary' header field if the client can't handle it.
-     * Since this will have nasty effects on HTTP/1.1 caches, force
-     * the response into HTTP/1.0 mode.
-     */
-    if (ap_table_get(r->subprocess_env, "force-no-vary") != NULL) {
-	ap_table_unset(r->headers_out, "Vary");
-	r->proto_num = HTTP_VERSION(1,0);
-	ap_table_set(r->subprocess_env, "force-response-1.0", "1");
-    }
-    else {
-	fixup_vary(r);
-    }
-
-    ap_hard_timeout("send headers", r);
-
-    ap_basic_http_header(r);
-
-    ap_set_keepalive(r);
-
-    if (r->chunked) {
-        ap_table_mergen(r->headers_out, "Transfer-Encoding", "chunked");
-        ap_table_unset(r->headers_out, "Content-Length");
-    }
-
-    if (r->byterange > 1)
-        ap_table_setn(r->headers_out, "Content-Type",
-                  ap_pstrcat(r->pool, "multipart", use_range_x(r) ? "/x-" : "/",
-                          "byteranges; boundary=", r->boundary, NULL));
-    else ap_table_setn(r->headers_out, "Content-Type", make_content_type(r, 
-	r->content_type));
-
-    if (r->content_encoding)
-        ap_table_setn(r->headers_out, "Content-Encoding", r->content_encoding);
-
-    if (r->content_languages && r->content_languages->nelts) {
-        for (i = 0; i < r->content_languages->nelts; ++i) {
-            ap_table_mergen(r->headers_out, "Content-Language",
-                        ((char **) (r->content_languages->elts))[i]);
-        }
-    }
-    else if (r->content_language)
-        ap_table_setn(r->headers_out, "Content-Language", r->content_language);
-
-    /*
-     * Control cachability for non-cachable responses if not already set by
-     * some other part of the server configuration.
-     */
-    if (r->no_cache && !ap_table_get(r->headers_out, "Expires"))
-        ap_table_addn(r->headers_out, "Expires",
-                  ap_gm_timestr_822(r->pool, r->request_time));
-
-    /* Send the entire table of header fields, terminated by an empty line. */
-
-    ap_table_do((int (*) (void *, const char *, const char *)) ap_send_header_field,
-             (void *) r, r->headers_out, NULL);
-
-    terminate_header(r->connection->client);
-
-    ap_kill_timeout(r);
-
-    ap_bsetopt(r->connection->client, BO_BYTECT, &zero);
-    r->sent_bodyct = 1;         /* Whatever follows is real body stuff... */
-
-    /* Set buffer flags for the body */
-    if (r->chunked)
-        ap_bsetflag(r->connection->client, B_CHUNK, 1);
-}
-
-/* finalize_request_protocol is called at completion of sending the
- * response.  It's sole purpose is to send the terminating protocol
- * information for any wrappers around the response message body
- * (i.e., transfer encodings).  It should have been named finalize_response.
- */
-API_EXPORT(void) ap_finalize_request_protocol(request_rec *r)
-{
-    if (r->chunked && !r->connection->aborted) {
-        /*
-         * Turn off chunked encoding --- we can only do this once.
-         */
-        r->chunked = 0;
-        ap_bsetflag(r->connection->client, B_CHUNK, 0);
-
-        ap_soft_timeout("send ending chunk", r);
-        ap_rputs("0" CRLF, r);
-        /* If we had footer "headers", we'd send them now */
-        ap_rputs(CRLF, r);
-        ap_kill_timeout(r);
-
-    }
-}
-
-/* Here we deal with getting the request message body from the client.
- * Whether or not the request contains a body is signaled by the presence
- * of a non-zero Content-Length or by a Transfer-Encoding: chunked.
- *
- * Note that this is more complicated than it was in Apache 1.1 and prior
- * versions, because chunked support means that the module does less.
- *
- * The proper procedure is this:
- *
- * 1. Call setup_client_block() near the beginning of the request
- *    handler. This will set up all the necessary properties, and will
- *    return either OK, or an error code. If the latter, the module should
- *    return that error code. The second parameter selects the policy to
- *    apply if the request message indicates a body, and how a chunked
- *    transfer-coding should be interpreted. Choose one of
- *
- *    REQUEST_NO_BODY          Send 413 error if message has any body
- *    REQUEST_CHUNKED_ERROR    Send 411 error if body without Content-Length
- *    REQUEST_CHUNKED_DECHUNK  If chunked, remove the chunks for me.
- *    REQUEST_CHUNKED_PASS     Pass the chunks to me without removal.
- *
- *    In order to use the last two options, the caller MUST provide a buffer
- *    large enough to hold a chunk-size line, including any extensions.
- *
- * 2. When you are ready to read a body (if any), call should_client_block().
- *    This will tell the module whether or not to read input. If it is 0,
- *    the module should assume that there is no message body to read.
- *    This step also sends a 100 Continue response to HTTP/1.1 clients,
- *    so should not be called until the module is *definitely* ready to
- *    read content. (otherwise, the point of the 100 response is defeated).
- *    Never call this function more than once.
- *
- * 3. Finally, call get_client_block in a loop. Pass it a buffer and its size.
- *    It will put data into the buffer (not necessarily a full buffer), and
- *    return the length of the input block. When it is done reading, it will
- *    return 0 if EOF, or -1 if there was an error.
- *    If an error occurs on input, we force an end to keepalive.
- */
-
-API_EXPORT(int) ap_setup_client_block(request_rec *r, int read_policy)
-{
-    const char *tenc = ap_table_get(r->headers_in, "Transfer-Encoding");
-    const char *lenp = ap_table_get(r->headers_in, "Content-Length");
-    unsigned long max_body;
-
-    r->read_body = read_policy;
-    r->read_chunked = 0;
-    r->remaining = 0;
-
-    if (tenc) {
-        if (strcasecmp(tenc, "chunked")) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Unknown Transfer-Encoding %s", tenc);
-            return HTTP_NOT_IMPLEMENTED;
-        }
-        if (r->read_body == REQUEST_CHUNKED_ERROR) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "chunked Transfer-Encoding forbidden: %s", r->uri);
-            return (lenp) ? HTTP_BAD_REQUEST : HTTP_LENGTH_REQUIRED;
-        }
-
-        r->read_chunked = 1;
-    }
-    else if (lenp) {
-        const char *pos = lenp;
-        int conversion_error = 0;
-
-        while (ap_isspace(*pos))
-            ++pos;
-
-        if (*pos == '\0') {
-            /* special case test - a C-L field NULL or all blanks is
-             * assumed OK and defaults to 0. Otherwise, we do a
-             * strict check of the field */
-            r->remaining = 0;
-        }
-        else {
-            char *endstr;
-            errno = 0;
-            r->remaining = ap_strtol(lenp, &endstr, 10);
-            if (errno || (endstr && *endstr) || (r->remaining < 0)) {
-                conversion_error = 1;
-            }
-        }
-
-        if (conversion_error) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Invalid Content-Length");
-            return HTTP_BAD_REQUEST;
-        }
-    }
-
-    if ((r->read_body == REQUEST_NO_BODY) &&
-        (r->read_chunked || (r->remaining > 0))) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "%s with body is not allowed for %s", r->method, r->uri);
-        return HTTP_REQUEST_ENTITY_TOO_LARGE;
-    }
-
-    max_body = ap_get_limit_req_body(r);
-    if (max_body && ((unsigned long)r->remaining > max_body)
-                 && (r->remaining >= 0)) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-          "Request content-length of %s is larger than the configured "
-          "limit of %lu", lenp, max_body);
-        return HTTP_REQUEST_ENTITY_TOO_LARGE;
-    }
-
-    return OK;
-}
-
-API_EXPORT(int) ap_should_client_block(request_rec *r)
-{
-    /* First check if we have already read the request body */
-
-    if (r->read_length || (!r->read_chunked && (r->remaining <= 0)))
-        return 0;
-
-    if (r->expecting_100 && r->proto_num >= HTTP_VERSION(1,1)) {
-        /* sending 100 Continue interim response */
-        ap_rvputs(r, SERVER_PROTOCOL, " ", status_lines[0], CRLF CRLF,
-                  NULL);
-        ap_rflush(r);
-    }
-
-    return 1;
-}
-
-/**
- * Parse a chunk extension, detect overflow.
- * There are two error cases:
- *  1) If the conversion would require too many bits, a -1 is returned.
- *  2) If the conversion used the correct number of bits, but an overflow
- *     caused only the sign bit to flip, then that negative number is
- *     returned.
- * In general, any negative number can be considered an overflow error.
- */
-API_EXPORT(long) ap_get_chunk_size(char *b)
-{
-    long chunksize = 0;
-    long chunkbits = sizeof(long) * 8;
-
-    /* Skip leading zeros */
-    while (*b == '0') {
-        ++b;
-    }
-
-    while (ap_isxdigit(*b) && (chunkbits > 0)) {
-        int xvalue = 0;
-
-        if (*b >= '0' && *b <= '9') {
-            xvalue = *b - '0';
-        }
-        else if (*b >= 'A' && *b <= 'F') {
-            xvalue = *b - 'A' + 0xa;
-        }
-        else if (*b >= 'a' && *b <= 'f') {
-            xvalue = *b - 'a' + 0xa;
-        }
-
-        chunksize = (chunksize << 4) | xvalue;
-        chunkbits -= 4;
-        ++b;
-    }
-    if (ap_isxdigit(*b) && (chunkbits <= 0)) {
-        /* overflow */
-        return -1;
-    }
-
-    return chunksize;
-}
-
-/* get_client_block is called in a loop to get the request message body.
- * This is quite simple if the client includes a content-length
- * (the normal case), but gets messy if the body is chunked. Note that
- * r->remaining is used to maintain state across calls and that
- * r->read_length is the total number of bytes given to the caller
- * across all invocations.  It is messy because we have to be careful not
- * to read past the data provided by the client, since these reads block.
- * Returns 0 on End-of-body, -1 on error or premature chunk end.
- *
- * Reading the chunked encoding requires a buffer size large enough to
- * hold a chunk-size line, including any extensions. For now, we'll leave
- * that to the caller, at least until we can come up with a better solution.
- */
-API_EXPORT(long) ap_get_client_block(request_rec *r, char *buffer, int bufsiz)
-{
-    int c;
-    long len_read, len_to_read;
-    long chunk_start = 0;
-    unsigned long max_body;
-
-    if (!r->read_chunked) {     /* Content-length read */
-        len_to_read = (r->remaining > bufsiz) ? bufsiz : r->remaining;
-        len_read = ap_bread(r->connection->client, buffer, len_to_read);
-        if (len_read <= 0) {
-            if (len_read < 0)
-                r->connection->keepalive = -1;
-            return len_read;
-        }
-        r->read_length += len_read;
-        r->remaining -= len_read;
-        return len_read;
-    }
-
-    /*
-     * Handle chunked reading Note: we are careful to shorten the input
-     * bufsiz so that there will always be enough space for us to add a CRLF
-     * (if necessary).
-     */
-    if (r->read_body == REQUEST_CHUNKED_PASS)
-        bufsiz -= 2;
-    if (bufsiz <= 0)
-        return -1;              /* Cannot read chunked with a small buffer */
-
-    /* Check to see if we have already read too much request data.
-     * For efficiency reasons, we only check this at the top of each
-     * caller read pass, since the limit exists just to stop infinite
-     * length requests and nobody cares if it goes over by one buffer.
-     */
-    max_body = ap_get_limit_req_body(r);
-    if (max_body && ((unsigned long) r->read_length > max_body)
-                 && (r->read_length >= 0)) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-            "Chunked request body is larger than the configured limit of %lu",
-            max_body);
-        r->connection->keepalive = -1;
-        return -1;
-    }
-
-    if (r->remaining == 0) {    /* Start of new chunk */
-
-        chunk_start = ap_getline(buffer, bufsiz, r->connection->client, 0);
-        if ((chunk_start <= 0) || (chunk_start >= (bufsiz - 1))
-            || !ap_isxdigit(*buffer)) {
-            r->connection->keepalive = -1;
-            return -1;
-        }
-
-        len_to_read = ap_get_chunk_size(buffer);
-
-        if (len_to_read == 0) { /* Last chunk indicated, get footers */
-            if (r->read_body == REQUEST_CHUNKED_DECHUNK) {
-                get_mime_headers(r);
-                ap_snprintf(buffer, bufsiz, "%ld", r->read_length);
-                ap_table_unset(r->headers_in, "Transfer-Encoding");
-                ap_table_setn(r->headers_in, "Content-Length",
-                    ap_pstrdup(r->pool, buffer));
-                return 0;
-            }
-            r->remaining = -1;  /* Indicate footers in-progress */
-        }
-        else if (len_to_read < 0) {
-            r->connection->keepalive = -1;
-            return -1;
-        }
-        else {
-            r->remaining = len_to_read;
-        }
-        if (r->read_body == REQUEST_CHUNKED_PASS) {
-            buffer[chunk_start++] = CR; /* Restore chunk-size line end  */
-            buffer[chunk_start++] = LF;
-            buffer += chunk_start;      /* and pass line on to caller   */
-            bufsiz -= chunk_start;
-        }
-        else {
-            /* REQUEST_CHUNKED_DECHUNK -- do not include the length of the
-             * header in the return value
-             */
-            chunk_start = 0;
-        }
-    }
-                                /* When REQUEST_CHUNKED_PASS, we are */
-    if (r->remaining == -1) {   /* reading footers until empty line  */
-        len_read = chunk_start;
-
-        while ((bufsiz > 1) && ((len_read =
-                  ap_getline(buffer, bufsiz, r->connection->client, 1)) > 0)) {
-
-            if (len_read != (bufsiz - 1)) {
-                buffer[len_read++] = CR;        /* Restore footer line end  */
-                buffer[len_read++] = LF;
-            }
-            chunk_start += len_read;
-            buffer += len_read;
-            bufsiz -= len_read;
-        }
-        if (len_read < 0) {
-            r->connection->keepalive = -1;
-            return -1;
-        }
-
-        if (len_read == 0) {    /* Indicates an empty line */
-            buffer[0] = CR;
-            buffer[1] = LF;
-            chunk_start += 2;
-            r->remaining = -2;
-        }
-        r->read_length += chunk_start;
-        return chunk_start;
-    }
-                                /* When REQUEST_CHUNKED_PASS, we     */
-    if (r->remaining == -2) {   /* finished footers when last called */
-        r->remaining = 0;       /* so now we must signal EOF         */
-        return 0;
-    }
-
-    /* Otherwise, we are in the midst of reading a chunk of data */
-
-    len_to_read = (r->remaining > bufsiz) ? bufsiz : r->remaining;
-
-    len_read = ap_bread(r->connection->client, buffer, len_to_read);
-    if (len_read <= 0) {
-        r->connection->keepalive = -1;
-        return -1;
-    }
-
-    r->remaining -= len_read;
-
-    if (r->remaining == 0) {    /* End of chunk, get trailing CRLF */
-
-        if ((c = ap_bgetc(r->connection->client)) == CR) {
-            c = ap_bgetc(r->connection->client);
-        }
-
-        if (c != LF) {
-            r->connection->keepalive = -1;
-            return -1;
-        }
-        if (r->read_body == REQUEST_CHUNKED_PASS) {
-            buffer[len_read++] = CR;
-            buffer[len_read++] = LF;
-        }
-    }
-    r->read_length += (chunk_start + len_read);
-
-    return (chunk_start + len_read);
-}
-
-/* In HTTP/1.1, any method can have a body.  However, most GET handlers
- * wouldn't know what to do with a request body if they received one.
- * This helper routine tests for and reads any message body in the request,
- * simply discarding whatever it receives.  We need to do this because
- * failing to read the request body would cause it to be interpreted
- * as the next request on a persistent connection.
- *
- * Since we return an error status if the request is malformed, this
- * routine should be called at the beginning of a no-body handler, e.g.,
- *
- *    if ((retval = ap_discard_request_body(r)) != OK)
- *        return retval;
- */
-API_EXPORT(int) ap_discard_request_body(request_rec *r)
-{
-    int rv;
-
-    if ((rv = ap_setup_client_block(r, REQUEST_CHUNKED_PASS)))
-        return rv;
-
-    /* In order to avoid sending 100 Continue when we already know the
-     * final response status, and yet not kill the connection if there is
-     * no request body to be read, we need to duplicate the test from
-     * ap_should_client_block() here negated rather than call it directly.
-     */
-    if ((r->read_length == 0) && (r->read_chunked || (r->remaining > 0))) {
-        char dumpbuf[HUGE_STRING_LEN];
-
-        if (r->expecting_100) {
-            r->connection->keepalive = -1;
-            return OK;
-        }
-        ap_hard_timeout("reading request body", r);
-        while ((rv = ap_get_client_block(r, dumpbuf, HUGE_STRING_LEN)) > 0)
-            continue;
-        ap_kill_timeout(r);
-
-        if (rv < 0)
-            return HTTP_BAD_REQUEST;
-    }
-    return OK;
-}
-
-/*
- * Send the body of a response to the client.
- */
-API_EXPORT(long) ap_send_fd(FILE *f, request_rec *r)
-{
-    return ap_send_fd_length(f, r, -1);
-}
-
-API_EXPORT(long) ap_send_fd_length(FILE *f, request_rec *r, long length)
-{
-    char buf[IOBUFSIZE];
-    long total_bytes_sent = 0;
-    int n, w, o, len;
-
-    if (length == 0)
-        return 0;
-
-    ap_soft_timeout("send body", r);
-
-    while (!r->connection->aborted) {
-        if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)
-            len = length - total_bytes_sent;
-        else
-            len = IOBUFSIZE;
-
-        while ((n = fread(buf, sizeof(char), len, f)) < 1
-               && ferror(f) && errno == EINTR && !r->connection->aborted)
-            continue;
-
-        if (n < 1) {
-            break;
-        }
-        o = 0;
-
-        while (n && !r->connection->aborted) {
-            w = ap_bwrite(r->connection->client, &buf[o], n);
-            if (w > 0) {
-                ap_reset_timeout(r); /* reset timeout after successful write */
-                total_bytes_sent += w;
-                n -= w;
-                o += w;
-            }
-            else if (w < 0) {
-                if (!r->connection->aborted) {
-                    ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                     "client stopped connection before send body completed");
-                    ap_bsetflag(r->connection->client, B_EOUT, 1);
-                    r->connection->aborted = 1;
-                }
-                break;
-            }
-        }
-    }
-
-    ap_kill_timeout(r);
-    SET_BYTES_SENT(r);
-    return total_bytes_sent;
-}
-
-/*
- * Send the body of a response to the client.
- */
-API_EXPORT(long) ap_send_fb(BUFF *fb, request_rec *r)
-{
-    return ap_send_fb_length(fb, r, -1);
-}
-
-API_EXPORT(long) ap_send_fb_length(BUFF *fb, request_rec *r, long length)
-{
-    char buf[IOBUFSIZE];
-    long total_bytes_sent = 0;
-    int n, w, o, len, fd;
-    fd_set fds;
-
-    if (length == 0)
-        return 0;
-
-    /* Make fb unbuffered and non-blocking */
-    ap_bsetflag(fb, B_RD, 0);
-    ap_bnonblock(fb, B_RD);
-    fd = ap_bfileno(fb, B_RD);
-    if (fd >= FD_SETSIZE) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
-	    "send body: filedescriptor (%u) larger than FD_SETSIZE (%u) "
-	    "found, you probably need to rebuild Apache with a "
-	    "larger FD_SETSIZE", fd, FD_SETSIZE);
-	return 0;
-    }
-
-    ap_soft_timeout("send body", r);
-
-    FD_ZERO(&fds);
-    while (!r->connection->aborted) {
-        if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)
-            len = length - total_bytes_sent;
-        else
-            len = IOBUFSIZE;
-
-        do {
-            n = ap_bread(fb, buf, len);
-            if (n >= 0)
-                break;
-            if (r->connection->aborted)
-                break;
-            if (n < 0 && errno != EAGAIN)
-                break;
-
-            /* we need to block, so flush the output first */
-            if (ap_bflush(r->connection->client) < 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                    "client stopped connection before send body completed");
-                ap_bsetflag(r->connection->client, B_EOUT, 1);
-                r->connection->aborted = 1;
-                break;
-            }
-            FD_SET(fd, &fds);
-            /*
-             * we don't care what select says, we might as well loop back
-             * around and try another read
-             */
-            ap_select(fd + 1, &fds, NULL, NULL, NULL);
-        } while (!r->connection->aborted);
-
-        if (n < 1 || r->connection->aborted) {
-            break;
-        }
-        o = 0;
-
-        while (n && !r->connection->aborted) {
-            w = ap_bwrite(r->connection->client, &buf[o], n);
-            if (w > 0) {
-                ap_reset_timeout(r); /* reset timeout after successful write */
-                total_bytes_sent += w;
-                n -= w;
-                o += w;
-            }
-            else if (w < 0) {
-                if (!r->connection->aborted) {
-                    ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                       "client stopped connection before send body completed");
-                    ap_bsetflag(r->connection->client, B_EOUT, 1);
-                    r->connection->aborted = 1;
-                }
-                break;
-            }
-        }
-    }
-
-    ap_kill_timeout(r);
-    SET_BYTES_SENT(r);
-    return total_bytes_sent;
-}
-
-
-
-/* The code writes MMAP_SEGMENT_SIZE bytes at a time.  This is due to Apache's
- * timeout model, which is a timeout per-write rather than a time for the
- * entire transaction to complete.  Essentially this should be small enough
- * so that in one Timeout period, your slowest clients should be reasonably
- * able to receive this many bytes.
- *
- * To take advantage of zero-copy TCP under Solaris 2.6 this should be a
- * multiple of 16k.  (And you need a SunATM2.0 network card.)
- */
-#ifndef MMAP_SEGMENT_SIZE
-#define MMAP_SEGMENT_SIZE       32768
-#endif
-
-/* send data from an in-memory buffer */
-API_EXPORT(off_t) ap_send_mmap(void *mm, request_rec *r, off_t offset,
-                             off_t length)
-{
-    off_t total_bytes_sent = 0;
-    off_t n, w;
-
-    if (length == 0)
-        return 0;
-
-    ap_soft_timeout("send mmap", r);
-
-    length += offset;
-    while (!r->connection->aborted && offset < length) {
-        if (length - offset > MMAP_SEGMENT_SIZE) {
-            n = MMAP_SEGMENT_SIZE;
-        }
-        else {
-            n = length - offset;
-        }
-
-        while (n && !r->connection->aborted) {
-            w = ap_bwrite(r->connection->client, (char *) mm + offset, n);
-            if (w > 0) {
-                ap_reset_timeout(r); /* reset timeout after successful write */
-                total_bytes_sent += w;
-                n -= w;
-                offset += w;
-            }
-            else if (w < 0) {
-                if (!r->connection->aborted) {
-                    ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                       "client stopped connection before send mmap completed");
-                    ap_bsetflag(r->connection->client, B_EOUT, 1);
-                    r->connection->aborted = 1;
-                }
-                break;
-            }
-        }
-    }
-
-    ap_kill_timeout(r);
-    SET_BYTES_SENT(r);
-    return total_bytes_sent;
-}
-
-API_EXPORT(int) ap_rputc(int c, request_rec *r)
-{
-    if (r->connection->aborted)
-        return EOF;
-
-    if (ap_bputc(c, r->connection->client) < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rputc completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return EOF;
-    }
-    SET_BYTES_SENT(r);
-    return c;
-}
-
-API_EXPORT(int) ap_rputs(const char *str, request_rec *r)
-{
-    int rcode;
-
-    if (r->connection->aborted)
-        return EOF;
-    
-    rcode = ap_bputs(str, r->connection->client);
-    if (rcode < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rputs completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return EOF;
-    }
-    SET_BYTES_SENT(r);
-    return rcode;
-}
-
-API_EXPORT(int) ap_rwrite(const void *buf, int nbyte, request_rec *r)
-{
-    int n;
-
-    if (r->connection->aborted)
-        return -1;
-
-    n = ap_bwrite(r->connection->client, buf, nbyte);
-    if (n < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rwrite completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return -1;
-    }
-    SET_BYTES_SENT(r);
-    return n;
-}
-
-API_EXPORT(int) ap_vrprintf(request_rec *r, const char *fmt, va_list ap)
-{
-    int n;
-
-    if (r->connection->aborted)
-        return -1;
-
-    n = ap_vbprintf(r->connection->client, fmt, ap);
-
-    if (n < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before vrprintf completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return -1;
-    }
-    SET_BYTES_SENT(r);
-    return n;
-}
-
-API_EXPORT_NONSTD(int) ap_rprintf(request_rec *r, const char *fmt,...)
-{
-    va_list vlist;
-    int n;
-
-    if (r->connection->aborted)
-        return -1;
-
-    va_start(vlist, fmt);
-    n = ap_vbprintf(r->connection->client, fmt, vlist);
-    va_end(vlist);
-
-    if (n < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rprintf completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return -1;
-    }
-    SET_BYTES_SENT(r);
-    return n;
-}
-
-API_EXPORT_NONSTD(int) ap_rvputs(request_rec *r,...)
-{
-    va_list args;
-    int i, j, k;
-    const char *x;
-    BUFF *fb = r->connection->client;
-
-    if (r->connection->aborted)
-        return EOF;
-
-    va_start(args, r);
-    for (k = 0;;) {
-        x = va_arg(args, const char *);
-        if (x == NULL)
-            break;
-        j = strlen(x);
-        i = ap_bwrite(fb, x, j);
-        if (i != j) {
-            va_end(args);
-            if (!r->connection->aborted) {
-                ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                    "client stopped connection before rvputs completed");
-                ap_bsetflag(r->connection->client, B_EOUT, 1);
-                r->connection->aborted = 1;
-            }
-            return EOF;
-        }
-        k += i;
-    }
-    va_end(args);
-
-    SET_BYTES_SENT(r);
-    return k;
-}
-
-API_EXPORT(int) ap_rflush(request_rec *r)
-{
-    if (ap_bflush(r->connection->client) < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rflush completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return EOF;
-    }
-    return 0;
-}
-
-/* We should have named this send_canned_response, since it is used for any
- * response that can be generated by the server from the request record.
- * This includes all 204 (no content), 3xx (redirect), 4xx (client error),
- * and 5xx (server error) messages that have not been redirected to another
- * handler via the ErrorDocument feature.
- */
-API_EXPORT(void) ap_send_error_response(request_rec *r, int recursive_error)
-{
-    int status = r->status;
-    int idx = ap_index_of_response(status);
-    char *custom_response;
-    const char *location = ap_table_get(r->headers_out, "Location");
-
-    /*
-     * It's possible that the Location field might be in r->err_headers_out
-     * instead of r->headers_out; use the latter if possible, else the
-     * former.
-     */
-    if (location == NULL) {
-	location = ap_table_get(r->err_headers_out, "Location");
-    }
-    /* We need to special-case the handling of 204 and 304 responses,
-     * since they have specific HTTP requirements and do not include a
-     * message body.  Note that being assbackwards here is not an option.
-     */
-    if (status == HTTP_NOT_MODIFIED) {
-        if (!ap_is_empty_table(r->err_headers_out))
-            r->headers_out = ap_overlay_tables(r->pool, r->err_headers_out,
-                                               r->headers_out);
-        ap_hard_timeout("send 304", r);
-
-        ap_basic_http_header(r);
-        ap_set_keepalive(r);
-
-        ap_table_do((int (*)(void *, const char *, const char *)) ap_send_header_field,
-                    (void *) r, r->headers_out,
-                    "Connection",
-                    "Keep-Alive",
-                    "ETag",
-                    "Content-Location",
-                    "Expires",
-                    "Cache-Control",
-                    "Vary",
-                    "Warning",
-                    "WWW-Authenticate",
-                    "Proxy-Authenticate",
-                    NULL);
-
-        terminate_header(r->connection->client);
-
-        ap_kill_timeout(r);
-        return;
-    }
-
-    if (status == HTTP_NO_CONTENT) {
-        ap_send_http_header(r);
-        ap_finalize_request_protocol(r);
-        return;
-    }
-
-    if (!r->assbackwards) {
-        table *tmp = r->headers_out;
-
-        /* For all HTTP/1.x responses for which we generate the message,
-         * we need to avoid inheriting the "normal status" header fields
-         * that may have been set by the request handler before the
-         * error or redirect, except for Location on external redirects.
-         */
-        r->headers_out = r->err_headers_out;
-        r->err_headers_out = tmp;
-        ap_clear_table(r->err_headers_out);
-
-        if (ap_is_HTTP_REDIRECT(status) || (status == HTTP_CREATED)) {
-            if ((location != NULL) && *location) {
-	        ap_table_setn(r->headers_out, "Location", location);
-            }
-            else {
-                location = "";   /* avoids coredump when printing, below */
-            }
-        }
-
-        r->content_language = NULL;
-        r->content_languages = NULL;
-        r->content_encoding = NULL;
-        r->clength = 0;
-        if (ap_table_get(r->subprocess_env,
-                         "suppress-error-charset") != NULL) {
-            r->content_type = "text/html";
-        }
-        else {
-            r->content_type = "text/html; charset=iso-8859-1";
-        }
-
-        if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED))
-            ap_table_setn(r->headers_out, "Allow", make_allow(r));
-
-        ap_send_http_header(r);
-
-        if (r->header_only) {
-            ap_finalize_request_protocol(r);
-            ap_rflush(r);
-            return;
-        }
-    }
-
-    ap_hard_timeout("send error body", r);
-
-    if ((custom_response = ap_response_code_string(r, idx))) {
-        /*
-         * We have a custom response output. This should only be
-         * a text-string to write back. But if the ErrorDocument
-         * was a local redirect and the requested resource failed
-         * for any reason, the custom_response will still hold the
-         * redirect URL. We don't really want to output this URL
-         * as a text message, so first check the custom response
-         * string to ensure that it is a text-string (using the
-         * same test used in ap_die(), i.e. does it start with a ").
-         * If it doesn't, we've got a recursive error, so find
-         * the original error and output that as well.
-         */
-        if (custom_response[0] == '\"') {
-            ap_rputs(custom_response + 1, r);
-            ap_kill_timeout(r);
-            ap_finalize_request_protocol(r);
-            ap_rflush(r);
-            return;
-        }
-        /*
-         * Redirect failed, so get back the original error
-         */
-        while (r->prev && (r->prev->status != HTTP_OK))
-            r = r->prev;
-    }
-    {
-        const char *title = status_lines[idx];
-        const char *h1;
-        const char *error_notes;
-
-        /* Accept a status_line set by a module, but only if it begins
-         * with the 3 digit status code
-         */
-        if (r->status_line != NULL
-            && strlen(r->status_line) > 4       /* long enough */
-            && ap_isdigit(r->status_line[0])
-            && ap_isdigit(r->status_line[1])
-            && ap_isdigit(r->status_line[2])
-            && ap_isspace(r->status_line[3])
-            && ap_isalnum(r->status_line[4])) {
-            title = r->status_line;
-        }
-
-        /* folks decided they didn't want the error code in the H1 text */
-        h1 = &title[4];
-
-        ap_rvputs(r,
-                  DOCTYPE_HTML_2_0
-                  "<HTML><HEAD>\n<TITLE>", title,
-                  "</TITLE>\n</HEAD><BODY>\n<H1>", h1, "</H1>\n",
-                  NULL);
-
-	switch (status) {
-	case HTTP_MOVED_PERMANENTLY:
-	case HTTP_MOVED_TEMPORARILY:
-	case HTTP_TEMPORARY_REDIRECT:
-	    ap_rvputs(r, "The document has moved <A HREF=\"",
-		      ap_escape_html(r->pool, location), "\">here</A>.<P>\n",
-		      NULL);
-	    break;
-	case HTTP_SEE_OTHER:
-	    ap_rvputs(r, "The answer to your request is located <A HREF=\"",
-		      ap_escape_html(r->pool, location), "\">here</A>.<P>\n",
-		      NULL);
-	    break;
-	case HTTP_USE_PROXY:
-	    ap_rvputs(r, "This resource is only accessible "
-		      "through the proxy\n",
-		      ap_escape_html(r->pool, location),
-		      "<BR>\nYou will need to ",
-		      "configure your client to use that proxy.<P>\n", NULL);
-	    break;
-	case HTTP_PROXY_AUTHENTICATION_REQUIRED:
-	case AUTH_REQUIRED:
-	    ap_rputs("This server could not verify that you\n"
-	             "are authorized to access the document\n"
-	             "requested.  Either you supplied the wrong\n"
-	             "credentials (e.g., bad password), or your\n"
-	             "browser doesn't understand how to supply\n"
-	             "the credentials required.<P>\n", r);
-	    break;
-	case BAD_REQUEST:
-	    ap_rputs("Your browser sent a request that "
-	             "this server could not understand.<P>\n", r);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "<P>\n", NULL);
-	    }
-	    break;
-	case HTTP_FORBIDDEN:
-	    ap_rvputs(r, "You don't have permission to access ",
-		      ap_escape_html(r->pool, r->uri),
-		      "\non this server.<P>\n", NULL);
-	    break;
-	case NOT_FOUND:
-	    ap_rvputs(r, "The requested URL ",
-		      ap_escape_html(r->pool, r->uri),
-		      " was not found on this server.<P>\n", NULL);
-	    break;
-	case METHOD_NOT_ALLOWED:
-	    ap_rvputs(r, "The requested method ", r->method,
-		      " is not allowed "
-		      "for the URL ", ap_escape_html(r->pool, r->uri),
-		      ".<P>\n", NULL);
-	    break;
-	case NOT_ACCEPTABLE:
-	    ap_rvputs(r,
-		      "An appropriate representation of the "
-		      "requested resource ",
-		      ap_escape_html(r->pool, r->uri),
-		      " could not be found on this server.<P>\n", NULL);
-	    /* fall through */
-	case MULTIPLE_CHOICES:
-	    {
-		const char *list;
-		if ((list = ap_table_get(r->notes, "variant-list")))
-		    ap_rputs(list, r);
-	    }
-	    break;
-	case LENGTH_REQUIRED:
-	    ap_rvputs(r, "A request of the requested method ", r->method,
-		      " requires a valid Content-length.<P>\n", NULL);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "<P>\n", NULL);
-	    }
-	    break;
-	case PRECONDITION_FAILED:
-	    ap_rvputs(r, "The precondition on the request for the URL ",
-		      ap_escape_html(r->pool, r->uri),
-		      " evaluated to false.<P>\n", NULL);
-	    break;
-	case HTTP_NOT_IMPLEMENTED:
-	    ap_rvputs(r, ap_escape_html(r->pool, r->method), " to ",
-		      ap_escape_html(r->pool, r->uri),
-		      " not supported.<P>\n", NULL);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "<P>\n", NULL);
-	    }
-	    break;
-	case BAD_GATEWAY:
-	    ap_rputs("The proxy server received an invalid" CRLF
-	             "response from an upstream server.<P>" CRLF, r);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "<P>\n", NULL);
-	    }
-	    break;
-	case VARIANT_ALSO_VARIES:
-	    ap_rvputs(r, "A variant for the requested resource\n<PRE>\n",
-		      ap_escape_html(r->pool, r->uri),
-		      "\n</PRE>\nis itself a negotiable resource. "
-		      "This indicates a configuration error.<P>\n", NULL);
-	    break;
-	case HTTP_REQUEST_TIME_OUT:
-	    ap_rputs("Server timeout waiting for the HTTP request from the client.\n", r);
-	    break;
-	case HTTP_GONE:
-	    ap_rvputs(r, "The requested resource<BR>",
-		      ap_escape_html(r->pool, r->uri),
-		      "<BR>\nis no longer available on this server ",
-		      "and there is no forwarding address.\n",
-		      "Please remove all references to this resource.\n",
-		      NULL);
-	    break;
-	case HTTP_REQUEST_ENTITY_TOO_LARGE:
-	    ap_rvputs(r, "The requested resource<BR>",
-		      ap_escape_html(r->pool, r->uri), "<BR>\n",
-		      "does not allow request data with ", r->method,
-		      " requests, or the amount of data provided in\n",
-		      "the request exceeds the capacity limit.\n", NULL);
-	    break;
-	case HTTP_REQUEST_URI_TOO_LARGE:
-	    ap_rputs("The requested URL's length exceeds the capacity\n"
-	             "limit for this server.<P>\n", r);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "<P>\n", NULL);
-	    }
-	    break;
-	case HTTP_UNSUPPORTED_MEDIA_TYPE:
-	    ap_rputs("The supplied request data is not in a format\n"
-	             "acceptable for processing by this resource.\n", r);
-	    break;
-	case HTTP_RANGE_NOT_SATISFIABLE:
-	    ap_rputs("None of the range-specifier values in the Range\n"
-	             "request-header field overlap the current extent\n"
-	             "of the selected resource.\n", r);
-	    break;
-	case HTTP_EXPECTATION_FAILED:
-	    ap_rvputs(r, "The expectation given in the Expect request-header"
-	              "\nfield could not be met by this server.<P>\n"
-	              "The client sent<PRE>\n    Expect: ",
-	              ap_escape_html(r->pool, ap_table_get(r->headers_in,
-		      "Expect")), "\n</PRE>\n"
-	              "but we only allow the 100-continue expectation.\n",
-	              NULL);
-	    break;
-	case HTTP_UNPROCESSABLE_ENTITY:
-	    ap_rputs("The server understands the media type of the\n"
-	             "request entity, but was unable to process the\n"
-	             "contained instructions.\n", r);
-	    break;
-	case HTTP_LOCKED:
-	    ap_rputs("The requested resource is currently locked.\n"
-	             "The lock must be released or proper identification\n"
-	             "given before the method can be applied.\n", r);
-	    break;
-	case HTTP_FAILED_DEPENDENCY:
-	    ap_rputs("The method could not be performed on the resource\n"
-	             "because the requested action depended on another\n"
-	             "action and that other action failed.\n", r);
-	    break;
-	case HTTP_INSUFFICIENT_STORAGE:
-	    ap_rputs("The method could not be performed on the resource\n"
-	             "because the server is unable to store the\n"
-	             "representation needed to successfully complete the\n"
-	             "request.  There is insufficient free space left in\n"
-	             "your storage allocation.\n", r);
-	    break;
-	case HTTP_SERVICE_UNAVAILABLE:
-	    ap_rputs("The server is temporarily unable to service your\n"
-	             "request due to maintenance downtime or capacity\n"
-	             "problems. Please try again later.\n", r);
-	    break;
-	case HTTP_GATEWAY_TIME_OUT:
-	    ap_rputs("The proxy server did not receive a timely response\n"
-	             "from the upstream server.\n", r);
-	    break;
-	case HTTP_NOT_EXTENDED:
-	    ap_rputs("A mandatory extension policy in the request is not\n"
-	             "accepted by the server for this resource.\n", r);
-	    break;
-	default:            /* HTTP_INTERNAL_SERVER_ERROR */
-	    /*
-	     * This comparison to expose error-notes could be modified to
-	     * use a configuration directive and export based on that 
-	     * directive.  For now "*" is used to designate an error-notes
-	     * that is totally safe for any user to see (ie lacks paths,
-	     * database passwords, etc.)
-	     */
-	    if (((error_notes = ap_table_get(r->notes, "error-notes")) != NULL)
-		&& (h1 = ap_table_get(r->notes, "verbose-error-to")) != NULL
-		&& (strcmp(h1, "*") == 0)) {
-	        ap_rvputs(r, error_notes, "<P>\n", NULL);
-	    }
-	    else {
-	        ap_rvputs(r, "The server encountered an internal error or\n"
-	             "misconfiguration and was unable to complete\n"
-	             "your request.<P>\n"
-	             "Please contact the server administrator,\n ",
-	             ap_escape_html(r->pool, r->server->server_admin),
-	             " and inform them of the time the error occurred,\n"
-	             "and anything you might have done that may have\n"
-	             "caused the error.<P>\n"
-		     "More information about this error may be available\n"
-		     "in the server error log.<P>\n", NULL);
-	    }
-	 /*
-	  * It would be nice to give the user the information they need to
-	  * fix the problem directly since many users don't have access to
-	  * the error_log (think University sites) even though they can easily
-	  * get this error by misconfiguring an htaccess file.  However, the
-	  * error notes tend to include the real file pathname in this case,
-	  * which some people consider to be a breach of privacy.  Until we
-	  * can figure out a way to remove the pathname, leave this commented.
-	  *
-	  * if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-	  *     ap_rvputs(r, error_notes, "<P>\n", NULL);
-	  * }
-	  */
-	    break;
-	}
-
-        if (recursive_error) {
-            ap_rvputs(r, "<P>Additionally, a ",
-                      status_lines[ap_index_of_response(recursive_error)],
-                      "\nerror was encountered while trying to use an "
-                      "ErrorDocument to handle the request.\n", NULL);
-        }
-        ap_rputs(ap_psignature("<HR>\n", r), r);
-        ap_rputs("</BODY></HTML>\n", r);
-    }
-    ap_kill_timeout(r);
-    ap_finalize_request_protocol(r);
-    ap_rflush(r);
-}
-
-/*
- * The shared hash context, copies of which are used by all children for
- * etag generation.  ap_init_etag() must be called once before all the
- * children are created.  We use a secret hash initialization value
- * so that people can't brute-force inode numbers.
- */
-static AP_SHA1_CTX baseCtx;
-
-int ap_create_etag_state(pool *pconf)
-{
-    u_int32_t rnd;
-    unsigned int u;
-    int fd;
-    char* filename;
-
-    filename = ap_server_root_relative(pconf, "logs/etag-state");
-    ap_server_strip_chroot(filename, 0);
-
-    if ((fd = open(filename, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW, 0640)) ==
-      -1) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-          "could not create %s", filename);
-        exit(-1);
-    }
-
-    if (fchown(fd, -1, ap_group_id) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-          "could not chown %s", filename);
-        exit(-1);
-    }
-
-    /* generate random bytes and write them */
-    for (u = 0; u < 4; u++) {
-        rnd = arc4random();
-        if (write(fd, &rnd, sizeof(rnd)) == -1) {
-            ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-              "could not write to %s", filename);
-            exit(-1);
-        }
-    }
-
-    close (fd);
-    return (0);
-}
-
-int ap_read_etag_state(pool *pconf)
-{
-    struct stat st;
-    u_int32_t rnd;
-    unsigned int u;
-    int fd;
-    char* filename;
-
-    ap_SHA1Init(&baseCtx);
-
-    filename = ap_server_root_relative(pconf, "logs/etag-state");
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, NULL,
-      "Initializing etag from %s", filename);
-
-    ap_server_strip_chroot(filename, 0);
-
-    if ((fd = open(filename, O_RDONLY|O_NOFOLLOW, 0640)) == -1)
-	return (-1);
-
-    fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP);
-    fchown(fd, -1, ap_group_id);
-
-    if (fstat(fd, &st) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-          "could not fstat %s", filename);
-        exit(-1);
-    }
-
-    if (st.st_size != sizeof(rnd)*4) {
-	return (-1);
-    }
-
-    /* read 4 random 32-bit uints from file and update the hash context */
-    for (u = 0; u < 4; u++) {
-        if (read(fd, &rnd, sizeof(rnd)) != sizeof(rnd))
-            return (-1);
-
-        ap_SHA1Update_binary(&baseCtx, (const unsigned char *)&rnd,
-          sizeof(rnd));
-    }
-
-    if (close(fd) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-          "could not properly close %s", filename);
-        exit(-1);
-    }
-    return (0);
-}
-
-API_EXPORT(void) ap_init_etag(pool *pconf)
-{
-    if (ap_read_etag_state(pconf) == -1) {
-        ap_create_etag_state(pconf);
-        if (ap_read_etag_state(pconf) == -1) {
-            ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-              "could not initialize etag state");
-            exit(-1);
-        }
-    }			
-}
-
-API_EXPORT(char *) ap_make_etag(request_rec *r, int force_weak)
-{
-    AP_SHA1_CTX hashCtx;
-    core_dir_config *cfg;
-    etag_components_t etag_bits;
-    int weak;
-    unsigned char md[SHA_DIGESTSIZE];
-    unsigned int i;
-    
-    memcpy(&hashCtx, &baseCtx, sizeof(hashCtx));
-    
-    cfg = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-      &core_module);
-    etag_bits = (cfg->etag_bits & (~ cfg->etag_remove)) | cfg->etag_add;
-    if (etag_bits == ETAG_UNSET)
-        etag_bits = ETAG_BACKWARD;
-    
-    weak = ((r->request_time - r->mtime <= 1) || force_weak);
-    
-    if (r->finfo.st_mode != 0) {
-        if (etag_bits & ETAG_NONE) {
-            ap_table_setn(r->notes, "no-etag", "omit");
-            return "";
-        }
-        if (etag_bits & ETAG_INODE) {
-            ap_SHA1Update_binary(&hashCtx,
-              (const unsigned char *)&r->finfo.st_dev,
-              sizeof(r->finfo.st_dev));
-            ap_SHA1Update_binary(&hashCtx,
-              (const unsigned char *)&r->finfo.st_ino,
-              sizeof(r->finfo.st_ino));
-        }
-        if (etag_bits & ETAG_SIZE)
-            ap_SHA1Update_binary(&hashCtx,
-              (const unsigned char *)&r->finfo.st_size,
-              sizeof(r->finfo.st_size));
-        if (etag_bits & ETAG_MTIME)
-            ap_SHA1Update_binary(&hashCtx,
-              (const unsigned char *)&r->mtime,
-              sizeof(r->mtime));
-    }
-    else {
-        weak = 1;
-        ap_SHA1Update_binary(&hashCtx, (const unsigned char *)&r->mtime,
-          sizeof(r->mtime));
-    }
-    ap_SHA1Final(md, &hashCtx);
-    return ap_psprintf(r->pool, "%s\""
-      "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
-        "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
-        "\"", weak ? "W/" : "",
-      md[0], md[1], md[2], md[3], md[4], md[5], md[6], md[7],
-      md[8], md[9], md[10], md[11], md[12], md[13], md[14], md[15],
-      md[16], md[17], md[18], md[19]);
-}
diff --git a/usr.sbin/httpd/src/main/http_request.c b/usr.sbin/httpd/src/main/http_request.c
deleted file mode 100644
index 07f7c98e28b..00000000000
--- a/usr.sbin/httpd/src/main/http_request.c
+++ /dev/null
@@ -1,1384 +0,0 @@
-/*	$OpenBSD: http_request.c,v 1.16 2008/05/14 09:25:38 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_request.c: functions to get and process requests
- *
- * Rob McCool 3/21/93
- *
- * Thoroughly revamped by rst for Apache.  NB this file reads
- * best from the bottom up.
- *
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_conf_globals.h"		/* for ap_extended_status */
-#include "http_log.h"
-#include "http_main.h"
-#include "scoreboard.h"
-#include "fnmatch.h"
-
-/*****************************************************************
- *
- * Getting and checking directory configuration.  Also checks the
- * FollowSymlinks and FollowSymOwner stuff, since this is really the
- * only place that can happen (barring a new mid_dir_walk callout).
- *
- * We can't do it as an access_checker module function which gets
- * called with the final per_dir_config, since we could have a directory
- * with FollowSymLinks disabled, which contains a symlink to another
- * with a .htaccess file which turns FollowSymLinks back on --- and
- * access in such a case must be denied.  So, whatever it is that
- * checks FollowSymLinks needs to know the state of the options as
- * they change, all the way down.
- */
-
-/*
- * We don't want people able to serve up pipes, or unix sockets, or other
- * scary things.  Note that symlink tests are performed later.
- */
-static int
-check_safe_file(request_rec *r)
-{
-	if (r->finfo.st_mode == 0		 /* doesn't exist */
-	    || S_ISDIR(r->finfo.st_mode)
-	    || S_ISREG(r->finfo.st_mode)
-	    || S_ISLNK(r->finfo.st_mode))
-		return OK;
-
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-	    "object is not a file, directory or symlink: %s", r->filename);
-	return HTTP_FORBIDDEN;
-}
-
-
-static int
-check_symlinks(char *d, int opts)
-{
-	struct stat lfi, fi;
-	char *lastp;
-	int res;
-
-	if (opts & OPT_SYM_LINKS)
-		return OK;
-
-	/*
-	 * Strip trailing '/', if any, off what we're checking; trailing
-	 * slashes make some systems follow symlinks to directories even in
-	 * lstat(). After we've done the lstat, put it back.  Also, don't
-	 * bother checking '/' at all...
-	 * 
-	 * Note that we don't have to worry about multiple slashes here
-	 * because of no2slash() below...
-	 */
-
-	lastp = d + strlen(d) - 1;
-	if (lastp == d)
-		return OK;	/* Root directory, '/' */
-
-	if (*lastp == '/')
-		*lastp = '\0';
-	else
-		lastp = NULL;
-
-	res = lstat(d, &lfi);
-
-	if (lastp)
-		*lastp = '/';
-
-	/*
-	 * Note that we don't reject accesses to nonexistent files (multiviews
-	 * or the like may cons up a way to run the transaction anyway)...
-	 */
-
-	if (!(res >= 0) || !S_ISLNK(lfi.st_mode))
-		return OK;
-
-	/* OK, it's a symlink.  May still be OK with OPT_SYM_OWNER */
-	if (!(opts & OPT_SYM_OWNER))
-		return HTTP_FORBIDDEN;
-
-	if (stat(d, &fi) < 0)
-		return HTTP_FORBIDDEN;
-
-	return (fi.st_uid == lfi.st_uid) ? OK : HTTP_FORBIDDEN;
-
-}
-
-/* Dealing with the file system to get PATH_INFO */
-static int
-get_path_info(request_rec *r)
-{
-	char *cp;
-	char *path = r->filename;
-	char *end = &path[strlen(path)];
-	char *last_cp = NULL;
-	int rv;
-
-	if (r->finfo.st_mode)
-		/* assume path_info already set */
-		return OK;
-
-	/* Advance over trailing slashes ... NOT part of filename 
-	 * if file is not a UNC name (Win32 only).
-	 */
-	for (cp = end; cp > path && cp[-1] == '/'; --cp)
-		continue;
-
-	while (cp > path) {
-
-		/* See if the pathname ending here exists... */
-
-		*cp = '\0';
-
-		/* We must not stat() filenames that may cause os-specific
-		 * system problems, such as "/file/aux" on DOS-abused
-		 * filesystems. So pretend that they do not exist by returning
-		 * an ENOENT error. This will force us to drop that part of
-		 * the path and keep looking back for a "real" file that
-		 * exists, while still allowing the "invalid" path parts within
-		 * the PATH_INFO.
-		 */
-		if (!ap_os_is_filename_valid(path)) {
-			errno = ENOENT;
-			rv = -1;
-		} else {
-			errno = 0;
-			rv = stat(path, &r->finfo);
-		}
-
-		if (cp != end)
-			*cp = '/';
-
-		if (!rv) {
-
-			/*
-			 * Aha!  Found something.  If it was a
-			 * directory, we will search contents of
-			 * that directory for a multi_match, so the
-			 * PATH_INFO argument starts with the
-			 * component after that.
-			 */
-			if (S_ISDIR(r->finfo.st_mode) && last_cp) {
-				r->finfo.st_mode = 0;   /* No such file... */
-				cp = last_cp;
-			}
-
-			r->path_info = ap_pstrdup(r->pool, cp);
-			*cp = '\0';
-			return OK;
-		}
-		/* must set this to zero, some stat()s may have corrupted it
-		 * even if they returned an error.
-		 */
-		r->finfo.st_mode = 0;
-		if (errno == ENOENT || errno == ENOTDIR) {
-			last_cp = cp;
-
-			while (--cp > path && *cp != '/')
-				continue;
-
-			while (cp > path && cp[-1] == '/')
-				--cp;
-		} else {
-			if (errno == EACCES)
-				ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-				    "access to %s failed because search "
-				    "permissions are missing on a component "
-				    "of the path", r->uri);
-			else
-				ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-				    "access to %s failed", r->uri);
-			return HTTP_FORBIDDEN;
-		}
-	}
-	return OK;
-}
-
-static int
-directory_walk(request_rec *r)
-{
-	core_server_config *sconf =
-	    ap_get_module_config(r->server->module_config, &core_module);
-	void *per_dir_defaults = r->server->lookup_defaults;
-	void **sec = (void **)sconf->sec->elts;
-	int num_sec = sconf->sec->nelts;
-	char *test_filename;
-	char *test_dirname;
-	int res;
-	unsigned i, num_dirs;
-	int j, test_filename_len;
-
-	/*
-	 * Are we dealing with a file? If not, we can (hopefuly)
-	 * safely assume we have a handler that doesn't require one,
-	 * but for safety's sake, and so we have something find_types()
-	 * can get something out of, fake one. But don't run through
-	 * the directory entries.
-	 */
-
-	if (r->filename == NULL) {
-		r->filename = ap_pstrdup(r->pool, r->uri);
-		r->finfo.st_mode = 0;   /* Not really a file... */
-		r->per_dir_config = per_dir_defaults;
-
-		return OK;
-	}
-
-	/*
-	 * Go down the directory hierarchy.  Where we have to check
-	 * for symlinks, do so.  Where a .htaccess file has permission
-	 * to override anything, try to find one.  If either of these
-	 * things fails, we could poke around, see why, and adjust
-	 * the lookup_rec accordingly --- this might save us a call
-	 * to get_path_info (with the attendant stat()s); however,
-	 * for the moment, that's not worth the trouble.
-	 *
-	 * Fake filenames (i.e. proxy:) only match Directory sections.
-	 */
-	if (!ap_os_is_path_absolute(r->filename)) {
-		void *this_conf, *entry_config;
-		core_dir_config *entry_core;
-		char *entry_dir;
-
-		for (j = 0; j < num_sec; ++j) {
-
-			entry_config = sec[j];
-
-			entry_core = (core_dir_config *)
-			    ap_get_module_config(entry_config, &core_module);
-			entry_dir = entry_core->d;
-
-			this_conf = NULL;
-			if (entry_core->r) {
-				if (!ap_regexec(entry_core->r, r->filename, 0,
-				    NULL, 0))
-					this_conf = entry_config;
-
-			} else if (entry_core->d_is_fnmatch) {
-				if (!ap_fnmatch(entry_dir, r->filename, 0))
-					this_conf = entry_config;
-			} else if (!strncmp(r->filename, entry_dir,
-			    strlen(entry_dir)))
-				this_conf = entry_config;
-
-			if (this_conf)
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-				    per_dir_defaults, this_conf);
-		}
-
-		r->per_dir_config = per_dir_defaults;
-
-		return OK;
-	}
-
-	r->filename   = ap_os_case_canonical_filename(r->pool, r->filename);
-
-	res = get_path_info(r);
-	if (res != OK)
-		return res;
-
-	r->case_preserved_filename = r->filename;
-
-	r->filename   = ap_os_canonical_filename(r->pool, r->filename);
-
-	test_filename = ap_pstrdup(r->pool, r->filename);
-
-	ap_no2slash(test_filename);
-	num_dirs = ap_count_dirs(test_filename);
-
-	if (!ap_os_is_filename_valid(r->filename) &&
-	    !(r->method_number == M_OPTIONS && !strcmp(r->uri, "*"))) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "Filename is not valid: %s", r->filename);
-		return HTTP_FORBIDDEN;
-	}
-
-	if ((res = check_safe_file(r)))
-		return res;
-
-	test_filename_len = strlen(test_filename);
-	if (test_filename[test_filename_len - 1] == '/')
-		--num_dirs;
-
-	if (S_ISDIR(r->finfo.st_mode))
-		++num_dirs;
-
-	/*
-	 * We will use test_dirname as scratch space while we build directory
-	 * names during the walk.  Profiling shows directory_walk to be a busy
-	 * function so we try to avoid allocating lots of extra memory here.
-	 * We need 2 extra bytes, one for trailing \0 and one because
-	 * make_dirstr_prefix will add potentially one extra /.
-	 */
-	test_dirname = ap_palloc(r->pool, test_filename_len + 2);
-
-
-	/* Normal File Systems are rooted at / */
-	i = 1;
-
-	/* j keeps track of which section we're on, see
-	 * core_reorder_directories */
-	j = 0;
-	for (; i <= num_dirs; ++i) {
-		int overrides_here;
-		core_dir_config *core_dir = (core_dir_config *)
-		    ap_get_module_config(per_dir_defaults, &core_module);
-
-		/*
-		 * XXX: this could be made faster by only copying the next
-		 * component rather than copying the entire thing all over.
-		 */
-		ap_make_dirstr_prefix(test_dirname, test_filename, i);
-
-		/*
-		 * Do symlink checks first, because they are done with the
-		 * permissions appropriate to the *parent* directory...
-		 */
-
-		if ((res = check_symlinks(test_dirname, core_dir->opts))) {
-			ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "Symbolic link not allowed: %s", test_dirname);
-			return res;
-		}
-
-		/*
-		 * Begin *this* level by looking for matching <Directory> sections
-		 * from access.conf.
-		 */
-
-		for (; j < num_sec; ++j) {
-			void *entry_config = sec[j];
-			core_dir_config *entry_core;
-			char *entry_dir;
-			void *this_conf;
-
-			entry_core = (core_dir_config *)
-			    ap_get_module_config(entry_config, &core_module);
-			entry_dir = entry_core->d;
-
-			if (entry_core->r
-			    || !ap_os_is_path_absolute(entry_dir)
-			    || entry_core->d_components > i)
-				break;
-
-			this_conf = NULL;
-			if (entry_core->d_is_fnmatch) {
-				if (!ap_fnmatch(entry_dir, test_dirname,
-				    FNM_PATHNAME))
-					this_conf = entry_config;
-			} else if (!strcmp(test_dirname, entry_dir))
-				this_conf = entry_config;
-
-			if (this_conf) {
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-														 per_dir_defaults,
-														 this_conf);
-				core_dir = (core_dir_config *)
-				    ap_get_module_config(per_dir_defaults,
-				    &core_module);
-			}
-		}
-		overrides_here = core_dir->override;
-
-		/* If .htaccess files are enabled, check for one. */
-
-		if (overrides_here) {
-			void *htaccess_conf = NULL;
-
-			res = ap_parse_htaccess(&htaccess_conf, r,
-			    overrides_here, ap_pstrdup(r->pool, test_dirname),
-			    sconf->access_name);
-			if (res)
-				return res;
-
-			if (htaccess_conf) {
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-				    per_dir_defaults,
-															htaccess_conf);
-				r->per_dir_config = per_dir_defaults;
-			}
-		}
-	}
-
-	/*
-	 * There's two types of IS_SPECIAL sections (see http_core.c), and
-	 * we've already handled the proxy:-style stuff.  Now we'll deal with
-	 * the regexes.
-	 */
-	for (; j < num_sec; ++j) {
-		void *entry_config = sec[j];
-		core_dir_config *entry_core;
-
-		entry_core = (core_dir_config *)
-		    ap_get_module_config(entry_config, &core_module);
-
-		if (entry_core->r) {
-			if (!ap_regexec(entry_core->r, test_dirname, 0, NULL,
-			    REG_NOTEOL))
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-				    per_dir_defaults, entry_config);
-		}
-	}
-	r->per_dir_config = per_dir_defaults;
-
-	/*
-	 * Symlink permissions are determined by the parent.  If the request is
-	 * for a directory then applying the symlink test here would use the
-	 * permissions of the directory as opposed to its parent.  Consider a
-	 * symlink pointing to a dir with a .htaccess disallowing symlinks.  If
-	 * you access /symlink (or /symlink/) you would get a 403 without this
-	 * S_ISDIR test.  But if you accessed /symlink/index.html, for example,
-	 * you would *not* get the 403.
-	 */
-	if (!S_ISDIR(r->finfo.st_mode)
-	    && (res = check_symlinks(r->filename, ap_allow_options(r)))) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		     "Symbolic link not allowed: %s", r->filename);
-		return res;
-	}
-	return OK;  /* Can only "fail" if access denied by the
-		     * symlink goop. */
-}
-
-static int
-location_walk(request_rec *r)
-{
-	core_server_config *sconf =
-	     ap_get_module_config(r->server->module_config, &core_module);
-	void *per_dir_defaults = r->per_dir_config;
-	void **url = (void **) sconf->sec_url->elts;
-	int len, num_url = sconf->sec_url->nelts;
-	char *test_location;
-	void *this_conf, *entry_config;
-	core_dir_config *entry_core;
-	char *entry_url;
-	int j;
-
-	if (!num_url)
-		return OK;
-
-	/* Location and LocationMatch differ on their behaviour w.r.t. multiple
-	 * slashes.  Location matches multiple slashes with a single slash,
-	 * LocationMatch doesn't.  An exception, for backwards brokenness is
-	 * absoluteURIs... in which case neither match multiple slashes.
-	 */
-	if (r->uri[0] != '/')
-		test_location = r->uri;
-	else {
-		test_location = ap_pstrdup(r->pool, r->uri);
-		ap_no2slash(test_location);
-	}
-
-	/* Go through the location entries, and check for matches. */
-
-	/* we apply the directive sections in some order;
-	 * should really try them with the most general first.
-	 */
-	for (j = 0; j < num_url; ++j) {
-
-		entry_config = url[j];
-
-		entry_core = (core_dir_config *)
-		    ap_get_module_config(entry_config, &core_module);
-		entry_url = entry_core->d;
-
-		len = strlen(entry_url);
-
-		this_conf = NULL;
-
-		if (entry_core->r) {
-			if (!ap_regexec(entry_core->r, r->uri, 0, NULL, 0))
-				this_conf = entry_config;
-		} else if (entry_core->d_is_fnmatch) {
-			if (!ap_fnmatch(entry_url, test_location, FNM_PATHNAME))
-				this_conf = entry_config;
-		} else if (!strncmp(test_location, entry_url, len) &&
-		    (entry_url[len - 1] == '/' ||
-		    test_location[len] == '/' || test_location[len] == '\0'))
-			this_conf = entry_config;
-
-		if (this_conf)
-			per_dir_defaults = ap_merge_per_dir_configs(r->pool,
-			    per_dir_defaults, this_conf);
-	}
-	r->per_dir_config = per_dir_defaults;
-
-	return OK;
-}
-
-static int
-file_walk(request_rec *r)
-{
-	core_dir_config *conf =
-	    ap_get_module_config(r->per_dir_config, &core_module);
-	void *per_dir_defaults = r->per_dir_config;
-	void **file = (void **) conf->sec->elts;
-	int num_files = conf->sec->nelts;
-	char *test_file;
-
-	/* get the basename */
-	test_file = strrchr(r->filename, '/');
-	if (test_file == NULL)
-		test_file = r->filename;
-	else
-		++test_file;
-
-	/* Go through the file entries, and check for matches. */
-
-	if (num_files) {
-		void *this_conf, *entry_config;
-		core_dir_config *entry_core;
-		char *entry_file;
-		int j;
-
-		/* we apply the directive sections in some order;
-		 * should really try them with the most general first.
-		 */
-		for (j = 0; j < num_files; ++j) {
-
-			entry_config = file[j];
-
-			entry_core = (core_dir_config *)
-			     ap_get_module_config(entry_config, &core_module);
-			entry_file = entry_core->d;
-
-			this_conf = NULL;
-
-			if (entry_core->r) {
-				if (!ap_regexec(entry_core->r, test_file, 0,
-				    NULL, 0))
-					this_conf = entry_config;
-			} else if (entry_core->d_is_fnmatch) {
-				if (!ap_fnmatch(entry_file, test_file,
-				    FNM_PATHNAME))
-					this_conf = entry_config;
-			} else if (!strcmp(test_file, entry_file))
-				this_conf = entry_config;
-
-			if (this_conf)
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-				    per_dir_defaults, this_conf);
-		}
-		r->per_dir_config = per_dir_defaults;
-	}
-	return OK;
-}
-
-/*****************************************************************
- *
- * The sub_request mechanism.
- *
- * Fns to look up a relative URI from, e.g., a map file or SSI document.
- * These do all access checks, etc., but don't actually run the transaction
- * ... use run_sub_req below for that.  Also, be sure to use destroy_sub_req
- * as appropriate if you're likely to be creating more than a few of these.
- * (An early Apache version didn't destroy the sub_reqs used in directory
- * indexing.  The result, when indexing a directory with 800-odd files in
- * it, was massively excessive storage allocation).
- *
- * Note more manipulation of protocol-specific vars in the request
- * structure...
- */
-
-static request_rec *
-make_sub_request(const request_rec *r)
-{
-	pool *rrp = ap_make_sub_pool(r->pool);
-	request_rec *rr = ap_pcalloc(rrp, sizeof(request_rec));
-
-	rr->pool = rrp;
-	return rr;
-}
-
-API_EXPORT(request_rec *)
-ap_sub_req_method_uri(const char *method, const char *new_file,
-    const request_rec *r)
-{
-	request_rec *rnew;
-	int res;
-	char *udir;
-
-	rnew = make_sub_request(r);
-	rnew->hostname = r->hostname;
-	rnew->request_time = r->request_time;
-	rnew->connection = r->connection;
-	rnew->server = r->server;
-	rnew->request_config = ap_create_request_config(rnew->pool);
-	rnew->htaccess = r->htaccess;
-	rnew->per_dir_config = r->server->lookup_defaults;
-
-	ap_set_sub_req_protocol(rnew, r);
-
-	/* would be nicer to pass "method" to ap_set_sub_req_protocol */
-	rnew->method = method;
-	rnew->method_number = ap_method_number_of(method);
-
-	if (new_file[0] == '/')
-		ap_parse_uri(rnew, new_file);
-	else {
-		udir = ap_make_dirstr_parent(rnew->pool, r->uri);
-		udir = ap_escape_uri(rnew->pool, udir);	/* re-escape it */
-		ap_parse_uri(rnew,
-		    ap_make_full_path(rnew->pool, udir, new_file));
-	}
-
-	/* We cannot return NULL without violating the API. So just turn this
-	 * subrequest into a 500 to indicate the failure. */
-	if (ap_is_recursion_limit_exceeded(r)) {
-		rnew->status = HTTP_INTERNAL_SERVER_ERROR;
-		return rnew;
-	}
-
-	res = ap_unescape_url(rnew->uri);
-	if (res) {
-		rnew->status = res;
-		return rnew;
-	}
-
-	ap_getparents(rnew->uri);
-
-	if ((res = location_walk(rnew))) {
-		rnew->status = res;
-		return rnew;
-	}
-
-	res = ap_translate_name(rnew);
-	if (res) {
-		rnew->status = res;
-		return rnew;
-	}
-
-	/*
-	 * We could be clever at this point, and avoid calling directory_walk,
-	 * etc. However, we'd need to test that the old and new filenames
-	 * contain the same directory components, so it would require
-	 * duplicating the start of translate_name. Instead we rely on the
-	 * cache of .htaccess results.
-	 *
-	 * NB: directory_walk() clears the per_dir_config, so we don't inherit
-	 * from location_walk() above
-	 */
-	/* XXX: This should be display a we bit better... */
-	if ((res = directory_walk(rnew))
-	    || (res = file_walk(rnew))
-	    || (res = location_walk(rnew))
-	    || ((ap_satisfies(rnew) == SATISFY_ALL
-	    || ap_satisfies(rnew) == SATISFY_NOSPEC)
-		? ((res = ap_check_access(rnew))
-			   || (ap_some_auth_required(rnew)
-				   && ((res = ap_check_user_id(rnew))
-					   || (res = ap_check_auth(rnew)))))
-			: ((res = ap_check_access(rnew))
-			   && (!ap_some_auth_required(rnew)
-				   || ((res = ap_check_user_id(rnew))
-					   || (res = ap_check_auth(rnew)))))
-		   )
-		|| (res = ap_find_types(rnew))
-		|| (res = ap_run_fixups(rnew))
-	    ) {
-		rnew->status = res;
-	}
-	return rnew;
-}
-
-API_EXPORT(request_rec *)
-ap_sub_req_lookup_uri(const char *new_file, const request_rec *r)
-{
-	return ap_sub_req_method_uri("GET", new_file, r);
-}
-
-API_EXPORT(request_rec *)
-ap_sub_req_lookup_file(const char *new_file, const request_rec *r)
-{
-	request_rec *rnew;
-	int res;
-	char *fdir;
-
-	rnew = make_sub_request(r);
-	rnew->hostname = r->hostname;
-	rnew->request_time = r->request_time;
-	rnew->connection = r->connection;
-	rnew->server = r->server;
-	rnew->request_config = ap_create_request_config(rnew->pool);
-	rnew->htaccess = r->htaccess;
-
-	ap_set_sub_req_protocol(rnew, r);
-	fdir = ap_make_dirstr_parent(rnew->pool, r->filename);
-
-	/* We cannot return NULL without violating the API. So just turn this
-	 * subrequest into a 500. */
-	if (ap_is_recursion_limit_exceeded(r)) {
-		rnew->status = HTTP_INTERNAL_SERVER_ERROR;
-		return rnew;
-	}
-
-	/*
-	 * Check for a special case... if there are no '/' characters in
-	 * new_file at all, then we are looking at a relative lookup in the
-	 * same directory. That means we won't have to redo directory_walk,
-	 * and we may not even have to redo access checks.
-	 */
-
-	if (strchr(new_file, '/') == NULL) {
-		char *udir = ap_make_dirstr_parent(rnew->pool, r->uri);
-
-		rnew->uri = ap_make_full_path(rnew->pool, udir, new_file);
-		rnew->filename = ap_make_full_path(rnew->pool, fdir, new_file);
-		ap_parse_uri(rnew, rnew->uri);	/* fill in parsed_uri values */
-		if (stat(rnew->filename, &rnew->finfo) < 0) {
-			rnew->finfo.st_mode = 0;
-			/* Special case for filenames which exceed the maximum
-			 * limit imposed by the operating system (~1024). These
-			 * should NOT be treated like "file not found", because
-			 * there is a difference between "the file is not there"
-			 * and "the file exists, but you tried to access it
-			 * using a path which exceeds the path length limit".
-			 * The idea here is to handle DoS attacks with long
-			 * runs of //////'s in a graceful and secure manner.
-			 */
-			if (errno == ENAMETOOLONG) {
-				ap_log_rerror(APLOG_MARK, APLOG_CRIT, r,
-				    "Possible DoS attempt? Path=%s",
-				    r->filename);
-				rnew->status = HTTP_FORBIDDEN;
-				return rnew;
-			}
-		}
-
-		if ((res = check_safe_file(rnew))) {
-			rnew->status = res;
-			return rnew;
-		}
-
-		rnew->per_dir_config = r->per_dir_config;
-
-		/*
-		 * no matter what, if it's a subdirectory, we need to re-run
-		 * directory_walk
-		 */
-		if (S_ISDIR(rnew->finfo.st_mode)) {
-			res = directory_walk(rnew);
-			if (!res)
-				res = file_walk(rnew);
-		} else {
-			if ((res = check_symlinks(rnew->filename,
-			    ap_allow_options(rnew)))) {
-				ap_log_rerror(APLOG_MARK,
-				    APLOG_NOERRNO|APLOG_ERR, rnew,
-				    "Symbolic link not allowed: %s",
-				    rnew->filename);
-				rnew->status = res;
-				return rnew;
-			}
-			/*
-			 * do a file_walk, if it doesn't change the
-			 * per_dir_config then we know that we don't have to
-			 * redo all the access checks
-			 */
-			if ((res = file_walk(rnew))) {
-				rnew->status = res;
-				return rnew;
-			}
-			if (rnew->per_dir_config == r->per_dir_config) {
-				if ((res = ap_find_types(rnew))
-				    || (res = ap_run_fixups(rnew)))
-					rnew->status = res;
-				return rnew;
-			}
-		}
-	} else {
-		/* XXX: @@@: What should be done with the parsed_uri values? */
-		ap_parse_uri(rnew, new_file);	/* fill in parsed_uri values */
-		/*
-		 * XXX: this should be set properly like it is in the same-dir
-		 * case but it's actually sometimes to impossible to do it...
-		 * because the file may not have a uri associated with it -djg
-		 */
-		rnew->uri = "INTERNALLY GENERATED file-relative req";
-		rnew->filename = ((ap_os_is_path_absolute(new_file)) ?
-		    ap_pstrdup(rnew->pool, new_file) :
-		    ap_make_full_path(rnew->pool, fdir, new_file));
-		rnew->per_dir_config = r->server->lookup_defaults;
-		res = directory_walk(rnew);
-		if (!res)
-			res = file_walk(rnew);
-	}
-
-	/* XXX: horrid...*/
-	if (res
-		|| ((ap_satisfies(rnew) == SATISFY_ALL
-			 || ap_satisfies(rnew) == SATISFY_NOSPEC)
-			? ((res = ap_check_access(rnew))
-			   || (ap_some_auth_required(rnew)
-				   && ((res = ap_check_user_id(rnew))
-					   || (res = ap_check_auth(rnew)))))
-			: ((res = ap_check_access(rnew))
-			   && (!ap_some_auth_required(rnew)
-				   || ((res = ap_check_user_id(rnew))
-					   || (res = ap_check_auth(rnew)))))
-		   )
-		|| (res = ap_find_types(rnew))
-		|| (res = ap_run_fixups(rnew))
-	   ) {
-		rnew->status = res;
-	}
-	return rnew;
-}
-
-API_EXPORT(int)
-ap_run_sub_req(request_rec *r)
-{
-	int retval = ap_invoke_handler(r);
-	ap_finalize_sub_req_protocol(r);
-	return retval;
-}
-
-API_EXPORT(void)
-ap_destroy_sub_req(request_rec *r)
-{
-	/* Reclaim the space */
-	ap_destroy_pool(r->pool);
-}
-
-/*****************************************************************
- *
- * Mainline request processing...
- */
-
-API_EXPORT(void)
-ap_die(int type, request_rec *r)
-{
-	int error_index = ap_index_of_response(type);
-	char *custom_response = ap_response_code_string(r, error_index);
-	int recursive_error = 0;
-
-	if (type == DONE) {
-		ap_finalize_request_protocol(r);
-		return;
-	}
-
-	/*
-	 * The following takes care of Apache redirects to custom response URLs
-	 * Note that if we are already dealing with the response to some other
-	 * error condition, we just report on the original error, and give up on
-	 * any attempt to handle the other thing "intelligently"...
-	 */
-
-	if (r->status != HTTP_OK) {
-		recursive_error = type;
-
-		while (r->prev && (r->prev->status != HTTP_OK))
-			r = r->prev;	/* Get back to original error */
-
-		type = r->status;
-		custom_response = NULL; /* Do NOT retry the custom thing! */
-	}
-
-	r->status = type;
-
-	/*
-	 * This test is done here so that none of the auth modules needs to know
-	 * about proxy authentication.  They treat it like normal auth, and then
-	 * we tweak the status.
-	 */
-	if (r->status == AUTH_REQUIRED && r->proxyreq == STD_PROXY)
-		r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
-
-	/*
-	 * If we want to keep the connection, be sure that the request body
-	 * (if any) has been read.
-	 */
-	if ((r->status != HTTP_NOT_MODIFIED) && (r->status != HTTP_NO_CONTENT)
-	    && !ap_status_drops_connection(r->status)
-	    && r->connection && (r->connection->keepalive != -1))
-		(void)ap_discard_request_body(r);
-
-	/*
-	 * Two types of custom redirects --- plain text, and URLs. Plain text
-	 * has a leading '"', so the URL code, here, is triggered on its absence
-	 */
-
-	if (custom_response && custom_response[0] != '"') {
-
-		if (ap_is_url(custom_response)) {
-			/*
-			 * The URL isn't local, so lets drop through the rest
-			 * of this apache code, and continue with the usual
-			 * REDIRECT handler. But note that the client will
-			 * ultimately see the wrong status...
-			 *
-			 * Also, before updating r->status, we may need to
-			 * ensure that the connection is dropped.  For example,
-			 * there may be unread request body that would confuse
-			 * us if we try to read another request.
-			 */
-			if (ap_status_drops_connection(r->status))
-				r->connection->keepalive = -1;
-			r->status = REDIRECT;
-			ap_table_setn(r->headers_out, "Location",
-			    custom_response);
-		} else if (custom_response[0] == '/') {
-			const char *error_notes;
-			r->no_local_copy = 1;	/* Do NOT send USE_LOCAL_COPY
-						 * for error documents! */
-			/*
-			 * This redirect needs to be a GET no matter what the
-			 * original method was.
-			 */
-			ap_table_setn(r->subprocess_env, "REQUEST_METHOD",
-			    r->method);
-
-			/*
-			 * Provide a special method for modules to communicate
-			 * more informative (than the plain canned) messages to
-			 * us. Propagate them to ErrorDocuments via the
-			 * ERROR_NOTES variable:
-			 */
-			if ((error_notes = 
-			    ap_table_get(r->notes, "error-notes")) != NULL)
-				ap_table_setn(r->subprocess_env, "ERROR_NOTES",
-				    error_notes);
-
-			/* 
-			 * If it is already a GET or a HEAD, don't change it 
-			 * (method_number for GET and HEAD is the same) 
-			 */
-			if(r->method_number!=M_GET) { 
-				r->method = ap_pstrdup(r->pool, "GET");
-				r->method_number = M_GET;
-			}
-			ap_internal_redirect(custom_response, r);
-			return;
-		} else {
-			/*
-			 * Dumb user has given us a bad url to redirect to --- 
-			 * fake up dying with a recursive server error...
-			 */
-			recursive_error = SERVER_ERROR;
-			ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "Invalid error redirection directive: %s",
-			    custom_response);
-		}
-	}
-	ap_send_error_response(r, recursive_error);
-}
-
-static void
-decl_die(int status, char *phase, request_rec *r)
-{
-	if (status == DECLINED) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_CRIT, r,
-		    "configuration error:  couldn't %s: %s", phase, r->uri);
-		ap_die(SERVER_ERROR, r);
-	} else
-		ap_die(status, r);
-}
-
-API_EXPORT(int)
-ap_some_auth_required(request_rec *r)
-{
-	/* Is there a require line configured for the type of *this* req? */
-
-	const array_header *reqs_arr = ap_requires(r);
-	require_line *reqs;
-	int i;
-
-	if (!reqs_arr)
-		return 0;
-
-	reqs = (require_line *)reqs_arr->elts;
-
-	for (i = 0; i < reqs_arr->nelts; ++i)
-		if (reqs[i].method_mask & (1 << r->method_number))
-			return 1;
-
-	return 0;
-}
-
-static void
-process_request_internal(request_rec *r)
-{
-	int access_status;
-
-	/* Ignore embedded %2F's in path for proxy requests */
-	if (r->proxyreq == NOT_PROXY && r->parsed_uri.path) {
-		access_status = ap_unescape_url(r->parsed_uri.path);
-		if (access_status) {
-			ap_die(access_status, r);
-			return;
-		}
-	}
-
-	ap_getparents(r->uri);	 /* OK --- shrinking transformations... */
-
-	if ((access_status = location_walk(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = ap_translate_name(r))) {
-		decl_die(access_status, "translate", r);
-		return;
-	}
-
-	if (r->proxyreq == NOT_PROXY) {
-		/*
-		 * We don't want TRACE to run through the normal handler set, we
-		 * handle it specially.
-		 */
-		if (r->method_number == M_TRACE) {
-			if ((access_status = ap_send_http_trace(r)))
-				ap_die(access_status, r);
-			else
-				ap_finalize_request_protocol(r);
-			return;
-		}
-	}
-
-	if (r->proto_num > HTTP_VERSION(1,0) && ap_table_get(r->subprocess_env,
-	    "downgrade-1.0"))
-		r->proto_num = HTTP_VERSION(1,0);
-
-	/*
-	 * NB: directory_walk() clears the per_dir_config, so we don't inherit
-	 * from location_walk() above
-	 */
-
-	if ((access_status = directory_walk(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = file_walk(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = location_walk(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = ap_header_parse(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	switch (ap_satisfies(r)) {
-	case SATISFY_ALL:
-	case SATISFY_NOSPEC:
-		if ((access_status = ap_check_access(r)) != 0) {
-			decl_die(access_status, "check access", r);
-			return;
-		}
-		if (ap_some_auth_required(r)) {
-			if (((access_status = ap_check_user_id(r)) != 0)
-			    || !ap_auth_type(r)) {
-				decl_die(access_status, ap_auth_type(r)
-				    ? "check user.  No user file?"
-				    : "perform authentication. AuthType not "
-				    "set!", r);
-				return;
-			}
-			if (((access_status = ap_check_auth(r)) != 0)
-			    || !ap_auth_type(r)) {
-				decl_die(access_status, ap_auth_type(r)
-				    ? "check access.  No groups file?"
-				    : "perform authentication. AuthType not "
-				    "set!", r);
-				return;
-			}
-		}
-		break;
-	case SATISFY_ANY:
-		if (((access_status = ap_check_access(r)) != 0)) {
-			if (!ap_some_auth_required(r)) {
-				decl_die(access_status, "check access", r);
-				return;
-			}
-			if (((access_status = ap_check_user_id(r)) != 0)
-			    || !ap_auth_type(r)) {
-				decl_die(access_status, ap_auth_type(r)
-				    ? "check user.  No user file?"
-				    : "perform authentication. AuthType not "
-				    "set!", r);
-				return;
-			}
-			if (((access_status = ap_check_auth(r)) != 0)
-			    || !ap_auth_type(r)) {
-				decl_die(access_status, ap_auth_type(r)
-				    ? "check access.  No groups file?"
-				    : "perform authentication. AuthType not "
-				    "set!", r);
-				return;
-			}
-		}
-		break;
-	}
-
-	if (! (r->proxyreq != NOT_PROXY
-	    && r->parsed_uri.scheme != NULL
-	    && strcmp(r->parsed_uri.scheme, "http") == 0) ) {
-		if ((access_status = ap_find_types(r)) != 0) {
-			decl_die(access_status, "find types", r);
-			return;
-		}
-	}
-
-	if ((access_status = ap_run_fixups(r)) != 0) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = ap_invoke_handler(r)) != 0) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	/* Take care of little things that need to happen when we're done */
-	ap_finalize_request_protocol(r);
-}
-
-API_EXPORT(void)
-ap_process_request(request_rec *r)
-{
-	int old_stat;
-
-	if (ap_extended_status)
-		ap_time_process_request(r->connection->child_num,
-		    START_PREQUEST);
-
-	process_request_internal(r);
-
-	old_stat = ap_update_child_status(r->connection->child_num,
-	    SERVER_BUSY_LOG, r);
-
-	/*
-	 * We want to flush the last packet if this isn't a pipelining
-	 * connection *before* we start into logging.  Suppose that the
-	 * logging causes a DNS lookup to occur, which may have a high
-	 * latency.  If we hold off on this packet, then it'll appear
-	 * like the link is stalled when really it's the application
-	 * that's stalled.
-	 */
-	ap_bhalfduplex(r->connection->client);
-	ap_log_transaction(r);
-
-	(void)ap_update_child_status(r->connection->child_num, old_stat, r);
-	if (ap_extended_status)
-		ap_time_process_request(r->connection->child_num,
-		    STOP_PREQUEST);
-}
-
-static table *
-rename_original_env(pool *p, table *t)
-{
-	array_header *env_arr = ap_table_elts(t);
-	table_entry *elts = (table_entry *)env_arr->elts;
-	table *new = ap_make_table(p, env_arr->nalloc);
-	int i;
-
-	for (i = 0; i < env_arr->nelts; ++i) {
-		if (!elts[i].key)
-			continue;
-		ap_table_setn(new, ap_pstrcat(p, "REDIRECT_", elts[i].key,
-		    NULL),  elts[i].val);
-	}
-
-	return new;
-}
-
-static request_rec *
-internal_internal_redirect(const char *new_uri, request_rec *r)
-{
-	int access_status;
-	request_rec *new;
-
-	if (ap_is_recursion_limit_exceeded(r)) {
-		ap_die(HTTP_INTERNAL_SERVER_ERROR, r);
-		return NULL;
-	}
-
-	new = (request_rec *)ap_pcalloc(r->pool, sizeof(request_rec));
-
-	new->connection = r->connection;
-	new->server = r->server;
-	new->pool = r->pool;
-
-	/*
-	 * A whole lot of this really ought to be shared with http_protocol.c...
-	 * another missing cleanup.  It's particularly inappropriate to be
-	 * setting header_only, etc., here.
-	 */
-
-	new->method = r->method;
-	new->method_number = r->method_number;
-	/* initialize context _BEFORE_ ap_parse_uri() call */
-	new->ctx = r->ctx;
-	ap_parse_uri(new, new_uri);
-	new->request_config = ap_create_request_config(r->pool);
-	new->per_dir_config = r->server->lookup_defaults;
-
-	new->prev = r;
-	r->next = new;
-
-	/* Inherit the rest of the protocol info... */
-
-	new->the_request = r->the_request;
-
-	new->allowed = r->allowed;
-
-	new->status = r->status;
-	new->assbackwards = r->assbackwards;
-	new->header_only = r->header_only;
-	new->protocol = r->protocol;
-	new->proto_num = r->proto_num;
-	new->hostname = r->hostname;
-	new->request_time = r->request_time;
-	new->main = r->main;
-
-	new->headers_in = r->headers_in;
-	new->headers_out = ap_make_table(r->pool, 12);
-	new->err_headers_out = r->err_headers_out;
-	new->subprocess_env = rename_original_env(r->pool, r->subprocess_env);
-	new->notes = ap_make_table(r->pool, 5);
-
-	new->htaccess = r->htaccess;
-	new->no_cache = r->no_cache;
-	new->expecting_100 = r->expecting_100;
-	new->no_local_copy = r->no_local_copy;
-	new->read_length = r->read_length;	 /* We can only read it once */
-	new->vlist_validator = r->vlist_validator;
-
-	ap_table_setn(new->subprocess_env, "REDIRECT_STATUS",
-		ap_psprintf(r->pool, "%d", r->status));
-
-	/*
-	 * XXX: hmm.  This is because mod_setenvif and mod_unique_id really need
-	 * to do their thing on internal redirects as well.  Perhaps this is a
-	 * misnamed function.
-	 */
-	if ((access_status = ap_run_post_read_request(new))) {
-		ap_die(access_status, new);
-		return NULL;
-	}
-
-	return new;
-}
-
-API_EXPORT(void)
-ap_internal_redirect(const char *new_uri, request_rec *r)
-{
-	request_rec *new = internal_internal_redirect(new_uri, r);
-
-	if (new)
-		process_request_internal(new);
-}
-
-/* This function is designed for things like actions or CGI scripts, when
- * using AddHandler, and you want to preserve the content type across
- * an internal redirect.
- */
-API_EXPORT(void)
-ap_internal_redirect_handler(const char *new_uri, request_rec *r)
-{
-	request_rec *new = internal_internal_redirect(new_uri, r);
-
-	if (new) {
-		if (r->handler)
-			new->content_type = r->content_type;
-		process_request_internal(new);
-	}
-}
-
-/*
- * Is it the initial main request, which we only get *once* per HTTP request?
- */
-API_EXPORT(int)
-ap_is_initial_req(request_rec *r)
-{
-	return
-	    (r->main == NULL)   /* otherwise, this is a sub-request */
-	    &&
-	    (r->prev == NULL);  /* otherwise, this is an internal redirect */
-}
-
-/*
- * Function to set the r->mtime field to the specified value if it's later
- * than what's already there.
- */
-API_EXPORT(time_t)
-ap_update_mtime(request_rec *r, time_t dependency_mtime)
-{
-	if (r->mtime < dependency_mtime)
-		r->mtime = dependency_mtime;
-	return r->mtime;
-}
diff --git a/usr.sbin/httpd/src/main/http_vhost.c b/usr.sbin/httpd/src/main/http_vhost.c
deleted file mode 100644
index c0434c496ef..00000000000
--- a/usr.sbin/httpd/src/main/http_vhost.c
+++ /dev/null
@@ -1,1228 +0,0 @@
-/*	$OpenBSD: http_vhost.c,v 1.11 2008/05/21 11:28:48 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_vhost.c: functions pertaining to virtual host addresses
- *		(configuration and run-time)
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_log.h"
-#include "http_vhost.h"
-#include "http_protocol.h"
-
-/*
- * After all the definitions there's an explanation of how it's all put
- * together.
- */
-
-/* meta-list of name-vhosts.  Each server_rec can be in possibly multiple
- * lists of name-vhosts.
- */
-typedef struct name_chain name_chain;
-struct name_chain {
-	name_chain	*next;
-	server_addr_rec	*sar;		/* the record causing it to be in
-					 * this chain (needed for port
-					 * comparisons)  */
-	server_rec	*server;	/* the server to use on a match */
-};
-
-/* meta-list of ip addresses.  Each server_rec can be in possibly multiple
- * hash chains since it can have multiple ips.
- */
-typedef struct ipaddr_chain ipaddr_chain;
-struct ipaddr_chain {
-	ipaddr_chain	*next;
-	server_addr_rec	*sar;		/* the record causing it to be in
-					 * this chain (need for both ip addr 
-					 * and port comparisons) */
-	server_rec	*server;	/* the server to use if this matches */
-	name_chain	*names;		/* if non-NULL then a list of
-					 * name-vhosts sharing this address */
-};
-
-/* This defines the size of the hash table used for hashing ip addresses
- * of virtual hosts.  It must be a power of two.
- */
-#ifndef IPHASH_TABLE_SIZE
-#define IPHASH_TABLE_SIZE 256
-#endif
-
-/* A (n) bucket hash table, each entry has a pointer to a server rec and
- * a pointer to the other entries in that bucket.  Each individual address,
- * even for virtualhosts with multiple addresses, has an entry in this hash
- * table.  There are extra buckets for _default_, and name-vhost entries.
- *
- * Note that after config time this is constant, so it is thread-safe.
- */
-static ipaddr_chain *iphash_table[IPHASH_TABLE_SIZE];
-
-/* dump out statistics about the hash function */
-/* #define IPHASH_STATISTICS */
-
-/* list of the _default_ servers */
-static ipaddr_chain *default_list;
-
-/* list of the NameVirtualHost addresses */
-static server_addr_rec *name_vhost_list;
-static server_addr_rec **name_vhost_list_tail;
-
-/*
- * How it's used:
- *
- * The ip address determines which chain in iphash_table is interesting, then
- * a comparison is done down that chain to find the first ipaddr_chain whose
- * sar matches the address:port pair.
- *
- * If that ipaddr_chain has names == NULL then you're done, it's an ip-vhost.
- *
- * Otherwise it's a name-vhost list, and the default is the server in the
- * ipaddr_chain record.  We tuck away the ipaddr_chain record in the
- * conn_rec field vhost_lookup_data.  Later on after the headers we get a
- * second chance, and we use the name_chain to figure out what name-vhost
- * matches the headers.
- *
- * If there was no ip address match in the iphash_table then do a lookup
- * in the default_list.
- *
- * How it's put together ... well you should be able to figure that out
- * from how it's used.  Or something like that.
- */
-
-
-/* called at the beginning of the config */
-API_EXPORT(void)
-ap_init_vhost_config(pool *p)
-{
-	memset(iphash_table, 0, sizeof(iphash_table));
-	default_list = NULL;
-	name_vhost_list = NULL;
-	name_vhost_list_tail = &name_vhost_list;
-}
-
-
-/*
- * Parses a host of the form <address>[:port]
- * paddr is used to create a list in the order of input
- * **paddr is the ->next pointer of the last entry (or s->addrs)
- * *paddr is the variable used to keep track of **paddr between calls
- * port is the default port to assume
- */
-static const char *
-get_addresses(pool *p, char *w, char *pstr, server_addr_rec ***paddr,
-    unsigned port)
-{
-	struct addrinfo hints, *res, *res0;
-	server_addr_rec *sar;
-	char *t = NULL, *u = NULL, *v = NULL;
-	char *hoststr = NULL, *portstr = NULL;
-	char portpool[10];
-	int error;
-	char servbuf[NI_MAXSERV];
-
-	if (w == 0 || *w == 0)
-		return NULL;
-
-	portstr = portpool;
-	ap_snprintf(portpool, sizeof(portpool), "%u", port);
-	if (!pstr) {
-		v = w;
-		u = NULL;
-		if (*w == '['){
-			u = strrchr(w, ']');
-			if (u) {		/* [host]:port or [host] */
-				w++;
-				*u = '\0';
-				v = u + 1;
-			}
-		}
-		/*    w   uv     ,       w=v            , w=v  */  
-		/* u!=0: [host]:port , u==0: [host:port , host */
-		t = strchr(v, ':');
-		if (t != NULL && strchr(t+1, ':') == NULL) {
-			/* [host]:port-w/o-colons,
-			 * host-without-colons:port-w/o-colons
-			 */
-			*t = '\0';
-			portstr = t + 1;
-		} else
-			portstr = "0";
-	} else 
-		portstr = pstr;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	if (strcmp(w, "*") == 0 || strlen(w) == 0) {
-		hoststr = NULL;
-		hints.ai_family = ap_default_family; /* XXX was PF_UNSPEC */
-		hints.ai_flags = AI_PASSIVE;
-	} else if (strcasecmp(w, "_default4_") == 0 ||
-	    ((ap_default_family == PF_INET || ap_default_family == PF_UNSPEC)
-	    && strcasecmp(w, "_default_") == 0)) {
-		hoststr = "255.255.255.255";
-		hints.ai_family = PF_INET;
-	} else if (strcasecmp(w, "_default6_") == 0 ||
-	    ((ap_default_family == PF_INET6 || ap_default_family == PF_UNSPEC)
-	    && strcasecmp(w, "_default_") == 0)) {
-		hoststr = "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff";
-		hints.ai_family = PF_INET6;
-	} else {
-		hoststr = w;
-		hints.ai_family = ap_default_family; /* XXX was PF_UNSPEC */
-	}
-
-	error = getaddrinfo(hoststr, portstr, &hints, &res0);
-	if (error || !res0) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL,
-		    "Cannot resolve host %s port %s --- ignoring!", hoststr,
-		    portstr);
-		if (t != NULL)
-			*t = ':';
-		if (u != NULL)
-			*u = ']';
-		return NULL;
-	}
-	for (res=res0; res; res=res->ai_next) {
-		switch (res->ai_addr->sa_family) {
-		case AF_INET:
-		case AF_INET6:
-			break;
-		default:
-			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL,
-			    "Unsupported address family %u, for host %s "
-			    "port %s --- ignoring!", res->ai_addr->sa_family,
-			    hoststr, portstr);
-			continue;
-		}
-		sar = ap_pcalloc(p, sizeof(server_addr_rec));
-		**paddr = sar;
-		*paddr = &sar->next;
-		memcpy(&sar->host_addr, res->ai_addr, res->ai_addrlen);
-		if (getnameinfo(res->ai_addr, res->ai_addrlen, NULL, 0,
-		    servbuf, sizeof(servbuf), NI_NUMERICSERV) == 0)
-			sar->host_port = atoi(servbuf);
-		else
-			sar->host_port = 0;
-		sar->virthost = ap_pstrdup(p, w);
-	}
-
-	freeaddrinfo(res0);
-	if (t != NULL)
-		*t = ':';
-	if (u != NULL)
-		*u = ']';
-	return NULL;
-}
-
-/* parse the <VirtualHost> addresses */
-API_EXPORT(const char *)
-ap_parse_vhost_addrs(pool *p, const char *hostname, server_rec *s)
-{
-	server_addr_rec **addrs;
-	const char *err;
-
-	/* start the list of addreses */
-	addrs = &s->addrs;
-	while (hostname[0]) {
-		err = get_addresses(p, ap_getword_conf(p, &hostname), NULL,
-		    &addrs, s->port);
-		if (err) {
-			*addrs = NULL;
-			return err;
-		}
-	}
-	/* terminate the list */
-	*addrs = NULL;
-	if (s->addrs) {
-		if (s->addrs->host_port)
-			/* override the default port which is
-			 * inherited from main_server
-			 */
-			s->port = s->addrs->host_port;
-	}
-	return NULL;
-}
-
-
-API_EXPORT_NONSTD(const char *)
-ap_set_name_virtual_host (cmd_parms *cmd, void *dummy, char *h, char *p)
-{
-	/* use whatever port the main server has at this point */
-	return get_addresses(cmd->pool, h, p, &name_vhost_list_tail,
-	    cmd->server->port);
-}
-
-
-/* hash table statistics, keep this in here for the beta period so
- * we can find out if the hash function is ok
- */
-#ifdef IPHASH_STATISTICS
-static int
-iphash_compare(const void *a, const void *b)
-{
-	return (*(const int *)b - *(const int *)a);
-}
-
-
-static void
-dump_iphash_statistics(server_rec *main_s)
-{
-	unsigned count[IPHASH_TABLE_SIZE];
-	int i;
-	ipaddr_chain *src;
-	unsigned total;
-	char buf[HUGE_STRING_LEN];
-	char *p;
-
-	total = 0;
-	for (i = 0; i < IPHASH_TABLE_SIZE; ++i) {
-		count[i] = 0;
-		for (src = iphash_table[i]; src; src = src->next) {
-			++count[i];
-			if (i < IPHASH_TABLE_SIZE)
-				/* don't count the slop buckets in the total */
-				++total;
-		}
-	}
-	qsort(count, IPHASH_TABLE_SIZE, sizeof(count[0]), iphash_compare);
-	p = buf + ap_snprintf(buf, sizeof(buf),
-	    "iphash: total hashed = %u, avg chain = %u, "
-	    "chain lengths (count x len):",
-	    total, total / IPHASH_TABLE_SIZE);
-	total = 1;
-	for (i = 1; i < IPHASH_TABLE_SIZE; ++i) {
-		if (count[i - 1] != count[i]) {
-			p += ap_snprintf(p, sizeof(buf) - (p - buf), " %ux%u",
-			    total, count[i - 1]);
-			total = 1;
-		} else
-			++total;
-	}
-	p += ap_snprintf(p, sizeof(buf) - (p - buf), " %ux%u",
-					 total, count[IPHASH_TABLE_SIZE - 1]);
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, main_s, buf);
-}
-#endif
-
-
-/* This hashing function is designed to get good distribution in the cases
- * where the server is handling entire "networks" of servers.  i.e. a
- * whack of /24s.  This is probably the most common configuration for
- * ISPs with large virtual servers.
- *
- * NOTE: This function is symmetric (i.e. collapses all 4 octets
- * into one), so machine byte order (big/little endianness) does not matter.
- *
- * Hash function provided by David Hankins.
- */
-static ap_inline unsigned
-hash_inaddr(unsigned key)
-{
-	key ^= (key >> 16);
-	return ((key >> 8) ^ key) % IPHASH_TABLE_SIZE;
-}
-
-static unsigned
-hash_addr(struct sockaddr *sa)
-{
-	switch (sa->sa_family) {
-	case AF_INET:
-		return hash_inaddr(((struct sockaddr_in *)sa)->sin_addr.s_addr);
-	case AF_INET6:
-		return hash_inaddr(
-		    ((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[12]);
-	default:
-		return hash_inaddr(sa->sa_family);
-	}
-}
-
-
-static ipaddr_chain *
-new_ipaddr_chain(pool *p, server_rec *s, server_addr_rec *sar)
-{
-	ipaddr_chain *new;
-
-	new = ap_palloc(p, sizeof(*new));
-	new->names = NULL;
-	new->server = s;
-	new->sar = sar;
-	new->next = NULL;
-	return new;
-}
-
-
-static name_chain *
-new_name_chain(pool *p, server_rec *s, server_addr_rec *sar)
-{
-	name_chain *new;
-
-	new = ap_palloc(p, sizeof(*new));
-	new->server = s;
-	new->sar = sar;
-	new->next = NULL;
-	return new;
-}
-
-static ap_inline ipaddr_chain *
-find_ipaddr(struct sockaddr *sa)
-{
-	unsigned bucket;
-	ipaddr_chain *trav;
-	char a[NI_MAXHOST], b[NI_MAXHOST];
-
-#ifdef CFGDEBUG
-	printf("looking for an %s address\n", sa->sa_family == AF_INET ?
-	    "IPv4" : "IPv6");
-#endif
-	/* scan the hash table for an exact match first */
-	bucket = hash_addr(sa);
-	for (trav = iphash_table[bucket]; trav; trav = trav->next) {
-		server_addr_rec *sar = trav->sar;
-		if (sar->host_addr.ss_family != sa->sa_family)
-			continue;
-		switch (sa->sa_family) {
-		case AF_INET:
-		{
-			struct sockaddr_in *sin1, *sin2;
-			sin1 = (struct sockaddr_in *)&sar->host_addr;
-			sin2 = (struct sockaddr_in *)sa;
-			if (sin1->sin_port == 0 || sin2->sin_port == 0
-			    || sin1->sin_port == sin2->sin_port) {
-				if (memcmp(&sin1->sin_addr, &sin2->sin_addr,
-				    sizeof(sin1->sin_addr)) == 0)
-					return trav;
-			}
-			break;
-		}
-		case AF_INET6:
-		{
-			struct sockaddr_in6 *sin1, *sin2;
-#ifdef CFGDEBUG
-			printf("comparing two IPv6 addresses\n");
-#endif
-			sin1 = (struct sockaddr_in6 *)&sar->host_addr;
-			sin2 = (struct sockaddr_in6 *)sa;
-			if (sin1->sin6_port == 0 || sin2->sin6_port == 0
-			    || sin1->sin6_port == sin2->sin6_port) {
-				if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr,
-				    sizeof(sin1->sin6_addr)) == 0)
-					return trav;
-			}
-			break;
-		}
-		default: /*unsupported*/
-			break;
-		}
-	}
-#ifdef CFGDEBUG
-	printf("no matching address found\n");
-#endif
-	return NULL;
-}
-
-
-static ipaddr_chain *
-find_default_server(unsigned port)
-{
-	server_addr_rec *sar;
-	ipaddr_chain *trav;
-
-	for (trav = default_list; trav; trav = trav->next) {
-		sar = trav->sar;
-		if (sar->host_port == 0 || sar->host_port == port)
-			/* match! */
-			return trav;
-	}
-	return NULL;
-}
-
-static void
-dump_a_vhost(FILE *f, ipaddr_chain *ic)
-{
-	name_chain *nc;
-	int len;
-	char buf[MAX_STRING_LEN];
-
-	len = ap_snprintf(buf, sizeof(buf), "%pI", &ic->sar->host_addr);
-	if (ic->names == NULL) {
-		if (ic->server == NULL)
-			fprintf(f, "%-22s WARNING: No <VirtualHost> defined "
-			    "for this NameVirtualHost!\n", buf);
-		else
-			fprintf(f, "%-22s %s (%s:%u)\n", buf,
-			    ic->server->server_hostname, ic->server->defn_name,
-			    ic->server->defn_line_number);
-		return;
-	}
-	fprintf(f, "%-22s is a NameVirtualHost\n"
-	    "%22s default server %s (%s:%u)\n", buf, "",
-	    ic->server->server_hostname, ic->server->defn_name,
-	    ic->server->defn_line_number);
-	for (nc = ic->names; nc; nc = nc->next) {
-		if (nc->sar->host_port)
-			fprintf(f, "%22s port %u ", "", nc->sar->host_port);
-		else
-			fprintf(f, "%22s port * ", "");
-		fprintf(f, "namevhost %s (%s:%u)\n",
-		    nc->server->server_hostname, nc->server->defn_name,
-		    nc->server->defn_line_number);
-	}
-}
-
-static void
-dump_vhost_config(FILE *f)
-{
-	ipaddr_chain *ic;
-	int i;
-
-	fprintf(f, "VirtualHost configuration:\n");
-	for (i = 0; i < IPHASH_TABLE_SIZE; ++i) {
-		for (ic = iphash_table[i]; ic; ic = ic->next)
-			dump_a_vhost(f, ic);
-	}
-	if (default_list) {
-		fprintf(f, "wildcard NameVirtualHosts and _default_ "
-		    "servers:\n");
-		for (ic = default_list; ic; ic = ic->next)
-			dump_a_vhost(f, ic);
-	}
-}
-
-/* Helper functions for ap_fini_vhost_config() */
-static int
-add_name_vhost_config(pool *p, server_rec *main_s, server_rec *s,
-    server_addr_rec *sar, ipaddr_chain *ic)
-{
-	/*
-	 * the first time we encounter a NameVirtualHost address
-	 * ic->server will be NULL, on subsequent encounters
-	 * ic->names will be non-NULL.
-	 */
-#ifdef CFGDEBUG
-	printf("add_name_vhost_config: ic: %p\n", ic);
-	printf("add_name_vhost_config: sar->virhost: %s, sar->host_port: %u\n",
-	    sar->virthost, sar->host_port);
-	printf("add_name_vhost_config: ic->names: %s, ic->server: %s\n",
-	    ic->names != NULL ? "set" : "null",
-	    ic->server != NULL ? "set" : "null");
-#endif
-	if (ic->names || ic->server == NULL) {
-		name_chain *nc = new_name_chain(p, s, sar);
-#ifdef CFGDEBUG
-		printf("new_name_chain returns %s\n", nc == NULL ? "null" :
-		    "non-null");
-#endif
-		nc->next = ic->names;
-		ic->names = nc;
-		ic->server = s;
-		if (sar->host_port != ic->sar->host_port) {
-			/* one of the two is a * port, the other isn't */
-			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
-			    main_s,
-			    "VirtualHost %s:%u -- mixing * ports and non-* "
-			    "ports with a NameVirtualHost address is not "
-			    "supported, proceeding with undefined results",
-			    sar->virthost, sar->host_port);
-		}
-		return 1;
-	} else 
-		/* IP-based vhosts are handled by the caller */
-		return 0;
-}
-
-static void
-remove_unused_name_vhosts(server_rec *main_s, ipaddr_chain **pic)
-{
-	while (*pic) {
-		ipaddr_chain *ic = *pic;
-		
-		if (ic->server == NULL) {
-			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
-			    main_s, "NameVirtualHost %s:%u has no VirtualHosts",
-			    ic->sar->virthost, ic->sar->host_port);
-			*pic = ic->next;
-		} else if (ic->names == NULL)
-			/* if server != NULL and names == NULL then we're done
-			 * looking at NameVirtualHosts
-			 */
-			break;
-		else 
-			pic = &ic->next;
-	}
-}
-
-/* compile the tables and such we need to do the run-time vhost lookups */
-API_EXPORT(void)
-ap_fini_vhost_config(pool *p, server_rec *main_s)
-{
-	server_addr_rec *sar;
-	int has_default_vhost_addr;
-	server_rec *s;
-	int i;
-	ipaddr_chain **iphash_table_tail[IPHASH_TABLE_SIZE];
-
-	/* terminate the name_vhost list */
-	*name_vhost_list_tail = NULL;
-
-	/* Main host first */
-	s = main_s;
-
-	if (!s->server_hostname)
-		s->server_hostname = ap_get_local_host(p);
-
-	/* initialize the tails */
-	for (i = 0; i < IPHASH_TABLE_SIZE; ++i)
-		iphash_table_tail[i] = &iphash_table[i];
-
-	/* The first things to go into the hash table are the NameVirtualHosts
-	 * Since name_vhost_list is in the same order that the directives
-	 * occured in the config file, we'll copy it in that order.
-	 */
-	for (sar = name_vhost_list; sar; sar = sar->next) {
-		unsigned bucket = hash_addr((struct sockaddr *)&sar->host_addr);
-		ipaddr_chain *ic = new_ipaddr_chain(p, NULL, sar);
-		int wildcard;
-
-		wildcard = 0;
-		switch (sar->host_addr.ss_family) {
-		case AF_INET:
-		{
-			struct sockaddr_in *sin;
-			sin = (struct sockaddr_in *)&sar->host_addr;
-			if (sin->sin_addr.s_addr == INADDR_ANY)
-				wildcard++;
-			break;
-		}
-		case AF_INET6:
-		{
-			struct sockaddr_in6 *sin6;
-			sin6 = (struct sockaddr_in6 *)&sar->host_addr;
-			if (*(uint32_t *)&sin6->sin6_addr.s6_addr[0] == 0
-			    && *(uint32_t *)&sin6->sin6_addr.s6_addr[4] == 0
-			    && *(uint32_t *)&sin6->sin6_addr.s6_addr[8] == 0
-			    && *(uint32_t *)&sin6->sin6_addr.s6_addr[12] == 0)
-				wildcard++;
-			break;
-		}
-		}
-
-		if (!wildcard) {
-			*iphash_table_tail[bucket] = ic;
-			iphash_table_tail[bucket] = &ic->next;
-		} else {
-			/*
-			 * A wildcard NameVirtualHost goes on the default_list
-			 * so that it can catch incoming requests on any
-			 * address.
-			 */
-			ic->next = default_list;
-			default_list = ic;
-		}
-		/* Notice that what we've done is insert an ipaddr_chain with
-		 * both server and names NULL. This fact is used to spot name-
-		 * based vhosts in add_name_vhost_config().
-		 */
-	}
-
-	/* The next things to go into the hash table are the virtual hosts
-	 * themselves.  They're listed off of main_s->next in the reverse
-	 * order they occured in the config file, so we insert them at
-	 * the iphash_table_tail but don't advance the tail.
-	 */
-
-	for (s = main_s->next; s; s = s->next) {
-		has_default_vhost_addr = 0;
-		for (sar = s->addrs; sar; sar = sar->next) {
-			ipaddr_chain *ic;
-			int wildcard;
-
-			wildcard = 0;
-			switch (sar->host_addr.ss_family) {
-			case AF_INET:
-			{
-				struct sockaddr_in *sin;
-#ifdef CFGDEBUG
-				printf("adding an IPv4 vhost\n");
-#endif
-				sin = (struct sockaddr_in *)&sar->host_addr;
-				if (sin->sin_addr.s_addr == DEFAULT_VHOST_ADDR)
-					wildcard++;
-				else if (sin->sin_addr.s_addr == INADDR_ANY)
-					wildcard++;
-				break;
-			}
-			case AF_INET6:
-			{
-				struct sockaddr_in6 *sin6;
-#ifdef CFGDEBUG
-				printf("adding an IPv6 vhost\n");
-#endif
-				sin6 = (struct sockaddr_in6 *)&sar->host_addr;
-				if (*(uint32_t *)&sin6->sin6_addr.s6_addr[0]
-				    == ~0
-				    && *(uint32_t *)&sin6->sin6_addr.s6_addr[4]
-				    == ~0
-				    && *(uint32_t *)&sin6->sin6_addr.s6_addr[8]
-				    == ~0
-				    && *(uint32_t *)&sin6->sin6_addr.s6_addr[12]
-				    == ~0)
-					wildcard++;
-				break;
-			}
-			}
-
-			if (wildcard) {
-				/* add it to default bucket for each
-				 * appropriate sar since we need to do a port
-				 * test
-				 */
-				ipaddr_chain *other;
-
-				other = find_default_server(sar->host_port);
-				if (!other ||
-				    !add_name_vhost_config(p, main_s, s, sar,
-				    other)) {
-					if (other && other->sar->host_port != 0)
-						ap_log_error(APLOG_MARK,
-						    APLOG_NOERRNO|APLOG_WARNING,
-						    main_s,
-						    "_default_ VirtualHost "
-						    "overlap on port %u,"
-						    " the first has precedence",
-						    sar->host_port);
-					ic = new_ipaddr_chain(p, s, sar);
-					ic->next = default_list;
-					default_list = ic;
-				}
-				has_default_vhost_addr = 1;
-			} else {
-				/*
-				 * see if it matches something we've already
-				 * got
-				 */
-				ic = find_ipaddr(
-				    (struct sockaddr *)&sar->host_addr);
-
-				if (!ic) {
-					unsigned bucket =
-					    hash_addr(
-					    (struct sockaddr *)&sar->host_addr);
-
-					ic = new_ipaddr_chain(p, s, sar);
-					ic->next = *iphash_table_tail[bucket];
-					*iphash_table_tail[bucket] = ic;
-				} else if (!add_name_vhost_config(p, main_s, s,
-				    sar, ic)) {
-					ap_log_error(APLOG_MARK,
-					    APLOG_NOERRNO|APLOG_WARNING, main_s,
-					    "VirtualHost %s:%u overlaps with "
-					    "VirtualHost %s:%u, the first has "
-					    "precedence, perhaps you need a "
-					    "NameVirtualHost directive",
-					    sar->virthost, sar->host_port,
-					    ic->sar->virthost,
-					    ic->sar->host_port);
-					ic->sar = sar;
-					ic->server = s;
-				}
-			}
-		}
-
-		/*
-		 * Ok now we want to set up a server_hostname if the user was
-		 * silly enough to forget one.
-		 * XXX: This is silly we should just crash and burn.
-		 */
-		if (!s->server_hostname) {
-			if (has_default_vhost_addr)
-				s->server_hostname = main_s->server_hostname;
-			else if (!s->addrs) {
-				/* what else can we do?  at this point this
-				 * vhost has no configured name, probably
-				 * because they used DNS in the VirtualHost
-				 * statement.  It's disabled anyhow by the
-				 * host matching code.  -djg
-				 */
-				s->server_hostname =
-				    ap_pstrdup(p,
-				    "bogus_host_without_forward_dns");
-			} else {
-				struct hostent *h;
-				char hostnamebuf[MAXHOSTNAMELEN];
-
-				if (!getnameinfo(
-				    (struct sockaddr *)&s->addrs->host_addr,
-				    s->addrs->host_addr.ss_len,
-				    hostnamebuf, sizeof(hostnamebuf),
-				    NULL, 0, 0))
-					s->server_hostname =
-					    ap_pstrdup(p, hostnamebuf);
-				else {
-					/* again, what can we do?  They didn't
-					 * specify a ServerName, and their DNS
-					 * isn't working. -djg */
-					getnameinfo((struct sockaddr *)
-					    &s->addrs->host_addr,
-					    s->addrs->host_addr.ss_len,
-					    hostnamebuf,
-					    sizeof(hostnamebuf),
-					    NULL, 0, NI_NUMERICHOST);
-					ap_log_error(APLOG_MARK,
-					    APLOG_NOERRNO|APLOG_ERR, main_s,
-					    "Failed to resolve server name "
-					    "for %s (check DNS) -- or specify "
-					    "an explicit ServerName",
-					    hostnamebuf);
-					s->server_hostname =
-					    ap_pstrdup(p,
-					    "bogus_host_without_reverse_dns");
-				}
-			}
-		}
-	}
-
-	/*
-	 * now go through and delete any NameVirtualHosts that didn't have any
-	 * hosts associated with them.  Lamers.
-	 */
-	for (i = 0; i < IPHASH_TABLE_SIZE; ++i)
-		remove_unused_name_vhosts(main_s, &iphash_table[i]);
-	remove_unused_name_vhosts(main_s, &default_list);
-
-#ifdef IPHASH_STATISTICS
-	dump_iphash_statistics(main_s);
-#endif
-	if (ap_dump_settings)
-		dump_vhost_config(stderr);
-}
-
-
-/*****************************************************************************
- * run-time vhost matching functions
- */
-
-/* Lowercase and remove any trailing dot and/or :port from the hostname,
- * and check that it is sane.
- *
- * In most configurations the exact syntax of the hostname isn't
- * important so strict sanity checking isn't necessary. However, in
- * mass hosting setups (using mod_vhost_alias or mod_rewrite) where
- * the hostname is interpolated into the filename, we need to be sure
- * that the interpolation doesn't expose parts of the filesystem.
- * We don't do strict RFC 952 / RFC 1123 syntax checking in order
- * to support iDNS and people who erroneously use underscores.
- * Instead we just check for filesystem metacharacters: directory
- * separators / and \ and sequences of more than one dot.
- */
-static void
-fix_hostname(request_rec *r)
-{
-	char *host = ap_palloc(r->pool, strlen(r->hostname) + 1);
-	const char *src;
-	char *dst;
-	const char *u = NULL, *v = NULL;
-
-	/* check and copy the host part */
-	u = src = r->hostname;
-
-	dst = host;
-	if (*u == '[') { /* IPv6 numeral address in brackets */
-		v = strchr(u, ']');
-		if (v == NULL)
-			/* missing closing bracket */
-			goto bad;
-
-		if (v == (u + 1))
-			/* bad empty address */
-			goto bad;
-
-		for (src = u+1; src < v; src++)  /* copy IPv6 adress */
-			*dst = *src;
-		v++;
-		if (*v == ':') {
-			v++;
-			while (*v) {  /* check if portnum is correct */
-				if (!ap_isdigit(*v++))
-					goto bad;
-			}
-		}
-	} else {
-		while (*src) {
-			if (*src == '.') {
-				*dst++ = *src++;
-				if (*src == '.')
-					goto bad;
-				else
-					continue;
-			}
-			if (*src == '/' || *src == '\\')
-				goto bad;
-			if (*src == ':') {
-				/* sheck the port part */
-				while (*++src) {
-					if (!ap_isdigit(*src))
-						goto bad;
-				}
-				if (src[-1] == ':')
-					goto bad;
-				else
-					break;
-			}
-			*dst++ = *src++;
-		}
-	}
-	/* strip trailing gubbins */
-	if (dst > host && dst[-1] == '.')
-		dst[-1] = '\0';
-	else
-		dst[0] = '\0';
-
-	r->hostname = host;
-	return;
-
-bad:
-	r->status = HTTP_BAD_REQUEST;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-	    "Client sent malformed Host header <<%s>>",u);
-	return;
-}
-
-
-/* return 1 if host matches ServerName or ServerAliases */
-static int
-matches_aliases(server_rec *s, const char *host)
-{
-	int i;
-	array_header *names;
-
-	/* match ServerName */
-	if (!strcasecmp(host, s->server_hostname))
-		return 1;
-
-	/* search all the aliases from ServerAlias directive */
-	names = s->names;
-	if (names) {
-		char **name = (char **) names->elts;
-		for (i = 0; i < names->nelts; ++i) {
-			if(!name[i])
-				continue;
-			if (!strcasecmp(host, name[i]))
-				return 1;
-		}
-	}
-	names = s->wild_names;
-	if (names) {
-		char **name = (char **) names->elts;
-		for (i = 0; i < names->nelts; ++i) {
-			if(!name[i])
-				continue;
-			if (!ap_strcasecmp_match(host, name[i]))
-				return 1;
-		}
-	}
-	return 0;
-}
-
-
-/* Suppose a request came in on the same socket as this r, and included
- * a header "Host: host:port", would it map to r->server?  It's more
- * than just that though.  When we do the normal matches for each request
- * we don't even bother considering Host: etc on non-namevirtualhosts,
- * we just call it a match.  But here we require the host:port to match
- * the ServerName and/or ServerAliases.
- */
-API_EXPORT(int)
-ap_matches_request_vhost(request_rec *r, const char *host, unsigned port)
-{
-	server_rec *s;
-	server_addr_rec *sar;
-
-	s = r->server;
-
-	/* search all the <VirtualHost> values */
-	/* XXX: If this is a NameVirtualHost then we may not be doing the
-	 * Right Thing, consider: 
-	 *
-	 *	 NameVirtualHost 10.1.1.1
-	 *	 <VirtualHost 10.1.1.1>
-	 *	 ServerName v1
-	 *	 </VirtualHost>
-	 *	 <VirtualHost 10.1.1.1>
-	 *	 ServerName v2
-	 *	 </VirtualHost>
-	 *
-	 * Suppose r->server is v2, and we're asked to match "10.1.1.1". 
-	 * We'll say "yup it's v2", when really it isn't... if a request
-	 * came in for 10.1.1.1 it would really go to v1.
-	 */
-	for (sar = s->addrs; sar; sar = sar->next)
-		if ((sar->host_port == 0 || port == sar->host_port)
-		    && !strcasecmp(host, sar->virthost))
-			return 1;
-
-	/* the Port has to match now, because the rest don't have ports
-	 * associated with them.
-	 */
-	if (port != s->port)
-		return 0;
-
-	return matches_aliases(s, host);
-}
-
-
-static void
-check_hostalias(request_rec *r)
-{
-	/*
-	 * Even if the request has a Host: header containing a port we ignore
-	 * that port.  We always use the physical port of the socket.  There
-	 * are a few reasons for this:
-	 *
-	 * - the default of 80 or 443 for SSL is easier to handle this way
-	 * - there is less of a possibility of a security problem
-	 * - it simplifies the data structure
-	 * - the client may have no idea that a proxy somewhere along the way
-	 *   translated the request to another ip:port
-	 * - except for the addresses from the VirtualHost line, none of the
-	 *   other names we'll match have ports associated with them
-	 */
-	const char *host = r->hostname;
-	unsigned port;
-	server_rec *s;
-	server_rec *last_s;
-	name_chain *src;
-
-	switch (r->connection->local_addr.ss_family) {
-	case AF_INET:
-		port = ntohs(((struct sockaddr_in *)
-		    &r->connection->local_addr)->sin_port);
-		break;
-	case AF_INET6:
-		port = ntohs(((struct sockaddr_in6 *)
-		    &r->connection->local_addr)->sin6_port);
-		break;
-	default:
-		port = 0;		/*XXX*/
-	}
-	last_s = NULL;
-
-	/* Recall that the name_chain is a list of server_addr_recs, some of
-	 * whose ports may not match.  Also each server may appear more than
-	 * once in the chain -- specifically, it will appear once for each
-	 * address from its VirtualHost line which matched.  We only want to
-	 * do the full ServerName/ServerAlias comparisons once for each
-	 * server, fortunately we know that all the VirtualHost addresses for
-	 * a single server are adjacent to each other.
-	 */
-
-	for (src = r->connection->vhost_lookup_data; src; src = src->next) {
-		server_addr_rec *sar;
-
-		/* We only consider addresses on the name_chain which have a
-		 * matching port
-		 */
-		sar = src->sar;
-		if (sar->host_port != 0 && port != sar->host_port)
-			continue;
-
-		s = src->server;
-
-		/* does it match the virthost from the sar? */
-		if (!strcasecmp(host, sar->virthost))
-			goto found;
-
-		if (s == last_s)
-			/* we've already done ServerName and ServerAlias checks
-			 * for this vhost
-			 */
-			continue;
-
-		last_s = s;
-
-		if (matches_aliases(s, host))
-			goto found;
-	}
-	return;
-
-found:
-	/* s is the first matching server, we're done */
-	r->server = r->connection->server = s;
-}
-
-
-static void
-check_serverpath(request_rec *r)
-{
-	server_rec *s;
-	server_rec *last_s;
-	name_chain *src;
-	unsigned port;
-
-	switch (r->connection->local_addr.ss_family) {
-	case AF_INET:
-		port = ntohs(((struct sockaddr_in *)
-		    &r->connection->local_addr)->sin_port);
-		break;
-	case AF_INET6:
-		port = ntohs(((struct sockaddr_in6 *)
-		    &r->connection->local_addr)->sin6_port);
-		break;
-	default:
-		port = 0;		/*XXX*/
-	}
-
-	/*
-	 * This is in conjunction with the ServerPath code in http_core, so we
-	 * get the right host attached to a non- Host-sending request.
-	 *
-	 * See the comment in check_hostalias about how each vhost can be
-	 * listed multiple times.
-	 */
-
-	last_s = NULL;
-	for (src = r->connection->vhost_lookup_data; src; src = src->next) {
-		/* We only consider addresses on the name_chain which have a
-		 * matching port
-		 */
-		if (src->sar->host_port != 0 && port != src->sar->host_port)
-			continue;
-
-		s = src->server;
-		if (s == last_s)
-			continue;
-		last_s = s;
-
-		if (s->path && !strncmp(r->uri, s->path, s->pathlen) &&
-		    (s->path[s->pathlen - 1] == '/' ||
-		    r->uri[s->pathlen] == '/' ||
-		    r->uri[s->pathlen] == '\0')) {
-			r->server = r->connection->server = s;
-			return;
-		}
-	}
-}
-
-
-API_EXPORT(void)
-ap_update_vhost_from_headers(request_rec *r)
-{
-	/* must set this for HTTP/1.1 support */
-	if (r->hostname ||
-	    (r->hostname = ap_table_get(r->headers_in, "Host"))) {
-		fix_hostname(r);
-		if (r->status != HTTP_OK)
-			return;
-	}
-	/* check if we tucked away a name_chain */
-	if (r->connection->vhost_lookup_data) {
-		if (r->hostname)
-			check_hostalias(r);
-		else
-			check_serverpath(r);
-	}
-}
-
-
-/* Called for a new connection which has a known local_addr.  Note that the
- * new connection is assumed to have conn->server == main server.
- */
-API_EXPORT(void)
-ap_update_vhost_given_ip(conn_rec *conn)
-{
-	ipaddr_chain *trav;
-	char portbuf[NI_MAXSERV];
-	unsigned port;
-
-	if (getnameinfo((struct sockaddr *)&conn->local_addr,
-	    conn->local_addr.ss_len,
-	    NULL, 0, portbuf, sizeof(portbuf), NI_NUMERICSERV) != 0)
-		goto fail;
-
-	port = atoi(portbuf);
-
-	/* scan the hash table for an exact match first */
-	trav = find_ipaddr((struct sockaddr *)&conn->local_addr);
-	if (trav) {
-		/* save the name_chain for later in case this is a name-vhost */
-		conn->vhost_lookup_data = trav->names;
-		conn->server = trav->server;
-		return;
-	}
-
-	/* maybe there's a default server or wildcard name-based vhost
-	 * matching this port
-	 */
-	trav = find_default_server(port);
-	if (trav) {
-		conn->vhost_lookup_data = trav->names;
-		conn->server = trav->server;
-		return;
-	}
-
-fail:
-	/* otherwise we're stuck with just the main server
-	 * and no name-based vhosts
-	 */
-	conn->vhost_lookup_data = NULL;
-}
diff --git a/usr.sbin/httpd/src/main/rfc1413.c b/usr.sbin/httpd/src/main/rfc1413.c
deleted file mode 100644
index 39c9fe38b6e..00000000000
--- a/usr.sbin/httpd/src/main/rfc1413.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/*	$OpenBSD: rfc1413.c,v 1.14 2008/05/21 11:28:48 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * rfc1413() speaks a common subset of the RFC 1413, AUTH, TAP and IDENT
- * protocols. The code queries an RFC 1413 etc. compatible daemon on a remote
- * host to look up the owner of a connection. The information should not be
- * used for authentication purposes. This routine intercepts alarm signals.
- * 
- * Diagnostics are reported through syslog(3).
- * 
- * Author: Wietse Venema, Eindhoven University of Technology,
- * The Netherlands.
- */
-
-/* Some small additions for Apache --- ditch the "sccsid" var if
- * compiling with gcc (it *has* changed), include ap_config.h for the
- * prototypes it defines on at least one system (SunlOSs) which has
- * them missing from the standard header files, and one minor change
- * below (extra parens around assign "if (foo = bar) ..." to shut up
- * gcc -Wall).
- */
-
-/* Rewritten by David Robinson */
-
-#include "httpd.h"		/* for server_rec, conn_rec, ap_longjmp, etc. */
-#include "http_log.h"		/* for aplog_error */
-#include "rfc1413.h"
-#include "http_main.h"		/* set_callback_and_alarm */
-
-/* Local stuff. */
-/* Semi-well-known port */
-#define	RFC1413_PORT	113
-/* maximum allowed length of userid */
-#define RFC1413_USERLEN 512
-/* rough limit on the amount of data we accept. */
-#define RFC1413_MAXDATA 1000
-
-#ifndef RFC1413_TIMEOUT
-#define RFC1413_TIMEOUT	30
-#endif
-#define	ANY_PORT	0	/* Any old port will do */
-#define FROM_UNKNOWN  "unknown"
-
-int ap_rfc1413_timeout = RFC1413_TIMEOUT;	/* Global so it can be changed */
-
-#define RFC_USER_STATIC static
-static JMP_BUF timebuf;
-
-/* ident_timeout - handle timeouts */
-static void
-ident_timeout(int sig)
-{
-	ap_longjmp(timebuf, sig);
-}
-
-/* bind_connect - bind both ends of a socket */
-/* Ambarish fix this. Very broken */
-static int
-get_rfc1413(int sock, const struct sockaddr *our_sin,
-    const struct sockaddr *rmt_sin, char user[RFC1413_USERLEN+1],
-    server_rec *srv)
-{
-	struct sockaddr_storage rmt_query_sin, our_query_sin;
-	unsigned int o_rmt_port, o_our_port;	/* original port pair */
-	unsigned int rmt_port, our_port;	/* replied port pair */
-	int i;
-	char *cp;
-	char buffer[RFC1413_MAXDATA + 1];
-	int buflen;
-
-	/*
-	 * Bind the local and remote ends of the query socket to the same
-	 * IP addresses as the connection under investigation. We go
-	 * through all this trouble because the local or remote system
-	 * might have more than one network address. The RFC1413 etc.
-	 * client sends only port numbers; the server takes the IP
-	 * addresses from the query socket.
-	 */
-
-	memcpy(&our_query_sin, our_sin, our_sin->sa_len);
-	memcpy(&rmt_query_sin, rmt_sin, rmt_sin->sa_len);
-	switch (our_sin->sa_family) {
-	case AF_INET:
-		((struct sockaddr_in *)&our_query_sin)->sin_port =
-		    htons(ANY_PORT);
-		o_our_port = ntohs(((struct sockaddr_in *)our_sin)->sin_port);
-		((struct sockaddr_in *)&rmt_query_sin)->sin_port =
-		    htons(RFC1413_PORT);
-		o_rmt_port = ntohs(((struct sockaddr_in *)rmt_sin)->sin_port);
-		break;
-	case AF_INET6:
-		((struct sockaddr_in6 *)&our_query_sin)->sin6_port =
-		    htons(ANY_PORT);
-		o_our_port =
-		    ntohs(((struct sockaddr_in6 *)our_sin)->sin6_port);
-		((struct sockaddr_in6 *)&rmt_query_sin)->sin6_port =
-		    htons(RFC1413_PORT);
-		o_rmt_port =
-		    ntohs(((struct sockaddr_in6 *)rmt_sin)->sin6_port);
-		break;
-	default:
-		/* unsupported AF */
-		return -1;
-	}
-
-	if (bind(sock, (struct sockaddr *) &our_query_sin,
-	    our_query_sin.ss_len) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
-		    "bind: rfc1413: Error binding to local port");
-		return -1;
-	}
-
-	/*
-	 * errors from connect usually imply the remote machine doesn't
-	 * support the service
-	 */
-	if (connect(sock, (struct sockaddr *) &rmt_query_sin,
-	    rmt_query_sin.ss_len) < 0)
-		return -1;
-
-	/* send the data */
-	buflen = ap_snprintf(buffer, sizeof(buffer), "%u,%u\r\n", o_rmt_port,
-	    o_our_port);
-
-	/* send query to server. Handle short write. */
-	i = 0;
-	while(i < (int)strlen(buffer)) {
-		int j;
-		j = write(sock, buffer+i, (strlen(buffer+i)));
-		if (j < 0 && errno != EINTR) {
-			ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
-			    "write: rfc1413: error sending request");
-			return -1;
-		} else if (j > 0)
-			i+=j; 
-	}
-
-	/*
-	 * Read response from server. - the response should be newline 
-	 * terminated according to rfc - make sure it doesn't stomp it's
-	 * way out of the buffer.
-	 */
-	i = 0;
-	memset(buffer, '\0', sizeof(buffer));
-	/*
-	 * Note that the strchr function below checks for \012 instead of '\n'
-	 * this allows it to work on both ASCII and EBCDIC machines.
-	 */
-	while((cp = strchr(buffer, '\012')) == NULL &&
-	    i < sizeof(buffer) - 1) {
-		int j;
-
-		j = read(sock, buffer+i, (sizeof(buffer) - 1) - i);
-		if (j < 0 && errno != EINTR) {
-			ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
-			    "read: rfc1413: error reading response");
-			return -1;
-		}
-		else if (j > 0)
-			i+=j; 
-	}
-
-	/* RFC1413_USERLEN = 512 */
-	if (sscanf(buffer, "%u , %u : USERID :%*[^:]:%512s", &rmt_port,
-	    &our_port, user) != 3 || o_rmt_port != rmt_port ||
-	    o_our_port != our_port)
-		return -1;
-
-	/*
-	* Strip trailing carriage return. It is part of the
-	* protocol, not part of the data.
-	*/
-	if ((cp = strchr(user, '\r')))
-		*cp = '\0';
-
-	return 0;
-}
-
-/* rfc1413 - return remote user name, given socket structures */
-API_EXPORT(char *)
-ap_rfc1413(conn_rec *conn, server_rec *srv)
-{
-	RFC_USER_STATIC char user[RFC1413_USERLEN + 1];	/* XXX */
-	RFC_USER_STATIC char *result;
-	RFC_USER_STATIC int sock;
-
-	result = FROM_UNKNOWN;
-
-	sock = ap_psocket_ex(conn->pool, conn->remote_addr.ss_family,
-	    SOCK_STREAM, IPPROTO_TCP, 1);
-	if (sock < 0) {
-		ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
-		    "socket: rfc1413: error creating socket");
-		conn->remote_logname = result;
-	}
-
-	/*
-	* Set up a timer so we won't get stuck while waiting for the server.
-	*/
-	if (ap_setjmp(timebuf) == 0) {
-		ap_set_callback_and_alarm(ident_timeout, ap_rfc1413_timeout);
-
-		if (get_rfc1413(sock, (struct sockaddr *)&conn->local_addr,
-		    (struct sockaddr *)&conn->remote_addr, user, srv) >= 0)
-			result = user;
-	}
-	ap_set_callback_and_alarm(NULL, 0);
-	ap_pclosesocket(conn->pool, sock);
-	conn->remote_logname = result;
-
-	return conn->remote_logname;
-}
-
diff --git a/usr.sbin/httpd/src/main/util.c b/usr.sbin/httpd/src/main/util.c
deleted file mode 100644
index 2b35e2dc271..00000000000
--- a/usr.sbin/httpd/src/main/util.c
+++ /dev/null
@@ -1,2224 +0,0 @@
-/*	$OpenBSD: util.c,v 1.28 2008/05/23 08:41:48 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * util.c: string utility things
- * 
- * 3/21/93 Rob McCool
- * 1995-96 Many changes by the Apache Group
- * 
- */
-
-/* 
- * Debugging aid:
- * #define DEBUG            to trace all cfg_open*()/cfg_closefile() calls
- * #define DEBUG_CFG_LINES  to trace every line read from the config files
- */
-
-#include "httpd.h"
-#include "http_conf_globals.h"	/* for user_id & group_id */
-#include "http_log.h"
-
-/* 
- * A bunch of functions in util.c scan strings looking for certain characters.
- * To make that more efficient we encode a lookup table.  The test_char_table
- * is generated automatically by gen_test_char.c.
- */
-#include "test_char.h"
-
-/*
- * we assume the folks using this ensure 0 <= c < 256... which means
- * you need a cast to (unsigned char) first, you can't just plug a
- * char in here and get it to work, because if char is signed then it
- * will first be sign extended.
- */
-#define TEST_CHAR(c, f)	(test_char_table[(unsigned)(c)] & (f))
-
-void
-ap_util_init(void)
-{
-	/* 
-	 * nothing to do... previously there was run-time initialization of
-	 * test_char_table here
-	 */
-}
-
-
-API_VAR_EXPORT const char ap_month_snames[12][4] =
-{
-	"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul",
-	    "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-API_VAR_EXPORT const char ap_day_snames[7][4] =
-{
-    "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
-};
-
-API_EXPORT(char *)
-ap_get_time(void)
-{
-	time_t t;
-	char *time_string;
-
-	t = time(NULL);
-	time_string = ctime(&t);
-	time_string[strlen(time_string) - 1] = '\0';
-	return (time_string);
-}
-
-/*
- * Examine a field value (such as a media-/content-type) string and return
- * it sans any parameters; e.g., strip off any ';charset=foo' and the like.
- */
-API_EXPORT(char *)
-ap_field_noparam(pool *p, const char *intype)
-{
-	const char *semi;
-
-	if (intype == NULL) return NULL;
-
-	semi = strchr(intype, ';');
-	if (semi == NULL)
-		return ap_pstrdup(p, intype);
-	else {
-		while ((semi > intype) && ap_isspace(semi[-1]))
-			semi--;
-
-		return ap_pstrndup(p, intype, semi - intype);
-	}
-}
-
-API_EXPORT(char *)
-ap_ht_time(pool *p, time_t t, const char *fmt, int gmt)
-{
-	char ts[MAX_STRING_LEN];
-	char tf[MAX_STRING_LEN];
-	struct tm *tms;
-
-	tms = (gmt ? gmtime(&t) : localtime(&t));
-	if(gmt) {
-		/*
-		 * Convert %Z to "GMT" and %z to "+0000";
-		 * on hosts that do not have a time zone string in struct tm,
-		 * strftime must assume its argument is local time.
-		 */
-		const char *f;
-		char *strp;
-		for(strp = tf, f = fmt; strp < tf + sizeof(tf) - 6
-		    && (*strp = *f); f++, strp++) {
-			if (*f != '%')
-				continue;
-			switch (f[1]) {
-			case '%':
-				*++strp = *++f;
-				break;
-			case 'Z':
-				*strp++ = 'G';
-				*strp++ = 'M';
-				*strp = 'T';
-				f++;
-				break;
-			case 'z': /* common extension */
-				*strp++ = '+';
-				*strp++ = '0';
-				*strp++ = '0';
-				*strp++ = '0';
-				*strp = '0';
-				f++;
-				break;
-			}
-		}
-		*strp = '\0';
-		fmt = tf;
-	}
-
-	/* check return code? */
-	strftime(ts, MAX_STRING_LEN, fmt, tms);
-	ts[MAX_STRING_LEN - 1] = '\0';
-	return ap_pstrdup(p, ts);
-}
-
-API_EXPORT(char *)
-ap_gm_timestr_822(pool *p, time_t sec)
-{
-	struct tm *tms;
-
-	tms = gmtime(&sec);
-
-	/* RFC date format; as strftime '%a, %d %b %Y %T GMT' */
-	return ap_psprintf(p, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT",
-	    ap_day_snames[tms->tm_wday], tms->tm_mday,
-	    ap_month_snames[tms->tm_mon], tms->tm_year + 1900,
-	    tms->tm_hour, tms->tm_min, tms->tm_sec);
-}
-
-/* What a pain in the ass. */
-API_EXPORT(struct tm *)
-ap_get_gmtoff(int *tz)
-{
-	time_t tt = time(NULL);
-	struct tm *t;
-
-	t = localtime(&tt);
-	*tz = (int)(t->tm_gmtoff / 60);
-	return t;
-}
-
-/* Roy owes Rob beer. */
-/* Rob owes Roy dinner. */
-
-/*
- * These legacy comments would make a lot more sense if Roy hadn't
- * replaced the old later_than() routine with util_date.c.
- *
- * Well, okay, they still wouldn't make any sense.
- */
-
-/*
- * Match = 0, NoMatch = 1, Abort = -1
- * Based loosely on sections of wildmat.c by Rich Salz
- * Hmmm... shouldn't this really go component by component?
- */
-API_EXPORT(int)
-ap_strcmp_match(const char *str, const char *exp)
-{
-	int x, y;
-
-	for (x = 0, y = 0; exp[y]; ++y, ++x) {
-		if ((!str[x]) && (exp[y] != '*'))
-			return -1;
-		if (exp[y] == '*') {
-			while (exp[++y] == '*');
-				if (!exp[y])
-					return 0;
-			while (str[x]) {
-				int ret;
-				if ((ret = ap_strcmp_match(&str[x++],
-				    &exp[y])) != 1)
-					return ret;
-			}
-			return -1;
-		} else if ((exp[y] != '?') && (str[x] != exp[y]))
-			return 1;
-	}
-	return (str[x] != '\0');
-}
-
-API_EXPORT(int)
-ap_strcasecmp_match(const char *str, const char *exp)
-{
-	int x, y;
-
-	for (x = 0, y = 0; exp[y]; ++y, ++x) {
-		if ((!str[x]) && (exp[y] != '*'))
-			return -1;
-		if (exp[y] == '*') {
-			while (exp[++y] == '*');
-				if (!exp[y])
-					return 0;
-			while (str[x]) {
-				int ret;
-				if ((ret = ap_strcasecmp_match(&str[x++],
-				    &exp[y])) != 1)
-					return ret;
-			}
-			return -1;
-		} else if ((exp[y] != '?') &&
-		    (ap_tolower(str[x]) != ap_tolower(exp[y])))
-			return 1;
-	}
-	return (str[x] != '\0');
-}
-
-API_EXPORT(int)
-ap_is_matchexp(const char *str)
-{
-	int x;
-
-	for (x = 0; str[x]; x++)
-		if ((str[x] == '*') || (str[x] == '?'))
-			return 1;
-	return 0;
-}
-
-/*
- * Similar to standard strstr() but we ignore case in this version.
- * Based on the strstr() implementation further below.
- */
-API_EXPORT(char *)
-ap_strcasestr(const char *s1, const char *s2)
-{
-	char *p1, *p2;
-	if (*s2 == '\0') {
-		/* an empty s2 */
-		return((char *)s1);
-	}
-	while(1) {
-		for ( ; (*s1 != '\0') && (ap_tolower(*s1) != ap_tolower(*s2));
-		    s1++);
-		if (*s1 == '\0')
-			return(NULL);
-		/* found first character of s2, see if the rest matches */
-		p1 = (char *)s1;
-		p2 = (char *)s2;
-		while (ap_tolower(*++p1) == ap_tolower(*++p2)) {
-			if (*p1 == '\0')
-				/* both strings ended together */
-				return((char *)s1);
-		}
-		if (*p2 == '\0')
-			/* second string ended, a match */
-			break;
-
-		/*
-		 * didn't find a match here, try starting at next character
-		 * in s1
-		 */
-		s1++;
-	}
-	return((char *)s1);
-}
-
-/*
- * Returns an offsetted pointer in bigstring immediately after
- * prefix. Returns bigstring if bigstring doesn't start with
- * prefix or if prefix is longer than bigstring while still matching.
- * NOTE: pointer returned is relative to bigstring, so we
- * can use standard pointer comparisons in the calling function
- * (eg: test if ap_stripprefix(a,b) == a)
- */
-API_EXPORT(char *)
-ap_stripprefix(const char *bigstring, const char *prefix)
-{
-	char *p1;
-	if (*prefix == '\0')
-		return( (char *)bigstring);
-
-	p1 = (char *)bigstring;
-	while(*p1 && *prefix)
-		if (*p1++ != *prefix++)
-			return( (char *)bigstring);
-
-	if (*prefix == '\0')
-		return(p1);
-	else /* hit the end of bigstring! */
-		return((char *)bigstring);
-}
-
-/* 
- * Apache stub function for the regex libraries regexec() to make sure the
- * whole regex(3) API is available through the Apache (exported) namespace.
- * This is especially important for the DSO situations of modules.
- * DO NOT MAKE A MACRO OUT OF THIS FUNCTION!
- */
-API_EXPORT(int)
-ap_regexec(const regex_t *preg, const char *string, size_t nmatch,
-    regmatch_t pmatch[], int eflags)
-{
-	return regexec(preg, string, nmatch, pmatch, eflags);
-}
-
-API_EXPORT(size_t)
-ap_regerror(int errcode, const regex_t *preg, char *errbuf, size_t errbuf_size)
-{
-	return regerror(errcode, preg, errbuf, errbuf_size);
-}
-
-
-/*
- * This function substitutes for $0-$9, filling in regular expression
- * submatches. Pass it the same nmatch and pmatch arguments that you
- * passed ap_regexec(). pmatch should not be greater than the maximum number
- * of subexpressions - i.e. one more than the re_nsub member of regex_t.
- *
- * input should be the string with the $-expressions, source should be the
- * string that was matched against.
- *
- * It returns the substituted string, or NULL on error.
- *
- * Parts of this code are based on Henry Spencer's regsub(), from his
- * AT&T V8 regexp package.
- */
-API_EXPORT(char *)
-ap_pregsub(pool *p, const char *input, const char *source, size_t nmatch,
-regmatch_t pmatch[])
-{
-	const char *src = input;
-	char *dest, *dst;
-	char c;
-	size_t no;
-	int len;
-
-	if (!source)
-	return NULL;
-	if (!nmatch)
-	return ap_pstrdup(p, src);
-
-	/* First pass, find the size */
-
-	len = 0;
-
-	while ((c = *src++) != '\0') {
-		if (c == '&')
-			no = 0;
-		else if (c == '$' && ap_isdigit(*src))
-			no = *src++ - '0';
-		else
-			no = 10;
-
-		if (no > 9) {		/* Ordinary character. */
-			if (c == '\\' && (*src == '$' || *src == '&'))
-				c = *src++;
-			len++;
-		} else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo)
-			len += pmatch[no].rm_eo - pmatch[no].rm_so;
-	}
-
-	dest = dst = ap_pcalloc(p, len + 1);
-
-	/* Now actually fill in the string */
-	src = input;
-
-	while ((c = *src++) != '\0') {
-		if (c == '&')
-			no = 0;
-		else if (c == '$' && ap_isdigit(*src))
-			no = *src++ - '0';
-		else
-			no = 10;
-
-		if (no > 9) {		/* Ordinary character. */
-			if (c == '\\' && (*src == '$' || *src == '&'))
-				c = *src++;
-			*dst++ = c;
-		} else if (no < nmatch && pmatch[no].rm_so <
-		    pmatch[no].rm_eo) {
-			len = pmatch[no].rm_eo - pmatch[no].rm_so;
-			memcpy(dst, source + pmatch[no].rm_so, len);
-			dst += len;
-		}
-	}
-	*dst = '\0';
-
-	return dest;
-}
-
-/* Parse .. so we don't compromise security */
-API_EXPORT(void)
-ap_getparents(char *name)
-{
-	int l, w;
-
-	/* Four passes, as per RFC 1808 */
-	/* a) remove ./ path segments */
-
-	for (l = 0, w = 0; name[l] != '\0';) {
-		if (name[l] == '.' && name[l + 1] == '/' &&
-		    (l == 0 || name[l - 1] == '/'))
-			l += 2;
-		else
-			name[w++] = name[l++];
-	}
-
-	/* b) remove trailing . path, segment */
-	if (w == 1 && name[0] == '.')
-		w--;
-	else if (w > 1 && name[w - 1] == '.' && name[w - 2] == '/')
-		w--;
-	name[w] = '\0';
-
-	/* c) remove all xx/../ segments. (including leading ../ and /../) */
-	l = 0;
-
-	while (name[l] != '\0') {
-		if (name[l] == '.' && name[l + 1] == '.' && name[l + 2] == '/'
-		    && (l == 0 || name[l - 1] == '/')) {
-			int m = l + 3, n;
-
-			l = l - 2;
-			if (l >= 0) {
-				while (l >= 0 && name[l] != '/')
-					l--;
-				l++;
-			} else
-				l = 0;
-			n = l;
-			while ((name[n] = name[m]))
-				(++n, ++m);
-		} else
-			++l;
-	}
-
-	/* d) remove trailing xx/.. segment. */
-	if (l == 2 && name[0] == '.' && name[1] == '.')
-		name[0] = '\0';
-	else if (l > 2 && name[l - 1] == '.' && name[l - 2] == '.'
-	    && name[l - 3] == '/') {
-		l = l - 4;
-		if (l >= 0) {
-			while (l >= 0 && name[l] != '/')
-				l--;
-			l++;
-		} else
-			l = 0;
-		name[l] = '\0';
-	}
-}
-
-API_EXPORT(void)
-ap_no2slash(char *name)
-{
-	char *d, *s;
-
-	s = d = name;
-
-	while (*s) {
-		if ((*d++ = *s) == '/') {
-			do {
-				++s;
-			} while (*s == '/');
-		} else
-			++s;
-	}
-	*d = '\0';
-}
-
-
-/*
- * copy at most n leading directories of s into d
- * d should be at least as large as s plus 1 extra byte
- * assumes n > 0
- * the return value is the ever useful pointer to the trailing \0 of d
- *
- * examples:
- *    /a/b, 1  ==> /
- *    /a/b, 2  ==> /a/
- *    /a/b, 3  ==> /a/b/
- *    /a/b, 4  ==> /a/b/
- *
- * MODIFIED FOR HAVE_DRIVE_LETTERS and NETWARE environments, 
- * so that if n == 0, "/" is returned in d with n == 1 
- * and s == "e:/test.html", "e:/" is returned in d
- * *** See also directory_walk in src/main/http_request.c
- */
-API_EXPORT(char *)
-ap_make_dirstr_prefix(char *d, const char *s, int n)
-{
-	for (;;) {
-		*d = *s;
-		if (*d == '\0') {
-			*d = '/';
-			break;
-		}
-		if (*d == '/' && (--n) == 0)
-			break;
-		++d;
-		++s;
-	}
-	*++d = 0;
-	return (d);
-}
-
-
-/* return the parent directory name including trailing / of the file s */
-API_EXPORT(char *)
-ap_make_dirstr_parent(pool *p, const char *s)
-{
-	char *last_slash = strrchr(s, '/');
-	char *d;
-	int l;
-
-	if (last_slash == NULL) {
-		/* XXX: well this is really broken if this happens */
-		return (ap_pstrdup(p, "/"));
-	}
-	l = (last_slash - s) + 1;
-	d = ap_palloc(p, l + 1);
-	memcpy(d, s, l);
-	d[l] = 0;
-	return (d);
-}
-
-
-/*
- * This function is deprecated.  Use one of the preceding two functions
- * which are faster.
- */
-API_EXPORT(char *)
-ap_make_dirstr(pool *p, const char *s, int n)
-{
-	int x, f;
-	char *res;
-
-	for (x = 0, f = 0; s[x]; x++) {
-		if (s[x] == '/')
-			if ((++f) == n) {
-				res = ap_palloc(p, x + 2);
-				memcpy(res, s, x);
-				res[x] = '/';
-				res[x + 1] = '\0';
-				return res;
-			}
-	}
-
-	if (s[strlen(s) - 1] == '/')
-		return ap_pstrdup(p, s);
-	else
-		return ap_pstrcat(p, s, "/", NULL);
-}
-
-API_EXPORT(int)
-ap_count_dirs(const char *path)
-{
-	int x, n;
-
-	for (x = 0, n = 0; path[x]; x++)
-		if (path[x] == '/')
-			n++;
-	return n;
-}
-
-
-API_EXPORT(void)
-ap_chdir_file(const char *file)
-{
-	const char *x;
-	char buf[HUGE_STRING_LEN];
-
-	x = strrchr(file, '/');
-	if (x == NULL)
-		chdir(file);
-	else if (x - file < sizeof(buf) - 1) {
-		memcpy(buf, file, x - file);
-		buf[x - file] = '\0';
-		chdir(buf);
-	}
-	/*
-	 * XXX: well, this is a silly function, no method of reporting an
-	 * error... ah well.
-	 */
-}
-
-API_EXPORT(char *)
-ap_getword_nc(pool *atrans, char **line, char stop)
-{
-	return ap_getword(atrans, (const char **)line, stop);
-}
-
-API_EXPORT(char *)
-ap_getword(pool *atrans, const char **line, char stop)
-{
-	char *pos = strchr(*line, stop);
-	char *res;
-
-	if (!pos) {
-		res = ap_pstrdup(atrans, *line);
-		*line += strlen(*line);
-		return res;
-	}
-
-	res = ap_pstrndup(atrans, *line, pos - *line);
-
-	while (*pos == stop)
-		++pos;
-
-	*line = pos;
-
-	return res;
-}
-
-API_EXPORT(char *)
-ap_getword_white_nc(pool *atrans, char **line)
-{
-	return ap_getword_white(atrans, (const char **)line);
-}
-
-API_EXPORT(char *)
-ap_getword_white(pool *atrans, const char **line)
-{
-	int pos = -1, x;
-	char *res;
-
-	for (x = 0; (*line)[x]; x++) {
-		if (ap_isspace((*line)[x])) {
-			pos = x;
-			break;
-		}
-	}
-
-	if (pos == -1) {
-		res = ap_pstrdup(atrans, *line);
-		*line += strlen(*line);
-		return res;
-	}
-
-	res = ap_palloc(atrans, pos + 1);
-	ap_cpystrn(res, *line, pos + 1);
-
-	while (ap_isspace((*line)[pos]))
-		++pos;
-
-	*line += pos;
-
-	return res;
-}
-
-API_EXPORT(char *)
-ap_getword_nulls_nc(pool *atrans, char **line, char stop)
-{
-	return ap_getword_nulls(atrans, (const char **)line, stop);
-}
-
-API_EXPORT(char *)
-ap_getword_nulls(pool *atrans, const char **line, char stop)
-{
-	char *pos = strchr(*line, stop);
-	char *res;
-
-	if (!pos) {
-		res = ap_pstrdup(atrans, *line);
-		*line += strlen(*line);
-		return res;
-	}
-
-	res = ap_pstrndup(atrans, *line, pos - *line);
-
-	++pos;
-
-	*line = pos;
-
-	return res;
-}
-
-/*
- * Get a word, (new) config-file style --- quoted strings and backslashes
- * all honored
- */
-static char
-*substring_conf(pool *p, const char *start, int len, char quote)
-{
-	char *result = ap_palloc(p, len + 2);
-	char *resp = result;
-	int i;
-
-	for (i = 0; i < len; ++i) {
-		if (start[i] == '\\' && (start[i + 1] == '\\'
-		    || (quote && start[i + 1] == quote)))
-			*resp++ = start[++i];
-		else
-		*resp++ = start[i];
-	}
-
-	*resp++ = '\0';
-	return result;
-}
-
-API_EXPORT(char *)
-ap_getword_conf_nc(pool *p, char **line)
-{
-	return ap_getword_conf(p, (const char **)line);
-}
-
-API_EXPORT(char *)
-ap_getword_conf(pool *p, const char **line)
-{
-	const char *str = *line, *strend;
-	char *res;
-	char quote;
-
-	while (ap_isspace(*str))
-		++str;
-
-	if (!*str) {
-		*line = str;
-		return "";
-	}
-
-	if ((quote = *str) == '"' || quote == '\'') {
-		strend = str + 1;
-		while (*strend && *strend != quote) {
-			if (*strend == '\\' && strend[1] && strend[1] == quote)
-				strend += 2;
-			else
-				++strend;
-		}
-		res = substring_conf(p, str + 1, strend - str - 1, quote);
-
-		if (*strend == quote)
-			++strend;
-	} else {
-		if (*str == '#')
-			ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO,
-			    NULL, "Apache does not support line-end comments. "
-			    "Consider using quotes around argument: \"%s\"",
-			    str);
-		strend = str;
-		while (*strend && !ap_isspace(*strend))
-			++strend;
-
-		res = substring_conf(p, str, strend - str, 0);
-	}
-
-	while (ap_isspace(*strend))
-		++strend;
-	*line = strend;
-	return res;
-}
-
-API_EXPORT(int)
-ap_cfg_closefile(configfile_t *cfp)
-{
-#ifdef DEBUG
-	ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, 
-	    "Done with config file %s", cfp->name);
-#endif
-	return (cfp->close == NULL) ? 0 : cfp->close(cfp->param);
-}
-
-/* Common structure that holds the file and pool for ap_pcfg_openfile */
-typedef struct {
-	struct pool	*pool;
-	FILE		*file;
-} poolfile_t;
-
-static int
-cfg_close(void *param)
-{
-	poolfile_t *cfp = (poolfile_t *)param;
-	return (ap_pfclose(cfp->pool, cfp->file));
-}
-
-static int
-cfg_getch(void *param)
-{
-	poolfile_t *cfp = (poolfile_t *)param;
-	return (fgetc(cfp->file));
-}
-
-static void
-*cfg_getstr(void *buf, size_t bufsiz, void *param)
-{
-	poolfile_t *cfp = (poolfile_t *)param;
-	return (fgets(buf, bufsiz, cfp->file));
-}
-
-/* Open a configfile_t as FILE, return open configfile_t struct pointer */
-API_EXPORT(configfile_t *)
-ap_pcfg_openfile(pool *p, const char *name)
-{
-	configfile_t *new_cfg;
-	poolfile_t *new_pfile;
-	FILE *file;
-	struct stat stbuf;
-	int saved_errno;
-
-	if (name == NULL) {
-		ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, NULL,
-		    "Internal error: pcfg_openfile() called with NULL "
-		    "filename");
-		return NULL;
-	}
-
-	if (!ap_os_is_filename_valid(name)) {
-		ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, NULL,
-		    "Access to config file %s denied: not a valid filename",
-		    name);
-		errno = EACCES;
-		return NULL;
-	}
-
-	file = ap_pfopen(p, name, "r");
-#ifdef DEBUG
-	saved_errno = errno;
-	ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, NULL,
-	    "Opening config file %s (%s)",
-	    name, (file == NULL) ? strerror(errno) : "successful");
-	errno = saved_errno;
-#endif
-	if (file == NULL)
-		return NULL;
-
-	if (fstat(fileno(file), &stbuf) == 0 &&
-	    !S_ISREG(stbuf.st_mode) &&
-	    strcmp(name, "/dev/null") != 0) {
-		saved_errno = errno;
-		ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, NULL,
-		    "Access to file %s denied by server: not a regular file",
-		    name);
-		ap_pfclose(p, file);
-		errno = saved_errno;
-		return NULL;
-	}
-
-	new_cfg = ap_palloc(p, sizeof(*new_cfg));
-	new_pfile = ap_palloc(p, sizeof(*new_pfile));
-	new_pfile->file = file;
-	new_pfile->pool = p;
-	new_cfg->param = new_pfile;
-	new_cfg->name = ap_pstrdup(p, name);
-	new_cfg->getch = (int (*)(void *))cfg_getch;
-	new_cfg->getstr = (void *(*)(void *, size_t, void *))cfg_getstr;
-	new_cfg->close = (int (*)(void *))cfg_close;
-	new_cfg->line_number = 0;
-	return new_cfg;
-}
-
-
-/* Allocate a configfile_t handle with user defined functions and params */
-API_EXPORT(configfile_t *)
-ap_pcfg_open_custom(pool *p, const char *descr, void *param,
-    int(*getch)(void *param), void *(*getstr) (void *buf, size_t bufsiz,
-    void *param), int(*close_func)(void *param))
-{
-	configfile_t *new_cfg = ap_palloc(p, sizeof(*new_cfg));
-#ifdef DEBUG
-	ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, NULL,
-	    "Opening config handler %s", descr);
-#endif
-	new_cfg->param = param;
-	new_cfg->name = descr;
-	new_cfg->getch = getch;
-	new_cfg->getstr = getstr;
-	new_cfg->close = close_func;
-	new_cfg->line_number = 0;
-	return new_cfg;
-}
-
-
-/* Read one character from a configfile_t */
-API_EXPORT(int)
-ap_cfg_getc(configfile_t *cfp)
-{
-	int ch = cfp->getch(cfp->param);
-	if (ch == LF) 
-		++cfp->line_number;
-	return ch;
-}
-
-
-/* Read one line from open configfile_t, strip LF, increase line number */
-/* If custom handler does not define a getstr() function, read char by char */
-API_EXPORT(int)
-ap_cfg_getline(char *buf, size_t bufsize, configfile_t *cfp)
-{
-	/* If a "get string" function is defined, use it */
-	if (cfp->getstr != NULL) {
-		char *src, *dst;
-		char *cp;
-		char *cbuf = buf;
-		size_t cbufsize = bufsize;
-
-		while (1) {
-			++cfp->line_number;
-			if (cfp->getstr(cbuf, cbufsize, cfp->param) == NULL)
-				return 1;
-
-			/*
-			 * check for line continuation,
-			 * i.e. match [^\\]\\[\r]\n only
-			 */
-			cp = cbuf;
-			while (cp < cbuf+cbufsize && *cp != '\0')
-				cp++;
-			if (cp > cbuf && cp[-1] == LF) {
-				cp--;
-				if (cp > cbuf && cp[-1] == CR)
-					cp--;
-				if (cp > cbuf && cp[-1] == '\\') {
-					cp--;
-					if (!(cp > cbuf && cp[-1] == '\\')) {
-						/*
-						 * line continuation
-						 * requested -
-						 * then remove backslash and
-						 * continue
-						 */
-						cbufsize -= (cp-cbuf);
-						cbuf = cp;
-						continue;
-					} else {
-						/* 
-						 * no real continuation because
-						 * escaped - then just remove
-						 * escape character
-						 */
-						for ( ; cp < cbuf+cbufsize &&
-						    *cp != '\0'; cp++)
-							cp[0] = cp[1];
-					}   
-				}
-			}
-			break;
-		}
-
-		/* Leading and trailing white space is eliminated completely */
-		src = buf;
-		while (ap_isspace(*src))
-			++src;
-		/* blast trailing whitespace */
-		dst = &src[strlen(src)];
-		while (--dst >= src && ap_isspace(*dst))
-			*dst = '\0';
-		/* Zap leading whitespace by shifting */
-		if (src != buf)
-			for (dst = buf; (*dst++ = *src++) != '\0'; )
-			;
-
-#ifdef DEBUG_CFG_LINES
-		ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL,
-		    "Read config: %s", buf);
-#endif
-		return 0;
-	} else {
-		/*
-		 * No "get string" function defined; read character by
-		 * character
-		 */
-		int c;
-		size_t i = 0;
-
-		buf[0] = '\0';
-		/* skip leading whitespace */
-		do {
-			c = cfp->getch(cfp->param);
-		} while (c == '\t' || c == ' ');
-
-		if (c == EOF)
-			return 1;
-
-		if(bufsize < 2)
-			/* too small, assume caller is crazy */
-			return 1;
-
-		while (1) {
-			if ((c == '\t') || (c == ' ')) {
-				buf[i++] = ' ';
-				while ((c == '\t') || (c == ' '))
-					c = cfp->getch(cfp->param);
-			}
-			if (c == CR)
-				/*
-				 * silently ignore CR (_assume_ that a LF
-				 * follows)
-				 */
-				c = cfp->getch(cfp->param);
-
-			if (c == LF)
-				/* increase line number and return on LF */
-				++cfp->line_number;
-
-			if (c == EOF || c == 0x4 || c == LF
-			    || i >= (bufsize - 2)) {
-				/* 
-				 *  check for line continuation
-				 */
-				if (i > 0 && buf[i-1] == '\\') {
-					i--;
-					if (!(i > 0 && buf[i-1] == '\\')) {
-						/* line is continued */
-						c = cfp->getch(cfp->param);
-						continue;
-					}
-					/*
-					 * else nothing needs be done because
-					 * then the backslash is escaped and
-					 * we just strip to a single one
-					 */
-				}
-				/* blast trailing whitespace */
-				while (i > 0 && ap_isspace(buf[i - 1]))
-					--i;
-				buf[i] = '\0';
-#ifdef DEBUG_CFG_LINES
-				ap_log_error(APLOG_MARK,
-				    APLOG_DEBUG|APLOG_NOERRNO, NULL,
-				    "Read config: %s", buf);
-#endif
-				return 0;
-			}
-			buf[i] = c;
-			++i;
-			c = cfp->getch(cfp->param);
-		}
-	}
-}
-
-/*
- * Size an HTTP header field list item, as separated by a comma.
- * The return value is a pointer to the beginning of the non-empty list item
- * within the original string (or NULL if there is none) and the address
- * of field is shifted to the next non-comma, non-whitespace character.
- * len is the length of the item excluding any beginning whitespace.
- */
-API_EXPORT(const char *)
-ap_size_list_item(const char **field, int *len)
-{
-	const unsigned char *ptr = (const unsigned char *)*field;
-	const unsigned char *token;
-	int in_qpair, in_qstr, in_com;
-
-	/* Find first non-comma, non-whitespace byte */
-	while (*ptr == ',' || ap_isspace(*ptr))
-		++ptr;
-
-	token = ptr;
-
-	/* Find the end of this item, skipping over dead bits */
-	for (in_qpair = in_qstr = in_com = 0;
-	    *ptr && (in_qpair || in_qstr || in_com || *ptr != ',');
-	    ++ptr) {
-
-		if (in_qpair)
-			in_qpair = 0;
-		else {
-			switch (*ptr) {
-			case '\\':
-				in_qpair = 1;	/* quoted-pair */
-				break;
-			case '"':
-				if (!in_com)	/* quoted string delim */
-					in_qstr = !in_qstr;
-				break;
-			case '(':
-				if (!in_qstr)	/* comment (may nest) */
-					++in_com;
-				break;
-			case ')':
-				if (in_com)	/* end comment */
-					--in_com;
-				break;
-			}
-		}
-	}
-
-	if ((*len = (ptr - token)) == 0) {
-		*field = (const char *)ptr;
-		return NULL;
-	}
-
-	/* Advance field pointer to the next non-comma, non-white byte */
-	while (*ptr == ',' || ap_isspace(*ptr))
-		++ptr;
-
-	*field = (const char *)ptr;
-	return (const char *)token;
-}
-
-/*
- * Retrieve an HTTP header field list item, as separated by a comma,
- * while stripping insignificant whitespace and lowercasing anything not in
- * a quoted string or comment.  The return value is a new string containing
- * the converted list item (or NULL if none) and the address pointed to by
- * field is shifted to the next non-comma, non-whitespace.
- */
-API_EXPORT(char *)
-ap_get_list_item(pool *p, const char **field)
-{
-	const char *tok_start;
-	const unsigned char *ptr;
-	unsigned char *pos;
-	char *token;
-	int addspace = 0, in_qpair = 0, in_qstr = 0, in_com = 0, tok_len = 0;
-
-	/*
-	 * Find the beginning and maximum length of the list item so that
-	 * we can allocate a buffer for the new string and reset the field.
-	 */
-	if ((tok_start = ap_size_list_item(field, &tok_len)) == NULL)
-		return NULL;
-
-	token = ap_palloc(p, tok_len + 1);
-
-	/*
-	 * Scan the token again, but this time copy only the good bytes.
-	 * We skip extra whitespace and any whitespace around a '=', '/',
-	 * or ';' and lowercase normal characters not within a comment,
-	 * quoted-string or quoted-pair.
-	 */
-	for (ptr = (const unsigned char *)tok_start,
-	    pos = (unsigned char *)token;
-	    *ptr && (in_qpair || in_qstr || in_com || *ptr != ',');
-	    ++ptr) {
-
-		if (in_qpair) {
-			in_qpair = 0;
-			*pos++ = *ptr;
-		} else {
-			switch (*ptr) {
-			case '\\':
-				in_qpair = 1;
-				if (addspace == 1)
-					*pos++ = ' ';
-				*pos++ = *ptr;
-				addspace = 0;
-				break;
-			case '"':
-				if (!in_com)
-					in_qstr = !in_qstr;
-				if (addspace == 1)
-					*pos++ = ' ';
-				*pos++ = *ptr;
-				addspace = 0;
-				break;
-			case '(':
-				if (!in_qstr)
-					++in_com;
-				if (addspace == 1)
-				*pos++ = ' ';
-				*pos++ = *ptr;
-				addspace = 0;
-				break;
-			case ')':
-				if (in_com)
-					--in_com;
-				*pos++ = *ptr;
-				addspace = 0;
-				break;
-			case ' ':
-			case '\t':
-				if (addspace)
-					break;
-				if (in_com || in_qstr)
-					*pos++ = *ptr;
-				else
-					addspace = 1;
-				break;
-			case '=':
-			case '/':
-			case ';':
-				if (!(in_com || in_qstr))
-					addspace = -1;
-				*pos++ = *ptr;
-				break;
-			default:
-				if (addspace == 1)
-					*pos++ = ' ';
-				*pos++ = (in_com || in_qstr) ? *ptr
-				    : ap_tolower(*ptr);
-				addspace = 0;
-				break;
-			}
-		}
-	}
-	*pos = '\0';
-
-	return token;
-}
-
-/*
- * Find an item in canonical form (lowercase, no extra spaces) within
- * an HTTP field value list.  Returns 1 if found, 0 if not found.
- * This would be much more efficient if we stored header fields as
- * an array of list items as they are received instead of a plain string.
- */
-API_EXPORT(int)
-ap_find_list_item(pool *p, const char *line, const char *tok)
-{
-	const unsigned char *pos;
-	const unsigned char *ptr = (const unsigned char *)line;
-	int good = 0, addspace = 0, in_qpair = 0, in_qstr = 0, in_com = 0;
-
-	if (!line || !tok)
-	return 0;
-
-	do {  /* loop for each item in line's list */
-
-		/* Find first non-comma, non-whitespace byte */
-		while (*ptr == ',' || ap_isspace(*ptr))
-		++ptr;
-
-		if (*ptr)
-		good = 1;  /* until proven otherwise for this item */
-		else
-		break;     /* no items left and nothing good found */
-
-		/*
-		 * We skip extra whitespace and whitespace around a '=', '/',
-		 * or ';' and lowercase normal characters not within a comment,
-		 * quoted-string or quoted-pair.
-		 */
-		for (pos = (const unsigned char *)tok;
-		    *ptr && (in_qpair || in_qstr || in_com || *ptr != ',');
-		    ++ptr) {
-
-			if (in_qpair) {
-				in_qpair = 0;
-				if (good)
-					good = (*pos++ == *ptr);
-			} else {
-				switch (*ptr) {
-				case '\\':
-					in_qpair = 1;
-					if (addspace == 1)
-						good = good && (*pos++ == ' ');
-					good = good && (*pos++ == *ptr);
-					addspace = 0;
-					break;
-				case '"':
-					if (!in_com)
-						in_qstr = !in_qstr;
-					if (addspace == 1)
-						good = good && (*pos++ == ' ');
-					good = good && (*pos++ == *ptr);
-					addspace = 0;
-					break;
-				case '(':
-					if (!in_qstr)
-						++in_com;
-					if (addspace == 1)
-						good = good && (*pos++ == ' ');
-					good = good && (*pos++ == *ptr);
-					addspace = 0;
-					break;
-				case ')':
-					if (in_com)
-						--in_com;
-					good = good && (*pos++ == *ptr);
-					addspace = 0;
-					break;
-				case ' ':
-				case '\t':
-					if (addspace || !good)
-						break;
-					if (in_com || in_qstr)
-						good = (*pos++ == *ptr);
-					else
-						addspace = 1;
-					break;
-				case '=':
-				case '/':
-				case ';':
-					if (!(in_com || in_qstr))
-						addspace = -1;
-					good = good && (*pos++ == *ptr);
-					break;
-				default:
-					if (!good)
-						break;
-					if (addspace == 1)
-						good = (*pos++ == ' ');
-					if (in_com || in_qstr)
-						good = good && (*pos++ == *ptr);
-					else
-						good = good && (*pos++ ==
-						    ap_tolower(*ptr));
-					addspace = 0;
-					break;
-				}
-			}
-		}
-		if (good && *pos)
-			good = 0; /* not good if only a prefix was matched */
-
-	} while (*ptr && !good);
-
-	return good;
-}
-
-
-/*
- * Retrieve a token, spacing over it and returning a pointer to
- * the first non-white byte afterwards.  Note that these tokens
- * are delimited by semis and commas; and can also be delimited
- * by whitespace at the caller's option.
- */
-API_EXPORT(char *)
-ap_get_token(pool *p, const char **accept_line, int accept_white)
-{
-	const char *ptr = *accept_line;
-	const char *tok_start;
-	char *token;
-	int tok_len;
-
-	/* Find first non-white byte */
-	while (ap_isspace(*ptr))
-		++ptr;
-
-	tok_start = ptr;
-
-	/*
-	 * find token end, skipping over quoted strings.
-	 * (comments are already gone).
-	 * XXX weird:  unconditional break in a while loop
-	 */
-	while (*ptr && (accept_white || !ap_isspace(*ptr))
-	    && *ptr != ';' && *ptr != ',') {
-		if (*ptr++ == '"')
-			while (*ptr)
-				if (*ptr++ == '"')
-					break;
-	}
-
-	tok_len = ptr - tok_start;
-	token = ap_pstrndup(p, tok_start, tok_len);
-
-	/* Advance accept_line pointer to the next non-white byte */
-	while (ap_isspace(*ptr))
-		++ptr;
-
-	*accept_line = ptr;
-	return token;
-}
-
-
-/* find http tokens, see the definition of token from RFC2068 */
-API_EXPORT(int)
-ap_find_token(pool *p, const char *line, const char *tok)
-{
-	const unsigned char *start_token;
-	const unsigned char *s;
-
-	if (!line)
-		return 0;
-
-	s = (const unsigned char *)line;
-	for (;;) {
-		/*
-		 * find start of token, skip all stop characters, note NUL
-		 * isn't a token stop, so we don't need to test for it
-		 */
-		while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP))
-			++s;
-
-		if (!*s)
-			return 0;
-
-		start_token = s;
-		/* find end of the token */
-		while (*s && !TEST_CHAR(*s, T_HTTP_TOKEN_STOP))
-			++s;
-
-		if (!strncasecmp((const char *)start_token, (const char *)tok,
-		    s - start_token))
-			return 1;
-
-		if (!*s)
-			return 0;
-	}
-}
-
-API_EXPORT(int)
-ap_find_last_token(pool *p, const char *line, const char *tok)
-{
-	int llen, tlen, lidx;
-
-	if (!line)
-		return 0;
-
-	llen = strlen(line);
-	tlen = strlen(tok);
-	lidx = llen - tlen;
-
-	if ((lidx < 0) ||
-	    ((lidx > 0) && !(ap_isspace(line[lidx - 1])
-	    || line[lidx - 1] == ',')))
-		return 0;
-
-	return (strncasecmp(&line[lidx], tok, tlen) == 0);
-}
-
-/*
- * c2x takes an unsigned, and expects the caller has guaranteed that
- * 0 <= what < 256... which usually means that you have to cast to
- * unsigned char first, because (unsigned)(char)(x) first goes through
- * signed extension to an int before the unsigned cast.
- *
- * The reason for this assumption is to assist gcc code generation --
- * the unsigned char -> unsigned extension is already done earlier in
- * both uses of this code, so there's no need to waste time doing it
- * again.
- */
-static const char c2x_table[] = "0123456789abcdef";
-
-static ap_inline unsigned char
-*c2x(unsigned what, unsigned char *where)
-{
-	*where++ = '%';
-	*where++ = c2x_table[what >> 4];
-	*where++ = c2x_table[what & 0xf];
-	return where;
-}
-
-/* escape a string for logging */
-API_EXPORT(char *)
-ap_escape_logitem(pool *p, const char *str)
-{
-	char *ret;
-	unsigned char *d;
-	const unsigned char *s;
-
-	if (str == NULL)
-		return NULL;
-
-	ret = ap_palloc(p, 4 * strlen(str) + 1);	/* Be safe */
-	d = (unsigned char *)ret;
-	s = (const unsigned char *)str;
-	for (; *s; ++s) {
-
-		if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
-			*d++ = '\\';
-			switch(*s) {
-			case '\b':
-				*d++ = 'b';
-				break;
-			case '\n':
-				*d++ = 'n';
-				break;
-			case '\r':
-				*d++ = 'r';
-				break;
-			case '\t':
-				*d++ = 't';
-				break;
-			case '\v':
-				*d++ = 'v';
-				break;
-			case '\\':
-				case '"':
-				*d++ = *s;
-				break;
-			default:
-				c2x(*s, d);
-				*d = 'x';
-				d += 3;
-			}
-		} else
-			*d++ = *s;
-	}
-	*d = '\0';
-
-	return ret;
-}
-
-API_EXPORT(size_t)
-ap_escape_errorlog_item(char *dest, const char *source, size_t buflen)
-{
-	unsigned char *d, *ep;
-	const unsigned char *s;
-
-	if (!source || !buflen)	/* be safe */
-		return 0;
-
-	d = (unsigned char *)dest;
-	s = (const unsigned char *)source;
-	ep = d + buflen - 1;
-
-	for (; d < ep && *s; ++s) {
-
-		if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
-			*d++ = '\\';
-			if (d >= ep) {
-				--d;
-				break;
-			}
-
-			switch(*s) {
-			case '\b':
-				*d++ = 'b';
-				break;
-			case '\n':
-				*d++ = 'n';
-				break;
-			case '\r':
-				*d++ = 'r';
-				break;
-			case '\t':
-				*d++ = 't';
-				break;
-			case '\v':
-				*d++ = 'v';
-				break;
-			case '\\':
-				*d++ = *s;
-				break;
-			case '"': /* no need for this in error log */
-				d[-1] = *s;
-				break;
-			default:
-				if (d >= ep - 2) {
-					ep = --d;
-					/* break the for loop as well */
-					break;
-				}
-				c2x(*s, d);
-				*d = 'x';
-				d += 3;
-			}
-		} else
-			*d++ = *s;
-	}
-	*d = '\0';
-
-	return (d - (unsigned char *)dest);
-}
-
-API_EXPORT(char *)
-ap_escape_shell_cmd(pool *p, const char *str)
-{
-	char *cmd;
-	unsigned char *d;
-	const unsigned char *s;
-
-	cmd = ap_palloc(p, 2 * strlen(str) + 1);	/* Be safe */
-	d = (unsigned char *)cmd;
-	s = (const unsigned char *)str;
-	for (; *s; ++s) {
-		if (TEST_CHAR(*s, T_ESCAPE_SHELL_CMD))
-			*d++ = '\\';
-
-		*d++ = *s;
-	}
-	*d = '\0';
-
-	return cmd;
-}
-
-static char
-x2c(const char *what)
-{
-	char digit;
-
-	digit = ((what[0] >= 'A') ?
-	    ((what[0] & 0xdf) - 'A') + 10 : (what[0] - '0'));
-	digit *= 16;
-	digit += (what[1] >= 'A' ?
-	    ((what[1] & 0xdf) - 'A') + 10 : (what[1] - '0'));
-	return (digit);
-}
-
-/*
- * Unescapes a URL.
- * Returns 0 on success, non-zero on error
- * Failure is due to
- *   bad % escape       returns BAD_REQUEST
- *
- *   decoding %00 -> \0  (the null character)
- *   decoding %2f -> /   (a special character)
- *                      returns NOT_FOUND
- */
-API_EXPORT(int)
-ap_unescape_url(char *url)
-{
-	int x, y, badesc, badpath;
-
-	badesc = 0;
-	badpath = 0;
-	for (x = 0, y = 0; url[y]; ++x, ++y) {
-		if (url[y] != '%')
-			url[x] = url[y];
-		else {
-			if (!ap_isxdigit(url[y + 1]) || !ap_isxdigit(url[y + 2])) {
-				badesc = 1;
-				url[x] = '%';
-			} else {
-				url[x] = x2c(&url[y + 1]);
-				y += 2;
-				if (url[x] == '/' || url[x] == '\0')
-					badpath = 1;
-			}
-		}
-	}
-	url[x] = '\0';
-	if (badesc)
-		return BAD_REQUEST;
-	else if (badpath)
-		return NOT_FOUND;
-	else
-		return OK;
-}
-
-API_EXPORT(char *)
-ap_construct_server(pool *p, const char *hostname, unsigned port,
-    const request_rec *r)
-{
-	if (ap_is_default_port(port, r))
-		return ap_pstrdup(p, hostname);
-	else
-		return ap_psprintf(p, "%s:%u", hostname, port);
-}
-
-/*
- * escape_path_segment() escapes a path segment, as defined in RFC 1808. This
- * routine is (should be) OS independent.
- *
- * os_escape_path() converts an OS path to a URL, in an OS dependent way. In all
- * cases if a ':' occurs before the first '/' in the URL, the URL should be
- * prefixed with "./" (or the ':' escaped). In the case of Unix, this means
- * leaving '/' alone, but otherwise doing what escape_path_segment() does. For
- * efficiency reasons, we don't use escape_path_segment(), which is provided for
- * reference. Again, RFC 1808 is where this stuff is defined.
- *
- * If partial is set, os_escape_path() assumes that the path will be appended to
- * something with a '/' in it (and thus does not prefix "./").
- */
-API_EXPORT(char *)
-ap_escape_path_segment(pool *p, const char *segment)
-{
-	char *copy = ap_palloc(p, 3 * strlen(segment) + 1);
-	const unsigned char *s = (const unsigned char *)segment;
-	unsigned char *d = (unsigned char *)copy;
-	unsigned c;
-
-	while ((c = *s)) {
-		if (TEST_CHAR(c, T_ESCAPE_PATH_SEGMENT))
-			d = c2x(c, d);
-		else
-			*d++ = c;
-		++s;
-	}
-	*d = '\0';
-	return copy;
-}
-
-API_EXPORT(char *)
-ap_os_escape_path(pool *p, const char *path, int partial)
-{
-	char *copy = ap_palloc(p, 3 * strlen(path) + 3);
-	const unsigned char *s = (const unsigned char *)path;
-	unsigned char *d = (unsigned char *)copy;
-	unsigned c;
-
-	if (!partial) {
-		char *colon = strchr(path, ':');
-		char *slash = strchr(path, '/');
-
-		if (colon && (!slash || colon < slash)) {
-			*d++ = '.';
-			*d++ = '/';
-		}
-	}
-	while ((c = *s)) {
-		if (TEST_CHAR(c, T_OS_ESCAPE_PATH))
-			d = c2x(c, d);
-		else
-			*d++ = c;
-		++s;
-	}
-	*d = '\0';
-	return copy;
-}
-
-/* ap_escape_uri is now a macro for os_escape_path */
-API_EXPORT(char *)
-ap_escape_html(pool *p, const char *s)
-{
-	int i, j;
-	char *x;
-
-	/* first, count the number of extra characters */
-	for (i = 0, j = 0; s[i] != '\0'; i++)
-		if (s[i] == '<' || s[i] == '>')
-			j += 3;
-		else if (s[i] == '&')
-			j += 4;
-		else if (s[i] == '"')
-			j += 5; 
-
-	if (j == 0)
-		return ap_pstrndup(p, s, i);
-
-	x = ap_palloc(p, i + j + 1);
-	for (i = 0, j = 0; s[i] != '\0'; i++, j++)
-		if (s[i] == '<') {
-			memcpy(&x[j], "&lt;", 4);
-			j += 3;
-		} else if (s[i] == '>') {
-			memcpy(&x[j], "&gt;", 4);
-			j += 3;
-		} else if (s[i] == '&') {
-			memcpy(&x[j], "&amp;", 5);
-			j += 4;
-		} else if (s[i] == '"') {
-			memcpy(&x[j], "&quot;", 6);
-			j += 5;
-		} else
-			x[j] = s[i];
-
-	x[j] = '\0';
-	return x;
-}
-
-API_EXPORT(int)
-ap_is_directory(const char *path)
-{
-	struct stat finfo;
-
-	if (stat(path, &finfo) == -1)
-		return 0;	/* in error condition, just return no */
-
-	return (S_ISDIR(finfo.st_mode));
-}
-
-/*
- * see ap_is_directory() except this one is symlink aware, so it
- * checks for a "real" directory
- */
-API_EXPORT(int)
-ap_is_rdirectory(const char *path)
-{
-	struct stat finfo;
-
-	if (lstat(path, &finfo) == -1)
-		return 0;	/* in error condition, just return no */
-
-	return ((!(S_ISLNK(finfo.st_mode))) && (S_ISDIR(finfo.st_mode)));
-}
-
-API_EXPORT(char *)
-ap_make_full_path(pool *a, const char *src1, const char *src2)
-{
-	int x;
-
-	x = strlen(src1);
-	if (x == 0)
-		return ap_pstrcat(a, "/", src2, NULL);
-
-	if (src1[x - 1] != '/')
-		return ap_pstrcat(a, src1, "/", src2, NULL);
-	else
-		return ap_pstrcat(a, src1, src2, NULL);
-}
-
-/* Check for an absoluteURI syntax (see section 3.2 in RFC2068). */
-API_EXPORT(int)
-ap_is_url(const char *u)
-{
-	int x;
-
-	for (x = 0; u[x] != ':'; x++) {
-		if ((!u[x]) ||
-		    ((!ap_isalpha(u[x])) && (!ap_isdigit(u[x])) &&
-		    (u[x] != '+') && (u[x] != '-') && (u[x] != '.')))
-			return 0;
-	}
-
-	return (x ? 1 : 0);	/*
-				 * If the first character is ':',
-				 * it's broken, too
-				 */
-}
-
-API_EXPORT(int)
-ap_can_exec(const struct stat *finfo)
-{
-	if (ap_user_id == finfo->st_uid)
-		if (finfo->st_mode & S_IXUSR)
-			return 1;
-	if (ap_group_id == finfo->st_gid)
-		if (finfo->st_mode & S_IXGRP)
-			return 1;
-	return ((finfo->st_mode & S_IXOTH) != 0);
-}
-
-API_EXPORT(int)
-ap_ind(const char *s, char c)
-{
-	int x;
-
-	for (x = 0; s[x]; x++)
-		if (s[x] == c)
-		return x;
-
-	return -1;
-}
-
-API_EXPORT(int)
-ap_rind(const char *s, char c)
-{
-	int x;
-
-	for (x = strlen(s) - 1; x != -1; x--)
-		if (s[x] == c)
-		return x;
-
-	return -1;
-}
-
-API_EXPORT(void)
-ap_str_tolower(char *str)
-{
-	while (*str) {
-		*str = ap_tolower(*str);
-		++str;
-	}
-}
-
-API_EXPORT(uid_t)
-ap_uname2id(const char *name)
-{
-	struct passwd *ent;
-
-	if (name[0] == '#')
-		return (atoi(&name[1]));
-
-	if (!(ent = getpwnam(name))) {
-		fprintf(stderr, "%s: bad user name %s\n", ap_server_argv0,
-		    name);
-		exit(1);
-	}
-	return (ent->pw_uid);
-}
-
-API_EXPORT(gid_t)
-ap_gname2id(const char *name)
-{
-	struct group *ent;
-
-	if (name[0] == '#')
-		return (atoi(&name[1]));
-
-	if (!(ent = getgrnam(name))) {
-		fprintf(stderr, "%s: bad group name %s\n", ap_server_argv0,
-		    name);
-		exit(1);
-	}
-	return (ent->gr_gid);
-}
-
-
-/*
- * Parses a host of the form <address>[:port]
- * :port is permitted if 'port' is not NULL
- */
-API_EXPORT(struct sockaddr *)
-ap_get_virthost_addr(char *w, unsigned short *ports)
-{
-	static struct sockaddr_storage ss;
-	struct addrinfo hints, *res;
-	char *p, *r;
-	char *host;
-	char *port = "0";
-	int error;
-	char servbuf[NI_MAXSERV];
-
-	if (w == NULL)
-		w = "*";
-	p = r = NULL;
-	if (*w == '['){
-		if (r = strrchr(w+1, ']')){
-			*r = '\0';
-			p = r + 1;
-			switch(*p){
-			case ':':
-				p++;
-				/* fallthrough; */
-			case '\0':
-				w++;
-				break;
-			default:
-				p = NULL;
-			}
-		}
-	} else {
-		p = strchr(w, ':');
-		if (p != NULL && strchr(p+1, ':') != NULL)
-			p = NULL;
-	}
-	if (ports != NULL)
-		if (p != NULL && *p && strcmp(p + 1, "*") != 0)
-			port = p + 1;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	if (p != NULL)
-		*p = '\0';
-	if (strcmp(w, "*") == 0) {
-		host = NULL;
-		hints.ai_flags = AI_PASSIVE;
-		hints.ai_family = ap_default_family;
-	} else {
-		host = w;
-		hints.ai_family = PF_UNSPEC;
-	}
-
-	error = getaddrinfo(host, port, &hints, &res);
-
-	if (error || !res) {
-		fprintf(stderr, "ap_get_vitrhost_addr(): getaddrinfo(%s):%s "
-		    "--- exiting!\n", w, gai_strerror(error));
-		exit(1);
-	}
-
-	if (res->ai_next) {
-		fprintf(stderr, "ap_get_vitrhost_addr(): Host %s has multiple "
-		    "addresses ---\n", w);
-		fprintf(stderr, "you must choose one explicitly for use as\n");
-		fprintf(stderr, "a virtual host.  Exiting!!!\n");
-		exit(1);
-	}
-
-	if (r != NULL)
-		*r = ']';
-	if (p != NULL)
-		*p = ':';
-
-	memcpy(&ss, res->ai_addr, res->ai_addrlen);
-	if (getnameinfo(res->ai_addr, res->ai_addrlen,
-	    NULL, 0, servbuf, sizeof(servbuf),
-	    NI_NUMERICSERV)){
-		fprintf(stderr, "ap_get_virthost_addr(): getnameinfo() failed "
-		    "--- Exiting!!!\n");
-		exit(1);
-	}
-	if (ports) *ports = atoi(servbuf);
-		freeaddrinfo(res);
-	return (struct sockaddr *)&ss;
-}
-
-
-static char *
-find_fqdn(pool *a, struct hostent *p)
-{
-	int x;
-
-	if (!strchr(p->h_name, '.')) {
-		if (p->h_aliases) {
-			for (x = 0; p->h_aliases[x]; ++x) {
-				if (p->h_aliases[x]
-				    && strchr(p->h_aliases[x], '.')
-				    && (!strncasecmp(p->h_aliases[x],
-				    p->h_name, strlen(p->h_name))))
-					return ap_pstrdup(a, p->h_aliases[x]);
-			}
-		}
-		return NULL;
-	}
-	return ap_pstrdup(a, (void *)p->h_name);
-}
-
-API_EXPORT(char *)
-ap_get_local_host(pool *a)
-{
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 256
-#endif
-	char str[MAXHOSTNAMELEN];
-	char *server_hostname = NULL;
-	struct addrinfo hints, *res;
-	int error;
-
-	if (gethostname(str, sizeof(str) - 1) != 0) {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		    "%s: gethostname() failed to determine ServerName\n",
-		    ap_server_argv0);
-	} else {
-		str[sizeof(str) - 1] = '\0';
-		memset(&hints, 0, sizeof(hints));
-		hints.ai_family = PF_UNSPEC;
-		hints.ai_flags = AI_CANONNAME;
-		res = NULL;
-		error = getaddrinfo(str, NULL, &hints, &res);
-		if (error == 0 && res) {
-			/*
-			 * Since we found a fqdn, return it with no
-			 * logged message.
-			 */
-			server_hostname = ap_pstrdup(a, res->ai_canonname);
-			freeaddrinfo(res);
-			return server_hostname;
-		} else {
-			/* Recovery - return the default server by IP: */
-			server_hostname = ap_pstrdup(a, str);
-			/* We will drop through to report the IP-named server */
-		}
-	}
-
-	/* If we don't have an fqdn or IP, fall back to the loopback addr */
-	if (!server_hostname) 
-		server_hostname = ap_pstrdup(a, "127.0.0.1");
-
-	ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, NULL,
-	    "%s: Could not determine the server's fully qualified "
-	    "domain name, using %s for ServerName",
-	    ap_server_argv0, server_hostname);
-
-	if (res)
-		freeaddrinfo(res);
-	return server_hostname;
-}
-
-/* simple 'pool' alloc()ing glue to ap_base64.c */
-API_EXPORT(char *)
-ap_pbase64decode(pool *p, const char *bufcoded)
-{
-	char *decoded;
-	int l;
-
-	decoded = (char *)ap_palloc(p, 1 + ap_base64decode_len(bufcoded));
-	l = ap_base64decode(decoded, bufcoded);
-	decoded[l] = '\0'; /* make binary sequence into string */
-
-	return decoded;
-}
-
-API_EXPORT(char *)
-ap_pbase64encode(pool *p, char *string) 
-{ 
-	char *encoded;
-	int l = strlen(string);
-
-	encoded = (char *) ap_palloc(p, 1 + ap_base64encode_len(l));
-	l = ap_base64encode(encoded, string, l);
-	encoded[l] = '\0'; /* make binary sequence into string */
-
-	return encoded;
-}
-
-/* deprecated names for the above two functions, here for compatibility */
-API_EXPORT(char *)
-ap_uudecode(pool *p, const char *bufcoded)
-{
-	return ap_pbase64decode(p, bufcoded);
-}
-
-API_EXPORT(char *)
-ap_uuencode(pool *p, char *string) 
-{ 
-	return ap_pbase64encode(p, string);
-}
-
-
-/*
- * we want to downcase the type/subtype for comparison purposes
- * but nothing else because ;parameter=foo values are case sensitive.
- * XXX: in truth we want to downcase parameter names... but really,
- * apache has never handled parameters and such correctly.  You
- * also need to compress spaces and such to be able to compare
- * properly. -djg
- */
-API_EXPORT(void)
-ap_content_type_tolower(char *str)
-{
-	char *semi;
-
-	semi = strchr(str, ';');
-	if (semi)
-		*semi = '\0';
-
-	while (*str) {
-		*str = ap_tolower(*str);
-		++str;
-	}
-	if (semi)
-		*semi = ';';
-}
-
-/* Given a string, replace any bare " with \" . */
-API_EXPORT(char *)
-ap_escape_quotes (pool *p, const char *instring)
-{
-	int newlen = 0;
-	const char *inchr = instring;
-	char *outchr, *outstring;
-
-	/*
-	 * Look through the input string, jogging the length of the output
-	 * string up by an extra byte each time we find an unescaped ".
-	 */
-	while (*inchr != '\0') {
-		newlen++;
-		if (*inchr == '"')
-			newlen++;
-
-		/*
-		 * If we find a slosh, and it's not the last byte in the string,
-		 * it's escaping something - advance past both bytes.
-		 */
-		if ((*inchr == '\\') && (inchr[1] != '\0')) {
-			inchr++;
-			newlen++;
-		}
-		inchr++;
-	}
-	outstring = ap_palloc(p, newlen + 1);
-	inchr = instring;
-	outchr = outstring;
-	/*
-	 * Now copy the input string to the output string, inserting a slosh
-	 * in front of every " that doesn't already have one.
-	 */
-	while (*inchr != '\0') {
-		if ((*inchr == '\\') && (inchr[1] != '\0')) {
-			*outchr++ = *inchr++;
-			*outchr++ = *inchr++;
-		}
-		if (*inchr == '"')
-			*outchr++ = '\\';
-		if (*inchr != '\0')
-			*outchr++ = *inchr++;
-	}
-	*outchr = '\0';
-	return outstring;
-}
-
-/*
- * dest = src with whitespace removed
- * length of dest assumed >= length of src
- */
-API_EXPORT(void)
-ap_remove_spaces(char *dest, char *src)
-{
-	while (*src) {
-		if (!ap_isspace(*src)) 
-			*dest++ = *src;
-		src++;
-	}
-	*dest = 0;
-}
diff --git a/usr.sbin/httpd/src/main/util_date.c b/usr.sbin/httpd/src/main/util_date.c
deleted file mode 100644
index c5e92eeb98d..00000000000
--- a/usr.sbin/httpd/src/main/util_date.c
+++ /dev/null
@@ -1,326 +0,0 @@
-/*	$OpenBSD: util_date.c,v 1.9 2008/05/15 06:05:43 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * util_date.c: date parsing utility routines
- *     These routines are (hopefully) platform-independent.
- * 
- * 27 Oct 1996  Roy Fielding
- *     Extracted (with many modifications) from mod_proxy.c and
- *     tested with over 50,000 randomly chosen valid date strings
- *     and several hundred variations of invalid date strings.
- * 
- */
-
-#include "ap_config.h"
-#include "util_date.h"
-#include <ctype.h>
-#include <string.h>
-
-/*
- * Compare a string to a mask
- * Mask characters (arbitrary maximum is 256 characters, just in case):
- *   @ - uppercase letter
- *   $ - lowercase letter
- *   & - hex digit
- *   # - digit
- *   ~ - digit or space
- *   * - swallow remaining characters 
- *  <x> - exact match for any other character
- */
-API_EXPORT(int)
-ap_checkmask(const char *data, const char *mask)
-{
-	int i;
-	char d;
-
-	for (i = 0; i < 256; i++) {
-		d = data[i];
-		switch (mask[i]) {
-		case '\0':
-			return (d == '\0');
-		case '*':
-			return 1;
-		case '@':
-			if (!ap_isupper(d))
-				return 0;
-			break;
-		case '$':
-			if (!ap_islower(d))
-				return 0;
-			break;
-		case '#':
-			if (!ap_isdigit(d))
-				return 0;
-			break;
-		case '&':
-			if (!ap_isxdigit(d))
-				return 0;
-			break;
-		case '~':
-			if ((d != ' ') && !ap_isdigit(d))
-				return 0;
-			break;
-		default:
-			if (mask[i] != d)
-				return 0;
-			break;
-		}
-	}
-	return 0; /* We only get here if mask is corrupted (exceeds 256) */
-}
-
-/*
- * tm2sec converts a GMT tm structure into the number of seconds since
- * 1st January 1970 UT.  Note that we ignore tm_wday, tm_yday, and tm_dst.
- * 
- * The return value is always a valid time_t value -- (time_t)0 is returned
- * if the input date is outside that capable of being represented by time(),
- * i.e., before Thu, 01 Jan 1970 00:00:00 for all systems and 
- * beyond 2038 for 32bit systems.
- *
- * This routine is intended to be very fast, much faster than mktime().
- */
-API_EXPORT(time_t)
-ap_tm2sec(const struct tm * t)
-{
-	int year;
-	time_t days;
-	static const int dayoffset[12] =
-	    { 306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275 };
-
-	year = t->tm_year;
-
-	if (year < 70 || ((sizeof(time_t) <= 4) && (year >= 138)))
-		return BAD_DATE;
-
-	/* shift new year to 1st March in order to make leap year calc easy */
-
-	if (t->tm_mon < 2)
-		year--;
-
-	/* Find number of days since 1st March 1900 (in the Gregorian calendar). */
-
-	days = year * 365 + year / 4 - year / 100 + (year / 100 + 3) / 4;
-	days += dayoffset[t->tm_mon] + t->tm_mday - 1;
-	days -= 25508;		/* 1 jan 1970 is 25508 days since 1 mar 1900 */
-
-	days = ((days * 24 + t->tm_hour) * 60 + t->tm_min) * 60 + t->tm_sec;
-
-	if (days < 0)
-		return BAD_DATE;	/* must have overflowed */
-	else
-		return days;		/* must be a valid time */
-}
-
-/*
- * Parses an HTTP date in one of three standard forms:
- *
- *     Sun, 06 Nov 1994 08:49:37 GMT  ; RFC 822, updated by RFC 1123
- *     Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036
- *     Sun Nov  6 08:49:37 1994       ; ANSI C's asctime() format
- *
- * and returns the time_t number of seconds since 1 Jan 1970 GMT, or
- * 0 if this would be out of range or if the date is invalid.
- *
- * The restricted HTTP syntax is
- * 
- *     HTTP-date    = rfc1123-date | rfc850-date | asctime-date
- *
- *     rfc1123-date = wkday "," SP date1 SP time SP "GMT"
- *     rfc850-date  = weekday "," SP date2 SP time SP "GMT"
- *     asctime-date = wkday SP date3 SP time SP 4DIGIT
- *
- *     date1        = 2DIGIT SP month SP 4DIGIT
- *                    ; day month year (e.g., 02 Jun 1982)
- *     date2        = 2DIGIT "-" month "-" 2DIGIT
- *                    ; day-month-year (e.g., 02-Jun-82)
- *     date3        = month SP ( 2DIGIT | ( SP 1DIGIT ))
- *                    ; month day (e.g., Jun  2)
- *
- *     time         = 2DIGIT ":" 2DIGIT ":" 2DIGIT
- *                    ; 00:00:00 - 23:59:59
- *
- *     wkday        = "Mon" | "Tue" | "Wed"
- *                  | "Thu" | "Fri" | "Sat" | "Sun"
- *
- *     weekday      = "Monday" | "Tuesday" | "Wednesday"
- *                  | "Thursday" | "Friday" | "Saturday" | "Sunday"
- *
- *     month        = "Jan" | "Feb" | "Mar" | "Apr"
- *                  | "May" | "Jun" | "Jul" | "Aug"
- *                  | "Sep" | "Oct" | "Nov" | "Dec"
- *
- * However, for the sake of robustness (and Netscapeness), we ignore the
- * weekday and anything after the time field (including the timezone).
- *
- * This routine is intended to be very fast; 10x faster than using sscanf.
- *
- * Originally from Andrew Daviel <andrew@vancouver-webpages.com>, 29 Jul 96
- * but many changes since then.
- *
- */
-API_EXPORT(time_t)
-ap_parseHTTPdate(const char *date)
-{
-	struct tm ds;
-	int mint, mon;
-	const char *monstr, *timstr;
-	static const int months[12] = {
-	    ('J' << 16) | ('a' << 8) | 'n', ('F' << 16) | ('e' << 8) | 'b',
-	    ('M' << 16) | ('a' << 8) | 'r', ('A' << 16) | ('p' << 8) | 'r',
-	    ('M' << 16) | ('a' << 8) | 'y', ('J' << 16) | ('u' << 8) | 'n',
-	    ('J' << 16) | ('u' << 8) | 'l', ('A' << 16) | ('u' << 8) | 'g',
-	    ('S' << 16) | ('e' << 8) | 'p', ('O' << 16) | ('c' << 8) | 't',
-	    ('N' << 16) | ('o' << 8) | 'v', ('D' << 16) | ('e' << 8) | 'c'};
-
-	if (!date)
-		return BAD_DATE;
-
-	while (ap_isspace(*date))	/* Find first non-whitespace char */
-		++date;
-
-	if (*date == '\0')
-		return BAD_DATE;
-
-	if ((date = strchr(date, ' ')) == NULL)	/* Find space after weekday */
-		return BAD_DATE;
-
-	++date;	/* Now pointing to first char after space, which should be
-		 * start of the actual date information for all 3 formats.
-		 */
-
-	if (ap_checkmask(date, "## @$$ #### ##:##:## *")) {
-		/* RFC 1123 format */
-		ds.tm_year = ((date[7] - '0') * 10 + (date[8] - '0') - 19) *
-		    100;
-		if (ds.tm_year < 0)
-			return BAD_DATE;
-
-		ds.tm_year += ((date[9] - '0') * 10) + (date[10] - '0');
-		ds.tm_mday = ((date[0] - '0') * 10) + (date[1] - '0');
-
-		monstr = date + 3;
-		timstr = date + 12;
-	} else if (ap_checkmask(date, "##-@$$-## ##:##:## *")) {
-		/* RFC 850 format  */
-		ds.tm_year = ((date[7] - '0') * 10) + (date[8] - '0');
-		if (ds.tm_year < 70)
-			ds.tm_year += 100;
-
-		ds.tm_mday = ((date[0] - '0') * 10) + (date[1] - '0');
-
-		monstr = date + 3;
-		timstr = date + 10;
-	} else if (ap_checkmask(date, "@$$ ~# ##:##:## ####*")) {
-		/* asctime format  */
-		ds.tm_year = ((date[16] - '0') * 10 + (date[17] - '0') - 19) *
-		    100;
-		if (ds.tm_year < 0)
-			return BAD_DATE;
-
-		ds.tm_year += ((date[18] - '0') * 10) + (date[19] - '0');
-
-		if (date[4] == ' ')
-			ds.tm_mday = 0;
-		else
-			ds.tm_mday = (date[4] - '0') * 10;
-
-		ds.tm_mday += (date[5] - '0');
-
-		monstr = date;
-		timstr = date + 7;
-	} else
-		return BAD_DATE;
-
-	if (ds.tm_mday <= 0 || ds.tm_mday > 31)
-		return BAD_DATE;
-
-	ds.tm_hour = ((timstr[0] - '0') * 10) + (timstr[1] - '0');
-	ds.tm_min = ((timstr[3] - '0') * 10) + (timstr[4] - '0');
-	ds.tm_sec = ((timstr[6] - '0') * 10) + (timstr[7] - '0');
-
-	if ((ds.tm_hour > 23) || (ds.tm_min > 59) || (ds.tm_sec > 61))
-		return BAD_DATE;
-
-	mint = (monstr[0] << 16) | (monstr[1] << 8) | monstr[2];
-	for (mon = 0; mon < 12; mon++)
-		if (mint == months[mon])
-			break;
-	if (mon == 12)
-		return BAD_DATE;
-
-	if ((ds.tm_mday == 31) && (mon == 3 || mon == 5 || mon == 8 ||
-	    mon == 10))
-		return BAD_DATE;
-
-	/* February gets special check for leapyear */
-	if ((mon == 1) &&
-	    ((ds.tm_mday > 29)
-	    || ((ds.tm_mday == 29)
-	    && ((ds.tm_year & 3)
-	    || (((ds.tm_year % 100) == 0)
-	    && (((ds.tm_year % 400) != 100)))))))
-		return BAD_DATE;
-
-	ds.tm_mon = mon;
-
-	return ap_tm2sec(&ds);
-}
diff --git a/usr.sbin/httpd/src/main/util_md5.c b/usr.sbin/httpd/src/main/util_md5.c
deleted file mode 100644
index 0a1d29399c1..00000000000
--- a/usr.sbin/httpd/src/main/util_md5.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/*	$OpenBSD: util_md5.c,v 1.10 2008/05/15 06:05:43 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/************************************************************************
- * NCSA HTTPd Server
- * Software Development Group
- * National Center for Supercomputing Applications
- * University of Illinois at Urbana-Champaign
- * 605 E. Springfield, Champaign, IL 61820
- * httpd@ncsa.uiuc.edu
- *
- * Copyright  (C)  1995, Board of Trustees of the University of Illinois
- *
- ************************************************************************
- *
- * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code
- *
- *  Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc.
- *  Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon
- *     University (see Copyright below).
- *  Portions of Content-MD5 code Copyright (C) 1991 Bell Communications 
- *     Research, Inc. (Bellcore) (see Copyright below).
- *  Portions extracted from mpack, John G. Myers - jgm+@cmu.edu
- *  Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk)
- *
- */
-
-
-
-/* md5.c --Module Interface to MD5. */
-/* Jeff Hostetler, Spyglass, Inc., 1994. */
-
-#include "httpd.h"
-#include "util_md5.h"
-
-API_EXPORT(char *)
-ap_md5_binary(pool *p, const unsigned char *buf, int length)
-{
-	const char *hex = "0123456789abcdef";
-	AP_MD5_CTX my_md5;
-	unsigned char hash[16];
-	char *r, result[33];
-	int i;
-
-	/*
-	 * Take the MD5 hash of the string argument.
-	 */
-	ap_MD5Init(&my_md5);
-	ap_MD5Update(&my_md5, buf, (unsigned int)length);
-	ap_MD5Final(hash, &my_md5);
-
-	for (i = 0, r = result; i < 16; i++) {
-		*r++ = hex[hash[i] >> 4];
-		*r++ = hex[hash[i] & 0xF];
-	}
-	*r = '\0';
-
-	return ap_pstrdup(p, result);
-}
-
-API_EXPORT(char *)
-ap_md5(pool *p, const unsigned char *string)
-{
-	return ap_md5_binary(p, string, (int) strlen((char *)string));
-}
-
-/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
-
-/* (C) Copyright 1993,1994 by Carnegie Mellon University
- * All Rights Reserved.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without
- * fee, provided that the above copyright notice appear in all copies
- * and that both that copyright notice and this permission notice
- * appear in supporting documentation, and that the name of Carnegie
- * Mellon University not be used in advertising or publicity
- * pertaining to distribution of the software without specific,
- * written prior permission.  Carnegie Mellon University makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied
- * warranty.
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/*
- * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore)
- *
- * Permission to use, copy, modify, and distribute this material
- * for any purpose and without fee is hereby granted, provided
- * that the above copyright notice and this permission notice
- * appear in all copies, and that the name of Bellcore not be
- * used in advertising or publicity pertaining to this
- * material without the specific, prior written permission
- * of an authorized representative of Bellcore.  BELLCORE
- * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY
- * OF THIS MATERIAL FOR ANY PURPOSE.  IT IS PROVIDED "AS IS",
- * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.  
- */
-
-static char basis_64[] =
-"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-API_EXPORT(char *)
-ap_md5contextTo64(pool *a, AP_MD5_CTX * context)
-{
-	unsigned char digest[18];
-	char *encodedDigest;
-	int i;
-	char *p;
-
-	encodedDigest = (char *)ap_pcalloc(a, 25 * sizeof(char));
-
-	ap_MD5Final(digest, context);
-	digest[sizeof(digest) - 1] = digest[sizeof(digest) - 2] = 0;
-
-	p = encodedDigest;
-	for (i = 0; i < sizeof(digest); i += 3) {
-		*p++ = basis_64[digest[i] >> 2];
-		*p++ = basis_64[((digest[i] & 0x3) << 4) |
-		    ((int)(digest[i + 1] & 0xF0) >> 4)];
-		*p++ = basis_64[((digest[i + 1] & 0xF) << 2) |
-		    ((int)(digest[i + 2] & 0xC0) >> 6)];
-		*p++ = basis_64[digest[i + 2] & 0x3F];
-	}
-	*p-- = '\0';
-	*p-- = '=';
-	*p-- = '=';
-	return encodedDigest;
-}
-
-API_EXPORT(char *)
-ap_md5digest(pool *p, FILE *infile)
-{
-	AP_MD5_CTX context;
-	unsigned char buf[1000];
-	unsigned int nbytes;
-
-	ap_MD5Init(&context);
-	while ((nbytes = fread(buf, 1, sizeof(buf), infile)))
-		ap_MD5Update(&context, buf, nbytes);
-
-	rewind(infile);
-	return ap_md5contextTo64(p, &context);
-}
diff --git a/usr.sbin/httpd/src/main/util_script.c b/usr.sbin/httpd/src/main/util_script.c
deleted file mode 100644
index db55216c381..00000000000
--- a/usr.sbin/httpd/src/main/util_script.c
+++ /dev/null
@@ -1,802 +0,0 @@
-/*	$OpenBSD: util_script.c,v 1.18 2008/05/15 06:05:43 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_core.h"		/* For document_root.  Sigh... */
-#include "http_request.h"	/* for sub_req_lookup_uri() */
-#include "util_script.h"
-#include "util_date.h"		/* For parseHTTPdate() */
-
-
-/*
- * Various utility functions which are common to a whole lot of
- * script-type extensions mechanisms, and might as well be gathered
- * in one place (if only to avoid creating inter-module dependancies
- * where there don't have to be).
- */
-
-#define MALFORMED_MESSAGE "malformed header from script. Bad header="
-#define MALFORMED_HEADER_LENGTH_TO_SHOW 30
-
-/* If a request includes query info in the URL (stuff after "?"), and
- * the query info does not contain "=" (indicative of a FORM submission),
- * then this routine is called to create the argument list to be passed
- * to the CGI script.  When suexec is enabled, the suexec path, user, and
- * group are the first three arguments to be passed; if not, all three
- * must be NULL.  The query info is split into separate arguments, where
- * "+" is the separator between keyword arguments.
- */
-static char **create_argv(pool *p, char *path, char *user, char *group,
-			  char *av0, const char *args)
-{
-    int x, numwords;
-    char **av;
-    char *w;
-    int idx = 0;
-
-    /* count the number of keywords */
-
-    for (x = 0, numwords = 1; args[x]; x++) {
-        if (args[x] == '+') {
-	    ++numwords;
-	}
-    }
-
-    if (numwords > APACHE_ARG_MAX - 5) {
-	numwords = APACHE_ARG_MAX - 5;	/* Truncate args to prevent overrun */
-    }
-    av = (char **) ap_palloc(p, (numwords + 5) * sizeof(char *));
-
-    if (path) {
-	av[idx++] = path;
-    }
-    if (user) {
-	av[idx++] = user;
-    }
-    if (group) {
-	av[idx++] = group;
-    }
-
-    av[idx++] = av0;
-
-    for (x = 1; x <= numwords; x++) {
-	w = ap_getword_nulls(p, &args, '+');
-	ap_unescape_url(w);
-	av[idx++] = ap_escape_shell_cmd(p, w);
-    }
-    av[idx] = NULL;
-    return av;
-}
-
-
-static char *http2env(pool *a, char *w)
-{
-    char *res = ap_pstrcat(a, "HTTP_", w, NULL);
-    char *cp = res;
-
-    while (*++cp) {
-	if (!ap_isalnum(*cp) && *cp != '_') {
-	    *cp = '_';
-	}
-	else {
-	    *cp = ap_toupper(*cp);
-	}
-    }
-
-    return res;
-}
-
-API_EXPORT(char **) ap_create_environment(pool *p, table *t)
-{
-    array_header *env_arr = ap_table_elts(t);
-    table_entry *elts = (table_entry *) env_arr->elts;
-    char **env = (char **) ap_palloc(p, (env_arr->nelts + 2) * sizeof(char *));
-    int i, j;
-    char *tz;
-    char *whack;
-
-    j = 0;
-    if (!ap_table_get(t, "TZ")) {
-	tz = getenv("TZ");
-	if (tz != NULL) {
-	    env[j++] = ap_pstrcat(p, "TZ=", tz, NULL);
-	}
-    }
-    for (i = 0; i < env_arr->nelts; ++i) {
-        if (!elts[i].key) {
-	    continue;
-	}
-	env[j] = ap_pstrcat(p, elts[i].key, "=", elts[i].val, NULL);
-	whack = env[j];
-	if (ap_isdigit(*whack)) {
-	    *whack++ = '_';
-	}
-	while (*whack != '=') {
-	    if (!ap_isalnum(*whack) && *whack != '_') {
-		*whack = '_';
-	    }
-	    ++whack;
-	}
-	++j;
-    }
-
-    env[j] = NULL;
-    return env;
-}
-
-API_EXPORT(void) ap_add_common_vars(request_rec *r)
-{
-    table *e;
-    server_rec *s = r->server;
-    conn_rec *c = r->connection;
-    const char *rem_logname;
-    char *env_path;
-    const char *host;
-    array_header *hdrs_arr = ap_table_elts(r->headers_in);
-    table_entry *hdrs = (table_entry *) hdrs_arr->elts;
-    int i;
-    char servbuf[NI_MAXSERV];
-
-    /* use a temporary table which we'll overlap onto
-     * r->subprocess_env later
-     */
-    e = ap_make_table(r->pool, 25 + hdrs_arr->nelts);
-
-    /* First, add environment vars from headers... this is as per
-     * CGI specs, though other sorts of scripting interfaces see
-     * the same vars...
-     */
-
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-        if (!hdrs[i].key) {
-	    continue;
-	}
-
-	/* A few headers are special cased --- Authorization to prevent
-	 * rogue scripts from capturing passwords; content-type and -length
-	 * for no particular reason.
-	 */
-
-	if (!strcasecmp(hdrs[i].key, "Content-type")) {
-	    ap_table_addn(e, "CONTENT_TYPE", hdrs[i].val);
-	}
-	else if (!strcasecmp(hdrs[i].key, "Content-length")) {
-	    ap_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
-	}
-	/*
-	 * You really don't want to disable this check, since it leaves you
-	 * wide open to CGIs stealing passwords and people viewing them
-	 * in the environment with "ps -e".  But, if you must...
-	 */
-	else if (!strcasecmp(hdrs[i].key, "Authorization") 
-		 || !strcasecmp(hdrs[i].key, "Proxy-Authorization")) {
-	    continue;
-	}
-	else {
-	    ap_table_addn(e, http2env(r->pool, hdrs[i].key), hdrs[i].val);
-	}
-    }
-
-    if (!(env_path = ap_pstrdup(r->pool, getenv("PATH")))) {
-	env_path = DEFAULT_PATH;
-    }
-
-    ap_table_addn(e, "PATH", env_path);
-    ap_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
-    ap_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version());
-    ap_table_addn(e, "SERVER_NAME", 
-		  ap_escape_html(r->pool,ap_get_server_name(r)));
-    ap_table_addn(e, "SERVER_ADDR", r->connection->local_ip);	/* Apache */
-    ap_table_addn(e, "SERVER_PORT",
-		  ap_psprintf(r->pool, "%u", ap_get_server_port(r)));
-    host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST);
-    if (host) {
-	ap_table_addn(e, "REMOTE_HOST", host);
-    }
-    ap_table_addn(e, "REMOTE_ADDR", c->remote_ip);
-    ap_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r));	/* Apache */
-    ap_table_addn(e, "SERVER_ADMIN", s->server_admin);	/* Apache */
-    ap_table_addn(e, "SCRIPT_FILENAME", r->filename);	/* Apache */
-
-    servbuf[0] = '\0';
-    if (!getnameinfo((struct sockaddr *)&c->remote_addr,
-#ifndef HAVE_SOCKADDR_LEN
-		     SA_LEN((struct sockaddr *)&c->remote_addr),
-#else
-		     c->remote_addr.ss_len,
-#endif
-		     NULL, 0, servbuf, sizeof(servbuf), NI_NUMERICSERV)){
-	ap_table_addn(e, "REMOTE_PORT", ap_pstrdup(r->pool, servbuf));
-    }
-
-    if (c->user) {
-	ap_table_addn(e, "REMOTE_USER", c->user);
-    }
-    if (c->ap_auth_type) {
-	ap_table_addn(e, "AUTH_TYPE", c->ap_auth_type);
-    }
-    rem_logname = ap_get_remote_logname(r);
-    if (rem_logname) {
-	ap_table_addn(e, "REMOTE_IDENT", ap_pstrdup(r->pool, rem_logname));
-    }
-
-    /* Apache custom error responses. If we have redirected set two new vars */
-
-    if (r->prev) {
-        if (r->prev->args) {
-	    ap_table_addn(e, "REDIRECT_QUERY_STRING", r->prev->args);
-	}
-	if (r->prev->uri) {
-	    ap_table_addn(e, "REDIRECT_URL", r->prev->uri);
-	}
-    }
-
-    ap_overlap_tables(r->subprocess_env, e, AP_OVERLAP_TABLES_SET);
-}
-
-/* This "cute" little function comes about because the path info on
- * filenames and URLs aren't always the same. So we take the two,
- * and find as much of the two that match as possible.
- */
-
-API_EXPORT(int) ap_find_path_info(const char *uri, const char *path_info)
-{
-    int lu = strlen(uri);
-    int lp = strlen(path_info);
-
-    while (lu-- && lp-- && uri[lu] == path_info[lp]);
-
-    if (lu == -1) {
-	lu = 0;
-    }
-
-    while (uri[lu] != '\0' && uri[lu] != '/') {
-        lu++;
-    }
-    return lu;
-}
-
-/* Obtain the Request-URI from the original request-line, returning
- * a new string from the request pool containing the URI or "".
- */
-static char *original_uri(request_rec *r)
-{
-    char *first, *last;
-
-    if (r->the_request == NULL) {
-	return (char *) ap_pcalloc(r->pool, 1);
-    }
-
-    first = r->the_request;	/* use the request-line */
-
-    while (*first && !ap_isspace(*first)) {
-	++first;		/* skip over the method */
-    }
-    while (ap_isspace(*first)) {
-	++first;		/*   and the space(s)   */
-    }
-
-    last = first;
-    while (*last && !ap_isspace(*last)) {
-	++last;			/* end at next whitespace */
-    }
-
-    return ap_pstrndup(r->pool, first, last - first);
-}
-
-API_EXPORT(void) ap_add_cgi_vars(request_rec *r)
-{
-    table *e = r->subprocess_env;
-
-    ap_table_setn(e, "GATEWAY_INTERFACE", "CGI/1.1");
-    ap_table_setn(e, "SERVER_PROTOCOL", r->protocol);
-    ap_table_setn(e, "REQUEST_METHOD", r->method);
-    ap_table_setn(e, "QUERY_STRING", r->args ? r->args : "");
-    ap_table_setn(e, "REQUEST_URI", original_uri(r));
-
-    /* Note that the code below special-cases scripts run from includes,
-     * because it "knows" that the sub_request has been hacked to have the
-     * args and path_info of the original request, and not any that may have
-     * come with the script URI in the include command.  Ugh.
-     */
-
-    if (!strcmp(r->protocol, "INCLUDED")) {
-	ap_table_setn(e, "SCRIPT_NAME", r->uri);
-	if (r->path_info && *r->path_info) {
-	    ap_table_setn(e, "PATH_INFO", r->path_info);
-	}
-    }
-    else if (!r->path_info || !*r->path_info) {
-	ap_table_setn(e, "SCRIPT_NAME", r->uri);
-    }
-    else {
-	int path_info_start = ap_find_path_info(r->uri, r->path_info);
-
-	ap_table_setn(e, "SCRIPT_NAME",
-		      ap_pstrndup(r->pool, r->uri, path_info_start));
-
-	ap_table_setn(e, "PATH_INFO", r->path_info);
-    }
-
-    if (r->path_info && r->path_info[0]) {
-	/*
-	 * To get PATH_TRANSLATED, treat PATH_INFO as a URI path.
-	 * Need to re-escape it for this, since the entire URI was
-	 * un-escaped before we determined where the PATH_INFO began.
-	 */
-	request_rec *pa_req;
-
-	pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r);
-
-	if (pa_req->filename) {
-	    char *pt = ap_pstrcat(r->pool, pa_req->filename, pa_req->path_info,
-				  NULL);
-	    ap_table_setn(e, "PATH_TRANSLATED", pt);
-	}
-	ap_destroy_sub_req(pa_req);
-    }
-}
-
-
-static int set_cookie_doo_doo(void *v, const char *key, const char *val)
-{
-    ap_table_addn(v, key, val);
-    return 1;
-}
-
-API_EXPORT(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
-				       int (*getsfunc) (char *, int, void *),
-				       void *getsfunc_data)
-{
-    char x[MAX_STRING_LEN];
-    char *w, *l;
-    int p;
-    int cgi_status = HTTP_OK;
-    table *merge;
-    table *cookie_table;
-
-    if (buffer) {
-	*buffer = '\0';
-    }
-    w = buffer ? buffer : x;
-
-    ap_hard_timeout("read script header", r);
-
-    /* temporary place to hold headers to merge in later */
-    merge = ap_make_table(r->pool, 10);
-
-    /* The HTTP specification says that it is legal to merge duplicate
-     * headers into one.  Some browsers that support Cookies don't like
-     * merged headers and prefer that each Set-Cookie header is sent
-     * separately.  Lets humour those browsers by not merging.
-     * Oh what a pain it is.
-     */
-    cookie_table = ap_make_table(r->pool, 2);
-    ap_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL);
-
-    while (1) {
-
-	if ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data) == 0) {
-	    ap_kill_timeout(r);
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Premature end of script headers: %s", r->filename);
-	    return HTTP_INTERNAL_SERVER_ERROR;
-	}
-
-	/* Delete terminal (CR?)LF */
-
-	p = strlen(w);
-        /* Indeed, the host's '\n':
-           '\012' for UNIX; '\015' for MacOS; '\025' for OS/390
-           -- whatever the script generates.
-        */
-	if (p > 0 && w[p - 1] == '\n') {
-	    if (p > 1 && w[p - 2] == CR) {
-		w[p - 2] = '\0';
-	    }
-	    else {
-		w[p - 1] = '\0';
-	    }
-	}
-
-	/*
-	 * If we've finished reading the headers, check to make sure any
-	 * HTTP/1.1 conditions are met.  If so, we're done; normal processing
-	 * will handle the script's output.  If not, just return the error.
-	 * The appropriate thing to do would be to send the script process a
-	 * SIGPIPE to let it know we're ignoring it, close the channel to the
-	 * script process, and *then* return the failed-to-meet-condition
-	 * error.  Otherwise we'd be waiting for the script to finish
-	 * blithering before telling the client the output was no good.
-	 * However, we don't have the information to do that, so we have to
-	 * leave it to an upper layer.
-	 */
-	if (w[0] == '\0') {
-	    int cond_status = OK;
-
-	    ap_kill_timeout(r);
-	    if ((cgi_status == HTTP_OK) && (r->method_number == M_GET)) {
-		cond_status = ap_meets_conditions(r);
-	    }
-	    ap_overlap_tables(r->err_headers_out, merge,
-		AP_OVERLAP_TABLES_MERGE);
-	    if (!ap_is_empty_table(cookie_table)) {
-		/* the cookies have already been copied to the cookie_table */
-		ap_table_unset(r->err_headers_out, "Set-Cookie");
-		r->err_headers_out = ap_overlay_tables(r->pool,
-		    r->err_headers_out, cookie_table);
-	    }
-	    return cond_status;
-	}
-
-	/* if we see a bogus header don't ignore it. Shout and scream */
-
-	if (!(l = strchr(w, ':'))) {
-	    char malformed[(sizeof MALFORMED_MESSAGE) + 1
-			   + MALFORMED_HEADER_LENGTH_TO_SHOW];
-
-	    strlcpy(malformed, MALFORMED_MESSAGE, sizeof(malformed));
-	    strncat(malformed, w, MALFORMED_HEADER_LENGTH_TO_SHOW);
-
-	    if (!buffer) {
-		/* Soak up all the script output - may save an outright kill */
-	        while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
-		    continue;
-		}
-	    }
-
-	    ap_kill_timeout(r);
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "%s: %s", malformed, r->filename);
-	    return HTTP_INTERNAL_SERVER_ERROR;
-	}
-
-	*l++ = '\0';
-	while (ap_isspace(*l)) {
-	    ++l;
-	}
-
-	if (!strcasecmp(w, "Content-type")) {
-	    char *tmp;
-
-	    /* Nuke trailing whitespace */
-
-	    char *endp = l + strlen(l) - 1;
-	    while (endp > l && ap_isspace(*endp)) {
-		*endp-- = '\0';
-	    }
-
-	    tmp = ap_pstrdup(r->pool, l);
-	    ap_content_type_tolower(tmp);
-	    r->content_type = tmp;
-	}
-	/*
-	 * If the script returned a specific status, that's what
-	 * we'll use - otherwise we assume 200 OK.
-	 */
-	else if (!strcasecmp(w, "Status")) {
-	    r->status = cgi_status = atoi(l);
-	    r->status_line = ap_pstrdup(r->pool, l);
-	}
-	else if (!strcasecmp(w, "Location")) {
-	    ap_table_set(r->headers_out, w, l);
-	}
-	else if (!strcasecmp(w, "Content-Length")) {
-	    ap_table_set(r->headers_out, w, l);
-	}
-	else if (!strcasecmp(w, "Transfer-Encoding")) {
-	    ap_table_set(r->headers_out, w, l);
-	}
-	/*
-	 * If the script gave us a Last-Modified header, we can't just
-	 * pass it on blindly because of restrictions on future values.
-	 */
-	else if (!strcasecmp(w, "Last-Modified")) {
-	    time_t mtime = ap_parseHTTPdate(l);
-
-	    ap_update_mtime(r, mtime);
-	    ap_set_last_modified(r);
-	}
-	else if (!strcasecmp(w, "Set-Cookie")) {
-	    ap_table_add(cookie_table, w, l);
-	}
-	else {
-	    ap_table_add(merge, w, l);
-	}
-    }
-}
-
-static int getsfunc_FILE(char *buf, int len, void *f)
-{
-    return fgets(buf, len, (FILE *) f) != NULL;
-}
-
-API_EXPORT(int) ap_scan_script_header_err(request_rec *r, FILE *f,
-					  char *buffer)
-{
-    return ap_scan_script_header_err_core(r, buffer, getsfunc_FILE, f);
-}
-
-static int getsfunc_BUFF(char *w, int len, void *fb)
-{
-    return ap_bgets(w, len, (BUFF *) fb) > 0;
-}
-
-API_EXPORT(int) ap_scan_script_header_err_buff(request_rec *r, BUFF *fb,
-					       char *buffer)
-{
-    return ap_scan_script_header_err_core(r, buffer, getsfunc_BUFF, fb);
-}
-
-struct vastrs {
-    va_list args;
-    int arg;
-    const char *curpos;
-};
-
-static int getsfunc_STRING(char *w, int len, void *pvastrs)
-{
-    struct vastrs *strs = (struct vastrs*) pvastrs;
-    char *p;
-    int t;
-    
-    if (!strs->curpos || !*strs->curpos) 
-        return 0;
-    p = strchr(strs->curpos, '\n');
-    if (p)
-        ++p;
-    else
-        p = strchr(strs->curpos, '\0');
-    t = p - strs->curpos;
-    if (t > len)
-        t = len;
-    strncpy (w, strs->curpos, t);
-    w[t] = '\0';
-    if (!strs->curpos[t]) {
-        ++strs->arg;
-        strs->curpos = va_arg(strs->args, const char *);
-    }
-    else
-        strs->curpos += t;
-    return t;    
-}
-
-/* ap_scan_script_header_err_strs() accepts additional const char* args...
- * each is treated as one or more header lines, and the first non-header
- * character is returned to **arg, **data.  (The first optional arg is
- * counted as 0.)
- */
-API_EXPORT_NONSTD(int) ap_scan_script_header_err_strs(request_rec *r, 
-                                                      char *buffer, 
-                                                      const char **termch,
-                                                      int *termarg, ...)
-{
-    struct vastrs strs;
-    int res;
-
-    va_start(strs.args, termarg);
-    strs.arg = 0;
-    strs.curpos = va_arg(strs.args, char*);
-    res = ap_scan_script_header_err_core(r, buffer, getsfunc_STRING, (void *) &strs);
-    if (termch)
-        *termch = strs.curpos;
-    if (termarg)
-        *termarg = strs.arg;
-    va_end(strs.args);
-    return res;
-}
-
-API_EXPORT(void) ap_send_size(size_t size, request_rec *r)
-{
-    /* XXX: this -1 thing is a gross hack */
-    if (size == (size_t)-1) {
-	ap_rputs("    -", r);
-    }
-    else if (!size) {
-	ap_rputs("   0k", r);
-    }
-    else if (size < 1024) {
-	ap_rputs("   1k", r);
-    }
-    else if (size < 1048576) {
-	ap_rprintf(r, "%4dk", (int)((size + 512) / 1024));
-    }
-    else if (size < 103809024) {
-	ap_rprintf(r, "%4.1fM", size / 1048576.0);
-    }
-    else {
-	ap_rprintf(r, "%4dM", (int)((size + 524288) / 1048576));
-    }
-}
-
-API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
-			     char **env, int shellcmd)
-{
-    int pid = 0;
-    core_dir_config *conf;
-    conf = (core_dir_config *) ap_get_module_config(r->per_dir_config,
-						    &core_module);
-
-    /* the fd on r->server->error_log is closed, but we need somewhere to
-     * put the error messages from the log_* functions. So, we use stderr,
-     * since that is better than allowing errors to go unnoticed.  Don't do
-     * this on Win32, though, since we haven't fork()'d.
-     */
-    r->server->error_log = stderr;
-
-    if (conf->limit_cpu != NULL) {
-        if ((setrlimit(RLIMIT_CPU, conf->limit_cpu)) != 0) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-			 "setrlimit: failed to set CPU usage limit");
-	}
-    }
-    if (conf->limit_nproc != NULL) {
-        if ((setrlimit(RLIMIT_NPROC, conf->limit_nproc)) != 0) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-			 "setrlimit: failed to set process limit");
-	}
-    }
-    if (conf->limit_mem != NULL) {
-        if ((setrlimit(RLIMIT_DATA, conf->limit_mem)) != 0) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-			 "setrlimit(RLIMIT_DATA): failed to set memory "
-			 "usage limit");
-	}
-    }
-    if (ap_suexec_enabled
-	&& ((r->server->server_uid != ap_user_id)
-	    || (r->server->server_gid != ap_group_id)
-	    || (!strncmp("/~", r->uri, 2)))) {
-
-	char *execuser, *grpname;
-	struct passwd *pw;
-	struct group *gr;
-
-	if (!strncmp("/~", r->uri, 2)) {
-	    gid_t user_gid;
-	    char *username = ap_pstrdup(r->pool, r->uri + 2);
-	    char *pos = strchr(username, '/');
-
-	    if (pos) {
-		*pos = '\0';
-	    }
-
-	    if ((pw = getpwnam(username)) == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getpwnam: invalid username %s", username);
-		return (pid);
-	    }
-	    execuser = ap_pstrcat(r->pool, "~", pw->pw_name, NULL);
-	    user_gid = pw->pw_gid;
-
-	    if ((gr = getgrgid(user_gid)) == NULL) {
-	        if ((grpname = ap_palloc(r->pool, 16)) == NULL) {
-		    return (pid);
-		}
-		else {
-		    ap_snprintf(grpname, 16, "%ld", (long) user_gid);
-		}
-	    }
-	    else {
-		grpname = gr->gr_name;
-	    }
-	}
-	else {
-	    if ((pw = getpwuid(r->server->server_uid)) == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getpwuid: invalid userid %ld",
-			     (long) r->server->server_uid);
-		return (pid);
-	    }
-	    execuser = ap_pstrdup(r->pool, pw->pw_name);
-
-	    if ((gr = getgrgid(r->server->server_gid)) == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getgrgid: invalid groupid %ld",
-			     (long) r->server->server_gid);
-		return (pid);
-	    }
-	    grpname = gr->gr_name;
-	}
-
-	if (shellcmd) {
-	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0,
-		   (char *)NULL, env);
-	}
-
-	else if ((conf->cgi_command_args == AP_FLAG_OFF)
-            || (!r->args) || (!r->args[0])
-            || strchr(r->args, '=')) {
-	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0,
-		   (char *)NULL, env);
-	}
-
-	else {
-	    execve(SUEXEC_BIN,
-		   create_argv(r->pool, SUEXEC_BIN, execuser, grpname,
-			       argv0, r->args),
-		   env);
-	}
-    }
-    else {
-        if (shellcmd) {
-	    execle(SHELL_PATH, SHELL_PATH, "-c", argv0, (char *)NULL, env);
-	}
-
-	else if ((conf->cgi_command_args == AP_FLAG_OFF)
-            || (!r->args) || (!r->args[0])
-            || strchr(r->args, '=')) {
-	    execle(r->filename, argv0, (void*)NULL, env);
-	}
-
-	else {
-	    execve(r->filename,
-		   create_argv(r->pool, NULL, NULL, NULL, argv0, r->args),
-		   env);
-	}
-    }
-    return (pid);
-}
diff --git a/usr.sbin/httpd/src/main/util_uri.c b/usr.sbin/httpd/src/main/util_uri.c
deleted file mode 100644
index 5865a2163a9..00000000000
--- a/usr.sbin/httpd/src/main/util_uri.c
+++ /dev/null
@@ -1,507 +0,0 @@
-/*	$OpenBSD: util_uri.c,v 1.11 2008/05/15 06:05:44 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * util_uri.c: URI related utility things
- * 
- */
-
-#include "httpd.h"
-#include "http_log.h"
-#include "http_conf_globals.h"  /* for user_id & group_id */
-#include "util_uri.h"
-
-/* 
- * Some WWW schemes and their default ports; this is basically /etc/services
- * This will become global when the protocol abstraction comes
- * As the schemes are searched by a linear search,
- * they are sorted by their expected frequency
- */
-static schemes_t schemes[] = {
-	{"http", DEFAULT_HTTP_PORT},
-	{"ftp", DEFAULT_FTP_PORT},
-	{"https", DEFAULT_HTTPS_PORT},
-	{"gopher", DEFAULT_GOPHER_PORT},
-	{"wais", DEFAULT_WAIS_PORT},
-	{"nntp", DEFAULT_NNTP_PORT},
-	{"snews", DEFAULT_SNEWS_PORT},
-	{"prospero", DEFAULT_PROSPERO_PORT},
-	{NULL, 0xFFFF}              /* unknown port */
-};
-
-
-API_EXPORT(unsigned short)
-ap_default_port_for_scheme(const char *scheme_str)
-{
-	schemes_t *scheme;
-
-	if (scheme_str == NULL)
-		return 0;
-
-	for (scheme = schemes; scheme->name != NULL; ++scheme)
-		if (strcasecmp(scheme_str, scheme->name) == 0)
-			return scheme->default_port;
-
-	return 0;
-}
-
-API_EXPORT(unsigned short)
-ap_default_port_for_request(const request_rec *r)
-{
-	return (r->parsed_uri.scheme)
-	    ? ap_default_port_for_scheme(r->parsed_uri.scheme) : 0;
-}
-
-/* 
- * Create a copy of a "struct hostent" record; it was presumably returned
- * from a call to gethostbyname() and lives in static storage.
- * By creating a copy we can tuck it away for later use.
- */
-API_EXPORT(struct hostent *)
-ap_pduphostent(pool *p, const struct hostent *hp)
-{
-	struct hostent *newent;
-	char **ptrs;
-	char **aliases;
-	struct in_addr *addrs;
-	int i = 0, j = 0;
-
-	if (hp == NULL)
-		return NULL;
-
-	/* Count number of alias entries */
-	if (hp->h_aliases != NULL)
-		for (; hp->h_aliases[j] != NULL; ++j)
-			continue;
-
-	/* Count number of in_addr entries */
-	if (hp->h_addr_list != NULL)
-		for (; hp->h_addr_list[i] != NULL; ++i)
-			continue;
-
-	/* Allocate hostent structure, alias ptrs, addr ptrs, addrs */
-	newent = (struct hostent *)ap_palloc(p, sizeof(*hp));
-	aliases = (char **)ap_palloc(p, (j + 1) * sizeof(char *));
-	ptrs = (char **)ap_palloc(p, (i + 1) * sizeof(char *));
-	addrs = (struct in_addr *)ap_palloc(p, (i + 1) * sizeof(struct in_addr));
-
-	*newent = *hp;
-	newent->h_name = ap_pstrdup(p, hp->h_name);
-	newent->h_aliases = aliases;
-	newent->h_addr_list = (char **)ptrs;
-
-	/* Copy Alias Names: */
-	for (j = 0; hp->h_aliases[j] != NULL; ++j)
-		aliases[j] = ap_pstrdup(p, hp->h_aliases[j]);
-	aliases[j] = NULL;
-
-	/* Copy address entries */
-	for (i = 0; hp->h_addr_list[i] != NULL; ++i) {
-		ptrs[i] = (char *)&addrs[i];
-		addrs[i] = *(struct in_addr *)hp->h_addr_list[i];
-	}
-	ptrs[i] = NULL;
-
-	return newent;
-}
-
-
-/*
- * pgethostbyname(): resolve hostname, if successful return an ALLOCATED
- * COPY OF the hostent structure, intended to be stored and used later.
- * (gethostbyname() uses static storage that would be overwritten on each call)
- */
-API_EXPORT(struct hostent *)
-ap_pgethostbyname(pool *p, const char *hostname)
-{
-	struct hostent *hp = gethostbyname(hostname);
-	return (hp == NULL) ? NULL : ap_pduphostent(p, hp);
-}
-
-
-/* Unparse a uri_components structure to an URI string.
- * Optionally suppress the password for security reasons.
- * See also RFC 2396.
- */
-API_EXPORT(char *)
-ap_unparse_uri_components(pool *p, const uri_components * uptr, unsigned flags)
-{
-	char *parts[16];     /* 16 distinct parts of a URI */
-	char *scheme = NULL; /* to hold the scheme without modifying const
-			     /* args */
-	int j = 0;           /* an index into parts */
-
-	memset(parts, 0, sizeof(parts));
-
-	/*
-	 * If suppressing the site part, omit all of
-	 * scheme://user:pass@host:port
-	 */
-	if (!(flags & UNP_OMITSITEPART)) {
-
-		/* 
-		 * if the user passes in a scheme, we'll assume an
-		 * absoluteURI
-		 */
-		if (uptr->scheme) {
-			scheme = uptr->scheme;
-
-			parts[j++] = uptr->scheme;
-			parts[j++] = ":";
-		}
-
-		/* handle the hier_part */
-		if (uptr->user || uptr->password || uptr->hostname) {
-			/* this stuff requires absoluteURI, so we have to
-			 * add the scheme
-			 */
-			if (!uptr->scheme) {
-				scheme = DEFAULT_URI_SCHEME;
-
-				parts[j++] = DEFAULT_URI_SCHEME;
-				parts[j++] = ":";
-			}
-
-			parts[j++] = "//";
-
-			/* userinfo requires hostport */
-			if (uptr->hostname && (uptr->user || uptr->password)) {
-				if (uptr->user && !(flags & UNP_OMITUSER))
-					parts[j++] = uptr->user;
-
-				if (uptr->password &&
-				    !(flags & UNP_OMITPASSWORD)) {
-					parts[j++] = ":";
-
-					if (flags & UNP_REVEALPASSWORD)
-						parts[j++] = uptr->password;
-					else
-						parts[j++] = "XXXXXXXX";
-				}    
-
-				parts[j++] = "@";
-			}                
-
-			/* If we get here, there must be a hostname. */
-			parts[j++] = uptr->hostname;
-
-			/*
-			 * Emit the port.  A small beautification
-			 * prevents http://host:80/ and similar visual blight.
-			 */
-			if (uptr->port_str && !(uptr->port && scheme &&
-			    uptr->port == ap_default_port_for_scheme(scheme))) {
-				parts[j++] = ":";
-				parts[j++] = uptr->port_str;
-			}
-		}
-	}
-
-	if (!(flags & UNP_OMITPATHINFO)) {
-
-
-		/* We must ensure we don't put out a hier_part and a rel_path */
-		if (j && uptr->path && *uptr->path != '/')
-			parts[j++] = "/";
-
-		if (uptr->path != NULL)
-			parts[j++] = uptr->path;
-
-		if (!(flags & UNP_OMITQUERY)) {
-			if (uptr->query) {
-				parts[j++] = "?";
-				parts[j++] = uptr->query;
-			}
-
-			if (uptr->fragment) {
-				parts[j++] = "#";
-				parts[j++] = uptr->fragment;
-			}
-		}
-	}
-
-	/* Ugly, but correct and probably faster than ap_vsnprintf. */
-	return ap_pstrcat(p, parts[0], parts[1], parts[2], parts[3], parts[4],
-	    parts[5], parts[6], parts[7], parts[8], parts[9], parts[10],
-	    parts[11], parts[12], parts[13], parts[14], parts[15], NULL);
-}
-
-/*
- * Here is the hand-optimized parse_uri_components().  There are some wild
- * tricks we could pull in assembly language that we don't pull here... like we
- * can do word-at-time scans for delimiter characters using the same technique
- * that fast memchr()s use.  But that would be way non-portable. -djg
- */
-
-/* 
- * We have a table that we can index by character and it tells us if the
- * character is one of the interesting delimiters.  Note that we even get
- * compares for NUL for free -- it's just another delimiter.
- */
-
-#define T_COLON         0x01    /* ':' */
-#define T_SLASH         0x02    /* '/' */
-#define T_QUESTION      0x04    /* '?' */
-#define T_HASH          0x08    /* '#' */
-#define T_NUL           0x80    /* '\0' */
-
-/* the uri_delims.h file is autogenerated by gen_uri_delims.c */
-#include "uri_delims.h"
-
-/* it works like this:
-    if (uri_delims[ch] & NOTEND_foobar) {
-        then we're not at a delimiter for foobar
-    }
-*/
-
-/* Note that we optimize the scheme scanning here, we cheat and let the
- * compiler know that it doesn't have to do the & masking.
- */
-#define NOTEND_SCHEME   (0xff)
-#define NOTEND_HOSTINFO (T_SLASH | T_QUESTION | T_HASH | T_NUL)
-#define NOTEND_PATH     (T_QUESTION | T_HASH | T_NUL)
-
-void
-ap_util_uri_init(void)
-{
-	/*
-	 * Nothing to do - except....
-	 * UTIL_URI_REGEX was removed, but third parties may depend on this
-	 * symbol being present. So, we'll leave it in.... - vjo
-	 */
-}
-
-/* parse_uri_components():
- * Parse a given URI, fill in all supplied fields of a uri_components
- * structure. This eliminates the necessity of extracting host, port,
- * path, query info repeatedly in the modules.
- * Side effects:
- *  - fills in fields of uri_components *uptr
- *  - none on any of the r->* fields
- */
-API_EXPORT(int)
-ap_parse_uri_components(pool *p, const char *uri, uri_components * uptr)
-{
-	const char *s;
-	const char *s1;
-	const char *hostinfo;
-	char *endstr;
-	int port;
-
-	/* Initialize the structure. parse_uri() and parse_uri_components()
-	 * can be called more than once per request.
-	 */
-	memset(uptr, '\0', sizeof(*uptr));
-	uptr->is_initialized = 1;
-
-	/* We assume the processor has a branch predictor like most --
-	 * it assumes forward branches are untaken and backwards are taken.
-	 * That's the reason for the gotos.  -djg
-	 */
-	if (uri[0] == '/') {
-		deal_with_path:
-		/* we expect uri to point to first character of path ...
-		 * remember that the path could be empty -- 
-		 * http://foobar?query for example
-		 */
-		s = uri;
-		while ((uri_delims[*(unsigned char *)s] & NOTEND_PATH) == 0)
-			++s;
-
-		if (s != uri)
-			uptr->path = ap_pstrndup(p, uri, s - uri);
-
-		if (*s == 0)
-			return HTTP_OK;
-
-		if (*s == '?') {
-			++s;
-			s1 = strchr(s, '#');
-			if (s1) {
-				uptr->fragment = ap_pstrdup(p, s1 + 1);
-				uptr->query = ap_pstrndup(p, s, s1 - s);
-			} else
-				uptr->query = ap_pstrdup(p, s);
-
-			return HTTP_OK;
-		}
-		/* otherwise it's a fragment */
-		uptr->fragment = ap_pstrdup(p, s + 1);
-		return HTTP_OK;
-	}
-
-	/* find the scheme: */
-	s = uri;
-	while ((uri_delims[*(unsigned char *) s] & NOTEND_SCHEME) == 0)
-		++s;
-
-	/* scheme must be non-empty and followed by :// */
-	if (s == uri || s[0] != ':' || s[1] != '/' || s[2] != '/')
-		goto deal_with_path;    /* backwards predicted taken! */
-
-
-	uptr->scheme = ap_pstrndup(p, uri, s - uri);
-	s += 3;
-	hostinfo = s;
-	while ((uri_delims[*(unsigned char *) s] & NOTEND_HOSTINFO) == 0)
-		++s;
-
-	uri = s;	/* whatever follows hostinfo is start of uri */
-	uptr->hostinfo = ap_pstrndup(p, hostinfo, uri - hostinfo);
-
-	/* If there's a username:password@host:port, the @ we want is
-	 * the last @...too bad there's no memrchr()... For the C purists,
-	 * note that hostinfo is definately not the first character of the
-	 * original uri so therefore &hostinfo[-1] < &hostinfo[0] ...
-	 *  and this loop is valid C.
-	 */
-	do {
-		--s;
-	} while (s >= hostinfo && *s != '@');
-	if (s < hostinfo) {
-		/* again we want the common case to be fall through */
-		deal_with_host:
-		/* We expect hostinfo to point to the first character of
-		 * the hostname.  If there's a port it is the first colon.
-		 */
-		if (*hostinfo == '[') {
-			s = memchr(hostinfo+1, ']', uri - hostinfo - 1);
-			if (s)
-				s = strchr(s, ':');
-		} else
-			s = memchr(hostinfo, ':', uri - hostinfo);
-		if (s == NULL) {
-			/* we expect the common case to have no port */
-			uptr->hostname = ap_pstrndup(p, hostinfo,
-			    uri - hostinfo);
-			goto deal_with_path;
-		}
-		uptr->hostname = ap_pstrndup(p, hostinfo, s - hostinfo);
-		++s;
-		uptr->port_str = ap_pstrndup(p, s, uri - s);
-		if (uri != s) {
-			port = ap_strtol(uptr->port_str, &endstr, 10);
-			uptr->port = port;
-			if (*endstr == '\0')
-				goto deal_with_path;
-
-			/* Invalid characters after ':' found */
-			return HTTP_BAD_REQUEST;
-		}
-		uptr->port = ap_default_port_for_scheme(uptr->scheme);
-		goto deal_with_path;
-	}
-
-	/* first colon delimits username:password */
-	s1 = memchr(hostinfo, ':', s - hostinfo);
-	if (s1) {
-		uptr->user = ap_pstrndup(p, hostinfo, s1 - hostinfo);
-		++s1;
-		uptr->password = ap_pstrndup(p, s1, s - s1);
-	} else
-		uptr->user = ap_pstrndup(p, hostinfo, s - hostinfo);
-	hostinfo = s + 1;
-	goto deal_with_host;
-}
-
-/* Special case for CONNECT parsing: it comes with the hostinfo part only */
-/* See the INTERNET-DRAFT document "Tunneling SSL Through a WWW Proxy"
- * currently at http://www.mcom.com/newsref/std/tunneling_ssl.html
- * for the format of the "CONNECT host:port HTTP/1.0" request
- */
-API_EXPORT(int)
-ap_parse_hostinfo_components(pool *p, const char *hostinfo,
-    uri_components *uptr)
-{
-	const char *s;
-	char *endstr;
-
-	/* Initialize the structure. parse_uri() and parse_uri_components()
-	 * can be called more than once per request.
-	 */
-	memset(uptr, '\0', sizeof(*uptr));
-	uptr->is_initialized = 1;
-	uptr->hostinfo = ap_pstrdup(p, hostinfo);
-
-	/* We expect hostinfo to point to the first character of
-	 * the hostname.  There must be a port, separated by a colon
-	 */
-	if (*hostinfo == '[') {
-		s = strchr(hostinfo+1, ']');
-		if (s)
-			s = strchr(s, ':');
-	} else
-		s = strchr(hostinfo, ':');
-	if (s == NULL)
-		return HTTP_BAD_REQUEST;
-
-	uptr->hostname = ap_pstrndup(p, hostinfo, s - hostinfo);
-	++s;
-	uptr->port_str = ap_pstrdup(p, s);
-	if (*s != '\0') {
-		uptr->port = (unsigned short)ap_strtol(uptr->port_str,
-		    &endstr, 10);
-		if (*endstr == '\0')
-			return HTTP_OK;
-
-	/* Invalid characters after ':' found */
-	}
-	return HTTP_BAD_REQUEST;
-}
diff --git a/usr.sbin/httpd/src/modules/README b/usr.sbin/httpd/src/modules/README
deleted file mode 100644
index df25f051f25..00000000000
--- a/usr.sbin/httpd/src/modules/README
+++ /dev/null
@@ -1,34 +0,0 @@
-The directory structure for this level is as follows:
-
-standard/
-
-  In this directory are the standard supported modules for 
-  Apache.  Not all are compiled by default.
-
-proxy/
-
-  This houses the code for the proxy module for Apache.
-
-experimental/
-
-  In this directory we've placed some modules which we think
-  provide some pretty interesting functionality, but which
-  are still in the early stages of development and could
-  evolve radically in the future.  This code isn't supported
-  officially.
-
-extra/
-
-  This is the directory for third-party modules, such as mod_jserv.
-
-test/
-
-  This directory houses modules which test various components 
-  of Apache.  You should not compile these into a production
-  server.  
-
-example/
-
-  This directory houses example modules, to help module authors
-  figure their way around the Apache API and module concept.
-
diff --git a/usr.sbin/httpd/src/modules/example/.indent.pro b/usr.sbin/httpd/src/modules/example/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/modules/example/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/modules/example/Makefile b/usr.sbin/httpd/src/modules/example/Makefile
deleted file mode 100644
index 9bec391a3bf..00000000000
--- a/usr.sbin/httpd/src/modules/example/Makefile
+++ /dev/null
@@ -1,107 +0,0 @@
-# ====================================================================
-# Copyright (c) 1995-1997 The Apache Group.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# 3. All advertising materials mentioning features or use of this
-#    software must display the following acknowledgment:
-#    "This product includes software developed by the Apache Group
-#    for use in the Apache HTTP server project (http://www.apache.org/)."
-#
-# 4. The names "Apache Server" and "Apache Group" must not be used to
-#    endorse or promote products derived from this software without
-#    prior written permission.
-#
-# 5. Redistributions of any form whatsoever must retain the following
-#    acknowledgment:
-#    "This product includes software developed by the Apache Group
-#    for use in the Apache HTTP server project (http://www.apache.org/)."
-#
-# THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
-# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
-# ====================================================================
-#
-# This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Group and was originally based
-# on public domain software written at the National Center for
-# Supercomputing Applications, University of Illinois, Urbana-Champaign.
-# For more information on the Apache Group and the Apache HTTP server
-# project, please see <http://www.apache.org/>.
-# 
-# Makefile for the Apache example module
-# 
-
-#
-# This normally lives in modules/example under the Apache source
-# directory.  If the depth or relationship changes, the following line
-# may need to be changed.
-#
-INCDIR=../..
-
-#
-# Everything below this point should be invariant.
-#
-SHELL=/bin/sh
-
-#
-# We inherit the definitions of CC, AUX_CFLAGS, and RANLIB from an
-# upline make(1) call.
-#
-CFLAGS=-I$(INCDIR) $(AUX_CFLAGS)
-
-MODULES=mod_example.o
-OBJS= \
-    $(MODULES)
-
-#
-# Now the rules saying how things are built.
-#
-.c.o:
-	$(CC) -c $(CFLAGS) $<
-
-all:	$(OBJS)
-
-clean:
-	rm -f $(OBJS) 
-
-#
-# Finally, what depnds upon which, so make can figure out what it needs
-# to do.
-#
-
-#
-# Make sure that things get rebuilt if the Makefiles are changed.
-#
-$(OBJS): \
-    Makefile \
-    $(INCDIR)/Makefile
-
-mod_example.o: \
-    $(INCDIR)/httpd.h \
-    $(INCDIR)/http_config.h \
-    $(INCDIR)/http_core.h \
-    $(INCDIR)/http_log.h \
-    $(INCDIR)/http_main.h \
-    $(INCDIR)/http_protocol.h \
-    $(INCDIR)/util_script.h \
-    mod_example.c
diff --git a/usr.sbin/httpd/src/modules/example/Makefile.tmpl b/usr.sbin/httpd/src/modules/example/Makefile.tmpl
deleted file mode 100644
index 017cffb799a..00000000000
--- a/usr.sbin/httpd/src/modules/example/Makefile.tmpl
+++ /dev/null
@@ -1,15 +0,0 @@
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_example.o: mod_example.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/util_script.h
diff --git a/usr.sbin/httpd/src/modules/example/README b/usr.sbin/httpd/src/modules/example/README
deleted file mode 100644
index 77abc097c00..00000000000
--- a/usr.sbin/httpd/src/modules/example/README
+++ /dev/null
@@ -1,53 +0,0 @@
-README for Apache 1.2 Example Module
-[April, 1997]
-
-The files in the src/modules/example directory under the Apache
-distribution directory tree are provided as an example to those that
-wish to write modules that use the Apache API.
-
-The main file is mod_example.c, which illustrates all the different
-callback mechanisms and call syntaces.  By no means does an add-on
-module need to include routines for all of the callbacks - quite the
-contrary!
-
-The example module is an actual working module.  If you link it into
-your server, enable the "example-handler" handler for a location, and then
-browse to that location, you will see a display of some of the tracing
-the example module did as the various callbacks were made.
-
-To include the example module in your server, follow the steps below:
-
-    1. Uncomment the "Module example_module" line near the bottom of
-       the src/Configuration file.  If there isn't one, add it; it
-       should look like this:
-
-       Module example_module        modules/example/mod_example.o
-
-    2. Run the src/Configure script ("cd src; ./Configure").  This will
-       build the Makefile for the server itself, and update the
-       src/modules/Makefile for any additional modules you have
-       requested from beneath that subdirectory.
-
-    3. Make the server (run "make" in the src directory).
-
-To add another module of your own:
-
-    A. mkdir src/modules/mymodule
-    B. cp src/modules/example/* src/modules/mymodule
-    C. Modify the files in the new directory
-    D. Follow steps [1] through [3] above, with appropriate changes.
-
-To activate the example module, include a block similar to the
-following in your srm.conf file:
-
-    <Location /example-info>
-	SetHandler example-handler
-    </Location>
-
-As an alternative, you can put the following into a .htaccess file and
-then request the file "test.example" from that location:
-
-    AddHandler example-handler .example
-
-After reloading/restarting your server, you should be able to browse
-to this location and see the brief display mentioned earlier.
diff --git a/usr.sbin/httpd/src/modules/example/mod_example.c b/usr.sbin/httpd/src/modules/example/mod_example.c
deleted file mode 100644
index 7830c4dfed7..00000000000
--- a/usr.sbin/httpd/src/modules/example/mod_example.c
+++ /dev/null
@@ -1,1152 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* 
- * Apache example module.  Provide demonstrations of how modules do things.
- *
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include "util_script.h"
-
-#include <stdio.h>
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Data declarations.                                                       */
-/*                                                                          */
-/* Here are the static cells and structure declarations private to our      */
-/* module.                                                                  */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-
-/*
- * Sample configuration record.  Used for both per-directory and per-server
- * configuration data.
- *
- * It's perfectly reasonable to have two different structures for the two
- * different environments.  The same command handlers will be called for
- * both, though, so the handlers need to be able to tell them apart.  One
- * possibility is for both structures to start with an int which is zero for
- * one and 1 for the other.
- *
- * Note that while the per-directory and per-server configuration records are
- * available to most of the module handlers, they should be treated as
- * READ-ONLY by all except the command and merge handlers.  Sometimes handlers
- * are handed a record that applies to the current location by implication or
- * inheritance, and modifying it will change the rules for other locations.
- */
-typedef struct excfg {
-    int cmode;                  /* Environment to which record applies (directory,
-                                 * server, or combination).
-                                 */
-#define CONFIG_MODE_SERVER 1
-#define CONFIG_MODE_DIRECTORY 2
-#define CONFIG_MODE_COMBO 3     /* Shouldn't ever happen. */
-    int local;                  /* Boolean: "Example" directive declared here? */
-    int congenital;             /* Boolean: did we inherit an "Example"? */
-    char *trace;                /* Pointer to trace string. */
-    char *loc;                  /* Location to which this record applies. */
-} excfg;
-
-/*
- * Let's set up a module-local static cell to point to the accreting callback
- * trace.  As each API callback is made to us, we'll tack on the particulars
- * to whatever we've already recorded.  To avoid massive memory bloat as
- * directories are walked again and again, we record the routine/environment
- * the first time (non-request context only), and ignore subsequent calls for
- * the same routine/environment.
- */
-static const char *trace = NULL;
-static table *static_calls_made = NULL;
-
-/*
- * To avoid leaking memory from pools other than the per-request one, we
- * allocate a module-private pool, and then use a sub-pool of that which gets
- * freed each time we modify the trace.  That way previous layers of trace
- * data don't get lost.
- */
-static pool *example_pool = NULL;
-static pool *example_subpool = NULL;
-
-/*
- * Declare ourselves so the configuration routines can find and know us.
- * We'll fill it in at the end of the module.
- */
-module MODULE_VAR_EXPORT example_module;
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* The following pseudo-prototype declarations illustrate the parameters    */
-/* passed to command handlers for the different types of directive          */
-/* syntax.  If an argument was specified in the directive definition        */
-/* (look for "command_rec" below), it's available to the command handler    */
-/* via the (void *) info field in the cmd_parms argument passed to the      */
-/* handler (cmd->info for the examples below).                              */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-
-/*
- * Command handler for a NO_ARGS directive.
- *
- * static const char *handle_NO_ARGS(cmd_parms *cmd, void *mconfig);
- */
-
-/*
- * Command handler for a RAW_ARGS directive.  The "args" argument is the text
- * of the commandline following the directive itself.
- *
- * static const char *handle_RAW_ARGS(cmd_parms *cmd, void *mconfig,
- *                                    const char *args);
- */
-
-/*
- * Command handler for a FLAG directive.  The single parameter is passed in
- * "bool", which is either zero or not for Off or On respectively.
- *
- * static const char *handle_FLAG(cmd_parms *cmd, void *mconfig, int bool);
- */
-
-/*
- * Command handler for a TAKE1 directive.  The single parameter is passed in
- * "word1".
- *
- * static const char *handle_TAKE1(cmd_parms *cmd, void *mconfig,
- *                                 char *word1);
- */
-
-/*
- * Command handler for a TAKE2 directive.  TAKE2 commands must always have
- * exactly two arguments.
- *
- * static const char *handle_TAKE2(cmd_parms *cmd, void *mconfig,
- *                                 char *word1, char *word2);
- */
-
-/*
- * Command handler for a TAKE3 directive.  Like TAKE2, these must have exactly
- * three arguments, or the parser complains and doesn't bother calling us.
- *
- * static const char *handle_TAKE3(cmd_parms *cmd, void *mconfig,
- *                                 char *word1, char *word2, char *word3);
- */
-
-/*
- * Command handler for a TAKE12 directive.  These can take either one or two
- * arguments.
- * - word2 is a NULL pointer if no second argument was specified.
- *
- * static const char *handle_TAKE12(cmd_parms *cmd, void *mconfig,
- *                                  char *word1, char *word2);
- */
-
-/*
- * Command handler for a TAKE123 directive.  A TAKE123 directive can be given,
- * as might be expected, one, two, or three arguments.
- * - word2 is a NULL pointer if no second argument was specified.
- * - word3 is a NULL pointer if no third argument was specified.
- *
- * static const char *handle_TAKE123(cmd_parms *cmd, void *mconfig,
- *                                   char *word1, char *word2, char *word3);
- */
-
-/*
- * Command handler for a TAKE13 directive.  Either one or three arguments are
- * permitted - no two-parameters-only syntax is allowed.
- * - word2 and word3 are NULL pointers if only one argument was specified.
- *
- * static const char *handle_TAKE13(cmd_parms *cmd, void *mconfig,
- *                                  char *word1, char *word2, char *word3);
- */
-
-/*
- * Command handler for a TAKE23 directive.  At least two and as many as three
- * arguments must be specified.
- * - word3 is a NULL pointer if no third argument was specified.
- *
- * static const char *handle_TAKE23(cmd_parms *cmd, void *mconfig,
- *                                  char *word1, char *word2, char *word3);
- */
-
-/*
- * Command handler for a ITERATE directive.
- * - Handler is called once for each of n arguments given to the directive.
- * - word1 points to each argument in turn.
- *
- * static const char *handle_ITERATE(cmd_parms *cmd, void *mconfig,
- *                                   char *word1);
- */
-
-/*
- * Command handler for a ITERATE2 directive.
- * - Handler is called once for each of the second and subsequent arguments
- *   given to the directive.
- * - word1 is the same for each call for a particular directive instance (the
- *   first argument).
- * - word2 points to each of the second and subsequent arguments in turn.
- *
- * static const char *handle_ITERATE2(cmd_parms *cmd, void *mconfig,
- *                                    char *word1, char *word2);
- */
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* These routines are strictly internal to this module, and support its     */
-/* operation.  They are not referenced by any external portion of the       */
-/* server.                                                                  */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-
-/*
- * Locate our directory configuration record for the current request.
- */
-static excfg *our_dconfig(request_rec *r)
-{
-
-    return (excfg *) ap_get_module_config(r->per_dir_config, &example_module);
-}
-
-#if 0
-/*
- * Locate our server configuration record for the specified server.
- */
-static excfg *our_sconfig(server_rec *s)
-{
-
-    return (excfg *) ap_get_module_config(s->module_config, &example_module);
-}
-
-/*
- * Likewise for our configuration record for the specified request.
- */
-static excfg *our_rconfig(request_rec *r)
-{
-
-    return (excfg *) ap_get_module_config(r->request_config, &example_module);
-}
-#endif
-
-/*
- * This routine sets up some module-wide cells if they haven't been already.
- */
-static void setup_module_cells()
-{
-    /*
-     * If we haven't already allocated our module-private pool, do so now.
-     */
-    if (example_pool == NULL) {
-        example_pool = ap_make_sub_pool(NULL);
-    };
-    /*
-     * Likewise for the table of routine/environment pairs we visit outside of
-     * request context.
-     */
-    if (static_calls_made == NULL) {
-        static_calls_made = ap_make_table(example_pool, 16);
-    };
-}
-
-/*
- * This routine is used to add a trace of a callback to the list.  We're
- * passed the server record (if available), the request record (if available),
- * a pointer to our private configuration record (if available) for the
- * environment to which the callback is supposed to apply, and some text.  We
- * turn this into a textual representation and add it to the tail of the list.
- * The list can be displayed by the example_handler() routine.
- *
- * If the call occurs within a request context (i.e., we're passed a request
- * record), we put the trace into the request pool and attach it to the
- * request via the notes mechanism.  Otherwise, the trace gets added
- * to the static (non-request-specific) list.
- *
- * Note that the r->notes table is only for storing strings; if you need to
- * maintain per-request data of any other type, you need to use another
- * mechanism.
- */
-
-#define TRACE_NOTE "example-trace"
-
-static void trace_add(server_rec *s, request_rec *r, excfg *mconfig,
-                      const char *note)
-{
-
-    const char *sofar;
-    char *addon;
-    char *where;
-    pool *p;
-    const char *trace_copy;
-
-    /*
-     * Make sure our pools and tables are set up - we need 'em.
-     */
-    setup_module_cells();
-    /*
-     * Now, if we're in request-context, we use the request pool.
-     */
-    if (r != NULL) {
-        p = r->pool;
-        if ((trace_copy = ap_table_get(r->notes, TRACE_NOTE)) == NULL) {
-            trace_copy = "";
-        }
-    }
-    else {
-        /*
-         * We're not in request context, so the trace gets attached to our
-         * module-wide pool.  We do the create/destroy every time we're called
-         * in non-request context; this avoids leaking memory in some of
-         * the subsequent calls that allocate memory only once (such as the
-         * key formation below).
-         *
-         * Make a new sub-pool and copy any existing trace to it.  Point the
-         * trace cell at the copied value.
-         */
-        p = ap_make_sub_pool(example_pool);
-        if (trace != NULL) {
-            trace = ap_pstrdup(p, trace);
-        }
-        /*
-         * Now, if we have a sub-pool from before, nuke it and replace with
-         * the one we just allocated.
-         */
-        if (example_subpool != NULL) {
-            ap_destroy_pool(example_subpool);
-        }
-        example_subpool = p;
-        trace_copy = trace;
-    }
-    /*
-     * If we weren't passed a configuration record, we can't figure out to
-     * what location this call applies.  This only happens for co-routines
-     * that don't operate in a particular directory or server context.  If we
-     * got a valid record, extract the location (directory or server) to which
-     * it applies.
-     */
-    where = (mconfig != NULL) ? mconfig->loc : "nowhere";
-    where = (where != NULL) ? where : "";
-    /*
-     * Now, if we're not in request context, see if we've been called with
-     * this particular combination before.  The table is allocated in the
-     * module's private pool, which doesn't get destroyed.
-     */
-    if (r == NULL) {
-        char *key;
-
-        key = ap_pstrcat(p, note, ":", where, NULL);
-        if (ap_table_get(static_calls_made, key) != NULL) {
-            /*
-             * Been here, done this.
-             */
-            return;
-        }
-        else {
-            /*
-             * First time for this combination of routine and environment -
-             * log it so we don't do it again.
-             */
-            ap_table_set(static_calls_made, key, "been here");
-        }
-    }
-    addon = ap_pstrcat(p, "   <LI>\n", "    <DL>\n", "     <DT><SAMP>",
-                    note, "</SAMP>\n", "     </DT>\n", "     <DD><SAMP>[",
-                    where, "]</SAMP>\n", "     </DD>\n", "    </DL>\n",
-                    "   </LI>\n", NULL);
-    sofar = (trace_copy == NULL) ? "" : trace_copy;
-    trace_copy = ap_pstrcat(p, sofar, addon, NULL);
-    if (r != NULL) {
-        ap_table_set(r->notes, TRACE_NOTE, trace_copy);
-    }
-    else {
-        trace = trace_copy;
-    }
-    /*
-     * You *could* change the following if you wanted to see the calling
-     * sequence reported in the server's error_log, but beware - almost all of
-     * these co-routines are called for every single request, and the impact
-     * on the size (and readability) of the error_log is considerable.
-     */
-#define EXAMPLE_LOG_EACH 0
-#if EXAMPLE_LOG_EACH
-    if (s != NULL) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, s, "mod_example: %s", note);
-    }
-#endif
-}
-
-/*--------------------------------------------------------------------------*/
-/* We prototyped the various syntax for command handlers (routines that     */
-/* are called when the configuration parser detects a directive declared    */
-/* by our module) earlier.  Now we actually declare a "real" routine that   */
-/* will be invoked by the parser when our "real" directive is               */
-/* encountered.                                                             */
-/*                                                                          */
-/* If a command handler encounters a problem processing the directive, it   */
-/* signals this fact by returning a non-NULL pointer to a string            */
-/* describing the problem.                                                  */
-/*                                                                          */
-/* The magic return value DECLINE_CMD is used to deal with directives       */
-/* that might be declared by multiple modules.  If the command handler      */
-/* returns NULL, the directive was processed; if it returns DECLINE_CMD,    */
-/* the next module (if any) that declares the directive is given a chance   */
-/* at it.  If it returns any other value, it's treated as the text of an    */
-/* error message.                                                           */
-/*--------------------------------------------------------------------------*/
-/* 
- * Command handler for the NO_ARGS "Example" directive.  All we do is mark the
- * call in the trace log, and flag the applicability of the directive to the
- * current location in that location's configuration record.
- */
-static const char *cmd_example(cmd_parms *cmd, void *mconfig)
-{
-
-    excfg *cfg = (excfg *) mconfig;
-
-    /*
-     * "Example Wuz Here"
-     */
-    cfg->local = 1;
-    trace_add(cmd->server, NULL, cfg, "cmd_example()");
-    return NULL;
-}
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Now we declare our content handlers, which are invoked when the server   */
-/* encounters a document which our module is supposed to have a chance to   */
-/* see.  (See mod_mime's SetHandler and AddHandler directives, and the      */
-/* mod_info and mod_status examples, for more details.)                     */
-/*                                                                          */
-/* Since content handlers are dumping data directly into the connexion      */
-/* (using the r*() routines, such as rputs() and rprintf()) without         */
-/* intervention by other parts of the server, they need to make             */
-/* sure any accumulated HTTP headers are sent first.  This is done by       */
-/* calling send_http_header().  Otherwise, no header will be sent at all,   */
-/* and the output sent to the client will actually be HTTP-uncompliant.     */
-/*--------------------------------------------------------------------------*/
-/* 
- * Sample content handler.  All this does is display the call list that has
- * been built up so far.
- *
- * The return value instructs the caller concerning what happened and what to
- * do next:
- *  OK ("we did our thing")
- *  DECLINED ("this isn't something with which we want to get involved")
- *  HTTP_mumble ("an error status should be reported")
- */
-static int example_handler(request_rec *r)
-{
-
-    excfg *dcfg;
-
-    dcfg = our_dconfig(r);
-    trace_add(r->server, r, dcfg, "example_handler()");
-    /*
-     * We're about to start sending content, so we need to force the HTTP
-     * headers to be sent at this point.  Otherwise, no headers will be sent
-     * at all.  We can set any we like first, of course.  **NOTE** Here's
-     * where you set the "Content-type" header, and you do so by putting it in
-     * r->content_type, *not* r->headers_out("Content-type").  If you don't
-     * set it, it will be filled in with the server's default type (typically
-     * "text/plain").  You *must* also ensure that r->content_type is lower
-     * case.
-     *
-     * We also need to start a timer so the server can know if the connexion
-     * is broken.
-     */
-    r->content_type = "text/html";
-
-    ap_soft_timeout("send example call trace", r);
-    ap_send_http_header(r);
-
-    /*
-     * If we're only supposed to send header information (HEAD request), we're
-     * already there.
-     */
-    if (r->header_only) {
-        ap_kill_timeout(r);
-        return OK;
-    }
-
-    /*
-     * Now send our actual output.  Since we tagged this as being
-     * "text/html", we need to embed any HTML.
-     */
-    ap_rputs(DOCTYPE_HTML_3_2, r);
-    ap_rputs("<HTML>\n", r);
-    ap_rputs(" <HEAD>\n", r);
-    ap_rputs("  <TITLE>mod_example Module Content-Handler Output\n", r);
-    ap_rputs("  </TITLE>\n", r);
-    ap_rputs(" </HEAD>\n", r);
-    ap_rputs(" <BODY>\n", r);
-    ap_rputs("  <H1><SAMP>mod_example</SAMP> Module Content-Handler Output\n", r);
-    ap_rputs("  </H1>\n", r);
-    ap_rputs("  <P>\n", r);
-    ap_rprintf(r, "  Apache HTTP Server version: \"%s\"\n",
-	    ap_get_server_version());
-    ap_rputs("  </P>\n", r);
-    ap_rputs("  <P>\n", r);
-    ap_rputs("  The format for the callback trace is:\n", r);
-    ap_rputs("  </P>\n", r);
-    ap_rputs("  <DL>\n", r);
-    ap_rputs("   <DT><EM>n</EM>.<SAMP>&lt;routine-name&gt;", r);
-    ap_rputs("(&lt;routine-data&gt;)</SAMP>\n", r);
-    ap_rputs("   </DT>\n", r);
-    ap_rputs("   <DD><SAMP>[&lt;applies-to&gt;]</SAMP>\n", r);
-    ap_rputs("   </DD>\n", r);
-    ap_rputs("  </DL>\n", r);
-    ap_rputs("  <P>\n", r);
-    ap_rputs("  The <SAMP>&lt;routine-data&gt;</SAMP> is supplied by\n", r);
-    ap_rputs("  the routine when it requests the trace,\n", r);
-    ap_rputs("  and the <SAMP>&lt;applies-to&gt;</SAMP> is extracted\n", r);
-    ap_rputs("  from the configuration record at the time of the trace.\n", r);
-    ap_rputs("  <STRONG>SVR()</STRONG> indicates a server environment\n", r);
-    ap_rputs("  (blank means the main or default server, otherwise it's\n", r);
-    ap_rputs("  the name of the VirtualHost); <STRONG>DIR()</STRONG>\n", r);
-    ap_rputs("  indicates a location in the URL or filesystem\n", r);
-    ap_rputs("  namespace.\n", r);
-    ap_rputs("  </P>\n", r);
-    ap_rprintf(r, "  <H2>Static callbacks so far:</H2>\n  <OL>\n%s  </OL>\n",
-            trace);
-    ap_rputs("  <H2>Request-specific callbacks so far:</H2>\n", r);
-    ap_rprintf(r, "  <OL>\n%s  </OL>\n", ap_table_get(r->notes, TRACE_NOTE));
-    ap_rputs("  <H2>Environment for <EM>this</EM> call:</H2>\n", r);
-    ap_rputs("  <UL>\n", r);
-    ap_rprintf(r, "   <LI>Applies-to: <SAMP>%s</SAMP>\n   </LI>\n", dcfg->loc);
-    ap_rprintf(r, "   <LI>\"Example\" directive declared here: %s\n   </LI>\n",
-            (dcfg->local ? "YES" : "NO"));
-    ap_rprintf(r, "   <LI>\"Example\" inherited: %s\n   </LI>\n",
-            (dcfg->congenital ? "YES" : "NO"));
-    ap_rputs("  </UL>\n", r);
-    ap_rputs(" </BODY>\n", r);
-    ap_rputs("</HTML>\n", r);
-    /*
-     * We're all done, so cancel the timeout we set.  Since this is probably
-     * the end of the request we *could* assume this would be done during
-     * post-processing - but it's possible that another handler might be
-     * called and inherit our outstanding timer.  Not good; to each its own.
-     */
-    ap_kill_timeout(r);
-    /*
-     * We did what we wanted to do, so tell the rest of the server we
-     * succeeded.
-     */
-    return OK;
-}
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Now let's declare routines for each of the callback phase in order.      */
-/* (That's the order in which they're listed in the callback list, *not     */
-/* the order in which the server calls them!  See the command_rec           */
-/* declaration near the bottom of this file.)  Note that these may be       */
-/* called for situations that don't relate primarily to our function - in   */
-/* other words, the fixup handler shouldn't assume that the request has     */
-/* to do with "example" stuff.                                              */
-/*                                                                          */
-/* With the exception of the content handler, all of our routines will be   */
-/* called for each request, unless an earlier handler from another module   */
-/* aborted the sequence.                                                    */
-/*                                                                          */
-/* Handlers that are declared as "int" can return the following:            */
-/*                                                                          */
-/*  OK          Handler accepted the request and did its thing with it.     */
-/*  DECLINED    Handler took no action.                                     */
-/*  HTTP_mumble Handler looked at request and found it wanting.             */
-/*                                                                          */
-/* What the server does after calling a module handler depends upon the     */
-/* handler's return value.  In all cases, if the handler returns            */
-/* DECLINED, the server will continue to the next module with an handler    */
-/* for the current phase.  However, if the handler return a non-OK,         */
-/* non-DECLINED status, the server aborts the request right there.  If      */
-/* the handler returns OK, the server's next action is phase-specific;      */
-/* see the individual handler comments below for details.                   */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-/* 
- * This function is called during server initialisation.  Any information
- * that needs to be recorded must be in static cells, since there's no
- * configuration record.
- *
- * There is no return value.
- */
-
-/*
- * All our module-initialiser does is add its trace to the log.
- */
-static void example_init(server_rec *s, pool *p)
-{
-
-    char *note;
-    char *sname = s->server_hostname;
-
-    /*
-     * Set up any module cells that ought to be initialised.
-     */
-    setup_module_cells();
-    /*
-     * The arbitrary text we add to our trace entry indicates for which server
-     * we're being called.
-     */
-    sname = (sname != NULL) ? sname : "";
-    note = ap_pstrcat(p, "example_init(", sname, ")", NULL);
-    trace_add(s, NULL, NULL, note);
-}
-
-/* 
- * This function is called during server initialisation when an heavy-weight
- * process (such as a child) is being initialised.  As with the
- * module-initialisation function, any information that needs to be recorded
- * must be in static cells, since there's no configuration record.
- *
- * There is no return value.
- */
-
-/*
- * All our process-initialiser does is add its trace to the log.
- */
-static void example_child_init(server_rec *s, pool *p)
-{
-
-    char *note;
-    char *sname = s->server_hostname;
-
-    /*
-     * Set up any module cells that ought to be initialised.
-     */
-    setup_module_cells();
-    /*
-     * The arbitrary text we add to our trace entry indicates for which server
-     * we're being called.
-     */
-    sname = (sname != NULL) ? sname : "";
-    note = ap_pstrcat(p, "example_child_init(", sname, ")", NULL);
-    trace_add(s, NULL, NULL, note);
-}
-
-/* 
- * This function is called when an heavy-weight process (such as a child) is
- * being run down or destroyed.  As with the child-initialisation function,
- * any information that needs to be recorded must be in static cells, since
- * there's no configuration record.
- *
- * There is no return value.
- */
-
-/*
- * All our process-death routine does is add its trace to the log.
- */
-static void example_child_exit(server_rec *s, pool *p)
-{
-
-    char *note;
-    char *sname = s->server_hostname;
-
-    /*
-     * The arbitrary text we add to our trace entry indicates for which server
-     * we're being called.
-     */
-    sname = (sname != NULL) ? sname : "";
-    note = ap_pstrcat(p, "example_child_exit(", sname, ")", NULL);
-    trace_add(s, NULL, NULL, note);
-}
-
-/*
- * This function gets called to create a per-directory configuration
- * record.  This will be called for the "default" server environment, and for
- * each directory for which the parser finds any of our directives applicable.
- * If a directory doesn't have any of our directives involved (i.e., they
- * aren't in the .htaccess file, or a <Location>, <Directory>, or related
- * block), this routine will *not* be called - the configuration for the
- * closest ancestor is used.
- *
- * The return value is a pointer to the created module-specific
- * structure.
- */
-static void *example_create_dir_config(pool *p, char *dirspec)
-{
-
-    excfg *cfg;
-    char *dname = dirspec;
-
-    /*
-     * Allocate the space for our record from the pool supplied.
-     */
-    cfg = (excfg *) ap_pcalloc(p, sizeof(excfg));
-    /*
-     * Now fill in the defaults.  If there are any `parent' configuration
-     * records, they'll get merged as part of a separate callback.
-     */
-    cfg->local = 0;
-    cfg->congenital = 0;
-    cfg->cmode = CONFIG_MODE_DIRECTORY;
-    /*
-     * Finally, add our trace to the callback list.
-     */
-    dname = (dname != NULL) ? dname : "";
-    cfg->loc = ap_pstrcat(p, "DIR(", dname, ")", NULL);
-    trace_add(NULL, NULL, cfg, "example_create_dir_config()");
-    return (void *) cfg;
-}
-
-/*
- * This function gets called to merge two per-directory configuration
- * records.  This is typically done to cope with things like .htaccess files
- * or <Location> directives for directories that are beneath one for which a
- * configuration record was already created.  The routine has the
- * responsibility of creating a new record and merging the contents of the
- * other two into it appropriately.  If the module doesn't declare a merge
- * routine, the record for the closest ancestor location (that has one) is
- * used exclusively.
- *
- * The routine MUST NOT modify any of its arguments!
- *
- * The return value is a pointer to the created module-specific structure
- * containing the merged values.
- */
-static void *example_merge_dir_config(pool *p, void *parent_conf,
-                                      void *newloc_conf)
-{
-
-    excfg *merged_config = (excfg *) ap_pcalloc(p, sizeof(excfg));
-    excfg *pconf = (excfg *) parent_conf;
-    excfg *nconf = (excfg *) newloc_conf;
-    char *note;
-
-    /*
-     * Some things get copied directly from the more-specific record, rather
-     * than getting merged.
-     */
-    merged_config->local = nconf->local;
-    merged_config->loc = ap_pstrdup(p, nconf->loc);
-    /*
-     * Others, like the setting of the `congenital' flag, get ORed in.  The
-     * setting of that particular flag, for instance, is TRUE if it was ever
-     * true anywhere in the upstream configuration.
-     */
-    merged_config->congenital = (pconf->congenital | pconf->local);
-    /*
-     * If we're merging records for two different types of environment (server
-     * and directory), mark the new record appropriately.  Otherwise, inherit
-     * the current value.
-     */
-    merged_config->cmode =
-        (pconf->cmode == nconf->cmode) ? pconf->cmode : CONFIG_MODE_COMBO;
-    /*
-     * Now just record our being called in the trace list.  Include the
-     * locations we were asked to merge.
-     */
-    note = ap_pstrcat(p, "example_merge_dir_config(\"", pconf->loc, "\",\"",
-                   nconf->loc, "\")", NULL);
-    trace_add(NULL, NULL, merged_config, note);
-    return (void *) merged_config;
-}
-
-/*
- * This function gets called to create a per-server configuration
- * record.  It will always be called for the "default" server.
- *
- * The return value is a pointer to the created module-specific
- * structure.
- */
-static void *example_create_server_config(pool *p, server_rec *s)
-{
-
-    excfg *cfg;
-    char *sname = s->server_hostname;
-
-    /*
-     * As with the example_create_dir_config() reoutine, we allocate and fill
-     * in an empty record.
-     */
-    cfg = (excfg *) ap_pcalloc(p, sizeof(excfg));
-    cfg->local = 0;
-    cfg->congenital = 0;
-    cfg->cmode = CONFIG_MODE_SERVER;
-    /*
-     * Note that we were called in the trace list.
-     */
-    sname = (sname != NULL) ? sname : "";
-    cfg->loc = ap_pstrcat(p, "SVR(", sname, ")", NULL);
-    trace_add(s, NULL, cfg, "example_create_server_config()");
-    return (void *) cfg;
-}
-
-/*
- * This function gets called to merge two per-server configuration
- * records.  This is typically done to cope with things like virtual hosts and
- * the default server configuration  The routine has the responsibility of
- * creating a new record and merging the contents of the other two into it
- * appropriately.  If the module doesn't declare a merge routine, the more
- * specific existing record is used exclusively.
- *
- * The routine MUST NOT modify any of its arguments!
- *
- * The return value is a pointer to the created module-specific structure
- * containing the merged values.
- */
-static void *example_merge_server_config(pool *p, void *server1_conf,
-                                         void *server2_conf)
-{
-
-    excfg *merged_config = (excfg *) ap_pcalloc(p, sizeof(excfg));
-    excfg *s1conf = (excfg *) server1_conf;
-    excfg *s2conf = (excfg *) server2_conf;
-    char *note;
-
-    /*
-     * Our inheritance rules are our own, and part of our module's semantics.
-     * Basically, just note whence we came.
-     */
-    merged_config->cmode =
-        (s1conf->cmode == s2conf->cmode) ? s1conf->cmode : CONFIG_MODE_COMBO;
-    merged_config->local = s2conf->local;
-    merged_config->congenital = (s1conf->congenital | s1conf->local);
-    merged_config->loc = ap_pstrdup(p, s2conf->loc);
-    /*
-     * Trace our call, including what we were asked to merge.
-     */
-    note = ap_pstrcat(p, "example_merge_server_config(\"", s1conf->loc, "\",\"",
-                   s2conf->loc, "\")", NULL);
-    trace_add(NULL, NULL, merged_config, note);
-    return (void *) merged_config;
-}
-
-/*
- * This routine is called after the request has been read but before any other
- * phases have been processed.  This allows us to make decisions based upon
- * the input header fields.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, no
- * further modules are called for this phase.
- */
-static int example_post_read_request(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * We don't actually *do* anything here, except note the fact that we were
-     * called.
-     */
-    trace_add(r->server, r, cfg, "example_post_read_request()");
-    return DECLINED;
-}
-
-/*
- * This routine gives our module an opportunity to translate the URI into an
- * actual filename.  If we don't do anything special, the server's default
- * rules (Alias directives and the like) will continue to be followed.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, no
- * further modules are called for this phase.
- */
-static int example_translate_handler(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * We don't actually *do* anything here, except note the fact that we were
-     * called.
-     */
-    trace_add(r->server, r, cfg, "example_translate_handler()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to check the authentication information sent with
- * the request (such as looking up the user in a database and verifying that
- * the [encrypted] password sent matches the one in the database).
- *
- * The return value is OK, DECLINED, or some HTTP_mumble error (typically
- * HTTP_UNAUTHORIZED).  If we return OK, no other modules are given a chance
- * at the request during this phase.
- */
-static int example_check_user_id(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * Don't do anything except log the call.
-     */
-    trace_add(r->server, r, cfg, "example_check_user_id()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to check to see if the resource being requested
- * requires authorisation.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, no
- * other modules are called during this phase.
- *
- * If *all* modules return DECLINED, the request is aborted with a server
- * error.
- */
-static int example_auth_checker(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * Log the call and return OK, or access will be denied (even though we
-     * didn't actually do anything).
-     */
-    trace_add(r->server, r, cfg, "example_auth_checker()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to check for any module-specific restrictions placed
- * upon the requested resource.  (See the mod_access module for an example.)
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  All modules with an
- * handler for this phase are called regardless of whether their predecessors
- * return OK or DECLINED.  The first one to return any other status, however,
- * will abort the sequence (and the request) as usual.
- */
-static int example_access_checker(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    trace_add(r->server, r, cfg, "example_access_checker()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to determine and/or set the various document type
- * information bits, like Content-type (via r->content_type), language, et
- * cetera.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, no
- * further modules are given a chance at the request for this phase.
- */
-static int example_type_checker(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * Log the call, but don't do anything else - and report truthfully that
-     * we didn't do anything.
-     */
-    trace_add(r->server, r, cfg, "example_type_checker()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to perform any module-specific fixing of header
- * fields, et cetera.  It is invoked just before any content-handler.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, the
- * server will still call any remaining modules with an handler for this
- * phase.
- */
-static int example_fixer_upper(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * Log the call and exit.
-     */
-    trace_add(r->server, r, cfg, "example_fixer_upper()");
-    return OK;
-}
-
-/*
- * This routine is called to perform any module-specific logging activities
- * over and above the normal server things.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, any
- * remaining modules with an handler for this phase will still be called.
- */
-static int example_logger(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    trace_add(r->server, r, cfg, "example_logger()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to give the module a chance to look at the request
- * headers and take any appropriate specific actions early in the processing
- * sequence.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, any
- * remaining modules with handlers for this phase will still be called.
- */
-static int example_header_parser(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    trace_add(r->server, r, cfg, "example_header_parser()");
-    return DECLINED;
-}
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* All of the routines have been declared now.  Here's the list of          */
-/* directives specific to our module, and information about where they      */
-/* may appear and how the command parser should pass them to us for         */
-/* processing.  Note that care must be taken to ensure that there are NO    */
-/* collisions of directive names between modules.                           */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-/* 
- * List of directives specific to our module.
- */
-static const command_rec example_cmds[] =
-{
-    {
-        "Example",              /* directive name */
-        cmd_example,            /* config action routine */
-        NULL,                   /* argument to include in call */
-        OR_OPTIONS,             /* where available */
-        NO_ARGS,                /* arguments */
-        "Example directive - no arguments"
-                                /* directive description */
-    },
-    {NULL}
-};
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Now the list of content handlers available from this module.             */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-/* 
- * List of content handlers our module supplies.  Each handler is defined by
- * two parts: a name by which it can be referenced (such as by
- * {Add,Set}Handler), and the actual routine name.  The list is terminated by
- * a NULL block, since it can be of variable length.
- *
- * Note that content-handlers are invoked on a most-specific to least-specific
- * basis; that is, a handler that is declared for "text/plain" will be
- * invoked before one that was declared for "text / *".  Note also that
- * if a content-handler returns anything except DECLINED, no other
- * content-handlers will be called.
- */
-static const handler_rec example_handlers[] =
-{
-    {"example-handler", example_handler},
-    {NULL}
-};
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Finally, the list of callback routines and data structures that          */
-/* provide the hooks into our module from the other parts of the server.    */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-/* 
- * Module definition for configuration.  If a particular callback is not
- * needed, replace its routine name below with the word NULL.
- *
- * The number in brackets indicates the order in which the routine is called
- * during request processing.  Note that not all routines are necessarily
- * called (such as if a resource doesn't have access restrictions).
- */
-module MODULE_VAR_EXPORT example_module =
-{
-    STANDARD_MODULE_STUFF,
-    example_init,               /* module initializer */
-    example_create_dir_config,  /* per-directory config creator */
-    example_merge_dir_config,   /* dir config merger */
-    example_create_server_config,       /* server config creator */
-    example_merge_server_config,        /* server config merger */
-    example_cmds,               /* command table */
-    example_handlers,           /* [9] list of handlers */
-    example_translate_handler,  /* [2] filename-to-URI translation */
-    example_check_user_id,      /* [5] check/validate user_id */
-    example_auth_checker,       /* [6] check user_id is valid *here* */
-    example_access_checker,     /* [4] check access by host address */
-    example_type_checker,       /* [7] MIME type checker/setter */
-    example_fixer_upper,        /* [8] fixups */
-    example_logger,             /* [10] logger */
-#if MODULE_MAGIC_NUMBER >= 19970103
-    example_header_parser,      /* [3] header parser */
-#endif
-#if MODULE_MAGIC_NUMBER >= 19970719
-    example_child_init,         /* process initializer */
-#endif
-#if MODULE_MAGIC_NUMBER >= 19970728
-    example_child_exit,         /* process exit/cleanup */
-#endif
-#if MODULE_MAGIC_NUMBER >= 19970902
-    example_post_read_request   /* [1] post read_request handling */
-#endif
-};
diff --git a/usr.sbin/httpd/src/modules/experimental/.indent.pro b/usr.sbin/httpd/src/modules/experimental/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/modules/experimental/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/modules/experimental/Makefile.tmpl b/usr.sbin/httpd/src/modules/experimental/Makefile.tmpl
deleted file mode 100644
index cd9d415c8be..00000000000
--- a/usr.sbin/httpd/src/modules/experimental/Makefile.tmpl
+++ /dev/null
@@ -1,23 +0,0 @@
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_mmap_static.o: mod_mmap_static.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h
-mod_auth_digest.o: mod_auth_digest.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/util_md5.h \
- $(INCDIR)/ap_md5.h
diff --git a/usr.sbin/httpd/src/modules/experimental/mod_auth_digest.c b/usr.sbin/httpd/src/modules/experimental/mod_auth_digest.c
deleted file mode 100644
index 3aaef8eb29d..00000000000
--- a/usr.sbin/httpd/src/modules/experimental/mod_auth_digest.c
+++ /dev/null
@@ -1,1534 +0,0 @@
-/*	$OpenBSD: mod_auth_digest.c,v 1.23 2013/08/22 04:43:41 guenther Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_auth_digest: MD5 digest authentication
- *
- * Originally by Alexei Kosut <akosut@nueva.pvt.k12.ca.us>
- * Updated to RFC-2617 by Ronald Tschal�r <ronald@innovation.ch>
- * based on mod_auth, by Rob McCool and Robert S. Thau
- *
- * This module an updated version of modules/standard/mod_digest.c
- * However, it has not been extensively tested yet, and is therefore
- * currently marked experimental. Send problem reports to me
- * (ronald@innovation.ch)
- *
- * Requires either /dev/random (or equivalent) or the truerand library,
- * available for instance from
- * ftp://research.att.com/dist/mab/librand.shar
- *
- * Open Issues:
- *   - qop=auth-int (when streams and trailer support available)
- *   - nonce-format configurability
- *   - Proxy-Authorization-Info header is set by this module, but is
- *     currently ignored by mod_proxy (needs patch to mod_proxy)
- *   - generating the secret takes a while (~ 8 seconds) if using the
- *     truerand library
- *   - The source of the secret should be run-time directive (with server
- *     scope: RSRC_CONF). However, that could be tricky when trying to
- *     choose truerand vs. file...
- *   - shared-mem not completely tested yet. Seems to work ok for me,
- *     but... (definitely won't work on Windoze)
- *   - Sharing a realm among multiple servers has following problems:
- *     o Server name and port can't be included in nonce-hash
- *       (we need two nonce formats, which must be configured explicitly)
- *     o Nonce-count check can't be for equal, or then nonce-count checking
- *       must be disabled. What we could do is the following:
- *       (expected < received) ? set expected = received : issue error
- *       The only problem is that it allows replay attacks when somebody
- *       captures a packet sent to one server and sends it to another
- *       one. Should we add "AuthDigestNcCheck Strict"?
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_core.h"
-#include "http_request.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include "ap_config.h"
-#include "ap_ctype.h"
-#include "util_uri.h"
-#include "util_md5.h"
-#include "ap_sha1.h"
-
-
-/* struct to hold the configuration info */
-
-typedef struct digest_config_struct {
-    const char  *dir_name;
-    const char  *pwfile;
-    const char  *grpfile;
-    const char  *realm;
-    const char **qop_list;
-    AP_SHA1_CTX  nonce_ctx;
-    long         nonce_lifetime;
-    const char  *nonce_format;
-    int          check_nc;
-    const char  *algorithm;
-    char        *uri_list;
-    const char  *ha1;
-} digest_config_rec;
-
-
-#define	DFLT_ALGORITHM	"MD5"
-
-#define	DFLT_NONCE_LIFE	300L
-#define NEXTNONCE_DELTA	30
-
-
-#define NONCE_TIME_LEN	(((sizeof(time_t)+2)/3)*4)
-#define NONCE_HASH_LEN	(2*SHA_DIGESTSIZE)
-#define NONCE_LEN	(NONCE_TIME_LEN + NONCE_HASH_LEN)
-
-#define	SECRET_LEN	20
-
-
-/* client list definitions */
-
-typedef struct hash_entry {
-    unsigned long      key;			/* the key for this entry    */
-    struct hash_entry *next;			/* next entry in the bucket  */
-    unsigned long      nonce_count;		/* for nonce-count checking  */
-    char               ha1[2*MD5_DIGESTSIZE+1];	/* for algorithm=MD5-sess    */
-    char               last_nonce[NONCE_LEN+1];	/* for one-time nonce's      */
-} client_entry;
-
-static struct hash_table {
-    client_entry  **table;
-    unsigned long   tbl_len;
-    unsigned long   num_entries;
-    unsigned long   num_created;
-    unsigned long   num_removed;
-    unsigned long   num_renewed;
-} *client_list;
-
-
-/* struct to hold a parsed Authorization header */
-
-enum hdr_sts { NO_HEADER, NOT_DIGEST, INVALID, VALID };
-
-typedef struct digest_header_struct {
-    const char           *scheme;
-    const char           *realm;
-    const char           *username;
-          char           *nonce;
-    const char           *uri;
-    const char           *digest;
-    const char           *algorithm;
-    const char           *cnonce;
-    const char           *opaque;
-    unsigned long         opaque_num;
-    const char           *message_qop;
-    const char           *nonce_count;
-    /* the following fields are not (directly) from the header */
-    time_t                nonce_time;
-    enum hdr_sts          auth_hdr_sts;
-    const char           *raw_request_uri;
-    uri_components       *psd_request_uri;
-    int                   needed_auth;
-    client_entry         *client;
-} digest_header_rec;
-
-
-/* (mostly) nonce stuff */
-
-typedef union time_union {
-    time_t	  time;
-    unsigned char arr[sizeof(time_t)];
-} time_rec;
-
-
-static unsigned char secret[SECRET_LEN];
-static int call_cnt = 0;
-
-
-static void          *client_mm = NULL;
-
-module MODULE_VAR_EXPORT digest_auth_module;
-
-/*
- * initialization code
- */
-
-static void initialize_secret(server_rec *s)
-{
-    u_int32_t rnd = 0, i;
-
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s,
-		 "Digest: generating secret for digest authentication ...");
-
-    for (i = 0; i < sizeof(secret); i++) {
-	if (i % 4 == 0)
-	    rnd = arc4random();
-	secret[i] = rnd;
-	rnd >>= 8;
-    }
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s,
-		 "Digest: done");
-}
-
-static void initialize_module(server_rec *s, pool *p)
-{
-    /* keep from doing the init more than once at startup, and delay
-     * the init until the second round
-     */
-    if (++call_cnt < 2)
-	return;
-
-    /* only initialize the secret on startup, not on restarts */
-    if (call_cnt == 2)
-	initialize_secret(s);
-}
-
-
-/*
- * configuration code
- */
-
-static void *create_digest_dir_config(pool *p, char *dir)
-{
-    digest_config_rec *conf;
-
-    if (dir == NULL)  return NULL;
-
-    conf = (digest_config_rec *) ap_pcalloc(p, sizeof(digest_config_rec));
-    if (conf) {
-	conf->qop_list       = ap_palloc(p, sizeof(char*));
-	conf->qop_list[0]    = NULL;
-	conf->nonce_lifetime = DFLT_NONCE_LIFE;
-	conf->dir_name       = ap_pstrdup(p, dir);
-	conf->algorithm      = DFLT_ALGORITHM;
-    }
-
-    return conf;
-}
-
-static const char *set_realm(cmd_parms *cmd, void *config, const char *realm)
-{
-    digest_config_rec *conf = (digest_config_rec *) config;
-
-    /* The core already handles the realm, but it's just too convenient to
-     * grab it ourselves too and cache some setups. However, we need to
-     * let the core get at it too, which is why we decline at the end -
-     * this relies on the fact that http_core is last in the list.
-     */
-    conf->realm = realm;
-
-    /* we precompute the part of the nonce hash that is constant (well,
-     * the host:port would be too, but that varies for .htaccess files
-     * and directives outside a virtual host section)
-     */
-    ap_SHA1Init(&conf->nonce_ctx);
-    ap_SHA1Update_binary(&conf->nonce_ctx, secret, sizeof(secret));
-    ap_SHA1Update_binary(&conf->nonce_ctx, (const unsigned char *) realm,
-			 strlen(realm));
-
-    return DECLINE_CMD;
-}
-
-static const char *set_digest_file(cmd_parms *cmd, void *config,
-				   const char *file)
-{
-    ((digest_config_rec *) config)->pwfile = file;
-    ap_server_strip_chroot(((digest_config_rec *) config)->pwfile, 1);
-    return NULL;
-}
-
-static const char *set_group_file(cmd_parms *cmd, void *config,
-				  const char *file)
-{
-    ((digest_config_rec *) config)->grpfile = file;
-    ap_server_strip_chroot(((digest_config_rec *) config)->grpfile, 1);
-    return NULL;
-}
-
-static const char *set_qop(cmd_parms *cmd, void *config, const char *op)
-{
-    digest_config_rec *conf = (digest_config_rec *) config;
-    char **tmp;
-    int cnt;
-
-    if (!strcasecmp(op, "none")) {
-	if (conf->qop_list[0] == NULL) {
-	    conf->qop_list = ap_palloc(cmd->pool, 2 * sizeof(char*));
-	    conf->qop_list[1] = NULL;
-	}
-	conf->qop_list[0] = "none";
-	return NULL;
-    }
-
-    if (!strcasecmp(op, "auth-int"))
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, cmd->server,
-		     "Digest: WARNING: qop `auth-int' currently only works "
-		     "correctly for responses with no entity");
-    else if (strcasecmp(op, "auth"))
-	return ap_pstrcat(cmd->pool, "Unrecognized qop: ", op, NULL);
-
-    for (cnt=0; conf->qop_list[cnt] != NULL; cnt++)
-	;
-    tmp = ap_palloc(cmd->pool, (cnt+2)*sizeof(char*));
-    memcpy(tmp, conf->qop_list, cnt*sizeof(char*));
-    tmp[cnt]   = ap_pstrdup(cmd->pool, op);
-    tmp[cnt+1] = NULL;
-    conf->qop_list = (const char **)tmp;
-
-    return NULL;
-}
-
-static const char *set_nonce_lifetime(cmd_parms *cmd, void *config,
-				      const char *t)
-{
-    char *endptr;
-    long  lifetime;
-
-    lifetime = ap_strtol(t, &endptr, 10);
-    if (endptr < (t+strlen(t)) && !ap_isspace(*endptr))
-	return ap_pstrcat(cmd->pool, "Invalid time in AuthDigestNonceLifetime: ", t, NULL);
-
-    ((digest_config_rec *) config)->nonce_lifetime = lifetime;
-    return NULL;
-}
-
-static const char *set_nonce_format(cmd_parms *cmd, void *config,
-				    const char *fmt)
-{
-    ((digest_config_rec *) config)->nonce_format = fmt;
-    return "AuthDigestNonceFormat is not implemented (yet)";
-}
-
-static const char *set_nc_check(cmd_parms *cmd, void *config, int flag)
-{
-    ((digest_config_rec *) config)->check_nc = flag;
-    return NULL;
-}
-
-static const char *set_algorithm(cmd_parms *cmd, void *config, const char *alg)
-{
-    if (!strcasecmp(alg, "MD5-sess"))
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, cmd->server,
-		     "Digest: WARNING: algorithm `MD5-sess' is currently not "
-		     "correctly implemented");
-    else if (strcasecmp(alg, "MD5"))
-	return ap_pstrcat(cmd->pool, "Invalid algorithm in AuthDigestAlgorithm: ", alg, NULL);
-
-    ((digest_config_rec *) config)->algorithm = alg;
-    return NULL;
-}
-
-static const char *set_uri_list(cmd_parms *cmd, void *config, const char *uri)
-{
-    digest_config_rec *c = (digest_config_rec *) config;
-    if (c->uri_list) {
-	c->uri_list[strlen(c->uri_list)-1] = '\0';
-	c->uri_list = ap_pstrcat(cmd->pool, c->uri_list, " ", uri, "\"", NULL);
-    }
-    else
-	c->uri_list = ap_pstrcat(cmd->pool, ", domain=\"", uri, "\"", NULL);
-    return NULL;
-}
-
-static const command_rec digest_cmds[] =
-{
-    {"AuthName", set_realm, NULL, OR_AUTHCFG, TAKE1,
-     "The authentication realm (e.g. \"Members Only\")"},
-    {"AuthDigestFile", set_digest_file, NULL, OR_AUTHCFG, TAKE1,
-     "The name of the file containing the usernames and password hashes"},
-    {"AuthDigestGroupFile", set_group_file, NULL, OR_AUTHCFG, TAKE1,
-     "The name of the file containing the group names and members"},
-    {"AuthDigestQop", set_qop, NULL, OR_AUTHCFG, ITERATE,
-     "A list of quality-of-protection options"},
-    {"AuthDigestNonceLifetime", set_nonce_lifetime, NULL, OR_AUTHCFG, TAKE1,
-     "Maximum lifetime of the server nonce (seconds)"},
-    {"AuthDigestNonceFormat", set_nonce_format, NULL, OR_AUTHCFG, TAKE1,
-     "The format to use when generating the server nonce"},
-    {"AuthDigestNcCheck", set_nc_check, NULL, OR_AUTHCFG, FLAG,
-     "Whether or not to check the nonce-count sent by the client"},
-    {"AuthDigestAlgorithm", set_algorithm, NULL, OR_AUTHCFG, TAKE1,
-     "The algorithm used for the hash calculation"},
-    {"AuthDigestDomain", set_uri_list, NULL, OR_AUTHCFG, ITERATE,
-     "A list of URI's which belong to the same protection space as the current URI"},
-    {NULL, NULL, NULL, 0, 0, NULL}
-};
-
-static client_entry *get_client(unsigned long key, const request_rec *r)
-{
-    return NULL;
-}
-
-/*
- * Authorization header parser code
- */
-
-/* Parse the Authorization header, if it exists */
-static int get_digest_rec(request_rec *r, digest_header_rec *resp)
-{
-    const char *auth_line;
-    size_t l;
-    int vk = 0, vv = 0;
-    char *key, *value;
-
-    auth_line = ap_table_get(r->headers_in,
-			     r->proxyreq == STD_PROXY ? "Proxy-Authorization"
-						      : "Authorization");
-    if (!auth_line) {
-	resp->auth_hdr_sts = NO_HEADER;
-	return !OK;
-    }
-
-    resp->scheme = ap_getword_white(r->pool, &auth_line);
-    if (strcasecmp(resp->scheme, "Digest")) {
-	resp->auth_hdr_sts = NOT_DIGEST;
-	return !OK;
-    }
-
-    l = strlen(auth_line);
-
-    key   = ap_palloc(r->pool, l+1);
-    value = ap_palloc(r->pool, l+1);
-
-    while (auth_line[0] != '\0') {
-
-	/* find key */
-
-	while (ap_isspace(auth_line[0])) auth_line++;
-	vk = 0;
-	while (auth_line[0] != '=' && auth_line[0] != ','
-	       && auth_line[0] != '\0' && !ap_isspace(auth_line[0]))
-	    key[vk++] = *auth_line++;
-	key[vk] = '\0';
-	while (ap_isspace(auth_line[0])) auth_line++;
-
-	/* find value */
-
-	if (auth_line[0] == '=') {
-	    auth_line++;
-	    while (ap_isspace(auth_line[0])) auth_line++;
-
-	    vv = 0;
-	    if (auth_line[0] == '\"') {		/* quoted string */
-		auth_line++;
-		while (auth_line[0] != '\"' && auth_line[0] != '\0') {
-		    if (auth_line[0] == '\\' && auth_line[1] != '\0')
-			auth_line++;		/* escaped char */
-		    value[vv++] = *auth_line++;
-		}
-		if (auth_line[0] != '\0') auth_line++;
-	    }
-	    else {				 /* token */
-		while (auth_line[0] != ',' && auth_line[0] != '\0'
-		       && !ap_isspace(auth_line[0]))
-		    value[vv++] = *auth_line++;
-	    }
-	    value[vv] = '\0';
-	}
-
-	while (auth_line[0] != ',' && auth_line[0] != '\0')  auth_line++;
-	if (auth_line[0] != '\0') auth_line++;
-
-	if (!strcasecmp(key, "username"))
-	    resp->username = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "realm"))
-	    resp->realm = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "nonce"))
-	    resp->nonce = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "uri"))
-	    resp->uri = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "response"))
-	    resp->digest = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "algorithm"))
-	    resp->algorithm = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "cnonce"))
-	    resp->cnonce = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "opaque"))
-	    resp->opaque = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "qop"))
-	    resp->message_qop = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "nc"))
-	    resp->nonce_count = ap_pstrdup(r->pool, value);
-    }
-
-    if (!resp->username || !resp->realm || !resp->nonce || !resp->uri
-	|| !resp->digest
-	|| (resp->message_qop && (!resp->cnonce || !resp->nonce_count))) {
-	resp->auth_hdr_sts = INVALID;
-	return !OK;
-    }
-
-    if (resp->opaque)
-	resp->opaque_num = (unsigned long) ap_strtol(resp->opaque, NULL, 16);
-
-    resp->auth_hdr_sts = VALID;
-    return OK;
-}
-
-
-/* Because the browser may preemptively send auth info, incrementing the
- * nonce-count when it does, and because the client does not get notified
- * if the URI didn't need authentication after all, we need to be sure to
- * update the nonce-count each time we receive an Authorization header no
- * matter what the final outcome of the request. Furthermore this is a
- * convenient place to get the request-uri (before any subrequests etc
- * are initiated) and to initialize the request_config.
- *
- * Note that this must be called after mod_proxy had its go so that
- * r->proxyreq is set correctly.
- */
-static int update_nonce_count(request_rec *r)
-{
-    digest_header_rec *resp;
-    int res;
-
-    if (!ap_is_initial_req(r))
-	return DECLINED;
-
-    resp = ap_pcalloc(r->pool, sizeof(digest_header_rec));
-    resp->raw_request_uri = r->unparsed_uri;
-    resp->psd_request_uri = &r->parsed_uri;
-    resp->needed_auth = 0;
-    ap_set_module_config(r->request_config, &digest_auth_module, resp);
-
-    res = get_digest_rec(r, resp);
-    resp->client = get_client(resp->opaque_num, r);
-    if (res == OK && resp->client)
-	resp->client->nonce_count++;
-
-    return DECLINED;
-}
-
-
-/*
- * Nonce generation code
- */
-
-/* The hash part of the nonce is a SHA-1 hash of the time, realm, server host
- * and port, opaque, and our secret.
- */
-static void gen_nonce_hash(char *hash, const char *timestr, const char *opaque,
-			   const server_rec *server,
-			   const digest_config_rec *conf)
-{
-    const char *hex = "0123456789abcdef";
-    unsigned char sha1[SHA_DIGESTSIZE];
-    AP_SHA1_CTX ctx;
-    int idx;
-
-    memcpy(&ctx, &conf->nonce_ctx, sizeof(ctx));
-    /*
-    ap_SHA1Update_binary(&ctx, (const unsigned char *) server->server_hostname,
-			 strlen(server->server_hostname));
-    ap_SHA1Update_binary(&ctx, (const unsigned char *) &server->port,
-			 sizeof(server->port));
-     */
-    ap_SHA1Update_binary(&ctx, (const unsigned char *) timestr, strlen(timestr));
-    if (opaque)
-	ap_SHA1Update_binary(&ctx, (const unsigned char *) opaque,
-			     strlen(opaque));
-    ap_SHA1Final(sha1, &ctx);
-
-    for (idx=0; idx<SHA_DIGESTSIZE; idx++) {
-	*hash++ = hex[sha1[idx] >> 4];
-	*hash++ = hex[sha1[idx] & 0xF];
-    }
-
-    *hash++ = '\0';
-}
-
-
-/* The nonce has the format b64(time)+hash .
- */
-static const char *gen_nonce(pool *p, time_t now, const char *opaque,
-			     const server_rec *server,
-			     const digest_config_rec *conf)
-{
-    char *nonce = ap_palloc(p, NONCE_LEN+1);
-    time_rec t;
-
-    if (conf->nonce_lifetime != 0)
-	t.time = now;
-    else
-	t.time = 42;
-    ap_base64encode_binary(nonce, t.arr, sizeof(t.arr));
-    gen_nonce_hash(nonce+NONCE_TIME_LEN, nonce, opaque, server, conf);
-
-    return nonce;
-}
-
-
-/*
- * Opaque and hash-table management
- */
-
-static client_entry *gen_client(const request_rec *r) { return NULL; }
-
-
-
-/*
- * MD5-sess code.
- *
- * If you want to use algorithm=MD5-sess you must write get_userpw_hash()
- * yourself (see below). The dummy provided here just uses the hash from
- * the auth-file, i.e. it is only useful for testing client implementations
- * of MD5-sess .
- */
-
-/*
- * get_userpw_hash() will be called each time a new session needs to be
- * generated and is expected to return the equivalent of
- *
- * h_urp = ap_md5(r->pool,
- *         ap_pstrcat(r->pool, username, ":", ap_auth_name(r), ":", passwd))
- * ap_md5(r->pool,
- *         (unsigned char *) ap_pstrcat(r->pool, h_urp, ":", resp->nonce, ":",
- *                                      resp->cnonce, NULL));
- *
- * or put differently, it must return
- *
- *   MD5(MD5(username ":" realm ":" password) ":" nonce ":" cnonce)
- *
- * If something goes wrong, the failure must be logged and NULL returned.
- *
- * You must implement this yourself, which will probably consist of code
- * contacting the password server with the necessary information (typically
- * the username, realm, nonce, and cnonce) and receiving the hash from it.
- *
- * TBD: This function should probably be in a seperate source file so that
- * people need not modify mod_auth_digest.c each time they install a new
- * version of apache.
- */
-static const char *get_userpw_hash(const request_rec *r,
-				   const digest_header_rec *resp,
-				   const digest_config_rec *conf)
-{
-    return ap_md5(r->pool,
-	     (unsigned char *) ap_pstrcat(r->pool, conf->ha1, ":", resp->nonce,
-					  ":", resp->cnonce, NULL));
-}
-
-
-/* Retrieve current session H(A1). If there is none and "generate" is
- * true then a new session for MD5-sess is generated and stored in the
- * client struct; if generate is false, or a new session could not be
- * generated then NULL is returned (in case of failure to generate the
- * failure reason will have been logged already).
- */
-static const char *get_session_HA1(const request_rec *r,
-				   digest_header_rec *resp,
-				   const digest_config_rec *conf,
-				   int generate)
-{
-    const char *ha1 = NULL;
-
-    /* return the current sessions if there is one */
-    if (resp->opaque && resp->client && resp->client->ha1[0])
-	return resp->client->ha1;
-    else if (!generate)
-	return NULL;
-
-    /* generate a new session */
-    if (!resp->client)
-	resp->client = gen_client(r);
-    if (resp->client) {
-	ha1 = get_userpw_hash(r, resp, conf);
-	if (ha1)
-	    memcpy(resp->client->ha1, ha1, sizeof(resp->client->ha1));
-    }
-
-    return ha1;
-}
-
-
-static void clear_session(const digest_header_rec *resp)
-{
-    if (resp->client)
-	resp->client->ha1[0] = '\0';
-}
-
-/*
- * Authorization challenge generation code (for WWW-Authenticate)
- */
-
-static const char *ltox(pool *p, unsigned long num)
-{
-    if (num != 0)
-	return ap_psprintf(p, "%lx", num);
-    else
-	return "";
-}
-
-static void note_digest_auth_failure(request_rec *r,
-				     const digest_config_rec *conf,
-				     digest_header_rec *resp, int stale)
-{
-    const char   *qop, *opaque, *opaque_param, *domain, *nonce;
-    int           cnt;
-
-
-    /* Setup qop */
-
-    if (conf->qop_list[0] == NULL)
-	qop = ", qop=\"auth\"";
-    else if (!strcasecmp(conf->qop_list[0], "none"))
-	qop = "";
-    else {
-	qop = ap_pstrcat(r->pool, ", qop=\"", conf->qop_list[0], NULL);
-	for (cnt=1; conf->qop_list[cnt] != NULL; cnt++)
-	    qop = ap_pstrcat(r->pool, qop, ",", conf->qop_list[cnt], NULL);
-	qop = ap_pstrcat(r->pool, qop, "\"", NULL);
-    }
-
-    /* Setup opaque */
-
-    if (resp->opaque == NULL) {
-	/* new client */
-	if ((conf->check_nc || conf->nonce_lifetime == 0
-	     || !strcasecmp(conf->algorithm, "MD5-sess"))
-	    && (resp->client = gen_client(r)) != NULL)
-	    opaque = ltox(r->pool, resp->client->key);
-	else
-	    opaque = "";		/* opaque not needed */
-    }
-    else if (resp->client == NULL) {
-	/* client info was gc'd */
-	resp->client = gen_client(r);
-	if (resp->client != NULL) {
-	    opaque = ltox(r->pool, resp->client->key);
-	    stale = 1;
-	    client_list->num_renewed++;
-	}
-	else
-	    opaque = "";		/* ??? */
-    }
-    else {
-	opaque = resp->opaque;
-	/* we're generating a new nonce, so reset the nonce-count */
-	resp->client->nonce_count = 0;
-    }
-
-    if (opaque[0])
-	opaque_param = ap_pstrcat(r->pool, ", opaque=\"", opaque, "\"", NULL);
-    else
-	opaque_param = NULL;
-
-    /* Setup nonce */
-
-    nonce = gen_nonce(r->pool, r->request_time, opaque, r->server, conf);
-    if (resp->client && conf->nonce_lifetime == 0)
-	memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1);
-
-    /* Setup MD5-sess stuff. Note that we just clear out the session
-     * info here, since we can't generate a new session until the request
-     * from the client comes in with the cnonce.
-     */
-
-    if (!strcasecmp(conf->algorithm, "MD5-sess"))
-	clear_session(resp);
-
-    /* setup domain attribute. We want to send this attribute wherever
-     * possible so that the client won't send the Authorization header
-     * unnecessarily (it's usually > 200 bytes!).
-     */
-
-    /* don't send domain
-     * - for proxy requests
-     * - if it's no specified
-     */
-    if (r->proxyreq || !conf->uri_list) {
-        domain = NULL;  
-    }
-    else {
-        domain = conf->uri_list;
-    }
-
-    ap_table_mergen(r->err_headers_out,
-		    r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
-					     : "WWW-Authenticate",
-		    ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s\", "
-					 "algorithm=%s%s%s%s%s",
-				ap_auth_name(r), nonce, conf->algorithm,
-				opaque_param ? opaque_param : "",
-				domain ? domain : "",
-				stale ? ", stale=true" : "", qop));
-}
-
-
-/*
- * Authorization header verification code
- */
-
-static const char *get_hash(request_rec *r, const char *user,
-			    const char *realm, const char *auth_pwfile)
-{
-    configfile_t *f;
-    char l[MAX_STRING_LEN];
-    const char *rpw;
-    char *w, *x;
-
-    if (!(f = ap_pcfg_openfile(r->pool, auth_pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		      "Digest: Could not open password file: %s", auth_pwfile);
-	return NULL;
-    }
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	rpw = l;
-	w = ap_getword(r->pool, &rpw, ':');
-	x = ap_getword(r->pool, &rpw, ':');
-
-	if (x && w && !strcmp(user, w) && !strcmp(realm, x)) {
-	    ap_cfg_closefile(f);
-	    return ap_pstrdup(r->pool, rpw);
-	}
-    }
-    ap_cfg_closefile(f);
-    return NULL;
-}
-
-static int check_nc(const request_rec *r, const digest_header_rec *resp,
-		    const digest_config_rec *conf)
-{
-    unsigned long nc;
-    const char *snc = resp->nonce_count;
-    char *endptr;
-
-    if (!conf->check_nc || !client_mm)
-	return OK;
-
-    nc = ap_strtol(snc, &endptr, 16);
-    if (endptr < (snc+strlen(snc)) && !ap_isspace(*endptr)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: invalid nc %s received - not a number", snc);
-	return !OK;
-    }
-
-    if (!resp->client)
-	return !OK;
-
-    if (nc != resp->client->nonce_count) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: Warning, possible replay attack: nonce-count "
-		      "check failed: %lu != %lu", nc,
-		      resp->client->nonce_count);
-	return !OK;
-    }
-
-    return OK;
-}
-
-static int check_nonce(request_rec *r, digest_header_rec *resp,
-		       const digest_config_rec *conf)
-{
-    double dt;
-    time_rec nonce_time;
-    char tmp, hash[NONCE_HASH_LEN+1];
-
-    if (strlen(resp->nonce) != NONCE_LEN) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: invalid nonce %s received - length is not %zu",
-		      resp->nonce, NONCE_LEN);
-	note_digest_auth_failure(r, conf, resp, 1);
-	return AUTH_REQUIRED;
-    }
-
-    tmp = resp->nonce[NONCE_TIME_LEN];
-    resp->nonce[NONCE_TIME_LEN] = '\0';
-    ap_base64decode_binary(nonce_time.arr, resp->nonce);
-    gen_nonce_hash(hash, resp->nonce, resp->opaque, r->server, conf);
-    resp->nonce[NONCE_TIME_LEN] = tmp;
-    resp->nonce_time = nonce_time.time;
-
-    if (strcmp(hash, resp->nonce+NONCE_TIME_LEN)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: invalid nonce %s received - hash is not %s",
-		      resp->nonce, hash);
-	note_digest_auth_failure(r, conf, resp, 1);
-	return AUTH_REQUIRED;
-    }
-
-    dt = difftime(r->request_time, nonce_time.time);
-    if (conf->nonce_lifetime > 0 && dt < 0) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: invalid nonce %s received - user attempted "
-		      "time travel", resp->nonce);
-	note_digest_auth_failure(r, conf, resp, 1);
-	return AUTH_REQUIRED;
-    }
-
-    if (conf->nonce_lifetime > 0) {
-	if (dt > conf->nonce_lifetime) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-			  "Digest: user %s: nonce expired - sending new nonce",
-			  r->connection->user);
-	    note_digest_auth_failure(r, conf, resp, 1);
-	    return AUTH_REQUIRED;
-	}
-    }
-    else if (conf->nonce_lifetime == 0 && resp->client) {
-	if (memcmp(resp->client->last_nonce, resp->nonce, NONCE_LEN)) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-			  "Digest: user %s: one-time-nonce mismatch - sending "
-			  "new nonce", r->connection->user);
-	    note_digest_auth_failure(r, conf, resp, 1);
-	    return AUTH_REQUIRED;
-	}
-    }
-    /* else (lifetime < 0) => never expires */
-
-    return OK;
-}
-
-/* The actual MD5 code... whee */
-
-/* RFC-2069 */
-static const char *old_digest(const request_rec *r,
-			      const digest_header_rec *resp, const char *ha1)
-{
-    const char *ha2;
-
-    ha2 = ap_md5(r->pool, (unsigned char *)ap_pstrcat(r->pool, r->method, ":",
-						      resp->uri, NULL));
-    return ap_md5(r->pool,
-		  (unsigned char *)ap_pstrcat(r->pool, ha1, ":", resp->nonce,
-					      ":", ha2, NULL));
-}
-
-/* RFC-2617 */
-static const char *new_digest(const request_rec *r,
-			      digest_header_rec *resp,
-			      const digest_config_rec *conf)
-{
-    const char *ha1, *ha2, *a2;
-
-    if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) {
-	ha1 = get_session_HA1(r, resp, conf, 1);
-	if (!ha1)
-	    return NULL;
-    }
-    else
-	ha1 = conf->ha1;
-
-    if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int"))
-	a2 = ap_pstrcat(r->pool, r->method, ":", resp->uri, ":",
-			ap_md5(r->pool, (const unsigned char*) ""), NULL); /* TBD */
-    else
-	a2 = ap_pstrcat(r->pool, r->method, ":", resp->uri, NULL);
-    ha2 = ap_md5(r->pool, (const unsigned char *)a2);
-
-    return ap_md5(r->pool,
-		  (unsigned char *)ap_pstrcat(r->pool, ha1, ":", resp->nonce,
-					      ":", resp->nonce_count, ":",
-					      resp->cnonce, ":",
-					      resp->message_qop, ":", ha2,
-					      NULL));
-}
-
-
-static void copy_uri_components(uri_components *dst, uri_components *src,
-				request_rec *r)
-{
-    if (src->scheme && src->scheme[0] != '\0')
-	dst->scheme = src->scheme;
-    else
-	dst->scheme = (char *) "http";
-
-    if (src->hostname && src->hostname[0] != '\0') {
-	dst->hostname = ap_pstrdup(r->pool, src->hostname);
-	ap_unescape_url(dst->hostname);
-    }
-    else
-	dst->hostname = (char *) ap_get_server_name(r);
-
-    if (src->port_str && src->port_str[0] != '\0')
-	dst->port = src->port;
-    else
-	dst->port = ap_get_server_port(r);
-
-    if (src->path && src->path[0] != '\0') {
-	dst->path = ap_pstrdup(r->pool, src->path);
-	ap_unescape_url(dst->path);
-    }
-    else
-	dst->path = src->path;
-
-    if (src->query && src->query[0] != '\0') {
-	dst->query = ap_pstrdup(r->pool, src->query);
-	ap_unescape_url(dst->query);
-    }
-    else
-	dst->query = src->query;
-}
-
-/* This handles non-FQDN's. If h1 is empty, the comparison succeeds. Else
- * if h1 is a FQDN (i.e. contains a '.') then normal strcasecmp() is done.
- * Else only the first part of h2 (up to the first '.') is compared.
- */
-static int compare_hostnames(const char *h1, const char *h2)
-{
-    const char *dot;
-
-    /* if no hostname given, then ok */
-    if (!h1 || h1[0] == '\0')
-	return 1;
-
-    /* handle FQDN's in h1 */
-    dot = strchr(h1, '.');
-    if (dot != NULL)
-	return !strcasecmp(h1, h2);
-
-    /* handle non-FQDN's in h1 */
-    dot = strchr(h2, '.');
-    if (dot == NULL)
-	return !strcasecmp(h1, h2);
-    else
-	return (strlen(h1) == (size_t) (dot - h2)) && !strncasecmp(h1, h2, dot-h2);
-}
-
-/* These functions return 0 if client is OK, and proper error status
- * if not... either AUTH_REQUIRED, if we made a check, and it failed, or
- * SERVER_ERROR, if things are so totally confused that we couldn't
- * figure out how to tell if the client is authorized or not.
- *
- * If they return DECLINED, and all other modules also decline, that's
- * treated by the server core as a configuration error, logged and
- * reported as such.
- */
-
-/* Determine user ID, and check if the attributes are correct, if it
- * really is that user, if the nonce is correct, etc.
- */
-
-static int authenticate_digest_user(request_rec *r)
-{
-    digest_config_rec *conf;
-    digest_header_rec *resp;
-    request_rec       *mainreq;
-    conn_rec          *conn = r->connection;
-    const char        *t;
-    int                res;
-
-
-    /* do we require Digest auth for this URI? */
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
-	return DECLINED;
-
-    if (!ap_auth_name(r)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: need AuthName: %s", r->uri);
-	return SERVER_ERROR;
-    }
-
-
-    /* get the client response and mark */
-
-    mainreq = r;
-    while (mainreq->main != NULL)  mainreq = mainreq->main;
-    while (mainreq->prev != NULL)  mainreq = mainreq->prev;
-    resp = (digest_header_rec *) ap_get_module_config(mainreq->request_config,
-						      &digest_auth_module);
-    resp->needed_auth = 1;
-
-
-    /* get our conf */
-
-    conf = (digest_config_rec *) ap_get_module_config(r->per_dir_config,
-						      &digest_auth_module);
-
-
-    /* check for existence and syntax of Auth header */
-
-    if (resp->auth_hdr_sts != VALID) {
-	if (resp->auth_hdr_sts == NOT_DIGEST)
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: client used wrong authentication scheme "
-			  "`%s': %s", resp->scheme, r->uri);
-	else if (resp->auth_hdr_sts == INVALID)
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: missing user, realm, nonce, uri, digest, "
-			  "cnonce, or nonce_count in authorization header: %s",
-			  r->uri);
-	/* else (resp->auth_hdr_sts == NO_HEADER) */
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    r->connection->user         = (char *) resp->username;
-    r->connection->ap_auth_type = (char *) "Digest";
-
-
-    /* check the auth attributes */
-
-    if (strcmp(resp->uri, resp->raw_request_uri)) {
-	/* Hmm, the simple match didn't work (probably a proxy modified the
-	 * request-uri), so lets do a more sophisticated match
-	 */
-	uri_components r_uri, d_uri;
-
-	copy_uri_components(&r_uri, resp->psd_request_uri, r);
-	if (ap_parse_uri_components(r->pool, resp->uri, &d_uri) != HTTP_OK) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: invalid uri <%s> in Authorization header",
-			  resp->uri);
-	    return BAD_REQUEST;
-	}
-
-	if (d_uri.hostname)
-	    ap_unescape_url(d_uri.hostname);
-	if (d_uri.path)
-	    ap_unescape_url(d_uri.path);
-	if (d_uri.query)
-	    ap_unescape_url(d_uri.query);
-
-	if (r->method_number == M_CONNECT) {
-	    if (strcmp(resp->uri, r_uri.hostinfo)) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			      "Digest: uri mismatch - <%s> does not match "
-			      "request-uri <%s>", resp->uri, r_uri.hostinfo);
-		return BAD_REQUEST;
-	    }
-	}
-	else if (
-	    /* check hostname matches, if present */
-	    !compare_hostnames(d_uri.hostname, r_uri.hostname)
-	    /* check port matches, if present */
-	    || (d_uri.port_str && d_uri.port != r_uri.port)
-	    /* check that server-port is default port if no port present */
-	    || (d_uri.hostname && d_uri.hostname[0] != '\0'
-		&& !d_uri.port_str && r_uri.port != ap_default_port(r))
-	    /* check that path matches */
-	    || (d_uri.path != r_uri.path
-		/* either exact match */
-	        && (!d_uri.path || !r_uri.path
-		    || strcmp(d_uri.path, r_uri.path))
-		/* or '*' matches empty path in scheme://host */
-	        && !(d_uri.path && !r_uri.path && resp->psd_request_uri->hostname
-		    && d_uri.path[0] == '*' && d_uri.path[1] == '\0'))
-	    ) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: uri mismatch - <%s> does not match "
-			  "request-uri <%s>", resp->uri, resp->raw_request_uri);
-	    return BAD_REQUEST;
-	}
-    }
-
-    if (resp->opaque && resp->opaque_num == 0) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: received invalid opaque - got `%s'",
-		      resp->opaque);
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    if (strcmp(resp->realm, conf->realm)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: realm mismatch - got `%s' but expected `%s'",
-		      resp->realm, conf->realm);
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    if (resp->algorithm != NULL
-	&& strcasecmp(resp->algorithm, "MD5")
-	&& strcasecmp(resp->algorithm, "MD5-sess")) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: unknown algorithm `%s' received: %s",
-		      resp->algorithm, r->uri);
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    if (!conf->pwfile)
-	return DECLINED;
-
-    if (!(conf->ha1 = get_hash(r, conn->user, conf->realm, conf->pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: user `%s' in realm `%s' not found: %s",
-		      conn->user, conf->realm, r->uri);
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    if (resp->message_qop == NULL) {
-	/* old (rfc-2069) style digest */
-	if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: user %s: password mismatch: %s", conn->user,
-			  r->uri);
-	    note_digest_auth_failure(r, conf, resp, 0);
-	    return AUTH_REQUIRED;
-	}
-    }
-    else {
-	const char *exp_digest;
-	int match = 0, idx;
-	for (idx=0; conf->qop_list[idx] != NULL; idx++) {
-	    if (!strcasecmp(conf->qop_list[idx], resp->message_qop)) {
-		match = 1;
-		break;
-	    }
-	}
-
-	if (!match
-	    && !(conf->qop_list[0] == NULL
-		 && !strcasecmp(resp->message_qop, "auth"))) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: invalid qop `%s' received: %s",
-			  resp->message_qop, r->uri);
-	    note_digest_auth_failure(r, conf, resp, 0);
-	    return AUTH_REQUIRED;
-	}
-
-	if (check_nc(r, resp, conf) != OK) {
-	    note_digest_auth_failure(r, conf, resp, 0);
-	    return AUTH_REQUIRED;
-	}
-
-	exp_digest = new_digest(r, resp, conf);
-	if (!exp_digest) {
-	    /* we failed to allocate a client struct */
-	    return SERVER_ERROR;
-	}
-	if (strcmp(resp->digest, exp_digest)) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: user %s: password mismatch: %s", conn->user,
-			  r->uri);
-	    note_digest_auth_failure(r, conf, resp, 0);
-	    return AUTH_REQUIRED;
-	}
-    }
-
-    /* Note: this check is done last so that a "stale=true" can be
-       generated if the nonce is old */
-    if ((res = check_nonce(r, resp, conf)))
-	return res;
-
-    return OK;
-}
-
-
-/*
- * Checking ID
- */
-
-static table *groups_for_user(request_rec *r, const char *user,
-			      const char *grpfile)
-{
-    configfile_t *f;
-    table *grps = ap_make_table(r->pool, 15);
-    pool *sp;
-    char l[MAX_STRING_LEN];
-    const char *group_name, *ll, *w;
-
-    if (!(f = ap_pcfg_openfile(r->pool, grpfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		      "Digest: Could not open group file: %s", grpfile);
-	return NULL;
-    }
-
-    sp = ap_make_sub_pool(r->pool);
-
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	ll = l;
-	ap_clear_pool(sp);
-
-	group_name = ap_getword(sp, &ll, ':');
-
-	while (ll[0]) {
-	    w = ap_getword_conf(sp, &ll);
-	    if (!strcmp(w, user)) {
-		ap_table_setn(grps, ap_pstrdup(r->pool, group_name), "in");
-		break;
-	    }
-	}
-    }
-
-    ap_cfg_closefile(f);
-    ap_destroy_pool(sp);
-    return grps;
-}
-
-
-static int digest_check_auth(request_rec *r)
-{
-    const digest_config_rec *conf =
-		(digest_config_rec *) ap_get_module_config(r->per_dir_config,
-							   &digest_auth_module);
-    const char *user = r->connection->user;
-    int m = r->method_number;
-    int method_restricted = 0;
-    int x;
-    const char *t, *w;
-    table *grpstatus;
-    const array_header *reqs_arr;
-    require_line *reqs;
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
-	return DECLINED;
-
-    reqs_arr = ap_requires(r);
-    /* If there is no "requires" directive, then any user will do.
-     */
-    if (!reqs_arr)
-	return OK;
-    reqs = (require_line *) reqs_arr->elts;
-
-    if (conf->grpfile)
-	grpstatus = groups_for_user(r, user, conf->grpfile);
-    else
-	grpstatus = NULL;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-	if (!(reqs[x].method_mask & (1 << m)))
-	    continue;
-
-	method_restricted = 1;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-	if (!strcasecmp(w, "valid-user"))
-	    return OK;
-	else if (!strcasecmp(w, "user")) {
-	    while (t[0]) {
-		w = ap_getword_conf(r->pool, &t);
-		if (!strcmp(user, w))
-		    return OK;
-	    }
-	}
-	else if (!strcasecmp(w, "group")) {
-	    if (!grpstatus)
-		return DECLINED;
-
-	    while (t[0]) {
-		w = ap_getword_conf(r->pool, &t);
-		if (ap_table_get(grpstatus, w))
-		    return OK;
-	    }
-	}
-	else {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		"Digest: access to %s failed, reason: unknown require "
-		"directive \"%s\"", r->uri, reqs[x].requirement);
-	    return DECLINED;
-	}
-    }
-
-    if (!method_restricted)
-	return OK;
-
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-	"Digest: access to %s failed, reason: user %s not allowed access",
-	r->uri, user);
-
-    note_digest_auth_failure(r, conf,
-	(digest_header_rec *) ap_get_module_config(r->request_config,
-						   &digest_auth_module),
-	0);
-    return AUTH_REQUIRED;
-}
-
-
-/*
- * Authorization-Info header code
- */
-
-static int add_auth_info(request_rec *r)
-{
-    const digest_config_rec *conf =
-		(digest_config_rec *) ap_get_module_config(r->per_dir_config,
-							   &digest_auth_module);
-    digest_header_rec *resp =
-		(digest_header_rec *) ap_get_module_config(r->request_config,
-							   &digest_auth_module);
-    const char *ai = NULL, *digest = NULL, *nextnonce = "";
-
-    if (resp == NULL || !resp->needed_auth || conf == NULL)
-	return OK;
-
-
-    /* rfc-2069 digest
-     */
-    if (resp->message_qop == NULL) {
-	/* old client, so calc rfc-2069 digest */
-
-    }
-
-
-    /* setup nextnonce
-     */
-    if (conf->nonce_lifetime > 0) {
-	/* send nextnonce if current nonce will expire in less than 30 secs */
-	if (difftime(r->request_time, resp->nonce_time) > (conf->nonce_lifetime-NEXTNONCE_DELTA)) {
-	    nextnonce = ap_pstrcat(r->pool, ", nextnonce=\"",
-				   gen_nonce(r->pool, r->request_time,
-					     resp->opaque, r->server, conf),
-				   "\"", NULL);
-	    if (resp->client)
-		resp->client->nonce_count = 0;
-	}
-    }
-    else if (conf->nonce_lifetime == 0 && resp->client) {
-        const char *nonce = gen_nonce(r->pool, 0, resp->opaque, r->server,
-				      conf);
-	nextnonce = ap_pstrcat(r->pool, ", nextnonce=\"", nonce, "\"", NULL);
-	memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1);
-    }
-    /* else nonce never expires, hence no nextnonce */
-
-
-    /* do rfc-2069 digest
-     */
-    if (conf->qop_list[0] && !strcasecmp(conf->qop_list[0], "none")
-	&& resp->message_qop == NULL) {
-	/* use only RFC-2069 format */
-	if (digest)
-	    ai = ap_pstrcat(r->pool, "digest=\"", digest, "\"", nextnonce,NULL);
-	else
-	    ai = nextnonce;
-    }
-    else {
-	const char *resp_dig, *ha1, *a2, *ha2;
-
-	/* calculate rspauth attribute
-	 */
-	if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) {
-	    ha1 = get_session_HA1(r, resp, conf, 0);
-	    if (!ha1) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			      "Digest: internal error: couldn't find session "
-			      "info for user %s", resp->username);
-		return !OK;
-	    }
-	}
-	else
-	    ha1 = conf->ha1;
-
-	if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int"))
-	    a2 = ap_pstrcat(r->pool, ":", resp->uri, ":",
-			    ap_md5(r->pool, (const unsigned char *) ""), NULL); /* TBD */
-	else
-	    a2 = ap_pstrcat(r->pool, ":", resp->uri, NULL);
-	ha2 = ap_md5(r->pool, (const unsigned char *)a2);
-
-	resp_dig = ap_md5(r->pool,
-		         (unsigned char *)ap_pstrcat(r->pool, ha1, ":",
-						     resp->nonce, ":",
-						     resp->nonce_count, ":",
-						     resp->cnonce, ":",
-						     resp->message_qop ?
-							 resp->message_qop : "",
-						     ":", ha2, NULL));
-
-	/* assemble Authentication-Info header
-	 */
-	ai = ap_pstrcat(r->pool,
-			"rspauth=\"", resp_dig, "\"",
-			nextnonce,
-		        resp->cnonce ? ", cnonce=\"" : "",
-		        resp->cnonce ? ap_escape_quotes(r->pool, resp->cnonce) :
-					"",
-		        resp->cnonce ? "\"" : "",
-		        resp->nonce_count ? ", nc=" : "",
-		        resp->nonce_count ? resp->nonce_count : "",
-		        resp->message_qop ? ", qop=" : "",
-		        resp->message_qop ? resp->message_qop : "",
-			digest ? "digest=\"" : "",
-			digest ? digest : "",
-			digest ? "\"" : "",
-			NULL);
-    }
-
-    if (ai && ai[0])
-	ap_table_mergen(r->headers_out,
-			r->proxyreq == STD_PROXY ? "Proxy-Authentication-Info"
-						 : "Authentication-Info",
-			ai);
-    return OK;
-}
-
-
-module MODULE_VAR_EXPORT digest_auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    initialize_module,		/* initializer */
-    create_digest_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    digest_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    authenticate_digest_user,	/* check_user_id */
-    digest_check_auth,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    add_auth_info,		/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    update_nonce_count		/* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/experimental/mod_mmap_static.c b/usr.sbin/httpd/src/modules/experimental/mod_mmap_static.c
deleted file mode 100644
index 7aa901d96d1..00000000000
--- a/usr.sbin/httpd/src/modules/experimental/mod_mmap_static.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_mmap_static: mmap a config-time list of files for faster serving
- *
- * v0.04
- * 
- * Author: Dean Gaudet <dgaudet@arctic.org>
- *
- * v0.01: initial implementation
- * v0.02: get rid of the extra stat() in the core by filling in what we know
- * v0.03: get rid of the cached match from the xlat routine since there are
- *        many cases where the request is modified between it and the
- *        handler... so we do the binary search twice, but the second time
- *        we can use st_ino and st_dev to speed it up.
- * v0.04: work around mod_rewrite, which sets r->filename to the uri first
- */
-
-/*
-    Documentation:
-
-    The concept is simple.  Some sites have a set of static files that are
-    really busy, and change infrequently (or even on a regular schedule).
-    Save time by mmap()ing these files into memory and avoid a lot of the
-    crap required to do normal file serving.  Place directives such as:
-
-	mmapfile /path/to/file1
-	mmapfile /path/to/file2
-	...
-
-    into your configuration.  These files are only mmap()d when the server
-    is restarted, so if you change the list, or if the files are changed,
-    then you'll need to restart the server.
-
-    To reiterate that point:  if the files are modified *in place*
-    without restarting the server you may end up serving requests that
-    are completely bogus.  You should update files by unlinking the old
-    copy and putting a new copy in place.  Most tools such as rdist and
-    mv do this.
-
-    There's no such thing as inheriting these files across vhosts or
-    whatever... place the directives in the main server only.
-
-    Known problems:
-
-    Don't use Alias or RewriteRule to move these files around...  unless
-    you feel like paying for an extra stat() on each request.  This is
-    a deficiency in the Apache API that will hopefully be solved some day.
-    The file will be served out of the mmap cache, but there will be
-    an extra stat() that's a waste.
-*/
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <string.h>
-#include <sys/mman.h>
-
-#define CORE_PRIVATE
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h"
-#include "http_core.h"
-
-module MODULE_VAR_EXPORT mmap_static_module;
-
-typedef struct {
-    char *filename;
-    void *mm;
-    struct stat finfo;
-} a_file;
-
-typedef struct {
-    array_header *files;
-    array_header *inode_sorted;
-} a_server_config;
-
-
-static void *create_server_config(pool *p, server_rec *s)
-{
-    a_server_config *sconf = ap_palloc(p, sizeof(*sconf));
-
-    sconf->files = ap_make_array(p, 20, sizeof(a_file));
-    sconf->inode_sorted = NULL;
-    return sconf;
-}
-
-static void cleanup_mmap(void *sconfv)
-{
-    a_server_config *sconf = sconfv;
-    size_t n;
-    a_file *file;
-
-    n = sconf->files->nelts;
-    file = (a_file *)sconf->files->elts;
-    while(n) {
-	munmap(file->mm, file->finfo.st_size);
-	++file;
-	--n;
-    }
-}
-
-static const char *mmapfile(cmd_parms *cmd, void *dummy, char *filename)
-{
-    a_server_config *sconf;
-    a_file *new_file;
-    a_file tmp;
-    int fd;
-    caddr_t mm;
-
-    if (stat(filename, &tmp.finfo) == -1) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, cmd->server,
-	    "mmap_static: unable to stat(%s), skipping", filename);
-	return NULL;
-    }
-    if ((tmp.finfo.st_mode & S_IFMT) != S_IFREG) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, cmd->server,
-	    "mmap_static: %s isn't a regular file, skipping", filename);
-	return NULL;
-    }
-    ap_block_alarms();
-    fd = open(filename, O_RDONLY, 0);
-    if (fd == -1) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, cmd->server,
-	    "mmap_static: unable to open(%s, O_RDONLY), skipping", filename);
-	return NULL;
-    }
-    mm = mmap(NULL, tmp.finfo.st_size, PROT_READ, MAP_SHARED, fd, 0);
-    if (mm == (caddr_t)-1) {
-	int save_errno = errno;
-	close(fd);
-	ap_unblock_alarms();
-	errno = save_errno;
-	ap_log_error(APLOG_MARK, APLOG_WARNING, cmd->server,
-	    "mmap_static: unable to mmap %s, skipping", filename);
-	return NULL;
-    }
-    close(fd);
-    tmp.mm = mm;
-    tmp.filename = ap_pstrdup(cmd->pool, filename);
-    sconf = ap_get_module_config(cmd->server->module_config, &mmap_static_module);
-    new_file = ap_push_array(sconf->files);
-    *new_file = tmp;
-    if (sconf->files->nelts == 1) {
-	/* first one, register the cleanup */
-	ap_register_cleanup(cmd->pool, sconf, cleanup_mmap, ap_null_cleanup);
-    }
-    ap_unblock_alarms();
-    return NULL;
-}
-
-static command_rec mmap_static_cmds[] =
-{
-    {
-	"mmapfile", mmapfile, NULL, RSRC_CONF, ITERATE,
-	"A space separated list of files to mmap at config time"
-    },
-    {
-	NULL
-    }
-};
-
-static int file_compare(const void *av, const void *bv)
-{
-    const a_file *a = av;
-    const a_file *b = bv;
-
-    return strcmp(a->filename, b->filename);
-}
-
-static int inode_compare(const void *av, const void *bv)
-{
-    const a_file *a = *(a_file **)av;
-    const a_file *b = *(a_file **)bv;
-
-    if (a->finfo.st_ino < b->finfo.st_ino)
-	return -1;
-    if (a->finfo.st_ino > b->finfo.st_ino)
-	return 1;
-    if (a->finfo.st_dev < b->finfo.st_dev)
-	return -1;
-    return a->finfo.st_dev > b->finfo.st_dev;
-}
-
-static void mmap_init(server_rec *s, pool *p)
-{
-    a_server_config *sconf;
-    array_header *inodes;
-    a_file *elts;
-    int nelts;
-    int i;
-    
-    /* sort the elements of the main_server, by filename */
-    sconf = ap_get_module_config(s->module_config, &mmap_static_module);
-    elts = (a_file *)sconf->files->elts;
-    nelts = sconf->files->nelts;
-    qsort(elts, nelts, sizeof(a_file), file_compare);
-
-    /* build an index by inode as well, speeds up the search in the handler */
-    inodes = ap_make_array(p, nelts, sizeof(a_file *));
-    sconf->inode_sorted = inodes;
-    for (i = 0; i < nelts; ++i) {
-	*(a_file **)ap_push_array(inodes) = &elts[i];
-    }
-    qsort(inodes->elts, nelts, sizeof(a_file *), inode_compare);
-
-    /* and make the virtualhosts share the same thing */
-    for (s = s->next; s; s = s->next) {
-	ap_set_module_config(s->module_config, &mmap_static_module, sconf);
-    }
-}
-
-/* If it's one of ours, fill in r->finfo now to avoid extra stat()... this is a
- * bit of a kludge, because we really want to run after core_translate runs.
- */
-
-static int mmap_static_xlat(request_rec *r)
-{
-    a_server_config *sconf;
-    a_file tmp;
-    a_file *match;
-    int res;
-
-    sconf = ap_get_module_config(r->server->module_config, &mmap_static_module);
-
-    /* we only operate when at least one mmapfile directive was used */
-    if (ap_is_empty_table(sconf->files))
-	return DECLINED;
-
-    /* we require other modules to first set up a filename */
-    res = core_module.translate_handler(r);
-    if (res == DECLINED || !r->filename) {
-	return res;
-    }
-    tmp.filename = r->filename;
-    match = (a_file *)bsearch(&tmp, sconf->files->elts, sconf->files->nelts,
-	sizeof(a_file), file_compare);
-    if (match == NULL) {
-	return DECLINED;
-    }
-
-    /* shortcircuit the get_path_info() stat() calls and stuff */
-    r->finfo = match->finfo;
-    return OK;
-}
-
-
-static int mmap_static_handler(request_rec *r)
-{
-    a_server_config *sconf;
-    a_file tmp;
-    a_file *ptmp;
-    a_file **pmatch;
-    a_file *match;
-    int rangestatus, errstatus;
-
-    /* we don't handle anything but GET */
-    if (r->method_number != M_GET) return DECLINED;
-
-    /* file doesn't exist, we won't be dealing with it */
-    if (r->finfo.st_mode == 0) return DECLINED;
-
-    sconf = ap_get_module_config(r->server->module_config, &mmap_static_module);
-    tmp.finfo.st_dev = r->finfo.st_dev;
-    tmp.finfo.st_ino = r->finfo.st_ino;
-    ptmp = &tmp;
-    pmatch = (a_file **)bsearch(&ptmp, sconf->inode_sorted->elts,
-	sconf->inode_sorted->nelts, sizeof(a_file *), inode_compare);
-    if (pmatch == NULL) {
-	return DECLINED;
-    }
-    match = *pmatch;
-
-    /* note that we would handle GET on this resource */
-    r->allowed |= (1 << M_GET);
-
-    /* This handler has no use for a request body (yet), but we still
-     * need to read and discard it if the client sent one.
-     */
-    if ((errstatus = ap_discard_request_body(r)) != OK)
-        return errstatus;
-
-    ap_update_mtime(r, match->finfo.st_mtime);
-    ap_set_last_modified(r);
-    ap_set_etag(r);
-    if (((errstatus = ap_meets_conditions(r)) != OK)
-	|| (errstatus = ap_set_content_length (r, match->finfo.st_size))) {
-	    return errstatus;
-    }
-
-    rangestatus = ap_set_byterange(r);
-    ap_send_http_header(r);
-
-    if (!r->header_only) {
-	if (!rangestatus) {
-	    ap_send_mmap (match->mm, r, 0, match->finfo.st_size);
-	}
-	else {
-	    off_t offset, length;
-	    while (ap_each_byterange(r, &offset, &length)) {
-		ap_send_mmap(match->mm, r, offset, length);
-	    }
-	}
-    }
-    return OK;
-}
-
-
-static const handler_rec mmap_static_handlers[] =
-{
-    { "*/*", mmap_static_handler },
-    { NULL }
-};
-
-module MODULE_VAR_EXPORT mmap_static_module =
-{
-    STANDARD_MODULE_STUFF,
-    mmap_init,			/* initializer */
-    NULL,			/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    create_server_config,	/* server config */
-    NULL,			/* merge server config */
-    mmap_static_cmds,		/* command handlers */
-    mmap_static_handlers,	/* handlers */
-    mmap_static_xlat,		/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/extra/.indent.pro b/usr.sbin/httpd/src/modules/extra/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/modules/extra/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/modules/extra/Makefile.tmpl b/usr.sbin/httpd/src/modules/extra/Makefile.tmpl
deleted file mode 100644
index 67c70fab94c..00000000000
--- a/usr.sbin/httpd/src/modules/extra/Makefile.tmpl
+++ /dev/null
@@ -1,6 +0,0 @@
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
diff --git a/usr.sbin/httpd/src/modules/extra/mod_define.c b/usr.sbin/httpd/src/modules/extra/mod_define.c
deleted file mode 100644
index 88fb3f3d299..00000000000
--- a/usr.sbin/httpd/src/modules/extra/mod_define.c
+++ /dev/null
@@ -1,413 +0,0 @@
-/*
-**  mod_define.c - Apache module for configuration defines ($xxx)
-**
-**  Copyright (c) 1998-2000 Ralf S. Engelschall <rse@engelschall.com>
-**  Copyright (c) 1998-2000 Christian Reiber <chrei@en.muc.de>
-**
-**  Permission to use, copy, modify, and distribute this software for
-**  any purpose with or without fee is hereby granted, provided that
-**  the above copyright notice and this permission notice appear in all
-**  copies.
-**
-**  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-**  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-**  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-**  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
-**  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-**  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-**  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-**  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-**  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-**  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-**  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-**  SUCH DAMAGE.
-*/
-
-/*
- *  HISTORY
- *
- *  v1.0: Originally written in December 1998 by
- *        Ralf S. Engelschall <rse@engelschall.com> and
- *        Christian Reiber <chrei@en.muc.de>
- *
- *  v1.1: Completely Overhauled in August 1999 by
- *        Ralf S. Engelschall <rse@engelschall.com>
- */
-
-#include "ap_config.h"
-#include "ap_ctype.h"
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_core.h"
-#include "http_log.h"
-
-
-/*
- * The global table of defines
- */
-
-static table *tDefines         = NULL;   /* global table of defines */
-static int    bOnceSeenADefine = FALSE;  /* optimization flag */
-
-/*
- * Forward declaration
- */
-static int   DefineIndex      (pool *, char *, int *, int *, char **);
-static char *DefineFetch      (pool *, char *);
-static char *DefineExpand     (pool *, char *, int, char *);
-static void  DefineInit       (pool *);
-static void  DefineCleanup    (void *);
-static char *DefineRewriteHook(cmd_parms *, void *, const char *);
-
-/*
- * Character classes for scanner function
- */
-typedef enum {
-    CC_ESCAPE, CC_DOLLAR, CC_BRACEOPEN, CC_BRACECLOSE,
-    CC_IDCHAR1, CC_IDCHAR, CC_OTHER, CC_EOS
-} CharClass;
-
-/*
- * Scanner states for scanner function
- */
-typedef enum {
-    SS_NONE, SS_SKIP, SS_DOLLAR, SS_TOKEN_BRACED,
-    SS_TOKEN_UNBRACED, SS_ERROR, SS_FOUND
-} ScanState;
-
-/*
- * Default meta characters
- */
-#define DEFAULT_MC_ESCAPE      "\\"
-#define DEFAULT_MC_DOLLAR      "$"
-#define DEFAULT_MC_BRACEOPEN   "{"
-#define DEFAULT_MC_BRACECLOSE  "}"
-
-/*
- * Scanner for variable constructs $xxx and ${xxx}
- */
-static int DefineIndex(pool *p, char *cpLine, int *pos, int *len, char **cpVar)
-{
-    int rc;
-    char *cp;
-    char *cp2;
-    CharClass cc;
-    char cEscape;
-    char cDefine;
-    char cBraceOpen;
-    char cBraceClose;
-    char *cpError;
-    ScanState s;
-
-    cEscape = DEFAULT_MC_ESCAPE[0];
-    if ((cp = DefineFetch(p, "mod_define::escape")) != NULL)
-        cEscape = cp[0];
-    cDefine = DEFAULT_MC_DOLLAR[0];
-    if ((cp = DefineFetch(p, "mod_define::dollar")) != NULL)
-        cDefine = cp[0];
-    cBraceOpen = DEFAULT_MC_BRACEOPEN[0];
-    if ((cp = DefineFetch(p, "mod_define::braceopen")) != NULL)
-        cBraceOpen = cp[0];
-    cBraceClose = DEFAULT_MC_BRACECLOSE[0];
-    if ((cp = DefineFetch(p, "mod_define::braceclose")) != NULL)
-        cBraceClose = cp[0];
-
-    rc = 0;
-    *len = 0;
-    cc = CC_OTHER;
-    s = SS_NONE;
-    for (cp = cpLine+(*pos); cc != CC_EOS; cp++) {
-        if (*cp == cEscape)
-            cc = CC_ESCAPE;
-        else if (*cp == cDefine)
-            cc = CC_DOLLAR;
-        else if (*cp == cBraceOpen)
-            cc = CC_BRACEOPEN;
-        else if (*cp == cBraceClose)
-            cc = CC_BRACECLOSE;
-        else if (ap_isalpha(*cp))
-            cc = CC_IDCHAR1;
-        else if (ap_isdigit(*cp) || *cp == '_' || *cp == ':')
-            cc = CC_IDCHAR;
-        else if (*cp == '\0')
-            cc = CC_EOS;
-        else
-            cc = CC_OTHER;
-        switch (s) {
-            case SS_NONE:
-                switch (cc) {
-                    case CC_ESCAPE:
-                        s = SS_SKIP;
-                        break;
-                    case CC_DOLLAR:
-                        s = SS_DOLLAR;
-                        break;
-                    default:
-                        break;
-                }
-                break;
-            case SS_SKIP:
-                s = SS_NONE;
-                continue;
-                break;
-            case SS_DOLLAR:
-                switch (cc) {
-                    case CC_BRACEOPEN:
-                        s = SS_TOKEN_BRACED;
-                        *pos = cp-cpLine-1;
-                        (*len) = 2;
-                        *cpVar = cp+1;
-                        break;
-                    case CC_IDCHAR1:
-                        s = SS_TOKEN_UNBRACED;
-                        *pos = cp-cpLine-1;
-                        (*len) = 2;
-                        *cpVar = cp;
-                        break;
-                    case CC_ESCAPE:
-                        s = SS_SKIP;
-                        break;
-                    default:
-                        s = SS_NONE;
-                        break;
-                }
-                break;
-            case SS_TOKEN_BRACED:
-                switch (cc) {
-                    case CC_IDCHAR1:
-                    case CC_IDCHAR:
-                        (*len)++;
-                        break;
-                    case CC_BRACECLOSE:
-                        (*len)++;
-                        cp2 = ap_palloc(p, cp-*cpVar+1);
-                        ap_cpystrn(cp2, *cpVar, cp-*cpVar+1);
-                        *cpVar = cp2;
-                        s = SS_FOUND;
-                        break;
-                    default:
-                        cpError = ap_psprintf(p, "Illegal character '%c' in identifier", *cp);
-                        s = SS_ERROR;
-                        break;
-                }
-                break;
-            case SS_TOKEN_UNBRACED:
-                switch (cc) {
-                    case CC_IDCHAR1:
-                    case CC_IDCHAR:
-                        (*len)++;
-                        break;
-                    default:
-                        cp2 = ap_palloc(p, cp-*cpVar+1);
-                        ap_cpystrn(cp2, *cpVar, cp-*cpVar+1);
-                        *cpVar = cp2;
-                        s = SS_FOUND;
-                        break;
-                }
-                break;
-            case SS_FOUND:
-            case SS_ERROR:
-                break;
-        }
-        if (s == SS_ERROR) {
-            fprintf(stderr, "Error\n");
-            break;
-        }
-        else if (s == SS_FOUND) {
-            rc = 1;
-            break;
-        }
-    }
-    return rc;
-}
-
-/*
- * Determine the value of a variable
- */
-static char *DefineFetch(pool *p, char *cpVar)
-{
-    char *cpVal;
-
-    /* first try out table */
-    if ((cpVal = (char *)ap_table_get(tDefines, (char *)cpVar)) != NULL)
-        return cpVal;
-    /* second try the environment */
-    if ((cpVal = getenv(cpVar)) != NULL)
-        return cpVal;
-    return NULL;
-}
-
-/*
- * Expand a variable
- */
-static char *DefineExpand(pool *p, char *cpToken, int tok_len, char *cpVal)
-{
-    char *cp;
-    int val_len, rest_len;
-
-    val_len  = strlen(cpVal);
-    rest_len = strlen(cpToken+tok_len);
-    if (val_len < tok_len)
-        memcpy(cpToken+val_len, cpToken+tok_len, rest_len+1);
-    else if (val_len > tok_len)
-        for (cp = cpToken+strlen(cpToken); cp > cpToken+tok_len-1; cp--)
-            *(cp+(val_len-tok_len)) = *cp;
-    memcpy(cpToken, cpVal, val_len);
-    return NULL;
-}
-
-/*
- * The EAPI hook which is called after Apache has read a
- * configuration line and before it's actually processed
- */
-static char *DefineRewriteHook(cmd_parms *cmd, void *config, const char *line)
-{
-    pool *p;
-    char *cpBuf;
-    char *cpLine;
-    int pos;
-    int len;
-    char *cpError;
-    char *cpVar;
-    char *cpVal;
-    server_rec *s;
-
-    /* runtime optimization */
-    if (!bOnceSeenADefine)
-        return NULL;
-
-    p  = cmd->pool;
-    s  = cmd->server;
-
-    /*
-     * Search for:
-     *  ....\$[a-zA-Z][:_a-zA-Z0-9]*....
-     *  ....\${[a-zA-Z][:_a-zA-Z0-9]*}....
-     */
-    cpBuf = NULL;
-    cpLine = (char *)line;
-    pos = 0;
-    while (DefineIndex(p, cpLine, &pos, &len, &cpVar)) {
-#ifdef DEFINE_DEBUG
-        {
-        char prefix[1024];
-        char marker[1024];
-        int i;
-        for (i = 0; i < pos; i++)
-            prefix[i] = ' ';
-        prefix[i] = '\0';
-        for (i = 0; i < len; i++)
-            marker[i] = '^';
-        marker[i] = '\0';
-        fprintf(stderr,
-                "Found variable `%s' (pos: %d, len: %d)\n"
-                "  %s\n"
-                "  %s%s\n",
-                cpVar, pos, len, cpLine, prefix, marker);
-        }
-#endif
-        if (cpBuf == NULL) {
-            cpBuf = ap_palloc(p, MAX_STRING_LEN);
-            ap_cpystrn(cpBuf, line, MAX_STRING_LEN);
-            cpLine = cpBuf;
-        }
-        if ((cpVal = DefineFetch(p, cpVar)) == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "mod_define: Variable '%s' not defined: file %s, line %d",
-                         cpVar, cmd->config_file->name,
-                         cmd->config_file->line_number);
-            cpBuf = NULL;
-            break;
-        }
-        if ((cpError = DefineExpand(p, cpLine+pos, len, cpVal)) != NULL) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "mod_define: %s: file %s, line %d",
-                         cpError, cmd->config_file->name,
-                         cmd->config_file->line_number);
-            cpBuf = NULL;
-            break;
-        }
-    }
-    return cpBuf;
-}
-
-/*
- * Implementation of the `Define' configuration directive
- */
-static const char *cmd_define(cmd_parms *cmd, void *config,
-                              char *cpVar, char *cpVal)
-{
-    if (tDefines == NULL)
-        DefineInit(cmd->pool);
-    ap_table_set(tDefines, cpVar, cpVal);
-    bOnceSeenADefine = TRUE;
-    return NULL;
-}
-
-/*
- * Module Initialization
- */
-
-static void DefineInit(pool *p)
-{
-    tDefines = ap_make_table(p, 10);
-    /* predefine delimiters */
-    ap_table_set(tDefines, "mod_define::escape", DEFAULT_MC_ESCAPE);
-    ap_table_set(tDefines, "mod_define::dollar", DEFAULT_MC_DOLLAR);
-    ap_table_set(tDefines, "mod_define::open",   DEFAULT_MC_BRACEOPEN);
-    ap_table_set(tDefines, "mod_define::close",  DEFAULT_MC_BRACECLOSE);
-    ap_register_cleanup(p, NULL, DefineCleanup, ap_null_cleanup);
-    return;
-}
-
-/*
- * Module Cleanup
- */
-
-static void DefineCleanup(void *data)
-{
-    /* reset private variables when config pool is cleared */
-    tDefines         = NULL;
-    bOnceSeenADefine = FALSE;
-    return;
-}
-
-/*
- * Module Directive lists
- */
-static const command_rec DefineDirectives[] = {
-    { "Define", cmd_define, NULL, RSRC_CONF|ACCESS_CONF, TAKE2,
-      "Define a configuration variable" },
-    { NULL }
-};
-
-/*
- * Module API dispatch list
- */
-module MODULE_VAR_EXPORT define_module = {
-    STANDARD_MODULE_STUFF,
-    NULL,                  /* module initializer                  */
-    NULL,                  /* create per-dir    config structures */
-    NULL,                  /* merge  per-dir    config structures */
-    NULL,                  /* create per-server config structures */
-    NULL,                  /* merge  per-server config structures */
-    DefineDirectives,      /* table of config file commands       */
-    NULL,                  /* [#8] MIME-typed-dispatched handlers */
-    NULL,                  /* [#1] URI to filename translation    */
-    NULL,                  /* [#4] validate user id from request  */
-    NULL,                  /* [#5] check if the user is ok _here_ */
-    NULL,                  /* [#2] check access by host address   */
-    NULL,                  /* [#6] determine MIME type            */
-    NULL,                  /* [#7] pre-run fixups                 */
-    NULL,                  /* [#9] log a transaction              */
-    NULL,                  /* [#3] header parser                  */
-    NULL,                  /* child_init                          */
-    NULL,                  /* child_exit                          */
-    NULL,                  /* [#0] post read-request              */
-    NULL,                  /* EAPI: add_module                    */
-    NULL,                  /* EAPI: del_module                    */
-    DefineRewriteHook,     /* EAPI: rewrite_command               */
-    NULL                   /* EAPI: new_connection                */
-};
-
diff --git a/usr.sbin/httpd/src/modules/keynote/Makefile.tmpl b/usr.sbin/httpd/src/modules/keynote/Makefile.tmpl
deleted file mode 100644
index 97a3f3425cd..00000000000
--- a/usr.sbin/httpd/src/modules/keynote/Makefile.tmpl
+++ /dev/null
@@ -1,14 +0,0 @@
-EXTRA_INCLUDES= -I$(SRCDIR)/modules/ssl
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_keynote.o: mod_keynote.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h
diff --git a/usr.sbin/httpd/src/modules/keynote/mod_keynote.c b/usr.sbin/httpd/src/modules/keynote/mod_keynote.c
deleted file mode 100644
index 4ef5ae8c3e6..00000000000
--- a/usr.sbin/httpd/src/modules/keynote/mod_keynote.c
+++ /dev/null
@@ -1,905 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Niels Provos.  All rights reserved.
- * Copyright (c) 1999, 2000, 2001 Niklas Hallqvist.  All rights reserved.
- * Copyright (c) 1999, 2000, 2001 Angelos D. Keromytis.  All rights reserved.
- * Copyright (c) 2001 Todd C. Miller.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F39502-99-1-0512.
- */
-
-#include <mod_ssl.h>
-#include <ap_sha1.h>
-#include <keynote.h>
-
-MODULE_VAR_EXPORT module keynote_module;
-
-/*
- * This function gets called to create a per-directory configuration
- * record.  This will be called for the "default" server environment, and for
- * each directory for which the parser finds any of our directives applicable.
- * If a directory doesn't have any of our directives involved (i.e., they
- * aren't in the .htaccess file, or a <Location>, <Directory>, or related
- * block), this routine will *not* be called - the configuration for the
- * closest ancestor is used.
- *
- * The return value is a pointer to the created module-specific
- * structure.
- */
-static void *
-create_keynote_dir_config(pool *p, char *d)
-{
-    return(ap_make_array(p, 1, sizeof(char **)));
-}
-
-/*
- * This function gets called to merge two per-directory configuration
- * records.  This is typically done to cope with things like .htaccess files
- * or <Location> directives for directories that are beneath one for which a
- * configuration record was already created.  The routine has the
- * responsibility of creating a new record and merging the contents of the
- * other two into it appropriately.  If the module doesn't declare a merge
- * routine, the record for the closest ancestor location (that has one) is
- * used exclusively.
- *
- * The routine MUST NOT modify any of its arguments!
- *
- * The return value is a pointer to the created module-specific structure
- * containing the merged values.
- */
-static void *
-merge_keynote_dir_config(pool *p, void *basev, void *addv)
-{
-    array_header *base = (array_header *)basev;
-    array_header *add = (array_header *)addv;
-
-    return(ap_append_arrays(p, base, add));
-}
-
-/*
- * Add an action attribute to the environment of the specified session
- * and log any errors we get, apache style.
- */
-static void
-add_action_attribute(int sessid, char *name, char *value, request_rec *r)
-{
-    if (kn_add_action(sessid, name, value, 0) == 0)
-	return;
-
-    /* Got an error */
-    switch (keynote_errno) {
-    case ERROR_SYNTAX:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Invalid action attribute name \"%s\"", name);
-	break;
-    case ERROR_MEMORY:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Out of memory adding action attribute [%s = \"%s\"]",
-	    name, value);
-	break;
-    case ERROR_NOTFOUND:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Session %d not found while adding action attribute "
-	    "[%s = \"%s\"]", sessid, name, value);
-	break;
-    default:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server, "Unspecified error %d (shouldn't happen)"
-	    " while adding action attribute [%s = \"%s\"]", keynote_errno,
-	    name, value);
-	break;
-    }
-}
-
-/*
- * Add action attributes to the environment.
- * Currently adds:
- *  app_domain	-> apache
- *  method	-> GET, HEAD, POST, etc.
- *  uri		-> the URI that got us here
- *  protocol	-> access protocol
- *  GMTTimeOfDay	-> GMT time of day, in YYYYmmddHHMMSS format
- *  LocalTimeOfDay	-> Local time of day, in YYYYmmddHHMMSS format
- *  filename	-> last component of URI, or "" if not found
- *  local address
- *  remote address
- *  remote hostname, if known/resolved
- *  local hostname
- *  remote username (RFC 1413)
- *  local username (if authentication was done)
- *  authentication type -> Basic, Digest, etc.
- *
- *  SSL information is set at check_keynote_assertions()
- *
- * XXX IPsec information (if any)
- */
-static void
-add_action_attributes(int sessid, request_rec *r)
-{
-    time_t tt;
-    char mytimeofday[15];
-
-    add_action_attribute(sessid, "app_domain", "apache", r);
-    add_action_attribute(sessid, "method", (char *)r->method, r);
-    add_action_attribute(sessid, "protocol", r->protocol, r);
-    add_action_attribute(sessid, "filename", r->filename, r);
-
-    tt = time((time_t *) NULL);
-    strftime (mytimeofday, 14, "%Y%m%d%H%M%S", gmtime (&tt));
-    add_action_attribute(sessid, "GMTTimeOfDay", mytimeofday, r);
-
-    strftime (mytimeofday, 14, "%Y%m%d%H%M%S", localtime (&tt));
-    add_action_attribute(sessid, "LocalTimeOfDay", mytimeofday, r);
-
-    add_action_attribute(sessid, "local_address", r->connection->local_ip, r);
-    add_action_attribute(sessid, "remote_address", r->connection->remote_ip, r);
-
-    if (r->connection->local_host != NULL)
-	add_action_attribute(sessid, "local_hostname",
-	    r->connection->local_host, r);
-
-    if (r->connection->remote_host != NULL)
-	add_action_attribute(sessid, "remote_hostname",
-	    r->connection->remote_host, r);
-
-    if (r->connection->user != NULL)
-	add_action_attribute(sessid, "local_username", r->connection->user, r);
-
-    if (r->connection->remote_logname != NULL)
-	add_action_attribute(sessid, "remote_username",
-	    r->connection->remote_logname, r);
-
-    /* XXX - make the split URI components available too? */
-    add_action_attribute(sessid, "uri", r->unparsed_uri, r);
-}
-
-static int
-keynote_add_authorizer(request_rec *r, int sessid, X509 *cert)
-{
-    struct keynote_deckey dc;
-    EVP_PKEY *key;
-    X509_NAME *subject;
-    char *akey, *principals[3], *cp;
-    int i;
-
-    key = X509_get_pubkey(cert);
-    subject = X509_get_subject_name(cert);
-    if (!key || (key->type != EVP_PKEY_RSA && key->type != EVP_PKEY_DSA)) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-	    "Unable to get public key from client's certificate");
-	return(1);
-    }
-
-    /* Get ascii-encoded version of the key and add as an authorizer. */
-    if (key->type == EVP_PKEY_RSA) {
-	dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
-	dc.dec_key = key->pkey.rsa;
-    } else {
-	dc.dec_algorithm = KEYNOTE_ALGORITHM_DSA;
-	dc.dec_key = key->pkey.dsa;
-    }
-    akey = kn_encode_key(&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
-	KEYNOTE_PUBLIC_KEY);
-    if (akey == NULL) {
-	if (keynote_errno == ERROR_MEMORY) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server, "Out of memory storing public key");
-	    return(-1);
-	} else {
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server, "Error storing public key");
-	    return(1);
-	}
-    } else {
-	i = 0;
-	principals[i++] = ap_pstrcat(r->pool, "rsa-hex:", akey, NULL);
-	free(akey);
-
-	/* Generate a "DN:" principal */
-	if (subject && (cp = X509_NAME_oneline(subject, NULL, 0)) != NULL) {
-	    principals[i++] = ap_pstrcat(r->pool, "DN:", cp, NULL);
-	    free(cp);
-	}
-	principals[i] = NULL;
-    }
-
-    for (i = 0; principals[i]; i++) {
-	if (kn_add_authorizer(sessid, principals[i]) == -1) {
-	    switch (keynote_errno) {
-	    case ERROR_MEMORY:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Out of memory while adding action authorizer %s",
-		    principals[i]);
-		break;
-	    case ERROR_SYNTAX:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Malformed action authorizer %s", principals[i]);
-		break;
-	    case ERROR_NOTFOUND:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, 
-		    "Session %d not found while adding action "
-		    "authorizer %s", sessid, principals[i]);
-	    default:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Unspecified error %d (shouldn't happen) "
-		    "while adding action authorizer %s",
-		    keynote_errno, principals[i]);
-		break;
-	    }
-	}
-    }
-
-    return(0);
-}
-
-static int
-keynote_get_valid_times(request_rec *r, X509 *cert, char *before, size_t beforelen, char **timecomp, char *after, size_t afterlen, char **timecomp2)
-{
-    ASN1_TIME *tm;
-    time_t tt;
-    int i;
-
-    if (((tm = X509_get_notBefore(cert)) == NULL) ||
-	(tm->type != V_ASN1_UTCTIME && tm->type != V_ASN1_GENERALIZEDTIME)) {
-	tt = time((time_t *) NULL);
-	strftime(before, 14, "%G%m%d%H%M%S", localtime(&tt));
-	*timecomp = "LocalTimeOfDay";
-    } else {
-	if (tm->data[tm->length - 1] == 'Z') {
-	    *timecomp = "GMTTimeOfDay";
-	    i = tm->length - 2;
-	} else {
-	    *timecomp = "LocalTimeOfDay";
-	    i = tm->length - 1;
-	}
-
-	for (; i >= 0; i--) {
-	    if (tm->data[i] < '0' || tm->data[i] > '9') {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid data in certificate's NotValidBefore time field");
-	        return(-1);
-	    }
-	}
-
-	if (tm->type == V_ASN1_UTCTIME) {
-	    if (tm->length < 10 || tm->length > 13) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid length of certificate's NotValidBefore time field (%d)",
-		    tm->length);
-		return(-1);
-	    }
-
-	    /* Validity checks.  */
-	    if ((tm->data[2] != '0' && tm->data[2] != '1')
-		|| (tm->data[2] == '0' && tm->data[3] == '0')
-		|| (tm->data[2] == '1' && tm->data[3] > '2')
-		|| (tm->data[4] > '3')
-		|| (tm->data[4] == '0' && tm->data[5] == '0')
-		|| (tm->data[4] == '3' && tm->data[5] > '1')
-		|| (tm->data[6] > '2')
-		|| (tm->data[6] == '2' && tm->data[7] > '3')
-		|| (tm->data[8] > '5')) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid value in certificate's NotValidBefore time field");
-		return(-1);
-	    }
-
-	    /* Stupid UTC tricks.  */
-	    if (tm->data[0] < '5')
-		snprintf(before, beforelen, "20%s", tm->data);
-	    else
-		snprintf(before, beforelen, "19%s", tm->data);
-	} else {
-	    /* V_ASN1_GENERICTIME */
-	    if (tm->length < 12 || tm->length > 15) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid length of certificate's NotValidBefore time field (%d)",
-		    tm->length);
-	        return(-1);
-	    }
-
-	    /* Validity checks.  */
-	    if ((tm->data[4] != '0' && tm->data[4] != '1')
-		|| (tm->data[4] == '0' && tm->data[5] == '0')
-	        || (tm->data[4] == '1' && tm->data[5] > '2')
-	        || (tm->data[6] > '3')
-	        || (tm->data[6] == '0' && tm->data[7] == '0')
-	        || (tm->data[6] == '3' && tm->data[7] > '1')
-	        || (tm->data[8] > '2')
-	        || (tm->data[8] == '2' && tm->data[9] > '3')
-	        || (tm->data[10] > '5')) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid value in certificate's NotValidBefore time field");
-	        return(-1);
-	    }
-	    snprintf(before, beforelen, "%s", tm->data);
-	}
-
-	/* Fix missing seconds.  */
-	if (tm->length < 12) {
-	    before[12] = '0';
-	    before[13] = '0';
-	}
-
-	/* This will overwrite trailing 'Z'.  */
-	before[14] = '\0';
-    }
-
-    tm = X509_get_notAfter(cert);
-    if (tm == NULL &&
-	(tm->type != V_ASN1_UTCTIME && tm->type != V_ASN1_GENERALIZEDTIME)) {
-	tt = time(0);
-	strftime(after, 14, "%G%m%d%H%M%S", localtime(&tt));
-	*timecomp2 = "LocalTimeOfDay";
-    } else {
-	if (tm->data[tm->length - 1] == 'Z') {
-	    *timecomp2 = "GMTTimeOfDay";
-	    i = tm->length - 2;
-	} else {
-	    *timecomp2 = "LocalTimeOfDay";
-	    i = tm->length - 1;
-	}
-
-	for (; i >= 0; i--) {
-	    if (tm->data[i] < '0' || tm->data[i] > '9') {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid data in certificate's NotValidAfter time field");
-		return(-1);
-	    }
-	}
-
-	if (tm->type == V_ASN1_UTCTIME) {
-	    if (tm->length < 10 || tm->length > 13) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid length of certificate's NotValidAfter time field (%d)",
-		    tm->length);
-		return(-1);
-	    }
-
-	    /* Validity checks. */
-	    if ((tm->data[2] != '0' && tm->data[2] != '1')
-	        || (tm->data[2] == '0' && tm->data[3] == '0')
-	        || (tm->data[2] == '1' && tm->data[3] > '2')
-	        || (tm->data[4] > '3')
-	        || (tm->data[4] == '0' && tm->data[5] == '0')
-	        || (tm->data[4] == '3' && tm->data[5] > '1')
-	        || (tm->data[6] > '2')
-	        || (tm->data[6] == '2' && tm->data[7] > '3')
-	        || (tm->data[8] > '5')) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid value in certificate's NotValidAfter time field");
-	        return(-1);
-	    }
-
-	    /* Stupid UTC tricks.  */
-	    if (tm->data[0] < '5')
-	      snprintf(after, afterlen, "20%s", tm->data);
-	    else
-	      snprintf(after, afterlen, "19%s", tm->data);
-	} else {
-	    /* V_ASN1_GENERICTIME */
-	    if (tm->length < 12 || tm->length > 15) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid length of certificate's NotValidAfter time field (%d)",
-		    tm->length);
-		return(-1);
-	    }
-
-	    /* Validity checks.  */
-	    if ((tm->data[4] != '0' && tm->data[4] != '1')
-		|| (tm->data[4] == '0' && tm->data[5] == '0')
-		|| (tm->data[4] == '1' && tm->data[5] > '2')
-		|| (tm->data[6] > '3')
-		|| (tm->data[6] == '0' && tm->data[7] == '0')
-		|| (tm->data[6] == '3' && tm->data[7] > '1')
-		|| (tm->data[8] > '2')
-		|| (tm->data[8] == '2' && tm->data[9] > '3')
-		|| (tm->data[10] > '5')) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid value in certificate's NotValidAfter time field");
-		return(-1);
-	    }
-	    snprintf(after, afterlen, "%s", tm->data);
-        }
-
-	/* Fix missing seconds.  */
-	if (tm->length < 12) {
-	    after[12] = '0';
-	    after[13] = '0';
-	}
-	after[14] = '\0'; /* This will overwrite trailing 'Z' */
-    }
-    return(0);
-}
-
-static int
-keynote_fake_assertion(request_rec *r, int sessid, X509 *cert, EVP_PKEY *pkey, X509_NAME *name)
-{
-    struct keynote_deckey dc;
-    EVP_PKEY *key;
-    X509_NAME *issuer, *subject;
-    char *akey, *ikey, *buf, *stext, *itext;
-    char before[15], after[15];
-    char *timecomp, *timecomp2;
-    static const char fmt[] = "Authorizer: \"%s%s\"\nLicensees: \"%s%s\"\n"
-	"Conditions: %s >= \"%s\" && %s <= \"%s\";\n";
-
-    if (pkey && pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_DSA) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-	    "Issuer's public key is invalid");
-	return(1);
-    }
-
-    issuer = X509_get_issuer_name(cert);
-    subject = X509_get_subject_name(cert);
-    if (X509_NAME_cmp(issuer, name) != 0) {
-	itext = X509_NAME_oneline(issuer, NULL, 0);
-	stext = X509_NAME_oneline(name, NULL, 0);
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-	    "Subject doesn't match issuer's certificate: %s != %s", itext, stext);
-	free(itext);
-	free(stext);
-	return(1);
-    }
-
-    key = X509_get_pubkey(cert);
-    if (!key || (key->type != EVP_PKEY_RSA && key->type != EVP_PKEY_DSA)) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-	    "Unable to get public key from client's certificate");
-	return(1);
-    }
-
-    /* Get ascii-encoded version of the public key */
-    if (key->type == EVP_PKEY_RSA) {
-	dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
-	dc.dec_key = key->pkey.rsa;
-    } else {
-	dc.dec_algorithm = KEYNOTE_ALGORITHM_DSA;
-	dc.dec_key = key->pkey.dsa;
-    }
-    akey = kn_encode_key(&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
-	KEYNOTE_PUBLIC_KEY);
-    if (akey == NULL) {
-	if (keynote_errno == ERROR_MEMORY) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server, "Out of memory storing public key");
-	    return(-1);
-	} else {
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server, "Error storing public key");
-	    return(1);
-	}
-    }
-
-    /* Get ascii-encoded version of the issuer's public key */
-    if (pkey) {
-	if (pkey->type == EVP_PKEY_RSA) {
-	    dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
-	    dc.dec_key = pkey->pkey.rsa;
-	} else {
-	    dc.dec_algorithm = KEYNOTE_ALGORITHM_DSA;
-	    dc.dec_key = pkey->pkey.dsa;
-	}
-	ikey = kn_encode_key(&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
-	    KEYNOTE_PUBLIC_KEY);
-	if (ikey == NULL) {
-	    free(akey);
-	    if (keynote_errno == ERROR_MEMORY) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Out of memory storing public key");
-		return(-1);
-	    } else {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Error storing public key");
-		return(1);
-	    }
-	}
-    } else
-	ikey = NULL;
-
-    if (keynote_get_valid_times(r, cert, before, sizeof(before), &timecomp, after, sizeof(after), &timecomp2) == -1) {
-	free(akey);
-	if (ikey)
-	    free(ikey);
-	return(-1);
-    }
-
-    itext = X509_NAME_oneline(issuer, NULL, 0);
-    stext = X509_NAME_oneline(subject, NULL, 0);
-
-    if (ikey)
-	buf = ap_psprintf(r->pool, fmt, "rsa-hex:", ikey, "rsa-hex:", akey,
-	    timecomp, before, timecomp2, after);
-    else
-	buf = ap_psprintf(r->pool, fmt, "DN:", itext, "rsa-hex:", akey,
-	    timecomp, before, timecomp2, after);
-    if (kn_add_assertion(sessid, buf, strlen(buf), ASSERT_FLAG_LOCAL) == -1) {
-	free(stext);
-	free(itext);
-	free(akey);
-	if (ikey)
-	    free(ikey);
-	goto assert_failed;
-    }
-
-    buf = ap_psprintf(r->pool, fmt, "DN:", itext, "DN:", stext,
-	timecomp, before, timecomp2, after);
-    free(stext);
-    free(itext);
-    free(akey);
-    if (ikey)
-	free(ikey);
-    if (kn_add_assertion(sessid, buf, strlen(buf), ASSERT_FLAG_LOCAL) != -1)
-	return(0);
-
-assert_failed:
-    switch (keynote_errno) {
-    case ERROR_MEMORY:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Out of memory, trying to add policy assertion %s", buf);
-	break;
-    case ERROR_SYNTAX:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server, "Syntax error parsing policy assertion %s",
-	    buf);
-	break;
-    default:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Unspecified error %d (shouldn't happen) "
-	    "while adding policy assertion %s", keynote_errno, buf);
-	break;
-    }
-    return(-1);
-}
-
-static int
-check_keynote_assertions(request_rec *r)
-{
-    array_header *policy_asserts = (array_header *)ap_get_module_config(r->per_dir_config, &keynote_module);
-    int sessid, res, i, noclientcert = 0;
-    int rval = OK;
-    size_t authLen;
-    char **assertions;
-    SSL_CTX *ctx;
-    SSL *ssl;
-    X509 *cert, *icert;
-    STACK_OF(X509) *certstack;
-    STACK_OF(X509_NAME) *CA_list;
-    X509_NAME *issuer, *subject;
-    static char *return_values[] = { "false", "true" };
-    AP_SHA1_CTX context;
-    unsigned char digest[SHA_DIGESTSIZE];
-    char *pwauth;
-    const char *sent_pw;
-
-    /* If there are no KeyNote assertions we have nothing to do. */
-    if (policy_asserts->nelts == 0)
-	return(DECLINED);
-
-    /* Initialize keynote session.  */
-    sessid = kn_init();
-    if (sessid == -1) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "keynote init failed: keynote_errno=%d",
-	    keynote_errno);
-	return(FORBIDDEN);
-    }
-
-    /* If this is an SSL session, see if client certs were used. */
-    if ((ssl = ap_ctx_get(r->connection->client->ctx, "ssl")) != NULL) {
-	ctx = SSL_get_SSL_CTX(ssl);
-
-	/* XXX Initialize SSL-related action attributes */
-
-	/* Get client's certificate or deny them */
-	certstack = SSL_get_peer_cert_chain(ssl);
-	if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
-	    /* Missing or self-signed, deny them */
-	    issuer = X509_get_issuer_name(cert);
-	    subject = X509_get_subject_name(cert);
-	    if (!issuer || !subject || X509_name_cmp(issuer, subject) == 0) {
-		rval = FORBIDDEN;
-		goto done;
-	    }
-
-	    /* Build a set of fake assertions corresponding to the certificate chain. */
-	    for (i = 0; i < sk_X509_num(certstack) && (icert = sk_X509_value(certstack, i)); i++) {
-		if (keynote_fake_assertion(r, sessid, cert, X509_get_pubkey(icert), X509_get_subject_name(icert)) == -1) {
-		    rval = FORBIDDEN;
-		    goto done;
-		}
-		cert = icert;
-	    }
-
-	    /* The issuer of the last cert in the chain should be in the CA list. */
-	    issuer = X509_get_issuer_name(cert);
-	    CA_list = SSL_CTX_get_client_CA_list(ctx);
-	    for (i = 0; i < sk_X509_num(CA_list); i++) {
-		subject = sk_X509_NAME_value(CA_list, i);
-		if (subject && X509_NAME_cmp(issuer, subject) == 0) {
-		    /* An X509_NAME does not contain the public key. */
-		    if (keynote_fake_assertion(r, sessid, cert, NULL, subject) == -1) {
-			rval = FORBIDDEN;
-			goto done;
-		    }
-		    break;
-		}
-	    }
-
-	    if (i >= sk_X509_num(CA_list))
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-		    "didn't find CA for issuer of last cert in chain");
-
-	    /* Add the user's public key as an authorizer. */
-	    if (keynote_add_authorizer(r, sessid, cert) == -1) {
-		rval = FORBIDDEN;
-		goto done;
-	    }
-	} else
-	    noclientcert = 1; /* No client certificates used. */
-    } else
-	noclientcert = 1; /* SSL was not used. */
-
-    /* See if we have a passphrase.  */
-    if (noclientcert == 1) {
-	if ((res = ap_get_basic_auth_pw(r, &sent_pw)) == 0) {
-	    /* Add passphrase as the authorizer. */
-	    ap_SHA1Init(&context);
-	    ap_SHA1Update(&context, sent_pw, strlen(sent_pw));
-	    ap_SHA1Final(digest, &context);
-
-	    pwauth = calloc(120, sizeof(char));
-	    if (pwauth == NULL) {
-		rval = FORBIDDEN;
-		goto done;
-	    }
-	    res = strlen("passphrase-sha1-base64:");
-	    strlcpy(pwauth, "passphrase-sha1-base64:", res + 1);
-	    ap_base64encode_binary(pwauth + strlen(pwauth), digest,
-		sizeof(digest));
-
-	    /* Add passphrase authorizer directly to the session. */
-	    kn_add_authorizer(sessid, pwauth);
-	    free(pwauth);
-
-	    /* Add username as a principal too. */
-	    if (r->connection->user != NULL) {
-		int n;
-
-		authLen = strlen(r->connection->user) + 1 + strlen("username:");
-		pwauth = calloc(authLen, sizeof(char));
-		if (pwauth == NULL) {
-		    rval = FORBIDDEN;
-		    goto done;
-		}
-
-		n = snprintf(pwauth, authLen, "username:%s",
-		    r->connection->user);
-		if (n == -1 || n >= authLen) {
-		    rval = FORBIDDEN;
-		    free(pwauth);
-		    goto done;
-		}
-
-		kn_add_authorizer(sessid, pwauth);
-		free(pwauth);
-	    }
-	} else {
-	    kn_add_authorizer(sessid, "");
-	}
-    }
-
-    /* Setup our environment.  */
-    add_action_attributes(sessid, r);
-
-    /* Add our policy assertions (as specified in the config file). */
-    assertions = (char **)policy_asserts->elts;
-    for (i = 0; i < policy_asserts->nelts; i++) {
-	if (kn_add_assertion(sessid, assertions[i],
-	    strlen(assertions[i]), ASSERT_FLAG_LOCAL) == -1) {
-	    switch (keynote_errno) {
-	    case ERROR_MEMORY:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Out of memory, trying to add policy assertion %s",
-		    assertions[i]);
-		break;
-	    case ERROR_SYNTAX:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Syntax error "
-		    "parsing policy assertion %s", assertions[i]);
-		break;
-	    default:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Unspecified error %d (shouldn't happen) "
-		    "while adding policy assertion %s",
-		    keynote_errno, assertions[i]);
-		break;
-	    }
-	    rval = FORBIDDEN;
-	    goto done;
-	}
-    }
-
-    /* Now do the actual query. */
-    switch ((res = kn_do_query(sessid, return_values, 2))) {
-    case 0:
-	rval = FORBIDDEN;
-
-	/* Log failed assertions */
-	for (i = 0; i < policy_asserts->nelts; i++) {
-	    if (kn_get_failed(sessid, KEYNOTE_ERROR_SYNTAX, i) != -1) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Assertion failed "
-		    "due to a syntax error: %s", assertions[i]);
-	    } else if (kn_get_failed(sessid, KEYNOTE_ERROR_SIGNATURE, i) != -1) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Failed to verify "
-		    "signature on assertion: %s", assertions[i]);
-	    } else if (kn_get_failed(sessid, KEYNOTE_ERROR_ANY, i) != -1) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Unspecified error "
-		    "when processing assertion: %s", assertions[i]);
-	    }
-	}
-	break;
-    case 1:
-	rval = OK;
-	break;
-    case -1:
-	rval = FORBIDDEN;
-	switch (keynote_errno) {
-	case ERROR_MEMORY:
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server,
-		"Out of memory while performing authorization "
-		"query.");
-	    break;
-	case ERROR_NOTFOUND:
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server,
-		"Session %d not found while performing "
-		"authorization query.", sessid);
-	    break;
-	default:
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server,
-		"Unspecified error %d (shouldn't happen) while "
-		"performing authorization query.", keynote_errno);
-	    break;
-	}
-default:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server, "Weird KeyNote result=%d", res);
-	break;
-    }
-
-done:
-    kn_close(sessid);
-
-    return(rval);
-}
-
-/*
- * Take an assertion stored in a file and push it (verbatim) into 
- * the policy_asserts array.
- */
-static const char *
-store_assertion(cmd_parms *cmd, void *policy_assertsv, char *filename)
-{
-    int fd, serrno, nelts = 0;
-    ssize_t nread;
-    struct stat sb;
-    char *assert, **asrts;
-    array_header *policy_asserts = (array_header *)policy_assertsv;
-
-    filename = ap_server_root_relative(cmd->pool, filename);
-    if ((fd = open(filename, O_RDONLY)) == -1)
-	return(ap_pstrcat(cmd->pool, "Can't open ", filename, ": ",
-	    strerror(errno), NULL));
-
-    if (fstat(fd, &sb) == -1)
-	return(ap_pstrcat(cmd->pool, "Can't fstat ", filename, ": ",
-	    strerror(errno), NULL));
-    
-    assert = calloc(sb.st_size + 1, sizeof(char));
-    nread = read(fd, assert, sb.st_size);
-    serrno = errno;
-    close(fd);
-    if (nread != sb.st_size) {
-	if (nread == -1)
-	    return(ap_pstrcat(cmd->pool, "Can't read ", filename, ": ",
-		strerror(serrno), NULL));
-	else
-	    return(ap_pstrcat(cmd->pool, "Short read from", filename, NULL));
-    }
-
-    /* Break up into constituent assertions */
-    asrts = kn_read_asserts(assert, sb.st_size, &nelts);
-    free(assert);
-
-    while (--nelts >= 0) {
-	/* Now store the individual assertions in the array */
-	 *(char **)ap_push_array(policy_asserts) = ap_pstrdup(cmd->pool, asrts[nelts]);
-	 free(asrts[nelts]);
-    }
-
-    /* We don't need this anymore */
-    if (asrts)
-	free(asrts);
-
-    return(NULL);
-}
-
-static command_rec keynote_cmds[] = {
-    {
-	"KeyNotePolicy",		/* directive name */
-	store_assertion,		/* config action routine */
-	NULL,				/* arg to include in call */
-	OR_FILEINFO,			/* where available (FileInfo) */
-	ITERATE,			/* call once for each arg */
-	"Add a KeyNote policy file"	/* directive description */
-    },
-    { NULL }
-};
-
-module MODULE_VAR_EXPORT keynote_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* module initializer */
-    create_keynote_dir_config,	/* per-directory config creator */
-    merge_keynote_dir_config,	/* dir config merger */
-    NULL,			/* server config creator */
-    NULL,			/* server config merger */
-    keynote_cmds,		/* command table */
-    NULL,			/* list of handlers */
-    NULL,			/* filename-to-URI translation */
-    NULL,			/* check/validate user_id */
-    NULL,			/* check user_id is valid *here* */
-    check_keynote_assertions,	/* check access by host address */
-    NULL,			/* MIME type checker/setter */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-};
diff --git a/usr.sbin/httpd/src/modules/keynote/mod_keynote.module b/usr.sbin/httpd/src/modules/keynote/mod_keynote.module
deleted file mode 100644
index 44d8e036c30..00000000000
--- a/usr.sbin/httpd/src/modules/keynote/mod_keynote.module
+++ /dev/null
@@ -1,4 +0,0 @@
-Name: keynote_module
-ConfigStart
-    LIBS="$LIBS -lkeynote -lm"
-ConfigEnd
diff --git a/usr.sbin/httpd/src/modules/proxy/.indent.pro b/usr.sbin/httpd/src/modules/proxy/.indent.pro
deleted file mode 100644
index 64099d767f5..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/.indent.pro
+++ /dev/null
@@ -1,64 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcache_req
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tdirconn_entry
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tin_addr
--Tjoblist_s
--Tlisten_rec
--Tlong61_t
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Toff_t
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tper_thread_data
--Tpid_t
--Tpiped_log
--Tpool
--Tproxy_alias
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Tsockaddr
--Tsockaddr_in
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
--Tproxy_server_conf
diff --git a/usr.sbin/httpd/src/modules/proxy/Makefile.libdir b/usr.sbin/httpd/src/modules/proxy/Makefile.libdir
deleted file mode 100644
index 7b5254013a3..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/Makefile.libdir
+++ /dev/null
@@ -1,4 +0,0 @@
-This is a place-holder which indicates to Configure that it shouldn't
-provide the default targets when building the Makefile in this directory.
-Instead it'll just prepend all the important variable definitions, and
-copy the Makefile.tmpl onto the end.
diff --git a/usr.sbin/httpd/src/modules/proxy/Makefile.tmpl b/usr.sbin/httpd/src/modules/proxy/Makefile.tmpl
deleted file mode 100644
index c13bf6b427c..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/Makefile.tmpl
+++ /dev/null
@@ -1,121 +0,0 @@
-
-LIB=libproxy.$(LIBEXT)
-
-OBJS=\
-     mod_proxy.o \
-     proxy_cache.o proxy_connect.o proxy_ftp.o proxy_http.o proxy_util.o
-OBJS_PIC=\
-     mod_proxy.lo \
-     proxy_cache.lo proxy_connect.lo proxy_ftp.lo proxy_http.lo proxy_util.lo
-
-all: lib
-
-lib: $(LIB)
-
-libproxy.a: $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-libproxy.so: $(OBJS_PIC)
-	rm -f $@
-	$(LD_SHLIB) $(LDFLAGS_SHLIB) -o $@ $(OBJS_PIC) $(LIBS_SHLIB)
-
-libproxy.dll: $(OBJS_PIC) mod_proxy.def 
-	if [ "x$(OS)" = "xCygwin" ]; then \
-	    rm -f $@; \
-	    if [ -f "$(SRCDIR)/$(SHCORE_IMPLIB)" ]; then \
-	    $(LD_SHLIB) $(LDFLAGS_SHLIB) -o $*.dll $(OBJS_PIC) $(LIBS_SHLIB) \
-	    $(SRCDIR)/$(SHCORE_IMPLIB) $(LIBS1); \
-	    fi \
-	else \
-	    $(LD_SHLIB) $(LDFLAGS_SHLIB) -o $* $(OBJS_PIC) $(LIBS_SHLIB); \
-	    emxbind -b -q -s -h0 -dmod_proxy.def $* && \
-	    rm $*; \
-	fi
-
-.SUFFIXES: .o .lo .dll
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-.c.lo:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $(CFLAGS_SHLIB) $< && mv $*.o $*.lo
-
-clean:
-	rm -f $(OBJS) $(OBJS_PIC) $(LIB)
-
-distclean: clean
-	-rm -f Makefile
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_proxy.o: mod_proxy.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_vhost.h \
- $(INCDIR)/http_request.h
-proxy_cache.o: proxy_cache.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_main.h \
- $(INCDIR)/util_date.h $(INCDIR)/multithread.h \
- $(INCDIR)/ap_md5.h
-proxy_connect.o: proxy_connect.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_main.h
-proxy_ftp.o: proxy_ftp.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h
-proxy_http.o: proxy_http.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_core.h $(INCDIR)/util_date.h
-proxy_util.o: proxy_util.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_main.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/multithread.h $(INCDIR)/http_log.h \
- $(INCDIR)/util_date.h
diff --git a/usr.sbin/httpd/src/modules/proxy/mod_proxy.c b/usr.sbin/httpd/src/modules/proxy/mod_proxy.c
deleted file mode 100644
index 1be9812093a..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/mod_proxy.c
+++ /dev/null
@@ -1,1102 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "mod_proxy.h"
-
-#define CORE_PRIVATE
-
-#include "http_log.h"
-#include "http_main.h"
-#include "http_vhost.h"
-#include "http_request.h"
-
-/* Some WWW schemes and their default ports; this is basically /etc/services */
-/* This will become global when the protocol abstraction comes */
-static struct proxy_services defports[] =
-{
-    {"http", DEFAULT_HTTP_PORT},
-    {"ftp", DEFAULT_FTP_PORT},
-    {"https", DEFAULT_HTTPS_PORT},
-    {"gopher", DEFAULT_GOPHER_PORT},
-    {"nntp", DEFAULT_NNTP_PORT},
-    {"wais", DEFAULT_WAIS_PORT},
-    {"snews", DEFAULT_SNEWS_PORT},
-    {"prospero", DEFAULT_PROSPERO_PORT},
-    {NULL, -1}                  /* unknown port */
-};
-
-/*
- * A Web proxy module. Stages:
- *
- *  translate_name: set filename to proxy:<URL>
- *  type_checker:   set type to PROXY_MAGIC_TYPE if filename begins proxy:
- *  fix_ups:        convert the URL stored in the filename to the
- *                  canonical form.
- *  handler:        handle proxy requests
- */
-
-/* -------------------------------------------------------------- */
-/* Translate the URL into a 'filename' */
-
-static int alias_match(const char *uri, const char *alias_fakename)
-{
-    const char *end_fakename = alias_fakename + strlen(alias_fakename);
-    const char *aliasp = alias_fakename, *urip = uri;
-
-    while (aliasp < end_fakename) {
-        if (*aliasp == '/') {
-            /*
-             * any number of '/' in the alias matches any number in the
-             * supplied URI, but there must be at least one...
-             */
-            if (*urip != '/')
-                return 0;
-
-            while (*aliasp == '/')
-                ++aliasp;
-            while (*urip == '/')
-                ++urip;
-        }
-        else {
-            /* Other characters are compared literally */
-            if (*urip++ != *aliasp++)
-                return 0;
-        }
-    }
-
-    /* Check last alias path component matched all the way */
-
-    if (aliasp[-1] != '/' && *urip != '\0' && *urip != '/')
-        return 0;
-
-    /*
-     * Return number of characters from URI which matched (may be greater
-     * than length of alias, since we may have matched doubled slashes)
-     */
-
-    return urip - uri;
-}
-
-/* Detect if an absoluteURI should be proxied or not.  Note that we
- * have to do this during this phase because later phases are
- * "short-circuiting"... i.e. translate_names will end when the first
- * module returns OK.  So for example, if the request is something like:
- *
- * GET http://othervhost/cgi-bin/printenv HTTP/1.0
- *
- * mod_alias will notice the /cgi-bin part and ScriptAlias it and
- * short-circuit the proxy... just because of the ordering in the
- * configuration file.
- */
-static int proxy_detect(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf;
-
-    conf = (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-
-    if (conf->req && r->parsed_uri.scheme) {
-        /* but it might be something vhosted */
-        if (!(r->parsed_uri.hostname
-              && !strcasecmp(r->parsed_uri.scheme, ap_http_method(r))
-              && ap_matches_request_vhost(r, r->parsed_uri.hostname,
-        r->parsed_uri.port_str ? r->parsed_uri.port : ap_default_port(r)))) {
-            r->proxyreq = STD_PROXY;
-            r->uri = r->unparsed_uri;
-            r->filename = ap_pstrcat(r->pool, "proxy:", r->uri, NULL);
-            r->handler = "proxy-server";
-        }
-    }
-    /* We need special treatment for CONNECT proxying: it has no scheme part */
-    else if (conf->req && r->method_number == M_CONNECT
-             && r->parsed_uri.hostname
-             && r->parsed_uri.port_str) {
-        r->proxyreq = STD_PROXY;
-        r->uri = r->unparsed_uri;
-        r->filename = ap_pstrcat(r->pool, "proxy:", r->uri, NULL);
-        r->handler = "proxy-server";
-    }
-    return DECLINED;
-}
-
-static int proxy_trans(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    int i, len;
-    struct proxy_alias *ent = (struct proxy_alias *)conf->aliases->elts;
-
-    if (r->proxyreq != NOT_PROXY) {
-        /*
-         * someone has already set up the proxy, it was possibly ourselves in
-         * proxy_detect
-         */
-        return OK;
-    }
-
-    /*
-     * XXX: since r->uri has been manipulated already we're not really
-     * compliant with RFC1945 at this point.  But this probably isn't an
-     * issue because this is a hybrid proxy/origin server.
-     */
-
-    for (i = 0; i < conf->aliases->nelts; i++) {
-        len = alias_match(r->uri, ent[i].fake);
-
-        if (len > 0) {
-            if (ent[i].real[0] == '!' && ent[i].real[1] == '\0')
-                return DECLINED;
-
-            r->filename = ap_pstrcat(r->pool, "proxy:", ent[i].real,
-                                     r->uri + len, NULL);
-            r->handler = "proxy-server";
-            r->proxyreq = PROXY_PASS;
-            return OK;
-        }
-    }
-    return DECLINED;
-}
-
-/* -------------------------------------------------------------- */
-/* Fixup the filename */
-
-/*
- * Canonicalise the URL
- */
-static int proxy_fixup(request_rec *r)
-{
-    char *url, *p;
-    int rc;
-
-    if (r->proxyreq == NOT_PROXY || strncmp(r->filename, "proxy:", 6) != 0)
-        return DECLINED;
-
-    url = &r->filename[6];
-
-/* canonicalise each specific scheme */
-    if (ap_hook_use("ap::mod_proxy::canon",
-                    AP_HOOK_SIG3(int,ptr,ptr),
-                    AP_HOOK_DECLINE(DECLINED),
-                    &rc, r, url) && rc != DECLINED)
-        return rc;  
-    else
-    if (strncasecmp(url, "http:", 5) == 0)
-        return ap_proxy_http_canon(r, url + 5, "http", DEFAULT_HTTP_PORT);
-    else if (strncasecmp(url, "ftp:", 4) == 0)
-        return ap_proxy_ftp_canon(r, url + 4);
-
-    p = strchr(url, ':');
-    if (p == NULL || p == url)
-        return HTTP_BAD_REQUEST;
-
-    return OK;                  /* otherwise; we've done the best we can */
-}
-
-static void proxy_init(server_rec *r, pool *p)
-{
-    ap_proxy_garbage_init(r, p);
-    ap_hook_use("ap::mod_proxy::init", 
-                AP_HOOK_SIG3(void,ptr,ptr), AP_HOOK_ALL, r, p);
-}
-
-static void proxy_addmod(module *m)
-{
-    /* export: ap_proxy_http_canon() as `ap::mod_proxy::http::canon' */
-    ap_hook_configure("ap::mod_proxy::http::canon", 
-                      AP_HOOK_SIG5(int,ptr,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_register("ap::mod_proxy::http::canon", 
-                     ap_proxy_http_canon, AP_HOOK_NOCTX);
-
-    /* export: ap_proxy_http_handler() as `ap::mod_proxy::http::handler' */
-    ap_hook_configure("ap::mod_proxy::http::handler", 
-                      AP_HOOK_SIG6(int,ptr,ptr,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_register("ap::mod_proxy::http::handler", 
-                     ap_proxy_http_handler, AP_HOOK_NOCTX);
-
-    /* export: ap_proxyerror() as `ap::mod_proxy::error' */
-    ap_hook_configure("ap::mod_proxy::error", 
-                      AP_HOOK_SIG3(int,ptr,ptr), AP_HOOK_TOPMOST);
-    ap_hook_register("ap::mod_proxy::error", 
-                     ap_proxyerror, AP_HOOK_NOCTX);
-    return;
-}
-
-static void proxy_remmod(module *m)
-{
-	/* remove the hook references */
-    ap_hook_unregister("ap::mod_proxy::http::canon", ap_proxy_http_canon);
-    ap_hook_unregister("ap::mod_proxy::http::handler", ap_proxy_http_handler);
-    ap_hook_unregister("ap::mod_proxy::error", ap_proxyerror);
-    return;
-}
-
-/* Send a redirection if the request contains a hostname which is not */
-/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
-/* servers like Netscape's allow this and access hosts from the local */
-/* domain in this case. I think it is better to redirect to a FQDN, since */
-/* these will later be found in the bookmarks files. */
-/* The "ProxyDomain" directive determines what domain will be appended */
-static int proxy_needsdomain(request_rec *r, const char *url, const char *domain)
-{
-    char *nuri;
-    const char *ref;
-
-    /* We only want to worry about GETs */
-    if (r->proxyreq == NOT_PROXY || r->method_number != M_GET || !r->parsed_uri.hostname)
-        return DECLINED;
-
-    /* If host does contain a dot already, or it is "localhost", decline */
-    if (strchr(r->parsed_uri.hostname, '.') != NULL
-        || strcasecmp(r->parsed_uri.hostname, "localhost") == 0)
-        return DECLINED;        /* host name has a dot already */
-
-    ref = ap_table_get(r->headers_in, "Referer");
-
-    /* Reassemble the request, but insert the domain after the host name */
-    /* Note that the domain name always starts with a dot */
-    r->parsed_uri.hostname = ap_pstrcat(r->pool, r->parsed_uri.hostname,
-                                        domain, NULL);
-    nuri = ap_unparse_uri_components(r->pool,
-                                     &r->parsed_uri,
-                                     UNP_REVEALPASSWORD);
-
-    ap_table_set(r->headers_out, "Location", nuri);
-    ap_log_rerror(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, r,
-                  "Domain missing: %s sent to %s%s%s", r->uri,
-                  ap_unparse_uri_components(r->pool, &r->parsed_uri,
-                                            UNP_OMITUSERINFO),
-                  ref ? " from " : "", ref ? ref : "");
-
-    return HTTP_MOVED_PERMANENTLY;
-}
-
-/* -------------------------------------------------------------- */
-/* Invoke handler */
-
-static int proxy_handler(request_rec *r)
-{
-    char *url, *scheme, *p;
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    array_header *proxies = conf->proxies;
-    struct proxy_remote *ents = (struct proxy_remote *) proxies->elts;
-    int i, rc;
-    cache_req *cr;
-    int direct_connect = 0;
-    const char *maxfwd_str;
-
-    if (r->proxyreq == NOT_PROXY || strncmp(r->filename, "proxy:", 6) != 0)
-        return DECLINED;
-
-    if (r->method_number == M_TRACE &&
-        (maxfwd_str = ap_table_get(r->headers_in, "Max-Forwards")) != NULL) {
-        long maxfwd = ap_strtol(maxfwd_str, NULL, 10);
-        if (maxfwd < 1) {
-            int access_status;
-            r->proxyreq = NOT_PROXY;
-            if ((access_status = ap_send_http_trace(r)))
-                ap_die(access_status, r);
-            else
-                ap_finalize_request_protocol(r);
-            return OK;
-        }
-        ap_table_setn(r->headers_in, "Max-Forwards",
-                ap_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd - 1 : 0));
-    }
-
-    if ((rc = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))
-        return rc;
-
-    url = r->filename + 6;
-    p = strchr(url, ':');
-    if (p == NULL)
-        return HTTP_BAD_REQUEST;
-
-    /* Try serve the request from the cache. If we succeed, we leave. */
-    rc = ap_proxy_cache_check(r, url, &conf->cache, &cr);
-    if (rc != DECLINED)
-        return rc;
-
-    /* If the host doesn't have a domain name, add one and redirect. */
-    if (conf->domain != NULL) {
-        rc = proxy_needsdomain(r, url, conf->domain);
-        if (ap_is_HTTP_REDIRECT(rc))
-            return HTTP_MOVED_PERMANENTLY;
-    }
-
-    *p = '\0';
-    scheme = ap_pstrdup(r->pool, url);
-    *p = ':';
-
-    /* Check URI's destination host against NoProxy hosts */
-    /* Bypass ProxyRemote server lookup if configured as NoProxy */
-    /* we only know how to handle communication to a proxy via http */
-    /* if (strcasecmp(scheme, "http") == 0) */
-    {
-        int ii;
-        struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts;
-
-        for (direct_connect = ii = 0; ii < conf->dirconn->nelts && !direct_connect; ii++) {
-            direct_connect = list[ii].matcher(&list[ii], r);
-        }
-#if DEBUGGING
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r,
-                    (direct_connect) ? "NoProxy for %s" : "UseProxy for %s",
-                      r->uri);
-#endif
-    }
-
-/* firstly, try a proxy, unless a NoProxy directive is active */
-
-    if (!direct_connect)
-        for (i = 0; i < proxies->nelts; i++) {
-            p = strchr(ents[i].scheme, ':');    /* is it a partial URL? */
-            if (strcmp(ents[i].scheme, "*") == 0 ||
-                (p == NULL && strcasecmp(scheme, ents[i].scheme) == 0) ||
-                (p != NULL &&
-            strncasecmp(url, ents[i].scheme, strlen(ents[i].scheme)) == 0)) {
-                /*
-                 * CONNECT is a special method that bypasses the normal proxy
-                 * code.
-                 */
-		if (!ap_hook_use("ap::mod_proxy::handler",
-				 AP_HOOK_SIG7(int,ptr,ptr,ptr,ptr,int,ptr),
-				 AP_HOOK_DECLINE(DECLINED),
-				 &rc, r, cr, url, 
-				 ents[i].hostname, ents[i].port, 
-				 ents[i].protocol) || rc == DECLINED) {
-                if (r->method_number == M_CONNECT)
-                    rc = ap_proxy_connect_handler(r, cr, url, ents[i].hostname,
-                                                  ents[i].port);
-/* we only know how to handle communication to a proxy via http */
-                else if (strcasecmp(ents[i].protocol, "http") == 0)
-                    rc = ap_proxy_http_handler(r, cr, url, ents[i].hostname,
-                                               ents[i].port);
-                else
-                    rc = DECLINED;
-		}
-
-                /* an error or success */
-                if (rc != DECLINED && rc != HTTP_BAD_GATEWAY)
-                    return rc;
-                /* we failed to talk to the upstream proxy */
-            }
-        }
-
-    /* otherwise, try it direct */
-    /* N.B. what if we're behind a firewall, where we must use a proxy or
-     * give up??
-     */
-
-    /* handle the scheme */
-    if (ap_hook_use("ap::mod_proxy::handler",
-		    AP_HOOK_SIG7(int,ptr,ptr,ptr,ptr,int,ptr),
-		    AP_HOOK_DECLINE(DECLINED),
-		    &rc, r, cr, url, 
-                    NULL, 0, scheme) && rc != DECLINED)
-        return rc;
-    if (r->method_number == M_CONNECT) {
-        return ap_proxy_connect_handler(r, cr, url, NULL, 0);
-    }
-    if (strcasecmp(scheme, "http") == 0) {
-        return ap_proxy_http_handler(r, cr, url, NULL, 0);
-    }
-    if (strcasecmp(scheme, "ftp") == 0) {
-        return ap_proxy_ftp_handler(r, cr, url);
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r,
-                    "proxy: No protocol handler was valid for the URL %s. "
-                    "If you are using a DSO version of mod_proxy, make sure "
-                    "the proxy submodules are included in the configuration "
-                    "using LoadModule.", r->uri);
-        return HTTP_FORBIDDEN;
-    }
-}
-
-/* -------------------------------------------------------------- */
-/* Setup configurable data */
-
-static void *
-     create_proxy_config(pool *p, server_rec *s)
-{
-    proxy_server_conf *ps = ap_pcalloc(p, sizeof(proxy_server_conf));
-
-    ps->proxies = ap_make_array(p, 10, sizeof(struct proxy_remote));
-    ps->aliases = ap_make_array(p, 10, sizeof(struct proxy_alias));
-    ps->raliases = ap_make_array(p, 10, sizeof(struct proxy_alias));
-    ps->noproxies = ap_make_array(p, 10, sizeof(struct noproxy_entry));
-    ps->dirconn = ap_make_array(p, 10, sizeof(struct dirconn_entry));
-    ps->nocaches = ap_make_array(p, 10, sizeof(struct nocache_entry));
-    ps->allowed_connect_ports = ap_make_array(p, 10, sizeof(int));
-    ps->domain = NULL;
-    ps->viaopt = via_off;       /* initially backward compatible with 1.3.1 */
-    ps->viaopt_set = 0;         /* 0 means default */
-    ps->req = 0;
-    ps->req_set = 0;
-    ps->recv_buffer_size = 0;   /* this default was left unset for some
-                                 * reason */
-    ps->recv_buffer_size_set = 0;
-    ps->io_buffer_size = IOBUFSIZE;
-    ps->io_buffer_size_set = 0;
-    ps->preserve_host = 0;
-    ps->preserve_host_set = 0;
-
-    ps->cache.root = NULL;
-    ps->cache.space = DEFAULT_CACHE_SPACE;
-    ps->cache.space_set = 0;
-    ps->cache.maxexpire = DEFAULT_CACHE_MAXEXPIRE;
-    ps->cache.maxexpire_set = 0;
-    ps->cache.defaultexpire = DEFAULT_CACHE_EXPIRE;
-    ps->cache.defaultexpire_set = 0;
-    ps->cache.lmfactor = DEFAULT_CACHE_LMFACTOR;
-    ps->cache.lmfactor_set = 0;
-    ps->cache.gcinterval = DEFAULT_CACHE_GCINTERVAL;
-    ps->cache.gcinterval_set = 1;
-    /* at these levels, the cache can have 2^18 directories (256,000)  */
-    ps->cache.dirlevels = 3;
-    ps->cache.dirlevels_set = 0;
-    ps->cache.dirlength = 1;
-    ps->cache.dirlength_set = 0;
-    ps->cache.cache_completion = (float)DEFAULT_CACHE_COMPLETION;
-    ps->cache.cache_completion_set = 0;
-
-    return ps;
-}
-
-static void *
-     merge_proxy_config(pool *p, void *basev,
-                             void *overridesv)
-{
-    proxy_server_conf *ps = ap_pcalloc(p, sizeof(proxy_server_conf));
-    proxy_server_conf *base = (proxy_server_conf *)basev;
-    proxy_server_conf *overrides = (proxy_server_conf *)overridesv;
-
-    ps->proxies = ap_append_arrays(p, base->proxies, overrides->proxies);
-    ps->aliases = ap_append_arrays(p, base->aliases, overrides->aliases);
-    ps->raliases = ap_append_arrays(p, base->raliases, overrides->raliases);
-    ps->noproxies = ap_append_arrays(p, base->noproxies, overrides->noproxies);
-    ps->dirconn = ap_append_arrays(p, base->dirconn, overrides->dirconn);
-    ps->nocaches = ap_append_arrays(p, base->nocaches, overrides->nocaches);
-    ps->allowed_connect_ports = ap_append_arrays(p, base->allowed_connect_ports, overrides->allowed_connect_ports);
-
-    ps->domain = (overrides->domain == NULL) ? base->domain : overrides->domain;
-    ps->viaopt = (overrides->viaopt_set == 0) ? base->viaopt : overrides->viaopt;
-    ps->req = (overrides->req_set == 0) ? base->req : overrides->req;
-    ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
-    ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
-
-    ps->preserve_host = (overrides->preserve_host_set == 0) ? base->preserve_host : overrides->preserve_host;
-
-    ps->cache.root = (overrides->cache.root == NULL) ? base->cache.root : overrides->cache.root;
-    ps->cache.space = (overrides->cache.space_set == 0) ? base->cache.space : overrides->cache.space;
-    ps->cache.maxexpire = (overrides->cache.maxexpire_set == 0) ? base->cache.maxexpire : overrides->cache.maxexpire;
-    ps->cache.defaultexpire = (overrides->cache.defaultexpire_set == 0) ? base->cache.defaultexpire : overrides->cache.defaultexpire;
-    ps->cache.lmfactor = (overrides->cache.lmfactor_set == 0) ? base->cache.lmfactor : overrides->cache.lmfactor;
-    ps->cache.gcinterval = (overrides->cache.gcinterval_set == 0) ? base->cache.gcinterval : overrides->cache.gcinterval;
-    /* at these levels, the cache can have 2^18 directories (256,000)  */
-    ps->cache.dirlevels = (overrides->cache.dirlevels_set == 0) ? base->cache.dirlevels : overrides->cache.dirlevels;
-    ps->cache.dirlength = (overrides->cache.dirlength_set == 0) ? base->cache.dirlength : overrides->cache.dirlength;
-    ps->cache.cache_completion = (overrides->cache.cache_completion_set == 0) ? base->cache.cache_completion : overrides->cache.cache_completion;
-
-    return ps;
-}
-
-static const char *
-     add_proxy(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    server_rec *s = cmd->server;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(s->module_config, &proxy_module);
-    struct proxy_remote *new;
-    char *p, *q;
-    int port;
-    char *bl = NULL, *br = NULL;
-
-    p = strchr(r, ':');
-    if (p == NULL || p[1] != '/' || p[2] != '/' || p[3] == '\0')
-	return "ProxyRemote: Bad syntax for a remote proxy server";
-    bl = p + 3;
-    if (*bl == '['){
-	br = strrchr(bl+1, ']');
-	if (br){
-	    bl++;
-	    *br = '\0';
-	    if (*(br+1) == ':'){	/* [host]:xx */
-		q = br+1;
-	    }
-	    else if (*(br+1) == '\0'){	/* [host] */
-		q = NULL;
-	    }
-	    else
-		q = strrchr(br, ':');	/* XXX */
-	}
-	else
-	    q = strrchr(bl, ':');	/* XXX */
-    }
-    else
-	q = strrchr(bl, ':');
-    if (q != NULL) {
-        if (sscanf(q + 1, "%u", &port) != 1 || port > 65535)
-            return "ProxyRemote: Bad syntax for a remote proxy server (bad port number)";
-        *q = '\0';
-    }
-    else
-        port = -1;
-    *p = '\0';
-    if (strchr(f, ':') == NULL)
-        ap_str_tolower(f);      /* lowercase scheme */
-    ap_str_tolower(bl);         /* lowercase hostname */
-
-    if (port == -1) {
-        int i;
-        for (i = 0; defports[i].scheme != NULL; i++)
-            if (strcasecmp(defports[i].scheme, r) == 0)
-                break;
-        port = defports[i].port;
-    }
-
-    new = ap_push_array(conf->proxies);
-    new->scheme = f;
-    new->protocol = r;
-    new->hostname = bl;
-    new->port = port;
-    return NULL;
-}
-
-static const char *
-     add_pass(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    server_rec *s = cmd->server;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(s->module_config, &proxy_module);
-    struct proxy_alias *new;
-
-    new = ap_push_array(conf->aliases);
-    new->fake = f;
-    new->real = r;
-    return NULL;
-}
-
-static const char *
-     add_pass_reverse(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    server_rec *s = cmd->server;
-    proxy_server_conf *conf;
-    struct proxy_alias *new;
-
-    conf = (proxy_server_conf *)ap_get_module_config(s->module_config,
-                                                     &proxy_module);
-    new = ap_push_array(conf->raliases);
-    new->fake = f;
-    new->real = r;
-    return NULL;
-}
-
-static const char *
-     set_proxy_exclude(cmd_parms *parms, void *dummy, char *arg)
-{
-    server_rec *s = parms->server;
-    proxy_server_conf *conf =
-    ap_get_module_config(s->module_config, &proxy_module);
-    struct noproxy_entry *new;
-    struct noproxy_entry *list = (struct noproxy_entry *) conf->noproxies->elts;
-    struct hostent hp;
-    int found = 0;
-    int i;
-
-    /* Don't duplicate entries */
-    for (i = 0; i < conf->noproxies->nelts; i++) {
-        if (strcasecmp(arg, list[i].name) == 0) /* ignore case for host names */
-            found = 1;
-    }
-
-    if (!found) {
-        new = ap_push_array(conf->noproxies);
-        new->name = arg;
-        /* Don't do name lookups on things that aren't dotted */
-        if (strchr(arg, '.') != NULL && ap_proxy_host2addr(new->name, &hp) == NULL)
-            /*
-             * @@@FIXME: This copies only the first of (possibly many) IP
-             * addrs
-             */
-            memcpy(&new->addr, hp.h_addr, sizeof(struct in_addr));
-        else
-            new->addr.s_addr = 0;
-    }
-    return NULL;
-}
-
-/*
- * Set the ports CONNECT can use
- */
-static const char *
-     set_allowed_ports(cmd_parms *parms, void *dummy, char *arg)
-{
-    server_rec *s = parms->server;
-    proxy_server_conf *conf =
-    ap_get_module_config(s->module_config, &proxy_module);
-    int *New;
-
-    if (!ap_isdigit(arg[0]))
-        return "AllowCONNECT: port number must be numeric";
-
-    New = ap_push_array(conf->allowed_connect_ports);
-    *New = atoi(arg);
-    return NULL;
-}
-
-/* Similar to set_proxy_exclude(), but defining directly connected hosts,
- * which should never be accessed via the configured ProxyRemote servers
- */
-static const char *
-     set_proxy_dirconn(cmd_parms *parms, void *dummy, char *arg)
-{
-    server_rec *s = parms->server;
-    proxy_server_conf *conf =
-    ap_get_module_config(s->module_config, &proxy_module);
-    struct dirconn_entry *New;
-    struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts;
-    int found = 0;
-    int i;
-
-    /* Don't duplicate entries */
-    for (i = 0; i < conf->dirconn->nelts; i++) {
-        if (strcasecmp(arg, list[i].name) == 0)
-            found = 1;
-    }
-
-    if (!found) {
-        New = ap_push_array(conf->dirconn);
-        New->name = arg;
-        New->hostentry = NULL;
-
-        if (ap_proxy_is_ipaddr(New, parms->pool)) {
-#if DEBUGGING
-            fprintf(stderr, "Parsed addr %s\n", inet_ntoa(New->addr));
-            fprintf(stderr, "Parsed mask %s\n", inet_ntoa(New->mask));
-#endif
-        }
-        else if (ap_proxy_is_domainname(New, parms->pool)) {
-            ap_str_tolower(New->name);
-#if DEBUGGING
-            fprintf(stderr, "Parsed domain %s\n", New->name);
-#endif
-        }
-        else if (ap_proxy_is_hostname(New, parms->pool)) {
-            ap_str_tolower(New->name);
-#if DEBUGGING
-            fprintf(stderr, "Parsed host %s\n", New->name);
-#endif
-        }
-        else {
-            ap_proxy_is_word(New, parms->pool);
-#if DEBUGGING
-            fprintf(stderr, "Parsed word %s\n", New->name);
-#endif
-        }
-    }
-    return NULL;
-}
-
-static const char *
-     set_proxy_domain(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    if (arg[0] != '.')
-        return "ProxyDomain: domain name must start with a dot.";
-
-    psf->domain = arg;
-    return NULL;
-}
-
-static const char *
-     set_proxy_req(cmd_parms *parms, void *dummy, int flag)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    psf->req = flag;
-    psf->req_set = 1;
-    return NULL;
-}
-
-
-static const char *
-     set_cache_size(cmd_parms *parms, char *struct_ptr, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int val;
-
-    if (sscanf(arg, "%d", &val) != 1)
-        return "CacheSize value must be an integer (kBytes)";
-    psf->cache.space = val;
-    psf->cache.space_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_root(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    psf->cache.root = arg;
-    ap_server_strip_chroot(psf->cache.root, 1);
-
-    return NULL;
-}
-
-static const char *
-     set_cache_factor(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    double val;
-
-    if (sscanf(arg, "%lg", &val) != 1)
-        return "CacheLastModifiedFactor value must be a float";
-    psf->cache.lmfactor = val;
-    psf->cache.lmfactor_set = 1;
-
-    return NULL;
-}
-
-static const char *
-     set_cache_maxex(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    double val;
-
-    if (sscanf(arg, "%lg", &val) != 1)
-        return "CacheMaxExpire value must be a float";
-    psf->cache.maxexpire = (int)(val * (double)SEC_ONE_HR);
-    psf->cache.maxexpire_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_defex(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    double val;
-
-    if (sscanf(arg, "%lg", &val) != 1)
-        return "CacheDefaultExpire value must be a float";
-    psf->cache.defaultexpire = (int)(val * (double)SEC_ONE_HR);
-    psf->cache.defaultexpire_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_gcint(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    double val;
-
-    if (sscanf(arg, "%lg", &val) != 1)
-        return "CacheGcInterval value must be a float";
-    psf->cache.gcinterval = (int)(val * (double)SEC_ONE_HR);
-    psf->cache.gcinterval_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_dirlevels(cmd_parms *parms, char *struct_ptr, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int val;
-
-    val = atoi(arg);
-    if (val < 1)
-        return "CacheDirLevels value must be an integer greater than 0";
-    if (val * psf->cache.dirlength > CACHEFILE_LEN)
-        return "CacheDirLevels*CacheDirLength value must not be higher than 20";
-    psf->cache.dirlevels = val;
-    psf->cache.dirlevels_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_dirlength(cmd_parms *parms, char *struct_ptr, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int val;
-
-    val = atoi(arg);
-    if (val < 1)
-        return "CacheDirLength value must be an integer greater than 0";
-    if (val * psf->cache.dirlevels > CACHEFILE_LEN)
-        return "CacheDirLevels*CacheDirLength value must not be higher than 20";
-    psf->cache.dirlength = val;
-    psf->cache.dirlength_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_exclude(cmd_parms *parms, void *dummy, char *arg)
-{
-    server_rec *s = parms->server;
-    proxy_server_conf *conf =
-    ap_get_module_config(s->module_config, &proxy_module);
-    struct nocache_entry *new;
-    struct nocache_entry *list = (struct nocache_entry *) conf->nocaches->elts;
-    struct hostent hp;
-    int found = 0;
-    int i;
-
-    /* Don't duplicate entries */
-    for (i = 0; i < conf->nocaches->nelts; i++) {
-        if (strcasecmp(arg, list[i].name) == 0) /* ignore case for host names */
-            found = 1;
-    }
-
-    if (!found) {
-        new = ap_push_array(conf->nocaches);
-        new->name = arg;
-        /* Don't do name lookups on things that aren't dotted */
-        if (strchr(arg, '.') != NULL && ap_proxy_host2addr(new->name, &hp) == NULL)
-            /*
-             * @@@FIXME: This copies only the first of (possibly many) IP
-             * addrs
-             */
-            memcpy(&new->addr, hp.h_addr, sizeof(struct in_addr));
-        else
-            new->addr.s_addr = 0;
-    }
-    return NULL;
-}
-
-static const char *
-     set_recv_buffer_size(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int s = atoi(arg);
-    if (s < 512 && s != 0) {
-        return "ProxyReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
-    }
-
-    psf->recv_buffer_size = s;
-    psf->recv_buffer_size_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_io_buffer_size(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    long s = atol(arg);
-
-    psf->io_buffer_size = ((s > IOBUFSIZE) ? s : IOBUFSIZE);
-    psf->io_buffer_size_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_completion(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int s = atoi(arg);
-    if (s > 100 || s < 0) {
-        return "CacheForceCompletion must be <= 100 percent, "
-            "or 0 for system default.";
-    }
-
-    if (s > 0)
-        psf->cache.cache_completion = ((float)s / 100);
-
-    psf->cache.cache_completion_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_via_opt(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    if (strcasecmp(arg, "Off") == 0)
-        psf->viaopt = via_off;
-    else if (strcasecmp(arg, "On") == 0)
-        psf->viaopt = via_on;
-    else if (strcasecmp(arg, "Block") == 0)
-        psf->viaopt = via_block;
-    else if (strcasecmp(arg, "Full") == 0)
-        psf->viaopt = via_full;
-    else {
-        return "ProxyVia must be one of: "
-            "off | on | full | block";
-    }
-
-    psf->viaopt_set = 1;
-    return NULL;
-}
-
-static const char *
-    set_preserve_host(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    if (strcasecmp(arg, "Off") == 0)
-        psf->preserve_host = 0;
-    else if (strcasecmp(arg, "On") == 0)
-        psf->preserve_host = 1;
-    else {
-        return "ProxyPreserveHost must be one of: "
-            "off | on";
-    }
-
-    psf->preserve_host_set = 1;
-    return NULL;
-}
-
-static const handler_rec proxy_handlers[] =
-{
-    {"proxy-server", proxy_handler},
-    {NULL}
-};
-
-static const command_rec proxy_cmds[] =
-{
-    {"ProxyRequests", set_proxy_req, NULL, RSRC_CONF, FLAG,
-    "on if the true proxy requests should be accepted"},
-    {"ProxyRemote", add_proxy, NULL, RSRC_CONF, TAKE2,
-    "a scheme, partial URL or '*' and a proxy server"},
-    {"ProxyPass", add_pass, NULL, RSRC_CONF, TAKE2,
-    "a virtual path and a URL"},
-    {"ProxyPassReverse", add_pass_reverse, NULL, RSRC_CONF, TAKE2,
-    "a virtual path and a URL for reverse proxy behaviour"},
-    {"ProxyBlock", set_proxy_exclude, NULL, RSRC_CONF, ITERATE,
-    "A list of names, hosts or domains to which the proxy will not connect"},
-    {"ProxyReceiveBufferSize", set_recv_buffer_size, NULL, RSRC_CONF, TAKE1,
-    "Receive buffer size for outgoing HTTP and FTP connections in bytes"},
-    {"ProxyIOBufferSize", set_io_buffer_size, NULL, RSRC_CONF, TAKE1,
-    "IO buffer size for outgoing HTTP and FTP connections in bytes"},
-    {"NoProxy", set_proxy_dirconn, NULL, RSRC_CONF, ITERATE,
-    "A list of domains, hosts, or subnets to which the proxy will connect directly"},
-    {"ProxyDomain", set_proxy_domain, NULL, RSRC_CONF, TAKE1,
-    "The default intranet domain name (in absence of a domain in the URL)"},
-    {"AllowCONNECT", set_allowed_ports, NULL, RSRC_CONF, ITERATE,
-    "A list of ports which CONNECT may connect to"},
-    {"ProxyPreserveHost", set_preserve_host, NULL, RSRC_CONF, TAKE1,
-    "on if the host header should be preserved while proxying"},
-    {"CacheRoot", set_cache_root, NULL, RSRC_CONF, TAKE1,
-    "The directory to store cache files"},
-    {"CacheSize", set_cache_size, NULL, RSRC_CONF, TAKE1,
-    "The maximum disk space used by the cache in Kb"},
-    {"CacheMaxExpire", set_cache_maxex, NULL, RSRC_CONF, TAKE1,
-    "The maximum time in hours to cache a document"},
-    {"CacheDefaultExpire", set_cache_defex, NULL, RSRC_CONF, TAKE1,
-    "The default time in hours to cache a document"},
-    {"CacheLastModifiedFactor", set_cache_factor, NULL, RSRC_CONF, TAKE1,
-    "The factor used to estimate Expires date from LastModified date"},
-    {"CacheGcInterval", set_cache_gcint, NULL, RSRC_CONF, TAKE1,
-    "The interval between garbage collections, in hours"},
-    {"CacheDirLevels", set_cache_dirlevels, NULL, RSRC_CONF, TAKE1,
-    "The number of levels of subdirectories in the cache"},
-    {"CacheDirLength", set_cache_dirlength, NULL, RSRC_CONF, TAKE1,
-    "The number of characters in subdirectory names"},
-    {"NoCache", set_cache_exclude, NULL, RSRC_CONF, ITERATE,
-    "A list of names, hosts or domains for which caching is *not* provided"},
-    {"CacheForceCompletion", set_cache_completion, NULL, RSRC_CONF, TAKE1,
-    "Force a http cache completion after this percentage is loaded"},
-    {"ProxyVia", set_via_opt, NULL, RSRC_CONF, TAKE1,
-    "Configure Via: proxy header header to one of: on | off | block | full"},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT proxy_module =
-{
-    STANDARD_MODULE_STUFF,
-    proxy_init,                 /* initializer */
-    NULL,                       /* create per-directory config structure */
-    NULL,                       /* merge per-directory config structures */
-    create_proxy_config,        /* create per-server config structure */
-    merge_proxy_config,         /* merge per-server config structures */
-    proxy_cmds,                 /* command table */
-    proxy_handlers,             /* handlers */
-    proxy_trans,                /* translate_handler */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    proxy_fixup,                /* pre-run fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    proxy_detect                /* post read-request */
-   ,proxy_addmod,		/* EAPI: add_module */
-    proxy_remmod,		/* EAPI: remove_module */
-    NULL,			/* EAPI: rewrite_command */
-    NULL			/* EAPI: new_connection  */
-};
diff --git a/usr.sbin/httpd/src/modules/proxy/mod_proxy.h b/usr.sbin/httpd/src/modules/proxy/mod_proxy.h
deleted file mode 100644
index adacd729449..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/mod_proxy.h
+++ /dev/null
@@ -1,348 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef MOD_PROXY_H
-#define MOD_PROXY_H 
-
-/*
- * Main include file for the Apache proxy
- */
-
-/*
-
-   Note numerous FIXMEs and CHECKMEs which should be eliminated.
-
-   If TESTING is set, then garbage collection doesn't delete ... probably a good
-   idea when hacking.
-
- */
-
-#define TESTING 0
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_protocol.h"
-
-#include "explain.h"
-
-extern module MODULE_VAR_EXPORT proxy_module;
-
-
-/* for proxy_canonenc() */
-enum enctype {
-    enc_path, enc_search, enc_user, enc_fpath, enc_parm
-};
-
-#define HDR_APP (0)             /* append header, for proxy_add_header() */
-#define HDR_REP (1)             /* replace header, for proxy_add_header() */
-
-/* number of characters in the hash */
-#define HASH_LEN (22*2)
-
-/* maximum  'CacheDirLevels*CacheDirLength' value */
-#define CACHEFILE_LEN 20        /* must be less than HASH_LEN/2 */
-
-#define SEC_ONE_DAY             86400   /* one day, in seconds */
-#define SEC_ONE_HR              3600    /* one hour, in seconds */
-
-#define DEFAULT_FTP_DATA_PORT   20
-#define DEFAULT_FTP_PORT        21
-#define DEFAULT_GOPHER_PORT     70
-#define DEFAULT_NNTP_PORT       119
-#define DEFAULT_WAIS_PORT       210
-#define DEFAULT_HTTPS_PORT      443
-#define DEFAULT_SNEWS_PORT      563
-#define DEFAULT_PROSPERO_PORT   1525    /* WARNING: conflict w/Oracle */
-
-/* Some WWW schemes and their default ports; this is basically /etc/services */
-struct proxy_services {
-    const char *scheme;
-    int port;
-};
-
-/* static information about a remote proxy */
-struct proxy_remote {
-    const char *scheme;         /* the schemes handled by this proxy, or '*' */
-    const char *protocol;       /* the scheme used to talk to this proxy */
-    const char *hostname;       /* the hostname of this proxy */
-    int port;                   /* the port for this proxy */
-};
-
-struct proxy_alias {
-    char *real;
-    char *fake;
-};
-
-struct dirconn_entry {
-    char *name;
-    struct in_addr addr, mask;
-    struct hostent *hostentry;
-    int (*matcher) (struct dirconn_entry * This, request_rec *r);
-};
-
-struct noproxy_entry {
-    char *name;
-    struct in_addr addr;
-};
-
-struct nocache_entry {
-    char *name;
-    struct in_addr addr;
-};
-
-#define DEFAULT_CACHE_SPACE 5
-#define DEFAULT_CACHE_MAXEXPIRE SEC_ONE_DAY
-#define DEFAULT_CACHE_EXPIRE    SEC_ONE_HR
-#define DEFAULT_CACHE_LMFACTOR (0.1)
-#define DEFAULT_CACHE_COMPLETION (0.9)
-#define DEFAULT_CACHE_GCINTERVAL SEC_ONE_HR
-
-#ifndef MAX
-#define MAX(a,b)                ((a) > (b) ? (a) : (b))
-#endif
-#ifndef MIN
-#define MIN(a,b)                ((a) < (b) ? (a) : (b))
-#endif
-
-/* static information about the local cache */
-struct cache_conf {
-    const char *root;           /* the location of the cache directory */
-    off_t space;                /* Maximum cache size (in 1024 bytes) */
-    char space_set;
-    time_t maxexpire;           /* Maximum time to keep cached files in secs */
-    char maxexpire_set;
-    time_t defaultexpire;       /* default time to keep cached file in secs */
-    char defaultexpire_set;
-    double lmfactor;            /* factor for estimating expires date */
-    char lmfactor_set;
-    time_t gcinterval;          /* garbage collection interval, in seconds */
-    char gcinterval_set;
-    int dirlevels;              /* Number of levels of subdirectories */
-    char dirlevels_set;
-    int dirlength;              /* Length of subdirectory names */
-    char dirlength_set;
-    float cache_completion;     /* Force cache completion after this point */
-    char cache_completion_set;
-};
-
-typedef struct {
-    struct cache_conf cache;    /* cache configuration */
-    array_header *proxies;
-    array_header *aliases;
-    array_header *raliases;
-    array_header *noproxies;
-    array_header *dirconn;
-    array_header *nocaches;
-    array_header *allowed_connect_ports;
-    char *domain;               /* domain name to use in absence of a domain name in the request */
-    int req;                    /* true if proxy requests are enabled */
-    char req_set;
-    enum {
-      via_off,
-      via_on,
-      via_block,
-      via_full
-    } viaopt;                   /* how to deal with proxy Via: headers */
-    char viaopt_set;
-    size_t recv_buffer_size;
-    char recv_buffer_size_set;
-    size_t io_buffer_size;
-    char io_buffer_size_set;
-    int preserve_host;
-    int preserve_host_set;
-} proxy_server_conf;
-
-struct hdr_entry {
-    const char *field;
-    const char *value;
-};
-
-/* caching information about a request */
-typedef struct {
-    request_rec *req;           /* the request */
-    char *url;                  /* the URL requested */
-    char *filename;             /* name of the cache file,
-                                   or NULL if no cache */
-    char *tempfile;             /* name of the temporary file,
-                                   or NULL if not caching */
-    time_t ims;                 /* if-Modified-Since date of request,
-                                   -1 if no header */
-    time_t ius;                 /* if-Unmodified-Since date of request,
-                                   -1 if no header */
-    const char *im;             /* if-Match etag of request,
-                                   NULL if no header */
-    const char *inm;            /* if-None-Match etag of request,
-                                   NULL if no header */
-    BUFF *fp;                   /* the cache file descriptor if the file
-                                   is cached and may be returned,
-                                   or NULL if the file is not cached
-                                   (or must be reloaded) */
-    BUFF *origfp;               /* the old cache file descriptor if the file has
-                                   been revalidated and is being rewritten to
-                                   disk */
-    time_t expire;              /* calculated expire date of cached entity */
-    time_t lmod;                /* last-modified date of cached entity */
-    time_t date;                /* the date the cached file was last touched */
-    time_t req_time;            /* the time the request started */
-    time_t resp_time;           /* the time the response was received */
-    int version;                /* update count of the file */
-    off_t len;                  /* content length */
-    char *protocol;             /* Protocol, and major/minor number,
-                                   e.g. HTTP/1.1 */
-    int status;                 /* the status of the cached file */
-    unsigned int written;       /* total *content* bytes written to cache */
-    float cache_completion;     /* specific to this request */
-    char *resp_line;            /* the whole status line
-                                   (protocol, code + message) */
-    table *req_hdrs;            /* the original request headers */
-    table *hdrs;                /* the original HTTP response headers
-                                   of the file */
-    char *xcache;               /* the X-Cache header value
-                                   to be sent to client */
-} cache_req;
-
-struct per_thread_data {
-    struct hostent hpbuf;
-    in_addr_t ipaddr;
-    char *charpbuf[2];
-};
-/* Function prototypes */
-
-/* proxy_cache.c */
-
-void ap_proxy_cache_tidy(cache_req *c);
-int ap_proxy_cache_check(request_rec *r, char *url, struct cache_conf *conf,
-                      cache_req **cr);
-int ap_proxy_cache_update(cache_req *c, table *resp_hdrs,
-                       const int is_HTTP1, int nocache);
-void ap_proxy_garbage_coll(request_rec *r);
-
-/* proxy_connect.c */
-
-int ap_proxy_connect_handler(request_rec *r, cache_req *c, char *url,
-                          const char *proxyhost, int proxyport);
-
-/* proxy_ftp.c */
-
-int ap_proxy_ftp_canon(request_rec *r, char *url);
-int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url);
-
-/* proxy_http.c */
-
-int ap_proxy_http_canon(request_rec *r, char *url, const char *scheme,
-                     int def_port);
-int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
-                       const char *proxyhost, int proxyport);
-
-/* proxy_util.c */
-
-int ap_proxy_hex2c(const char *x);
-void ap_proxy_c2hex(int ch, char *x);
-char *ap_proxy_canonenc(pool *p, const char *x, int len, enum enctype t,
-                        enum proxyreqtype isenc);
-char *ap_proxy_canon_netloc(pool *p, char **const urlp, char **userp,
-                         char **passwordp, char **hostp, int *port);
-const char *ap_proxy_date_canon(pool *p, const char *x);
-table *ap_proxy_read_headers(request_rec *r, char *buffer, int size, BUFF *f);
-long int ap_proxy_send_fb(BUFF *f, request_rec *r, cache_req *c, off_t len, int nowrite, int chunked, size_t recv_buffer_size);
-void ap_proxy_write_headers(cache_req *c, const char *respline, table *t);
-int ap_proxy_liststr(const char *list, const char *key, char **val);
-void ap_proxy_hash(const char *it, char *val, int ndepth, int nlength);
-int ap_proxy_hex2sec(const char *x);
-int ap_proxy_sec2hex(int t, char *y, int len);
-cache_req *ap_proxy_cache_error(cache_req *r);
-int ap_proxyerror(request_rec *r, int statuscode, const char *message);
-const char *ap_proxy_host2addr(const char *host, struct hostent *reqhp);
-int ap_proxy_is_ipaddr(struct dirconn_entry *This, pool *p);
-int ap_proxy_is_domainname(struct dirconn_entry *This, pool *p);
-int ap_proxy_is_hostname(struct dirconn_entry *This, pool *p);
-int ap_proxy_is_word(struct dirconn_entry *This, pool *p);
-int ap_proxy_doconnect(int sock, struct sockaddr *addr, request_rec *r);
-int ap_proxy_garbage_init(server_rec *, pool *);
-/* This function is called by ap_table_do() for all header lines */
-int ap_proxy_send_hdr_line(void *p, const char *key, const char *value);
-unsigned ap_proxy_bputs2(const char *data, BUFF *client, cache_req *cache);
-time_t ap_proxy_current_age(cache_req *c, const time_t age_value);
-BUFF *ap_proxy_open_cachefile(request_rec *r, char *filename);
-BUFF *ap_proxy_create_cachefile(request_rec *r, char *filename);
-void ap_proxy_clear_connection(pool *p, table *headers);
-int ap_proxy_table_replace(table *base, table *overlay);
-void ap_proxy_table_unmerge(pool *p, table *t, char *key);
-int ap_proxy_read_response_line(BUFF *f, request_rec *r, char *buffer, int size, int *backasswards, int *major, int *minor);
-
-/* WARNING - PRIVATE DEFINITION BELOW */
-
-/* XXX: if you tweak this you should look at is_empty_table() and table_elts()
- * in ap_alloc.h
- *
- * NOTE: this private definition is a duplicate of the one in alloc.c
- * It's here for ap_proxy_table_replace() to avoid breaking binary compat
- */
-struct table {
-    /* This has to be first to promote backwards compatibility with
-     * older modules which cast a table * to an array_header *...
-     * they should use the table_elts() function for most of the
-     * cases they do this for.
-     */
-    array_header a;
-#ifdef MAKE_TABLE_PROFILE
-    void *creator;
-#endif
-};
-
-#endif /*MOD_PROXY_H*/
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_cache.c b/usr.sbin/httpd/src/modules/proxy/proxy_cache.c
deleted file mode 100644
index 75eb0094294..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_cache.c
+++ /dev/null
@@ -1,1670 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* Cache and garbage collection routines for Apache proxy */
-
-#include "mod_proxy.h"
-#include "http_conf_globals.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_core.h"
-#include "util_date.h"
-#include <utime.h>
-#include "multithread.h"
-#include "ap_md5.h"
-
-struct gc_ent {
-    unsigned long int len;
-    time_t expire;
-    char file[HASH_LEN + 1];
-};
-
-/* Poor man's 61 bit arithmetic */
-typedef struct {
-    long lower;                 /* lower 30 bits of result */
-    long upper;                 /* upper 31 bits of result */
-} long61_t;
-
-/* FIXME: The block size can be different on a `per file system' base.
- * This would make automatic detection highly OS specific.
- * In the GNU fileutils code for du(1), you can see how complicated it can
- * become to detect the block size. And, with BSD-4.x fragments, it
- * it even more difficult to get precise results.
- * As a compromise (and to improve on the incorrect counting of cache
- * size on byte level, omitting directory sizes entirely, which was
- * used up to apache-1.3b7) we're rounding to multiples of 512 here.
- * Your file system may be using larger blocks (I certainly hope so!)
- * but it will hardly use smaller blocks.
- * (So this approximation is still closer to reality than the old behavior).
- * The best solution would be automatic detection, the next best solution
- * IMHO is a sensible default and the possibility to override it.
- */
-
-#define ROUNDUP2BLOCKS(_bytes) (((_bytes)+block_size-1) & ~(block_size-1))
-static long block_size = 512;   /* this must be a power of 2 */
-static long61_t curbytes, cachesize;
-static time_t garbage_now, garbage_expire;
-static mutex *garbage_mutex = NULL;
-
-
-int ap_proxy_garbage_init(server_rec *r, pool *p)
-{
-    if (!garbage_mutex)
-        garbage_mutex = ap_create_mutex(NULL);
-
-    return (0);
-}
-
-
-static int sub_garbage_coll(request_rec *r, array_header *files,
-                             const char *cachedir, const char *cachesubdir);
-static void help_proxy_garbage_coll(request_rec *r);
-static int should_proxy_garbage_coll(request_rec *r);
-static void detached_proxy_garbage_coll(request_rec *r);
-
-
-void ap_proxy_garbage_coll(request_rec *r)
-{
-    static int inside = 0;
-
-    (void)ap_acquire_mutex(garbage_mutex);
-    if (inside == 1) {
-        (void)ap_release_mutex(garbage_mutex);
-        return;
-    }
-    else
-        inside = 1;
-    (void)ap_release_mutex(garbage_mutex);
-
-    ap_block_alarms();          /* avoid SIGALRM on big cache cleanup */
-    if (should_proxy_garbage_coll(r))
-        detached_proxy_garbage_coll(r);
-    ap_unblock_alarms();
-
-    (void)ap_acquire_mutex(garbage_mutex);
-    inside = 0;
-    (void)ap_release_mutex(garbage_mutex);
-}
-
-
-static void add_long61(long61_t *accu, long val)
-{
-    /* Add in lower 30 bits */
-    accu->lower += (val & 0x3FFFFFFFL);
-    /* add in upper bits, and carry */
-    accu->upper += (val >> 30) + ((accu->lower & ~0x3FFFFFFFL) != 0L);
-    /* Clear carry */
-    accu->lower &= 0x3FFFFFFFL;
-}
-
-static void sub_long61(long61_t *accu, long val)
-{
-    int carry = (val & 0x3FFFFFFFL) > accu->lower;
-    /* Subtract lower 30 bits */
-    accu->lower = accu->lower - (val & 0x3FFFFFFFL) + ((carry) ? 0x40000000 : 0);
-    /* add in upper bits, and carry */
-    accu->upper -= (val >> 30) + carry;
-}
-
-/* Compare two long61's:
- * return <0 when left < right
- * return  0 when left == right
- * return >0 when left > right
- */
-static long cmp_long61(long61_t *left, long61_t *right)
-{
-    return (left->upper == right->upper) ? (left->lower - right->lower)
-    : (left->upper - right->upper);
-}
-
-/* Compare two gc_ent's, sort them by expiration date */
-static int gcdiff(const void *ap, const void *bp)
-{
-    const struct gc_ent *a = (const struct gc_ent *) ap;
-    const struct gc_ent *b = (const struct gc_ent *) bp;
-
-    if (a->expire > b->expire)
-        return 1;
-    else if (a->expire < b->expire)
-        return -1;
-    else
-        return 0;
-}
-
-static void detached_proxy_garbage_coll(request_rec *r)
-{
-    pid_t pid;
-    int status;
-    pid_t pgrp;
-
-    switch (pid = fork()) {
-    case -1:
-        ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                     "proxy: fork() for cache cleanup failed");
-        return;
-
-    case 0:                     /* Child */
-
-        /* close all sorts of things, including the socket fd */
-        ap_cleanup_for_exec();
-
-        /* Fork twice to disassociate from the child */
-        switch (pid = fork()) {
-        case -1:
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy: fork(2nd) for cache cleanup failed");
-            exit(1);
-
-        case 0:         /* Child */
-            /* The setpgrp() stuff was snarfed from http_main.c */
-            if ((pgrp = setsid()) == -1) {
-                perror("setsid");
-                fprintf(stderr, "%s: setsid failed\n",
-                        ap_server_argv0);
-                exit(1);
-            }
-            help_proxy_garbage_coll(r);
-            exit(0);
-
-        default:                /* Father */
-            /* After grandson has been forked off, */
-            /* there's nothing else to do. */
-            exit(0);
-        }
-    default:
-        /* Wait until grandson has been forked off */
-        /* (without wait we'd leave a zombie) */
-        waitpid(pid, &status, 0);
-        return;
-    }
-}
-
-#define DOT_TIME "/.time"       /* marker */
-
-static int should_proxy_garbage_coll(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    proxy_server_conf *pconf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    const struct cache_conf *conf = &pconf->cache;
-
-    const char *cachedir = conf->root;
-    char *filename;
-    size_t fnlen;
-    struct stat buf;
-    int timefd;
-    time_t every = conf->gcinterval;
-    static time_t lastcheck = BAD_DATE; /* static (per-process) data!!! */
-
-    if (cachedir == NULL || every == -1)
-        return 0;
-
-    fnlen = strlen(cachedir) + strlen(DOT_TIME) + 1;
-    filename = ap_palloc(r->pool, fnlen);
-
-    garbage_now = time(NULL);
-    /*
-     * Usually, the modification time of <cachedir>/.time can only increase.
-     * Thus, even with several child processes having their own copy of
-     * lastcheck, if time(NULL) still < lastcheck then it's not time for GC
-     * yet.
-     */
-    if (garbage_now != -1 && lastcheck != BAD_DATE && garbage_now < lastcheck + every)
-        return 0;
-
-    strlcpy(filename, cachedir, fnlen);
-    strlcat(filename, DOT_TIME, fnlen);
-
-    /*
-     * At this point we have a bit of an engineering compromise. We could
-     * either create and/or mark the .time file  (prior to the fork which
-     * might fail on a resource issue) or wait until we are safely forked.
-     * The advantage of doing it now in this process is that we get some
-     * usefull live out of the global last check variable. (XXX which should
-     * go scoreboard IMHO.) Note that the actual counting is at a later
-     * moment.
-     */
-    if (stat(filename, &buf) == -1) {   /* does not exist */
-        if (errno != ENOENT) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy: stat(%s)", filename);
-            return 0;
-        }
-        if ((timefd = creat(filename, 0666)) == -1) {
-            if (errno != EEXIST)
-                ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                             "proxy: creat(%s)", filename);
-            else
-                lastcheck = garbage_now;        /* someone else got in there */
-            return 0;
-        }
-        close(timefd);
-    }
-    else {
-        lastcheck = buf.st_mtime;       /* save the time */
-        if (garbage_now < lastcheck + every) {
-            return 0;
-        }
-        if (utime(filename, NULL) == -1)
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy: utimes(%s)", filename);
-    }
-
-    return 1;
-}
-
-static void help_proxy_garbage_coll(request_rec *r)
-{
-    const char *cachedir;
-    void *sconf = r->server->module_config;
-    proxy_server_conf *pconf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    const struct cache_conf *conf = &pconf->cache;
-    array_header *files;
-    struct gc_ent *fent;
-    char *filename;
-    int i;
-
-    cachedir = conf->root;
-    filename = ap_palloc(r->pool, strlen(cachedir) + HASH_LEN + 2);
-    /* configured size is given in kB. Make it bytes, convert to long61_t: */
-    cachesize.lower = cachesize.upper = 0;
-    add_long61(&cachesize, conf->space << 10);
-
-    ap_block_alarms();          /* avoid SIGALRM on big cache cleanup */
-
-    files = ap_make_array(r->pool, 100, sizeof(struct gc_ent));
-    curbytes.upper = curbytes.lower = 0L;
-
-    sub_garbage_coll(r, files, cachedir, "/");
-
-    if (cmp_long61(&curbytes, &cachesize) < 0L) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "proxy GC: Cache is %ld%% full (nothing deleted)",
-                     (long)(((curbytes.upper << 20) | (curbytes.lower >> 10)) * 100 / conf->space));
-        ap_unblock_alarms();
-        return;
-    }
-
-    /* sort the files we found by expiration date */
-    qsort(files->elts, files->nelts, sizeof(struct gc_ent), gcdiff);
-
-    for (i = 0; i < files->nelts; i++) {
-        fent = &((struct gc_ent *) files->elts)[i];
-        snprintf(filename, sizeof(fent->file), "%s%s", cachedir, fent->file);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "GC Unlinking %s (expiry %ld, garbage_now %ld)", filename, (long)fent->expire, (long)garbage_now);
-#if TESTING
-        fprintf(stderr, "Would unlink %s\n", filename);
-#else
-        if (unlink(filename) == -1) {
-            if (errno != ENOENT)
-                ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                             "proxy gc: unlink(%s)", filename);
-        }
-        else
-#endif
-        {
-            sub_long61(&curbytes, ROUNDUP2BLOCKS(fent->len));
-            if (cmp_long61(&curbytes, &cachesize) < 0)
-                break;
-        }
-    }
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                 "proxy GC: Cache is %ld%% full (%d deleted)",
-                 (long)(((curbytes.upper << 20) | (curbytes.lower >> 10)) * 100 / conf->space), i);
-    ap_unblock_alarms();
-}
-
-static int sub_garbage_coll(request_rec *r, array_header *files,
-                          const char *cachebasedir, const char *cachesubdir)
-{
-    char line[17 * (3)];
-    char cachedir[HUGE_STRING_LEN];
-    struct stat buf;
-    int fd, i;
-    DIR *dir;
-    struct dirent *ent;
-    struct gc_ent *fent;
-    int nfiles = 0;
-    char *filename;
-    size_t fnlen;
-
-    ap_snprintf(cachedir, sizeof(cachedir), "%s%s", cachebasedir, cachesubdir);
-    fnlen = strlen(cachedir) + HASH_LEN + 2;
-    filename = ap_palloc(r->pool, fnlen);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "GC Examining directory %s", cachedir);
-    dir = opendir(cachedir);
-    if (dir == NULL) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                     "proxy gc: opendir(%s)", cachedir);
-        return 0;
-    }
-
-    while ((ent = readdir(dir)) != NULL) {
-        if (ent->d_name[0] == '.')
-            continue;
-        snprintf(filename, fnlen, "%s%s", cachedir, ent->d_name);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "GC Examining file %s", filename);
-/* is it a temporary file? */
-        if (strncmp(ent->d_name, "tmp", 3) == 0) {
-/* then stat it to see how old it is; delete temporary files > 1 day old */
-            if (stat(filename, &buf) == -1) {
-                if (errno != ENOENT)
-                    ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                                 "proxy gc: stat(%s)", filename);
-            }
-            else if (garbage_now != -1 && buf.st_atime < garbage_now - SEC_ONE_DAY &&
-                     buf.st_mtime < garbage_now - SEC_ONE_DAY) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "GC unlink %s", filename);
-                ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, r->server,
-                     "proxy gc: deleting orphaned cache file %s", filename);
-#if TESTING
-                fprintf(stderr, "Would unlink %s\n", filename);
-#else
-                unlink(filename);
-#endif
-            }
-            continue;
-        }
-        ++nfiles;
-	/* is it another file? */
-        /* FIXME: Shouldn't any unexpected files be deleted? */
-        /* if (strlen(ent->d_name) != HASH_LEN) continue; */
-
-	/* read the file */
-        fd = open(filename, O_RDONLY | O_BINARY);
-        if (fd == -1) {
-            if (errno != ENOENT)
-                ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                             "proxy gc: open(%s)", filename);
-            continue;
-        }
-        if (fstat(fd, &buf) == -1) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy gc: fstat(%s)", filename);
-            close(fd);
-            continue;
-        }
-
-        if (S_ISDIR(buf.st_mode)) {
-            char newcachedir[HUGE_STRING_LEN];
-            close(fd);
-            ap_snprintf(newcachedir, sizeof(newcachedir),
-                        "%s%s/", cachesubdir, ent->d_name);
-            if (!sub_garbage_coll(r, files, cachebasedir, newcachedir)) {
-                ap_snprintf(newcachedir, sizeof(newcachedir),
-                            "%s%s", cachedir, ent->d_name);
-#if TESTING
-                fprintf(stderr, "Would remove directory %s\n", newcachedir);
-#else
-                rmdir(newcachedir);
-#endif
-                --nfiles;
-            }
-            else {
-                /* Directory is not empty. Account for its size: */
-                add_long61(&curbytes, ROUNDUP2BLOCKS(buf.st_size));
-            }
-            continue;
-        }
-
-
-        i = read(fd, line, 17 * (3) - 1);
-        close(fd);
-        if (i == -1) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy gc: read(%s)", filename);
-            continue;
-        }
-        line[i] = '\0';
-        garbage_expire = ap_proxy_hex2sec(line + 17 * (2));
-        if (!ap_checkmask(line, "&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&") ||
-            garbage_expire == BAD_DATE) {
-            /* bad file */
-            if (garbage_now != -1 && buf.st_atime > garbage_now + SEC_ONE_DAY &&
-                buf.st_mtime > garbage_now + SEC_ONE_DAY) {
-                ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
-                             "proxy: deleting bad cache file with future date: %s", filename);
-#if TESTING
-                fprintf(stderr, "Would unlink bad file %s\n", filename);
-#else
-                unlink(filename);
-#endif
-            }
-            continue;
-        }
-
-/*
- * we need to calculate an 'old' factor, and remove the 'oldest' files
- * so that the space requirement is met; sort by the expires date of the
- * file.
- *
- */
-        fent = (struct gc_ent *) ap_push_array(files);
-        fent->len = buf.st_size;
-        fent->expire = garbage_expire;
-        strlcpy(fent->file, cachesubdir, sizeof(fent->file));
-        strlcat(fent->file, ent->d_name, sizeof(fent->file));
-
-/* accumulate in blocks, to cope with directories > 4Gb */
-        add_long61(&curbytes, ROUNDUP2BLOCKS(buf.st_size));
-    }
-
-    closedir(dir);
-
-    return nfiles;
-
-}
-
-
-/*
- * Read a cache file;
- * returns 1 on success,
- *         0 on failure (bad file or wrong URL)
- *        -1 on UNIX error
- *
- * We read the cache hex header, then the message response line and
- * response headers, and finally we return with the filepointer
- * pointing at the start of the message body itself, ready to be
- * shipped to the client later on, if appropriate.
- */
-static int rdcache(request_rec *r, BUFF *cachefp, cache_req *c)
-{
-    char urlbuff[HUGE_STRING_LEN], *strp;
-    int len;
-
-    /* read the data from the cache file */
-
-    /*
-     * Format:
-     * 
-     * The cache needs to keep track of the following information: - Date,
-     * LastMod, Version, ReqTime, RespTime, ContentLength - The original
-     * request headers (for Vary) - The original response headers (for
-     * returning with a cached response) - The body of the message
-     * 
-     * date SP lastmod SP expire SP count SP request-time SP response-time SP
-     * content-lengthCRLF (dates are stored as hex seconds since 1970)
-     * Original URLCRLF Original Request Headers CRLF Original Response
-     * Headers CRLF Body
-     * 
-     */
-
-    /* retrieve cachefile information values */
-    len = ap_bgets(urlbuff, sizeof urlbuff, cachefp);
-    if (len == -1) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-    if (len == 0 || urlbuff[len - 1] != '\n')
-        return 0;
-    urlbuff[len - 1] = '\0';
-
-    if (!ap_checkmask(urlbuff,
-                      "&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&"))
-        return 0;
-
-    c->date = ap_proxy_hex2sec(urlbuff + 17 * (0));
-    c->lmod = ap_proxy_hex2sec(urlbuff + 17 * (1));
-    c->expire = ap_proxy_hex2sec(urlbuff + 17 * (2));
-    c->version = ap_proxy_hex2sec(urlbuff + 17 * (3));
-    c->req_time = ap_proxy_hex2sec(urlbuff + 17 * (4));
-    c->resp_time = ap_proxy_hex2sec(urlbuff + 17 * (5));
-    c->len = ap_proxy_hex2sec(urlbuff + 17 * (6));
-
-    /* check that we have the same URL */
-    len = ap_bgets(urlbuff, sizeof urlbuff, cachefp);
-    if (len == -1) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-    if (len == 0 || strncmp(urlbuff, "X-URL: ", 7) != 0 ||
-        urlbuff[len - 1] != '\n')
-        return 0;
-    urlbuff[len - 1] = '\0';
-    if (strcmp(urlbuff + 7, c->url) != 0)
-        return 0;
-
-    /* then the original request headers */
-    c->req_hdrs = ap_proxy_read_headers(r, urlbuff, sizeof urlbuff, cachefp);
-    if (c->req_hdrs == NULL) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-
-    /* then the original response headers */
-    len = ap_bgets(urlbuff, sizeof urlbuff, cachefp);
-    if (len == -1) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-    if (len == 0 || urlbuff[len - 1] != '\n')
-        return 0;
-    urlbuff[--len] = '\0';
-
-    c->resp_line = ap_pstrdup(r->pool, urlbuff);
-    strp = strchr(urlbuff, ' ');
-    if (strp == NULL)
-        return 0;
-
-    c->status = atoi(strp);
-    c->hdrs = ap_proxy_read_headers(r, urlbuff, sizeof urlbuff, cachefp);
-    if (c->hdrs == NULL) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-    if (c->len != -1)           /* add a content-length header */
-        if (ap_table_get(c->hdrs, "Content-Length") == NULL) {
-            ap_table_set(c->hdrs, "Content-Length",
-                         ap_psprintf(r->pool, "%lu", (unsigned long)c->len));
-        }
-
-
-    return 1;
-}
-
-/*
- * Call this to check the possible conditional status of
- * the client request, and return the response from the cache
- *
- * Conditionals include If-Modified-Since, If-Match, If-Unmodified-Since
- * and If-None-Match.
- *
- * We don't yet understand If-Range, but we will...
- */
-int ap_proxy_cache_conditional(request_rec *r, cache_req *c, BUFF *cachefp)
-{
-    const char *etag, *wetag = NULL;
-
-    /* get etag */
-    if ((etag = ap_table_get(c->hdrs, "Etag"))) {
-        wetag = ap_pstrcat(r->pool, "W/", etag, NULL);
-    }
-
-    /* check for If-Match, If-Unmodified-Since */
-    while (1) {
-
-        /*
-         * check If-Match and If-Unmodified-Since exist
-         * 
-         * If neither of these exist, the request is not conditional, and we
-         * serve it normally
-         */
-        if (!c->im && BAD_DATE == c->ius) {
-            break;
-        }
-
-        /*
-         * check If-Match
-         * 
-         * we check if the Etag on the cached file is in the list of Etags in
-         * the If-Match field. The comparison must be a strong comparison, so
-         * the Etag cannot be marked as weak. If the comparision fails we
-         * return 412 Precondition Failed.
-         * 
-         * if If-Match is specified AND If-Match is not a "*" AND Etag is
-         * missing or weak or not in the list THEN return 412 Precondition
-         * Failed
-         */
-
-        if (c->im) {
-            if (strcmp(c->im, "*") &&
-                (!etag || (strlen(etag) > 1 && 'W' == etag[0] && '/' == etag[1]) || !ap_proxy_liststr(c->im, etag, NULL))) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Match specified, and it didn't - return 412");
-            }
-            else {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Match specified, and it matched");
-                break;
-            }
-        }
-
-        /*
-         * check If-Unmodified-Since
-         * 
-         * if If-Unmodified-Since is specified AND Last-Modified is specified
-         * somewhere AND If-Unmodified-Since is in the past compared to
-         * Last-Modified THEN return 412 Precondition Failed
-         */
-        if (BAD_DATE != c->ius && BAD_DATE != c->lmod) {
-            if (c->ius < c->lmod) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Unmodified-Since specified, but it wasn't - return 412");
-            }
-            else {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Unmodified-Since specified, and it was unmodified");
-                break;
-            }
-        }
-
-        /* if cache file is being updated */
-        if (c->origfp) {
-            ap_proxy_write_headers(c, c->resp_line, c->hdrs);
-            ap_proxy_send_fb(c->origfp, r, c, c->len, 1, 0, IOBUFSIZE);
-            ap_proxy_cache_tidy(c);
-        }
-        else
-            ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Use your cached copy, conditional precondition failed.");
-        return HTTP_PRECONDITION_FAILED;
-    }
-
-
-    /* check for If-None-Match, If-Modified-Since */
-    while (1) {
-
-        /*
-         * check for existance of If-None-Match and If-Modified-Since
-         * 
-         * if neither of these headers have been set, then the request is not
-         * conditional, and we just send the cached response and be done with
-         * it.
-         */
-        if (!c->inm && BAD_DATE == c->ims) {
-            break;
-        }
-
-        /*
-         * check If-None-Match
-         * 
-         * we check if the Etag on the cached file is in the list of Etags in
-         * the If-None-Match field. The comparison must be a strong
-         * comparison, so the Etag cannot be marked as weak. If the
-         * comparision fails we return 412 Precondition Failed.
-         * 
-         * if If-None-Match is specified: if If-None-Match is a "*" THEN 304
-         * else if Etag is specified AND we get a match THEN 304 else if Weak
-         * Etag is specified AND we get a match THEN 304 else sent the
-         * original object
-         */
-        if (c->inm) {
-            if (!strcmp(c->inm, "*")) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-None-Match: * specified, return 304");
-            }
-            else if (etag && ap_proxy_liststr(c->inm, etag, NULL)) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-None-Match: specified and we got a strong match - return 304");
-            }
-            else if (wetag && ap_proxy_liststr(c->inm, wetag, NULL)) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-None-Match specified, and we got a weak match - return 304");
-            }
-            else
-                break;
-        }
-
-        /*
-         * check If-Modified-Since
-         * 
-         * if If-Modified-Since is specified AND Last-Modified is specified
-         * somewhere: if last modification date is earlier than
-         * If-Modified-Since THEN 304 else send the original object
-         */
-        if (BAD_DATE != c->ims && BAD_DATE != c->lmod) {
-            if (c->ims >= c->lmod) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Modified-Since specified and not modified, try return 304");
-            }
-            else
-                break;
-        }
-
-
-        /* are we updating the cache file? */
-        if (c->origfp) {
-            ap_proxy_write_headers(c, c->resp_line, c->hdrs);
-            ap_proxy_send_fb(c->origfp, r, c, c->len, 1, 0, IOBUFSIZE);
-            ap_proxy_cache_tidy(c);
-        }
-        else
-            ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Use local copy, cached file hasn't changed");
-        return HTTP_NOT_MODIFIED;
-    }
-
-
-    /* No conditional - just send it cousin! */
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Local copy modified, send it");
-    r->status_line = strchr(c->resp_line, ' ') + 1;
-    r->status = c->status;
-
-    /* Prepare and send headers to client */
-    ap_proxy_table_replace(r->headers_out, c->hdrs);
-    /* make sure our X-Cache header does not stomp on a previous header */
-    ap_table_mergen(r->headers_out, "X-Cache", c->xcache);
-
-    /* content type is already set in the headers */
-    r->content_type = ap_table_get(r->headers_out, "Content-Type");
-
-    ap_send_http_header(r);
-
-    /* are we rewriting the cache file? */
-    if (c->origfp) {
-        ap_proxy_write_headers(c, c->resp_line, c->hdrs);
-        ap_proxy_send_fb(c->origfp, r, c, c->len, r->header_only, 0, IOBUFSIZE);
-        ap_proxy_cache_tidy(c);
-        return OK;
-    }
-
-    /* no, we not */
-    if (!r->header_only) {
-        ap_proxy_send_fb(cachefp, r, NULL, c->len, 0, 0, IOBUFSIZE);
-    }
-    else {
-        ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-    }
-
-    return OK;
-}
-
-
-/*
- * Call this to test for a resource in the cache
- * Returns DECLINED if we need to check the remote host
- * or an HTTP status code if successful
- *
- * Functions:
- *   if URL is cached then
- *      if cached file is not expired then
- *         if last modified after if-modified-since then send body
- *         else send 304 Not modified
- *      else if cached file is expired then
- *         if last modified after if-modified-since then add
- *            last modified date to request
- */
-int ap_proxy_cache_check(request_rec *r, char *url, struct cache_conf * conf,
-                             cache_req **cr)
-{
-    const char *datestr, *pragma_req = NULL, *pragma_cresp = NULL, *cc_req = NULL,
-        *cc_cresp = NULL;
-    cache_req *c;
-    BUFF *cachefp;
-    int i;
-    void *sconf = r->server->module_config;
-    proxy_server_conf *pconf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    const char *agestr = NULL;
-    char *val;
-    time_t age_c = 0;
-    time_t age, maxage_req, maxage_cresp, maxage, smaxage, maxstale, minfresh;
-
-    c = ap_pcalloc(r->pool, sizeof(cache_req));
-    *cr = c;
-    c->req = r;
-    c->url = ap_pstrdup(r->pool, url);
-    c->filename = NULL;
-    c->tempfile = NULL;
-    c->fp = NULL;
-    c->origfp = NULL;
-    c->version = 0;
-    c->len = -1;
-    c->req_hdrs = NULL;
-    c->hdrs = NULL;
-    c->xcache = NULL;
-
-    /* get the If-Modified-Since date of the request, if it exists */
-    c->ims = BAD_DATE;
-    datestr = ap_table_get(r->headers_in, "If-Modified-Since");
-    if (datestr != NULL) {
-        /* this may modify the value in the original table */
-        datestr = ap_proxy_date_canon(r->pool, datestr);
-        c->ims = ap_parseHTTPdate(datestr);
-        if (c->ims == BAD_DATE) /* bad or out of range date; remove it */
-            ap_table_unset(r->headers_in, "If-Modified-Since");
-    }
-
-/* get the If-Unmodified-Since date of the request, if it exists */
-    c->ius = BAD_DATE;
-    datestr = ap_table_get(r->headers_in, "If-Unmodified-Since");
-    if (datestr != NULL) {
-        /* this may modify the value in the original table */
-        datestr = ap_proxy_date_canon(r->pool, datestr);
-        c->ius = ap_parseHTTPdate(datestr);
-        if (c->ius == BAD_DATE) /* bad or out of range date; remove it */
-            ap_table_unset(r->headers_in, "If-Unmodified-Since");
-    }
-
-/* get the If-Match of the request, if it exists */
-    c->im = ap_table_get(r->headers_in, "If-Match");
-
-/* get the If-None-Match of the request, if it exists */
-    c->inm = ap_table_get(r->headers_in, "If-None-Match");
-
-/* find the filename for this cache entry */
-    if (conf->root != NULL) {
-        char hashfile[66];
-        ap_proxy_hash(url, hashfile, pconf->cache.dirlevels, pconf->cache.dirlength);
-        c->filename = ap_pstrcat(r->pool, conf->root, "/", hashfile, NULL);
-    }
-    else {
-        c->filename = NULL;
-        c->fp = NULL;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "No CacheRoot, so no caching. Declining.");
-        return DECLINED;
-    }
-
-/* find certain cache controlling headers */
-    pragma_req = ap_table_get(r->headers_in, "Pragma");
-    cc_req = ap_table_get(r->headers_in, "Cache-Control");
-
-/* first things first - does the request allow us to return
- * cached information at all? If not, just decline the request.
- *
- * Note that there is a big difference between not being allowed
- * to cache a request (no-store) and not being allowed to return
- * a cached request without revalidation (max-age=0).
- *
- * Caching is forbidden under the following circumstances:
- *
- * - RFC2616 14.9.2 Cache-Control: no-store
- * we are not supposed to store this request at all. Behave as a tunnel.
- *
- */
-    if (ap_proxy_liststr(cc_req, "no-store", NULL)) {
-
-/* delete the previously cached file */
-        if (c->filename)
-            unlink(c->filename);
-        c->fp = NULL;
-        c->filename = NULL;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "no-store forbids caching. Declining.");
-        return DECLINED;
-    }
-
-/* if the cache file exists, open it */
-    cachefp = NULL;
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Request for %s, pragma_req=%s, ims=%ld", url,
-                 (pragma_req == NULL) ? "(unset)" : pragma_req, (long)c->ims);
-/* find out about whether the request can access the cache */
-    if (c->filename != NULL && r->method_number == M_GET &&
-        strlen(url) < 1024) {
-        cachefp = ap_proxy_open_cachefile(r, c->filename);
-    }
-
-
-    /*
-     * if a cache file exists, try reading body and headers from cache file
-     */
-    if (cachefp != NULL) {
-        i = rdcache(r, cachefp, c);
-        if (i == -1)
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "proxy: error reading cache file %s",
-                          c->filename);
-        else if (i == 0)
-            ap_log_rerror(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, r,
-                          "proxy: bad (short?) cache file: %s", c->filename);
-        if (i != 1) {
-            ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-            cachefp = NULL;
-        }
-        if (c->hdrs) {
-            cc_cresp = ap_table_get(c->hdrs, "Cache-Control");
-            pragma_cresp = ap_table_get(c->hdrs, "Pragma");
-            if ((agestr = ap_table_get(c->hdrs, "Age"))) {
-                age_c = atoi(agestr);
-            }
-        }
-    }
-
-    /* if a cache file does not exist, create empty header array */
-/* fixed?  in this case, we want to get the headers from the remote server
-   it will be handled later if we don't do this (I hope ;-)
-
-    if (cachefp == NULL)
-        c->hdrs = ap_make_table(r->pool, 20);
-*/
-    /* FIXME: Shouldn't we check the URL somewhere? */
-
-    /*
-     * Check Content-Negotiation - Vary
-     * 
-     * At this point we need to make sure that the object we found in the cache
-     * is the same object that would be delivered to the client, when the
-     * effects of content negotiation are taken into effect.
-     * 
-     * In plain english, we want to make sure that a language-negotiated
-     * document in one language is not given to a client asking for a
-     * language negotiated document in a different language by mistake.
-     * 
-     * RFC2616 13.6 and 14.44 describe the Vary mechanism.
-     */
-    if (c->hdrs && c->req_hdrs) {
-        char *vary = ap_pstrdup(r->pool, ap_table_get(c->hdrs, "Vary"));
-
-        while (vary && *vary) {
-            char *name = vary;
-            const char *h1, *h2;
-
-            /* isolate header name */
-            while (*vary && !ap_isspace(*vary) && (*vary != ','))
-                ++vary;
-            while (ap_isspace(*vary) || (*vary == ',')) {
-                *vary = '\0';
-                ++vary;
-            }
-
-            /*
-             * is this header in the request and the header in the cached
-             * request identical? If not, we give up and do a straight get
-             */
-            h1 = ap_table_get(r->headers_in, name);
-            h2 = ap_table_get(c->req_hdrs, name);
-            if (h1 == h2) {
-                /* both headers NULL, so a match - do nothing */
-            }
-            else if (h1 && h2 && !strcmp(h1, h2)) {
-                /* both headers exist and are equal - do nothing */
-            }
-            else {
-
-                /* headers do not match, so Vary failed */
-                c->fp = cachefp;
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Vary header mismatch - object must be fetched from scratch. Declining.");
-                return DECLINED;
-            }
-        }
-    }
-
-
-    /*
-     * We now want to check if our cached data is still fresh. This depends
-     * on a few things, in this order:
-     * 
-     * - RFC2616 14.9.4 End to end reload, Cache-Control: no-cache no-cache in
-     * either the request or the cached response means that we must
-     * revalidate the request unconditionally, overriding any expiration
-     * mechanism. It's equivalent to max-age=0,must-revalidate.
-     * 
-     * - RFC2616 14.32 Pragma: no-cache This is treated the same as
-     * Cache-Control: no-cache.
-     * 
-     * - RFC2616 14.9.3 Cache-Control: max-stale, must-revalidate,
-     * proxy-revalidate if the max-stale request header exists, modify the
-     * stale calculations below so that an object can be at most <max-stale>
-     * seconds stale before we request a revalidation, _UNLESS_ a
-     * must-revalidate or proxy-revalidate cached response header exists to
-     * stop us doing this.
-     * 
-     * - RFC2616 14.9.3 Cache-Control: s-maxage the origin server specifies the
-     * maximum age an object can be before it is considered stale. This
-     * directive has the effect of proxy|must revalidate, which in turn means
-     * simple ignore any max-stale setting.
-     * 
-     * - RFC2616 14.9.4 Cache-Control: max-age this header can appear in both
-     * requests and responses. If both are specified, the smaller of the two
-     * takes priority.
-     * 
-     * - RFC2616 14.21 Expires: if this request header exists in the cached
-     * entity, and it's value is in the past, it has expired.
-     * 
-     */
-
-    /* calculate age of object */
-    age = ap_proxy_current_age(c, age_c);
-
-    /* extract s-maxage */
-    if (cc_cresp && ap_proxy_liststr(cc_cresp, "s-maxage", &val))
-        smaxage = atoi(val);
-    else
-        smaxage = -1;
-
-    /* extract max-age from request */
-    if (cc_req && ap_proxy_liststr(cc_req, "max-age", &val))
-        maxage_req = atoi(val);
-    else
-        maxage_req = -1;
-
-    /* extract max-age from response */
-    if (cc_cresp && ap_proxy_liststr(cc_cresp, "max-age", &val))
-        maxage_cresp = atoi(val);
-    else
-        maxage_cresp = -1;
-
-    /*
-     * if both maxage request and response, the smaller one takes priority
-     */
-    if (-1 == maxage_req)
-        maxage = maxage_cresp;
-    else if (-1 == maxage_cresp)
-        maxage = maxage_req;
-    else
-        maxage = MIN(maxage_req, maxage_cresp);
-
-    /* extract max-stale */
-    if (cc_req && ap_proxy_liststr(cc_req, "max-stale", &val))
-        maxstale = atoi(val);
-    else
-        maxstale = 0;
-
-    /* extract min-fresh */
-    if (cc_req && ap_proxy_liststr(cc_req, "min-fresh", &val))
-        minfresh = atoi(val);
-    else
-        minfresh = 0;
-
-    /* override maxstale if must-revalidate or proxy-revalidate */
-    if (maxstale && ((cc_cresp && ap_proxy_liststr(cc_cresp, "must-revalidate", NULL)) || (cc_cresp && ap_proxy_liststr(cc_cresp, "proxy-revalidate", NULL))))
-        maxstale = 0;
-
-    if (cachefp != NULL &&
-
-    /* handle no-cache */
-        !((cc_req && ap_proxy_liststr(cc_req, "no-cache", NULL)) ||
-          (pragma_req && ap_proxy_liststr(pragma_req, "no-cache", NULL)) ||
-          (cc_cresp && ap_proxy_liststr(cc_cresp, "no-cache", NULL)) ||
-      (pragma_cresp && ap_proxy_liststr(pragma_cresp, "no-cache", NULL))) &&
-
-    /* handle expiration */
-        ((-1 < smaxage && age < (smaxage - minfresh)) ||
-         (-1 < maxage && age < (maxage + maxstale - minfresh)) ||
-         (c->expire != BAD_DATE && age < (c->expire - c->date + maxstale - minfresh)))
-        ) {
-
-        /* it's fresh darlings... */
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Unexpired data available");
-
-        /* set age header on response */
-        ap_table_set(c->hdrs, "Age",
-                     ap_psprintf(r->pool, "%lu", (unsigned long)age));
-
-        /* add warning if maxstale overrode freshness calculation */
-        if (!((-1 < smaxage && age < smaxage) ||
-              (-1 < maxage && age < maxage) ||
-              (c->expire != BAD_DATE && (c->expire - c->date) > age))) {
-            /* make sure we don't stomp on a previous warning */
-            ap_table_merge(c->hdrs, "Warning", "110 Response is stale");
-        }
-
-        /* check conditionals (If-Modified-Since, etc) */
-        c->xcache = ap_pstrcat(r->pool, "HIT from ", ap_get_server_name(r), NULL);
-        return ap_proxy_cache_conditional(r, c, cachefp);
-
-
-    }
-
-    /*
-     * at this point we have determined our cached data needs revalidation
-     * but first - we check 1 thing:
-     * 
-     * RFC2616 14.9.4 - if "only-if-cached" specified, send a 504 Gateway
-     * Timeout - we're not allowed to revalidate the object
-     */
-    if (ap_proxy_liststr(cc_req, "only-if-cached", NULL)) {
-        if (cachefp)
-            ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-        return HTTP_GATEWAY_TIME_OUT;
-    }
-
-
-    /*
-     * If we already have cached data and a last-modified date, and it is not
-     * a head request, then add an If-Modified-Since.
-     * 
-     * If we also have an Etag, then the object must have come from an HTTP/1.1
-     * server. Add an If-None-Match as well.
-     * 
-     * See RFC2616 13.3.4
-     */
-
-    if (cachefp != NULL && !r->header_only) {
-
-        const char *etag = ap_table_get(c->hdrs, "Etag");
-
-        /* If-Modified-Since */
-        if (c->lmod != BAD_DATE) {
-            /*
-             * use the later of the one from the request and the
-             * last-modified date from the cache
-             */
-            if (c->ims == BAD_DATE || c->ims < c->lmod) {
-                const char *q;
-
-                if ((q = ap_table_get(c->hdrs, "Last-Modified")) != NULL)
-                    ap_table_set(r->headers_in, "If-Modified-Since", (char *)q);
-            }
-        }
-
-        /* If-None-Match */
-        if (etag) {
-            ap_table_set(r->headers_in, "If-None-Match", etag);
-        }
-
-    }
-
-
-    c->fp = cachefp;
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Local copy not present or expired. Declining.");
-
-    return DECLINED;
-}
-
-/*
- * Having read the response from the client, decide what to do
- * If the response is not cachable, then delete any previously cached
- * response, and copy data from remote server to client.
- * Functions:
- *  parse dates
- *  check for an uncachable response
- *  calculate an expiry date, if one is not provided
- *  if the remote file has not been modified, then return the document
- *  from the cache, maybe updating the header line
- *  otherwise, delete the old cached file and open a new temporary file
- */
-int ap_proxy_cache_update(cache_req *c, table *resp_hdrs,
-                              const int is_HTTP1, int nocache)
-{
-    request_rec *r = c->req;
-    char *p;
-    const char *expire, *lmods, *dates, *clen;
-    time_t expc, date, lmod, now;
-    char buff[17 * 7 + 1];
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    const char *cc_resp;
-    table *req_hdrs;
-    size_t tflen;
-
-    cc_resp = ap_table_get(resp_hdrs, "Cache-Control");
-
-    c->tempfile = NULL;
-
-    /* we've received the response from the origin server */
-
-    /*
-     * read expiry date; if a bad date, then leave it so the client can read
-     * it
-     */
-    expire = ap_table_get(resp_hdrs, "Expires");
-    if (expire != NULL)
-        expc = ap_parseHTTPdate(expire);
-    else
-        expc = BAD_DATE;
-
-    /* read the last-modified date; if the date is bad, then delete it */
-    lmods = ap_table_get(resp_hdrs, "Last-Modified");
-    if (lmods != NULL) {
-        lmod = ap_parseHTTPdate(lmods);
-        if (lmod == BAD_DATE) {
-            /* kill last modified date */
-            lmods = NULL;
-        }
-    }
-    else
-        lmod = BAD_DATE;
-
-
-    /*
-     * what responses should we not cache?
-     * 
-     * At this point we decide based on the response headers whether it is
-     * appropriate _NOT_ to cache the data from the server. There are a whole
-     * lot of conditions that prevent us from caching this data. They are
-     * tested here one by one to be clear and unambiguous.
-     */
-
-    /*
-     * RFC2616 13.4 we are allowed to cache 200, 203, 206, 300, 301 or 410 We
-     * don't cache 206, because we don't (yet) cache partial responses. We
-     * include 304 Not Modified here too as this is the origin server telling
-     * us to serve the cached copy.
-     */
-    if ((r->status != HTTP_OK && r->status != HTTP_NON_AUTHORITATIVE && r->status != HTTP_MULTIPLE_CHOICES && r->status != HTTP_MOVED_PERMANENTLY && r->status != HTTP_NOT_MODIFIED) ||
-
-    /* if a broken Expires header is present, don't cache it */
-        (expire != NULL && expc == BAD_DATE) ||
-
-    /*
-     * if the server said 304 Not Modified but we have no cache file - pass
-     * this untouched to the user agent, it's not for us.
-     */
-        (r->status == HTTP_NOT_MODIFIED && (c == NULL || c->fp == NULL)) ||
-
-    /*
-     * 200 OK response from HTTP/1.0 and up without a Last-Modified header
-     */
-        (r->status == HTTP_OK && lmods == NULL && is_HTTP1) ||
-
-    /* HEAD requests */
-        r->header_only ||
-
-    /*
-     * RFC2616 14.9.2 Cache-Control: no-store response indicating do not
-     * cache, or stop now if you are trying to cache it
-     */
-        ap_proxy_liststr(cc_resp, "no-store", NULL) ||
-
-    /*
-     * RFC2616 14.9.1 Cache-Control: private this object is marked for this
-     * user's eyes only. Behave as a tunnel.
-     */
-        ap_proxy_liststr(cc_resp, "private", NULL) ||
-
-    /*
-     * RFC2616 14.8 Authorisation: if authorisation is included in the
-     * request, we don't cache, but we can cache if the following exceptions
-     * are true: 1) If Cache-Control: s-maxage is included 2) If
-     * Cache-Control: must-revalidate is included 3) If Cache-Control: public
-     * is included
-     */
-        (ap_table_get(r->headers_in, "Authorization") != NULL
-
-         && !(ap_proxy_liststr(cc_resp, "s-maxage", NULL) || ap_proxy_liststr(cc_resp, "must-revalidate", NULL) || ap_proxy_liststr(cc_resp, "public", NULL))
-         ) ||
-
-    /* or we've been asked not to cache it above */
-        nocache) {
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Response is not cacheable, unlinking %s", c->filename);
-
-        /* close the file */
-        if (c->fp != NULL) {
-            ap_pclosef(r->pool, ap_bfileno(c->fp, B_WR));
-            c->fp = NULL;
-        }
-
-        /* delete the previously cached file */
-        if (c->filename)
-            unlink(c->filename);
-        return DECLINED;        /* send data to client but not cache */
-    }
-
-
-    /*
-     * It's safe to cache the response.
-     * 
-     * We now want to update the cache file header information with the new
-     * date, last modified, expire and content length and write it away to
-     * our cache file. First, we determine these values from the response,
-     * using heuristics if appropriate.
-     * 
-     * In addition, we make HTTP/1.1 age calculations and write them away too.
-     */
-
-    /* Read the date. Generate one if one is not supplied */
-    dates = ap_table_get(resp_hdrs, "Date");
-    if (dates != NULL)
-        date = ap_parseHTTPdate(dates);
-    else
-        date = BAD_DATE;
-
-    now = time(NULL);
-
-    if (date == BAD_DATE) {     /* No, or bad date */
-/* no date header! */
-/* add one; N.B. use the time _now_ rather than when we were checking the cache
- */
-        date = now;
-        dates = ap_gm_timestr_822(r->pool, now);
-        ap_table_set(resp_hdrs, "Date", dates);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Added date header");
-    }
-
-/* set response_time for HTTP/1.1 age calculations */
-    c->resp_time = now;
-
-/* check last-modified date */
-    if (lmod != BAD_DATE && lmod > date)
-/* if its in the future, then replace by date */
-    {
-        lmod = date;
-        lmods = dates;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Last modified is in the future, replacing with now");
-    }
-/* if the response did not contain the header, then use the cached version */
-    if (lmod == BAD_DATE && c->fp != NULL) {
-        lmod = c->lmod;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Reusing cached last modified");
-    }
-
-/* we now need to calculate the expire data for the object. */
-    if (expire == NULL && c->fp != NULL) {      /* no expiry data sent in
-                                                 * response */
-        expire = ap_table_get(c->hdrs, "Expires");
-        if (expire != NULL)
-            expc = ap_parseHTTPdate(expire);
-    }
-/* so we now have the expiry date */
-/* if no expiry date then
- *   if lastmod
- *      expiry date = now + min((date - lastmod) * factor, maxexpire)
- *   else
- *      expire date = now + defaultexpire
- */
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Expiry date is %ld", (long)expc);
-    if (expc == BAD_DATE) {
-        if (lmod != BAD_DATE) {
-            double x = (double)(date - lmod) * conf->cache.lmfactor;
-            double maxex = conf->cache.maxexpire;
-            if (x > maxex)
-                x = maxex;
-            expc = now + (int)x;
-        }
-        else
-            expc = now + conf->cache.defaultexpire;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Expiry date calculated %ld", (long)expc);
-    }
-
-/* get the content-length header */
-    clen = ap_table_get(resp_hdrs, "Content-Length");
-    if (clen == NULL)
-        c->len = -1;
-    else
-        c->len = ap_strtol(clen, NULL, 10);
-
-/* we have all the header information we need - write it to the cache file */
-    c->version++;
-    ap_proxy_sec2hex(date, buff + 17 * (0), sizeof(buff) - 17 * 0);
-    buff[17 * (1) - 1] = ' ';
-    ap_proxy_sec2hex(lmod, buff + 17 * (1), sizeof(buff) - 17 * 1);
-    buff[17 * (2) - 1] = ' ';
-    ap_proxy_sec2hex(expc, buff + 17 * (2), sizeof(buff) - 17 * 2);
-    buff[17 * (3) - 1] = ' ';
-    ap_proxy_sec2hex(c->version, buff + 17 * (3), sizeof(buff) - 17 * 3);
-    buff[17 * (4) - 1] = ' ';
-    ap_proxy_sec2hex(c->req_time, buff + 17 * (4), sizeof(buff) - 17 * 4);
-    buff[17 * (5) - 1] = ' ';
-    ap_proxy_sec2hex(c->resp_time, buff + 17 * (5), sizeof(buff) - 17 * 5);
-    buff[17 * (6) - 1] = ' ';
-    ap_proxy_sec2hex(c->len, buff + 17 * (6), sizeof(buff) - 17 * 6);
-    buff[17 * (7) - 1] = '\n';
-    buff[17 * (7)] = '\0';
-
-/* Was the server response a 304 Not Modified?
- *
- * If it was, it means that we requested a revalidation, and that
- * the result of that revalidation was that the object was fresh.
- *
- */
-
-/* if response from server 304 not modified */
-    if (r->status == HTTP_NOT_MODIFIED) {
-
-/* Have the headers changed?
- *
- * if not - we fulfil the request and return now.
- */
-
-        if (c->hdrs) {
-            /* recall at this point that c->len is already set from resp_hdrs.
-               If Content-Length was NULL, then c->len is -1, otherwise it's
-               set to whatever the value was. */
-            if (c->len == 0 || c->len == -1) {
-                const char *c_clen_str;
-                off_t c_clen;
-                if ( (c_clen_str = ap_table_get(c->hdrs, "Content-Length")) &&
-                   ( (c_clen = ap_strtol(c_clen_str, NULL, 10)) > 0) ) {
-                        ap_table_set(resp_hdrs, "Content-Length", c_clen_str);
-                        c->len = c_clen;
-                        ap_proxy_sec2hex(c->len, buff + 17 * (6),
-			    sizeof(buff) - 17 * 6);
-                        buff[17 * (7) - 1] = '\n';
-                        buff[17 * (7)] = '\0';
-                }
-            }
-            if (!ap_proxy_table_replace(c->hdrs, resp_hdrs)) {
-                c->xcache = ap_pstrcat(r->pool, "HIT from ", ap_get_server_name(r), " (with revalidation)", NULL);
-                return ap_proxy_cache_conditional(r, c, c->fp);
-            }
-        }
-        else
-            c->hdrs = resp_hdrs;
-/* if we get here - the headers have changed. Go through the motions
- * of creating a new temporary cache file below, we'll then serve
- * the request like we would have in ap_proxy_cache_conditional()
- * above, and at the same time we will also rewrite the contents
- * to the new temporary file.
- */
-    }
-
-/*
- * Ok - lets prepare and open the cached file
- *
- * If a cached file (in c->fp) is already open, then we want to
- * update that cached file. Copy the c->fp to c->origfp and open
- * up a new one.
- *
- * If the cached file (in c->fp) is NULL, we must open a new cached
- * file from scratch.
- *
- * The new cache file will be moved to it's final location in the
- * directory tree later, overwriting the old cache file should it exist.
- */
-
-/* if a cache file was already open */
-    if (c->fp != NULL) {
-        c->origfp = c->fp;
-    }
-
-    while (1) {
-/* create temporary filename */
-#define TMPFILESTR    "/tmpXXXXXXXXXX"
-        if (conf->cache.root == NULL) {
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-        tflen = strlen(conf->cache.root) + sizeof(TMPFILESTR);
-        c->tempfile = ap_palloc(r->pool, tflen);
-        strlcpy(c->tempfile, conf->cache.root, tflen);
-        strlcat(c->tempfile, TMPFILESTR, tflen);
-#undef TMPFILESTR
-        p = mktemp(c->tempfile);
-        if (p == NULL) {
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Create temporary file %s", c->tempfile);
-
-/* create the new file */
-        c->fp = ap_proxy_create_cachefile(r, c->tempfile);
-        if (NULL == c->fp) {
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-
-/* write away the cache header and the URL */
-        if (ap_bvputs(c->fp, buff, "X-URL: ", c->url, "\n", NULL) == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                        "proxy: error writing cache file(%s)", c->tempfile);
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-
-/* get original request headers */
-        if (c->req_hdrs)
-            req_hdrs = ap_copy_table(r->pool, c->req_hdrs);
-        else
-            req_hdrs = ap_copy_table(r->pool, r->headers_in);
-
-/* remove hop-by-hop headers */
-        ap_proxy_clear_connection(r->pool, req_hdrs);
-
-/* save original request headers */
-        if (c->req_hdrs)
-            ap_table_do(ap_proxy_send_hdr_line, c, c->req_hdrs, NULL);
-        else
-            ap_table_do(ap_proxy_send_hdr_line, c, r->headers_in, NULL);
-        if (ap_bputs(CRLF, c->fp) == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                          "proxy: error writing request headers terminating CRLF to %s", c->tempfile);
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-        break;
-    }
-
-/* Was the server response a 304 Not Modified?
- *
- * If so, we have some work to do that we didn't do when we first
- * checked above. We need to fulfil the request, and we need to
- * copy the body from the old object to the new one.
- */
-
-/* if response from server 304 not modified */
-    if (r->status == HTTP_NOT_MODIFIED) {
-
-/* fulfil the request */
-        c->xcache = ap_pstrcat(r->pool, "HIT from ", ap_get_server_name(r), " (with revalidation)", NULL);
-        return ap_proxy_cache_conditional(r, c, c->fp);
-
-    }
-    return DECLINED;
-}
-
-void ap_proxy_cache_tidy(cache_req *c)
-{
-    server_rec *s;
-    off_t bc;
-
-    if (!c || !c->fp)
-        return;
-
-    s = c->req->server;
-
-/* don't care how much was sent, but rather how much was written to cache
-    ap_bgetopt(c->req->connection->client, BO_BYTECT, &bc);
- */
-    bc = c->written;
-
-    if (c->len != -1) {
-/* file lengths don't match; don't cache it */
-        if (bc != c->len) {
-            ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR));  /* no need to flush */
-            unlink(c->tempfile);
-            return;
-        }
-    }
-/* don't care if aborted, cache it if fully retrieved from host!
-    else if (c->req->connection->aborted) {
-        ap_pclosef(c->req->pool, c->fp->fd);    / no need to flush /
-        unlink(c->tempfile);
-        return;
-    }
-*/
-    else {
-/* update content-length of file */
-        char buff[17];
-        off_t curpos;
-
-        c->len = bc;
-        ap_bflush(c->fp);
-        ap_proxy_sec2hex(c->len, buff, sizeof(buff));
-        curpos = lseek(ap_bfileno(c->fp, B_WR), 17 * 6, SEEK_SET);
-        if (curpos == -1)
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                      "proxy: error seeking on cache file %s", c->tempfile);
-        else if (write(ap_bfileno(c->fp, B_WR), buff, sizeof(buff) - 1) == -1)
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "proxy: error updating cache file %s", c->tempfile);
-    }
-
-    if (ap_bflush(c->fp) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "proxy: error writing to cache file %s",
-                     c->tempfile);
-        ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR));
-        unlink(c->tempfile);
-        return;
-    }
-
-    if (ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR))== -1) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "proxy: error closing cache file %s", c->tempfile);
-        unlink(c->tempfile);
-        return;
-    }
-
-    if (unlink(c->filename) == -1 && errno != ENOENT) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "proxy: error deleting old cache file %s",
-                     c->filename);
-        (void)unlink(c->tempfile);
-    }
-    else {
-        char *p;
-        proxy_server_conf *conf =
-        (proxy_server_conf *)ap_get_module_config(s->module_config, &proxy_module);
-
-        for (p = c->filename + strlen(conf->cache.root) + 1;;) {
-            p = strchr(p, '/');
-            if (!p)
-                break;
-            *p = '\0';
-            if (mkdir(c->filename, S_IREAD | S_IWRITE | S_IEXEC) < 0 && errno != EEXIST)
-                ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                             "proxy: error creating cache directory %s",
-                             c->filename);
-            *p = '/';
-            ++p;
-        }
-        if (link(c->tempfile, c->filename) == -1)
-            ap_log_error(APLOG_MARK, APLOG_INFO, s,
-                         "proxy: error linking cache file %s to %s",
-                         c->tempfile, c->filename);
-        if (unlink(c->tempfile) == -1)
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "proxy: error deleting temp file %s", c->tempfile);
-    }
-}
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_connect.c b/usr.sbin/httpd/src/modules/proxy/proxy_connect.c
deleted file mode 100644
index 42b39a33bfc..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_connect.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* CONNECT method for Apache proxy */
-
-#include "mod_proxy.h"
-#include "http_log.h"
-#include "http_main.h"
-
-/*
- * This handles Netscape CONNECT method secure proxy requests.
- * A connection is opened to the specified host and data is
- * passed through between the WWW site and the browser.
- *
- * This code is based on the INTERNET-DRAFT document
- * "Tunneling SSL Through a WWW Proxy" currently at
- * http://www.mcom.com/newsref/std/tunneling_ssl.html.
- *
- * If proxyhost and proxyport are set, we send a CONNECT to
- * the specified proxy..
- *
- * FIXME: this is bad, because it does its own socket I/O
- *        instead of using the I/O in buff.c.  However,
- *        the I/O in buff.c blocks on reads, and because
- *        this function doesn't know how much data will
- *        be sent either way (or when) it can't use blocking
- *        I/O.  This may be very implementation-specific
- *        (to Linux).  Any suggestions?
- * FIXME: this doesn't log the number of bytes sent, but
- *        that may be okay, since the data is supposed to
- *        be transparent. In fact, this doesn't log at all
- *        yet. 8^)
- * FIXME: doesn't check any headers initally sent from the
- *        client.
- * FIXME: should allow authentication, but hopefully the
- *        generic proxy authentication is good enough.
- * FIXME: no check for r->assbackwards, whatever that is.
- */
-
-static int allowed_port(proxy_server_conf *conf, int port)
-{
-    int i;
-    int *list = (int *)conf->allowed_connect_ports->elts;
-
-    for (i = 0; i < conf->allowed_connect_ports->nelts; i++) {
-        if (port == list[i])
-            return 1;
-    }
-    return 0;
-}
-
-
-int ap_proxy_connect_handler(request_rec *r, cache_req *c, char *url,
-                                 const char *proxyhost, int proxyport)
-{
-    struct sockaddr_in server;
-    struct addrinfo hints, *res, *res0;
-    const char *hoststr;
-    const char *portstr = NULL;
-    char *p;
-    int port, sock;
-    char buffer[HUGE_STRING_LEN];
-    int nbytes, i;
-    fd_set fds;
-    int error;
-
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
-
-    memset(&server, '\0', sizeof(server));
-#ifdef HAVE_SOCKADDR_LEN
-    server.sin_len = sizeof(server);
-#endif
-    server.sin_family = AF_INET;
-
-    /* Break the URL into host:port pairs */
-
-    hoststr = url;
-    p = strchr(url, ':');
-    if (p == NULL) {
-	char pbuf[32];
-	ap_snprintf(pbuf, sizeof(pbuf), "%d", DEFAULT_HTTPS_PORT);
-	portstr = pbuf;
-    } else {
-	portstr = p + 1;
-	*p = '\0';
-    }
-    port = atoi(portstr);
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    error = getaddrinfo(hoststr, portstr, &hints, &res0);
-    if (error && proxyhost == NULL) {
-	return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-		    gai_strerror(error));       /* give up */
-    }
-
-/* check if ProxyBlock directive on this host */
-    for (i = 0; i < conf->noproxies->nelts; i++) {
-	int fail;
-	struct sockaddr_in *sin;
-
-	fail = 0;
-	if (npent[i].name != NULL && strstr(hoststr, npent[i].name))
-	    fail++;
-	if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
-	    fail++;
-	for (res = res0; res; res = res->ai_next) {
-	    switch (res->ai_family) {
-	    case AF_INET:
-		sin = (struct sockaddr_in *)res->ai_addr;
-		if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
-		    fail++;
-		break;
-	    }
-	}
-	if (fail) {
-	    if (res0 != NULL)
-		freeaddrinfo(res0);
-	    return ap_proxyerror(r, HTTP_FORBIDDEN,
-				 "Connect to remote machine blocked");
-	}
-    }
-
-    /* Check if it is an allowed port */
-    if (conf->allowed_connect_ports->nelts == 0) {
-        /* Default setting if not overridden by AllowCONNECT */
-        switch (port) {
-        case DEFAULT_HTTPS_PORT:
-        case DEFAULT_SNEWS_PORT:
-            break;
-        default:
-	    if (res0 != NULL)
-		freeaddrinfo(res0);
-            return HTTP_FORBIDDEN;
-        }
-    }
-    else if(!allowed_port(conf, port)) {
-	if (res0 != NULL)
-		freeaddrinfo(res0);
-        return HTTP_FORBIDDEN;
-    }
-
-    if (proxyhost) {
-	char pbuf[10];
-
-	if (res0 != NULL)
-		freeaddrinfo(res0);
-	ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-	error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
-	if (error)
-		return HTTP_INTERNAL_SERVER_ERROR;  /* XXX */
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-		"CONNECT to remote proxy %s on port %d", proxyhost, proxyport);
-    }
-    else {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "CONNECT to %s on port %d", hoststr, port);
-    }
-
-    sock = i = -1;
-    for (res = res0; res; res = res->ai_next) {
-      sock = ap_psocket(r->pool, res->ai_family, res->ai_socktype, res->ai_protocol);
-      if (sock == -1)
-	continue;
-
-	if (sock >= FD_SETSIZE) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_WARNING, NULL,
-			"proxy_connect_handler: filedescriptor (%u) "
-			"larger than FD_SETSIZE (%u) "
-			"found, you probably need to rebuild Apache with a "
-			"larger FD_SETSIZE", sock, FD_SETSIZE);
-		ap_pclosesocket(r->pool, sock);
-		return HTTP_INTERNAL_SERVER_ERROR;
-	}
-
-      i = ap_proxy_doconnect(sock, res->ai_addr, r);
-      if (i == 0)
-	break;
-    }
-    freeaddrinfo(res0);
-    if (i == -1) {
-        ap_pclosesocket(r->pool, sock);
-        return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, ap_pstrcat(r->pool,
-        "Could not connect to remote machine:<br>", strerror(errno), NULL));
-    }
-
-    /*
-     * If we are connecting through a remote proxy, we need to pass the
-     * CONNECT request on to it.
-     */
-    if (proxyport) {
-        /*
-         * FIXME: We should not be calling write() directly, but we currently
-         * have no alternative.  Error checking ignored.  Also, we force a
-         * HTTP/1.0 request to keep things simple.
-         */
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "Sending the CONNECT request to the remote proxy");
-        ap_snprintf(buffer, sizeof(buffer), "CONNECT %s HTTP/1.0" CRLF, r->uri);
-        send(sock, buffer, strlen(buffer), 0);
-        ap_snprintf(buffer, sizeof(buffer),
-                    "Proxy-agent: %s" CRLF CRLF, ap_get_server_version());
-        send(sock, buffer, strlen(buffer), 0);
-    }
-    else {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "Returning 200 OK Status");
-        ap_rvputs(r, "HTTP/1.0 200 Connection established" CRLF, NULL);
-        ap_rvputs(r, "Proxy-agent: ", ap_get_server_version(), CRLF CRLF, NULL);
-        ap_bflush(r->connection->client);
-    }
-
-    while (1) {                 /* Infinite loop until error (one side closes
-                                 * the connection) */
-        FD_ZERO(&fds);
-        FD_SET(sock, &fds);
-        FD_SET(ap_bfileno(r->connection->client, B_WR), &fds);
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "Going to sleep (select)");
-        i = ap_select((ap_bfileno(r->connection->client, B_WR) > sock ?
-                       ap_bfileno(r->connection->client, B_WR) + 1 :
-                       sock + 1), &fds, NULL, NULL, NULL);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "Woke from select(), i=%d", i);
-
-        if (i) {
-            if (FD_ISSET(sock, &fds)) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                             "sock was set");
-                if ((nbytes = recv(sock, buffer, HUGE_STRING_LEN, 0)) != 0) {
-                    if (nbytes == -1)
-                        break;
-                    if (send(ap_bfileno(r->connection->client, B_WR), buffer,
-                             nbytes, 0) == EOF)
-                        break;
-                    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO,
-                             r->server, "Wrote %d bytes to client", nbytes);
-                }
-                else
-                    break;
-            }
-            else if (FD_ISSET(ap_bfileno(r->connection->client, B_WR), &fds)) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                             "client->fd was set");
-                if ((nbytes = recv(ap_bfileno(r->connection->client, B_WR),
-                                   buffer, HUGE_STRING_LEN, 0)) != 0) {
-                    if (nbytes == -1)
-                        break;
-                    if (send(sock, buffer, nbytes, 0) == EOF)
-                        break;
-                    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO,
-                             r->server, "Wrote %d bytes to server", nbytes);
-                }
-                else
-                    break;
-            }
-            else
-                break;          /* Must be done waiting */
-        }
-        else
-            break;
-    }
-
-    ap_pclosesocket(r->pool, sock);
-
-    return OK;
-}
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_ftp.c b/usr.sbin/httpd/src/modules/proxy/proxy_ftp.c
deleted file mode 100644
index f9910b226c5..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_ftp.c
+++ /dev/null
@@ -1,1479 +0,0 @@
-/*	$OpenBSD: proxy_ftp.c,v 1.18 2011/04/06 11:35:33 miod Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* FTP routines for Apache proxy */
-
-#include "mod_proxy.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "http_core.h"
-
-#define AUTODETECT_PWD
-
-/*
- * Decodes a '%' escaped string, and returns the number of characters
- */
-static int decodeenc(char *x)
-{
-    int i, j, ch;
-
-    if (x[0] == '\0')
-        return 0;               /* special case for no characters */
-    for (i = 0, j = 0; x[i] != '\0'; i++, j++) {
-/* decode it if not already done */
-        ch = x[i];
-        if (ch == '%' && ap_isxdigit(x[i + 1]) && ap_isxdigit(x[i + 2])) {
-            ch = ap_proxy_hex2c(&x[i + 1]);
-            i += 2;
-        }
-        x[j] = ch;
-    }
-    x[j] = '\0';
-    return j;
-}
-
-/*
- * checks an encoded ftp string for bad characters, namely, CR, LF or
- * non-ascii character
- */
-static int ftp_check_string(const char *x)
-{
-    int i, ch;
-
-    for (i = 0; x[i] != '\0'; i++) {
-        ch = x[i];
-        if (ch == '%' && ap_isxdigit(x[i + 1]) && ap_isxdigit(x[i + 2])) {
-            ch = ap_proxy_hex2c(&x[i + 1]);
-            i += 2;
-        }
-        if (ch == CR || ch == LF || (OS_ASC(ch) & 0x80))
-            return 0;
-    }
-    return 1;
-}
-
-/*
- * Canonicalise ftp URLs.
- */
-int ap_proxy_ftp_canon(request_rec *r, char *url)
-{
-    char *user, *password, *host, *path, *parms, *strp, sport[7];
-    pool *p = r->pool;
-    const char *err;
-    int port;
-
-    port = DEFAULT_FTP_PORT;
-    err = ap_proxy_canon_netloc(p, &url, &user, &password, &host, &port);
-    if (err)
-        return HTTP_BAD_REQUEST;
-    if (user != NULL && !ftp_check_string(user))
-        return HTTP_BAD_REQUEST;
-    if (password != NULL && !ftp_check_string(password))
-        return HTTP_BAD_REQUEST;
-
-/* now parse path/parameters args, according to rfc1738 */
-/* N.B. if this isn't a true proxy request, then the URL path
- * (but not query args) has already been decoded.
- * This gives rise to the problem of a ; being decoded into the
- * path.
- */
-    strp = strchr(url, ';');
-    if (strp != NULL) {
-        *(strp++) = '\0';
-        parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm,
-                                  r->proxyreq);
-        if (parms == NULL)
-            return HTTP_BAD_REQUEST;
-    }
-    else
-        parms = "";
-
-    path = ap_proxy_canonenc(p, url, strlen(url), enc_path, r->proxyreq);
-    if (path == NULL)
-        return HTTP_BAD_REQUEST;
-    if (!ftp_check_string(path))
-        return HTTP_BAD_REQUEST;
-
-    if (r->proxyreq == NOT_PROXY && r->args != NULL) {
-        if (strp != NULL) {
-            strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, STD_PROXY);
-            if (strp == NULL)
-                return HTTP_BAD_REQUEST;
-            parms = ap_pstrcat(p, parms, "?", strp, NULL);
-        }
-        else {
-            strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, STD_PROXY);
-            if (strp == NULL)
-                return HTTP_BAD_REQUEST;
-            path = ap_pstrcat(p, path, "?", strp, NULL);
-        }
-        r->args = NULL;
-    }
-
-/* now, rebuild URL */
-
-    if (port != DEFAULT_FTP_PORT)
-        ap_snprintf(sport, sizeof(sport), ":%d", port);
-    else
-        sport[0] = '\0';
-
-    r->filename = ap_pstrcat(p, "proxy:ftp://", (user != NULL) ? user : "",
-                             (password != NULL) ? ":" : "",
-                             (password != NULL) ? password : "",
-                          (user != NULL) ? "@" : "", host, sport, "/", path,
-                             (parms[0] != '\0') ? ";" : "", parms, NULL);
-
-    return OK;
-}
-
-/*
- * Returns the ftp status code;
- *  or -1 on I/O error, 0 on data error
- */
-static int ftp_getrc(BUFF *ctrl)
-{
-    int len, status;
-    char linebuff[100], buff[5];
-
-    len = ap_bgets(linebuff, sizeof linebuff, ctrl);
-    if (len == -1)
-        return -1;
-/* check format */
-    if (len < 5 || !ap_isdigit(linebuff[0]) || !ap_isdigit(linebuff[1]) ||
-     !ap_isdigit(linebuff[2]) || (linebuff[3] != ' ' && linebuff[3] != '-'))
-        status = 0;
-    else
-        status = 100 * linebuff[0] + 10 * linebuff[1] + linebuff[2] - 111 * '0';
-
-    if (linebuff[len - 1] != '\n') {
-        (void)ap_bskiplf(ctrl);
-    }
-
-/* skip continuation lines */
-    if (linebuff[3] == '-') {
-        memcpy(buff, linebuff, 3);
-        buff[3] = ' ';
-        do {
-            len = ap_bgets(linebuff, sizeof linebuff, ctrl);
-            if (len == -1)
-                return -1;
-            if (linebuff[len - 1] != '\n') {
-                (void)ap_bskiplf(ctrl);
-            }
-        } while (memcmp(linebuff, buff, 4) != 0);
-    }
-
-    return status;
-}
-
-/*
- * Like ftp_getrc but returns both the ftp status code and
- * remembers the response message in the supplied buffer
- */
-static int ftp_getrc_msg(BUFF *ctrl, char *msgbuf, int msglen)
-{
-    int len, status;
-    char linebuff[100], buff[5];
-    char *mb = msgbuf, *me = &msgbuf[msglen];
-
-    len = ap_bgets(linebuff, sizeof linebuff, ctrl);
-    if (len == -1)
-        return -1;
-    if (len < 5 || !ap_isdigit(linebuff[0]) || !ap_isdigit(linebuff[1]) ||
-     !ap_isdigit(linebuff[2]) || (linebuff[3] != ' ' && linebuff[3] != '-'))
-        status = 0;
-    else
-        status = 100 * linebuff[0] + 10 * linebuff[1] + linebuff[2] - 111 * '0';
-
-    mb = ap_cpystrn(mb, linebuff + 4, me - mb);
-
-    if (linebuff[len - 1] != '\n')
-        (void)ap_bskiplf(ctrl);
-
-    if (linebuff[3] == '-') {
-        memcpy(buff, linebuff, 3);
-        buff[3] = ' ';
-        do {
-            len = ap_bgets(linebuff, sizeof linebuff, ctrl);
-            if (len == -1)
-                return -1;
-            if (linebuff[len - 1] != '\n') {
-                (void)ap_bskiplf(ctrl);
-            }
-            mb = ap_cpystrn(mb, linebuff + 4, me - mb);
-        } while (memcmp(linebuff, buff, 4) != 0);
-    }
-    return status;
-}
-
-static long int send_dir(BUFF *data, request_rec *r, cache_req *c, char *cwd)
-{
-    char *buf, *buf2;
-    size_t buf_size;
-    char *filename;
-    int searchidx = 0;
-    char *searchptr = NULL;
-    int firstfile = 1;
-    unsigned long total_bytes_sent = 0;
-    int n;
-    conn_rec *con = r->connection;
-    pool *p = r->pool;
-    char *dir, *path, *reldir, *site, *type = NULL;
-    char *basedir = "";         /* By default, path is relative to the $HOME
-                                 * dir */
-
-    /* create default sized buffers for the stuff below */
-    buf_size = IOBUFSIZE;
-    buf = ap_palloc(r->pool, buf_size);
-    buf2 = ap_palloc(r->pool, buf_size);
-
-    /* Save "scheme://site" prefix without password */
-    site = ap_unparse_uri_components(p, &r->parsed_uri, UNP_OMITPASSWORD | UNP_OMITPATHINFO);
-    /* ... and path without query args */
-    path = ap_unparse_uri_components(p, &r->parsed_uri, UNP_OMITSITEPART | UNP_OMITQUERY);
-
-    /* If path began with /%2f, change the basedir */
-    if (strncasecmp(path, "/%2f", 4) == 0) {
-        basedir = "/%2f";
-    }
-
-    /* Strip off a type qualifier. It is ignored for dir listings */
-    if ((type = strstr(path, ";type=")) != NULL)
-        *type++ = '\0';
-
-    (void)decodeenc(path);
-
-    while (path[1] == '/')      /* collapse multiple leading slashes to one */
-        ++path;
-
-    /* Copy path, strip (all except the last) trailing slashes */
-    /* (the trailing slash is needed for the dir component loop below) */
-    path = dir = ap_pstrcat(r->pool, path, "/", NULL);
-    for (n = strlen(path); n > 1 && path[n - 1] == '/' && path[n - 2] == '/'; --n)
-        path[n - 1] = '\0';
-
-    /* print "ftp://host/" */
-    n = ap_snprintf(buf, buf_size, DOCTYPE_HTML_3_2
-                    "<html><head><title>%s%s%s</title>\n"
-                    "<base href=\"%s%s%s\"></head>\n"
-                    "<body><h2>Directory of "
-                    "<a href=\"/\">%s</a>/",
-                    site, basedir, ap_escape_html(p, path),
-                    site, basedir, ap_escape_uri(p, path),
-                    site);
-    total_bytes_sent += ap_proxy_bputs2(buf, con->client, c);
-
-    /* Add a link to the root directory (if %2f hack was used) */
-    if (basedir[0] != '\0') {
-        total_bytes_sent += ap_proxy_bputs2("<a href=\"/%2f/\">%2f</a>/", con->client, c);
-    }
-
-    for (dir = path + 1; (dir = strchr(dir, '/')) != NULL;) {
-        *dir = '\0';
-        if ((reldir = strrchr(path + 1, '/')) == NULL) {
-            reldir = path + 1;
-        }
-        else
-            ++reldir;
-        /* print "path/" component */
-        ap_snprintf(buf, buf_size, "<a href=\"%s%s/\">%s</a>/",
-                    basedir,
-                    ap_escape_uri(p, path),
-                    ap_escape_html(p, reldir));
-        total_bytes_sent += ap_proxy_bputs2(buf, con->client, c);
-        *dir = '/';
-        while (*dir == '/')
-            ++dir;
-    }
-
-    /* If the caller has determined the current directory, and it differs */
-    /* from what the client requested, then show the real name */
-    if (cwd == NULL || strncmp(cwd, path, strlen(cwd)) == 0) {
-        ap_snprintf(buf, buf_size, "</h2>\n<hr /><pre>");
-    }
-    else {
-        ap_snprintf(buf, buf_size, "</h2>\n(%s)\n<hr /><pre>",
-                    ap_escape_html(p, cwd));
-    }
-    total_bytes_sent += ap_proxy_bputs2(buf, con->client, c);
-
-    while (!con->aborted) {
-        n = ap_bgets(buf, buf_size, data);
-        if (n == -1) {          /* input error */
-            if (c != NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                              "proxy: error reading from %s", c->url);
-                c = ap_proxy_cache_error(c);
-            }
-            break;
-        }
-        if (n == 0)
-            break;              /* EOF */
-
-        if (buf[n - 1] == '\n') /* strip trailing '\n' */
-            buf[--n] = '\0';
-        if (buf[n - 1] == '\r') /* strip trailing '\r' if present */
-            buf[--n] = '\0';
-
-        /* Handle unix-style symbolic link */
-        if (buf[0] == 'l' && (filename = strstr(buf, " -> ")) != NULL) {
-            char *link_ptr = filename;
-
-            do {
-                filename--;
-            } while (filename[0] != ' ' && filename > buf);
-            if (filename != buf)
-                *(filename++) = '\0';
-            *(link_ptr++) = '\0';
-            ap_snprintf(buf2, buf_size, "%s <a href=\"%s\">%s %s</a>\n",
-                        ap_escape_html(p, buf),
-                        ap_escape_uri(p, filename),
-                        ap_escape_html(p, filename),
-                        ap_escape_html(p, link_ptr));
-            ap_cpystrn(buf, buf2, buf_size);
-            n = strlen(buf);
-        }
-        /* Handle unix style or DOS style directory  */
-        else if (buf[0] == 'd' || buf[0] == '-' || buf[0] == 'l' || ap_isdigit(buf[0])) {
-            if (ap_isdigit(buf[0])) {   /* handle DOS dir */
-                searchptr = strchr(buf, '<');
-                if (searchptr != NULL)
-                    *searchptr = '[';
-                searchptr = strchr(buf, '>');
-                if (searchptr != NULL)
-                    *searchptr = ']';
-            }
-
-            filename = strrchr(buf, ' ');
-            *(filename++) = 0;
-
-            /* handle filenames with spaces in 'em */
-            if (!strcmp(filename, ".") || !strcmp(filename, "..") || firstfile) {
-                firstfile = 0;
-                searchidx = filename - buf;
-            }
-            else if (searchidx != 0 && buf[searchidx] != 0) {
-                *(--filename) = ' ';
-                buf[searchidx - 1] = 0;
-                filename = &buf[searchidx];
-            }
-
-            /* Special handling for '.' and '..': append slash to link */
-            if (!strcmp(filename, ".") || !strcmp(filename, "..") || buf[0] == 'd') {
-                ap_snprintf(buf2, buf_size, "%s <a href=\"%s/\">%s</a>\n",
-                         ap_escape_html(p, buf), ap_escape_uri(p, filename),
-                            ap_escape_html(p, filename));
-            }
-            else {
-                ap_snprintf(buf2, buf_size, "%s <a href=\"%s\">%s</a>\n",
-                            ap_escape_html(p, buf),
-                            ap_escape_uri(p, filename),
-                            ap_escape_html(p, filename));
-            }
-            ap_cpystrn(buf, buf2, buf_size);
-            n = strlen(buf);
-        }
-        /* else??? What about other OS's output formats? */
-        else {
-            strlcat(buf, "\n", buf_size);  /* re-append the newline char */
-            ap_cpystrn(buf, ap_escape_html(p, buf), buf_size);
-        }
-
-        total_bytes_sent += ap_proxy_bputs2(buf, con->client, c);
-
-        ap_reset_timeout(r);    /* reset timeout after successfule write */
-    }
-
-    total_bytes_sent += ap_proxy_bputs2("</pre><hr />\n", con->client, c);
-    total_bytes_sent += ap_proxy_bputs2(ap_psignature("", r), con->client, c);
-    total_bytes_sent += ap_proxy_bputs2("</body></html>\n", con->client, c);
-
-    ap_bclose(data);
-
-    ap_bflush(con->client);
-
-    return total_bytes_sent;
-}
-
-/* Common routine for failed authorization (i.e., missing or wrong password)
- * to an ftp service. This causes most browsers to retry the request
- * with username and password (which was presumably queried from the user)
- * supplied in the Authorization: header.
- * Note that we "invent" a realm name which consists of the
- * ftp://user@host part of the reqest (sans password -if supplied but invalid-)
- */
-static int ftp_unauthorized(request_rec *r, int log_it)
-{
-    r->proxyreq = NOT_PROXY;
-    /*
-     * Log failed requests if they supplied a password (log username/password
-     * guessing attempts)
-     */
-    if (log_it)
-        ap_log_rerror(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, r,
-                      "proxy: missing or failed auth to %s",
-                      ap_unparse_uri_components(r->pool,
-                                         &r->parsed_uri, UNP_OMITPATHINFO));
-
-    ap_table_setn(r->err_headers_out, "WWW-Authenticate",
-                  ap_pstrcat(r->pool, "Basic realm=\"",
-                          ap_unparse_uri_components(r->pool, &r->parsed_uri,
-                                       UNP_OMITPASSWORD | UNP_OMITPATHINFO),
-                             "\"", NULL));
-
-    return HTTP_UNAUTHORIZED;
-}
-
-/* Set ftp server to TYPE {A,I,E} before transfer of a directory or file */
-static int ftp_set_TYPE(request_rec *r, BUFF *ctrl, char xfer_type)
-{
-    static char old_type[2] = {'A', '\0'};      /* After logon, mode is ASCII */
-    int ret = HTTP_OK;
-    int rc;
-
-    if (xfer_type == old_type[0])
-        return ret;
-
-    /* set desired type */
-    old_type[0] = xfer_type;
-    ap_bvputs(ctrl, "TYPE ", old_type, CRLF, NULL);
-    ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: TYPE %s", old_type);
-
-/* responses: 200, 421, 500, 501, 504, 530 */
-    /* 200 Command okay. */
-    /* 421 Service not available, closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 504 Command not implemented for that parameter. */
-    /* 530 Not logged in. */
-    rc = ftp_getrc(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", rc);
-    if (rc == -1 || rc == 421) {
-        ap_kill_timeout(r);
-        ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                            "Error reading from remote server");
-    }
-    else if (rc != 200 && rc != 504) {
-        ap_kill_timeout(r);
-        ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                            "Unable to set transfer type");
-    }
-/* Allow not implemented */
-    else if (rc == 504)
-         /* ignore it silently */ ;
-
-    return ret;
-}
-
-/* Common cleanup routine: close open BUFFers or sockets, and return an error */
-static int ftp_cleanup_and_return(request_rec *r, BUFF *ctrl, BUFF *data, int csock, int dsock, int rc)
-{
-    if (ctrl != NULL)
-        ap_bclose(ctrl);
-    else if (csock != -1)
-        ap_pclosesocket(r->pool, csock);
-
-    if (data != NULL)
-        ap_bclose(data);
-    else if (dsock != -1)
-        ap_pclosesocket(r->pool, dsock);
-
-    ap_kill_timeout(r);
-
-    return rc;
-}
-
-/*
- * Handles direct access of ftp:// URLs
- * Original (Non-PASV) version from
- * Troy Morrison <spiffnet@zoom.com>
- * PASV added by Chuck
- */
-int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url)
-{
-    char *desthost, *path, *strp, *parms;
-    char *strp2;
-    char *cwd = NULL;
-    char *user = NULL;
-/*    char *account = NULL; how to supply an account in a URL? */
-    const char *password = NULL;
-    const char *err;
-    int destport, i, j, len, rc, nocache = 0;
-    int csd = 0, sock = -1, dsock = -1;
-    struct sockaddr_storage server;
-    struct addrinfo hints, *res, *res0;
-    char portbuf[10];
-    int error;
-    struct in_addr destaddr;
-    table *resp_hdrs;
-    BUFF *ctrl = NULL;
-    BUFF *data = NULL;
-    pool *p = r->pool;
-    char *destportstr = NULL;
-    const char *urlptr = NULL;
-    int one = 1;
-    NET_SIZE_T clen;
-    char xfer_type = 'A';       /* after ftp login, the default is ASCII */
-    int get_dirlisting = 0;
-
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
-    struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
-
-/* stuff for PASV mode */
-    unsigned int presult, h0, h1, h2, h3, p0, p1;
-    unsigned int paddr;
-    unsigned short pport;
-    struct sockaddr_storage data_addr;
-    struct sockaddr_in *sin;
-    int pasvmode = 0;
-    char pasv[64];
-    char *pstr, *host;
-    int port;
-
-/* stuff for LPSV/EPSV */
-    unsigned int paf, holen, ho[16], polen, po[2];
-    struct sockaddr_in6 *sin6;
-    int lpsvmode = 0;
-    char *cmd;
-
-/* stuff for responses */
-    char resp[MAX_STRING_LEN];
-    char *size = NULL;
-
-/* we only support GET and HEAD */
-
-    if (r->method_number != M_GET)
-        return HTTP_NOT_IMPLEMENTED;
-
-/* We break the URL into host, port, path-search */
-
-    host = r->parsed_uri.hostname;
-    port = (r->parsed_uri.port != 0)
-        ? r->parsed_uri.port
-        : ap_default_port_for_request(r);
-    path = ap_pstrdup(p, r->parsed_uri.path);
-    if (path == NULL)
-        path = "";
-    else
-        while (*path == '/')
-            ++path;
-
-    urlptr = strstr(url, "://");
-    if (urlptr == NULL)
-        return HTTP_BAD_REQUEST;
-    urlptr += 3;
-    destport = 21;
-    strp = strchr(urlptr, '/');
-    if (strp == NULL) {
-        desthost = ap_pstrdup(p, urlptr);
-        urlptr = "/";
-    }
-    else {
-        char *q = ap_palloc(p, strp - urlptr + 1);
-        memcpy(q, urlptr, strp - urlptr);
-        q[strp - urlptr] = '\0';
-        urlptr = strp;
-        desthost = q;
-    }
-
-    strp2 = strchr(desthost, ':');
-    if (strp2 != NULL) {
-        *(strp2++) = '\0';
-        if (ap_isdigit(*strp2)) {
-            destport = atoi(strp2);
-            destportstr = strp2;
-        }
-    }
-    path = strchr(urlptr, '/')+1;
-    
-    /*
-     * The "Authorization:" header must be checked first. We allow the user
-     * to "override" the URL-coded user [ & password ] in the Browsers'
-     * User&Password Dialog. NOTE that this is only marginally more secure
-     * than having the password travel in plain as part of the URL, because
-     * Basic Auth simply uuencodes the plain text password. But chances are
-     * still smaller that the URL is logged regularly.
-     */
-    if ((password = ap_table_get(r->headers_in, "Authorization")) != NULL
-        && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
-        && (password = ap_pbase64decode(r->pool, password))[0] != ':') {
-        /*
-         * Note that this allocation has to be made from r->connection->pool
-         * because it has the lifetime of the connection.  The other
-         * allocations are temporary and can be tossed away any time.
-         */
-        user = ap_getword_nulls(r->connection->pool, &password, ':');
-        r->connection->ap_auth_type = "Basic";
-        r->connection->user = r->parsed_uri.user = user;
-        nocache = 1;            /* This resource only accessible with
-                                 * username/password */
-    }
-    else if ((user = r->parsed_uri.user) != NULL) {
-        user = ap_pstrdup(p, user);
-        decodeenc(user);
-        if ((password = r->parsed_uri.password) != NULL) {
-            char *tmp = ap_pstrdup(p, password);
-            decodeenc(tmp);
-            password = tmp;
-        }
-        nocache = 1;            /* This resource only accessible with
-                                 * username/password */
-    }
-    else {
-        user = "anonymous";
-        password = "apache_proxy@";
-    }
-
-    /* check if ProxyBlock directive on this host */
-    destaddr.s_addr = ap_inet_addr(desthost);
-    for (i = 0; i < conf->noproxies->nelts; i++) {
-        if (destaddr.s_addr == npent[i].addr.s_addr ||
-            (npent[i].name != NULL &&
-          (npent[i].name[0] == '*' || strstr(desthost, npent[i].name) != NULL)))
-            return ap_proxyerror(r, HTTP_FORBIDDEN,
-                                 "Connect to remote machine blocked");
-    }
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: connect to %s:%d", desthost, destport);
-
-    parms = strchr(url, ';');
-    if (parms != NULL)
-        *(parms++) = '\0';
-
-    ap_snprintf(portbuf, sizeof(portbuf), "%d", port);
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    error = getaddrinfo(host, portbuf, &hints, &res0);
-    if (error) {
-        return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-           gai_strerror(error));
-    }
-
-    i = -1;
-    for (res = res0; res; res = res->ai_next) {
-      dsock = ap_psocket(p, server.ss_family, SOCK_STREAM, res->ai_protocol);
-       if (sock == -1)
-           continue;
-
-    if (conf->recv_buffer_size > 0
-        && setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-                      (const char *)&conf->recv_buffer_size, sizeof(int))
-        == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
-    }
-
-    if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
-                   sizeof(one)) == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-         "proxy: error setting reuseaddr option: setsockopt(SO_REUSEADDR)");
-        ap_pclosesocket(p, sock);
-            freeaddrinfo(res0);
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-        i = ap_proxy_doconnect(sock, res->ai_addr, r);
-        if (i == 0){
-            memcpy(&server, res->ai_addr, res->ai_addrlen);
-            break;
-        }
-        ap_pclosesocket(p, sock);
-    }
-    freeaddrinfo(res0);
-    if (i == -1) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                      ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
-                                    "Could not connect to remote machine: ",
-                                                   strerror(errno), NULL)));
-    }
-
-    /* record request_time for HTTP/1.1 age calculation */
-    c->req_time = time(NULL);
-
-    ctrl = ap_bcreate(p, B_RDWR | B_SOCKET);
-    ap_bpushfd(ctrl, sock, sock);
-/* shouldn't we implement telnet control options here? */
-
-
-    /* possible results: */
-    /* 120 Service ready in nnn minutes. */
-    /* 220 Service ready for new user. */
-    /* 421 Service not available, closing control connection. */
-    ap_hard_timeout("proxy ftp", r);
-    i = ftp_getrc_msg(ctrl, resp, sizeof resp);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-    if (i == -1 || i == 421) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    }
-    if (i != 220) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                  ap_proxyerror(r, HTTP_BAD_GATEWAY, resp));
-    }
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: connected.");
-
-    ap_bvputs(ctrl, "USER ", user, CRLF, NULL);
-    ap_bflush(ctrl);            /* capture any errors */
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: USER %s", user);
-
-    /* possible results; 230, 331, 332, 421, 500, 501, 530 */
-    /* states: 1 - error, 2 - success; 3 - send password, 4,5 fail */
-    /* 230 User logged in, proceed. */
-    /* 331 User name okay, need password. */
-    /* 332 Need account for login. */
-    /* 421 Service not available, closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    /* (This may include errors such as command line too long.) */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 530 Not logged in. */
-    i = ftp_getrc(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-    if (i == -1 || i == 421) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    }
-    if (i == 530) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ftp_unauthorized(r, 1));
-    }
-    if (i != 230 && i != 331) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      HTTP_BAD_GATEWAY);
-    }
-
-    if (i == 331) {             /* send password */
-        if (password == NULL) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ftp_unauthorized(r, 0));
-        }
-        ap_bvputs(ctrl, "PASS ", password, CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PASS %s", password);
-        /* possible results 202, 230, 332, 421, 500, 501, 503, 530 */
-        /* 230 User logged in, proceed. */
-        /* 332 Need account for login. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 503 Bad sequence of commands. */
-        /* 530 Not logged in. */
-        i = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-        if (i == -1 || i == 421) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        }
-        if (i == 332) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_UNAUTHORIZED,
-                                                 "Need account for login"));
-        }
-        /* @@@ questionable -- we might as well return a 403 Forbidden here */
-        if (i == 530)           /* log it: passwd guessing attempt? */
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ftp_unauthorized(r, 1));
-        if (i != 230 && i != 202)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-    }
-
-    /*
-     * Special handling for leading "%2f": this enforces a "cwd /" out of the
-     * $HOME directory which was the starting point after login
-     */
-    if (strncasecmp(path, "%2f", 3) == 0) {
-        path += 3;
-        while (*path == '/')    /* skip leading '/' (after root %2f) */
-            ++path;
-        ap_bputs("CWD /" CRLF, ctrl);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: CWD /");
-
-        /* possible results: 250, 421, 500, 501, 502, 530, 550 */
-        /* 250 Requested file action okay, completed. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        /* 530 Not logged in. */
-        /* 550 Requested action not taken. */
-        i = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-        if (i == -1 || i == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        else if (i == 550)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_NOT_FOUND);
-        else if (i != 250)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-    }
-
-/* set the directory (walk directory component by component):
- * this is what we must do if we don't know the OS type of the remote
- * machine
- */
-    for (; (strp = strchr(path, '/')) != NULL; path = strp + 1) {
-        char *slash = strp;
-
-        *slash = '\0';
-
-        /* Skip multiple '/' (or trailing '/') to avoid 500 errors */
-        while (strp[1] == '/')
-            ++strp;
-        if (strp[1] == '\0')
-            break;
-
-        len = decodeenc(path);  /* Note! This decodes a %2f -> "/" */
-        if (strchr(path, '/'))  /* were there any '/' characters? */
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_REQUEST,
-                       "Use of %2F is only allowed at the base directory"));
-
-        ap_bvputs(ctrl, "CWD ", path, CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: CWD %s", path);
-        *slash = '/';
-
-/* responses: 250, 421, 500, 501, 502, 530, 550 */
-        /* 250 Requested file action okay, completed. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        /* 530 Not logged in. */
-        /* 550 Requested action not taken. */
-        i = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-        if (i == -1 || i == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        if (i == 550)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_NOT_FOUND);
-        if (i == 500 || i == 501)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_REQUEST,
-                      "Syntax error in filename (reported by ftp server)"));
-        if (i != 250)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-    }
-
-    if (parms != NULL && strncmp(parms, "type=", 5) == 0
-        && ap_isalpha(parms[5])) {
-        /*
-         * "type=d" forces a dir listing. The other types (i|a|e) are
-         * directly used for the ftp TYPE command
-         */
-        if (!(get_dirlisting = (parms[5] == 'd')))
-            xfer_type = ap_toupper(parms[5]);
-
-        /* Check valid types, rather than ignoring invalid types silently: */
-        if (strchr("AEI", xfer_type) == NULL)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                      ap_proxyerror(r, HTTP_BAD_REQUEST, ap_pstrcat(r->pool,
-                       "ftp proxy supports only types 'a', 'i', or 'e': \"",
-                                           parms, "\" is invalid.", NULL)));
-    }
-    else {
-        /* make binary transfers the default */
-        xfer_type = 'I';
-    }
-
-/* try to set up PASV data connection first */
-    dsock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
-    if (dsock == -1) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                                      "proxy: error creating PASV socket"));
-    }
-
-    if (conf->recv_buffer_size) {
-        if (setsockopt(dsock, SOL_SOCKET, SO_RCVBUF,
-                (const char *)&conf->recv_buffer_size, sizeof(int)) == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
-        }
-    }
-
-lpsvagain:
-    if (server.ss_family == AF_INET)
-      cmd = "PASV";
-    else if (lpsvmode)
-      cmd = "LPSV";
-    else
-      cmd = "EPSV";
-    ap_bputs(cmd, ctrl);
-    ap_bputs(CRLF, ctrl);
-    ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: passive command issued");
-/* possible results: 227, 421, 500, 501, 502, 530 */
-    /* 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). */
-    /* 228 Entering Long Passive Mode (...). */
-    /* 229 Entering Extended Passive Mode (...). */
-    /* 421 Service not available, closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 502 Command not implemented. */
-    /* 530 Not logged in. */
-
-    i = ap_bgets(pasv, sizeof(pasv), ctrl);
-    if (i == -1 || i == 421) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                               "proxy: passive: control connection is toast"));
-    }
-    else {
-        pasv[i - 1] = '\0';
-        pstr = strtok(pasv, " ");       /* separate result code */
-        if (pstr != NULL) {
-            presult = atoi(pstr);
-            if (*(pstr + strlen(pstr) + 1) == '=')
-                pstr += strlen(pstr) + 2;
-            else {
-                pstr = strtok(NULL, "(");       /* separate address & port
-                                                 * params */
-                if (pstr != NULL)
-                    pstr = strtok(NULL, ")");
-            }
-        }
-        else
-            presult = atoi(pasv);
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", presult);
-
-        if (presult == 227 && pstr != NULL && (sscanf(pstr,
-                 "%d,%d,%d,%d,%d,%d", &h3, &h2, &h1, &h0, &p1, &p0) == 6)) {
-            /* pardon the parens, but it makes gcc happy */
-            paddr = (((((h3 << 8) + h2) << 8) + h1) << 8) + h0;
-            pport = (p1 << 8) + p0;
-            ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: contacting host %d.%d.%d.%d:%d",
-                         h3, h2, h1, h0, pport);
-            sin = (struct sockaddr_in *)&data_addr;
-            sin->sin_family = AF_INET;
-            sin->sin_len = sizeof(*sin);
-            sin->sin_addr.s_addr = htonl(paddr);
-            sin->sin_port = htons(pport);
-            i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
-
-            if (i == -1) {
-                return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                                        ap_pstrcat(r->pool,
-                                    "Could not connect to remote machine: ",
-                                                   strerror(errno), NULL)));
-            }
-            pasvmode = 1;
-	} else if (presult == 228 && pstr != NULL
-		&& sscanf(pstr,
-"%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u",
-		    &paf, &holen, &ho[0], &ho[1], &ho[2], &ho[3],
-		    &ho[4], &ho[5], &ho[6], &ho[7], &ho[8], &ho[9], &ho[10], &ho[11],
-		    &ho[12], &ho[13], &ho[14], &ho[15], &polen, &po[0], &po[1]) == 21
-		&& paf == 6 && holen == 16 && polen == 2) {
-	    int i;
-	    sin6 = (struct sockaddr_in6 *)&data_addr;
-	    sin6->sin6_family = AF_INET6;
-	    sin6->sin6_len = sizeof(*sin6);
-	    for (i = 0; i < 16; i++)
-		sin6->sin6_addr.s6_addr[i] = ho[i] & 0xff;
-	    sin6->sin6_port = htons(((po[0] & 0xff) << 8) | (po[1] & 0xff));
-	    i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
-
-	    if (i == -1) {
-		ap_kill_timeout(r);
-		return ap_proxyerror(r, HTTP_BAD_GATEWAY,
-				     ap_pstrcat(r->pool,
-						"Could not connect to remote machine: ",
-						strerror(errno), NULL));
-	    }
- 	    pasvmode = 1;
-	} else if (presult == 229 && pstr != NULL
-		&& pstr[0] == pstr[1] && pstr[0] == pstr[2]
-		&& pstr[0] == pstr[strlen(pstr) - 1]) {
-	    /* expect "|||port|" */
-	    memcpy(&data_addr, &server, server.ss_len);
-	    switch (data_addr.ss_family) {
-	    case AF_INET:
-		sin = (struct sockaddr_in *)&data_addr;
-		sin->sin_port = htons(atoi(pstr + 3));
-		break;
-	    case AF_INET6:
-		sin6 = (struct sockaddr_in6 *)&data_addr;
-		sin6->sin6_port = htons(atoi(pstr + 3));
-		break;
-	    }
-	    i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
-
-	    if (i == -1) {
-		ap_kill_timeout(r);
-		return ap_proxyerror(r, HTTP_BAD_GATEWAY,
-				     ap_pstrcat(r->pool,
-						"Could not connect to remote machine: ",
-						strerror(errno), NULL));
-	    }
-	    pasvmode = 1;
-	} else if (!lpsvmode && strcmp(cmd, "EPSV") == 0) {
-	    lpsvmode = 1;
-	    goto lpsvagain;
-        }
-        else {
-            ap_pclosesocket(p, dsock);  /* and try the regular way */
-            dsock = -1;
-        }
-    }
-
-    if (!pasvmode) {            /* set up data connection */
-	clen = sizeof(server);
-        if (getsockname(sock, (struct sockaddr *)&server, &clen) < 0) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                                    "proxy: error getting socket address"));
-        }
-
-        dsock = ap_psocket_ex(p, server.ss_family, SOCK_STREAM, IPPROTO_TCP, 1);
-        if (dsock == -1) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                                           "proxy: error creating socket"));
-        }
-
-        if (setsockopt(dsock, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
-                       sizeof(one)) == -1) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                                  "proxy: error setting reuseaddr option"));
-        }
-
-	if (bind(dsock, (struct sockaddr *) &server, server.ss_len) == -1)
-	{
-	    char hostnamebuf[MAXHOSTNAMELEN], portnamebuf[MAXHOSTNAMELEN];
-
-	    getnameinfo((struct sockaddr *)&server,
-		    server.ss_len,
-		hostnamebuf, sizeof(hostnamebuf),
-		portnamebuf, sizeof(portnamebuf),
-		NI_NUMERICHOST | NI_NUMERICSERV);
-
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, 
-             ap_psprintf(p, "proxy: error binding to ftp data socket %s:%s",
-                         hostnamebuf, portnamebuf)));
-        }
-        listen(dsock, 2);       /* only need a short queue */
-    }
-
-/* set request; "path" holds last path component */
-    len = decodeenc(path);
-    if (strchr(path, '/'))      /* were there any '/' characters? */
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_REQUEST,
-                       "Use of %2F is only allowed at the base directory"));
-
-    /* TM - if len == 0 then it must be a directory (you can't RETR nothing) */
-
-    if (len == 0) {
-        get_dirlisting = 1;
-    }
-    else {
-        ap_bvputs(ctrl, "SIZE ", path, CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: SIZE %s", path);
-        i = ftp_getrc_msg(ctrl, resp, sizeof resp);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d with response %s", i, resp);
-        if (i != 500) {         /* Size command not recognized */
-            if (i == 550) {     /* Not a regular file */
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: SIZE shows this is a directory");
-                get_dirlisting = 1;
-                ap_bvputs(ctrl, "CWD ", path, CRLF, NULL);
-                ap_bflush(ctrl);
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: CWD %s", path);
-
-                /* possible results: 250, 421, 500, 501, 502, 530, 550 */
-                /* 250 Requested file action okay, completed. */
-                /* 421 Service not available, closing control connection. */
-                /* 500 Syntax error, command unrecognized. */
-                /* 501 Syntax error in parameters or arguments. */
-                /* 502 Command not implemented. */
-                /* 530 Not logged in. */
-                /* 550 Requested action not taken. */
-                i = ftp_getrc(ctrl);
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-                if (i == -1 || i == 421)
-                    return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-                if (i == 550)
-                    return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                                  HTTP_NOT_FOUND);
-                if (i != 250)
-                    return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                                  HTTP_BAD_GATEWAY);
-                path = "";
-                len = 0;
-            }
-            else if (i == 213) {/* Size command ok */
-                for (j = 0; j < sizeof(resp)-1 && ap_isdigit(resp[j]); j++);
-                resp[j] = '\0';
-                if (resp[0] != '\0')
-                    size = ap_pstrdup(p, resp);
-            }
-        }
-    }
-
-#ifdef AUTODETECT_PWD
-    ap_bvputs(ctrl, "PWD", CRLF, NULL);
-    ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PWD");
-/* responses: 257, 500, 501, 502, 421, 550 */
-    /* 257 "<directory-name>" <commentary> */
-    /* 421 Service not available, closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 502 Command not implemented. */
-    /* 550 Requested action not taken. */
-    i = ftp_getrc_msg(ctrl, resp, sizeof resp);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PWD returned status %d", i);
-    if (i == -1 || i == 421)
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    if (i == 550)
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      HTTP_NOT_FOUND);
-    if (i == 257) {
-        const char *dirp = resp;
-        cwd = ap_getword_conf(r->pool, &dirp);
-    }
-#endif                          /* AUTODETECT_PWD */
-
-    if (get_dirlisting) {
-        if (len != 0)
-            ap_bvputs(ctrl, "LIST ", path, CRLF, NULL);
-        else
-            ap_bputs("LIST -lag" CRLF, ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: LIST %s", (len == 0 ? "" : path));
-    }
-    else {
-        ftp_set_TYPE(r, ctrl, xfer_type);
-        ap_bvputs(ctrl, "RETR ", path, CRLF, NULL);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: RETR %s", path);
-    }
-    ap_bflush(ctrl);
-/* RETR: 110, 125, 150, 226, 250, 421, 425, 426, 450, 451, 500, 501, 530, 550
-   NLST: 125, 150, 226, 250, 421, 425, 426, 450, 451, 500, 501, 502, 530 */
-    /* 110 Restart marker reply. */
-    /* 125 Data connection already open; transfer starting. */
-    /* 150 File status okay; about to open data connection. */
-    /* 226 Closing data connection. */
-    /* 250 Requested file action okay, completed. */
-    /* 421 Service not available, closing control connection. */
-    /* 425 Can't open data connection. */
-    /* 426 Connection closed; transfer aborted. */
-    /* 450 Requested file action not taken. */
-    /* 451 Requested action aborted. Local error in processing. */
-    /* 500 Syntax error, command unrecognized. */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 530 Not logged in. */
-    /* 550 Requested action not taken. */
-    rc = ftp_getrc(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", rc);
-    if (rc == -1 || rc == 421)
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    if (rc == 550) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: RETR failed, trying LIST instead");
-        get_dirlisting = 1;
-        ftp_set_TYPE(r, ctrl, 'A');     /* directories must be transferred in
-                                         * ASCII */
-
-        ap_bvputs(ctrl, "CWD ", path, CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: CWD %s", path);
-        /* possible results: 250, 421, 500, 501, 502, 530, 550 */
-        /* 250 Requested file action okay, completed. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        /* 530 Not logged in. */
-        /* 550 Requested action not taken. */
-        rc = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", rc);
-        if (rc == -1 || rc == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        if (rc == 550)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_NOT_FOUND);
-        if (rc != 250)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-
-#ifdef AUTODETECT_PWD
-        ap_bvputs(ctrl, "PWD", CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PWD");
-/* responses: 257, 500, 501, 502, 421, 550 */
-        /* 257 "<directory-name>" <commentary> */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        /* 550 Requested action not taken. */
-        i = ftp_getrc_msg(ctrl, resp, sizeof resp);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PWD returned status %d", i);
-        if (i == -1 || i == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        if (i == 550)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_NOT_FOUND);
-        if (i == 257) {
-            const char *dirp = resp;
-            cwd = ap_getword_conf(r->pool, &dirp);
-        }
-#endif                          /* AUTODETECT_PWD */
-
-        ap_bputs("LIST -lag" CRLF, ctrl);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: LIST -lag");
-        rc = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", rc);
-        if (rc == -1 || rc == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    }
-    ap_kill_timeout(r);
-    if (rc != 125 && rc != 150 && rc != 226 && rc != 250)
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      HTTP_BAD_GATEWAY);
-
-    r->status = HTTP_OK;
-    r->status_line = "200 OK";
-
-    resp_hdrs = ap_make_table(p, 2);
-    c->hdrs = resp_hdrs;
-
-    ap_table_setn(resp_hdrs, "Date", ap_gm_timestr_822(r->pool, r->request_time));
-    ap_table_setn(resp_hdrs, "Server", ap_get_server_version());
-
-    if (get_dirlisting) {
-        ap_table_setn(resp_hdrs, "Content-Type", "text/html");
-    }
-    else {
-        if (r->content_type != NULL) {
-            ap_table_setn(resp_hdrs, "Content-Type", r->content_type);
-            ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: Content-Type set to %s", r->content_type);
-        }
-        else {
-            ap_table_setn(resp_hdrs, "Content-Type", ap_default_type(r));
-        }
-        if (xfer_type != 'A' && size != NULL) {
-            /* We "trust" the ftp server to really serve (size) bytes... */
-            ap_table_set(resp_hdrs, "Content-Length", size);
-            ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: Content-Length set to %s", size);
-        }
-    }
-    if (r->content_encoding != NULL && r->content_encoding[0] != '\0') {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: Content-Encoding set to %s", r->content_encoding);
-        ap_table_setn(resp_hdrs, "Content-Encoding", r->content_encoding);
-    }
-
-/* check if NoCache directive on this host */
-    if (nocache == 0) {
-        for (i = 0; i < conf->nocaches->nelts; i++) {
-            if (destaddr.s_addr == ncent[i].addr.s_addr ||
-                (ncent[i].name != NULL &&
-                 (ncent[i].name[0] == '*' ||
-                  strstr(desthost, ncent[i].name) != NULL))) {
-                nocache = 1;
-                break;
-            }
-        }
-    }
-
-    i = ap_proxy_cache_update(c, resp_hdrs, 0, nocache);
-
-    if (i != DECLINED) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock, i);
-    }
-
-    if (!pasvmode) {            /* wait for connection */
-        ap_hard_timeout("proxy ftp data connect", r);
-        clen = sizeof(server);
-        do
-            csd = accept(dsock, (struct sockaddr *)&server, &clen);
-        while (csd == -1 && errno == EINTR);
-        if (csd == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "proxy: failed to accept data connection");
-            if (c != NULL)
-                c = ap_proxy_cache_error(c);
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-        }
-        data = ap_bcreate(p, B_RDWR | B_SOCKET);
-        ap_bpushfd(data, csd, -1);
-        ap_kill_timeout(r);
-    }
-    else {
-        data = ap_bcreate(p, B_RDWR | B_SOCKET);
-        ap_bpushfd(data, dsock, dsock);
-    }
-
-    ap_hard_timeout("proxy receive", r);
-
-    /* send response */
-    /* write status line and headers to the cache file */
-    ap_proxy_write_headers(c, ap_pstrcat(p, "HTTP/1.1 ", r->status_line, NULL), resp_hdrs);
-
-    /* Setup the headers for our client from upstreams response-headers */
-    ap_overlap_tables(r->headers_out, resp_hdrs, AP_OVERLAP_TABLES_SET);
-    /* Add X-Cache header */
-    ap_table_setn(r->headers_out, "X-Cache",
-                  ap_pstrcat(r->pool, "MISS from ",
-                             ap_get_server_name(r), NULL));
-    /* The Content-Type of this response is the upstream one. */
-    r->content_type = ap_table_get(r->headers_out, "Content-Type");
-    /* finally output the headers to the client */
-    ap_send_http_header(r);
-
-/* send body */
-    if (!r->header_only) {
-        if (!get_dirlisting) {
-/* we need to set this for ap_proxy_send_fb()... */
-            if (c != NULL)
-                c->cache_completion = 0;
-            ap_proxy_send_fb(data, r, c, -1, 0, 0, conf->io_buffer_size);
-        }
-        else {
-            send_dir(data, r, c, cwd);
-        }
-        /* ap_proxy_send_fb() closes the socket */
-        data = NULL;
-        dsock = -1;
-
-        /*
-         * We checked for 125||150||226||250 above. See if another rc is
-         * pending, and fetch it:
-         */
-        if (rc == 125 || rc == 150)
-            rc = ftp_getrc(ctrl);
-    }
-    else {
-/* abort the transfer: we send the header only */
-        ap_bputs("ABOR" CRLF, ctrl);
-        ap_bflush(ctrl);
-        if (data != NULL) {
-            ap_bclose(data);
-            data = NULL;
-            dsock = -1;
-        }
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: ABOR");
-/* responses: 225, 226, 421, 500, 501, 502 */
-        /* 225 Data connection open; no transfer in progress. */
-        /* 226 Closing data connection. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        i = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-    }
-
-    ap_kill_timeout(r);
-    ap_proxy_cache_tidy(c);
-
-/* finish */
-    ap_bputs("QUIT" CRLF, ctrl);
-    ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: QUIT");
-/* responses: 221, 500 */
-    /* 221 Service closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    i = ftp_getrc(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: QUIT: status %d", i);
-
-    ap_bclose(ctrl);
-
-    ap_rflush(r);               /* flush before garbage collection */
-
-    ap_proxy_garbage_coll(r);
-
-    return OK;
-}
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_http.c b/usr.sbin/httpd/src/modules/proxy/proxy_http.c
deleted file mode 100644
index fadbbb4046e..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_http.c
+++ /dev/null
@@ -1,721 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* HTTP routines for Apache proxy */
-
-#include "mod_proxy.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_core.h"
-#include "util_date.h"
-
-/*
- * Canonicalise http-like URLs.
- *  scheme is the scheme for the URL
- *  url    is the URL starting with the first '/'
- *  def_port is the default port for this scheme.
- */
-int ap_proxy_http_canon(request_rec *r, char *url, const char *scheme, int def_port)
-{
-    char *host, *path, *search, sport[7];
-    const char *err;
-    int port;
-
-    /*
-     * do syntatic check. We break the URL into host, port, path, search
-     */
-    port = def_port;
-    err = ap_proxy_canon_netloc(r->pool, &url, NULL, NULL, &host, &port);
-    if (err)
-        return HTTP_BAD_REQUEST;
-
-    /* now parse path/search args, according to rfc1738 */
-    /*
-     * N.B. if this isn't a true proxy request, then the URL _path_ has
-     * already been decoded.  True proxy requests have r->uri ==
-     * r->unparsed_uri, and no others have that property.
-     */
-    if (r->uri == r->unparsed_uri) {
-        search = strchr(url, '?');
-        if (search != NULL)
-            *(search++) = '\0';
-    }
-    else
-        search = r->args;
-
-    /* process path */
-    path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path,
-                             r->proxyreq);
-    if (path == NULL)
-        return HTTP_BAD_REQUEST;
-
-    if (port != def_port)
-        ap_snprintf(sport, sizeof(sport), ":%d", port);
-    else
-        sport[0] = '\0';
-
-    r->filename = ap_pstrcat(r->pool, "proxy:", scheme, "://", host, sport, "/",
-                   path, (search) ? "?" : "", (search) ? search : "", NULL);
-    return OK;
-}
-
-/* handle the conversion of URLs in the ProxyPassReverse function */
-static const char *proxy_location_reverse_map(request_rec *r, const char *url)
-{
-    void *sconf;
-    proxy_server_conf *conf;
-    struct proxy_alias *ent;
-    int i, l1, l2;
-    char *u;
-
-    sconf = r->server->module_config;
-    conf = (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    l1 = strlen(url);
-    ent = (struct proxy_alias *)conf->raliases->elts;
-    for (i = 0; i < conf->raliases->nelts; i++) {
-        l2 = strlen(ent[i].real);
-        if (l1 >= l2 && strncmp(ent[i].real, url, l2) == 0) {
-            u = ap_pstrcat(r->pool, ent[i].fake, &url[l2], NULL);
-            return ap_construct_url(r->pool, u, r);
-        }
-    }
-    return url;
-}
-
-/*
- * This handles http:// URLs, and other URLs using a remote proxy over http
- * If proxyhost is NULL, then contact the server directly, otherwise
- * go via the proxy.
- * Note that if a proxy is used, then URLs other than http: can be accessed,
- * also, if we have trouble which is clearly specific to the proxy, then
- * we return DECLINED so that we can try another proxy. (Or the direct
- * route.)
- */
-int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
-                              const char *proxyhost, int proxyport)
-{
-    const char *strp;
-    char *strp2;
-    const char *err, *desthost;
-    int i, j, sock,/* len,*/ backasswards;
-    table *req_hdrs, *resp_hdrs;
-    array_header *reqhdrs_arr;
-    table_entry *reqhdrs_elts;
-    BUFF *f;
-    char buffer[HUGE_STRING_LEN];
-    char portstr[32];
-    pool *p = r->pool;
-    int chunked = 0, destport = 0;
-    char *destportstr = NULL;
-    const char *urlptr = NULL;
-    const char *datestr, *urlstr;
-    struct addrinfo hints, *res, *res0;
-    int error;
-    int result, major, minor;
-    const char *content_length;
-    const char *peer;
-    int destportstrtonum;
-    const char *errstr;
-
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
-    struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
-    int nocache = 0;
-
-    if (conf->cache.root == NULL)
-        nocache = 1;
-
-    /* We break the URL into host, port, path-search */
-
-    urlptr = strstr(url, "://");
-    if (urlptr == NULL)
-        return HTTP_BAD_REQUEST;
-    destport = DEFAULT_HTTP_PORT;
-    urlptr += 3;
-    ap_hook_use("ap::mod_proxy::http::handler::set_destport", 
-                AP_HOOK_SIG2(int,ptr), 
-                AP_HOOK_TOPMOST,
-                &destport, r);
-    ap_snprintf(portstr, sizeof(portstr), "%d", destport);
-    destportstr = portstr;
-    strp = strchr(urlptr, '/');
-    if (strp == NULL) {
-        desthost = ap_pstrdup(p, urlptr);
-        urlptr = "/";
-    }
-    else {
-        char *q = ap_palloc(p, strp - urlptr + 1);
-        memcpy(q, urlptr, strp - urlptr);
-        q[strp - urlptr] = '\0';
-        urlptr = strp;
-        desthost = q;
-    }
-    if (*desthost == '['){
-      char *u = strrchr(desthost+1, ']');
-      if (u){
-          desthost++;
-          *u = '\0';
-          if (*(u+1) == ':'){ /* [host]:xx */
-              strp2 = u+1;
-          }
-          else if (*(u+1) == '\0'){   /* [host] */
-              strp2 = NULL;
-          }
-          else
-              return HTTP_BAD_REQUEST;
-      }
-      else
-          return HTTP_BAD_REQUEST;
-    }
-    else
-       strp2 = strrchr(desthost, ':');
-
-    if (strp2 != NULL) {
-        *(strp2++) = '\0';
-        if (ap_isdigit(*strp2))
-            destportstr = strp2;
-    }
-
-    /* Make sure peer is always set to prevent a segfault in the SSL handler */
-    peer = desthost;
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    error = getaddrinfo(desthost, destportstr, &hints, &res0);
-    if (error && proxyhost == NULL) {
-      return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                  gai_strerror(error));       /* give up */
-     }
- 
-      /* check if ProxyBlock directive on this host */
-      for (i = 0; i < conf->noproxies->nelts; i++) {
-      int fail;
-      struct sockaddr_in *sin;
-
-      fail = 0;
-      if (npent[i].name != NULL && strstr(desthost, npent[i].name))
-          fail++;
-      if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
-          fail++;
-      for (res = res0; res; res = res->ai_next) {
-          switch (res->ai_family) {
-          case AF_INET:
-              sin = (struct sockaddr_in *)res->ai_addr;
-              if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
-                  fail++;
-              break;
-		
-          }
-      }
-      if (fail) {
-          if (res0 != NULL)
-              freeaddrinfo(res0);
-          return ap_proxyerror(r, HTTP_FORBIDDEN,
-                               "Connect to remote machine blocked");
-      }
-    }
-    if (proxyhost != NULL) {
-      char pbuf[10];
-
-      if (res0 != NULL)
-          freeaddrinfo(res0);
-
-      ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
-      memset(&hints, 0, sizeof(hints));
-      hints.ai_family = PF_UNSPEC;
-      hints.ai_socktype = SOCK_STREAM;
-      hints.ai_protocol = IPPROTO_TCP;
-      error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
-      if (error)
-          return DECLINED;    /* try another */
-    }
-
-    /* check if ProxyBlock directive on this host */
-    for (i = 0; i < conf->noproxies->nelts; i++) {
-	peer =  ap_psprintf(p, "%s:%s", desthost, destportstr);  
-    }
-
-
-    /*
-     * we have worked out who exactly we are going to connect to, now make
-     * that connection...
-     */
-     sock = i = -1;
-     for (res = res0; res; res = res->ai_next) {
-       sock = ap_psocket(p, res->ai_family, res->ai_socktype,
-           res->ai_protocol);
-       if (sock < 0)
-           continue;
-
-      if (conf->recv_buffer_size) {
-          if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-                         (const char *)&conf->recv_buffer_size, sizeof(int))
-              == -1) {
-              ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                            "setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
-          }
-      }
-
-      i = ap_proxy_doconnect(sock, res->ai_addr, r);
-      if (i == 0)
-          break;
-      ap_pclosesocket(p, sock);
-    }
-    freeaddrinfo(res0);
-
-    if (i == -1) {
-        if (proxyhost != NULL)
-            return DECLINED;    /* try again another way */
-        else
-            return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
-                                    "Could not connect to remote machine: ",
-                                                    strerror(errno), NULL));
-    }
-
-    /* record request_time for HTTP/1.1 age calculation */
-    c->req_time = time(NULL);
-
-    /*
-     * build upstream-request headers by stripping r->headers_in from
-     * connection specific headers. We must not remove the Connection: header
-     * from r->headers_in, we still have to react to Connection: close
-     */
-    req_hdrs = ap_copy_table(r->pool, r->headers_in);
-    ap_proxy_clear_connection(r->pool, req_hdrs);
-
-    /*
-     * At this point, we start sending the HTTP/1.1 request to the remote
-     * server (proxy or otherwise).
-     */
-    f = ap_bcreate(p, B_RDWR | B_SOCKET);
-    ap_bpushfd(f, sock, sock);
-
-    {
-        char *errmsg = NULL;
-        ap_hook_use("ap::mod_proxy::http::handler::new_connection", 
-                    AP_HOOK_SIG4(ptr,ptr,ptr,ptr), 
-                    AP_HOOK_DECLINE(NULL),
-                    &errmsg, r, f, peer);
-        if (errmsg != NULL)
-            return ap_proxyerror(r, HTTP_BAD_GATEWAY, errmsg);
-    }
-
-    ap_hard_timeout("proxy send", r);
-    ap_bvputs(f, r->method, " ", proxyhost ? url : urlptr, " HTTP/1.1" CRLF,
-              NULL);
-    {
-	int rc = DECLINED;
-	ap_hook_use("ap::mod_proxy::http::handler::write_host_header", 
-		    AP_HOOK_SIG6(int,ptr,ptr,ptr,ptr,ptr), 
-		    AP_HOOK_DECLINE(DECLINED),
-		    &rc, r, f, desthost, destportstr, destportstr);
-        if (rc == DECLINED) {
-	    destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
-	    if (errstr)
-		errx(1, "The destination port is %s: %s", errstr, destportstr);
-
-	    if (destportstr != NULL && destportstrtonum != destport)
-		ap_bvputs(f, "Host: ", desthost, ":", destportstr, CRLF, NULL);
-	    else
-		ap_bvputs(f, "Host: ", desthost, CRLF, NULL);
-        }
-    }
-
-    if (conf->viaopt == via_block) {
-        /* Block all outgoing Via: headers */
-        ap_table_unset(req_hdrs, "Via");
-    }
-    else if (conf->viaopt != via_off) {
-        /* Create a "Via:" request header entry and merge it */
-        i = ap_get_server_port(r);
-        if (ap_is_default_port(i, r)) {
-            strlcpy(portstr, "", sizeof(portstr));
-        }
-        else {
-            ap_snprintf(portstr, sizeof portstr, ":%d", i);
-        }
-        /* Generate outgoing Via: header with/without server comment: */
-        ap_table_mergen(req_hdrs, "Via",
-                        (conf->viaopt == via_full)
-                        ? ap_psprintf(p, "%d.%d %s%s (%s)",
-                                      HTTP_VERSION_MAJOR(r->proto_num),
-                                      HTTP_VERSION_MINOR(r->proto_num),
-                                      ap_get_server_name(r), portstr,
-                                      SERVER_BASEVERSION)
-                        : ap_psprintf(p, "%d.%d %s%s",
-                                      HTTP_VERSION_MAJOR(r->proto_num),
-                                      HTTP_VERSION_MINOR(r->proto_num),
-                                      ap_get_server_name(r), portstr)
-            );
-    }
-
-    /* the X-* headers are only added if we are a reverse
-     * proxy, otherwise we would be giving away private information.
-     */
-    if (r->proxyreq == PROXY_PASS) {
-        const char *buf;
-
-        /*
-         * Add X-Forwarded-For: so that the upstream has a chance to determine,
-         * where the original request came from.
-         */
-        ap_table_mergen(req_hdrs, "X-Forwarded-For", r->connection->remote_ip);
-
-        /* Add X-Forwarded-Host: so that upstream knows what the
-         * original request hostname was.
-         */
-        if ((buf = ap_table_get(r->headers_in, "Host"))) {
-            ap_table_mergen(req_hdrs, "X-Forwarded-Host", buf);
-        }
-
-        /* Add X-Forwarded-Server: so that upstream knows what the
-         * name of this proxy server is (if there are more than one)
-         * XXX: This duplicates Via: - do we strictly need it?
-         */
-        ap_table_mergen(req_hdrs, "X-Forwarded-Server", r->server->server_hostname);
-    } 
-
-    /* we don't yet support keepalives - but we will soon, I promise! */
-    ap_table_set(req_hdrs, "Connection", "close");
-
-    reqhdrs_arr = ap_table_elts(req_hdrs);
-    reqhdrs_elts = (table_entry *)reqhdrs_arr->elts;
-    for (i = 0; i < reqhdrs_arr->nelts; i++) {
-        if (reqhdrs_elts[i].key == NULL || reqhdrs_elts[i].val == NULL
-
-        /*
-         * Clear out hop-by-hop request headers not to send: RFC2616 13.5.1
-         * says we should strip these headers:
-         */
-            || !strcasecmp(reqhdrs_elts[i].key, "Host") /* Already sent */
-            || !strcasecmp(reqhdrs_elts[i].key, "Keep-Alive")
-            || !strcasecmp(reqhdrs_elts[i].key, "TE")
-            || !strcasecmp(reqhdrs_elts[i].key, "Trailer")
-            || !strcasecmp(reqhdrs_elts[i].key, "Transfer-Encoding")
-            || !strcasecmp(reqhdrs_elts[i].key, "Upgrade")
-        /*
-         * XXX: @@@ FIXME: "Proxy-Authorization" should *only* be suppressed
-         * if THIS server requested the authentication, not when a frontend
-         * proxy requested it!
-         * 
-         * The solution to this problem is probably to strip out the
-         * Proxy-Authorisation header in the authorisation code itself, not
-         * here. This saves us having to signal somehow whether this request
-         * was authenticated or not.
-         */
-            || !strcasecmp(reqhdrs_elts[i].key, "Proxy-Authorization"))
-            continue;
-        ap_bvputs(f, reqhdrs_elts[i].key, ": ", reqhdrs_elts[i].val, CRLF, NULL);
-    }
-
-    /* the obligatory empty line to mark the end of the headers */
-    ap_bputs(CRLF, f);
-
-    /* and flush the above away */
-    ap_bflush(f);
-
-    /* and kill the send timeout */
-    ap_kill_timeout(r);
-
-
-    /* read the request data, and pass it to the backend.
-     * we might encounter a stray 100-continue reponse from a PUT or POST,
-     * if this happens we ignore the 100 continue status line and read the
-     * response again.
-     */
-    {
-        /* send the request data, if any. */
-        ap_hard_timeout("proxy receive request data", r);
-        if (ap_should_client_block(r)) {
-            while ((i = ap_get_client_block(r, buffer, sizeof buffer)) > 0) {
-                ap_reset_timeout(r);
-                ap_bwrite(f, buffer, i);
-            }
-        }
-        ap_bflush(f);
-        ap_kill_timeout(r);
-
-
-        /* then, read a response line */
-        ap_hard_timeout("proxy receive response status line", r);
-        result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
-        ap_kill_timeout(r);
-
-        /* trap any errors */
-        if (result != OK) {
-            ap_bclose(f);
-            return result;
-        }
-
-        /* if this response was 100-continue, a stray response has been caught.
-         * read the line again for the real response
-         */
-        if (r->status == 100) {
-            ap_hard_timeout("proxy receive response status line", r);
-            result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
-            ap_kill_timeout(r);
-
-            /* trap any errors */
-            if (result != OK) {
-                ap_bclose(f);
-                return result;
-            }
-        }
-    }
-
-
-    /*
-     * We have our response status line from the convoluted code above,
-     * now we read the headers to continue.
-     */
-    ap_hard_timeout("proxy receive response headers", r);
-
-    /*
-     * Is it an HTTP/1 response? Do some sanity checks on the response. (This
-     * is buggy if we ever see an HTTP/1.10)
-     */
-    if (backasswards == 0) {
-
-        /* read the response headers. */
-        /* N.B. for HTTP/1.0 clients, we have to fold line-wrapped headers */
-        /* Also, take care with headers with multiple occurences. */
-
-        resp_hdrs = ap_proxy_read_headers(r, buffer, sizeof(buffer), f);
-        if (resp_hdrs == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
-                         "proxy: Bad HTTP/%d.%d header returned by %s (%s)",
-                         major, minor, r->uri, r->method);
-            resp_hdrs = ap_make_table(p, 20);
-            nocache = 1;        /* do not cache this broken file */
-        }
-
-        /* handle Via header in the response */
-        if (conf->viaopt != via_off && conf->viaopt != via_block) {
-            /* Create a "Via:" response header entry and merge it */
-            i = ap_get_server_port(r);
-            if (ap_is_default_port(i, r)) {
-                strlcpy(portstr, "", sizeof(portstr));
-            }
-            else {
-                ap_snprintf(portstr, sizeof portstr, ":%d", i);
-            }
-            ap_table_mergen((table *)resp_hdrs, "Via",
-                            (conf->viaopt == via_full)
-                            ? ap_psprintf(p, "%d.%d %s%s (%s)",
-                                          major, minor,
-                                          ap_get_server_name(r), portstr,
-                                          SERVER_BASEVERSION)
-                            : ap_psprintf(p, "%d.%d %s%s",
-                                          major, minor,
-                                          ap_get_server_name(r), portstr)
-                );
-        }
-
-        /* is this content chunked? */
-        chunked = ap_find_last_token(r->pool,
-                                     ap_table_get(resp_hdrs, "Transfer-Encoding"),
-                                     "chunked");
-
-        /* strip hop-by-hop headers defined by Connection and RFC2616 */
-        ap_proxy_clear_connection(p, resp_hdrs);
-
-        content_length = ap_table_get(resp_hdrs, "Content-Length");
-        if (content_length != NULL) {
-            c->len = ap_strtol(content_length, NULL, 10);
-
-	    if (c->len < 0) {
-		ap_kill_timeout(r);
-		return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
-				     "Invalid Content-Length from remote server",
-                                      NULL));
-	    }
-        }
-
-    }
-    else {
-        /* an http/0.9 response */
-
-        /* no headers */
-        resp_hdrs = ap_make_table(p, 20);
-    }
-
-    ap_kill_timeout(r);
-
-    /*
-     * HTTP/1.1 requires us to accept 3 types of dates, but only generate one
-     * type
-     */
-    /*
-     * we SET the dates here, obliterating possible multiple dates, as only
-     * one of each date makes sense in each response.
-     */
-    if ((datestr = ap_table_get(resp_hdrs, "Date")) != NULL)
-        ap_table_set(resp_hdrs, "Date", ap_proxy_date_canon(p, datestr));
-    if ((datestr = ap_table_get(resp_hdrs, "Last-Modified")) != NULL)
-        ap_table_set(resp_hdrs, "Last-Modified", ap_proxy_date_canon(p, datestr));
-    if ((datestr = ap_table_get(resp_hdrs, "Expires")) != NULL)
-        ap_table_set(resp_hdrs, "Expires", ap_proxy_date_canon(p, datestr));
-
-    /* handle the ProxyPassReverse mappings */
-    if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
-        ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
-    if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
-        ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
-    if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
-        ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r, urlstr));
-
-/* check if NoCache directive on this host */
-  {
-    struct sockaddr_in *sin;
-    struct sockaddr_in6 *sin6;
-
-    if (nocache == 0) {
-	for (i = 0; i < conf->nocaches->nelts; i++) {
-	    if (ncent[i].name != NULL && 
-		(ncent[i].name[0] == '*' ||
-		 strstr(desthost, ncent[i].name) != NULL)) {
-		nocache = 1;
-		break;
-	    }
-	    switch (res->ai_addr->sa_family) {
-	    case AF_INET:
-		sin = (struct sockaddr_in *)res->ai_addr;
-		if (sin->sin_addr.s_addr == ncent[i].addr.s_addr) {
-		    nocache = 1;
-		    break;
-		}
-	    }
-	}
-
-        /* update the cache file, possibly even fulfilling the request if
-         * it turns out a conditional allowed us to serve the object from the
-         * cache...
-         */
-        i = ap_proxy_cache_update(c, resp_hdrs, !backasswards, nocache);
-        if (i != DECLINED) {
-            ap_bclose(f);
-            return i;
-        }
-
-        /* write status line and headers to the cache file */
-        ap_proxy_write_headers(c, ap_pstrcat(p, "HTTP/1.1 ", r->status_line, NULL), resp_hdrs);
-    }
-  }
-
-    /* Setup the headers for our client from upstreams response-headers */
-    ap_proxy_table_replace(r->headers_out, resp_hdrs);
-    /* Add X-Cache header - be careful not to obliterate any upstream headers */
-    ap_table_mergen(r->headers_out, "X-Cache",
-                    ap_pstrcat(r->pool, "MISS from ",
-                               ap_get_server_name(r), NULL));
-    /* The Content-Type of this response is the upstream one. */
-    r->content_type = ap_table_get(r->headers_out, "Content-Type");
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Content-Type: %s", r->content_type);
-
-    /* finally output the headers to the client */
-    ap_send_http_header(r);
-
-    /*
-     * Is it an HTTP/0.9 respose? If so, send the extra data we read from
-     * upstream as the start of the reponse to client
-     */
-/* FIXME: This code is broken: we try and write a buffer and length that
- * were never intelligently initialised. Rather have a bit of broken protocol
- * handling for now than broken code.
- */
-/*
-    if (backasswards) {
-        ap_hard_timeout("proxy send assbackward", r);
-
-        ap_bwrite(r->connection->client, buffer, len);
-        if (c != NULL && c->fp != NULL && ap_bwrite(c->fp, buffer, len) != len) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                      "proxy: error writing extra data to %s", c->tempfile);
-            c = ap_proxy_cache_error(c);
-        }
-        ap_kill_timeout(r);
-    }
-*/
-
-/* send body */
-/* if header only, then cache will be NULL */
-/* HTTP/1.0 tells us to read to EOF, rather than content-length bytes */
-/* XXX CHANGEME: We want to eventually support keepalives, which means
- * we must read content-length bytes... */
-    if (!r->header_only) {
-/* we need to set this for ap_proxy_send_fb()... */
-        c->cache_completion = conf->cache.cache_completion;
-
-/* XXX CHECKME: c->len should be the expected content length, or -1 if the
- * content length is not known. We need to make 100% sure c->len is always
- * set correctly before we get here to correctly do keepalive.
- */
-        ap_proxy_send_fb(f, r, c, c->len, 0, chunked, conf->io_buffer_size);
-    }
-
-    /* ap_proxy_send_fb() closes the socket f for us */
-
-    ap_proxy_cache_tidy(c);
-
-    ap_proxy_garbage_coll(r);
-    return OK;
-}
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_util.c b/usr.sbin/httpd/src/modules/proxy/proxy_util.c
deleted file mode 100644
index e0702b7d8fc..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_util.c
+++ /dev/null
@@ -1,1577 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* Utility routines for Apache proxy */
-#include "mod_proxy.h"
-#include "http_main.h"
-#include "ap_md5.h"
-#include "multithread.h"
-#include "http_log.h"
-#include "util_uri.h"
-#include "util_date.h"          /* get ap_checkmask() decl. */
-
-static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
-static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
-static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r);
-static int proxy_match_word(struct dirconn_entry *This, request_rec *r);
-static struct per_thread_data *get_per_thread_data(void);
-/* already called in the knowledge that the characters are hex digits */
-int ap_proxy_hex2c(const char *x)
-{
-    int i;
-    int ch;
-
-    ch = x[0];
-    if (ap_isdigit(ch))
-        i = ch - '0';
-    else if (ap_isupper(ch))
-        i = ch - ('A' - 10);
-    else
-        i = ch - ('a' - 10);
-    i <<= 4;
-
-    ch = x[1];
-    if (ap_isdigit(ch))
-        i += ch - '0';
-    else if (ap_isupper(ch))
-        i += ch - ('A' - 10);
-    else
-        i += ch - ('a' - 10);
-    return i;
-}
-
-void ap_proxy_c2hex(int ch, char *x)
-{
-    int i;
-
-    x[0] = '%';
-    i = (ch & 0xF0) >> 4;
-    if (i >= 10)
-        x[1] = ('A' - 10) + i;
-    else
-        x[1] = '0' + i;
-
-    i = ch & 0x0F;
-    if (i >= 10)
-        x[2] = ('A' - 10) + i;
-    else
-        x[2] = '0' + i;
-}
-
-/*
- * canonicalise a URL-encoded string
- */
-
-/*
- * Convert a URL-encoded string to canonical form.
- * It decodes characters which need not be encoded,
- * and encodes those which must be encoded, and does not touch
- * those which must not be touched.
- */
-char *ap_proxy_canonenc(pool *p, const char *x, int len, enum enctype t,
-                             enum proxyreqtype isenc)
-{
-    int i, j, ch;
-    char *y;
-    const char *allowed;        /* characters which should not be encoded */
-    const char *reserved;       /* characters which much not be en/de-coded */
-
-/* N.B. in addition to :@&=, this allows ';' in an http path
- * and '?' in an ftp path -- this may be revised
- *
- * Also, it makes a '+' character in a search string reserved, as
- * it may be form-encoded. (Although RFC 1738 doesn't allow this -
- * it only permits ; / ? : @ = & as reserved chars.)
- */
-    if (t == enc_path)
-        allowed = "$-_.+!*'(),;:@&=";
-    else if (t == enc_search)
-        allowed = "$-_.!*'(),;:@&=";
-    else if (t == enc_user)
-        allowed = "$-_.+!*'(),;@&=";
-    else if (t == enc_fpath)
-        allowed = "$-_.+!*'(),?:@&=";
-    else                        /* if (t == enc_parm) */
-        allowed = "$-_.+!*'(),?/:@&=";
-
-    if (t == enc_path)
-        reserved = "/";
-    else if (t == enc_search)
-        reserved = "+";
-    else
-        reserved = "";
-
-    y = ap_palloc(p, 3 * len + 1);
-
-    for (i = 0, j = 0; i < len; i++, j++) {
-/* always handle '/' first */
-        ch = x[i];
-        if (strchr(reserved, ch)) {
-            y[j] = ch;
-            continue;
-        }
-/* decode it if not already done */
-        if (isenc != NOT_PROXY && ch == '%') {
-            if (!ap_isxdigit(x[i + 1]) || !ap_isxdigit(x[i + 2]))
-                return NULL;
-            ch = ap_proxy_hex2c(&x[i + 1]);
-            i += 2;
-            if (ch != 0 && strchr(reserved, ch)) {      /* keep it encoded */
-                ap_proxy_c2hex(ch, &y[j]);
-                j += 2;
-                continue;
-            }
-        }
-/* recode it, if necessary */
-        if (!ap_isalnum(ch) && !strchr(allowed, ch)) {
-            ap_proxy_c2hex(ch, &y[j]);
-            j += 2;
-        }
-        else
-            y[j] = ch;
-    }
-    y[j] = '\0';
-    return y;
-}
-
-/*
- * Parses network-location.
- *    urlp           on input the URL; on output the path, after the leading /
- *    user           NULL if no user/password permitted
- *    password       holder for password
- *    host           holder for host
- *    port           port number; only set if one is supplied.
- *
- * Returns an error string.
- */
-char *
-     ap_proxy_canon_netloc(pool *p, char **const urlp, char **userp,
-                                char **passwordp, char **hostp, int *port)
-{
-    int i;
-    char *strp, *host, *url = *urlp;
-    char *user = NULL, *password = NULL;
-    char *t = NULL, *u = NULL, *v = NULL;
-
-    if (url[0] != '/' || url[1] != '/')
-        return "Malformed URL";
-    host = url + 2;
-    url = strchr(host, '/');
-    if (url == NULL)
-        url = "";
-    else
-        *(url++) = '\0';        /* skip seperating '/' */
-
-    /* find _last_ '@' since it might occur in user/password part */
-    strp = strrchr(host, '@');
-
-    if (strp != NULL) {
-        *strp = '\0';
-        user = host;
-        host = strp + 1;
-
-/* find password */
-        strp = strchr(user, ':');
-        if (strp != NULL) {
-            *strp = '\0';
-            password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, STD_PROXY);
-            if (password == NULL)
-                return "Bad %-escape in URL (password)";
-        }
-
-        user = ap_proxy_canonenc(p, user, strlen(user), enc_user, STD_PROXY);
-        if (user == NULL)
-            return "Bad %-escape in URL (username)";
-    }
-    if (userp != NULL) {
-        *userp = user;
-    }
-    if (passwordp != NULL) {
-        *passwordp = password;
-    }
-
-    v = host;
-    if (*host == '['){
-	u = strrchr(host, ']');
-	if (u){
-	    host++;
-	    *u = '\0';
-	    v = u + 1;
-	}
-    }
-    t = strrchr(v, ':');
-    if (t){
-	*t = '\0';
-	strp = t + 1;
-    }
-    if (strp){
-	for (i=0; strp[i] != '\0'; i++)
-	    if (!ap_isdigit(strp[i]))
-		break;
-
-	/* if (i == 0) the no port was given; keep default */
-	if (strp[i] != '\0') {
-	    return "Bad port number in URL";
-	}
-        else if (i > 0) {
-	    *port = atoi(strp);
-	    if (*port > 65535)
-		return "Port number in URL > 65535";
-	}
-    }
-    ap_str_tolower(host);       /* DNS names are case-insensitive */
-    if (*host == '\0')
-        return "Missing host in URL";
-/* check hostname syntax */
-    for (i = 0; host[i] != '\0'; i++)
-	if (!ap_isxdigit(host[i]) && host[i] != '.' && host[i] != ':')
-	    break;
-    /* must be an IP address */
-    if (host[i] == '\0') {
-	struct addrinfo hints, *res0;
-	int gai;
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_flags = AI_NUMERICHOST;
-	if (gai = getaddrinfo(host, NULL, &hints, &res0)) {
-#if 0
-	    return gai_strerror(gai);
-#else
-	    return "Bad IP address in URL";
-#endif
-	}
-	freeaddrinfo(res0);
-    }
-
-/*    if (strchr(host,'.') == NULL && domain != NULL)
-   host = pstrcat(p, host, domain, NULL);
- */
-    *urlp = url;
-    *hostp = host;
-
-    return NULL;
-}
-
-static const char *const lwday[7] =
-{"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"};
-
-/*
- * If the date is a valid RFC 850 date or asctime() date, then it
- * is converted to the RFC 1123 format, otherwise it is not modified.
- * This routine is not very fast at doing conversions, as it uses
- * sscanf and sprintf. However, if the date is already correctly
- * formatted, then it exits very quickly.
- */
-const char *
-     ap_proxy_date_canon(pool *p, const char *x)
-{
-    int wk, mday, year, hour, min, sec, mon;
-    char *q, month[4], zone[4], week[4];
-
-    q = strchr(x, ',');
-    /* check for RFC 850 date */
-    if (q != NULL && q - x > 3 && q[1] == ' ') {
-        *q = '\0';
-        for (wk = 0; wk < 7; wk++)
-            if (strcmp(x, lwday[wk]) == 0)
-                break;
-        *q = ',';
-        if (wk == 7)
-            return x;           /* not a valid date */
-        if (q[4] != '-' || q[8] != '-' || q[11] != ' ' || q[14] != ':' ||
-            q[17] != ':' || strcmp(&q[20], " GMT") != 0)
-            return x;
-        if (sscanf(q + 2, "%u-%3s-%u %u:%u:%u %3s", &mday, month, &year,
-                   &hour, &min, &sec, zone) != 7)
-            return x;
-        if (year < 70)
-            year += 2000;
-        else
-            year += 1900;
-    }
-    else {
-/* check for acstime() date */
-        if (x[3] != ' ' || x[7] != ' ' || x[10] != ' ' || x[13] != ':' ||
-            x[16] != ':' || x[19] != ' ' || x[24] != '\0')
-            return x;
-        if (sscanf(x, "%3s %3s %u %u:%u:%u %u", week, month, &mday, &hour,
-                   &min, &sec, &year) != 7)
-            return x;
-        for (wk = 0; wk < 7; wk++)
-            if (strcmp(week, ap_day_snames[wk]) == 0)
-                break;
-        if (wk == 7)
-            return x;
-    }
-
-/* check date */
-    for (mon = 0; mon < 12; mon++)
-        if (strcmp(month, ap_month_snames[mon]) == 0)
-            break;
-    if (mon == 12)
-        return x;
-
-    q = ap_palloc(p, 30);
-    ap_snprintf(q, 30, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", ap_day_snames[wk], mday,
-                ap_month_snames[mon], year, hour, min, sec);
-    return q;
-}
-
-
-/*
- * Reads headers from a buffer and returns an array of headers.
- * Returns NULL on file error
- * This routine tries to deal with too long lines and continuation lines.
- *
- * Note: Currently the headers are passed through unmerged. This has to be
- * done so that headers which react badly to merging (such as Set-Cookie
- * headers, which contain commas within the date field) do not get stuffed
- * up.
- */
-table *ap_proxy_read_headers(request_rec *r, char *buffer, int size, BUFF *f)
-{
-    table *resp_hdrs;
-    int len;
-    char *value, *end;
-    char field[MAX_STRING_LEN];
-
-    resp_hdrs = ap_make_table(r->pool, 20);
-
-    /*
-     * Read header lines until we get the empty separator line, a read error,
-     * the connection closes (EOF), or we timeout.
-     */
-    while ((len = ap_getline(buffer, size, f, 1)) > 0) {
-
-        if (!(value = strchr(buffer, ':'))) {   /* Find the colon separator */
-
-            /*
-             * Buggy MS IIS servers sometimes return invalid headers (an
-             * extra "HTTP/1.0 200, OK" line sprinkled in between the usual
-             * MIME headers). Try to deal with it in a sensible way, but log
-             * the fact. XXX: The mask check is buggy if we ever see an
-             * HTTP/1.10
-             */
-
-            if (!ap_checkmask(buffer, "HTTP/#.# ###*")) {
-                /* Nope, it wasn't even an extra HTTP header. Give up. */
-                return NULL;
-            }
-
-            ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
-                         "proxy: Ignoring duplicate HTTP status line "
-                         "returned by buggy server %s (%s)", r->uri, r->method);
-            continue;
-        }
-
-        *value = '\0';
-        ++value;
-        /*
-         * XXX: RFC2068 defines only SP and HT as whitespace, this test is
-         * wrong... and so are many others probably.
-         */
-        while (ap_isspace(*value))
-            ++value;            /* Skip to start of value   */
-
-        /* should strip trailing whitespace as well */
-        for (end = &value[strlen(value) - 1]; end > value && ap_isspace(*end); --end)
-            *end = '\0';
-
-        /* make sure we add so as not to destroy duplicated headers */
-        ap_table_add(resp_hdrs, buffer, value);
-
-        /* the header was too long; at the least we should skip extra data */
-        if (len >= size - 1) {
-            while ((len = ap_getline(field, MAX_STRING_LEN, f, 1))
-                   >= MAX_STRING_LEN - 1) {
-                /* soak up the extra data */
-            }
-            if (len == 0)       /* time to exit the larger loop as well */
-                break;
-        }
-    }
-    return resp_hdrs;
-}
-
-/* read data from (socket BUFF*) f, write it to:
- * - c->fp, if it is open
- * - r->connection->client, if nowrite == 0
- */
-
-long int ap_proxy_send_fb(BUFF *f, request_rec *r, cache_req *c, off_t len, int nowrite, int chunked, size_t recv_buffer_size)
-{
-    int ok, end_of_chunk;
-    char *buf;
-    size_t buf_size;
-    long remaining = 0;
-    long total_bytes_rcvd;
-    register int n = 0, o, w;
-    conn_rec *con = r->connection;
-    int alternate_timeouts = 1; /* 1 if we alternate between soft & hard
-                                 * timeouts */
-
-    /* allocate a buffer to store the bytes in */
-    /*
-     * make sure it is at least IOBUFSIZE, as recv_buffer_size may be zero
-     * for system default
-     */
-    buf_size = MAX(recv_buffer_size, IOBUFSIZE);
-    buf = ap_palloc(r->pool, buf_size);
-
-    total_bytes_rcvd = 0;
-    if (c != NULL)
-        c->written = 0;
-
-    /*
-     * Since we are reading from one buffer and writing to another, it is
-     * unsafe to do a soft_timeout here, at least until the proxy has its own
-     * timeout handler which can set both buffers to EOUT.
-     */
-
-    ap_kill_timeout(r);
-
-    /*
-     * CHECKME! Since hard_timeout won't work in unix on sends with partial
-     * cache completion, we have to alternate between hard_timeout for reads,
-     * and soft_timeout for send.  This is because we need to get a return
-     * from ap_bwrite to be able to continue caching. BUT, if we *can't*
-     * continue anyway, just use hard_timeout. (Also, if no cache file is
-     * written, use hard timeouts)
-     */
-
-    if (c == NULL || c->len <= 0 || c->cache_completion == 1.0) {
-        ap_hard_timeout("proxy send body", r);
-        alternate_timeouts = 0;
-    }
-
-    /*
-     * Loop and ap_bread() while we can successfully read and write, or
-     * (after the client aborted) while we can successfully read and finish
-     * the configured cache_completion.
-     */
-    for (end_of_chunk = ok = 1; ok;) {
-        if (alternate_timeouts)
-            ap_hard_timeout("proxy recv body from upstream server", r);
-
-
-        /* read a chunked block */
-        if (chunked) {
-            long chunk_start = 0;
-            n = 0;
-
-            /* start of a new chunk */
-            if (end_of_chunk) {
-                end_of_chunk = 0;
-                /* get the chunk size from the stream */
-                chunk_start = ap_getline(buf, buf_size, f, 0);
-                if ((chunk_start <= 0) || ((size_t)chunk_start + 1 >= buf_size) || !ap_isxdigit(*buf)) {
-                    n = -1;
-                }
-                /* parse the chunk size */
-                else {
-                    remaining = ap_get_chunk_size(buf);
-                    if (remaining == 0) { /* Last chunk indicated, get footers */
-                        /* as we are a proxy, we discard the footers, as the headers
-                         * have already been sent at this point.
-                         */
-                        if (NULL == ap_proxy_read_headers(r, buf, buf_size, f)) {
-                            n = -1;
-                        }
-                    }
-                    else if (remaining < 0) {
-                        n = -1;
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                                      "proxy: remote protocol error, invalid chunk size");
-
-                    }
-                }
-            }
-
-            /* read the chunk */
-            if (remaining > 0) {
-	    	n = ap_bread(f, buf, (int) MIN(buf_size, remaining));
-                if (n > -1) {
-                    remaining -= n;
-                    end_of_chunk = (remaining == 0);
-                }
-            }
-
-            /* soak up trailing CRLF */
-            if (end_of_chunk) {
-                int ch; /* int because it may hold an EOF */
-                /*
-                 * For EBCDIC, the proxy has configured the BUFF layer to
-                 * transparently pass the ascii characters thru (also writing
-                 * an ASCII copy to the cache, where appropriate).
-                 * Therefore, we see here an ASCII-CRLF (\015\012),
-                 * not an EBCDIC-CRLF (\r\n).
-                 */
-                if ((ch = ap_bgetc(f)) == EOF) {
-                    /* Protocol error: EOF detected within chunk */
-                    n = -1;
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                                  "proxy: remote protocol error, eof while reading chunked from proxy");
-                }
-                else
-                {
-                    if (ch == '\015') { /* _ASCII_ CR */
-                        ch = ap_bgetc(f);
-                    }
-                    if (ch != '\012') {
-                        n = -1;
-                    }
-                }
-            }
-        }
-
-        /* otherwise read block normally */
-        else {
-            if (-1 == len) {
-                n = ap_bread(f, buf, buf_size);
-            }
-            else {
-                n = ap_bread(f, buf, (int) MIN(buf_size,
-                                               (len - total_bytes_rcvd)));
-            }
-        }
-
-
-        if (alternate_timeouts)
-            ap_kill_timeout(r);
-        else
-            ap_reset_timeout(r);
-
-        if (n == -1) {          /* input error */
-            if (c != NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                              "proxy: error reading from %s", c->url);
-                c = ap_proxy_cache_error(c);
-            }
-            break;
-        }
-        if (n == 0)
-            break;              /* EOF */
-        o = 0;
-        total_bytes_rcvd += n;
-
-        /* if we've received everything... */
-        /*
-         * in the case of slow frontends and expensive backends, we want to
-         * avoid leaving a backend connection hanging while the frontend
-         * takes it's time to absorb the bytes. so: if we just read the last
-         * block, we close the backend connection now instead of later - it's
-         * no longer needed.
-         */
-        if (total_bytes_rcvd == len) {
-            ap_bclose(f);
-            f = NULL;
-        }
-
-        /* Write to cache first. */
-        /*
-         * @@@ XXX FIXME: Assuming that writing the cache file won't time
-         * out?!!?
-         */
-        if (c != NULL && c->fp != NULL) {
-            if (ap_bwrite(c->fp, &buf[0], n) != n) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                              "proxy: error writing to %s", c->tempfile);
-                c = ap_proxy_cache_error(c);
-            }
-            else {
-                c->written += n;
-            }
-        }
-
-        /* Write the block to the client, detect aborted transfers */
-        while (!nowrite && !con->aborted && n > 0) {
-            if (alternate_timeouts)
-                ap_soft_timeout("proxy send body", r);
-
-            w = ap_bwrite(con->client, &buf[o], n);
-
-            if (alternate_timeouts)
-                ap_kill_timeout(r);
-            else
-                ap_reset_timeout(r);
-
-            if (w <= 0) {
-                if (c != NULL) {
-                    /*
-                     * when a send failure occurs, we need to decide whether
-                     * to continue loading and caching the document, or to
-                     * abort the whole thing
-                     */
-                    ok = (c->len > 0) &&
-                        (c->cache_completion > 0) &&
-                        (c->len * c->cache_completion < total_bytes_rcvd);
-
-                    if (!ok) {
-                        if (c->fp != NULL) {
-                            ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR));
-                            c->fp = NULL;
-                        }
-                        unlink(c->tempfile);
-                        c = NULL;
-                    }
-                }
-                con->aborted = 1;
-                break;
-            }
-            n -= w;
-            o += w;
-        }                       /* while client alive and more data to send */
-
-        /* if we've received everything, leave now */
-        if (total_bytes_rcvd == len)
-            break;
-
-    }                           /* loop and ap_bread while "ok" */
-
-    /* if the backend connection is still open, close it */
-    if (f) {
-        ap_bclose(f);
-    }
-
-    if (!con->aborted) {
-        ap_bflush(con->client);
-    }
-
-    ap_kill_timeout(r);
-
-    r->bytes_sent += total_bytes_rcvd;
-
-    return total_bytes_rcvd;
-}
-
-/*
- * Writes response line and headers to the cache file.
- *
- * If respline is NULL, no response line will be written.
- */
-void ap_proxy_write_headers(cache_req *c, const char *respline, table *t)
-{
-    /* write status line */
-    if (respline && c->fp != NULL &&
-        ap_bvputs(c->fp, respline, CRLF, NULL) == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                      "proxy: error writing status line to %s", c->tempfile);
-        c = ap_proxy_cache_error(c);
-        return;
-    }
-
-    /* write response headers to the cache file */
-    ap_table_do(ap_proxy_send_hdr_line, c, t, NULL);
-
-    /* write terminating CRLF */
-    if (c->fp != NULL && ap_bputs(CRLF, c->fp) == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                      "proxy: error writing CRLF to %s", c->tempfile);
-        c = ap_proxy_cache_error(c);
-    }
-}
-
-
-/*
- * list is a comma-separated list of case-insensitive tokens, with
- * optional whitespace around the tokens.
- * The return returns 1 if the token val is found in the list, or 0
- * otherwise.
- */
-int ap_proxy_liststr(const char *list, const char *key, char **val)
-{
-    int len, i;
-    const char *p;
-    char valbuf[HUGE_STRING_LEN];
-    valbuf[sizeof(valbuf) - 1] = 0;     /* safety terminating zero */
-
-    len = strlen(key);
-
-    while (list != NULL) {
-        p = strchr(list, ',');
-        if (p != NULL) {
-            i = p - list;
-            do
-                p++;
-            while (ap_isspace(*p));
-        }
-        else
-            i = strlen(list);
-
-        while (i > 0 && ap_isspace(list[i - 1]))
-            i--;
-        if (i == len && strncasecmp(list, key, len) == 0) {
-            if (val) {
-                p = strchr(list, ',');
-                while (ap_isspace(*list)) {
-                    list++;
-                }
-                if ('=' == list[0])
-                    list++;
-                while (ap_isspace(*list)) {
-                    list++;
-                }
-                strncpy(valbuf, list, MIN(p - list, sizeof(valbuf) - 1));
-                *val = valbuf;
-            }
-            return 1;
-        }
-        list = p;
-    }
-    return 0;
-}
-
-void ap_proxy_hash(const char *it, char *val, int ndepth, int nlength)
-{
-    AP_MD5_CTX context;
-    unsigned char digest[16];
-    char tmp[22];
-    int i, k, d;
-    unsigned int x;
-    static const char enc_table[64] =
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_@";
-
-    ap_MD5Init(&context);
-    ap_MD5Update(&context, (const unsigned char *)it, strlen(it));
-    ap_MD5Final(digest, &context);
-
-/* encode 128 bits as 22 characters, using a modified uuencoding */
-/* the encoding is 3 bytes -> 4 characters
- * i.e. 128 bits is 5 x 3 bytes + 1 byte -> 5 * 4 characters + 2 characters
- */
-    for (i = 0, k = 0; i < 15; i += 3) {
-        x = (digest[i] << 16) | (digest[i + 1] << 8) | digest[i + 2];
-        tmp[k++] = enc_table[x >> 18];
-        tmp[k++] = enc_table[(x >> 12) & 0x3f];
-        tmp[k++] = enc_table[(x >> 6) & 0x3f];
-        tmp[k++] = enc_table[x & 0x3f];
-    }
-/* one byte left */
-    x = digest[15];
-    tmp[k++] = enc_table[x >> 2];       /* use up 6 bits */
-    tmp[k++] = enc_table[(x << 4) & 0x3f];
-    /* now split into directory levels */
-
-    for (i = k = d = 0; d < ndepth; ++d) {
-        memcpy(&val[i], &tmp[k], nlength);
-        k += nlength;
-        val[i + nlength] = '/';
-        i += nlength + 1;
-    }
-    memcpy(&val[i], &tmp[k], 22 - k);
-    val[i + 22 - k] = '\0';
-}
-
-/*
- * Converts 16 hex digits to a time integer
- */
-int ap_proxy_hex2sec(const char *x)
-{
-    int i, ch;
-    unsigned int j;
-
-    for (i = 0, j = 0; i < 16; i++) {
-        ch = x[i];
-        j <<= 4;
-        if (ap_isdigit(ch))
-            j |= ch - '0';
-        else if (ap_isupper(ch))
-            j |= ch - ('A' - 10);
-        else
-            j |= ch - ('a' - 10);
-    }
-/* no longer necessary, as the source hex is 8-byte int */
-/*    if (j == 0xffffffff)*/
-    /*      return -1;*//* so that it works with 8-byte ints */
-/*    else */
-    return j;
-}
-
-/*
- * Converts a time integer to 16 hex digits
- */
-int ap_proxy_sec2hex(int t, char *y, int len)
-{
-    int i, ch;
-    unsigned int j = t;
-
-    if (-1 == t) {
-        if (strlcpy(y, "FFFFFFFFFFFFFFFF", len) > len)
-		return (-1);
-        return (0);
-    }
-
-    if (len < 17)
-	return (-1);
-
-    for (i = 15; i >= 0; i--) {
-        ch = j & 0xF;
-        j >>= 4;
-        if (ch >= 10)
-            y[i] = ch + ('A' - 10);
-        else
-            y[i] = ch + '0';
-    }
-    y[16] = '\0';
-    return (0);
-}
-
-
-cache_req *ap_proxy_cache_error(cache_req *c)
-{
-    if (c != NULL) {
-        if (c->fp != NULL) {
-            ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR));
-            c->fp = NULL;
-        }
-        if (c->origfp != NULL) {
-            ap_pclosef(c->req->pool, ap_bfileno(c->origfp, B_WR));
-            c->origfp = NULL;
-        }
-        if (c->tempfile)
-            unlink(c->tempfile);
-    }
-    return NULL;
-}
-
-int ap_proxyerror(request_rec *r, int statuscode, const char *message)
-{
-    ap_table_setn(r->notes, "error-notes",
-                  ap_pstrcat(r->pool,
-                             "The proxy server could not handle the request "
-                           "<EM><A HREF=\"", ap_escape_uri(r->pool, r->uri),
-                             "\">", ap_escape_html(r->pool, r->method),
-                             "&nbsp;",
-                          ap_escape_html(r->pool, r->uri), "</A></EM>.<P>\n"
-                             "Reason: <STRONG>",
-                             ap_escape_html(r->pool, message),
-                             "</STRONG>", NULL));
-
-    /* Allow "error-notes" string to be printed by ap_send_error_response() */
-    ap_table_setn(r->notes, "verbose-error-to", ap_pstrdup(r->pool, "*"));
-
-    r->status_line = ap_psprintf(r->pool, "%3.3u Proxy Error", statuscode);
-    return statuscode;
-}
-
-/*
- * This routine returns its own error message
- */
-const char *
-     ap_proxy_host2addr(const char *host, struct hostent * reqhp)
-{
-    int i;
-    struct hostent *hp;
-    struct per_thread_data *ptd = get_per_thread_data();
-
-    for (i = 0; host[i] != '\0'; i++)
-        if (!ap_isdigit(host[i]) && host[i] != '.')
-            break;
-
-    if (host[i] != '\0') {
-        hp = gethostbyname(host);
-        if (hp == NULL)
-            return "Host not found";
-    }
-    else {
-        ptd->ipaddr = ap_inet_addr(host);
-        hp = gethostbyaddr((char *)&ptd->ipaddr, sizeof(ptd->ipaddr), AF_INET);
-        if (hp == NULL) {
-            memset(&ptd->hpbuf, 0, sizeof(ptd->hpbuf));
-            ptd->hpbuf.h_name = 0;
-            ptd->hpbuf.h_addrtype = AF_INET;
-            ptd->hpbuf.h_length = sizeof(ptd->ipaddr);
-            ptd->hpbuf.h_addr_list = ptd->charpbuf;
-            ptd->hpbuf.h_addr_list[0] = (char *)&ptd->ipaddr;
-            ptd->hpbuf.h_addr_list[1] = 0;
-            hp = &ptd->hpbuf;
-        }
-    }
-    *reqhp = *hp;
-    return NULL;
-}
-
-static const char *
-     proxy_get_host_of_request(request_rec *r)
-{
-    char *url, *user = NULL, *password = NULL, *err, *host;
-    int port = -1;
-
-    if (r->hostname != NULL)
-        return r->hostname;
-
-    /* Set url to the first char after "scheme://" */
-    if ((url = strchr(r->uri, ':')) == NULL
-        || url[1] != '/' || url[2] != '/')
-        return NULL;
-
-    url = ap_pstrdup(r->pool, &url[1]); /* make it point to "//", which is
-                                         * what proxy_canon_netloc expects */
-
-    err = ap_proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port);
-
-    if (err != NULL)
-        ap_log_rerror(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, r,
-                      "%s", err);
-
-    r->hostname = host;
-
-    return host;                /* ought to return the port, too */
-}
-
-/* Return TRUE if addr represents an IP address (or an IP network address) */
-int ap_proxy_is_ipaddr(struct dirconn_entry *This, pool *p)
-{
-    const char *addr = This->name;
-    long ip_addr[4];
-    int i, quads;
-    long bits;
-
-    /* if the address is given with an explicit netmask, use that */
-    /* Due to a deficiency in ap_inet_addr(), it is impossible to parse */
-    /* "partial" addresses (with less than 4 quads) correctly, i.e.  */
-    /* 192.168.123 is parsed as 192.168.0.123, which is not what I want. */
-    /* I therefore have to parse the IP address manually: */
-    /*
-     * if (proxy_readmask(This->name, &This->addr.s_addr, &This->mask.s_addr)
-     * == 0)
-     */
-    /* addr and mask were set by proxy_readmask() */
-    /* return 1; */
-
-    /* Parse IP addr manually, optionally allowing */
-    /* abbreviated net addresses like 192.168. */
-
-    /* Iterate over up to 4 (dotted) quads. */
-    for (quads = 0; quads < 4 && *addr != '\0'; ++quads) {
-        char *tmp;
-
-        if (*addr == '/' && quads > 0)  /* netmask starts here. */
-            break;
-
-        if (!ap_isdigit(*addr))
-            return 0;           /* no digit at start of quad */
-
-        ip_addr[quads] = ap_strtol(addr, &tmp, 0);
-
-        if (tmp == addr)        /* expected a digit, found something else */
-            return 0;
-
-        if (ip_addr[quads] < 0 || ip_addr[quads] > 255) {
-            /* invalid octet */
-            return 0;
-        }
-
-        addr = tmp;
-
-        if (*addr == '.' && quads != 3)
-            ++addr;             /* after the 4th quad, a dot would be illegal */
-    }
-
-    for (This->addr.s_addr = 0, i = 0; i < quads; ++i)
-        This->addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
-
-    if (addr[0] == '/' && ap_isdigit(addr[1])) {        /* net mask follows: */
-        char *tmp;
-
-        ++addr;
-
-        bits = ap_strtol(addr, &tmp, 0);
-
-        if (tmp == addr)        /* expected a digit, found something else */
-            return 0;
-
-        addr = tmp;
-
-        if (bits < 0 || bits > 32)      /* netmask must be between 0 and 32 */
-            return 0;
-
-    }
-    else {
-        /* Determine (i.e., "guess") netmask by counting the */
-        /* number of trailing .0's; reduce #quads appropriately */
-        /* (so that 192.168.0.0 is equivalent to 192.168.)        */
-        while (quads > 0 && ip_addr[quads - 1] == 0)
-            --quads;
-
-        /*
-         * "IP Address should be given in dotted-quad form, optionally
-         * followed by a netmask (e.g., 192.168.111.0/24)";
-         */
-        if (quads < 1)
-            return 0;
-
-        /* every zero-byte counts as 8 zero-bits */
-        bits = 8 * quads;
-
-        if (bits != 32)         /* no warning for fully qualified IP address */
-            fprintf(stderr, "Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld\n",
-                    inet_ntoa(This->addr), bits);
-    }
-
-    This->mask.s_addr = htonl(INADDR_NONE << (32 - bits));
-
-    if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) {
-        fprintf(stderr, "Warning: NetMask and IP-Addr disagree in %s/%ld\n",
-                inet_ntoa(This->addr), bits);
-        This->addr.s_addr &= This->mask.s_addr;
-        fprintf(stderr, "         Set to %s/%ld\n",
-                inet_ntoa(This->addr), bits);
-    }
-
-    if (*addr == '\0') {
-        This->matcher = proxy_match_ipaddr;
-        return 1;
-    }
-    else
-        return (*addr == '\0'); /* okay iff we've parsed the whole string */
-}
-
-/* Return TRUE if addr represents an IP address (or an IP network address) */
-static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
-{
-    int i;
-    int ip_addr[4];
-    struct in_addr addr;
-    struct in_addr *ip_list;
-    char **ip_listptr;
-    const char *found;
-    const char *host = proxy_get_host_of_request(r);
-
-    if (host == NULL)           /* oops! */
-        return 0;
-
-    memset(&addr, '\0', sizeof addr);
-    memset(ip_addr, '\0', sizeof ip_addr);
-
-    if (4 == sscanf(host, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3])) {
-        for (addr.s_addr = 0, i = 0; i < 4; ++i)
-            addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
-
-        if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) {
-#if DEBUGGING
-            fprintf(stderr, "1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr));
-            fprintf(stderr, "%s/", inet_ntoa(This->addr));
-            fprintf(stderr, "%s\n", inet_ntoa(This->mask));
-#endif
-            return 1;
-        }
-#if DEBUGGING
-        else {
-            fprintf(stderr, "1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr));
-            fprintf(stderr, "%s/", inet_ntoa(This->addr));
-            fprintf(stderr, "%s\n", inet_ntoa(This->mask));
-        }
-#endif
-    }
-    else {
-        struct hostent the_host;
-
-        memset(&the_host, '\0', sizeof the_host);
-        found = ap_proxy_host2addr(host, &the_host);
-
-        if (found != NULL) {
-#if DEBUGGING
-            fprintf(stderr, "2)IP-NoMatch: hostname=%s msg=%s\n", host, found);
-#endif
-            return 0;
-        }
-
-        if (the_host.h_name != NULL)
-            found = the_host.h_name;
-        else
-            found = host;
-
-        /* Try to deal with multiple IP addr's for a host */
-        for (ip_listptr = the_host.h_addr_list; *ip_listptr; ++ip_listptr) {
-            ip_list = (struct in_addr *)*ip_listptr;
-            if (This->addr.s_addr == (ip_list->s_addr & This->mask.s_addr)) {
-#if DEBUGGING
-                fprintf(stderr, "3)IP-Match: %s[%s] <-> ", found, inet_ntoa(*ip_list));
-                fprintf(stderr, "%s/", inet_ntoa(This->addr));
-                fprintf(stderr, "%s\n", inet_ntoa(This->mask));
-#endif
-                return 1;
-            }
-#if DEBUGGING
-            else {
-                fprintf(stderr, "3)IP-NoMatch: %s[%s] <-> ", found, inet_ntoa(*ip_list));
-                fprintf(stderr, "%s/", inet_ntoa(This->addr));
-                fprintf(stderr, "%s\n", inet_ntoa(This->mask));
-            }
-#endif
-        }
-    }
-
-    return 0;
-}
-
-/* Return TRUE if addr represents a domain name */
-int ap_proxy_is_domainname(struct dirconn_entry *This, pool *p)
-{
-    char *addr = This->name;
-    int i;
-
-    /* Domain name must start with a '.' */
-    if (addr[0] != '.')
-        return 0;
-
-    /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
-    for (i = 0; ap_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i)
-        continue;
-
-    if (addr[i] != '\0')
-        return 0;
-
-    /* Strip trailing dots */
-    for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i)
-        addr[i] = '\0';
-
-    This->matcher = proxy_match_domainname;
-    return 1;
-}
-
-/* Return TRUE if host "host" is in domain "domain" */
-static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r)
-{
-    const char *host = proxy_get_host_of_request(r);
-    int d_len = strlen(This->name), h_len;
-
-    if (host == NULL)           /* some error was logged already */
-        return 0;
-
-    h_len = strlen(host);
-
-    /* @@@ do this within the setup? */
-    /* Ignore trailing dots in domain comparison: */
-    while (d_len > 0 && This->name[d_len - 1] == '.')
-        --d_len;
-    while (h_len > 0 && host[h_len - 1] == '.')
-        --h_len;
-    return h_len > d_len
-        && strncasecmp(&host[h_len - d_len], This->name, d_len) == 0;
-}
-
-/* Return TRUE if addr represents a host name */
-int ap_proxy_is_hostname(struct dirconn_entry *This, pool *p)
-{
-    struct hostent host;
-    char *addr = This->name;
-    int i;
-
-    /* Host names must not start with a '.' */
-    if (addr[0] == '.')
-        return 0;
-
-    /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
-    for (i = 0; ap_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i);
-
-    if (addr[i] != '\0' || ap_proxy_host2addr(addr, &host) != NULL)
-        return 0;
-
-    This->hostentry = ap_pduphostent(p, &host);
-
-    /* Strip trailing dots */
-    for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i)
-        addr[i] = '\0';
-
-    This->matcher = proxy_match_hostname;
-    return 1;
-}
-
-/* Return TRUE if host "host" is equal to host2 "host2" */
-static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r)
-{
-    char *host = This->name;
-    const char *host2 = proxy_get_host_of_request(r);
-    int h2_len;
-    int h1_len;
-
-    if (host == NULL || host2 == NULL)
-        return 0;               /* oops! */
-
-    h2_len = strlen(host2);
-    h1_len = strlen(host);
-
-    /* Ignore trailing dots in host2 comparison: */
-    while (h2_len > 0 && host2[h2_len - 1] == '.')
-        --h2_len;
-    while (h1_len > 0 && host[h1_len - 1] == '.')
-        --h1_len;
-    return h1_len == h2_len
-        && strncasecmp(host, host2, h1_len) == 0;
-}
-
-/* Return TRUE if addr is to be matched as a word */
-int ap_proxy_is_word(struct dirconn_entry *This, pool *p)
-{
-    This->matcher = proxy_match_word;
-    return 1;
-}
-
-/* Return TRUE if string "str2" occurs literally in "str1" */
-static int proxy_match_word(struct dirconn_entry *This, request_rec *r)
-{
-    const char *host = proxy_get_host_of_request(r);
-    return host != NULL && strstr(host, This->name) != NULL;
-}
-
-int ap_proxy_doconnect(int sock, struct sockaddr *addr, request_rec *r)
-{
-    int i;
-    int salen;
-    char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
-#ifdef NI_WITHSCOPEID
-    const int niflags = NI_NUMERICHOST | NI_NUMERICSERV | NI_WITHSCOPEID;
-#else
-    const int niflags = NI_NUMERICHOST | NI_NUMERICSERV;
-#endif
-
-    ap_hard_timeout("proxy connect", r);
-#ifdef HAVE_SOCKADDR_LEN
-    salen = addr->sa_len;
-#else
-    switch (addr->sa_family) {
-    case AF_INET6:
-	salen = sizeof(struct sockaddr_in6);
-	break;
-    default:
-	salen = sizeof(struct sockaddr_in);
-	break;
-    }
-#endif
-    do {
-	i = connect(sock,  addr, salen);
-    } while (i == -1 && errno == EINTR);
-    if (i == -1) {
-	if (getnameinfo(addr, salen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),
-		niflags) != 0) {
-	    strcpy(hbuf, "?");
-	    strcpy(pbuf, "?");
-	}
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "proxy connect to %s port %s failed", hbuf, pbuf);
-    }
-    ap_kill_timeout(r);
-
-    return i;
-}
-
-/* This function is called by ap_table_do() for all header lines
- * (from proxy_http.c and proxy_ftp.c)
- * It is passed a cache_req struct pointer and a MIME field and value pair
- */
-int ap_proxy_send_hdr_line(void *p, const char *key, const char *value)
-{
-    cache_req *c = (cache_req *)p;
-
-    if (key == NULL || value == NULL || value[0] == '\0')
-        return 1;
-    if (c->fp != NULL &&
-        ap_bvputs(c->fp, key, ": ", value, CRLF, NULL) == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                      "proxy: error writing header to %s", c->tempfile);
-        c = ap_proxy_cache_error(c);
-        return 0;               /* no need to continue, it failed already */
-    }
-    return 1;                   /* tell ap_table_do() to continue calling us
-                                 * for more headers */
-}
-
-/* send a text line to one or two BUFF's; return line length */
-unsigned ap_proxy_bputs2(const char *data, BUFF *client, cache_req *cache)
-{
-    unsigned len = ap_bputs(data, client);
-    if (cache != NULL && cache->fp != NULL)
-        ap_bputs(data, cache->fp);
-    return len;
-}
-
-/* do a HTTP/1.1 age calculation */
-time_t ap_proxy_current_age(cache_req *c, const time_t age_value)
-{
-    time_t apparent_age, corrected_received_age, response_delay, corrected_initial_age,
-           resident_time, current_age;
-
-    /* Perform an HTTP/1.1 age calculation. (RFC2616 13.2.3) */
-
-    apparent_age = MAX(0, c->resp_time - c->date);
-    corrected_received_age = MAX(apparent_age, age_value);
-    response_delay = c->resp_time - c->req_time;
-    corrected_initial_age = corrected_received_age + response_delay;
-    resident_time = time(NULL) - c->resp_time;
-    current_age = corrected_initial_age + resident_time;
-
-    return (current_age);
-}
-
-/* open a cache file and return a pointer to a BUFF */
-BUFF *ap_proxy_open_cachefile(request_rec *r, char *filename)
-{
-    BUFF *cachefp = NULL;
-    int cfd;
-
-    if (filename != NULL) {
-        cfd = open(filename, O_RDWR | O_BINARY);
-        if (cfd != -1) {
-            ap_note_cleanups_for_fd(r->pool, cfd);
-            cachefp = ap_bcreate(r->pool, B_RD | B_WR);
-            ap_bpushfd(cachefp, cfd, cfd);
-        }
-        else if (errno != ENOENT)
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "proxy: error opening cache file %s",
-                          filename);
-        else
-            ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "File %s not found", filename);
-
-    }
-    return cachefp;
-}
-
-/* create a cache file and return a pointer to a BUFF */
-BUFF *ap_proxy_create_cachefile(request_rec *r, char *filename)
-{
-    BUFF *cachefp = NULL;
-    int cfd;
-
-    if (filename != NULL) {
-        cfd = open(filename, O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0622);
-        if (cfd != -1) {
-            ap_note_cleanups_for_fd(r->pool, cfd);
-            cachefp = ap_bcreate(r->pool, B_WR);
-            ap_bpushfd(cachefp, -1, cfd);
-        }
-        else if (errno != ENOENT)
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "proxy: error creating cache file %s",
-                          filename);
-    }
-    return cachefp;
-}
-
-/* Clear all connection-based headers from headers table */
-void ap_proxy_clear_connection(pool *p, table *headers)
-{
-    const char *name;
-    char *next = ap_pstrdup(p, ap_table_get(headers, "Connection"));
-
-    /* Some proxies (Squid, ICS) use the non-standard "Proxy-Connection" header. */
-    ap_table_unset(headers, "Proxy-Connection");
-
-    if (next != NULL) {
-        while (*next) {
-            name = next;
-            while (*next && !ap_isspace(*next) && (*next != ','))
-                ++next;
-            while (ap_isspace(*next) || (*next == ',')) {
-                *next = '\0';
-                ++next;
-            }
-            ap_table_unset(headers, name);
-        }
-        ap_table_unset(headers, "Connection");
-    }
-
-    /* unset hop-by-hop headers defined in RFC2616 13.5.1 */
-    ap_table_unset(headers,"Keep-Alive");
-    /*
-     * XXX: @@@ FIXME: "Proxy-Authenticate" should IMO *not* be stripped
-     * because in a chain of proxies some "front" proxy might need
-     * proxy authentication, while a "back-end" proxy which needs none can
-     * simply pass the "Proxy-Authenticate" back to the client, and pass
-     * the client's "Proxy-Authorization" to the front-end proxy.
-     * (See the note in proxy_http.c for the "Proxy-Authorization" case.)
-     *
-     *   MnKr 04/2002
-     */
-    ap_table_unset(headers,"Proxy-Authenticate");
-    ap_table_unset(headers,"TE");
-    ap_table_unset(headers,"Trailer");
-    /* it is safe to just chop the transfer-encoding header
-     * here, because proxy doesn't support any other encodings
-     * to the backend other than chunked.
-     */
-    ap_table_unset(headers,"Transfer-Encoding");
-    ap_table_unset(headers,"Upgrade");
-
-}
-
-/* overlay one table on another
- * keys in base will be replaced by keys in overlay
- *
- * Note: this has to be done in a special way, due
- * to some nastiness when it comes to having multiple
- * headers in the overlay table. First, we remove all
- * the headers in the base table that are found in the
- * overlay table, then we simply concatenate the
- * tables together.
- *
- * The base and overlay tables need not be in the same
- * pool (and probably won't be).
- *
- * If the base table is changed in any way through
- * being overlayed with the overlay table, this
- * function returns a 1.
- */
-int ap_proxy_table_replace(table *base, table *overlay)
-{
-    table_entry *elts = (table_entry *)overlay->a.elts;
-    int i, q = 0;
-    const char *val;
-
-    /* remove overlay's keys from base */
-    for (i = 0; i < overlay->a.nelts; ++i) {
-        val = ap_table_get(base, elts[i].key);
-        if (!val || strcmp(val, elts[i].val)) {
-            q = 1;
-        }
-        if (val) {
-            ap_table_unset(base, elts[i].key);
-        }
-    }
-
-    /* add overlay to base */
-    for (i = 0; i < overlay->a.nelts; ++i) {
-        ap_table_add(base, elts[i].key, elts[i].val);
-    }
-
-    return q;
-}
-
-/* read the response line
- * This function reads a single line of response from the server,
- * and returns a status code.
- * It also populates the request_rec with the resultant status, and
- * returns backasswards status (HTTP/0.9).
- */
-int ap_proxy_read_response_line(BUFF *f, request_rec *r, char *buffer, int size, int *backasswards, int *major, int *minor) {
-
-    long len;
-
-    len = ap_getline(buffer, size-1, f, 0);
-    if (len == -1) {
-        ap_bclose(f);
-        ap_kill_timeout(r);
-        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                             "Error reading from remote server");
-    }
-    else if (len == 0) {
-        ap_bclose(f);
-        ap_kill_timeout(r);
-        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                             "Document contains no data");
-    }
-
-    /*
-     * Is it an HTTP/1 response? Do some sanity checks on the response. (This
-     * is buggy if we ever see an HTTP/1.10)
-     */
-    if (ap_checkmask(buffer, "HTTP/#.# ###*")) {
-
-        if (2 != sscanf(buffer, "HTTP/%u.%u", major, minor)) {
-            /* if no response, default to HTTP/1.1 - is this correct? */
-            *major = 1;
-            *minor = 1;
-        }
-
-        /* If not an HTTP/1 message */
-        if (*major < 1) {
-            ap_bclose(f);
-            ap_kill_timeout(r);
-            return HTTP_BAD_GATEWAY;
-        }
-        *backasswards = 0;
-
-        /* there need not be a reason phrase in the response,
-	 * and ap_getline() already deleted trailing whitespace.
-	 * But RFC2616 requires a SP after the Status-Code. Add one:
-	 */
-	if (strlen(buffer) < sizeof("HTTP/1.x 200 ")-1)
-	  buffer = ap_pstrcat(r->pool, buffer, " ", NULL);
-        buffer[12] = '\0';
-        r->status = atoi(&buffer[9]);
-        buffer[12] = ' ';
-        r->status_line = ap_pstrdup(r->pool, &buffer[9]);
-
-        /* if the response was 100 continue, soak up any headers */
-        if (r->status == 100) {
-            ap_proxy_read_headers(r, buffer, size, f);
-        }
-
-    }
-    else {
-
-        /* an http/0.9 response */
-        *backasswards = 1;
-        r->status = 200;
-        r->status_line = "200 OK";
-        *major = 0;
-        *minor = 9;
-
-    }
-
-    return OK;
-
-}
-
-static struct per_thread_data *get_per_thread_data(void)
-{
-    static APACHE_TLS struct per_thread_data sptd;
-    return &sptd;
-}
diff --git a/usr.sbin/httpd/src/modules/ssl/Makefile.libdir b/usr.sbin/httpd/src/modules/ssl/Makefile.libdir
deleted file mode 100644
index a4a4c32080a..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/Makefile.libdir
+++ /dev/null
@@ -1,15 +0,0 @@
-##                      _             _ 
-##  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-## | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-## | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-## |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-##                      |_____|         
-##  Makefile.libdir 
-##  Apache 1.3 Configuration mechanism indicator file
-##
-
-This is a place-holder which indicates to Apache's Configure script that it
-shouldn't provide the default targets when building the Makefile in this
-directory.  Instead it'll just prepend all the important variable definitions,
-and copy the Makefile.tmpl onto the end.
-
diff --git a/usr.sbin/httpd/src/modules/ssl/Makefile.tmpl b/usr.sbin/httpd/src/modules/ssl/Makefile.tmpl
deleted file mode 100644
index b0dd6a2203f..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/Makefile.tmpl
+++ /dev/null
@@ -1,537 +0,0 @@
-##                      _             _ 
-##  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-## | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-## | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-## |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-##                      |_____|         
-##  Makefile.tmpl 
-##  Apache 1.3 Makefile template for SSL module (Unix environment)
-##
-
-##  ====================================================================
-##  Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
-## 
-##  Redistribution and use in source and binary forms, with or without
-##  modification, are permitted provided that the following conditions
-##  are met:
-## 
-##  1. Redistributions of source code must retain the above copyright
-##     notice, this list of conditions and the following disclaimer. 
-## 
-##  2. Redistributions in binary form must reproduce the above copyright
-##     notice, this list of conditions and the following
-##     disclaimer in the documentation and/or other materials
-##     provided with the distribution.
-## 
-##  3. All advertising materials mentioning features or use of this
-##     software must display the following acknowledgment:
-##     "This product includes software developed by 
-##      Ralf S. Engelschall <rse@engelschall.com> for use in the
-##      mod_ssl project (http://www.modssl.org/)."
-## 
-##  4. The names "mod_ssl" must not be used to endorse or promote
-##     products derived from this software without prior written
-##     permission. For written permission, please contact
-##     rse@engelschall.com.
-## 
-##  5. Products derived from this software may not be called "mod_ssl"
-##     nor may "mod_ssl" appear in their names without prior
-##     written permission of Ralf S. Engelschall.
-## 
-##  6. Redistributions of any form whatsoever must retain the following
-##     acknowledgment:
-##     "This product includes software developed by 
-##      Ralf S. Engelschall <rse@engelschall.com> for use in the
-##      mod_ssl project (http://www.modssl.org/)."
-## 
-##  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-##  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-##  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-##  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-##  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-##  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-##  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-##  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-##  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-##  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-##  OF THE POSSIBILITY OF SUCH DAMAGE.
-##  ====================================================================
-##
-                             #
-                             # ``I cannot write a program which is
-                             #   as popular as one from Larry Wall.
-                             #   But I can write one which is from me.''
-                             #                     -- RSE
-
-LIB=libssl.$(LIBEXT)
-
-OBJS=\
- mod_ssl.o\
- ssl_engine_config.o\
- ssl_engine_compat.o\
- ssl_engine_ds.o\
- ssl_engine_dh.o\
- ssl_engine_init.o\
- ssl_engine_kernel.o\
- ssl_engine_rand.o\
- ssl_engine_io.o\
- ssl_engine_log.o\
- ssl_engine_mutex.o\
- ssl_engine_pphrase.o\
- ssl_engine_vars.o\
- ssl_engine_ext.o\
- ssl_scache.o\
- ssl_scache_dbm.o\
- ssl_scache_shmht.o\
- ssl_scache_shmcb.o\
- ssl_expr.o\
- ssl_expr_scan.o\
- ssl_expr_parse.o\
- ssl_expr_eval.o\
- ssl_util.o\
- ssl_util_ssl.o\
- ssl_util_table.o\
- $(SSL_VENDOR_OBJS)
-
-OBJS_PIC=\
- mod_ssl.lo\
- ssl_engine_config.lo\
- ssl_engine_compat.lo\
- ssl_engine_ds.lo\
- ssl_engine_dh.lo\
- ssl_engine_init.lo\
- ssl_engine_kernel.lo\
- ssl_engine_rand.lo\
- ssl_engine_io.lo\
- ssl_engine_log.lo\
- ssl_engine_mutex.lo\
- ssl_engine_pphrase.lo\
- ssl_engine_vars.lo\
- ssl_engine_ext.lo\
- ssl_scache.lo\
- ssl_scache_dbm.lo\
- ssl_scache_shmht.lo\
- ssl_scache_shmcb.lo\
- ssl_expr.lo\
- ssl_expr_scan.lo\
- ssl_expr_parse.lo\
- ssl_expr_eval.lo\
- ssl_util.lo\
- ssl_util_ssl.lo\
- ssl_util_table.lo\
- $(SSL_VENDOR_OBJS_PIC)
-
-##
-##  END-USER AREA
-##
-
-all: lib
-
-lib: $(LIB)
-
-libssl.a: $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-libssl.so: $(OBJS_PIC)
-	rm -f $@
-	$(LD_SHLIB) $(SSL_LDFLAGS) $(LDFLAGS_SHLIB) -o $@ $(OBJS_PIC) $(SSL_LIBS) $(LIBS_SHLIB) 
-
-.SUFFIXES: .o .lo
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $(SSL_CFLAGS) $(SSL_VERSION) $<
-
-.c.lo:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $(CFLAGS_SHLIB) $(SSL_CFLAGS) $(SSL_VERSION) $< && mv $*.o $*.lo
-
-clean:
-	rm -f $(OBJS) $(OBJS_PIC) 
-	rm -f libssl.a libssl.so
-
-realclean: clean
-	rm -f ssl_expr_parse.c ssl_expr_parse.h
-	rm -f ssl_expr_scan.c
-	rm -f stamp_parse
-
-distclean: clean
-	-rm -f Makefile
-
-##
-##  DEVELOPER AREA
-##  We really don't expect end users to use these targets!
-##
-
-ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
-	flex -Pssl_expr_yy -s -B ssl_expr_scan.l
-	sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
-
-stamp_parse: ssl_expr_parse.y
-	yacc -d ssl_expr_parse.y
-	touch $@
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
-	    <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
-
-ssl_expr_parse.c ssl_expr_parse.h: stamp_parse
-	yacc -d ssl_expr_parse.y
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
-	    <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
-
-nocons:
-	@$(MAKE) $(MFLAGS) $(MFLAGS_STATIC) \
-	     SSL_CFLAGS="`echo $(SSL_CFLAGS) |\
-	     sed -e 's;-DSSL_CONSERVATIVE;;'`" all
-
-cons:
-	@$(MAKE) $(MFLAGS) $(MFLAGS_STATIC) \
-	     SSL_CFLAGS="`echo $(SSL_CFLAGS) |\
-	     sed -e 's;-DSSL_CONSERVATIVE;;' \
-	         -e 's;^;-DSSL_CONSERVATIVE ;'`" all
-noexp:
-	@$(MAKE) $(MFLAGS) $(MFLAGS_STATIC) \
-	     SSL_CFLAGS="`echo $(SSL_CFLAGS) |\
-	     sed -e 's;-DSSL_EXPERIMENTAL;;'`" all
-
-exp:
-	@$(MAKE) $(MFLAGS) $(MFLAGS_STATIC) \
-	     SSL_CFLAGS="`echo $(SSL_CFLAGS) |\
-	     sed -e 's;-DSSL_EXPERIMENTAL;;' \
-	         -e 's;^;-DSSL_EXPERIMENTAL ;'`" all
-
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) $(SSL_CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s; $(INCDIR)/; $$(INCDIR)/;g' \
-	           -e '1,$$s; $(OSDIR)/; $$(OSDIR)/;g' \
-	           -e '1,$$s;^\([a-z0-9_]*\)\.o:;\1.o \1.lo:;g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-##
-##  DEPENDENCY AREA
-##
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_ssl.o mod_ssl.lo: mod_ssl.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_compat.o ssl_engine_compat.lo: ssl_engine_compat.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_config.o ssl_engine_config.lo: ssl_engine_config.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_dh.o ssl_engine_dh.lo: ssl_engine_dh.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_ds.o ssl_engine_ds.lo: ssl_engine_ds.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_ext.o ssl_engine_ext.lo: ssl_engine_ext.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_init.o ssl_engine_init.lo: ssl_engine_init.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_io.o ssl_engine_io.lo: ssl_engine_io.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_kernel.o ssl_engine_kernel.lo: ssl_engine_kernel.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_log.o ssl_engine_log.lo: ssl_engine_log.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_mutex.o ssl_engine_mutex.lo: ssl_engine_mutex.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_pphrase.o ssl_engine_pphrase.lo: ssl_engine_pphrase.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_rand.o ssl_engine_rand.lo: ssl_engine_rand.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_vars.o ssl_engine_vars.lo: ssl_engine_vars.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_expr.o ssl_expr.lo: ssl_expr.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_expr_eval.o ssl_expr_eval.lo: ssl_expr_eval.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_expr_parse.o ssl_expr_parse.lo: ssl_expr_parse.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_expr_scan.o ssl_expr_scan.lo: ssl_expr_scan.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h \
- ssl_expr_parse.h
-ssl_scache.o ssl_scache.lo: ssl_scache.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_scache_dbm.o ssl_scache_dbm.lo: ssl_scache_dbm.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_scache_shmcb.o ssl_scache_shmcb.lo: ssl_scache_shmcb.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_scache_shmht.o ssl_scache_shmht.lo: ssl_scache_shmht.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_util.o ssl_util.lo: ssl_util.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_util_sdbm.o ssl_util_sdbm.lo: ssl_util_sdbm.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_util_ssl.o ssl_util_ssl.lo: ssl_util_ssl.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_util_table.o ssl_util_table.lo: ssl_util_table.c ssl_util_table.h
diff --git a/usr.sbin/httpd/src/modules/ssl/README b/usr.sbin/httpd/src/modules/ssl/README
deleted file mode 100644
index ca9e225bf83..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/README
+++ /dev/null
@@ -1,163 +0,0 @@
-                      _             _ 
-  _ __ ___   ___   __| |    ___ ___| |
- | '_ ` _ \ / _ \ / _` |   / __/ __| | 
- | | | | | | (_) | (_| |   \__ \__ \ | ``mod_ssl combines the flexibility of
- |_| |_| |_|\___/ \__,_|___|___/___/_|   Apache with the security of OpenSSL.''
-                      |_____|                                           
- mod_ssl                               ``Ralf Engelschall has released an
- Apache Interface to OpenSSL             excellent module that integrates
- http://www.modssl.org/                  Apache and SSLeay.''                 
- Version 2.8                                               -- Tim J. Hudson
-
- SYNOPSIS
-
- This Apache module provides strong cryptography for the Apache 1.3 webserver
- via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
- v1) protocols by the help of the SSL/TLS implementation library OpenSSL which
- is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package
- was created in April 1998 by Ralf S. Engelschall and was originally derived
- from software developed by Ben Laurie for use in the Apache-SSL HTTP server
- project. 
-
- SOURCES
-
- Here is a short overview of the source files:
-
-   Makefile.libdir ......... dummy for Apache config mechanism
-   Makefile.tmpl ........... Makefile template for Unix  platform
-   Makefile.win32 .......... Makefile template for Win32 platform
-   libssl.module ........... stub called from the Apache config mechanism
-   libssl.version .......... file containing the mod_ssl version information
-   mod_ssl.c ............... main source file containing API structures
-   mod_ssl.h ............... common header file of mod_ssl
-   ssl_engine_compat.c ..... backward compatibility support
-   ssl_engine_config.c ..... module configuration handling
-   ssl_engine_dh.c ......... DSA/DH support
-   ssl_engine_ds.c ......... data structures
-   ssl_engine_ext.c ........ Extensions to other Apache parts
-   ssl_engine_init.c ....... module initialization
-   ssl_engine_io.c ......... I/O support
-   ssl_engine_kernel.c ..... SSL engine kernel
-   ssl_engine_log.c ........ logfile support
-   ssl_engine_mutex.c ...... mutual exclusion support
-   ssl_engine_pphrase.c .... pass-phrase handling
-   ssl_engine_rand.c ....... PRNG support
-   ssl_engine_vars.c ....... Variable Expansion support
-   ssl_expr.c .............. expression handling main source
-   ssl_expr.h .............. expression handling common header
-   ssl_expr_scan.c ......... expression scanner automaton (pre-generated)
-   ssl_expr_scan.l ......... expression scanner source
-   ssl_expr_parse.c ........ expression parser automaton  (pre-generated)
-   ssl_expr_parse.h ........ expression parser header     (pre-generated)
-   ssl_expr_parse.y ........ expression parser source
-   ssl_expr_eval.c ......... expression machine evaluation
-   ssl_scache.c ............ session cache abstraction layer
-   ssl_scache_dbm.c ........ session cache via DBM file
-   ssl_scache_shmcb.c ...... session cache via shared memory cyclic buffer
-   ssl_scache_shmht.c ...... session cache via shared memory hash table
-   ssl_util.c .............. utility functions
-   ssl_util_ssl.c .......... the OpenSSL companion source
-   ssl_util_ssl.h .......... the OpenSSL companion header
-   ssl_util_sdbm.c ......... the SDBM library source
-   ssl_util_sdbm.h ......... the SDBM library header
-   ssl_util_table.c ........ the hash table library source
-   ssl_util_table.h ........ the hash table library header
-
- The source files are written in clean ANSI C and pass the ``gcc -O -g
- -ggdb3 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
- -Wmissing-declarations -Wnested-externs -Winline'' compiler test
- (assuming `gcc' is GCC 2.95.2 or newer) without any complains. When
- you make changes or additions make sure the source still passes this
- compiler test.
-
- FUNCTIONS
-  
- Inside the source code you will be confronted with the following types of
- functions which can be identified by their prefixes:
-
-   ap_xxxx() ............... Apache API function
-   ssl_xxxx() .............. mod_ssl function
-   SSL_xxxx() .............. OpenSSL function (SSL library)
-   OpenSSL_xxxx() .......... OpenSSL function (SSL library)
-   X509_xxxx() ............. OpenSSL function (Crypto library)
-   PEM_xxxx() .............. OpenSSL function (Crypto library)
-   EVP_xxxx() .............. OpenSSL function (Crypto library)
-   RSA_xxxx() .............. OpenSSL function (Crypto library)
-
- DATA STRUCTURES
-
- Inside the source code you will be confronted with the following
- data structures:
-
-   ap_ctx .................. Apache EAPI Context
-   server_rec .............. Apache (Virtual) Server
-   conn_rec ................ Apache Connection
-   BUFF .................... Apache Connection Buffer
-   request_rec ............. Apache Request
-   SSLModConfig ............ mod_ssl (Global)  Module Configuration
-   SSLSrvConfig ............ mod_ssl (Virtual) Server Configuration
-   SSLDirConfig ............ mod_ssl Directory Configuration
-   SSL_CTX ................. OpenSSL Context
-   SSL_METHOD .............. OpenSSL Protocol Method
-   SSL_CIPHER .............. OpenSSL Cipher
-   SSL_SESSION ............. OpenSSL Session
-   SSL ..................... OpenSSL Connection
-   BIO ..................... OpenSSL Connection Buffer
-
- For an overview how these are related and chained together have a look at the
- page in README.dsov.{fig,ps}. It contains overview diagrams for those data
- structures. It's designed for DIN A4 paper size, but you can easily generate
- a smaller version inside XFig by specifing a magnification on the Export
- panel.
-
- EXPERIMENTAL CODE
-
- Experimental code is always encapsulated as following:
-
-   | #ifdef SSL_EXPERIMENTAL_xxxx
-   | ...
-   | #endif
-
- This way it is only compiled in when this define is enabled with
- the APACI --enable-rule=SSL_EXPERIMENTAL option and as long as the
- C pre-processor variable SSL_EXPERIMENTAL_xxxx_IGNORE is _NOT_
- defined (via CFLAGS). Or in other words: SSL_EXPERIMENTAL enables all
- SSL_EXPERIMENTAL_xxxx variables, except if SSL_EXPERIMENTAL_xxxx_IGNORE
- is already defined. Currently the following features are experimental:
-
-   o SSL_EXPERIMENTAL_PERDIRCA
-     The ability to use SSLCACertificateFile and SSLCACertificatePath
-     in a per-directory context (.htaccess). This is provided by some nasty
-     reconfiguration hacks until OpenSSL has better support for this. It
-     should work on non-multithreaded platforms (all but Win32).
-
-   o SSL_EXPERIMENTAL_PROXY
-     The ability to use various additional SSLProxyXXX directives in
-     oder to control extended client functionality in the HTTPS proxy
-     code.
-
-   o SSL_EXPERIMENTAL_ENGINE
-     The ability to support the new forthcoming OpenSSL ENGINE stuff.
-     Until this development branch of OpenSSL is merged into the main
-     stream, you have to use openssl-engine-0.9.x.tar.gz for this.
-     mod_ssl automatically recognizes this OpenSSL variant and then can
-     activate external crypto devices through SSLCryptoDevice directive.
-
- VENDOR EXTENSIONS
-
- Inside the mod_ssl sources you can enable various EAPI vendor hooks
- (`ap::mod_ssl::vendor::xxxx') by using the APACI --enable-rule=SSL_VENDOR
- option.  These hooks can be used to change or extend mod_ssl by a vendor
- without patching the source code. Grep for `ap::mod_ssl::vendor::'.
- Additionally vendors can add their own source code to files named
- ssl_vendor.c, ssl_vendor_XXX.c, etc.  The libssl.module script automatically
- picks these up under configuration time and mod_ssl under run-time calls the
- functions `void ssl_vendor_register(void)' and `void
- ssl_vendor_unregister(void)' inside these objects to bootstrap them.
-
- An ssl_vendor.c should at least contain the following contents:
-
-   |  #include "mod_ssl.h"
-   |  void ssl_vendor_register(void) { return; }
-   |  void ssl_vendor_unregister(void) { return; }
-
diff --git a/usr.sbin/httpd/src/modules/ssl/README.dsov.fig b/usr.sbin/httpd/src/modules/ssl/README.dsov.fig
deleted file mode 100644
index d8d03db247c..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/README.dsov.fig
+++ /dev/null
@@ -1,346 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Metric
-Letter  
-100.00
-Single
--2
-1200 2
-0 32 #616561
-0 33 #b6b2b6
-0 34 #f7f3f7
-0 35 #cfcfcf
-0 36 #ffffff
-6 6345 2835 7155 3150
-6 6345 2970 7110 3150
-4 0 0 200 0 20 8 0.0000 4 120 585 6345 3105 "ssl_module")\001
--6
-4 0 0 200 0 20 8 0.0000 4 120 660 6345 2970 ap_ctx_get(...,\001
--6
-6 10800 2610 12240 3060
-4 0 0 200 0 20 8 0.0000 4 120 1170 10800 2745 ap_get_module_config(...\001
-4 0 0 200 0 20 8 0.0000 4 120 795 10800 2880 ->per_dir_config,\001
-4 0 0 200 0 20 8 0.0000 4 120 585 10800 3015 &ssl_module)\001
--6
-6 7920 4770 9135 4995
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 9135 4995 7920 4995 7920 4770 9135 4770 9135 4995
-4 0 0 100 0 18 12 0.0000 4 180 1065 8010 4950 request_rec\001
--6
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 6975 3330 7425 2520
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 7200 4230 9450 2520
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 7875 4905 7200 5220
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 6750 5130 6750 4545
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 6705 5445 7155 6120
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 7875 4815 7200 4590
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9585 2565 11475 4230
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 10170 5130 11835 4545
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 7920 6075 9855 5400
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9990 5445 10935 5625
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 10215 5310 10935 5310
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 11925 4590 11925 5085
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9810 5490 9810 6840
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9945 5445 10935 6030
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 8865 4725 10800 2565
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 675 6075 5850 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 675 6525 675 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 5850 6075 5850 6525
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 900 5625 5625 5625
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 1125 5175 5400 5175
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 1350 4725 5175 4725
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 1575 4275 4950 4275
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 1800 3825 4725 3825
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2025 3375 4500 3375
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2250 2925 4275 2925
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2475 2475 4050 2475
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2700 2025 3825 2025
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2925 1575 3600 1575
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 900 6075 900 5625
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 1125 6525 1125 5175
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 1350 5175 1350 4725
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 1575 4725 1575 4275
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 1800 6525 1800 3825
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2025 3825 2025 3375
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2250 3375 2250 2925
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2475 2925 2475 2475
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 5625 5625 5625 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 5400 5175 5400 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 5175 4725 5175 5175
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4950 4275 4950 4725
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4725 3825 4725 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4500 3375 4500 3825
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4275 2925 4275 3375
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4050 2475 4050 2925
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2700 6525 2700 2025
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 3825 2025 3825 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 3600 1575 3600 2025
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2925 2025 2925 1575
-2 1 0 4 0 0 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 4.00 60.00 120.00
-	 540 6525 6300 6525
-2 3 0 1 7 7 800 0 20 0.000 0 0 -1 0 0 9
-	 675 6525 5850 6525 5850 6075 5625 6075 5625 5625 900 5625
-	 900 6075 675 6075 675 6525
-2 3 0 1 34 34 700 0 20 0.000 0 0 -1 0 0 13
-	 1125 6525 5355 6525 5400 5175 5175 5175 5175 4725 4950 4725
-	 4950 4275 1575 4275 1575 4725 1350 4725 1350 5175 1125 5175
-	 1125 6525
-2 3 0 1 35 35 500 0 20 0.000 0 0 -1 0 0 17
-	 1800 6525 4725 6525 4725 3825 4500 3825 4500 3375 4275 3375
-	 4275 2925 4050 2925 4050 2475 2475 2475 2475 2925 2250 2925
-	 2250 3375 2025 3375 2025 3825 1800 3825 1800 6525
-2 3 0 1 33 33 400 0 20 0.000 0 0 -1 0 0 9
-	 2700 6525 3825 6525 3825 2025 3600 2025 3600 1575 2925 1575
-	 2925 2025 2700 2025 2700 6525
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
-	2 0 1.00 60.00 120.00
-	2 0 1.00 60.00 120.00
-	 2700 6750 3825 6750
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
-	2 0 1.00 60.00 120.00
-	2 0 1.00 60.00 120.00
-	 1125 7200 5400 7200
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
-	2 0 1.00 60.00 120.00
-	2 0 1.00 60.00 120.00
-	 1800 6975 4725 6975
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
-	2 0 1.00 60.00 120.00
-	2 0 1.00 60.00 120.00
-	 675 7425 5850 7425
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 675 6570 675 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 1125 6570 1125 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 1800 6570 1800 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 2700 6570 2700 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 3825 6570 3825 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 4725 6570 4725 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 5400 6570 5400 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 5850 6570 5850 7650
-2 4 0 2 0 7 100 0 -1 0.000 0 0 20 0 0 5
-	 12600 8550 450 8550 450 225 12600 225 12600 8550
-2 4 0 1 0 34 200 0 20 0.000 0 0 20 0 0 5
-	 12600 1350 450 1350 450 225 12600 225 12600 1350
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 10170 2475 8775 2475 8775 2250 10170 2250 10170 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 11925 2475 10575 2475 10575 2250 11925 2250 11925 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12375 4500 11430 4500 11430 4275 12375 4275 12375 4500
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12375 5400 10980 5400 10980 5175 12375 5175 12375 5400
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 10170 5400 9675 5400 9675 5175 10170 5175 10170 5400
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 7875 6300 7200 6300 7200 6075 7875 6075 7875 6300
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 8190 2475 6750 2475 6750 2250 8190 2250 8190 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 7605 3600 6300 3600 6300 3375 7605 3375 7605 3600
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 7335 4500 6300 4500 6300 4275 7335 4275 7335 4500
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 7200 5400 6300 5400 6300 5175 7200 5175 7200 5400
-2 1 0 6 7 7 600 0 -1 0.000 0 0 -1 0 0 2
-	 9450 4500 6075 1935
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
-	 9450 4500 12465 2205
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
-	 9450 4500 9450 7785
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9630 5310 7245 5310
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 11385 4365 7380 4365
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12240 5805 10980 5805 10980 5580 12240 5580 12240 5805
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12375 6210 10980 6210 10980 5985 12375 5985 12375 6210
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 11205 6885 9900 5445
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12285 7155 10530 7155 10530 6930 12285 6930 12285 7155
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 10170 7155 9630 7155 9630 6930 10170 6930 10170 7155
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
-	 12510 6435 9450 6435
-2 1 0 1 0 34 300 0 20 0.000 0 0 7 1 0 4
-	1 1 1.00 60.00 120.00
-	 12375 4455 12510 4635 12510 6210 11970 6885
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9850 5143 9175 4918
-3 1 0 1 34 34 800 0 20 0.000 0 0 0 41
-	 7380 1710 6390 2115 5535 2115 6075 3015 5670 3465 6165 3915
-	 5715 4410 6030 5040 6030 5310 6480 5715 6390 6255 6975 6300
-	 7065 6975 7965 6750 8100 7560 8955 7290 9360 7740 9720 7560
-	 10755 8145 12060 8280 12375 7650 12420 7200 12510 7065 12330 6660
-	 12510 6390 12420 5940 12375 5400 12510 5220 12510 4725 12600 4275
-	 12375 3645 12105 3240 12150 2745 12375 2700 12330 1980 11790 1575
-	 11250 1935 10125 1485 8955 2070 7785 1620 7695 1575
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000
-4 0 0 100 0 0 12 0.0000 4 180 1440 10575 675 Ralf S. Engelschall\001
-4 0 0 100 0 18 20 0.0000 4 270 3840 4275 675 Apache+mod_ssl+OpenSSL\001
-4 0 0 100 0 0 10 0.0000 4 135 1320 10575 855 rse@engelschall.com\001
-4 0 0 100 0 0 10 0.0000 4 135 1410 10575 1035 www.engelschall.com\001
-4 0 0 100 0 0 12 0.0000 4 135 870 900 675 Version 1.3\001
-4 0 0 100 0 0 12 0.0000 4 180 1035 900 855 12-Apr-1999\001
-4 0 0 200 0 20 8 0.0000 4 60 390 6210 4680 ->server\001
-4 0 0 200 0 20 8 0.0000 4 120 855 8280 6120 ap_ctx_get(...,"ssl")\001
-4 0 0 200 0 20 8 0.0000 4 120 1170 7740 2700 ap_get_module_config(...\001
-4 0 0 200 0 20 8 0.0000 4 120 810 7740 2835 ->module_config,\001
-4 0 0 200 0 20 8 0.0000 4 120 585 7740 2970 &ssl_module)\001
-4 0 0 100 0 18 20 0.0000 4 270 1200 9000 8100 Chaining\001
-4 0 0 100 0 18 20 0.0000 4 210 1095 2745 8100 Lifetime\001
-4 0 0 100 0 18 12 0.0000 4 180 1215 810 6255 ap_global_ctx\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 990 5805 SSLModConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 840 4050 4455 SSL_CTX\001
-4 0 0 100 0 18 12 0.0000 4 150 975 4455 5355 server_rec\001
-4 0 0 100 0 18 12 0.0000 4 180 1260 3870 4905 SSLSrvConfig\001
-4 0 0 100 0 18 12 0.0000 4 135 480 1845 4005 BUFF\001
-4 0 0 100 0 18 12 0.0000 4 150 810 2070 3555 conn_rec\001
-4 0 0 100 0 18 12 0.0000 4 135 345 2295 3105 BIO\001
-4 0 0 100 0 18 12 0.0000 4 135 375 2565 2655 SSL\001
-4 0 0 100 0 18 12 0.0000 4 180 1185 3645 1620 SSLDirConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1065 3915 2070 request_rec\001
-4 0 0 200 0 0 8 0.0000 4 120 1440 900 7560 Startup, Runtime, Shutdown\001
-4 0 0 200 0 0 8 0.0000 4 105 975 1350 7335 Configuration Time\001
-4 0 0 200 0 0 8 0.0000 4 90 1050 2025 7110 Connection Duration\001
-4 0 0 200 0 0 8 0.0000 4 120 885 2835 6885 Request Duration\001
-4 0 0 200 0 18 20 0.0000 4 195 90 6345 6795 t\001
-4 0 0 200 0 20 8 0.0000 4 90 345 7110 5985 ->client\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 6795 2430 SSLModConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1260 8865 2430 SSLSrvConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1215 6345 3555 ap_global_ctx\001
-4 0 0 100 0 18 12 0.0000 4 150 975 6345 4455 server_rec\001
-4 0 0 100 0 18 12 0.0000 4 150 810 6345 5355 conn_rec\001
-4 0 0 100 0 18 12 0.0000 4 135 375 9720 5355 SSL\001
-4 0 0 100 0 18 12 0.0000 4 180 1185 10665 2430 SSLDirConfig\001
-4 0 0 100 0 18 12 0.0000 4 135 480 7290 6255 BUFF\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 11025 5355 SSL_METHOD\001
-4 0 0 100 0 18 12 0.0000 4 180 840 11475 4455 SSL_CTX\001
-4 0 0 100 0 18 24 0.0000 4 285 4365 3915 1080 Data Structure Overview\001
-4 0 0 200 0 20 8 0.0000 4 90 615 7065 5085 ->connection\001
-4 0 0 200 0 20 8 0.0000 4 60 390 7065 4770 ->server\001
-4 0 0 200 0 20 8 0.0000 4 120 960 8010 5445 SSL_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 510 10530 4050 ->pSSLCtx\001
-4 0 0 200 0 20 8 0.0000 4 120 1215 7875 4275 SSL_CTX_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 1155 10305 5535 SSL_get_current_cipher()\001
-4 0 0 100 0 18 12 0.0000 4 180 1170 11025 5760 SSL_CIPHER\001
-4 0 0 100 0 18 12 0.0000 4 180 1350 10980 6165 SSL_SESSION\001
-4 0 0 200 0 20 8 0.0000 4 120 840 10440 5940 SSL_get_session()\001
-4 0 0 100 0 18 12 0.0000 4 180 1665 10575 7110 X509_STORE_CTX\001
-4 0 0 100 0 18 12 0.0000 4 135 345 9720 7110 BIO\001
-4 0 0 200 0 20 8 0.0000 4 120 840 9540 7335 SSL_get_{r,w}bio()\001
-4 0 0 100 0 18 20 0.0000 4 270 1170 8730 3465 mod_ssl\001
-4 0 0 100 0 18 20 0.0000 4 270 1050 8145 6750 Apache\001
-4 0 0 200 0 20 8 0.0000 4 120 945 10125 4680 SSL_get_SSL_CTX()\001
-4 0 0 200 0 20 8 0.0000 4 120 1170 10350 5175 SSL_get_SSL_METHOD()\001
-4 0 0 200 0 20 8 0.0000 4 90 465 11745 4770 ->method\001
-4 0 0 200 0 20 8 0.0000 4 120 1665 9945 6480 X509_STORE_CTX_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 1215 10980 6705 SSL_CTX_get_cert_store()\001
-4 0 0 200 0 20 8 0.0000 4 120 1020 8280 5130 SSL_get_app_data2()\001
-4 0 0 100 0 18 20 0.0000 4 270 1290 10710 7605 OpenSSL\001
-4 0 0 100 0 18 12 0.0000 4 180 720 10710 7785 [Crypto]\001
-4 0 0 100 0 18 20 0.0000 4 270 1290 10935 3645 OpenSSL\001
-4 0 0 100 0 18 12 0.0000 4 180 495 10935 3825 [SSL]\001
diff --git a/usr.sbin/httpd/src/modules/ssl/README.dsov.ps b/usr.sbin/httpd/src/modules/ssl/README.dsov.ps
deleted file mode 100644
index def19dbecfa..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/README.dsov.ps
+++ /dev/null
@@ -1,1138 +0,0 @@
-%!PS-Adobe-2.0
-%%Title: README.dsov.ps
-%%Creator: fig2dev Version 3.2 Patchlevel 1
-%%CreationDate: Mon Apr 12 17:09:11 1999
-%%For: rse@en1.engelschall.com (Ralf S. Engelschall)
-%%Orientation: Landscape
-%%BoundingBox: 59 37 553 755
-%%Pages: 1
-%%BeginSetup
-%%IncludeFeature: *PageSize Letter
-%%EndSetup
-%%Magnification: 0.9340
-%%EndComments
-/$F2psDict 200 dict def
-$F2psDict begin
-$F2psDict /mtrx matrix put
-/col-1 {0 setgray} bind def
-/col0 {0.000 0.000 0.000 srgb} bind def
-/col1 {0.000 0.000 1.000 srgb} bind def
-/col2 {0.000 1.000 0.000 srgb} bind def
-/col3 {0.000 1.000 1.000 srgb} bind def
-/col4 {1.000 0.000 0.000 srgb} bind def
-/col5 {1.000 0.000 1.000 srgb} bind def
-/col6 {1.000 1.000 0.000 srgb} bind def
-/col7 {1.000 1.000 1.000 srgb} bind def
-/col8 {0.000 0.000 0.560 srgb} bind def
-/col9 {0.000 0.000 0.690 srgb} bind def
-/col10 {0.000 0.000 0.820 srgb} bind def
-/col11 {0.530 0.810 1.000 srgb} bind def
-/col12 {0.000 0.560 0.000 srgb} bind def
-/col13 {0.000 0.690 0.000 srgb} bind def
-/col14 {0.000 0.820 0.000 srgb} bind def
-/col15 {0.000 0.560 0.560 srgb} bind def
-/col16 {0.000 0.690 0.690 srgb} bind def
-/col17 {0.000 0.820 0.820 srgb} bind def
-/col18 {0.560 0.000 0.000 srgb} bind def
-/col19 {0.690 0.000 0.000 srgb} bind def
-/col20 {0.820 0.000 0.000 srgb} bind def
-/col21 {0.560 0.000 0.560 srgb} bind def
-/col22 {0.690 0.000 0.690 srgb} bind def
-/col23 {0.820 0.000 0.820 srgb} bind def
-/col24 {0.500 0.190 0.000 srgb} bind def
-/col25 {0.630 0.250 0.000 srgb} bind def
-/col26 {0.750 0.380 0.000 srgb} bind def
-/col27 {1.000 0.500 0.500 srgb} bind def
-/col28 {1.000 0.630 0.630 srgb} bind def
-/col29 {1.000 0.750 0.750 srgb} bind def
-/col30 {1.000 0.880 0.880 srgb} bind def
-/col31 {1.000 0.840 0.000 srgb} bind def
-/col32 {0.380 0.396 0.380 srgb} bind def
-/col33 {0.714 0.698 0.714 srgb} bind def
-/col34 {0.969 0.953 0.969 srgb} bind def
-/col35 {0.812 0.812 0.812 srgb} bind def
-/col36 {1.000 1.000 1.000 srgb} bind def
-
-end
-save
-48.0 12.0 translate
- 90 rotate
-1 -1 scale
-
-/cp {closepath} bind def
-/ef {eofill} bind def
-/gr {grestore} bind def
-/gs {gsave} bind def
-/sa {save} bind def
-/rs {restore} bind def
-/l {lineto} bind def
-/m {moveto} bind def
-/rm {rmoveto} bind def
-/n {newpath} bind def
-/s {stroke} bind def
-/sh {show} bind def
-/slc {setlinecap} bind def
-/slj {setlinejoin} bind def
-/slw {setlinewidth} bind def
-/srgb {setrgbcolor} bind def
-/rot {rotate} bind def
-/sc {scale} bind def
-/sd {setdash} bind def
-/ff {findfont} bind def
-/sf {setfont} bind def
-/scf {scalefont} bind def
-/sw {stringwidth} bind def
-/tr {translate} bind def
-/tnt {dup dup currentrgbcolor
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
-  bind def
-/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
-  4 -2 roll mul srgb} bind def
-/reencdict 12 dict def /ReEncode { reencdict begin
-/newcodesandnames exch def /newfontname exch def /basefontname exch def
-/basefontdict basefontname findfont def /newfont basefontdict maxlength dict def
-basefontdict { exch dup /FID ne { dup /Encoding eq
-{ exch dup length array copy newfont 3 1 roll put }
-{ exch newfont 3 1 roll put } ifelse } { pop pop } ifelse } forall
-newfont /FontName newfontname put newcodesandnames aload pop
-128 1 255 { newfont /Encoding get exch /.notdef put } for
-newcodesandnames length 2 idiv { newfont /Encoding get 3 1 roll put } repeat
-newfontname newfont definefont pop end } def
-/isovec [
-8#200 /grave 8#201 /acute 8#202 /circumflex 8#203 /tilde
-8#204 /macron 8#205 /breve 8#206 /dotaccent 8#207 /dieresis
-8#210 /ring 8#211 /cedilla 8#212 /hungarumlaut 8#213 /ogonek 8#214 /caron
-8#220 /dotlessi 8#230 /oe 8#231 /OE
-8#240 /space 8#241 /exclamdown 8#242 /cent 8#243 /sterling
-8#244 /currency 8#245 /yen 8#246 /brokenbar 8#247 /section 8#250 /dieresis
-8#251 /copyright 8#252 /ordfeminine 8#253 /guillemotleft 8#254 /logicalnot
-8#255 /endash 8#256 /registered 8#257 /macron 8#260 /degree 8#261 /plusminus
-8#262 /twosuperior 8#263 /threesuperior 8#264 /acute 8#265 /mu 8#266 /paragraph
-8#267 /periodcentered 8#270 /cedilla 8#271 /onesuperior 8#272 /ordmasculine
-8#273 /guillemotright 8#274 /onequarter 8#275 /onehalf
-8#276 /threequarters 8#277 /questiondown 8#300 /Agrave 8#301 /Aacute
-8#302 /Acircumflex 8#303 /Atilde 8#304 /Adieresis 8#305 /Aring
-8#306 /AE 8#307 /Ccedilla 8#310 /Egrave 8#311 /Eacute
-8#312 /Ecircumflex 8#313 /Edieresis 8#314 /Igrave 8#315 /Iacute
-8#316 /Icircumflex 8#317 /Idieresis 8#320 /Eth 8#321 /Ntilde 8#322 /Ograve
-8#323 /Oacute 8#324 /Ocircumflex 8#325 /Otilde 8#326 /Odieresis 8#327 /multiply
-8#330 /Oslash 8#331 /Ugrave 8#332 /Uacute 8#333 /Ucircumflex
-8#334 /Udieresis 8#335 /Yacute 8#336 /Thorn 8#337 /germandbls 8#340 /agrave
-8#341 /aacute 8#342 /acircumflex 8#343 /atilde 8#344 /adieresis 8#345 /aring
-8#346 /ae 8#347 /ccedilla 8#350 /egrave 8#351 /eacute
-8#352 /ecircumflex 8#353 /edieresis 8#354 /igrave 8#355 /iacute
-8#356 /icircumflex 8#357 /idieresis 8#360 /eth 8#361 /ntilde 8#362 /ograve
-8#363 /oacute 8#364 /ocircumflex 8#365 /otilde 8#366 /odieresis 8#367 /divide
-8#370 /oslash 8#371 /ugrave 8#372 /uacute 8#373 /ucircumflex
-8#374 /udieresis 8#375 /yacute 8#376 /thorn 8#377 /ydieresis] def
-/Times-Roman /Times-Roman-iso isovec ReEncode
-/Helvetica-Bold /Helvetica-Bold-iso isovec ReEncode
-/Helvetica-Narrow /Helvetica-Narrow-iso isovec ReEncode
-/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
-/$F2psEnd {$F2psEnteredState restore end} def
-%%EndProlog
-
-$F2psBegin
-10 setmiterlimit
-n -1000 9572 m -1000 -1000 l 13622 -1000 l 13622 9572 l cp clip
- 0.05883 0.05883 sc
-%%Page: 1 1
-% Polyline
-7.500 slw
-n 6413 2048 m 6380 2054 l 6348 2061 l 6315 2067 l 6283 2073 l 6250 2079 l
- 6217 2084 l 6185 2090 l 6152 2095 l 6120 2101 l 6088 2107 l
- 6057 2113 l 6027 2120 l 5998 2126 l 5970 2134 l 5943 2141 l
- 5918 2149 l 5894 2158 l 5873 2167 l 5853 2177 l 5835 2187 l
- 5819 2198 l 5805 2210 l 5793 2222 l 5782 2235 l 5774 2250 l
- 5768 2265 l 5763 2281 l 5760 2299 l 5759 2318 l 5759 2339 l
- 5761 2360 l 5764 2383 l 5768 2408 l 5774 2433 l 5780 2460 l
- 5788 2488 l 5797 2516 l 5806 2546 l 5815 2575 l 5825 2606 l
- 5836 2636 l 5846 2666 l 5856 2696 l 5866 2726 l 5875 2755 l
- 5884 2784 l 5892 2812 l 5899 2839 l 5905 2866 l 5910 2891 l
- 5915 2916 l 5918 2940 l 5919 2968 l 5920 2995 l 5919 3022 l
- 5916 3048 l 5912 3075 l 5908 3101 l 5902 3127 l 5895 3153 l
- 5887 3179 l 5880 3205 l 5871 3230 l 5863 3254 l 5855 3278 l
- 5848 3302 l 5841 3324 l 5834 3346 l 5829 3367 l 5824 3388 l
- 5821 3408 l 5819 3427 l 5819 3446 l 5820 3465 l 5823 3484 l
- 5827 3503 l 5833 3522 l 5840 3542 l 5848 3562 l 5858 3582 l
- 5868 3603 l 5880 3625 l 5891 3647 l 5904 3669 l 5916 3691 l
- 5929 3713 l 5941 3736 l 5953 3758 l 5964 3779 l 5974 3801 l
- 5983 3822 l 5991 3843 l 5997 3863 l 6002 3883 l 6006 3903 l
- 6008 3923 l 6008 3942 l 6006 3962 l 6003 3983 l 5998 4004 l
- 5992 4025 l 5985 4048 l 5977 4070 l 5968 4094 l 5958 4118 l
- 5947 4142 l 5936 4167 l 5925 4192 l 5913 4216 l 5902 4241 l
- 5892 4266 l 5882 4291 l 5872 4315 l 5864 4339 l 5857 4362 l
- 5851 4386 l 5846 4409 l 5843 4433 l 5840 4456 l 5840 4480 l
- 5840 4505 l 5842 4530 l 5845 4556 l 5849 4582 l 5854 4609 l
- 5860 4636 l 5867 4664 l 5875 4692 l 5883 4720 l 5892 4747 l
- 5901 4774 l 5910 4801 l 5920 4827 l 5929 4852 l 5938 4875 l
- 5947 4898 l 5955 4920 l 5963 4941 l 5971 4961 l 5978 4980 l
- 5985 5002 l 5992 5024 l 5999 5046 l 6005 5067 l 6010 5088 l
- 6016 5109 l 6022 5129 l 6027 5150 l 6033 5170 l 6039 5190 l
- 6045 5209 l 6052 5228 l 6059 5246 l 6067 5264 l 6075 5281 l
- 6084 5298 l 6094 5315 l 6105 5333 l 6115 5347 l 6125 5361 l
- 6137 5376 l 6149 5392 l 6162 5408 l 6176 5425 l 6191 5443 l
- 6206 5461 l 6221 5480 l 6237 5499 l 6253 5519 l 6269 5539 l
- 6284 5559 l 6299 5579 l 6313 5599 l 6327 5619 l 6340 5639 l
- 6352 5659 l 6363 5679 l 6373 5698 l 6382 5718 l 6390 5738 l
- 6398 5759 l 6404 5782 l 6410 5805 l 6415 5828 l 6420 5852 l
- 6424 5877 l 6428 5902 l 6431 5927 l 6435 5952 l 6438 5977 l
- 6442 6001 l 6446 6025 l 6450 6048 l 6455 6069 l 6461 6090 l
- 6467 6109 l 6474 6127 l 6483 6143 l 6492 6159 l 6503 6173 l
- 6515 6185 l 6528 6197 l 6543 6209 l 6560 6220 l 6578 6230 l
- 6598 6240 l 6619 6250 l 6641 6260 l 6663 6270 l 6687 6281 l
- 6710 6291 l 6733 6302 l 6757 6312 l 6779 6324 l 6801 6335 l
- 6821 6348 l 6841 6361 l 6859 6374 l 6876 6389 l 6893 6405 l
- 6906 6421 l 6919 6437 l 6932 6455 l 6944 6475 l 6955 6495 l
- 6967 6516 l 6979 6538 l 6991 6561 l 7003 6584 l 7015 6608 l
- 7027 6631 l 7040 6654 l 7053 6677 l 7067 6699 l 7081 6720 l
- 7096 6739 l 7111 6758 l 7127 6774 l 7144 6789 l 7161 6803 l
- 7180 6815 l 7200 6825 l 7220 6833 l 7240 6840 l 7263 6845 l
- 7286 6850 l 7311 6854 l 7338 6857 l 7365 6859 l 7394 6861 l
- 7424 6862 l 7454 6864 l 7485 6865 l 7516 6866 l 7547 6867 l
- 7578 6868 l 7609 6870 l 7639 6872 l 7668 6875 l 7696 6879 l
- 7723 6883 l 7748 6889 l 7773 6895 l 7795 6903 l 7817 6912 l
- 7838 6923 l 7857 6934 l 7875 6948 l 7892 6963 l 7909 6980 l
- 7926 6998 l 7941 7017 l 7957 7038 l 7972 7060 l 7987 7083 l
- 8002 7106 l 8017 7130 l 8031 7154 l 8046 7178 l 8061 7202 l
- 8075 7225 l 8090 7247 l 8105 7269 l 8120 7289 l 8135 7308 l
- 8151 7326 l 8167 7342 l 8184 7356 l 8202 7369 l 8220 7380 l
- 8239 7390 l 8260 7397 l 8282 7404 l 8305 7409 l 8330 7413 l
- 8356 7416 l 8383 7418 l 8412 7420 l 8441 7420 l 8471 7419 l
- 8502 7418 l 8534 7417 l 8565 7415 l 8597 7413 l 8629 7411 l
- 8660 7409 l 8690 7407 l 8720 7405 l 8749 7404 l 8777 7404 l
- 8804 7404 l 8830 7405 l 8856 7407 l 8880 7410 l 8906 7414 l
- 8931 7420 l 8956 7427 l 8981 7435 l 9005 7444 l 9029 7455 l
- 9053 7466 l 9077 7478 l 9100 7491 l 9123 7504 l 9146 7517 l
- 9168 7531 l 9190 7544 l 9210 7557 l 9230 7570 l 9250 7582 l
- 9268 7593 l 9286 7604 l 9304 7613 l 9320 7621 l 9336 7629 l
- 9353 7635 l 9370 7641 l 9388 7645 l 9406 7648 l 9425 7650 l
- 9444 7652 l 9464 7653 l 9485 7653 l 9508 7653 l 9531 7653 l
- 9555 7653 l 9579 7653 l 9605 7654 l 9631 7655 l 9658 7656 l
- 9685 7659 l 9713 7662 l 9742 7666 l 9771 7672 l 9801 7679 l
- 9833 7688 l 9853 7694 l 9874 7700 l 9895 7708 l 9918 7716 l
- 9941 7725 l 9966 7734 l 9991 7745 l 10017 7755 l 10045 7767 l
- 10073 7779 l 10102 7791 l 10132 7804 l 10163 7818 l 10194 7831 l
- 10227 7845 l 10259 7860 l 10293 7874 l 10326 7889 l 10360 7903 l
- 10394 7918 l 10429 7932 l 10463 7947 l 10497 7961 l 10531 7974 l
- 10565 7988 l 10599 8001 l 10633 8013 l 10667 8025 l 10700 8037 l
- 10733 8049 l 10767 8059 l 10800 8070 l 10834 8080 l 10868 8090 l
- 10902 8099 l 10937 8108 l 10973 8117 l 11009 8125 l 11045 8133 l
- 11083 8141 l 11120 8148 l 11158 8155 l 11197 8161 l 11236 8167 l
- 11275 8172 l 11313 8177 l 11352 8181 l 11391 8184 l 11429 8187 l
- 11467 8190 l 11504 8191 l 11540 8192 l 11576 8192 l 11610 8192 l
- 11644 8191 l 11676 8189 l 11707 8187 l 11738 8184 l 11767 8180 l
- 11794 8176 l 11821 8171 l 11847 8165 l 11871 8159 l 11895 8153 l
- 11923 8143 l 11950 8133 l 11976 8122 l 12001 8109 l 12025 8096 l
- 12048 8081 l 12071 8065 l 12092 8048 l 12113 8031 l 12133 8012 l
- 12153 7992 l 12171 7972 l 12188 7951 l 12205 7930 l 12220 7909 l
- 12235 7887 l 12248 7865 l 12260 7843 l 12272 7822 l 12282 7800 l
- 12292 7779 l 12301 7759 l 12309 7739 l 12316 7719 l 12323 7699 l
- 12330 7680 l 12338 7655 l 12345 7631 l 12352 7607 l 12359 7582 l
- 12365 7558 l 12371 7533 l 12377 7508 l 12382 7484 l 12388 7460 l
- 12392 7436 l 12397 7414 l 12401 7391 l 12405 7370 l 12409 7350 l
- 12412 7331 l 12415 7313 l 12418 7297 l 12421 7281 l 12424 7266 l
- 12428 7253 l 12432 7234 l 12437 7216 l 12442 7199 l 12446 7183 l
- 12451 7166 l 12456 7150 l 12460 7134 l 12463 7117 l 12466 7101 l
- 12468 7086 l 12469 7070 l 12469 7054 l 12467 7037 l 12465 7020 l
- 12462 7006 l 12459 6991 l 12455 6975 l 12450 6958 l 12445 6940 l
- 12440 6921 l 12434 6901 l 12428 6880 l 12422 6859 l 12416 6838 l
- 12411 6817 l 12406 6796 l 12401 6776 l 12397 6756 l 12394 6736 l
- 12392 6718 l 12390 6700 l 12390 6683 l 12390 6665 l 12392 6649 l
- 12394 6631 l 12397 6614 l 12401 6597 l 12406 6579 l 12411 6561 l
- 12416 6542 l 12422 6524 l 12428 6505 l 12434 6487 l 12440 6468 l
- 12445 6450 l 12450 6432 l 12455 6414 l 12459 6396 l 12462 6378 l
- 12465 6360 l 12467 6343 l 12468 6326 l 12469 6308 l 12469 6289 l
- 12468 6269 l 12468 6249 l 12466 6227 l 12464 6205 l 12462 6182 l
- 12460 6159 l 12457 6135 l 12454 6111 l 12451 6087 l 12447 6063 l
- 12444 6040 l 12441 6016 l 12437 5993 l 12434 5970 l 12431 5948 l
- 12428 5925 l 12424 5902 l 12421 5879 l 12419 5855 l 12416 5831 l
- 12413 5806 l 12411 5781 l 12408 5755 l 12406 5729 l 12404 5702 l
- 12403 5676 l 12401 5651 l 12400 5625 l 12400 5601 l 12399 5578 l
- 12399 5555 l 12400 5534 l 12401 5514 l 12402 5495 l 12403 5477 l
- 12405 5460 l 12408 5440 l 12411 5421 l 12416 5402 l 12420 5384 l
- 12426 5365 l 12431 5347 l 12437 5329 l 12444 5311 l 12450 5293 l
- 12456 5275 l 12462 5258 l 12468 5240 l 12474 5222 l 12479 5205 l
- 12483 5186 l 12488 5168 l 12490 5152 l 12493 5135 l 12496 5117 l
- 12498 5099 l 12500 5079 l 12502 5058 l 12504 5036 l 12506 5014 l
- 12507 4990 l 12509 4966 l 12510 4942 l 12512 4918 l 12513 4893 l
- 12515 4869 l 12516 4845 l 12518 4822 l 12520 4799 l 12521 4776 l
- 12523 4754 l 12525 4733 l 12527 4713 l 12529 4693 l 12531 4673 l
- 12534 4653 l 12536 4632 l 12539 4610 l 12541 4588 l 12543 4566 l
- 12546 4543 l 12548 4520 l 12550 4497 l 12552 4473 l 12553 4450 l
- 12554 4426 l 12555 4403 l 12555 4380 l 12555 4357 l 12555 4334 l
- 12554 4312 l 12552 4290 l 12550 4267 l 12548 4245 l 12545 4224 l
- 12541 4203 l 12537 4181 l 12533 4159 l 12528 4136 l 12523 4112 l
- 12517 4088 l 12510 4064 l 12503 4038 l 12496 4013 l 12488 3987 l
- 12479 3961 l 12471 3935 l 12462 3909 l 12452 3884 l 12443 3859 l
- 12434 3835 l 12424 3811 l 12415 3788 l 12405 3766 l 12396 3744 l
- 12386 3723 l 12377 3702 l 12368 3683 l 12357 3661 l 12347 3640 l
- 12336 3619 l 12325 3598 l 12314 3576 l 12303 3555 l 12291 3533 l
- 12280 3511 l 12269 3489 l 12257 3467 l 12246 3446 l 12235 3424 l
- 12225 3402 l 12215 3381 l 12206 3360 l 12197 3340 l 12189 3320 l
- 12181 3301 l 12174 3281 l 12168 3262 l 12162 3244 l 12158 3225 l
- 12153 3204 l 12149 3183 l 12145 3162 l 12142 3139 l 12140 3117 l
- 12138 3094 l 12137 3071 l 12137 3047 l 12138 3024 l 12139 3001 l
- 12141 2978 l 12143 2956 l 12146 2935 l 12150 2915 l 12154 2896 l
- 12158 2879 l 12163 2862 l 12168 2847 l 12174 2833 l 12180 2820 l
- 12188 2805 l 12197 2792 l 12206 2779 l 12216 2766 l 12227 2754 l
- 12238 2742 l 12249 2730 l 12260 2717 l 12272 2704 l 12282 2691 l
- 12292 2676 l 12302 2661 l 12310 2645 l 12318 2627 l 12324 2608 l
- 12330 2588 l 12334 2571 l 12336 2553 l 12339 2534 l 12341 2513 l
- 12342 2491 l 12343 2467 l 12343 2442 l 12342 2416 l 12340 2389 l
- 12338 2360 l 12335 2332 l 12331 2303 l 12326 2273 l 12320 2244 l
- 12314 2215 l 12307 2187 l 12299 2159 l 12290 2132 l 12280 2106 l
- 12270 2081 l 12259 2056 l 12248 2033 l 12236 2011 l 12224 1990 l
- 12210 1970 l 12196 1949 l 12181 1929 l 12164 1910 l 12147 1890 l
- 12129 1871 l 12110 1853 l 12090 1835 l 12070 1818 l 12049 1802 l
- 12027 1787 l 12005 1773 l 11983 1761 l 11961 1749 l 11939 1739 l
- 11917 1730 l 11895 1722 l 11874 1716 l 11852 1710 l 11831 1707 l
- 11811 1704 l 11790 1703 l 11769 1702 l 11748 1703 l 11727 1705 l
- 11706 1708 l 11683 1711 l 11660 1716 l 11636 1721 l 11612 1727 l
- 11587 1733 l 11560 1740 l 11534 1747 l 11506 1754 l 11479 1761 l
- 11450 1768 l 11422 1774 l 11393 1780 l 11364 1786 l 11334 1791 l
- 11305 1795 l 11275 1798 l 11245 1800 l 11215 1801 l 11184 1801 l
- 11153 1800 l 11128 1798 l 11104 1796 l 11078 1793 l 11052 1790 l
- 11025 1785 l 10997 1781 l 10968 1776 l 10939 1770 l 10908 1764 l
- 10877 1758 l 10844 1751 l 10811 1744 l 10778 1737 l 10743 1730 l
- 10708 1722 l 10673 1715 l 10637 1708 l 10601 1701 l 10565 1695 l
- 10530 1688 l 10494 1682 l 10458 1677 l 10422 1672 l 10387 1668 l
- 10352 1664 l 10318 1661 l 10284 1658 l 10250 1657 l 10216 1656 l
- 10183 1655 l 10150 1656 l 10118 1658 l 10087 1660 l 10055 1663 l
- 10024 1666 l 9992 1671 l 9960 1676 l 9927 1682 l 9894 1688 l
- 9861 1695 l 9827 1703 l 9792 1711 l 9757 1720 l 9721 1729 l
- 9685 1738 l 9649 1748 l 9613 1757 l 9576 1767 l 9539 1778 l
- 9502 1788 l 9465 1798 l 9429 1807 l 9392 1817 l 9356 1826 l
- 9320 1835 l 9285 1844 l 9250 1852 l 9216 1860 l 9182 1867 l
- 9148 1873 l 9115 1879 l 9082 1884 l 9050 1889 l 9018 1892 l
- 8987 1895 l 8955 1898 l 8919 1899 l 8883 1900 l 8847 1899 l
- 8811 1898 l 8774 1896 l 8737 1893 l 8699 1889 l 8661 1884 l
- 8623 1878 l 8585 1872 l 8546 1865 l 8508 1857 l 8470 1849 l
- 8432 1840 l 8395 1830 l 8358 1821 l 8322 1811 l 8287 1801 l
- 8254 1790 l 8221 1780 l 8189 1770 l 8159 1760 l 8130 1750 l
- 8102 1740 l 8076 1730 l 8051 1721 l 8028 1712 l 8006 1703 l
- 7985 1695 l 7965 1688 l 7931 1674 l 7899 1662 l 7871 1650 l
- 7844 1640 l 7820 1631 l 7798 1623 l 7778 1617 l 7760 1611 l
- 7743 1607 l 7728 1603 l 7715 1601 l 7702 1600 l 7691 1600 l
- 7680 1601 l 7669 1603 l 7658 1605 l 7648 1607 l 7638 1610 l
- 7627 1613 l 7615 1617 l 7601 1621 l 7587 1626 l 7571 1632 l
- 7554 1638 l 7536 1645 l 7517 1653 l 7496 1661 l 7474 1670 l
- 7452 1679 l 7428 1689 l 7403 1699 l 7378 1709 l 7352 1720 l
- 7325 1731 l 7297 1743 l 7268 1755 l 7247 1763 l 7226 1772 l
- 7204 1781 l 7182 1790 l 7158 1800 l 7133 1810 l 7108 1820 l
- 7081 1831 l 7053 1842 l 7025 1853 l 6996 1864 l 6966 1875 l
- 6935 1886 l 6904 1898 l 6873 1909 l 6841 1921 l 6809 1932 l
- 6776 1943 l 6744 1954 l 6712 1964 l 6680 1974 l 6649 1984 l
- 6618 1994 l 6587 2003 l 6557 2011 l 6527 2019 l 6498 2027 l
- 6469 2034 l 6441 2041 l cp gs col34 1.00 shd ef gr gs col34 s gr 
-% Polyline
-n 675 6525 m 5850 6525 l 5850 6075 l 5625 6075 l 5625 5625 l 900 5625 l
- 900 6075 l 675 6075 l cp gs col7 1.00 shd ef gr gs col7 s gr 
-% Polyline
-n 1125 6525 m 5355 6525 l 5400 5175 l 5175 5175 l 5175 4725 l 4950 4725 l
- 4950 4275 l 1575 4275 l 1575 4725 l 1350 4725 l 1350 5175 l
- 1125 5175 l cp gs col34 1.00 shd ef gr gs col34 s gr 
-% Polyline
-75.000 slw
-n 9450 4500 m 12465 2205 l gs col7 s gr 
-% Polyline
-n 9450 4500 m 9450 7785 l gs col7 s gr 
-% Polyline
-n 9450 4500 m 6075 1935 l gs col7 s gr 
-% Polyline
-n 12510 6435 m 9450 6435 l gs col7 s gr 
-% Polyline
-7.500 slw
-n 1800 6525 m 4725 6525 l 4725 3825 l 4500 3825 l 4500 3375 l 4275 3375 l
- 4275 2925 l 4050 2925 l 4050 2475 l 2475 2475 l 2475 2925 l
- 2250 2925 l 2250 3375 l 2025 3375 l 2025 3825 l 1800 3825 l
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 2700 6525 m 3825 6525 l 3825 2025 l 3600 2025 l 3600 1575 l 2925 1575 l
- 2925 2025 l 2700 2025 l cp gs col33 1.00 shd ef gr gs col33 s gr 
-% Polyline
-gs  clippath
-12068 6810 m 11970 6885 l 12022 6773 l 11937 6878 l 11984 6915 l cp
-clip
-n 12375 4455 m 12510 4635 l 12510 6210 l 11970 6885 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 12068 6810 m 11970 6885 l 12022 6773 l 12045 6791 l 12068 6810 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-7113 6004 m 7155 6120 l 7063 6037 l 7138 6149 l 7188 6116 l cp
-clip
-n 6705 5445 m 7155 6120 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7113 6004 m 7155 6120 l 7063 6037 l 7088 6020 l 7113 6004 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-7304 4656 m 7200 4590 l 7323 4599 l 7195 4557 l 7176 4614 l cp
-clip
-n 7875 4815 m 7200 4590 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7304 4656 m 7200 4590 l 7323 4599 l 7314 4628 l 7304 4656 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-11405 4128 m 11475 4230 l 11365 4173 l 11466 4262 l 11506 4217 l cp
-clip
-n 9585 2565 m 11475 4230 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11405 4128 m 11475 4230 l 11365 4173 l 11385 4151 l 11405 4128 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-11712 4556 m 11835 4545 l 11732 4613 l 11859 4568 l 11839 4512 l cp
-clip
-n 10170 5130 m 11835 4545 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11712 4556 m 11835 4545 l 11732 4613 l 11722 4585 l 11712 4556 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-9732 5411 m 9855 5400 l 9752 5468 l 9879 5423 l 9859 5367 l cp
-clip
-n 7920 6075 m 9855 5400 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9732 5411 m 9855 5400 l 9752 5468 l 9742 5440 l 9732 5411 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-10823 5573 m 10935 5625 l 10812 5632 l 10944 5657 l 10955 5598 l cp
-clip
-n 9990 5445 m 10935 5625 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10823 5573 m 10935 5625 l 10812 5632 l 10817 5603 l 10823 5573 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-10815 5280 m 10935 5310 l 10815 5340 l 10950 5340 l 10950 5280 l cp
-clip
-n 10215 5310 m 10935 5310 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10815 5280 m 10935 5310 l 10815 5340 l 10815 5310 l 10815 5280 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-11955 4965 m 11925 5085 l 11895 4965 l 11895 5100 l 11955 5100 l cp
-clip
-n 11925 4590 m 11925 5085 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11955 4965 m 11925 5085 l 11895 4965 l 11925 4965 l 11955 4965 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-9840 6720 m 9810 6840 l 9780 6720 l 9780 6855 l 9840 6855 l cp
-clip
-n 9810 5490 m 9810 6840 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9840 6720 m 9810 6840 l 9780 6720 l 9810 6720 l 9840 6720 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-10847 5943 m 10935 6030 l 10816 5995 l 10933 6063 l 10963 6012 l cp
-clip
-n 9945 5445 m 10935 6030 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10847 5943 m 10935 6030 l 10816 5995 l 10832 5969 l 10847 5943 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-10698 2634 m 10800 2565 l 10742 2674 l 10832 2574 l 10788 2534 l cp
-clip
-n 8865 4725 m 10800 2565 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10698 2634 m 10800 2565 l 10742 2674 l 10720 2654 l 10698 2634 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-30.000 slw
-n 675 6075 m 5850 6075 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-7.500 slw
- [15 15] 15 sd
-gs  clippath
-645 6195 m 675 6075 l 705 6195 l 705 6060 l 645 6060 l cp
-clip
-n 675 6525 m 675 6075 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 645 6195 m 675 6075 l 705 6195 l 675 6195 l 645 6195 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-5880 6405 m 5850 6525 l 5820 6405 l 5820 6540 l 5880 6540 l cp
-clip
-n 5850 6075 m 5850 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5880 6405 m 5850 6525 l 5820 6405 l 5850 6405 l 5880 6405 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-30.000 slw
-n 900 5625 m 5625 5625 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 1125 5175 m 5400 5175 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 1350 4725 m 5175 4725 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 1575 4275 m 4950 4275 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 1800 3825 m 4725 3825 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2025 3375 m 4500 3375 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2250 2925 m 4275 2925 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2475 2475 m 4050 2475 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2700 2025 m 3825 2025 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2925 1575 m 3600 1575 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-7.500 slw
- [15 15] 15 sd
-gs  clippath
-870 5745 m 900 5625 l 930 5745 l 930 5610 l 870 5610 l cp
-clip
-n 900 6075 m 900 5625 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 870 5745 m 900 5625 l 930 5745 l 900 5745 l 870 5745 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1095 5295 m 1125 5175 l 1155 5295 l 1155 5160 l 1095 5160 l cp
-clip
-n 1125 6525 m 1125 5175 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1095 5295 m 1125 5175 l 1155 5295 l 1125 5295 l 1095 5295 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1320 4845 m 1350 4725 l 1380 4845 l 1380 4710 l 1320 4710 l cp
-clip
-n 1350 5175 m 1350 4725 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1320 4845 m 1350 4725 l 1380 4845 l 1350 4845 l 1320 4845 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1545 4395 m 1575 4275 l 1605 4395 l 1605 4260 l 1545 4260 l cp
-clip
-n 1575 4725 m 1575 4275 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1545 4395 m 1575 4275 l 1605 4395 l 1575 4395 l 1545 4395 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1770 3945 m 1800 3825 l 1830 3945 l 1830 3810 l 1770 3810 l cp
-clip
-n 1800 6525 m 1800 3825 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1770 3945 m 1800 3825 l 1830 3945 l 1800 3945 l 1770 3945 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1995 3495 m 2025 3375 l 2055 3495 l 2055 3360 l 1995 3360 l cp
-clip
-n 2025 3825 m 2025 3375 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1995 3495 m 2025 3375 l 2055 3495 l 2025 3495 l 1995 3495 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-2220 3045 m 2250 2925 l 2280 3045 l 2280 2910 l 2220 2910 l cp
-clip
-n 2250 3375 m 2250 2925 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2220 3045 m 2250 2925 l 2280 3045 l 2250 3045 l 2220 3045 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-2445 2595 m 2475 2475 l 2505 2595 l 2505 2460 l 2445 2460 l cp
-clip
-n 2475 2925 m 2475 2475 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2445 2595 m 2475 2475 l 2505 2595 l 2475 2595 l 2445 2595 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-5655 5955 m 5625 6075 l 5595 5955 l 5595 6090 l 5655 6090 l cp
-clip
-n 5625 5625 m 5625 6075 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5655 5955 m 5625 6075 l 5595 5955 l 5625 5955 l 5655 5955 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-5430 6405 m 5400 6525 l 5370 6405 l 5370 6540 l 5430 6540 l cp
-clip
-n 5400 5175 m 5400 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5430 6405 m 5400 6525 l 5370 6405 l 5400 6405 l 5430 6405 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-5205 5055 m 5175 5175 l 5145 5055 l 5145 5190 l 5205 5190 l cp
-clip
-n 5175 4725 m 5175 5175 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5205 5055 m 5175 5175 l 5145 5055 l 5175 5055 l 5205 5055 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4980 4605 m 4950 4725 l 4920 4605 l 4920 4740 l 4980 4740 l cp
-clip
-n 4950 4275 m 4950 4725 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4980 4605 m 4950 4725 l 4920 4605 l 4950 4605 l 4980 4605 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4755 6405 m 4725 6525 l 4695 6405 l 4695 6540 l 4755 6540 l cp
-clip
-n 4725 3825 m 4725 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4755 6405 m 4725 6525 l 4695 6405 l 4725 6405 l 4755 6405 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4530 3705 m 4500 3825 l 4470 3705 l 4470 3840 l 4530 3840 l cp
-clip
-n 4500 3375 m 4500 3825 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4530 3705 m 4500 3825 l 4470 3705 l 4500 3705 l 4530 3705 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4305 3255 m 4275 3375 l 4245 3255 l 4245 3390 l 4305 3390 l cp
-clip
-n 4275 2925 m 4275 3375 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4305 3255 m 4275 3375 l 4245 3255 l 4275 3255 l 4305 3255 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4080 2805 m 4050 2925 l 4020 2805 l 4020 2940 l 4080 2940 l cp
-clip
-n 4050 2475 m 4050 2925 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4080 2805 m 4050 2925 l 4020 2805 l 4050 2805 l 4080 2805 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-2670 2145 m 2700 2025 l 2730 2145 l 2730 2010 l 2670 2010 l cp
-clip
-n 2700 6525 m 2700 2025 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2670 2145 m 2700 2025 l 2730 2145 l 2700 2145 l 2670 2145 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-3855 6405 m 3825 6525 l 3795 6405 l 3795 6540 l 3855 6540 l cp
-clip
-n 3825 2025 m 3825 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 3855 6405 m 3825 6525 l 3795 6405 l 3825 6405 l 3855 6405 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-3630 1905 m 3600 2025 l 3570 1905 l 3570 2040 l 3630 2040 l cp
-clip
-n 3600 1575 m 3600 2025 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 3630 1905 m 3600 2025 l 3570 1905 l 3600 1905 l 3630 1905 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-2895 1695 m 2925 1575 l 2955 1695 l 2955 1560 l 2895 1560 l cp
-clip
-n 2925 2025 m 2925 1575 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2895 1695 m 2925 1575 l 2955 1695 l 2925 1695 l 2895 1695 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-45.000 slw
-gs  clippath
-6087 6495 m 6207 6525 l 6087 6555 l 6360 6555 l 6360 6495 l cp
-clip
-n 540 6525 m 6300 6525 l gs 0.00 setgray ef gr gs col0 s gr gr
-
-% arrowhead
-n 6087 6495 m 6207 6525 l 6087 6555 l 6087 6525 l 6087 6495 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-7.500 slw
-gs  clippath
-3681 6720 m 3825 6750 l 3681 6780 l 3840 6780 l 3840 6720 l cp
-2844 6780 m 2700 6750 l 2844 6720 l 2685 6720 l 2685 6780 l cp
-clip
-n 2700 6750 m 3825 6750 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 2844 6780 m 2700 6750 l 2844 6720 l 2820 6750 l 2844 6780 l  cp gs col7 1.00 shd ef gr  col0 s
-% arrowhead
-n 3681 6720 m 3825 6750 l 3681 6780 l 3705 6750 l 3681 6720 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-gs  clippath
-5256 7170 m 5400 7200 l 5256 7230 l 5415 7230 l 5415 7170 l cp
-1269 7230 m 1125 7200 l 1269 7170 l 1110 7170 l 1110 7230 l cp
-clip
-n 1125 7200 m 5400 7200 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 1269 7230 m 1125 7200 l 1269 7170 l 1245 7200 l 1269 7230 l  cp gs col7 1.00 shd ef gr  col0 s
-% arrowhead
-n 5256 7170 m 5400 7200 l 5256 7230 l 5280 7200 l 5256 7170 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-gs  clippath
-4581 6945 m 4725 6975 l 4581 7005 l 4740 7005 l 4740 6945 l cp
-1944 7005 m 1800 6975 l 1944 6945 l 1785 6945 l 1785 7005 l cp
-clip
-n 1800 6975 m 4725 6975 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 1944 7005 m 1800 6975 l 1944 6945 l 1920 6975 l 1944 7005 l  cp gs col7 1.00 shd ef gr  col0 s
-% arrowhead
-n 4581 6945 m 4725 6975 l 4581 7005 l 4605 6975 l 4581 6945 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-gs  clippath
-5706 7395 m 5850 7425 l 5706 7455 l 5865 7455 l 5865 7395 l cp
-819 7455 m 675 7425 l 819 7395 l 660 7395 l 660 7455 l cp
-clip
-n 675 7425 m 5850 7425 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 819 7455 m 675 7425 l 819 7395 l 795 7425 l 819 7455 l  cp gs col7 1.00 shd ef gr  col0 s
-% arrowhead
-n 5706 7395 m 5850 7425 l 5706 7455 l 5730 7425 l 5706 7395 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-1 slc
- [15 45] 45 sd
-n 675 6570 m 675 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 1125 6570 m 1125 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 1800 6570 m 1800 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 2700 6570 m 2700 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 3825 6570 m 3825 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 4725 6570 m 4725 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 5400 6570 m 5400 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 5850 6570 m 5850 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
-0 slc
-n 750 225 m 450 225 450 1050 300 arcto 4 {pop} repeat
-  450 1350 12300 1350 300 arcto 4 {pop} repeat
-  12600 1350 12600 525 300 arcto 4 {pop} repeat
-  12600 225 750 225 300 arcto 4 {pop} repeat
- cp gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 8835 2250 m 8775 2250 8775 2415 60 arcto 4 {pop} repeat
-  8775 2475 10110 2475 60 arcto 4 {pop} repeat
-  10170 2475 10170 2310 60 arcto 4 {pop} repeat
-  10170 2250 8835 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 10635 2250 m 10575 2250 10575 2415 60 arcto 4 {pop} repeat
-  10575 2475 11865 2475 60 arcto 4 {pop} repeat
-  11925 2475 11925 2310 60 arcto 4 {pop} repeat
-  11925 2250 10635 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 11490 4275 m 11430 4275 11430 4440 60 arcto 4 {pop} repeat
-  11430 4500 12315 4500 60 arcto 4 {pop} repeat
-  12375 4500 12375 4335 60 arcto 4 {pop} repeat
-  12375 4275 11490 4275 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 11040 5175 m 10980 5175 10980 5340 60 arcto 4 {pop} repeat
-  10980 5400 12315 5400 60 arcto 4 {pop} repeat
-  12375 5400 12375 5235 60 arcto 4 {pop} repeat
-  12375 5175 11040 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 9735 5175 m 9675 5175 9675 5340 60 arcto 4 {pop} repeat
-  9675 5400 10110 5400 60 arcto 4 {pop} repeat
-  10170 5400 10170 5235 60 arcto 4 {pop} repeat
-  10170 5175 9735 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 7260 6075 m 7200 6075 7200 6240 60 arcto 4 {pop} repeat
-  7200 6300 7815 6300 60 arcto 4 {pop} repeat
-  7875 6300 7875 6135 60 arcto 4 {pop} repeat
-  7875 6075 7260 6075 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 6810 2250 m 6750 2250 6750 2415 60 arcto 4 {pop} repeat
-  6750 2475 8130 2475 60 arcto 4 {pop} repeat
-  8190 2475 8190 2310 60 arcto 4 {pop} repeat
-  8190 2250 6810 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 6360 3375 m 6300 3375 6300 3540 60 arcto 4 {pop} repeat
-  6300 3600 7545 3600 60 arcto 4 {pop} repeat
-  7605 3600 7605 3435 60 arcto 4 {pop} repeat
-  7605 3375 6360 3375 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 6360 4275 m 6300 4275 6300 4440 60 arcto 4 {pop} repeat
-  6300 4500 7275 4500 60 arcto 4 {pop} repeat
-  7335 4500 7335 4335 60 arcto 4 {pop} repeat
-  7335 4275 6360 4275 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 6360 5175 m 6300 5175 6300 5340 60 arcto 4 {pop} repeat
-  6300 5400 7140 5400 60 arcto 4 {pop} repeat
-  7200 5400 7200 5235 60 arcto 4 {pop} repeat
-  7200 5175 6360 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-gs  clippath
-7365 5340 m 7245 5310 l 7365 5280 l 7230 5280 l 7230 5340 l cp
-clip
-n 9630 5310 m 7245 5310 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7365 5340 m 7245 5310 l 7365 5280 l 7365 5310 l 7365 5340 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-7500 4395 m 7380 4365 l 7500 4335 l 7365 4335 l 7365 4395 l cp
-clip
-n 11385 4365 m 7380 4365 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7500 4395 m 7380 4365 l 7500 4335 l 7500 4365 l 7500 4395 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-n 11040 5580 m 10980 5580 10980 5745 60 arcto 4 {pop} repeat
-  10980 5805 12180 5805 60 arcto 4 {pop} repeat
-  12240 5805 12240 5640 60 arcto 4 {pop} repeat
-  12240 5580 11040 5580 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 11040 5985 m 10980 5985 10980 6150 60 arcto 4 {pop} repeat
-  10980 6210 12315 6210 60 arcto 4 {pop} repeat
-  12375 6210 12375 6045 60 arcto 4 {pop} repeat
-  12375 5985 11040 5985 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-gs  clippath
-9958 5554 m 9900 5445 l 10003 5514 l 9912 5414 l 9868 5454 l cp
-clip
-n 11205 6885 m 9900 5445 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9958 5554 m 9900 5445 l 10003 5514 l 9981 5534 l 9958 5554 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-n 10590 6930 m 10530 6930 10530 7095 60 arcto 4 {pop} repeat
-  10530 7155 12225 7155 60 arcto 4 {pop} repeat
-  12285 7155 12285 6990 60 arcto 4 {pop} repeat
-  12285 6930 10590 6930 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 9690 6930 m 9630 6930 9630 7095 60 arcto 4 {pop} repeat
-  9630 7155 10110 7155 60 arcto 4 {pop} repeat
-  10170 7155 10170 6990 60 arcto 4 {pop} repeat
-  10170 6930 9690 6930 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-/Times-Roman-iso ff 120.00 scf sf
-900 7560 m
-gs 1 -1 sc (Startup, Runtime, Shutdown) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6345 2970 m
-gs 1 -1 sc (ap_ctx_get\(...,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 2745 m
-gs 1 -1 sc (ap_get_module_config\(...) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 2880 m
-gs 1 -1 sc (->per_dir_config,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 3015 m
-gs 1 -1 sc (&ssl_module\)) col0 sh gr
-% Polyline
-n 7980 4770 m 7920 4770 7920 4935 60 arcto 4 {pop} repeat
-  7920 4995 9075 4995 60 arcto 4 {pop} repeat
-  9135 4995 9135 4830 60 arcto 4 {pop} repeat
-  9135 4770 7980 4770 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-gs  clippath
-7340 2610 m 7425 2520 l 7393 2639 l 7459 2521 l 7406 2492 l cp
-clip
-n 6975 3330 m 7425 2520 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7340 2610 m 7425 2520 l 7393 2639 l 7367 2625 l 7340 2610 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-9336 2569 m 9450 2520 l 9373 2616 l 9480 2535 l 9444 2487 l cp
-clip
-n 7200 4230 m 9450 2520 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9336 2569 m 9450 2520 l 9373 2616 l 9354 2593 l 9336 2569 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-7321 5196 m 7200 5220 l 7296 5142 l 7174 5199 l 7199 5254 l cp
-clip
-n 7875 4905 m 7200 5220 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7321 5196 m 7200 5220 l 7296 5142 l 7309 5169 l 7321 5196 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-6720 4665 m 6750 4545 l 6780 4665 l 6780 4530 l 6720 4530 l cp
-clip
-n 6750 5130 m 6750 4545 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 6720 4665 m 6750 4545 l 6780 4665 l 6750 4665 l 6720 4665 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-9279 4984 m 9175 4918 l 9298 4927 l 9170 4885 l 9151 4942 l cp
-clip
-n 9850 5143 m 9175 4918 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 9279 4984 m 9175 4918 l 9298 4927 l 9289 4956 l 9279 4984 l  cp gs 0.00 setgray ef gr  col0 s
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6210 4680 m
-gs 1 -1 sc (->server) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8280 6120 m
-gs 1 -1 sc (ap_ctx_get\(...,"ssl"\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2700 m
-gs 1 -1 sc (ap_get_module_config\(...) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2835 m
-gs 1 -1 sc (->module_config,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2970 m
-gs 1 -1 sc (&ssl_module\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6345 3105 m
-gs 1 -1 sc ("ssl_module"\)) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-1350 7335 m
-gs 1 -1 sc (Configuration Time) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-2025 7110 m
-gs 1 -1 sc (Connection Duration) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-2835 6885 m
-gs 1 -1 sc (Request Duration) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-6345 6795 m
-gs 1 -1 sc (t) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7110 5985 m
-gs 1 -1 sc (->client) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7065 5085 m
-gs 1 -1 sc (->connection) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7065 4770 m
-gs 1 -1 sc (->server) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8010 5445 m
-gs 1 -1 sc (SSL_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10530 4050 m
-gs 1 -1 sc (->pSSLCtx) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7875 4275 m
-gs 1 -1 sc (SSL_CTX_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10305 5535 m
-gs 1 -1 sc (SSL_get_current_cipher\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10440 5940 m
-gs 1 -1 sc (SSL_get_session\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-9540 7335 m
-gs 1 -1 sc (SSL_get_{r,w}bio\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10125 4680 m
-gs 1 -1 sc (SSL_get_SSL_CTX\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10350 5175 m
-gs 1 -1 sc (SSL_get_SSL_METHOD\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-11745 4770 m
-gs 1 -1 sc (->method) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-9945 6480 m
-gs 1 -1 sc (X509_STORE_CTX_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10980 6705 m
-gs 1 -1 sc (SSL_CTX_get_cert_store\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8280 5130 m
-gs 1 -1 sc (SSL_get_app_data2\(\)) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3645 1620 m
-gs 1 -1 sc (SSLDirConfig) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-10935 3645 m
-gs 1 -1 sc (OpenSSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10935 3825 m
-gs 1 -1 sc ([SSL]) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-11025 5760 m
-gs 1 -1 sc (SSL_CIPHER) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10980 6165 m
-gs 1 -1 sc (SSL_SESSION) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-10710 7605 m
-gs 1 -1 sc (OpenSSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10575 7110 m
-gs 1 -1 sc (X509_STORE_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6795 2430 m
-gs 1 -1 sc (SSLModConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-8865 2430 m
-gs 1 -1 sc (SSLSrvConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 3555 m
-gs 1 -1 sc (ap_global_ctx) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 4455 m
-gs 1 -1 sc (server_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 5355 m
-gs 1 -1 sc (conn_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-9720 5355 m
-gs 1 -1 sc (SSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10665 2430 m
-gs 1 -1 sc (SSLDirConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-7290 6255 m
-gs 1 -1 sc (BUFF) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-11025 5355 m
-gs 1 -1 sc (SSL_METHOD) col0 sh gr
-% Polyline
-15.000 slw
-n 750 225 m 450 225 450 8250 300 arcto 4 {pop} repeat
-  450 8550 12300 8550 300 arcto 4 {pop} repeat
-  12600 8550 12600 525 300 arcto 4 {pop} repeat
-  12600 225 750 225 300 arcto 4 {pop} repeat
- cp gs col0 s gr 
-/Helvetica-Bold-iso ff 180.00 scf sf
-11475 4455 m
-gs 1 -1 sc (SSL_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-8010 4950 m
-gs 1 -1 sc (request_rec) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-10575 675 m
-gs 1 -1 sc (Ralf S. Engelschall) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-4275 675 m
-gs 1 -1 sc (Apache+mod_ssl+OpenSSL) col0 sh gr
-/Times-Roman-iso ff 150.00 scf sf
-10575 855 m
-gs 1 -1 sc (rse@engelschall.com) col0 sh gr
-/Times-Roman-iso ff 150.00 scf sf
-10575 1035 m
-gs 1 -1 sc (www.engelschall.com) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-900 675 m
-gs 1 -1 sc (Version 1.3) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-900 855 m
-gs 1 -1 sc (12-Apr-1999) col0 sh gr
-/Helvetica-Bold-iso ff 360.00 scf sf
-3915 1080 m
-gs 1 -1 sc (Data Structure Overview) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-9720 7110 m
-gs 1 -1 sc (BIO) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10710 7785 m
-gs 1 -1 sc ([Crypto]) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-8730 3465 m
-gs 1 -1 sc (mod_ssl) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-8145 6750 m
-gs 1 -1 sc (Apache) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-9000 8100 m
-gs 1 -1 sc (Chaining) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-2745 8100 m
-gs 1 -1 sc (Lifetime) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-810 6255 m
-gs 1 -1 sc (ap_global_ctx) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-990 5805 m
-gs 1 -1 sc (SSLModConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-4050 4455 m
-gs 1 -1 sc (SSL_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-4455 5355 m
-gs 1 -1 sc (server_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3870 4905 m
-gs 1 -1 sc (SSLSrvConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-1845 4005 m
-gs 1 -1 sc (BUFF) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2070 3555 m
-gs 1 -1 sc (conn_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2295 3105 m
-gs 1 -1 sc (BIO) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2565 2655 m
-gs 1 -1 sc (SSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3915 2070 m
-gs 1 -1 sc (request_rec) col0 sh gr
-$F2psEnd
-rs
-showpage
diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.module b/usr.sbin/httpd/src/modules/ssl/libssl.module
deleted file mode 100644
index bac4dc9f860..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/libssl.module
+++ /dev/null
@@ -1,495 +0,0 @@
-##                      _             _ 
-##  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-## | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-## | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-## |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-##                      |_____|         
-##  libssl.module
-##  Apache 1.3 Configuration mechanism module stub
-##
-
-##
-##  ====================================================================
-##  Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
-## 
-##  Redistribution and use in source and binary forms, with or without
-##  modification, are permitted provided that the following conditions
-##  are met:
-## 
-##  1. Redistributions of source code must retain the above copyright
-##     notice, this list of conditions and the following disclaimer. 
-## 
-##  2. Redistributions in binary form must reproduce the above copyright
-##     notice, this list of conditions and the following
-##     disclaimer in the documentation and/or other materials
-##     provided with the distribution.
-## 
-##  3. All advertising materials mentioning features or use of this
-##     software must display the following acknowledgment:
-##     "This product includes software developed by 
-##      Ralf S. Engelschall <rse@engelschall.com> for use in the
-##      mod_ssl project (http://www.modssl.org/)."
-## 
-##  4. The names "mod_ssl" must not be used to endorse or promote
-##     products derived from this software without prior written
-##     permission. For written permission, please contact
-##     rse@engelschall.com.
-## 
-##  5. Products derived from this software may not be called "mod_ssl"
-##     nor may "mod_ssl" appear in their names without prior
-##     written permission of Ralf S. Engelschall.
-## 
-##  6. Redistributions of any form whatsoever must retain the following
-##     acknowledgment:
-##     "This product includes software developed by 
-##      Ralf S. Engelschall <rse@engelschall.com> for use in the
-##      mod_ssl project (http://www.modssl.org/)."
-## 
-##  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-##  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-##  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-##  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-##  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-##  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-##  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-##  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-##  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-##  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-##  OF THE POSSIBILITY OF SUCH DAMAGE.
-##  ====================================================================
-##
-
-                     # ``What you are missing, I suppose, is that I'm not
-                     #   prepared to give equal rights to Ralf on the basis
-                     #   that he's spent a few hours doing what he thinks is
-                     #   better than what I've spent the last 4 years on,
-                     #   and so he isn't prepared to cooperate with me.''
-                     #             -- Ben Laurie, Apache-SSL author
-
-Name: ssl_module
-ConfigStart
-
-    #
-    #   interface to the src/Configure script   
-    #
-    my_dir="`echo ${modfile} | sed -e 's:/[^/]*$::'`"
-    my_version="$my_dir/libssl.version"
-    my_outfile="Makefile.config"
-    my_prefix="      +"
-    my_prefixe="       "
-    SSL_CFLAGS=''
-    SSL_LDFLAGS=''
-    SSL_LIBS=''
-
-    #   
-    #   find a reasonable Bourne Shell for sub-shell calls
-    #
-    SH=/bin/sh
-
-    #
-    #   determine mod_ssl author version
-    #
-    A_ID=`cat $my_version | sed -e 's; .*;;'`
-    A_NAME=`echo $A_ID | sed -e 's;/.*;;'`
-    A_VER=`echo $A_ID | sed -e 's;.*/;;'`
-    A_VER_STR=`echo $A_VER | sed -e 's;-.*;;'`
-    case $A_VER_STR in
-        *.*b* )
-            A_VER_HEX=`echo "$A_VER_STR" | sed -e 's/b.*//' | awk -F. '{ printf("%d%02d", $1, $2); }' &&
-                       echo "$A_VER_STR" | sed -e 's/.*b//' | awk '{ printf("0%02d", $1); }'`
-            ;;
-        *.*.* )
-            A_VER_HEX=`echo "$A_VER_STR" | awk -F. '{ printf("%d%02d1%02d", $1, $2, $3); }'`
-            ;;
-    esac
-    echo "$my_prefix SSL interface: $A_NAME/$A_VER_STR"
-    SSL_VERSION="-DMOD_SSL_VERSION=\\\"$A_VER_STR\\\""
-  
-    #
-    #   determine optional mod_ssl product version
-    #
-    if [ ".`egrep '.*/.* .*/.*' $my_version`" != . ]; then
-        P_ID=`cat $my_version | sed -e 's;.* ;;'`
-        P_NAME=`echo $P_ID | sed -e 's;/.*;;'`
-        P_VER=`echo $P_ID | sed -e 's;.*/;;'`
-        P_VER_STR=`echo $P_VER | sed -e 's;-.*;;'`
-        case $P_VER_STR in
-            *.*b* )
-                P_VER_HEX=`echo "$P_VER_STR" | sed -e 's/b.*//' | awk -F. '{ printf("%d%02d", $1, $2); }' &&
-                           echo "$P_VER_STR" | sed -e 's/.*b//' | awk '{ printf("0%02d", $1); }'`
-                ;;
-            *.*.* )
-                P_VER_HEX=`echo "$P_VER_STR" | awk -F. '{ printf("%d%02d1%02d", $1, $2, $3); }'`
-                ;;
-        esac
-        echo "$my_prefix SSL product: $P_NAME/$P_VER_STR"
-        SSL_VERSION="$SSL_VERSION -DSSL_PRODUCT_NAME=\\\"$P_NAME\\\""
-        SSL_VERSION="$SSL_VERSION -DSSL_PRODUCT_VERSION=\\\"$P_VER_STR\\\""
-    fi
-
-    #
-    #   determine object build type
-    #
-    case $modfile in
-        *.so ) my_buildtype="DSO" ;;
-        *    ) my_buildtype="OBJ" ;;
-    esac
-    echo "$my_prefix SSL interface build type: $my_buildtype"
-
-    #   
-    #   determine SSL rules
-    #
-    if [ ".$APXS_MODE" = .YES ]; then
-        my_rule_SSL_COMPAT=$SSL_COMPAT
-        my_rule_SSL_SDBM=$SSL_SDBM
-        my_rule_SSL_EXPERIMENTAL=$SSL_EXPERIMENTAL
-        my_rule_SSL_CONSERVATIVE=$SSL_CONSERVATIVE
-        my_rule_SSL_VENDOR=$SSL_VENDOR
-    else
-        my_rule_SSL_COMPAT=`$SH helpers/CutRule SSL_COMPAT $file`
-        my_rule_SSL_SDBM=`$SH helpers/CutRule SSL_SDBM $file`
-        my_rule_SSL_EXPERIMENTAL=`$SH helpers/CutRule SSL_EXPERIMENTAL $file`
-        my_rule_SSL_CONSERVATIVE=`$SH helpers/CutRule SSL_CONSERVATIVE $file`
-        my_rule_SSL_VENDOR=`$SH helpers/CutRule SSL_VENDOR $file`
-    fi
-
-    #
-    #   determine compatibility mode
-    #
-    if [ ".$my_rule_SSL_COMPAT" = .yes ]; then
-        echo "$my_prefix SSL interface compatibility: enabled"
-        SSL_CFLAGS="$SSL_CFLAGS -DSSL_COMPAT"
-    else
-        echo "$my_prefix SSL interface compatibility: disabled"
-    fi
-
-    #
-    #   determine experimental mode
-    #
-    if [ ".$my_rule_SSL_EXPERIMENTAL" = .yes ]; then
-        echo "$my_prefix SSL interface experimental code: enabled"
-        SSL_CFLAGS="$SSL_CFLAGS -DSSL_EXPERIMENTAL"
-    else
-        echo "$my_prefix SSL interface experimental code: disabled"
-    fi
-
-    #
-    #   determine conservative mode
-    #
-    if [ ".$my_rule_SSL_CONSERVATIVE" = .yes ]; then
-        echo "$my_prefix SSL interface conservative code: enabled"
-        SSL_CFLAGS="$SSL_CFLAGS -DSSL_CONSERVATIVE"
-    else
-        echo "$my_prefix SSL interface conservative code: disabled"
-    fi
-
-    # 
-    #   determine vendor mode
-    #
-    SSL_VENDOR_OBJS=''
-    SSL_VENDOR_OBJS_PIC=''
-    if [ ".$my_rule_SSL_VENDOR" = .yes ]; then
-        echo "$my_prefix SSL interface vendor extensions: enabled"
-        SSL_CFLAGS="$SSL_CFLAGS -DSSL_VENDOR"
-        my_src="`cd $my_dir && echo ssl_vendor*.c`"
-        if [ ".$my_src" != . -a ".$my_src" != ".ssl_vendor*.c" ]; then
-            SSL_CFLAGS="$SSL_CFLAGS -DSSL_VENDOR_OBJS"
-            SSL_VENDOR_OBJS="`echo $my_src | sed -e 's;\.c;.o;g'`"
-            SSL_VENDOR_OBJS_PIC="`echo $my_src | sed -e 's;\.c;.lo;g'`"
-            echo "$my_prefix SSL interface vendor objects: $SSL_VENDOR_OBJS"
-        fi
-    else
-        echo "$my_prefix SSL interface vendor extensions: disabled"
-    fi
-
-    #
-    #   determine DBM support library
-    #   (src/Configure has DBM_LIB predefined for some platforms)
-    #
-    if [ ".$APXS_MODE" != .YES ]; then
-        SSL_DBM_NAME=''
-        #   1. check for predefined DBM lib
-        if [ ".$DBM_LIB" != . ]; then
-            LIBS_ORIG="$LIBS"
-            LIBS="$LIBS $DBM_LIB"
-            if $SH helpers/TestCompile func dbm_open; then
-                SSL_DBM_NAME="Configured DBM ($DBM_LIB)"
-                SSL_DBM_FLAG="$DBM_LIB"
-            fi
-            LIBS="$LIBS_ORIG"
-        fi
-        #   2. check for various vendor DBM libs
-        if [ ".$SSL_DBM_NAME" = . ]; then
-            if $SH helpers/TestCompile func dbm_open; then
-                SSL_DBM_NAME='Vendor DBM (libc)'
-                SSL_DBM_FLAG=''
-            elif $SH helpers/TestCompile lib dbm dbm_open; then
-                SSL_DBM_NAME='Vendor DBM (libdbm)'
-                SSL_DBM_FLAG='-ldbm'
-            elif $SH helpers/TestCompile lib ndbm dbm_open; then
-                SSL_DBM_NAME='Vendor DBM (libndbm)'
-                SSL_DBM_FLAG='-lndbm'
-            fi
-        fi
-        #   3. let the SSL_SDBM rule override decisions
-        if [ ".$my_rule_SSL_SDBM" = .yes ]; then
-            # force us to fallback to SDBM
-            SSL_DBM_NAME='' 
-        fi
-        if [ ".$my_rule_SSL_SDBM" = .no ]; then
-            #   for us to never use SDBM,  but be
-            #   careful when no DBM was found at all
-            if [ ".$SSL_DBM_NAME" = . ]; then
-                echo "Error: SDBM is needed, because no custom or vendor DBM library available!" 1>&2  
-                echo "Hint:  Allow us to choose SDBM by changing the rule SSL_SDBM, please." 1>&2  
-                exit 1
-            fi
-        fi
-        #   4. override decision on a few brain-dead platforms
-        if [ ".$my_rule_SSL_SDBM" = .default ]; then
-            case "$PLAT" in
-                *-linux* )
-                    #   force Linux boxes to use builtin SDBM per default because 
-                    #   of too much broken vendor DBM libraries on this platform
-                    SSL_DBM_NAME=''
-                    ;;
-            esac
-        fi
-        #   5. finally configure the chosen DBM lib
-        if [ ".$SSL_DBM_NAME" != . ]; then
-            echo "$my_prefix SSL interface plugin: $SSL_DBM_NAME"
-            my_dbm_already_used=`echo $LIBS | grep -- " $SSL_DBM_FLAG"`
-            if [ ".$my_buildtype" = .OBJ -a ".$my_dbm_already_used" != . ]; then
-                :
-            else
-                SSL_LIBS="$SSL_LIBS $SSL_DBM_FLAG"
-            fi
-        else
-            echo "$my_prefix SSL interface plugin: Built-in SDBM"
-            SSL_CFLAGS="$SSL_CFLAGS -DSSL_USE_SDBM"
-        fi
-    fi
-
-    #
-    #   determine SSL_BASE
-    #
-    if [ ".$SSL_BASE" = . ]; then
-        SSL_BASE=`egrep '^SSL_BASE=' $file | sed -n -e '$p' | awk -F= '{print $2}'`
-        if [ ".$SSL_BASE" = . ]; then
-            if [ -d /usr/local/ssl ]; then
-                SSL_BASE="/usr/local/ssl"
-            else
-                SSL_BASE="SYSTEM"
-            fi
-        fi
-    fi
-    case $SSL_BASE in
-        SYSTEM ) ;;
-        /* ) ;;
-         * ) SSL_BASE="`cd ../$SSL_BASE; pwd`" ;;
-    esac
-    if [ ".$SSL_BASE" = .SYSTEM ]; then
-        echo "$my_prefix SSL library path: [SYSTEM]"
-    else
-        if [ ! -d "$SSL_BASE" ]; then
-            echo "Error: Cannot find SSL installation in $SSL_BASE" 1>&2  
-            echo "Hint:  Please provide us with the location of OpenSSL" 1>&2
-            echo "       via the environment variable SSL_BASE." 1>&2
-            exit 1
-        fi
-        echo "$my_prefix SSL library path: $SSL_BASE"
-    fi
-
-    #
-    #   determine location of OpenSSL binaries
-    #   (we still search also for `ssleay' to allow us to
-    #   better complain about the actually installed version)
-    #
-    SSL_BINDIR=""
-    if [ ".$SSL_BASE" = .SYSTEM ]; then
-        for name in openssl ssleay; do
-            for p in . `echo $PATH | sed -e 's/:/ /g'`; do
-                if [ -f "$p/$name" ]; then
-                    SSL_PROGRAM="$p/$name"
-                    SSL_BINDIR="$p"
-                    break
-                fi
-            done
-            if [ ".$SSL_BINDIR" != . ]; then
-                break;
-            fi
-        done
-        if [ ".$SSL_BINDIR" = . ]; then
-            echo "Error: Cannot find SSL binaries in $PATH" 1>&2
-            exit 1
-        fi
-    else
-        for name in openssl ssleay; do
-            if [ -f "$SSL_BASE/bin/$name" ]; then
-                SSL_PROGRAM="$SSL_BASE/bin/$name"
-                SSL_BINDIR='$(SSL_BASE)/bin'
-                break;
-            fi
-            if [ -f "$SSL_BASE/sbin/$name" ]; then
-                SSL_PROGRAM="$SSL_BASE/sbin/$name"
-                SSL_BINDIR='$(SSL_BASE)/sbin'
-                break;
-            fi
-            if [ -f "$SSL_BASE/apps/$name" ]; then
-                SSL_PROGRAM="$SSL_BASE/apps/$name"
-                SSL_BINDIR='$(SSL_BASE)/apps'
-                break;
-            fi
-        done
-        if [ ".$SSL_BINDIR" = . ]; then
-            echo "Error: Cannot find SSL binaries under $SSL_BASE" 1>&2
-            exit 1
-        fi
-    fi
-
-    #
-    #   SSL version
-    #
-    SSL_VERSION_ID="`$SSL_PROGRAM version`"
-    echo "$my_prefix SSL library version: $SSL_VERSION_ID"
-    case $SSL_VERSION_ID in
-        *0.[5678].*|*0.9.[012]* )
-            echo "Error: OpenSSL VERSIONS BELOW 0.9.3 ARE NO LONGER SUPPORTED."
-            echo "Hint:  Use OpenSSL version 0.9.3 or higher!"
-            exit 1
-            ;;
-    esac
-
-    #
-    #   SSL engine support
-    #
-    case $SSL_VERSION_ID in
-        *0.9.6*engine* | *0.9.6a*engine* | *0.9.[789]* )
-            SSL_CFLAGS="$SSL_CFLAGS -DSSL_ENGINE"
-            ;;
-    esac
-
-    #
-    #   determine location of OpenSSL headers
-    #
-    if [ ".$SSL_BASE" = .SYSTEM ]; then
-        SSL_INCDIR=""
-        for p in . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl; do
-            if [ -f "$p/openssl/ssl.h" ]; then
-                SSL_INCDIR="$p"
-                break
-            fi
-        done
-        if [ ".$SSL_INCDIR" = . ]; then
-            echo "Error: Cannot find SSL header files in any of the following dirs:" 1>&2
-            echo "Error: . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl" 1>&2
-            exit 1
-        fi
-    else
-        if [ -f "$SSL_BASE/include/openssl/ssl.h" ]; then
-            SSL_INCDIR='$(SSL_BASE)/include'
-        else
-            echo "Error: Cannot find SSL header files under $SSL_BASE" 1>&2
-            exit 1
-        fi
-    fi
-    if [ ".$SSL_INCDIR" != "./usr/include" ]; then
-        SSL_CFLAGS="$SSL_CFLAGS -I\$(SSL_INCDIR)"
-    fi
-
-    #
-    #  determine location of OpenSSL libraries
-    #
-    if [ ".$SSL_BASE" = .SYSTEM ]; then
-        SSL_LIBDIR=""
-        for p in . /lib /usr/lib /usr/local/lib; do
-            if [ -f "$p/libssl.a" -o -f "$p/libssl.so" ]; then
-                SSL_LIBDIR="$p"
-                my_real_ssl_libdir="$p"
-                break
-            fi
-        done
-        if [ ".$SSL_LIBDIR" = . ]; then
-            echo "Error: Cannot find SSL library files in any of the following dirs:" 1>&2
-            echo "Error: . /lib /usr/lib /usr/local/lib" 1>&2
-            exit 1
-        fi
-    else
-        if [ -f "$SSL_BASE/libssl.a" -o -f "$SSL_BASE/libssl.so" ]; then
-            SSL_LIBDIR='$(SSL_BASE)'
-            my_real_ssl_libdir="$SSL_BASE"
-        elif [ -f "$SSL_BASE/lib/libssl.a" -o -f "$SSL_BASE/lib/libssl.so" ]; then
-            SSL_LIBDIR='$(SSL_BASE)/lib'
-            my_real_ssl_libdir="$SSL_BASE/lib"
-        else
-            echo "Error: Cannot find SSL library files under $SSL_BASE" 1>&2
-            exit 1
-        fi
-    fi
-    SSL_LDFLAGS="$SSL_LDFLAGS -L\$(SSL_LIBDIR)"
-    SSL_LIBS="$SSL_LIBS -lssl -lcrypto"
-
-    #
-    #   SSL installation type
-    #
-    case $SSL_BINDIR in
-        */apps ) my_type="source tree only" ;;
-             * ) my_type="installed package" ;;
-    esac
-    case $SSL_BASE in
-        SYSTEM ) my_note="(system-wide)" ;;
-        *      ) my_note="(stand-alone)" ;;
-    esac
-    echo "$my_prefix SSL library type: $my_type $my_note"
-
-    #
-    #   Special GCC/DSO support
-    #
-    #   Under some platforms where GCC is used we have to link the DSO
-    #   (libssl.so) explicitly against the GCC library (libgcc) to avoid
-    #   problems with missing symbols like __umoddi3, etc.
-    #
-    #   Notice: When GCC is installed as "cc" we assume it's really
-    #           well incorporated into the system and no hack is
-    #           needed (like on FreeBSD, Linux, etc.)
-    #
-    if [ ".$my_buildtype" = .DSO ]; then
-        my_CC=`echo "$CC" | sed -e 's/ .*//'`
-        case $my_CC in
-            gcc|*/gcc|egcs|*/egcs|egcc|*/egcc|pgcc|*/pgcc )
-                gcclibdir="`$CC --print-libgcc-file-name | sed -e 's;/[^/]*$;;'`"
-                SSL_LIBS="$SSL_LIBS -L$gcclibdir -lgcc"
-                ;;
-        esac
-    fi
-
-    #
-    #   adjust the Apache build environment
-    #
-    echo "SSL_BASE=$SSL_BASE" >>$my_outfile
-    echo "SSL_BINDIR=$SSL_BINDIR" >>$my_outfile
-    echo "SSL_INCDIR=$SSL_INCDIR" >>$my_outfile
-    echo "SSL_LIBDIR=$SSL_LIBDIR" >>$my_outfile
-    echo "SSL_PROGRAM=$SSL_PROGRAM" >>$my_outfile
-    echo "SSL_VERSION=$SSL_VERSION" >>$my_outfile
-    echo "SSL_CFLAGS=$SSL_CFLAGS" >>$my_outfile
-    echo "SSL_VENDOR_OBJS=$SSL_VENDOR_OBJS" >>$my_outfile
-    echo "SSL_VENDOR_OBJS_PIC=$SSL_VENDOR_OBJS_PIC" >>$my_outfile
-    if [ ".$my_buildtype" = .DSO ]; then
-        #   under DSO we link ourself
-        echo "SSL_LIBS=$SSL_LIBS" >>$my_outfile
-        echo "SSL_LDFLAGS=$SSL_LDFLAGS" >>$my_outfile
-    else
-        #   else we are linked with httpd
-        LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
-        LIBS="$LIBS $SSL_LIBS"
-    fi
-    CFLAGS="$CFLAGS -DMOD_SSL=$A_VER_HEX"
-    if [ ".$P_ID" != . ]; then
-        CFLAGS="$CFLAGS -DSSL_PRODUCT=$P_VER_HEX"
-    fi
-    RULE_EAPI=yes
-
-ConfigEnd
-
diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.version b/usr.sbin/httpd/src/modules/ssl/libssl.version
deleted file mode 100644
index 041ddcfe1c1..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/libssl.version
+++ /dev/null
@@ -1 +0,0 @@
-mod_ssl/2.8.16-1.3.29
diff --git a/usr.sbin/httpd/src/modules/ssl/mod_ssl.c b/usr.sbin/httpd/src/modules/ssl/mod_ssl.c
deleted file mode 100644
index 216700bab2f..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/mod_ssl.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  mod_ssl.c
-**  Apache API interface structures
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``I'll be surprised if
-                                  others think that what you
-                                  are doing is honourable.''
-                                    -- Ben Laurie, Apache-SSL author */
-#include "mod_ssl.h"
-
-/*  _________________________________________________________________
-**
-**  Apache API glue structures
-**  _________________________________________________________________
-*/
-
-/*
- *  identify the module to SCCS `what' and RCS `ident' commands
- */
-static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
-static char const rcsid[]  = "$Id: mod_ssl.c,v 1.14 2013/07/16 13:22:55 jsing Exp $";
-
-/*
- *  the table of configuration directives we provide
- */
-static command_rec ssl_config_cmds[] = {
-    /*
-     * Global (main-server) context configuration directives
-     */
-    AP_SRV_CMD(Mutex, TAKE1,
-               "SSL lock for handling internal mutual exclusions "
-               "(`none', `file:/path/to/file')")
-    AP_SRV_CMD(PassPhraseDialog, TAKE1,
-               "SSL dialog mechanism for the pass phrase query "
-               "(`builtin', `exec:/path/to/program')")
-    AP_SRV_CMD(SessionCache, TAKE1,
-               "SSL Session Cache storage "
-               "(`none', `dbm:/path/to/file')")
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    AP_SRV_CMD(CryptoDevice, TAKE1,
-               "SSL external Crypto Device usage "
-               "(`builtin', `...')")
-#endif
-    AP_SRV_CMD(RandomSeed, TAKE23,
-               "SSL Pseudo Random Number Generator (PRNG) seeding source "
-               "(`startup|connect builtin|file:/path|exec:/path [bytes]')")
-
-    /*
-     * Per-server context configuration directives
-     */
-    AP_SRV_CMD(Engine, FLAG,
-               "SSL switch for the protocol engine "
-               "(`on', `off')")
-    AP_SRV_CMD(Compression, FLAG,
-               "Use SSL compression "
-               "(`on', `off')")
-    AP_ALL_CMD(CipherSuite, TAKE1,
-               "Colon-delimited list of permitted SSL Ciphers "
-               "(`XXX:...:XXX' - see manual)")
-    AP_SRV_CMD(ECDHCurve, TAKE1,
-               "Name of ECDH curve to use for ephemeral EC keys "
-               "(`curve' - see manual)")
-    AP_SRV_CMD(HonorCipherOrder, FLAG,
-		"Let the server determine preferred ciphers "
-		"(`on', `off')")
-    AP_SRV_CMD(CertificateFile, TAKE1,
-               "SSL Server Certificate file "
-               "(`/path/to/file' - PEM or DER encoded)")
-    AP_SRV_CMD(CertificateKeyFile, TAKE1,
-               "SSL Server Private Key file "
-               "(`/path/to/file' - PEM or DER encoded)")
-    AP_SRV_CMD(CertificateChainFile, TAKE1,
-               "SSL Server CA Certificate Chain file "
-               "(`/path/to/file' - PEM encoded)")
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    AP_ALL_CMD(CACertificatePath, TAKE1,
-               "SSL CA Certificate path "
-               "(`/path/to/dir' - contains PEM encoded files)")
-    AP_ALL_CMD(CACertificateFile, TAKE1,
-               "SSL CA Certificate file "
-               "(`/path/to/file' - PEM encoded)")
-#else
-    AP_SRV_CMD(CACertificatePath, TAKE1,
-               "SSL CA Certificate path "
-               "(`/path/to/dir' - contains PEM encoded files)")
-    AP_SRV_CMD(CACertificateFile, TAKE1,
-               "SSL CA Certificate file "
-               "(`/path/to/file' - PEM encoded)")
-#endif
-    AP_SRV_CMD(CARevocationPath, TAKE1,
-               "SSL CA Certificate Revocation List (CRL) path "
-               "(`/path/to/dir' - contains PEM encoded files)")
-    AP_SRV_CMD(CARevocationFile, TAKE1,
-               "SSL CA Certificate Revocation List (CRL) file "
-               "(`/path/to/file' - PEM encoded)")
-    AP_ALL_CMD(VerifyClient, TAKE1,
-               "SSL Client verify type "
-               "(`none', `optional', `require', `optional_no_ca')")
-    AP_ALL_CMD(VerifyDepth, TAKE1,
-               "SSL Client verify depth "
-               "(`N' - number of intermediate certificates)")
-    AP_SRV_CMD(SessionCacheTimeout, TAKE1,
-               "SSL Session Cache object lifetime "
-               "(`N' - number of seconds)")
-    AP_SRV_CMD(Log, TAKE1,
-               "SSL logfile for SSL-related messages "
-               "(`/path/to/file', `|/path/to/program')")
-    AP_SRV_CMD(LogLevel, TAKE1,
-               "SSL logfile verbosity level "
-               "(`none', `error', `warn', `info', `debug')")
-    AP_SRV_CMD(Protocol, RAW_ARGS,
-               "Enable or disable various SSL protocols"
-               "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-    /* 
-     * Proxy configuration for remote SSL connections
-     */
-    AP_SRV_CMD(ProxyProtocol, RAW_ARGS,
-               "SSL Proxy: enable or disable SSL protocol flavors "
-               "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
-    AP_SRV_CMD(ProxyCipherSuite, TAKE1,
-               "SSL Proxy: colon-delimited list of permitted SSL ciphers "
-               "(`XXX:...:XXX' - see manual)")
-    AP_SRV_CMD(ProxyVerify, FLAG,
-               "SSL Proxy: whether to verify the remote certificate "
-               "(`on' or `off')")
-    AP_SRV_CMD(ProxyVerifyDepth, TAKE1,
-               "SSL Proxy: maximum certificate verification depth "
-               "(`N' - number of intermediate certificates)")
-    AP_SRV_CMD(ProxyCACertificateFile, TAKE1,
-               "SSL Proxy: file containing server certificates "
-               "(`/path/to/file' - PEM encoded certificates)")
-    AP_SRV_CMD(ProxyCACertificatePath, TAKE1,
-               "SSL Proxy: directory containing server certificates "
-               "(`/path/to/dir' - contains PEM encoded certificates)")
-    AP_SRV_CMD(ProxyMachineCertificateFile, TAKE1,
-               "SSL Proxy: file containing client certificates "
-               "(`/path/to/file' - PEM encoded certificates)")
-    AP_SRV_CMD(ProxyMachineCertificatePath, TAKE1,
-               "SSL Proxy: directory containing client certificates "
-               "(`/path/to/dir' - contains PEM encoded certificates)")
-#endif
-
-    /*
-     * Per-directory context configuration directives
-     */
-    AP_DIR_CMD(Options, OPTIONS, RAW_ARGS,
-               "Set one of more options to configure the SSL engine"
-               "(`[+-]option[=value] ...' - see manual)")
-    AP_DIR_CMD(RequireSSL, AUTHCFG, NO_ARGS,
-               "Require the SSL protocol for the per-directory context "
-               "(no arguments)")
-    AP_DIR_CMD(Require, AUTHCFG, RAW_ARGS,
-               "Require a boolean expression to evaluate to true for granting access"
-               "(arbitrary complex boolean expression - see manual)")
-
-    AP_END_CMD
-};
-
-static const handler_rec ssl_config_handler[] = {
-    { "mod_ssl:content-handler", ssl_hook_Handler },
-    { NULL, NULL }
-};
-
-/*
- *  the main Apache API config structure
- */
-module MODULE_VAR_EXPORT ssl_module = {
-    STANDARD_MODULE_STUFF,
-
-    /* Standard API (always present) */
-
-    ssl_init_Module,          /* module initializer                  */
-    ssl_config_perdir_create, /* create per-dir    config structures */
-    ssl_config_perdir_merge,  /* merge  per-dir    config structures */
-    ssl_config_server_create, /* create per-server config structures */
-    ssl_config_server_merge,  /* merge  per-server config structures */
-    ssl_config_cmds,          /* table of config file commands       */
-    ssl_config_handler,       /* [#8] MIME-typed-dispatched handlers */
-    ssl_hook_Translate,       /* [#1] URI to filename translation    */
-    ssl_hook_Auth,            /* [#4] validate user id from request  */
-    ssl_hook_UserCheck,       /* [#5] check if the user is ok _here_ */
-    ssl_hook_Access,          /* [#3] check access by host address   */
-    NULL,                     /* [#6] determine MIME type            */
-    ssl_hook_Fixup,           /* [#7] pre-run fixups                 */
-    NULL,                     /* [#9] log a transaction              */
-    NULL,                     /* [#2] header parser                  */
-    ssl_init_Child,           /* child_init                          */
-    NULL,                     /* child_exit                          */
-    ssl_hook_ReadReq,         /* [#0] post read-request              */
-
-    /* Extended API (forced to be enabled with mod_ssl) */
-
-    ssl_hook_AddModule,       /* after modules was added to core     */
-    ssl_hook_RemoveModule,    /* before module is removed from core  */
-    ssl_hook_RewriteCommand,  /* configuration command rewriting     */
-    ssl_hook_NewConnection,   /* socket connection open              */
-    ssl_hook_CloseConnection  /* socket connection close             */
-};
-
diff --git a/usr.sbin/httpd/src/modules/ssl/mod_ssl.h b/usr.sbin/httpd/src/modules/ssl/mod_ssl.h
deleted file mode 100644
index d63a89910df..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/mod_ssl.h
+++ /dev/null
@@ -1,787 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  mod_ssl.h
-**  Global header
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``The Apache Group: a collection
-                                  of talented individuals who are
-                                  trying to perfect the art of
-                                  never finishing something.''
-                                             -- Rob Hartill         */
-#ifndef MOD_SSL_H
-#define MOD_SSL_H 1
-
-/* 
- * Optionally enable the experimental stuff, but allow the user to
- * override the decision which experimental parts are included by using
- * CFLAGS="-DSSL_EXPERIMENTAL_xxxx_IGNORE".
- */
-#ifdef SSL_EXPERIMENTAL
-#ifndef SSL_EXPERIMENTAL_PERDIRCA_IGNORE
-#define SSL_EXPERIMENTAL_PERDIRCA
-#endif
-#ifndef SSL_EXPERIMENTAL_PROXY_IGNORE
-#define SSL_EXPERIMENTAL_PROXY
-#endif
-#ifdef SSL_ENGINE
-#ifndef SSL_EXPERIMENTAL_ENGINE_IGNORE
-#define SSL_EXPERIMENTAL_ENGINE
-#endif
-#endif
-#endif /* SSL_EXPERIMENTAL */
-
-/*
- * Power up our brain...
- */
-
-/* OS headers */
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <time.h>
-#include <sys/time.h>
-
-/* OpenSSL headers */
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#ifdef SSL_EXPERIMENTAL_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* Apache headers */
-#define CORE_PRIVATE
-#include "ap_config.h"
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_protocol.h"
-#include "http_request.h"
-#include "http_main.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "scoreboard.h"
-#include "util_md5.h"
-#include "fnmatch.h"
-#undef CORE_PRIVATE
-
-/* mod_ssl headers */
-#include "ssl_expr.h"
-#include "ssl_util_ssl.h"
-#include "ssl_util_table.h"
-
-/*
- * Provide reasonable default for some defines
- */
-#ifndef FALSE
-#define FALSE (0)
-#endif
-#ifndef TRUE
-#define TRUE (!FALSE)
-#endif
-#ifndef PFALSE
-#define PFALSE ((void *)FALSE)
-#endif
-#ifndef PTRUE
-#define PTRUE ((void *)TRUE)
-#endif
-#ifndef UNSET
-#define UNSET (-1)
-#endif
-#ifndef NUL
-#define NUL '\0'
-#endif
-#ifndef RAND_MAX
-#include <limits.h>
-#define RAND_MAX INT_MAX
-#endif
-
-/*
- * Provide reasonable defines for some types
- */
-#ifndef BOOL
-#define BOOL unsigned int
-#endif
-#ifndef UCHAR
-#define UCHAR unsigned char
-#endif
-
-/*
- * Provide useful shorthands
- */
-#define strEQ(s1,s2)     (strcmp(s1,s2)        == 0)
-#define strNE(s1,s2)     (strcmp(s1,s2)        != 0)
-#define strEQn(s1,s2,n)  (strncmp(s1,s2,n)     == 0)
-#define strNEn(s1,s2,n)  (strncmp(s1,s2,n)     != 0)
-
-#define strcEQ(s1,s2)    (strcasecmp(s1,s2)    == 0)
-#define strcNE(s1,s2)    (strcasecmp(s1,s2)    != 0)
-#define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
-#define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
-
-#define strIsEmpty(s)    (s == NULL || s[0] == NUL)
-
-#define cfgMerge(el,unset)  new->el = add->el == unset ? base->el : add->el
-#define cfgMergeArray(el)   new->el = ap_append_arrays(p, add->el, base->el)
-#define cfgMergeTable(el)   new->el = ap_overlay_tables(p, add->el, base->el)
-#define cfgMergeCtx(el)     new->el = ap_ctx_overlay(p, add->el, base->el)
-#define cfgMergeString(el)  cfgMerge(el, NULL)
-#define cfgMergeBool(el)    cfgMerge(el, UNSET)
-#define cfgMergeInt(el)     cfgMerge(el, UNSET)
-
-#define myModConfig()    (SSLModConfigRec *)ap_ctx_get(ap_global_ctx, "ssl_module")
-#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config,  &ssl_module)
-#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
-
-#define myCtxVarSet(mc,num,val)  mc->rCtx.pV##num = val
-#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
-
-#define AP_ALL_CMD(name, args, desc) \
-        { "SSL"#name, ssl_cmd_SSL##name, NULL, RSRC_CONF|OR_AUTHCFG, args, desc },
-#define AP_SRV_CMD(name, args, desc) \
-        { "SSL"#name, ssl_cmd_SSL##name, NULL, RSRC_CONF, args, desc },
-#define AP_DIR_CMD(name, type, args, desc) \
-        { "SSL"#name, ssl_cmd_SSL##name, NULL, OR_##type, args, desc },
-#define AP_END_CMD \
-        { NULL }
-
-/*
- * SSL Logging
- */
-#define SSL_LOG_NONE    (1<<0)
-#define SSL_LOG_ERROR   (1<<1)
-#define SSL_LOG_WARN    (1<<2)
-#define SSL_LOG_INFO    (1<<3)
-#define SSL_LOG_TRACE   (1<<4)
-#define SSL_LOG_DEBUG   (1<<5)
-#define SSL_LOG_MASK    (SSL_LOG_ERROR|SSL_LOG_WARN|SSL_LOG_INFO|SSL_LOG_TRACE|SSL_LOG_DEBUG)
-
-#define SSL_ADD_NONE     (1<<8)
-#define SSL_ADD_ERRNO    (1<<9)
-#define SSL_ADD_SSLERR   (1<<10)
-#define SSL_NO_TIMESTAMP (1<<11)
-#define SSL_NO_LEVELID   (1<<12)
-#define SSL_NO_NEWLINE   (1<<13)
-
-/*
- * Defaults for the configuration
- */
-#ifndef SSL_SESSION_CACHE_TIMEOUT
-#define SSL_SESSION_CACHE_TIMEOUT  300
-#endif
-
-/*
- * Support for file locking: Try to determine whether we should use fcntl() or
- * flock().  Would be better ap_config.h could provide this... :-(
-  */
-#if defined(USE_FLOCK_SERIALIZED_ACCEPT)
-#define SSL_USE_FLOCK 1
-#include <sys/file.h>
-#endif
-#if !defined(SSL_USE_FCNTL) && !defined(SSL_USE_FLOCK)
-#define SSL_USE_FLOCK 1
-#include <sys/file.h>
-#ifndef LOCK_UN
-#undef SSL_USE_FLOCK
-#define SSL_USE_FCNTL 1
-#include <fcntl.h>
-#endif
-#endif
-
-/*
- * Support for Mutex
- */
-#define SSL_MUTEX_LOCK_MODE ( S_IRUSR|S_IWUSR )
-#define SSL_CAN_USE_SEM
-#define SSL_HAVE_IPCSEM
-#include <sys/types.h>
-#include <sys/ipc.h>
-#include <sys/sem.h>
-/* 
- * Some platforms have a `union semun' pre-defined but Single Unix
- * Specification (SUSv2) says in semctl(2): `If required, it is of
- * type union semun, which the application program must explicitly
- * declare'. So we define it always ourself to avoid problems (but under
- * a different name to avoid a namespace clash).
- */
-union ssl_ipc_semun {
-    long val;
-    struct semid_ds *buf;
-    unsigned short int *array;
-};
-
-/*
- * Support for MM library
- */
-#define SSL_MM_FILE_MODE ( S_IRUSR|S_IWUSR )
-
-/*
- * Support for DBM library
- */
-#define SSL_DBM_FILE_MODE ( S_IRUSR|S_IWUSR )
-
-#include <ndbm.h>
-#define ssl_dbm_open     dbm_open
-#define ssl_dbm_close    dbm_close
-#define ssl_dbm_store    dbm_store
-#define ssl_dbm_fetch    dbm_fetch
-#define ssl_dbm_delete   dbm_delete
-#define ssl_dbm_firstkey dbm_firstkey
-#define ssl_dbm_nextkey  dbm_nextkey
-#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
-#if defined(DBM_SUFFIX)
-#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
-#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
-#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
-#define SSL_DBM_FILE_SUFFIX_DIR ".db"
-#define SSL_DBM_FILE_SUFFIX_PAG ".db"
-#else
-#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
-#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
-#endif
-#endif
-
-/*
- * Check for OpenSSL version 
- */
-#if SSL_LIBRARY_VERSION < 0x00907000
-#error "mod_ssl requires OpenSSL 0.9.7 or higher"
-#endif
-
-/*
- * The own data structures
- */
-typedef struct {
-    pool *pPool;
-    pool *pSubPool;
-    array_header *aData;
-} ssl_ds_array;
-
-typedef struct {
-    pool *pPool;
-    pool *pSubPool;
-    array_header *aKey;
-    array_header *aData;
-} ssl_ds_table;
-
-/*
- * Define the certificate algorithm types
- */
-
-typedef int ssl_algo_t;
-
-#define SSL_ALGO_UNKNOWN (0)
-#define SSL_ALGO_RSA     (1<<0)
-#define SSL_ALGO_DSA     (1<<1)
-#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
-
-#define SSL_AIDX_RSA     (0)
-#define SSL_AIDX_DSA     (1)
-#define SSL_AIDX_MAX     (2)
-
-/*
- * Define IDs for the temporary RSA keys and DH params
- */
-
-#define SSL_TKP_GEN        (0)
-#define SSL_TKP_ALLOC      (1)
-#define SSL_TKP_FREE       (2)
-
-#define SSL_TKPIDX_RSA512  (0)
-#define SSL_TKPIDX_RSA1024 (1)
-#define SSL_TKPIDX_DH512   (2)
-#define SSL_TKPIDX_DH1024  (3)
-#define SSL_TKPIDX_MAX     (4)
-
-/*
- * Define the SSL options
- */
-#define SSL_OPT_NONE           (0)
-#define SSL_OPT_RELSET         (1<<0)
-#define SSL_OPT_STDENVVARS     (1<<1)
-#define SSL_OPT_COMPATENVVARS  (1<<2)
-#define SSL_OPT_EXPORTCERTDATA (1<<3)
-#define SSL_OPT_FAKEBASICAUTH  (1<<4)
-#define SSL_OPT_STRICTREQUIRE  (1<<5)
-#define SSL_OPT_OPTRENEGOTIATE (1<<6)
-#define SSL_OPT_ALL            (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
-typedef int ssl_opt_t;
-
-/*
- * Define the SSL Protocol options
- */
-#define SSL_PROTOCOL_NONE  (0)
-#define SSL_PROTOCOL_SSLV2 (1<<0)
-#define SSL_PROTOCOL_SSLV3 (1<<1)
-#define SSL_PROTOCOL_TLSV1 (1<<2)
-#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-typedef int ssl_proto_t;
-
-/*
- * Define the SSL verify levels
- */
-typedef enum {
-    SSL_CVERIFY_UNSET           = UNSET,
-    SSL_CVERIFY_NONE            = 0,
-    SSL_CVERIFY_OPTIONAL        = 1,
-    SSL_CVERIFY_REQUIRE         = 2,
-    SSL_CVERIFY_OPTIONAL_NO_CA  = 3
-} ssl_verify_t;
-
-/*
- * Define the SSL pass phrase dialog types
- */
-typedef enum {
-    SSL_PPTYPE_UNSET   = UNSET,
-    SSL_PPTYPE_BUILTIN = 0,
-    SSL_PPTYPE_FILTER  = 1
-} ssl_pphrase_t;
-
-/*
- * Define the Path Checking modes
- */
-#define SSL_PCM_EXISTS     1
-#define SSL_PCM_ISREG      2
-#define SSL_PCM_ISDIR      4
-#define SSL_PCM_ISNONZERO  8
-typedef unsigned int ssl_pathcheck_t;
-
-/*
- * Define the SSL session cache modes and structures
- */
-typedef enum {
-    SSL_SCMODE_UNSET = UNSET,
-    SSL_SCMODE_NONE  = 0,
-    SSL_SCMODE_DBM   = 1,
-    SSL_SCMODE_SHMHT = 2,
-    SSL_SCMODE_SHMCB = 3
-} ssl_scmode_t;
-
-/*
- * Define the SSL mutex modes
- */
-typedef enum {
-    SSL_MUTEXMODE_UNSET  = UNSET,
-    SSL_MUTEXMODE_NONE   = 0,
-    SSL_MUTEXMODE_FILE   = 1,
-    SSL_MUTEXMODE_SEM    = 2
-} ssl_mutexmode_t;
-
-/*
- * Define the SSL requirement structure
- */
-typedef struct {
-    char     *cpExpr;
-    ssl_expr *mpExpr;
-} ssl_require_t;
-
-/*
- * Define the SSL random number generator seeding source
- */
-typedef enum {
-    SSL_RSCTX_STARTUP = 1,
-    SSL_RSCTX_CONNECT = 2
-} ssl_rsctx_t;
-typedef enum {
-    SSL_RSSRC_BUILTIN = 1,
-    SSL_RSSRC_FILE    = 2,
-    SSL_RSSRC_EXEC    = 3
-   ,SSL_RSSRC_EGD     = 4
-} ssl_rssrc_t;
-typedef struct {
-    ssl_rsctx_t  nCtx;
-    ssl_rssrc_t  nSrc;
-    char        *cpPath;
-    int          nBytes;
-} ssl_randseed_t;
-
-/*
- * Define the structure of an ASN.1 anything
- */
-typedef struct {
-    long int       nData;
-    unsigned char *cpData;
-} ssl_asn1_t;
-
-/*
- * Define the mod_ssl per-module configuration structure
- * (i.e. the global configuration for each httpd process)
- */
-
-typedef struct {
-    pool           *pPool;
-    BOOL            bFixed;
-    int             nInitCount;
-    int             nSessionCacheMode;
-    char           *szSessionCacheDataFile;
-    int             nSessionCacheDataSize;
-    AP_MM          *pSessionCacheDataMM;
-    table_t        *tSessionCacheDataTable;
-    ssl_mutexmode_t nMutexMode;
-    char           *szMutexFile;
-    int             nMutexFD;
-    int             nMutexSEMID;
-    array_header   *aRandSeed;
-    ssl_ds_table   *tTmpKeys;
-    void           *pTmpKeys[SSL_TKPIDX_MAX];
-    ssl_ds_table   *tPublicCert;
-    ssl_ds_table   *tPrivateKey;
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    char           *szCryptoDevice;
-#endif
-    struct {
-        void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
-    } rCtx;
-#ifdef SSL_VENDOR
-    ap_ctx         *ctx;
-#endif
-} SSLModConfigRec;
-
-/*
- * Define the mod_ssl per-server configuration structure
- * (i.e. the configuration for the main server
- *  and all <VirtualHost> contexts)
- */
-typedef struct {
-    BOOL         bEnabled;
-    BOOL         bCompression;
-    char        *szPublicCertFile[SSL_AIDX_MAX];
-    char        *szPrivateKeyFile[SSL_AIDX_MAX];
-    char        *szCertificateChain;
-    char        *szCACertificatePath;
-    char        *szCACertificateFile;
-    char        *szLogFile;
-    char        *szCipherSuite;
-    int          nECDHCurve;
-    BOOL         bHonorCipherOrder;
-    FILE        *fileLogFile;
-    int          nLogLevel;
-    int          nVerifyDepth;
-    ssl_verify_t nVerifyClient;
-    X509        *pPublicCert[SSL_AIDX_MAX];
-    EVP_PKEY    *pPrivateKey[SSL_AIDX_MAX];
-    SSL_CTX     *pSSLCtx;
-    int          nSessionCacheTimeout;
-    int          nPassPhraseDialogType;
-    char        *szPassPhraseDialogPath;
-    ssl_proto_t  nProtocol;
-    char        *szCARevocationPath;
-    char        *szCARevocationFile;
-    X509_STORE  *pRevocationStore;
-#ifdef SSL_EXPERIMENTAL_PROXY
-    /* Configuration details for proxy operation */
-    ssl_proto_t  nProxyProtocol;
-    int          bProxyVerify;
-    int          nProxyVerifyDepth;
-    char        *szProxyCACertificatePath;
-    char        *szProxyCACertificateFile;
-    char        *szProxyClientCertificateFile;
-    char        *szProxyClientCertificatePath;
-    char        *szProxyCipherSuite;
-    SSL_CTX     *pSSLProxyCtx;
-    STACK_OF(X509_INFO) *skProxyClientCerts;
-#endif
-#ifdef SSL_VENDOR
-    ap_ctx      *ctx;
-#endif
-} SSLSrvConfigRec;
-
-/*
- * Define the mod_ssl per-directory configuration structure
- * (i.e. the local configuration for all <Directory>
- *  and .htaccess contexts)
- */
-typedef struct {
-    BOOL          bSSLRequired;
-    array_header *aRequirement;
-    ssl_opt_t     nOptions;
-    ssl_opt_t     nOptionsAdd;
-    ssl_opt_t     nOptionsDel;
-    char         *szCipherSuite;
-    ssl_verify_t  nVerifyClient;
-    int           nVerifyDepth;
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    char         *szCACertificatePath;
-    char         *szCACertificateFile;
-#endif
-#ifdef SSL_VENDOR
-    ap_ctx       *ctx;
-#endif
-} SSLDirConfigRec;
-
-/*
- *  function prototypes
- */
-
-/*  API glue structures  */
-extern module MODULE_VAR_EXPORT ssl_module;
-
-/*  configuration handling   */
-void         ssl_config_global_create(void);
-void         ssl_config_global_fix(void);
-BOOL         ssl_config_global_isfixed(void);
-void        *ssl_config_server_create(pool *, server_rec *);
-void        *ssl_config_server_merge(pool *, void *, void *);
-void        *ssl_config_perdir_create(pool *, char *);
-void        *ssl_config_perdir_merge(pool *, void *, void *);
-const char  *ssl_cmd_SSLMutex(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char *);
-const char  *ssl_cmd_SSLEngine(cmd_parms *, char *, int);
-const char  *ssl_cmd_SSLCompression(cmd_parms *, char *, int);
-const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLECDHCurve(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *, char *, int);
-const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLSessionCache(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLLog(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLLogLevel(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProtocol(cmd_parms *, char *, const char *);
-const char  *ssl_cmd_SSLOptions(cmd_parms *, SSLDirConfigRec *, const char *);
-const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLRequire(cmd_parms *, SSLDirConfigRec *, char *);
-#ifdef SSL_EXPERIMENTAL_PROXY
-const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, char *, const char *);
-const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, char *, int);
-const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, char *, char *);
-#endif
-
-/*  module initialization  */
-void         ssl_init_Module(server_rec *, pool *);
-void         ssl_init_SSLLibrary(void);
-void         ssl_init_Engine(server_rec *, pool *);
-void         ssl_init_TmpKeysHandle(int, server_rec *, pool *);
-void         ssl_init_ConfigureServer(server_rec *, pool *, SSLSrvConfigRec *);
-void         ssl_init_CheckServers(server_rec *, pool *);
-STACK_OF(X509_NAME) 
-            *ssl_init_FindCAList(server_rec *, pool *, char *, char *);
-void         ssl_init_Child(server_rec *, pool *);
-void         ssl_init_ChildKill(void *);
-void         ssl_init_ModuleKill(void *);
-
-/*  Apache API hooks  */
-void         ssl_hook_AddModule(module *);
-void         ssl_hook_RemoveModule(module *);
-char        *ssl_hook_RewriteCommand(cmd_parms *, void *, const char *);
-void         ssl_hook_NewConnection(conn_rec *);
-void         ssl_hook_TimeoutConnection(int);
-void         ssl_hook_CloseConnection(conn_rec *);
-int          ssl_hook_Translate(request_rec *);
-int          ssl_hook_Auth(request_rec *);
-int          ssl_hook_UserCheck(request_rec *);
-int          ssl_hook_Access(request_rec *);
-int          ssl_hook_Fixup(request_rec *);
-int          ssl_hook_ReadReq(request_rec *);
-int          ssl_hook_Handler(request_rec *);
-
-/*  OpenSSL callbacks */
-RSA         *ssl_callback_TmpRSA(SSL *, int, int);
-DH          *ssl_callback_TmpDH(SSL *, int, int);
-int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
-int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, server_rec *);
-int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
-SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
-void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
-void         ssl_callback_LogTracingState(const SSL *, int, int);
-
-/*  Session Cache Support  */
-void         ssl_scache_init(server_rec *, pool *);
-void         ssl_scache_kill(server_rec *);
-BOOL         ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_expire(server_rec *);
-void         ssl_scache_status(server_rec *, pool *, void (*)(char *, void *), void *);
-char        *ssl_scache_id2sz(UCHAR *, int);
-void         ssl_scache_dbm_init(server_rec *, pool *);
-void         ssl_scache_dbm_kill(server_rec *);
-BOOL         ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_dbm_expire(server_rec *);
-void         ssl_scache_dbm_status(server_rec *, pool *, void (*)(char *, void *), void *);
-void         ssl_scache_shmht_init(server_rec *, pool *);
-void         ssl_scache_shmht_kill(server_rec *);
-BOOL         ssl_scache_shmht_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_shmht_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_shmht_expire(server_rec *);
-void         ssl_scache_shmht_status(server_rec *, pool *, void (*)(char *, void *), void *);
-void         ssl_scache_shmcb_init(server_rec *, pool *);
-void         ssl_scache_shmcb_kill(server_rec *);
-BOOL         ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_shmcb_expire(server_rec *);
-void         ssl_scache_shmcb_status(server_rec *, pool *, void (*)(char *, void *), void *);
-
-/*  Pass Phrase Support  */
-void         ssl_pphrase_Handle(server_rec *, pool *);
-int          ssl_pphrase_Handle_CB(char *, int, int);
-
-/*  Diffie-Hellman Parameter Support  */
-DH           *ssl_dh_GetTmpParam(int);
-DH           *ssl_dh_GetParamFromFile(char *);
-
-/*  Data Structures */
-ssl_ds_array *ssl_ds_array_make(pool *, int);
-BOOL          ssl_ds_array_isempty(ssl_ds_array *);
-void         *ssl_ds_array_push(ssl_ds_array *);
-void         *ssl_ds_array_get(ssl_ds_array *, int);
-void          ssl_ds_array_wipeout(ssl_ds_array *);
-void          ssl_ds_array_kill(ssl_ds_array *);
-ssl_ds_table *ssl_ds_table_make(pool *, int);
-BOOL          ssl_ds_table_isempty(ssl_ds_table *);
-void         *ssl_ds_table_push(ssl_ds_table *, char *);
-void         *ssl_ds_table_get(ssl_ds_table *, char *);
-void          ssl_ds_table_wipeout(ssl_ds_table *);
-void          ssl_ds_table_kill(ssl_ds_table *);
-
-/*  Mutex Support  */
-void         ssl_mutex_init(server_rec *, pool *);
-void         ssl_mutex_reinit(server_rec *, pool *);
-void         ssl_mutex_on(server_rec *);
-void         ssl_mutex_off(server_rec *);
-void         ssl_mutex_kill(server_rec *s);
-void         ssl_mutex_file_create(server_rec *, pool *);
-void         ssl_mutex_file_open(server_rec *, pool *);
-void         ssl_mutex_file_remove(void *);
-BOOL         ssl_mutex_file_acquire(void);
-BOOL         ssl_mutex_file_release(void);
-void         ssl_mutex_sem_create(server_rec *, pool *);
-void         ssl_mutex_sem_open(server_rec *, pool *);
-void         ssl_mutex_sem_remove(void *);
-BOOL         ssl_mutex_sem_acquire(void);
-BOOL         ssl_mutex_sem_release(void);
-
-/*  Logfile Support  */
-void         ssl_log_open(server_rec *, server_rec *, pool *);
-BOOL         ssl_log_applies(server_rec *, int);
-void         ssl_log(server_rec *, int, const char *, ...);
-void         ssl_die(void);
-
-/*  Variables  */
-void         ssl_var_register(void);
-void         ssl_var_unregister(void);
-char        *ssl_var_lookup(pool *, server_rec *, conn_rec *, request_rec *, char *);
-
-/*  I/O  */
-void         ssl_io_register(void);
-void         ssl_io_unregister(void);
-long         ssl_io_data_cb(BIO *, int, const char *, int, long, long);
-#ifndef SSL_CONSERVATIVE
-void         ssl_io_suck(request_rec *, SSL *);
-#endif
-
-/*  PRNG  */
-int          ssl_rand_seed(server_rec *, pool *, ssl_rsctx_t, char *);
-
-/*  Extensions  */
-void         ssl_ext_register(void);
-void         ssl_ext_unregister(void);
-
-/*  Compatibility  */
-#ifdef SSL_COMPAT
-char        *ssl_compat_directive(server_rec *, pool *, const char *);
-void         ssl_compat_variables(request_rec *);
-#endif
-
-/*  Utility Functions  */
-char        *ssl_util_server_root_relative(pool *, char *, char *);
-char        *ssl_util_vhostid(pool *, server_rec *);
-FILE        *ssl_util_ppopen(server_rec *, pool *, char *);
-int          ssl_util_ppopen_child(void *, child_info *);
-void         ssl_util_ppclose(server_rec *, pool *, FILE *);
-char        *ssl_util_readfilter(server_rec *, pool *, char *);
-BOOL         ssl_util_path_check(ssl_pathcheck_t, char *);
-ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
-char        *ssl_util_algotypestr(ssl_algo_t);
-char        *ssl_util_ptxtsub(pool *, const char *, const char *, char *);
-void         ssl_util_thread_setup(void);
-void         ssl_util_thread_cleanup(void);
-
-/*  Vendor extension support  */
-#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
-void         ssl_vendor_register(void);
-void         ssl_vendor_unregister(void);
-#endif
-
-#endif /* MOD_SSL_H */
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_compat.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_compat.c
deleted file mode 100644
index 691ca13b54f..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_compat.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_compat.c
-**  Backward Compatibility
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                             /* ``Backward compatibility is for
-                                  users who don't want to live
-                                  on the bleeding edge.''
-                                            -- Unknown          */
-#ifdef SSL_COMPAT
-
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Backward Compatibility
-**  _________________________________________________________________
-*/
-
-/*
- * The mapping of obsolete directives to official ones...
- */
-
-static char *ssl_compat_RequireSSL(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSLSessionLockFile(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSLCacheDisable(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSLRequireCipher(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSLBanCipher(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSL_SessionDir(pool *, const char *, const char *, const char *);
-static char *ssl_compat_words2list(pool *, const char *);
-
-#define CRM_BEGIN              /* nop */
-#define CRM_ENTRY(what,action) { what, action },
-#define CRM_END                { NULL, NULL, NULL, NULL, NULL, NULL }
-#define CRM_CMD(cmd)           cmd, NULL, NULL
-#define CRM_STR(str)           NULL, str, NULL
-#define CRM_PAT(cmd)           NULL, NULL, pat
-#define CRM_LOG(msg)           msg, NULL, NULL
-#define CRM_SUB(new)           NULL, new, NULL
-#define CRM_CAL(fct)           NULL, NULL, fct
-
-static struct {
-    char *cpCommand;
-    char *cpSubstring;
-    char *cpPattern;
-    char *cpMessage;
-    char *cpSubst;
-    char *(*fpSubst)(pool *, const char *, const char *, const char *);
-} ssl_cmd_rewrite_map[] = {
-    CRM_BEGIN
-
-    /*
-     * Apache-SSL 1.x & mod_ssl 2.0.x backward compatibility
-     */
-    CRM_ENTRY( CRM_CMD("SSLEnable"),                   CRM_SUB("SSLEngine on")                )
-    CRM_ENTRY( CRM_CMD("SSLDisable"),                  CRM_SUB("SSLEngine off")               )
-    CRM_ENTRY( CRM_CMD("SSLLogFile"),                  CRM_SUB("SSLLog")                      )
-    CRM_ENTRY( CRM_CMD("SSLRequiredCiphers"),          CRM_SUB("SSLCipherSuite")              )
-    CRM_ENTRY( CRM_CMD("SSLRequireCipher"),            CRM_CAL(ssl_compat_SSLRequireCipher)   )
-    CRM_ENTRY( CRM_CMD("SSLBanCipher"),                CRM_CAL(ssl_compat_SSLBanCipher)       )
-    CRM_ENTRY( CRM_CMD("SSLFakeBasicAuth"),            CRM_SUB("SSLOptions +FakeBasicAuth")   )
-    CRM_ENTRY( CRM_CMD("SSLCacheServerPath"),          CRM_LOG("Use SSLSessionCache instead") )
-    CRM_ENTRY( CRM_CMD("SSLCacheServerPort"),          CRM_LOG("Use SSLSessionCache instead") )
-
-    /*
-     * Apache-SSL 1.x backward compatibility
-     */
-    CRM_ENTRY( CRM_CMD("SSLExportClientCertificates"), CRM_SUB("SSLOptions +ExportCertData")  )
-    CRM_ENTRY( CRM_CMD("SSLCacheServerRunDir"),        CRM_LOG("Not needed for mod_ssl")      )
-
-    /*
-     * Sioux 1.x backward compatibility
-     */
-    CRM_ENTRY( CRM_CMD("SSL_CertFile"),            CRM_SUB("SSLCertificateFile")              )
-    CRM_ENTRY( CRM_CMD("SSL_KeyFile"),             CRM_SUB("SSLCertificateKeyFile")           )
-    CRM_ENTRY( CRM_CMD("SSL_CipherSuite"),         CRM_SUB("SSLCipherSuite")                  )
-    CRM_ENTRY( CRM_CMD("SSL_X509VerifyDir"),       CRM_SUB("SSLCACertificatePath")            )
-    CRM_ENTRY( CRM_CMD("SSL_Log"),                 CRM_SUB("SSLLogFile")                      )
-    CRM_ENTRY( CRM_CMD("SSL_Connect"),             CRM_SUB("SSLEngine")                       )
-    CRM_ENTRY( CRM_CMD("SSL_ClientAuth"),          CRM_SUB("SSLVerifyClient")                 )
-    CRM_ENTRY( CRM_CMD("SSL_X509VerifyDepth"),     CRM_SUB("SSLVerifyDepth")                  )
-    CRM_ENTRY( CRM_CMD("SSL_FetchKeyPhraseFrom"),  CRM_LOG("Use SSLPassPhraseDialog instead") )
-    CRM_ENTRY( CRM_CMD("SSL_SessionDir"),          CRM_CAL(ssl_compat_SSL_SessionDir)         )
-    CRM_ENTRY( CRM_CMD("SSL_Require"),             CRM_LOG("Use SSLRequire instead (Syntax!)"))
-    CRM_ENTRY( CRM_CMD("SSL_CertFileType"),        CRM_LOG("Not supported by mod_ssl")        )
-    CRM_ENTRY( CRM_CMD("SSL_KeyFileType"),         CRM_LOG("Not supported by mod_ssl")        )
-    CRM_ENTRY( CRM_CMD("SSL_X509VerifyPolicy"),    CRM_LOG("Not supported by mod_ssl")        )
-    CRM_ENTRY( CRM_CMD("SSL_LogX509Attributes"),   CRM_LOG("Not supported by mod_ssl")        )
-
-    /*
-     * Stronghold 2.x backward compatibility
-     */
-    CRM_ENTRY( CRM_CMD("StrongholdAccelerator"),     CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("StrongholdKey"),             CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("StrongholdLicenseFile"),     CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLFlag"),                   CRM_SUB("SSLEngine")                     )
-    CRM_ENTRY( CRM_CMD("SSLClientCAfile"),           CRM_SUB("SSLCACertificateFile")          )
-    CRM_ENTRY( CRM_CMD("SSLSessionLockFile"),        CRM_CAL(ssl_compat_SSLSessionLockFile)   )
-    CRM_ENTRY( CRM_CMD("SSLCacheDisable"),           CRM_CAL(ssl_compat_SSLCacheDisable)      )
-    CRM_ENTRY( CRM_CMD("RequireSSL"),                CRM_CAL(ssl_compat_RequireSSL)           )
-    CRM_ENTRY( CRM_CMD("SSLCipherList"),             CRM_SUB("SSLCipherSuite")                )
-    CRM_ENTRY( CRM_CMD("SSLErrorFile"),              CRM_LOG("Not needed for mod_ssl")        )
-    CRM_ENTRY( CRM_CMD("SSLRoot"),                   CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSL_CertificateLogDir"),     CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("AuthCertDir"),               CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSL_Group"),                 CRM_LOG("Not supported by mod_ssl")      )
-#ifndef SSL_EXPERIMENTAL_PROXY
-    CRM_ENTRY( CRM_CMD("SSLProxyMachineCertPath"),   CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyMachineCertFile"),   CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyCACertificatePath"), CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyCACertificateFile"), CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyVerifyDepth"),       CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyCipherList"),        CRM_LOG("Not supported by mod_ssl")      )
-#else
-    CRM_ENTRY( CRM_CMD("SSLProxyCipherList"),        CRM_SUB("SSLProxyCipherSuite")           )
-#endif
-
-    CRM_END
-};
-
-static char *ssl_compat_RequireSSL(
-    pool *p, const char *oline, const char *cmd, const char *args)
-{
-    char *cp;
-    
-    for (cp = (char *)args; ap_isspace(*cp); cp++)
-        ;
-    if (strcEQ(cp, "on"))
-        return "SSLRequireSSL";
-    return "";
-}
-
-static char *ssl_compat_SSLSessionLockFile(
-    pool *p, const char *oline, const char *cmd, const char *args)
-{
-    char *cp;
-
-    for (cp = (char *)args; ap_isspace(*cp); cp++)
-        ;
-    return ap_pstrcat(p, "SSLMutex file:", cp, NULL);
-}
-
-static char *ssl_compat_SSLCacheDisable(
-    pool *p, const char *oline, const char *cmd, const char *args)
-{
-    char *cp;
-
-    for (cp = (char *)args; ap_isspace(*cp); cp++)
-        ;
-    if (strcEQ(cp, "on"))
-        return "SSLSessionCache none";
-    return "";
-}
-
-static char *ssl_compat_SSLRequireCipher(pool *p, const char *oline, const char *cmd, const char *args)
-{
-    return ap_pstrcat(p, "SSLRequire %{SSL_CIPHER} in {",
-                          ssl_compat_words2list(p, args),
-                          "}", NULL);
-}
-
-static char *ssl_compat_SSLBanCipher(pool *p, const char *oline, const char *cmd, const char *args)
-{
-    return ap_pstrcat(p, "SSLRequire not (%{SSL_CIPHER} in {",
-                          ssl_compat_words2list(p, args),
-                          "})", NULL);
-}
-
-static char *ssl_compat_SSL_SessionDir(
-    pool *p, const char *oline, const char *cmd, const char *args)
-{
-    char *cp;
-   
-    for (cp = (char *)args; ap_isspace(*cp); cp++)
-        ;
-    return ap_pstrcat(p, "SSLSessionCache dir:", cp, NULL);
-}
-
-static char *ssl_compat_words2list(pool *p, const char *oline)
-{
-    char *line;
-    char *cpB;
-    char *cpE;
-    char *cpI;
-    char *cpO;
-    char n;
-
-    /*
-     * Step 1: Determine borders
-     */
-    cpB = (char *)oline;
-    while (*cpB == ' ' || *cpB == '\t')
-       cpB++;
-    cpE = cpB+strlen(cpB);
-    while (cpE > cpB && (*(cpE-1) == ' ' || *(cpE-1) == '\t'))
-        cpE--;
-
-    /*
-     * Step 2: Determine final size and allocate buffer
-     */
-    for (cpI = cpB, n = 1; cpI < cpE; cpI++)
-        if ((*cpI == ' ' || *cpI == '\t') &&
-            (cpI > cpB && *(cpI-1) != ' ' && *(cpI-1) != '\t'))
-            n++;
-    line = ap_palloc(p, (cpE-cpB)+(n*2)+n+1);
-    cpI = cpB;
-    cpO = line;
-    while (cpI < cpE) {
-        if (   (*cpI != ' ' && *cpI != '\t')
-            && (   cpI == cpB
-                || (   cpI > cpB
-                    && (*(cpI-1) == ' ' || *(cpI-1) == '\t')))) {
-            *cpO++ = '"';
-            *cpO++ = *cpI++;
-        }
-        else if (   (*cpI == ' ' || *cpI == '\t')
-                 && (   cpI > cpB
-                     && (*(cpI-1) != ' ' && *(cpI-1) != '\t'))) {
-            *cpO++ = '"';
-            *cpO++ = ',';
-            *cpO++ = *cpI++;
-        }
-        else {
-            *cpO++ = *cpI++;
-        }
-    }
-    if (cpI > cpB && (*(cpI-1) != ' ' && *(cpI-1) != '\t'))
-        *cpO++ = '"';
-    *cpO++ = NUL;
-    return line;
-}
-
-char *ssl_compat_directive(server_rec *s, pool *p, const char *oline)
-{
-    int i;
-    char *line;
-    char *cp;
-    char caCmd[1024];
-    char *cpArgs;
-    int match;
-
-    /*
-     * Skip comment lines
-     */
-    cp = (char *)oline;
-    while ((*cp == ' ' || *cp == '\t' || *cp == '\n') && (*cp != NUL))
-        cp++;
-    if (*cp == '#' || *cp == NUL)
-        return NULL;
-
-    /*
-     * Extract directive name
-     */
-    cp = (char *)oline;
-    for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL &&
-		i < sizeof(caCmd) - 1; )
-        caCmd[i++] = *cp++;
-    caCmd[i] = NUL;
-    cpArgs = cp;
-
-    /*
-     * Apply rewriting map
-     */
-    line = NULL;
-    for (i = 0; !(ssl_cmd_rewrite_map[i].cpCommand == NULL &&
-                  ssl_cmd_rewrite_map[i].cpPattern == NULL   ); i++) {
-        /*
-         * Matching
-         */
-        match = FALSE;
-        if (ssl_cmd_rewrite_map[i].cpCommand != NULL) {
-            if (strcEQ(ssl_cmd_rewrite_map[i].cpCommand, caCmd))
-                match = TRUE;
-        }
-        else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL) {
-            if (strstr(oline, ssl_cmd_rewrite_map[i].cpSubstring) != NULL)
-                match = TRUE;
-        }
-        else if (ssl_cmd_rewrite_map[i].cpPattern != NULL) {
-            if (ap_fnmatch(ssl_cmd_rewrite_map[i].cpPattern, oline, 0))
-                match = TRUE;
-        }
-
-        /*
-         * Action Processing
-         */
-        if (match) {
-            if (ssl_cmd_rewrite_map[i].cpMessage != NULL) {
-                ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, s,
-                             "mod_ssl:Compat: OBSOLETE '%s' => %s",
-                             oline, ssl_cmd_rewrite_map[i].cpMessage);
-                line = "";
-                break;
-            }
-            else if (ssl_cmd_rewrite_map[i].cpSubst != NULL) {
-                if (ssl_cmd_rewrite_map[i].cpCommand != NULL)
-                    line = ap_pstrcat(p, ssl_cmd_rewrite_map[i].cpSubst,
-                                      cpArgs, NULL);
-                else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL)
-                    line = ssl_util_ptxtsub(p, oline, ssl_cmd_rewrite_map[i].cpSubstring,
-                                            ssl_cmd_rewrite_map[i].cpSubst);
-                else
-                    line = ssl_cmd_rewrite_map[i].cpSubst;
-                break;
-            }
-            else if (ssl_cmd_rewrite_map[i].fpSubst != NULL) {
-                line = ((char *(*)(pool *, const char *, const char *, const char *))
-                        (ssl_cmd_rewrite_map[i].fpSubst))(p, oline, caCmd, cpArgs);
-                break;
-            }
-        }
-    }
-    if (line != NULL && line[0] != NUL)
-        ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
-                     "mod_ssl:Compat: MAPPED '%s' => '%s'", oline, line);
-    return line;
-}
-
-/*
- * The mapping of obsolete environment variables to official ones...
- */
-
-#define VRM_BEGIN              /* nop */
-#define VRM_ENTRY(var,action)  { var, action },
-#define VRM_END                { NULL, NULL, NULL }
-#define VRM_VAR(old)           old
-#define VRM_SUB(new)           new, NULL
-#define VRM_LOG(msg)           NULL, msg
-
-static struct {
-    char *cpOld;
-    char *cpNew;
-    char *cpMsg;
-} ssl_var_rewrite_map[] = {
-    VRM_BEGIN
-
-    /*
-     * Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.x
-     * and Stronghold 2.x backward compatibility
-     */
-    VRM_ENTRY( VRM_VAR("SSL_PROTOCOL_VERSION"),          VRM_SUB("SSL_PROTOCOL")             )
-    VRM_ENTRY( VRM_VAR("SSLEAY_VERSION"),                VRM_SUB("SSL_VERSION_LIBRARY")      )
-    VRM_ENTRY( VRM_VAR("HTTPS_SECRETKEYSIZE"),           VRM_SUB("SSL_CIPHER_USEKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("HTTPS_KEYSIZE"),                 VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("HTTPS_CIPHER"),                  VRM_SUB("SSL_CIPHER")               )
-    VRM_ENTRY( VRM_VAR("HTTPS_EXPORT"),                  VRM_SUB("SSL_CIPHER_EXPORT")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"),           VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATE"),        VRM_SUB("SSL_SERVER_CERT")          )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_START"),         VRM_SUB("SSL_SERVER_V_START")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_END"),           VRM_SUB("SSL_SERVER_V_END")         )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_SERIAL"),        VRM_SUB("SSL_SERVER_M_SERIAL")      )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_SERVER_A_SIG")         )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_DN"),                 VRM_SUB("SSL_SERVER_S_DN")          )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CN"),                 VRM_SUB("SSL_SERVER_S_DN_CN")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_EMAIL"),              VRM_SUB("SSL_SERVER_S_DN_Email")    )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_O"),                  VRM_SUB("SSL_SERVER_S_DN_O")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_OU"),                 VRM_SUB("SSL_SERVER_S_DN_OU")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_C"),                  VRM_SUB("SSL_SERVER_S_DN_C")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_SP"),                 VRM_SUB("SSL_SERVER_S_DN_SP")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_L"),                  VRM_SUB("SSL_SERVER_S_DN_L")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IDN"),                VRM_SUB("SSL_SERVER_I_DN")          )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_ICN"),                VRM_SUB("SSL_SERVER_I_DN_CN")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IEMAIL"),             VRM_SUB("SSL_SERVER_I_DN_Email")    )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IO"),                 VRM_SUB("SSL_SERVER_I_DN_O")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IOU"),                VRM_SUB("SSL_SERVER_I_DN_OU")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IC"),                 VRM_SUB("SSL_SERVER_I_DN_C")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_ISP"),                VRM_SUB("SSL_SERVER_I_DN_SP")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IL"),                 VRM_SUB("SSL_SERVER_I_DN_L")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERTIFICATE"),        VRM_SUB("SSL_CLIENT_CERT")          )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_START"),         VRM_SUB("SSL_CLIENT_V_START")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_END"),           VRM_SUB("SSL_CLIENT_V_END")         )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_SERIAL"),        VRM_SUB("SSL_CLIENT_M_SERIAL")      )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_CLIENT_A_SIG")         )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_DN"),                 VRM_SUB("SSL_CLIENT_S_DN")          )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CN"),                 VRM_SUB("SSL_CLIENT_S_DN_CN")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_EMAIL"),              VRM_SUB("SSL_CLIENT_S_DN_Email")    )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_O"),                  VRM_SUB("SSL_CLIENT_S_DN_O")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_OU"),                 VRM_SUB("SSL_CLIENT_S_DN_OU")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_C"),                  VRM_SUB("SSL_CLIENT_S_DN_C")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_SP"),                 VRM_SUB("SSL_CLIENT_S_DN_SP")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_L"),                  VRM_SUB("SSL_CLIENT_S_DN_L")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IDN"),                VRM_SUB("SSL_CLIENT_I_DN")          )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_ICN"),                VRM_SUB("SSL_CLIENT_I_DN_CN")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IEMAIL"),             VRM_SUB("SSL_CLIENT_I_DN_Email")    )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IO"),                 VRM_SUB("SSL_CLIENT_I_DN_O")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IOU"),                VRM_SUB("SSL_CLIENT_I_DN_OU")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IC"),                 VRM_SUB("SSL_CLIENT_I_DN_C")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_ISP"),                VRM_SUB("SSL_CLIENT_I_DN_SP")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IL"),                 VRM_SUB("SSL_CLIENT_I_DN_L")        )
-    VRM_ENTRY( VRM_VAR("SSL_EXPORT"),                    VRM_SUB("SSL_CIPHER_EXPORT")        )
-    VRM_ENTRY( VRM_VAR("SSL_KEYSIZE"),                   VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("SSL_SECRETKEYSIZE"),             VRM_SUB("SSL_CIPHER_USEKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("SSL_SSLEAY_VERSION"),            VRM_SUB("SSL_VERSION_LIBRARY")      )
-
-    VRM_ENTRY( VRM_VAR("SSL_STRONG_CRYPTO"),             VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_EXP"),            VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"),           VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_ALGORITHM"),      VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_SESSIONDIR"),         VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATELOGDIR"),  VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTFILE"),           VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILE"),            VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILETYPE"),        VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_EXP"),            VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_ALGORITHM"),      VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_SIZE"),           VRM_LOG("Not supported by mod_ssl") )
-
-    VRM_END
-};
-
-void ssl_compat_variables(request_rec *r)
-{
-    char *cpOld;
-    char *cpNew;
-    char *cpMsg;
-    char *cpVal;
-    int i;
-
-    for (i = 0; ssl_var_rewrite_map[i].cpOld != NULL; i++) {
-        cpOld = ssl_var_rewrite_map[i].cpOld;
-        cpMsg = ssl_var_rewrite_map[i].cpMsg;
-        cpNew = ssl_var_rewrite_map[i].cpNew;
-        if (cpNew != NULL) {
-            cpVal = ssl_var_lookup(r->pool, r->server, r->connection, r, cpNew);
-            if (!strIsEmpty(cpVal))
-                ap_table_set(r->subprocess_env, cpOld, cpVal);
-        }
-        else if (cpMsg != NULL) {
-#ifdef SSL_VENDOR
-           /*
-            * something that isn't provided by mod_ssl, so at least
-            * let vendor extensions provide a reasonable value first.
-            */
-            cpVal = NULL;
-            ap_hook_use("ap::mod_ssl::vendor::compat_variables_lookup",
-                        AP_HOOK_SIG3(ptr,ptr,ptr),
-                        AP_HOOK_DECLINE(NULL),
-                        &cpVal, r, cpOld);
-            if (cpVal != NULL) {
-                ap_table_set(r->subprocess_env, cpOld, cpVal);
-                continue;
-            }
-#endif
-
-            /*
-             * we cannot print a message, so we set at least
-             * the variables content to the compat message
-             */
-            ap_table_set(r->subprocess_env, cpOld, cpMsg);
-        }
-    }
-    return;
-}
-
-#endif /* SSL_COMPAT */
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
deleted file mode 100644
index 2bda3964065..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
+++ /dev/null
@@ -1,1125 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_config.c
-**  Apache Configuration Directives
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                                      /* ``Damned if you do,
-                                           damned if you don't.''
-                                               -- Unknown        */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Support for Global Configuration
-**  _________________________________________________________________
-*/
-
-void ssl_hook_AddModule(module *m)
-{
-    if (m == &ssl_module) {
-        /*
-         * Announce us for the configuration files
-         */
-        ap_add_config_define("MOD_SSL");
-
-        /*
-         * Link ourself into the Apache kernel
-         */
-        ssl_var_register();
-        ssl_ext_register();
-        ssl_io_register();
-#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
-        ssl_vendor_register();
-#endif
-    }
-    return;
-}
-
-void ssl_hook_RemoveModule(module *m)
-{
-    if (m == &ssl_module) {
-        /*
-         * Unlink ourself from the Apache kernel
-         */
-        ssl_var_unregister();
-        ssl_ext_unregister();
-        ssl_io_unregister();
-#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
-        ssl_vendor_unregister();
-#endif
-    }
-    return;
-}
-
-void ssl_config_global_create(void)
-{
-    pool *pPool;
-    SSLModConfigRec *mc;
-
-    mc = ap_ctx_get(ap_global_ctx, "ssl_module");
-    if (mc == NULL) {
-        /*
-         * allocate an own subpool which survives server restarts
-         */
-        pPool = ap_make_sub_pool(NULL);
-        mc = (SSLModConfigRec *)ap_palloc(pPool, sizeof(SSLModConfigRec));
-        mc->pPool = pPool;
-        mc->bFixed = FALSE;
-
-        /*
-         * initialize per-module configuration
-         */
-        mc->nInitCount             = 0;
-        mc->nSessionCacheMode      = SSL_SCMODE_UNSET;
-        mc->szSessionCacheDataFile = NULL;
-        mc->nSessionCacheDataSize  = 0;
-        mc->pSessionCacheDataMM    = NULL;
-        mc->tSessionCacheDataTable = NULL;
-        mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
-        mc->szMutexFile            = NULL;
-        mc->nMutexFD               = -1;
-        mc->nMutexSEMID            = -1;
-        mc->aRandSeed              = ap_make_array(pPool, 4, sizeof(ssl_randseed_t));
-        mc->tPrivateKey            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
-        mc->tPublicCert            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
-        mc->tTmpKeys               = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
-#ifdef SSL_EXPERIMENTAL_ENGINE
-        mc->szCryptoDevice         = NULL;
-#endif
-
-        (void)memset(mc->pTmpKeys, 0, SSL_TKPIDX_MAX*sizeof(void *));
-
-#ifdef SSL_VENDOR
-        mc->ctx = ap_ctx_new(pPool);
-        ap_hook_use("ap::mod_ssl::vendor::config_global_create",
-                AP_HOOK_SIG2(void,ptr), AP_HOOK_MODE_ALL, mc);
-#endif
-
-        /*
-         * And push it into Apache's global context
-         */
-        ap_ctx_set(ap_global_ctx, "ssl_module", mc);
-    }
-    return;
-}
-
-void ssl_config_global_fix(void)
-{
-    SSLModConfigRec *mc = myModConfig();
-    mc->bFixed = TRUE;
-    return;
-}
-
-BOOL ssl_config_global_isfixed(void)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return (mc->bFixed);
-}
-
-
-/*  _________________________________________________________________
-**
-**  Configuration handling
-**  _________________________________________________________________
-*/
-
-/*
- *  Create per-server SSL configuration
- */
-void *ssl_config_server_create(pool *p, server_rec *s)
-{
-    SSLSrvConfigRec *sc;
-
-    ssl_config_global_create();
-
-    sc = ap_palloc(p, sizeof(SSLSrvConfigRec));
-    sc->bEnabled               = UNSET;
-    sc->bCompression           = FALSE;
-    sc->szCACertificatePath    = NULL;
-    sc->szCACertificateFile    = NULL;
-    sc->szCertificateChain     = NULL;
-    sc->szLogFile              = NULL;
-    sc->szCipherSuite          = NULL;
-    sc->nECDHCurve             = NID_X9_62_prime256v1;
-    sc->bHonorCipherOrder      = UNSET;
-    sc->nLogLevel              = SSL_LOG_NONE;
-    sc->nVerifyDepth           = UNSET;
-    sc->nVerifyClient          = SSL_CVERIFY_UNSET;
-    sc->nSessionCacheTimeout   = UNSET;
-    sc->nPassPhraseDialogType  = SSL_PPTYPE_UNSET;
-    sc->szPassPhraseDialogPath = NULL;
-    sc->nProtocol              = SSL_PROTOCOL_ALL;
-    sc->fileLogFile            = NULL;
-    sc->pSSLCtx                = NULL;
-    sc->szCARevocationPath     = NULL;
-    sc->szCARevocationFile     = NULL;
-    sc->pRevocationStore       = NULL;
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-    sc->nProxyVerifyDepth             = UNSET;
-    sc->szProxyCACertificatePath      = NULL;
-    sc->szProxyCACertificateFile      = NULL;
-    sc->szProxyClientCertificateFile  = NULL;
-    sc->szProxyClientCertificatePath  = NULL;
-    sc->szProxyCipherSuite            = NULL;
-    sc->nProxyProtocol                = SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_TLSV1;
-    sc->bProxyVerify                  = UNSET;
-    sc->pSSLProxyCtx                  = NULL;
-#endif
-
-    (void)memset(sc->szPublicCertFile, 0, SSL_AIDX_MAX*sizeof(char *));
-    (void)memset(sc->szPrivateKeyFile, 0, SSL_AIDX_MAX*sizeof(char *));
-    (void)memset(sc->pPublicCert, 0, SSL_AIDX_MAX*sizeof(X509 *));
-    (void)memset(sc->pPrivateKey, 0, SSL_AIDX_MAX*sizeof(EVP_PKEY *));
-
-#ifdef SSL_VENDOR
-    sc->ctx = ap_ctx_new(p);
-    ap_hook_use("ap::mod_ssl::vendor::config_server_create",
-                AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-                p, s, sc);
-#endif
-
-    return sc;
-}
-
-/*
- *  Merge per-server SSL configurations
- */
-void *ssl_config_server_merge(pool *p, void *basev, void *addv)
-{
-    SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
-    SSLSrvConfigRec *add  = (SSLSrvConfigRec *)addv;
-    SSLSrvConfigRec *new  = (SSLSrvConfigRec *)ap_palloc(p, sizeof(SSLSrvConfigRec));
-    int i;
-
-    cfgMergeBool(bEnabled);
-    cfgMergeBool(bCompression);
-    cfgMergeString(szCACertificatePath);
-    cfgMergeString(szCACertificateFile);
-    cfgMergeString(szCertificateChain);
-    cfgMergeString(szLogFile);
-    cfgMergeString(szCipherSuite);
-    cfgMerge(nECDHCurve, NID_X9_62_prime256v1);
-    cfgMergeBool(bHonorCipherOrder);
-    cfgMerge(nLogLevel, SSL_LOG_NONE);
-    cfgMergeInt(nVerifyDepth);
-    cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
-    cfgMergeInt(nSessionCacheTimeout);
-    cfgMerge(nPassPhraseDialogType, SSL_PPTYPE_UNSET);
-    cfgMergeString(szPassPhraseDialogPath);
-    cfgMerge(nProtocol, SSL_PROTOCOL_ALL);
-    cfgMerge(fileLogFile, NULL);
-    cfgMerge(pSSLCtx, NULL);
-    cfgMerge(szCARevocationPath, NULL);
-    cfgMerge(szCARevocationFile, NULL);
-    cfgMerge(pRevocationStore, NULL);
-
-    for (i = 0; i < SSL_AIDX_MAX; i++) {
-        cfgMergeString(szPublicCertFile[i]);
-        cfgMergeString(szPrivateKeyFile[i]);
-        cfgMerge(pPublicCert[i], NULL);
-        cfgMerge(pPrivateKey[i], NULL);
-    }
-
-#ifdef SSL_VENDOR
-    cfgMergeCtx(ctx);
-    ap_hook_use("ap::mod_ssl::vendor::config_server_merge",
-                AP_HOOK_SIG5(void,ptr,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-                p, base, add, new);
-#endif
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-    cfgMergeInt(nProxyVerifyDepth);
-    cfgMergeString(szProxyCACertificatePath);
-    cfgMergeString(szProxyCACertificateFile);
-    cfgMergeString(szProxyClientCertificateFile);
-    cfgMergeString(szProxyClientCertificatePath);
-    cfgMergeString(szProxyCipherSuite);
-    cfgMerge(nProxyProtocol, (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_TLSV1));
-    cfgMergeBool(bProxyVerify);
-    cfgMerge(pSSLProxyCtx, NULL);
-#endif
-
-    return new;
-}
-
-/*
- *  Create per-directory SSL configuration
- */
-void *ssl_config_perdir_create(pool *p, char *dir)
-{
-    SSLDirConfigRec *dc = ap_palloc(p, sizeof(SSLDirConfigRec));
-
-    dc->bSSLRequired  = FALSE;
-    dc->aRequirement  = ap_make_array(p, 4, sizeof(ssl_require_t));
-    dc->nOptions      = SSL_OPT_NONE|SSL_OPT_RELSET;
-    dc->nOptionsAdd   = SSL_OPT_NONE;
-    dc->nOptionsDel   = SSL_OPT_NONE;
-
-    dc->szCipherSuite          = NULL;
-    dc->nVerifyClient          = SSL_CVERIFY_UNSET;
-    dc->nVerifyDepth           = UNSET;
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    dc->szCACertificatePath    = NULL;
-    dc->szCACertificateFile    = NULL;
-#endif
-
-#ifdef SSL_VENDOR
-    dc->ctx = ap_ctx_new(p);
-    ap_hook_use("ap::mod_ssl::vendor::config_perdir_create",
-                AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-                p, dir, dc);
-#endif
-
-    return dc;
-}
-
-/*
- *  Merge per-directory SSL configurations
- */
-void *ssl_config_perdir_merge(pool *p, void *basev, void *addv)
-{
-    SSLDirConfigRec *base = (SSLDirConfigRec *)basev;
-    SSLDirConfigRec *add  = (SSLDirConfigRec *)addv;
-    SSLDirConfigRec *new  = (SSLDirConfigRec *)ap_palloc(p,
-                                               sizeof(SSLDirConfigRec));
-
-    cfgMerge(bSSLRequired, FALSE);
-    cfgMergeArray(aRequirement);
-
-    if (add->nOptions & SSL_OPT_RELSET) {
-        new->nOptionsAdd = (base->nOptionsAdd & ~(add->nOptionsDel)) | add->nOptionsAdd;
-        new->nOptionsDel = (base->nOptionsDel & ~(add->nOptionsAdd)) | add->nOptionsDel;
-        new->nOptions    = (base->nOptions    & ~(new->nOptionsDel)) | new->nOptionsAdd;
-    }
-    else {
-        new->nOptions    = add->nOptions;
-        new->nOptionsAdd = add->nOptionsAdd;
-        new->nOptionsDel = add->nOptionsDel;
-    }
-
-    cfgMergeString(szCipherSuite);
-    cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
-    cfgMergeInt(nVerifyDepth);
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    cfgMergeString(szCACertificatePath);
-    cfgMergeString(szCACertificateFile);
-#endif
-
-#ifdef SSL_VENDOR
-    cfgMergeCtx(ctx);
-    ap_hook_use("ap::mod_ssl::vendor::config_perdir_merge",
-                AP_HOOK_SIG5(void,ptr,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-                p, base, add, new);
-#endif
-
-    return new;
-}
-
-/*
- * Directive Rewriting
- */
-
-char *ssl_hook_RewriteCommand(cmd_parms *cmd, void *config, const char *cmd_line)
-{
-#ifdef SSL_COMPAT
-    return ssl_compat_directive(cmd->server, cmd->pool, cmd_line);
-#else
-    return NULL;
-#endif
-}
-
-/*
- *  Configuration functions for particular directives
- */
-
-const char *ssl_cmd_SSLMutex(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    const char *err;
-    SSLModConfigRec *mc = myModConfig();
-
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (ssl_config_global_isfixed())
-        return NULL;
-    if (strcEQ(arg, "none")) {
-        mc->nMutexMode  = SSL_MUTEXMODE_NONE;
-    }
-    else if (strlen(arg) > 5 && strcEQn(arg, "file:", 5)) {
-        mc->nMutexMode  = SSL_MUTEXMODE_FILE;
-        mc->szMutexFile = ap_psprintf(mc->pPool, "%s.%lu",
-                                      ssl_util_server_root_relative(cmd->pool, "mutex", arg+5),
-                                      (unsigned long)getpid());
-    }
-    else if (strcEQ(arg, "sem")) {
-        mc->nMutexMode  = SSL_MUTEXMODE_SEM;
-    }
-    else
-        return "SSLMutex: Invalid argument";
-    return NULL;
-}
-
-const char *ssl_cmd_SSLPassPhraseDialog(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    const char *err;
-
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (strcEQ(arg, "builtin")) {
-        sc->nPassPhraseDialogType  = SSL_PPTYPE_BUILTIN;
-        sc->szPassPhraseDialogPath = NULL;
-    }
-    else if (strlen(arg) > 5 && strEQn(arg, "exec:", 5)) {
-        sc->nPassPhraseDialogType  = SSL_PPTYPE_FILTER;
-        sc->szPassPhraseDialogPath = ssl_util_server_root_relative(cmd->pool, "dialog", arg+5);
-        if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath))
-            return ap_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '",
-                              sc->szPassPhraseDialogPath, "' does not exist", NULL);
-    }
-    else
-        return "SSLPassPhraseDialog: Invalid argument";
-    return NULL;
-}
-
-#ifdef SSL_EXPERIMENTAL_ENGINE
-const char *ssl_cmd_SSLCryptoDevice(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-    const char *err;
-    ENGINE *e;
-    static int loaded_engines = FALSE;
-
-    /* early loading to make sure the engines are already 
-       available for ENGINE_by_id() above... */
-    if (!loaded_engines) {
-        ENGINE_load_builtin_engines();
-        loaded_engines = TRUE;
-    }
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (strcEQ(arg, "builtin")) {
-        mc->szCryptoDevice = NULL;
-    }
-    else if ((e = ENGINE_by_id(arg)) != NULL) {
-        mc->szCryptoDevice = arg;
-        ENGINE_free(e);
-    }
-    else
-        return "SSLCryptoDevice: Invalid argument";
-    return NULL;
-}
-#endif
-
-const char *ssl_cmd_SSLRandomSeed(
-    cmd_parms *cmd, char *struct_ptr, char *arg1, char *arg2, char *arg3)
-{
-    SSLModConfigRec *mc = myModConfig();
-    const char *err;
-    ssl_randseed_t *pRS;
-
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (ssl_config_global_isfixed())
-        return NULL;
-    pRS = ap_push_array(mc->aRandSeed);
-    if (strcEQ(arg1, "startup"))
-        pRS->nCtx = SSL_RSCTX_STARTUP;
-    else if (strcEQ(arg1, "connect"))
-        pRS->nCtx = SSL_RSCTX_CONNECT;
-    else
-        return ap_pstrcat(cmd->pool, "SSLRandomSeed: "
-                          "invalid context: `", arg1, "'");
-    if (strlen(arg2) > 5 && strEQn(arg2, "file:", 5)) {
-        pRS->nSrc   = SSL_RSSRC_FILE;
-        pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+5));
-    }
-    else if (strlen(arg2) > 5 && strEQn(arg2, "exec:", 5)) {
-        pRS->nSrc   = SSL_RSSRC_EXEC;
-        pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+5));
-    }
-    else if (strlen(arg2) > 4 && strEQn(arg2, "egd:", 4)) {
-        pRS->nSrc   = SSL_RSSRC_EGD;
-        pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+4));
-    }
-    else if (strcEQ(arg2, "builtin")) {
-        pRS->nSrc   = SSL_RSSRC_BUILTIN;
-        pRS->cpPath = NULL;
-    }
-    else {
-        pRS->nSrc   = SSL_RSSRC_FILE;
-        pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2));
-    }
-    if (pRS->nSrc != SSL_RSSRC_BUILTIN)
-        if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath))
-            return ap_pstrcat(cmd->pool, "SSLRandomSeed: source path '",
-                              pRS->cpPath, "' does not exist", NULL);
-    if (arg3 == NULL)
-        pRS->nBytes = 0; /* read whole file */
-    else {
-        if (pRS->nSrc == SSL_RSSRC_BUILTIN)
-            return "SSLRandomSeed: byte specification not "
-                   "allowed for builtin seed source";
-        pRS->nBytes = atoi(arg3);
-        if (pRS->nBytes < 0)
-            return "SSLRandomSeed: invalid number of bytes specified";
-    }
-    return NULL;
-}
-
-const char *ssl_cmd_SSLEngine(
-    cmd_parms *cmd, char *struct_ptr, int flag)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->bEnabled = (flag ? TRUE : FALSE);
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCompression(
-     cmd_parms *cmd, char *struct_ptr, int flag)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->bCompression = (flag ? TRUE : FALSE);
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCipherSuite(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    if (cmd->path == NULL || dc == NULL)
-        sc->szCipherSuite = arg;
-    else
-        dc->szCipherSuite = arg;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLECDHCurve(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    if (strcEQ(arg, "none")) {
-        sc->nECDHCurve = 0;
-        return NULL;
-    }
-
-    sc->nECDHCurve = OBJ_sn2nid((const char *)arg);
-    if (sc->nECDHCurve == 0) {
-        return ap_pstrcat(cmd->pool, "SSLECDHCurve: unknown named curve '",
-                          arg, "'", NULL);
-    }
-
-    return NULL;
-}
-
-const char *ssl_cmd_SSLHonorCipherOrder(
-     cmd_parms *cmd, char *struct_ptr, int flag)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->bHonorCipherOrder = (flag ? TRUE : FALSE);
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCertificateFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-    int i;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ap_server_is_chrooted() && !ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCertificateFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    for (i = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++)
-        ;
-    if (i == SSL_AIDX_MAX)
-        return ap_psprintf(cmd->pool, "SSLCertificateFile: only up to %d "
-                          "different certificates per virtual host allowed", 
-                          SSL_AIDX_MAX);
-    sc->szPublicCertFile[i] = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCertificateKeyFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-    int i;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ap_server_is_chrooted() && !ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    for (i = 0; i < SSL_AIDX_MAX && sc->szPrivateKeyFile[i] != NULL; i++)
-        ;
-    if (i == SSL_AIDX_MAX)
-        return ap_psprintf(cmd->pool, "SSLCertificateKeyFile: only up to %d "
-                          "different private keys per virtual host allowed", 
-                          SSL_AIDX_MAX);
-    sc->szPrivateKeyFile[i] = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCertificateChainFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ap_server_is_chrooted() && !ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    ap_server_strip_chroot(cpPath, 0);
-    sc->szCertificateChain = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCACertificatePath(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCACertificatePath: directory '",
-                          cpPath, "' does not exist", NULL);
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    if (cmd->path == NULL || dc == NULL)
-        sc->szCACertificatePath = cpPath;
-    else
-        dc->szCACertificatePath = cpPath;
-#else
-    sc->szCACertificatePath = cpPath;
-#endif
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCACertificateFile(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCACertificateFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    if (cmd->path == NULL || dc == NULL)
-        sc->szCACertificateFile = cpPath;
-    else
-        dc->szCACertificateFile = cpPath;
-#else
-    sc->szCACertificateFile = cpPath;
-#endif
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCARevocationPath(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCARecocationPath: directory '",
-                          cpPath, "' does not exist", NULL);
-    sc->szCARevocationPath = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCARevocationFile(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCARevocationFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    sc->szCARevocationFile = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLVerifyClient(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *level)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    ssl_verify_t id;
-
-    if (strEQ(level, "0") || strcEQ(level, "none"))
-        id = SSL_CVERIFY_NONE;
-    else if (strEQ(level, "1") || strcEQ(level, "optional"))
-        id = SSL_CVERIFY_OPTIONAL;
-    else if (strEQ(level, "2") || strcEQ(level, "require"))
-        id = SSL_CVERIFY_REQUIRE;
-    else if (strEQ(level, "3") || strcEQ(level, "optional_no_ca"))
-        id = SSL_CVERIFY_OPTIONAL_NO_CA;
-    else
-        return "SSLVerifyClient: Invalid argument";
-    if (cmd->path == NULL || dc == NULL)
-        sc->nVerifyClient = id;
-    else
-        dc->nVerifyClient = id;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLVerifyDepth(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    int d;
-
-    d = atoi(arg);
-    if (d < 0)
-        return "SSLVerifyDepth: Invalid argument";
-    if (cmd->path == NULL || dc == NULL)
-        sc->nVerifyDepth = d;
-    else
-        dc->nVerifyDepth = d;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLSessionCache(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    const char *err;
-    SSLModConfigRec *mc = myModConfig();
-    char *cp, *cp2;
-    int maxsize;
-
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (ssl_config_global_isfixed())
-        return NULL;
-    if (strcEQ(arg, "none")) {
-        mc->nSessionCacheMode      = SSL_SCMODE_NONE;
-        mc->szSessionCacheDataFile = NULL;
-    }
-    else if (strlen(arg) > 4 && strcEQn(arg, "dbm:", 4)) {
-        mc->nSessionCacheMode      = SSL_SCMODE_DBM;
-        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
-                                     ssl_util_server_root_relative(cmd->pool, "scache", arg+4));
-    }
-    else if (   (strlen(arg) > 4 && strcEQn(arg, "shm:",   4)) 
-             || (strlen(arg) > 6 && strcEQn(arg, "shmht:", 6))) {
-        if (!ap_mm_useable())
-            return "SSLSessionCache: shared memory cache not useable on this platform";
-        mc->nSessionCacheMode      = SSL_SCMODE_SHMHT;
-        cp = strchr(arg, ':');
-        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
-                                     ssl_util_server_root_relative(cmd->pool, "scache", cp+1));
-        mc->tSessionCacheDataTable = NULL;
-        mc->nSessionCacheDataSize  = 1024*512; /* 512KB */
-        if ((cp = strchr(mc->szSessionCacheDataFile, '(')) != NULL) {
-            *cp++ = NUL;
-            if ((cp2 = strchr(cp, ')')) == NULL)
-                return "SSLSessionCache: Invalid argument: no closing parenthesis";
-            *cp2 = NUL;
-            mc->nSessionCacheDataSize = atoi(cp);
-            if (mc->nSessionCacheDataSize < 8192)
-                return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes";
-            maxsize = ap_mm_core_maxsegsize();
-            if (mc->nSessionCacheDataSize >= maxsize)
-                return ap_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: "
-                                   "size has to be < %d bytes on this platform", maxsize);
-        }
-    }
-    else if (strlen(arg) > 6 && strcEQn(arg, "shmcb:", 6)) {
-        if (!ap_mm_useable())
-            return "SSLSessionCache: shared memory cache not useable on this platform";
-        mc->nSessionCacheMode      = SSL_SCMODE_SHMCB;
-        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
-                                     ap_server_root_relative(cmd->pool, arg+6));
-        mc->tSessionCacheDataTable = NULL;
-        mc->nSessionCacheDataSize  = 1024*512; /* 512KB */
-        if ((cp = strchr(mc->szSessionCacheDataFile, '(')) != NULL) {
-            *cp++ = NUL;
-            if ((cp2 = strchr(cp, ')')) == NULL)
-                return "SSLSessionCache: Invalid argument: no closing parenthesis";
-            *cp2 = NUL;
-            mc->nSessionCacheDataSize = atoi(cp);
-            if (mc->nSessionCacheDataSize < 8192)
-                return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes";
-            maxsize = ap_mm_core_maxsegsize();
-            if (mc->nSessionCacheDataSize >= maxsize)
-                return ap_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: "
-                                   "size has to be < %d bytes on this platform", maxsize);
-        }
-    }
-	else
-#ifdef SSL_VENDOR
-        if (!ap_hook_use("ap::mod_ssl::vendor::cmd_sslsessioncache",
-             AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-             cmd, arg, mc))
-#endif
-        return "SSLSessionCache: Invalid argument";
-    return NULL;
-}
-
-const char *ssl_cmd_SSLSessionCacheTimeout(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->nSessionCacheTimeout = atoi(arg);
-    if (sc->nSessionCacheTimeout < 0)
-        return "SSLSessionCacheTimeout: Invalid argument";
-    return NULL;
-}
-
-const char *ssl_cmd_SSLLog(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    const char *err;
-
-    if ((err = ap_check_cmd_context(cmd,  NOT_IN_LIMIT|NOT_IN_DIRECTORY
-                                         |NOT_IN_LOCATION|NOT_IN_FILES )) != NULL)
-        return err;
-    sc->szLogFile = arg;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLLogLevel(
-    cmd_parms *cmd, char *struct_ptr, char *level)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    const char *err;
-
-    if ((err = ap_check_cmd_context(cmd,  NOT_IN_LIMIT|NOT_IN_DIRECTORY
-                                         |NOT_IN_LOCATION|NOT_IN_FILES )) != NULL)
-        return err;
-    if (strcEQ(level, "none"))
-        sc->nLogLevel = SSL_LOG_NONE;
-    else if (strcEQ(level, "error"))
-        sc->nLogLevel = SSL_LOG_ERROR;
-    else if (strcEQ(level, "warn"))
-        sc->nLogLevel = SSL_LOG_WARN;
-    else if (strcEQ(level, "info"))
-        sc->nLogLevel = SSL_LOG_INFO;
-    else if (strcEQ(level, "trace"))
-        sc->nLogLevel = SSL_LOG_TRACE;
-    else if (strcEQ(level, "debug"))
-        sc->nLogLevel = SSL_LOG_DEBUG;
-    else
-        return "SSLLogLevel: Invalid argument";
-    return NULL;
-}
-
-const char *ssl_cmd_SSLOptions(
-    cmd_parms *cmd, SSLDirConfigRec *dc, const char *cpLine)
-{
-    ssl_opt_t opt;
-    int first;
-    char action;
-    char *w;
-
-    first = TRUE;
-    while (cpLine[0] != NUL) {
-        w = ap_getword_conf(cmd->pool, &cpLine);
-        action = NUL;
-
-        if (*w == '+' || *w == '-') {
-            action = *(w++);
-        }
-        else if (first) {
-            dc->nOptions = SSL_OPT_NONE;
-            first = FALSE;
-        }
-
-        if (strcEQ(w, "StdEnvVars"))
-            opt = SSL_OPT_STDENVVARS;
-        else if (strcEQ(w, "CompatEnvVars"))
-            opt = SSL_OPT_COMPATENVVARS;
-        else if (strcEQ(w, "ExportCertData"))
-            opt = SSL_OPT_EXPORTCERTDATA;
-        else if (strcEQ(w, "FakeBasicAuth"))
-            opt = SSL_OPT_FAKEBASICAUTH;
-        else if (strcEQ(w, "StrictRequire"))
-            opt = SSL_OPT_STRICTREQUIRE;
-        else if (strcEQ(w, "OptRenegotiate"))
-            opt = SSL_OPT_OPTRENEGOTIATE;
-        else
-            return ap_pstrcat(cmd->pool, "SSLOptions: Illegal option '", w, "'", NULL);
-
-        if (action == '-') {
-            dc->nOptionsAdd &= ~opt;
-            dc->nOptionsDel |=  opt;
-            dc->nOptions    &= ~opt;
-        }
-        else if (action == '+') {
-            dc->nOptionsAdd |=  opt;
-            dc->nOptionsDel &= ~opt;
-            dc->nOptions    |=  opt;
-        }
-        else {
-            dc->nOptions    = opt;
-            dc->nOptionsAdd = opt;
-            dc->nOptionsDel = SSL_OPT_NONE;
-        }
-    }
-    return NULL;
-}
-
-const char *ssl_cmd_SSLRequireSSL(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *cipher)
-{
-    dc->bSSLRequired = TRUE;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLRequire(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *cpExpr)
-{
-    ssl_expr *mpExpr;
-    ssl_require_t *pReqRec;
-
-    if ((mpExpr = ssl_expr_comp(cmd->pool, cpExpr)) == NULL)
-        return ap_pstrcat(cmd->pool, "SSLRequire: ", ssl_expr_get_error(), NULL);
-    pReqRec = ap_push_array(dc->aRequirement);
-    pReqRec->cpExpr = ap_pstrdup(cmd->pool, cpExpr);
-    pReqRec->mpExpr = mpExpr;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProtocol(
-    cmd_parms *cmd, char *struct_ptr, const char *opt)
-{
-    SSLSrvConfigRec *sc;
-    ssl_proto_t options, thisopt;
-    char action;
-    char *w;
-
-    sc = mySrvConfig(cmd->server);
-    options = SSL_PROTOCOL_NONE;
-    while (opt[0] != NUL) {
-        w = ap_getword_conf(cmd->pool, &opt);
-
-        action = NUL;
-        if (*w == '+' || *w == '-')
-            action = *(w++);
-
-        if (strcEQ(w, "SSLv2"))
-            thisopt = SSL_PROTOCOL_SSLV2;
-        else if (strcEQ(w, "SSLv3"))
-            thisopt = SSL_PROTOCOL_SSLV3;
-        else if (strcEQ(w, "TLSv1"))
-            thisopt = SSL_PROTOCOL_TLSV1;
-        else if (strcEQ(w, "all"))
-            thisopt = SSL_PROTOCOL_ALL;
-        else
-            return ap_pstrcat(cmd->pool, "SSLProtocol: Illegal protocol '", w, "'", NULL);
-
-        if (action == '-')
-            options &= ~thisopt;
-        else if (action == '+')
-            options |= thisopt;
-        else
-            options = thisopt;
-    }
-    sc->nProtocol = options;
-    return NULL;
-}
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-
-const char *ssl_cmd_SSLProxyProtocol(
-    cmd_parms *cmd, char *struct_ptr, const char *opt)
-{
-    SSLSrvConfigRec *sc;
-    ssl_proto_t options, thisopt;
-    char action;
-    char *w;
-
-    sc = mySrvConfig(cmd->server);
-    options = SSL_PROTOCOL_NONE;
-    while (opt[0] != NUL) {
-        w = ap_getword_conf(cmd->pool, &opt);
-
-        action = NUL;
-        if (*w == '+' || *w == '-')
-            action = *(w++);
-
-        if (strcEQ(w, "SSLv2"))
-            thisopt = SSL_PROTOCOL_SSLV2;
-        else if (strcEQ(w, "SSLv3"))
-            thisopt = SSL_PROTOCOL_SSLV3;
-        else if (strcEQ(w, "TLSv1"))
-            thisopt = SSL_PROTOCOL_TLSV1;
-        else if (strcEQ(w, "all"))
-            thisopt = SSL_PROTOCOL_ALL;
-        else
-            return ap_pstrcat(cmd->pool, "SSLProxyProtocol: "
-                              "Illegal protocol '", w, "'", NULL);
-        if (action == '-')
-            options &= ~thisopt;
-        else if (action == '+')
-            options |= thisopt;
-        else
-            options = thisopt;
-    }
-    sc->nProxyProtocol = options;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCipherSuite(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->szProxyCipherSuite = arg;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyVerify(
-    cmd_parms *cmd, char *struct_ptr, int flag)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->bProxyVerify = (flag ? TRUE : FALSE);
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyVerifyDepth(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    int d;
-
-    d = atoi(arg);
-    if (d < 0)
-        return "SSLProxyVerifyDepth: Invalid argument";
-    sc->nProxyVerifyDepth = d;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCACertificateFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    sc->szProxyCACertificateFile = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCACertificatePath(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '",
-                          cpPath, "' does not exist", NULL);
-    sc->szProxyCACertificatePath = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyMachineCertificateFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    sc->szProxyClientCertificateFile = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyMachineCertificatePath(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '",
-                          cpPath, "' does not exist", NULL);
-    sc->szProxyClientCertificatePath = cpPath;
-    return NULL;
-}
-
-#endif /* SSL_EXPERIMENTAL_PROXY */
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_dh.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_dh.c
deleted file mode 100644
index c4f7e8f3413..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_dh.c
+++ /dev/null
@@ -1,251 +0,0 @@
-#if 0
-=pod
-#endif
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-** ssl_engine_dh.c 
-** Diffie-Hellman Built-in Temporary Parameters
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-/* ----BEGIN GENERATED SECTION-------- */
-
-/*
-** Diffie-Hellman-Parameters: (512 bit)
-**     prime:
-**         00:d4:bc:d5:24:06:f6:9b:35:99:4b:88:de:5d:b8:
-**         96:82:c8:15:7f:62:d8:f3:36:33:ee:57:72:f1:1f:
-**         05:ab:22:d6:b5:14:5b:9f:24:1e:5a:cc:31:ff:09:
-**         0a:4b:c7:11:48:97:6f:76:79:50:94:e7:1e:79:03:
-**         52:9f:5a:82:4b
-**     generator: 2 (0x2)
-** Diffie-Hellman-Parameters: (1024 bit)
-**     prime:
-**         00:e6:96:9d:3d:49:5b:e3:2c:7c:f1:80:c3:bd:d4:
-**         79:8e:91:b7:81:82:51:bb:05:5e:2a:20:64:90:4a:
-**         79:a7:70:fa:15:a2:59:cb:d5:23:a6:a6:ef:09:c4:
-**         30:48:d5:a2:2f:97:1f:3c:20:12:9b:48:00:0e:6e:
-**         dd:06:1c:bc:05:3e:37:1d:79:4e:53:27:df:61:1e:
-**         bb:be:1b:ac:9b:5c:60:44:cf:02:3d:76:e0:5e:ea:
-**         9b:ad:99:1b:13:a6:3c:97:4e:9e:f1:83:9e:b5:db:
-**         12:51:36:f7:26:2e:56:a8:87:15:38:df:d8:23:c6:
-**         50:50:85:e2:1f:0d:d5:c8:6b
-**     generator: 2 (0x2)
-*/
-
-static unsigned char dh512_p[] =
-{
-    0xD4, 0xBC, 0xD5, 0x24, 0x06, 0xF6, 0x9B, 0x35, 0x99, 0x4B, 0x88, 0xDE,
-    0x5D, 0xB8, 0x96, 0x82, 0xC8, 0x15, 0x7F, 0x62, 0xD8, 0xF3, 0x36, 0x33,
-    0xEE, 0x57, 0x72, 0xF1, 0x1F, 0x05, 0xAB, 0x22, 0xD6, 0xB5, 0x14, 0x5B,
-    0x9F, 0x24, 0x1E, 0x5A, 0xCC, 0x31, 0xFF, 0x09, 0x0A, 0x4B, 0xC7, 0x11,
-    0x48, 0x97, 0x6F, 0x76, 0x79, 0x50, 0x94, 0xE7, 0x1E, 0x79, 0x03, 0x52,
-    0x9F, 0x5A, 0x82, 0x4B,
-};
-static unsigned char dh512_g[] =
-{
-    0x02,
-};
-
-static DH *get_dh512(void)
-{
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL)
-        return (NULL);
-    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
-        return (NULL);
-    return (dh);
-}
-static unsigned char dh1024_p[] =
-{
-    0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
-    0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
-    0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
-    0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
-    0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
-    0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
-    0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
-    0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
-    0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
-    0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
-    0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
-};
-static unsigned char dh1024_g[] =
-{
-    0x02,
-};
-
-static DH *get_dh1024(void)
-{
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL)
-        return (NULL);
-    dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
-    dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
-        return (NULL);
-    return (dh);
-}
-/* ----END GENERATED SECTION---------- */
-
-DH *ssl_dh_GetTmpParam(int nKeyLen)
-{
-    DH *dh;
-
-    if (nKeyLen == 512)
-        dh = get_dh512();
-    else if (nKeyLen == 1024)
-        dh = get_dh1024();
-    else
-        dh = get_dh1024();
-    return dh;
-}
-
-DH *ssl_dh_GetParamFromFile(char *file)
-{
-    DH *dh = NULL;
-    BIO *bio;
-
-    if ((bio = BIO_new_file(file, "r")) == NULL)
-        return NULL;
-    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-    BIO_free(bio);
-    return (dh);
-}
-
-/*
-=cut
-##
-##  Embedded Perl script for generating the temporary DH parameters
-##
-
-require 5.003;
-use strict;
-
-#   configuration
-my $file  = $0;
-my $begin = '----BEGIN GENERATED SECTION--------';
-my $end   = '----END GENERATED SECTION----------';
-
-#   read ourself and keep a backup
-open(FP, "<$file") || die;
-my $source = '';
-$source .= $_ while (<FP>);
-close(FP);
-open(FP, ">$file.bak") || die;
-print FP $source;
-close(FP);
-
-#   generate the DH parameters
-print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n";
-my $rand = '';
-foreach $file (qw(/var/log/messages /var/adm/messages 
-                  /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) {
-    if (-f $file) {
-        $rand = $file     if ($rand eq '');
-        $rand .= ":$file" if ($rand ne '');
-    }
-}
-$rand = "-rand $rand" if ($rand ne '');
-system("openssl gendh $rand -out dh512.pem 512");
-system("openssl gendh $rand -out dh1024.pem 1024");
-
-#   generate DH param info 
-my $dhinfo = '';
-open(FP, "openssl dh -noout -text -in dh512.pem |") || die;
-$dhinfo .= $_ while (<FP>);
-close(FP);
-open(FP, "openssl dh -noout -text -in dh1024.pem |") || die;
-$dhinfo .= $_ while (<FP>);
-close(FP);
-$dhinfo =~ s|^|** |mg;
-$dhinfo = "\n\/\*\n$dhinfo\*\/\n\n";
-
-#   generate C source from DH params
-my $dhsource = '';
-open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die;
-$dhsource .= $_ while (<FP>);
-close(FP);
-open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die;
-$dhsource .= $_ while (<FP>);
-close(FP);
-$dhsource =~ s|(DH\s+\*get_dh)|static $1|sg;
-
-#   generate output
-my $o = $dhinfo . $dhsource;
-
-#   insert the generated code at the target location
-$source =~ s|(\/\* $begin.+?\n).*\n(.*?\/\* $end)|$1$o$2|s;
-
-#   and update the source on disk
-print "Updating file `$file'\n";
-open(FP, ">$file") || die;
-print FP $source;
-close(FP);
-
-#   cleanup
-unlink("dh512.pem");
-unlink("dh1024.pem");
-
-=pod
-*/
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ds.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ds.c
deleted file mode 100644
index 04727d5323e..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ds.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_ds.c
-**  Additional Data Structures
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``If you can't do it in
-                                  C or assembly language,
-                                  it isn't worth doing.''
-                                         -- Unknown         */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Data Structures which store _arbitrary_ data
-**  _________________________________________________________________
-*/
-
-ssl_ds_array *ssl_ds_array_make(pool *p, int size)
-{
-    ssl_ds_array *a;
-
-    if ((a = (ssl_ds_array *)ap_palloc(p, sizeof(ssl_ds_array))) == NULL)
-        return NULL;
-    a->pPool = p;
-    if ((a->pSubPool = ap_make_sub_pool(p)) == NULL)
-        return NULL;
-    a->aData   = ap_make_array(a->pSubPool, 2, size);
-    return a;
-}
-
-BOOL ssl_ds_array_isempty(ssl_ds_array *a)
-{
-    if (a == NULL || a->aData == NULL || a->aData->nelts == 0)
-        return TRUE;
-    else
-        return FALSE;
-}
-
-void *ssl_ds_array_push(ssl_ds_array *a)
-{
-    void *d;
-
-    d = (void *)ap_push_array(a->aData);
-    return d;
-}
-
-void *ssl_ds_array_get(ssl_ds_array *a, int n)
-{
-    void *d;
-
-    if (n < 0 || n >= a->aData->nelts)
-        return NULL;
-    d = (void *)(a->aData->elts+(a->aData->elt_size*n));
-    return d;
-}
-
-void ssl_ds_array_wipeout(ssl_ds_array *a)
-{
-    if (a->aData->nelts > 0)
-        memset(a->aData->elts, 0, a->aData->elt_size*a->aData->nelts);
-    return;
-}
-
-void ssl_ds_array_kill(ssl_ds_array *a)
-{
-    ap_destroy_pool(a->pSubPool);
-    a->pSubPool = NULL;
-    a->aData    = NULL;
-    return;
-}
-
-ssl_ds_table *ssl_ds_table_make(pool *p, int size)
-{
-    ssl_ds_table *t;
-
-    if ((t = (ssl_ds_table *)ap_palloc(p, sizeof(ssl_ds_table))) == NULL)
-        return NULL;
-    t->pPool = p;
-    if ((t->pSubPool = ap_make_sub_pool(p)) == NULL)
-        return NULL;
-    t->aKey  = ap_make_array(t->pSubPool, 2, MAX_STRING_LEN);
-    t->aData = ap_make_array(t->pSubPool, 2, size);
-    return t;
-}
-
-BOOL ssl_ds_table_isempty(ssl_ds_table *t)
-{
-    if (t == NULL || t->aKey == NULL || t->aKey->nelts == 0)
-        return TRUE;
-    else
-        return FALSE;
-}
-
-void *ssl_ds_table_push(ssl_ds_table *t, char *key)
-{
-    char *k;
-    void *d;
-
-    k = (char *)ap_push_array(t->aKey);
-    d = (void *)ap_push_array(t->aData);
-    ap_cpystrn(k, key, t->aKey->elt_size);
-    return d;
-}
-
-void *ssl_ds_table_get(ssl_ds_table *t, char *key)
-{
-    char *k;
-    void *d;
-    int i;
-
-    d = NULL;
-    for (i = 0; i < t->aKey->nelts; i++) {
-        k = (t->aKey->elts+(t->aKey->elt_size*i));
-        if (strEQ(k, key)) {
-            d = (void *)(t->aData->elts+(t->aData->elt_size*i));
-            break;
-        }
-    }
-    return d;
-}
-
-void ssl_ds_table_wipeout(ssl_ds_table *t)
-{
-    if (t->aKey->nelts > 0) {
-        memset(t->aKey->elts, 0, t->aKey->elt_size*t->aKey->nelts);
-        memset(t->aData->elts, 0, t->aData->elt_size*t->aData->nelts);
-    }
-    return;
-}
-
-void ssl_ds_table_kill(ssl_ds_table *t)
-{
-    ap_destroy_pool(t->pSubPool);
-    t->pSubPool = NULL;
-    t->aKey     = NULL;
-    t->aData    = NULL;
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c
deleted file mode 100644
index 60ebc6f8cbc..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c
+++ /dev/null
@@ -1,812 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_ext.c
-**  Extensions to other Apache parts
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Only those who attempt the absurd
-                                  can achieve the impossible.''
-                                           -- Unknown             */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  SSL Extensions
-**  _________________________________________________________________
-*/
-
-static void  ssl_ext_mlc_register(void);
-static void  ssl_ext_mlc_unregister(void);
-static void  ssl_ext_mr_register(void);
-static void  ssl_ext_mr_unregister(void);
-static void  ssl_ext_mp_register(void);
-static void  ssl_ext_mp_unregister(void);
-static void  ssl_ext_ms_register(void);
-static void  ssl_ext_ms_unregister(void);
-
-void ssl_ext_register(void)
-{
-    ssl_ext_mlc_register();
-    ssl_ext_mr_register();
-    ssl_ext_mp_register();
-    ssl_ext_ms_register();
-    return;
-}
-
-void ssl_ext_unregister(void)
-{
-    ssl_ext_mlc_unregister();
-    ssl_ext_mr_unregister();
-    ssl_ext_mp_unregister();
-    ssl_ext_ms_unregister();
-    return;
-}
-
-/*  _________________________________________________________________
-**
-**  SSL Extension to mod_log_config
-**  _________________________________________________________________
-*/
-
-static char *ssl_ext_mlc_log_c(request_rec *r, char *a);
-static char *ssl_ext_mlc_log_x(request_rec *r, char *a);
-
-/*
- * register us for the mod_log_config function registering phase
- * to establish %{...}c and to be able to expand %{...}x variables.
- */
-static void ssl_ext_mlc_register(void)
-{
-    ap_hook_register("ap::mod_log_config::log_c",
-                     ssl_ext_mlc_log_c, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_log_config::log_x",
-                     ssl_ext_mlc_log_x, AP_HOOK_NOCTX);
-    return;
-}
-
-static void ssl_ext_mlc_unregister(void)
-{
-    ap_hook_unregister("ap::mod_log_config::log_c",
-                       ssl_ext_mlc_log_c);
-    ap_hook_unregister("ap::mod_log_config::log_x",
-                       ssl_ext_mlc_log_x);
-    return;
-}
-
-/*
- * implement the %{..}c log function
- * (we are the only function)
- */
-static char *ssl_ext_mlc_log_c(request_rec *r, char *a)
-{
-    char *result;
-
-    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
-        return NULL;
-    result = NULL;
-    if (strEQ(a, "version"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL");
-    else if (strEQ(a, "cipher"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER");
-    else if (strEQ(a, "subjectdn") || strEQ(a, "clientcert"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN");
-    else if (strEQ(a, "issuerdn") || strEQ(a, "cacert"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN");
-    else if (strEQ(a, "errcode"))
-        result = "-";
-    else if (strEQ(a, "errstr"))
-        result = ap_ctx_get(r->connection->client->ctx, "ssl::verify::error");
-    if (result != NULL && result[0] == NUL)
-        result = NULL;
-    return result;
-}
-
-/*
- * extend the implementation of the %{..}x log function
- * (there can be more functions)
- */
-static char *ssl_ext_mlc_log_x(request_rec *r, char *a)
-{
-    char *result;
-
-    result = NULL;
-    if (ap_ctx_get(r->connection->client->ctx, "ssl") != NULL)
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
-    if (result != NULL && result[0] == NUL)
-        result = NULL;
-    return result;
-}
-
-/*  _________________________________________________________________
-**
-**  SSL Extension to mod_rewrite
-**  _________________________________________________________________
-*/
-
-static char *ssl_ext_mr_lookup_variable(request_rec *r, char *var);
-
-/*
- * register us for the mod_rewrite lookup_variable() function
- */
-static void ssl_ext_mr_register(void)
-{
-    ap_hook_register("ap::mod_rewrite::lookup_variable",
-                     ssl_ext_mr_lookup_variable, AP_HOOK_NOCTX);
-    return;
-}
-
-static void ssl_ext_mr_unregister(void)
-{
-    ap_hook_unregister("ap::mod_rewrite::lookup_variable",
-                       ssl_ext_mr_lookup_variable);
-    return;
-}
-
-static char *ssl_ext_mr_lookup_variable(request_rec *r, char *var)
-{
-    char *val;
-
-    val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-    if (val[0] == NUL)
-        val = NULL;
-    return val;
-}
-
-/*  _________________________________________________________________
-**
-**  SSL Extension to mod_proxy
-**  _________________________________________________________________
-*/
-
-static int   ssl_ext_mp_canon(request_rec *, char *);
-static int   ssl_ext_mp_handler(request_rec *, void *, char *, char *, int, char *);
-static int   ssl_ext_mp_set_destport(request_rec *);
-static char *ssl_ext_mp_new_connection(request_rec *, BUFF *, char *);
-static void  ssl_ext_mp_close_connection(void *);
-static int   ssl_ext_mp_write_host_header(request_rec *, BUFF *, char *, char *, char *);
-#ifdef SSL_EXPERIMENTAL_PROXY
-static void  ssl_ext_mp_init(server_rec *, pool *);
-static int   ssl_ext_mp_verify_cb(int, X509_STORE_CTX *);
-static int   ssl_ext_mp_clientcert_cb(SSL *, X509 **, EVP_PKEY **);
-#endif
-
-/*
- * register us ...
- */
-static void ssl_ext_mp_register(void)
-{
-#ifdef SSL_EXPERIMENTAL_PROXY
-    ap_hook_register("ap::mod_proxy::init",
-                     ssl_ext_mp_init, AP_HOOK_NOCTX);
-#endif
-    ap_hook_register("ap::mod_proxy::canon",
-                     ssl_ext_mp_canon, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_proxy::handler",
-                     ssl_ext_mp_handler, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_proxy::http::handler::set_destport",
-                     ssl_ext_mp_set_destport, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_proxy::http::handler::new_connection",
-                     ssl_ext_mp_new_connection, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_proxy::http::handler::write_host_header",
-                     ssl_ext_mp_write_host_header, AP_HOOK_NOCTX);
-    return;
-}
-
-static void ssl_ext_mp_unregister(void)
-{
-#ifdef SSL_EXPERIMENTAL_PROXY
-    ap_hook_unregister("ap::mod_proxy::init", ssl_ext_mp_init);
-#endif
-    ap_hook_unregister("ap::mod_proxy::canon", ssl_ext_mp_canon);
-    ap_hook_unregister("ap::mod_proxy::handler", ssl_ext_mp_handler);
-    ap_hook_unregister("ap::mod_proxy::http::handler::set_destport",
-                       ssl_ext_mp_set_destport);
-    ap_hook_unregister("ap::mod_proxy::http::handler::new_connection",
-                       ssl_ext_mp_new_connection);
-    ap_hook_unregister("ap::mod_proxy::http::handler::write_host_header",
-                       ssl_ext_mp_write_host_header);
-    return;
-}
-
-/*
- * SSL proxy initialization
- */
-#ifdef SSL_EXPERIMENTAL_PROXY
-static void ssl_ext_mp_init(server_rec *s, pool *p)
-{
-    SSLSrvConfigRec *sc;
-    char *cpVHostID;
-    int nVerify;
-    SSL_CTX *ctx;
-    char *cp;
-    STACK_OF(X509_INFO) *sk;
-
-    /*
-     * Initialize each virtual server 
-     */
-    ERR_clear_error();
-    for (; s != NULL; s = s->next) {
-        sc = mySrvConfig(s);
-        cpVHostID = ssl_util_vhostid(p, s);
-        
-        if (sc->bProxyVerify == UNSET)
-            sc->bProxyVerify = FALSE;
-
-        /*
-         *  Create new SSL context and configure callbacks
-         */
-        if (sc->nProxyProtocol == SSL_PROTOCOL_NONE) {
-            ssl_log(s, SSL_LOG_ERROR,
-                    "Init: (%s) No Proxy SSL protocols available [hint: SSLProxyProtocol]",
-                    cpVHostID);
-            ssl_die();
-        }
-        cp = ap_pstrcat(p, (sc->nProxyProtocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""), 
-                           (sc->nProxyProtocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""), 
-                           (sc->nProxyProtocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), NULL);
-        cp[strlen(cp)-2] = NUL;
-        ssl_log(s, SSL_LOG_TRACE, 
-                "Init: (%s) Creating new proxy SSL context (protocols: %s)", 
-                cpVHostID, cp);
-        if (sc->nProxyProtocol == SSL_PROTOCOL_SSLV2)
-            ctx = SSL_CTX_new(SSLv2_client_method());  /* only SSLv2 is left */ 
-        else
-            ctx = SSL_CTX_new(SSLv23_client_method()); /* be more flexible */
-        if (ctx == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to create SSL Proxy context", cpVHostID);
-            ssl_die();
-        }
-        sc->pSSLProxyCtx = ctx;
-        SSL_CTX_set_options(ctx, SSL_OP_ALL);
-        if (!(sc->nProxyProtocol & SSL_PROTOCOL_SSLV2))
-            SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-        if (!(sc->nProxyProtocol & SSL_PROTOCOL_SSLV3))
-            SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
-        if (!(sc->nProxyProtocol & SSL_PROTOCOL_TLSV1)) 
-            SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
-
-        if (sc->szProxyClientCertificateFile || sc->szProxyClientCertificatePath) {
-            sk = sk_X509_INFO_new_null();
-            if (sc->szProxyClientCertificateFile) 
-                SSL_load_CrtAndKeyInfo_file(p, sk, sc->szProxyClientCertificateFile);
-            if (sc->szProxyClientCertificatePath)
-                SSL_load_CrtAndKeyInfo_path(p, sk, sc->szProxyClientCertificatePath);
-            ssl_log(s, SSL_LOG_TRACE, "Init: (%s) loaded %d client certs for SSL proxy",
-                    cpVHostID, sk_X509_INFO_num(sk));
-            if (sk_X509_INFO_num(sk) > 0) {
-                SSL_CTX_set_client_cert_cb(ctx, ssl_ext_mp_clientcert_cb);
-                sc->skProxyClientCerts = sk;
-            }
-        }
-
-        /*
-         * Calculate OpenSSL verify type for verifying the remote server
-         * certificate. We either verify it against our list of CA's, or don't
-         * bother at all.
-         */
-        nVerify = SSL_VERIFY_NONE;
-        if (sc->bProxyVerify)
-            nVerify |= SSL_VERIFY_PEER;
-        if (   nVerify & SSL_VERIFY_PEER 
-            && sc->szProxyCACertificateFile == NULL 
-            && sc->szProxyCACertificatePath == NULL) {
-            ssl_log(s, SSL_LOG_ERROR,
-                    "Init: (%s) SSLProxyVerify set to On but no CA certificates configured",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (   nVerify & SSL_VERIFY_NONE
-            && (   sc->szProxyCACertificateFile != NULL
-                || sc->szProxyCACertificatePath != NULL)) {
-            ssl_log(s, SSL_LOG_WARN, 
-                    "init: (%s) CA certificates configured but ignored because SSLProxyVerify is Off",
-                    cpVHostID);
-        }
-        SSL_CTX_set_verify(ctx, nVerify, ssl_ext_mp_verify_cb);
-
-        /*
-         * Enable session caching. We can safely use the same cache
-         * as used for communicating with the other clients.
-         */
-        SSL_CTX_sess_set_new_cb(sc->pSSLProxyCtx,    ssl_callback_NewSessionCacheEntry);
-        SSL_CTX_sess_set_get_cb(sc->pSSLProxyCtx,    ssl_callback_GetSessionCacheEntry);
-        SSL_CTX_sess_set_remove_cb(sc->pSSLProxyCtx, ssl_callback_DelSessionCacheEntry);
-
-        /*
-         *  Configure SSL Cipher Suite
-         */
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring permitted SSL ciphers for SSL proxy", cpVHostID);
-        if (sc->szProxyCipherSuite != NULL) {
-            if (!SSL_CTX_set_cipher_list(sc->pSSLProxyCtx, sc->szProxyCipherSuite)) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: (%s) Unable to configure permitted SSL ciphers for SSL Proxy",
-                        cpVHostID);
-                ssl_die();
-            }
-        }
-
-        /*
-         * Configure Client Authentication details
-         */
-        if (sc->szProxyCACertificateFile != NULL || sc->szProxyCACertificatePath != NULL) {
-             ssl_log(s, SSL_LOG_DEBUG, 
-                     "Init: (%s) Configuring client verification locations for SSL Proxy", 
-                     cpVHostID);
-             if (!SSL_CTX_load_verify_locations(sc->pSSLProxyCtx,
-                                                sc->szProxyCACertificateFile,
-                                                sc->szProxyCACertificatePath)) {
-                 ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
-                         "Init: (%s) Unable to configure SSL verify locations for SSL proxy",
-                         cpVHostID);
-                 ssl_die();
-             }
-        }
-    }
-    return;
-}
-#endif /* SSL_EXPERIMENTAL_PROXY */
-
-static int ssl_ext_mp_canon(request_rec *r, char *url)
-{
-    int rc;
-
-    if (strcEQn(url, "https:", 6)) {
-        rc = OK;
-        ap_hook_call("ap::mod_proxy::http::canon",
-                     &rc, r, url+6, "https", DEFAULT_HTTPS_PORT);
-        return rc;
-    }
-    return DECLINED;
-}
-
-static int ssl_ext_mp_handler(
-    request_rec *r, void *cr, char *url, char *proxyhost, int proxyport, char *protocol)
-{
-    int rc;
-
-    if (strcEQ(protocol, "https")) {
-        ap_ctx_set(r->ctx, "ssl::proxy::enabled", PTRUE);
-        ap_hook_call("ap::mod_proxy::http::handler",
-                     &rc, r, cr, url, proxyhost, proxyport);
-        return rc;
-    }
-    else {
-        ap_ctx_set(r->ctx, "ssl::proxy::enabled", PFALSE);
-    }
-    return DECLINED;
-}
-
-static int ssl_ext_mp_set_destport(request_rec *r)
-{
-    if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PTRUE)
-        return DEFAULT_HTTPS_PORT;
-    else
-        return DEFAULT_HTTP_PORT;
-}
-
-static char *ssl_ext_mp_new_connection(request_rec *r, BUFF *fb,
-    char *peer)
-{
-#ifndef SSL_EXPERIMENTAL_PROXY
-    SSL_CTX *ssl_ctx;
-#endif
-    SSL *ssl;
-    char *errmsg;
-    int rc;
-    char *cpVHostID;
-    char *cpVHostMD5;
-#ifdef SSL_EXPERIMENTAL_PROXY
-    SSLSrvConfigRec *sc;
-    char *cp;
-#endif
-
-    if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PFALSE)
-        return NULL;
-
-    /*
-     * Find context
-     */
-#ifdef SSL_EXPERIMENTAL_PROXY
-    sc = mySrvConfig(r->server);
-#endif
-    cpVHostID = ssl_util_vhostid(r->pool, r->server);
-
-    /*
-     * Create a SSL context and handle
-     */
-#ifdef SSL_EXPERIMENTAL_PROXY
-    ssl = SSL_new(sc->pSSLProxyCtx);
-#else
-    ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-    ssl = SSL_new(ssl_ctx);
-#endif
-    if (ssl == NULL) {
-        errmsg = ap_psprintf(r->pool, "SSL proxy new failed (%s): peer %s: %s",
-                             cpVHostID, peer, ERR_reason_error_string(ERR_get_error()));
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        return errmsg;
-    }
-    SSL_clear(ssl);
-    cpVHostMD5 = ap_md5(r->pool, (unsigned char *)cpVHostID);
-    if (!SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5, strlen(cpVHostMD5))) {
-        errmsg = ap_psprintf(r->pool, "Unable to set session id context to `%s': peer %s: %s",
-                             cpVHostMD5, peer, ERR_reason_error_string(ERR_get_error()));
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        return errmsg;
-    }
-    SSL_set_fd(ssl, fb->fd);
-#ifdef SSL_EXPERIMENTAL_PROXY
-    SSL_set_app_data(ssl, fb->ctx);
-#endif
-    ap_ctx_set(fb->ctx, "ssl", ssl);
-#ifdef SSL_EXPERIMENTAL_PROXY
-    ap_ctx_set(fb->ctx, "ssl::proxy::server_rec", r->server);
-    ap_ctx_set(fb->ctx, "ssl::proxy::peer", peer);
-    ap_ctx_set(fb->ctx, "ssl::proxy::servername", cpVHostID);
-    ap_ctx_set(fb->ctx, "ssl::proxy::verifyerror", NULL);
-#endif
-
-    /*
-     * Give us a chance to gracefully close the connection
-     */
-    ap_register_cleanup(r->pool, (void *)fb,
-                        ssl_ext_mp_close_connection, ssl_ext_mp_close_connection);
-
-    /*
-     * Establish the SSL connection
-     */
-    if ((rc = SSL_connect(ssl)) <= 0) {
-#ifdef SSL_EXPERIMENTAL_PROXY
-        if ((cp = (char *)ap_ctx_get(fb->ctx, "ssl::proxy::verifyerror")) != NULL) {
-            SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); 
-            SSL_smart_shutdown(ssl);
-            SSL_free(ssl);
-            ap_ctx_set(fb->ctx, "ssl", NULL);
-            ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-            return NULL;
-        }
-#endif
-        errmsg = ap_psprintf(r->pool, "SSL proxy connect failed (%s): peer %s: %s",
-                             cpVHostID, peer, ERR_reason_error_string(ERR_get_error()));
-        ssl_log(r->server, SSL_LOG_ERROR, "%s", errmsg);
-        SSL_free(ssl);
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        return errmsg;
-    }
-
-    return NULL;
-}
-
-static void ssl_ext_mp_close_connection(void *_fb)
-{
-    BUFF *fb = _fb;
-    SSL *ssl;
-#ifndef SSL_EXPERIMENTAL_PROXY
-    SSL_CTX *ctx;
-#endif
-
-    ssl = ap_ctx_get(fb->ctx, "ssl");
-    if (ssl != NULL) {
-#ifndef SSL_EXPERIMENTAL_PROXY
-        ctx = SSL_get_SSL_CTX(ssl);
-#endif
-        SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-        SSL_smart_shutdown(ssl);
-        SSL_free(ssl);
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-#ifndef SSL_EXPERIMENTAL_PROXY
-        if (ctx != NULL)
-            SSL_CTX_free(ctx);
-#endif
-    }
-    return;
-}
-
-static int ssl_ext_mp_write_host_header(
-    request_rec *r, BUFF *fb, char *host, char *port, char *portstr)
-{
-    char defport[16];
-
-    if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PFALSE)
-        return DECLINED;
-
-    ap_snprintf(defport, sizeof(defport), "%d", DEFAULT_HTTPS_PORT);
-    if (portstr != NULL && strcmp(portstr, defport)) {
-        ap_bvputs(fb, "Host: ", host, ":", portstr, "\r\n", NULL);
-        return OK;
-    }
-    return DECLINED;
-}
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-
-/* 
- * Callback for client certificate stuff.
- * If the remote site sent us a SSLv3 list of acceptable CA's then trawl the
- * table of client certs and send the first one that matches.
- */
-static int ssl_ext_mp_clientcert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) 
-{
-    SSLSrvConfigRec *sc;
-    X509_NAME *xnx;
-    X509_NAME *issuer;
-    X509_INFO *xi;
-    char *peer;
-    char *servername;
-    server_rec *s;
-    ap_ctx *pCtx;
-    STACK_OF(X509_NAME) *sk;
-    STACK_OF(X509_INFO) *pcerts;
-    char *cp;
-    int i, j;
-    
-    pCtx       = (ap_ctx *)SSL_get_app_data(ssl);
-    s          = ap_ctx_get(pCtx, "ssl::proxy::server_rec");
-    peer       = ap_ctx_get(pCtx, "ssl::proxy::peer");
-    servername = ap_ctx_get(pCtx, "ssl::proxy::servername");
-
-    sc         = mySrvConfig(s);
-    pcerts     = sc->skProxyClientCerts;
-
-    ssl_log(s, SSL_LOG_DEBUG, 
-            "Proxy client certificate callback: (%s) entered", servername);
-
-    if ((pcerts == NULL) || (sk_X509_INFO_num(pcerts) <= 0)) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Proxy client certificate callback: (%s) "
-                "site wanted client certificate but none available", 
-                servername);
-        return 0;
-    }                                                                     
-
-    sk = SSL_get_client_CA_list(ssl);
-
-    if ((sk == NULL) || (sk_X509_NAME_num(sk) <= 0)) {
-        /* 
-         * remote site didn't send us a list of acceptable CA certs, 
-         * so lets send the first one we came across 
-         */   
-        xi = sk_X509_INFO_value(pcerts, 0);
-        cp = X509_NAME_oneline(X509_get_subject_name(xi->x509), NULL, 0);
-        ssl_log(s, SSL_LOG_DEBUG,
-                "SSL Proxy: (%s) no acceptable CA list, sending %s", 
-                servername, cp != NULL ? cp : "-unknown-");
-        OPENSSL_free(cp);
-        /* export structures to the caller */
-        *x509 = xi->x509;
-        *pkey = xi->x_pkey->dec_pkey;
-        /* prevent OpenSSL freeing these structures */
-        CRYPTO_add(&((*x509)->references), +1, CRYPTO_LOCK_X509_PKEY);
-        CRYPTO_add(&((*pkey)->references), +1, CRYPTO_LOCK_X509_PKEY);
-        return 1;
-    }         
-
-    for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-        xnx = sk_X509_NAME_value(sk, i);
-        for (j = 0; j < sk_X509_INFO_num(pcerts); j++) {
-            xi = sk_X509_INFO_value(pcerts,j);
-            issuer = X509_get_issuer_name(xi->x509);
-            if (X509_NAME_cmp(issuer, xnx) == 0) {
-                cp = X509_NAME_oneline(X509_get_subject_name(xi->x509), NULL, 0);
-                ssl_log(s, SSL_LOG_DEBUG, "SSL Proxy: (%s) sending %s", 
-                        servername, cp != NULL ? cp : "-unknown-");
-                OPENSSL_free(cp);
-                /* export structures to the caller */
-                *x509 = xi->x509;
-                *pkey = xi->x_pkey->dec_pkey;
-                /* prevent OpenSSL freeing these structures */
-                CRYPTO_add(&((*x509)->references), +1, CRYPTO_LOCK_X509_PKEY);
-                CRYPTO_add(&((*pkey)->references), +1, CRYPTO_LOCK_X509_PKEY);
-                return 1;
-            }
-        }
-    }
-    ssl_log(s, SSL_LOG_TRACE,
-            "Proxy client certificate callback: (%s) "
-            "no client certificate found!?", servername);
-    return 0; 
-}
-
-/*
- * This is the verify callback when we are connecting to a remote SSL server
- * from the proxy. Information is passed in via the SSL "ctx" app_data
- * mechanism. We pass in an Apache context in this field, which contains
- * server_rec of the server making the proxy connection from the
- * "ssl::proxy::server_rec" context.
- *
- * The result of the verification is passed back out to SSLERR via the return
- * value. We also store the error message in the "proxyverifyfailed" context,
- * so the caller of SSL_connect() can log a detailed error message.
- */
-static int ssl_ext_mp_verify_cb(int ok, X509_STORE_CTX *ctx)
-{
-    SSLSrvConfigRec *sc;
-    X509 *xs;
-    int errnum;
-    int errdepth;
-    char *cp, *cp2;
-    ap_ctx *pCtx;
-    server_rec *s;
-    SSL *ssl;
-    char *peer;
-    char *servername;
-
-    ssl        = (SSL *)X509_STORE_CTX_get_app_data(ctx);
-    pCtx       = (ap_ctx *)SSL_get_app_data(ssl);
-    s          = ap_ctx_get(pCtx, "ssl::proxy::server_rec");
-    peer       = ap_ctx_get(pCtx, "ssl::proxy::peer");
-    servername = ap_ctx_get(pCtx, "ssl::proxy::servername");
-    sc         = mySrvConfig(s);
-
-    /*
-     * Unless stated otherwise by the configuration, we really don't
-     * care if the verification was okay or not, so lets return now
-     * before we do anything involving memory or time.
-     */
-    if (sc->bProxyVerify == FALSE)
-        return ok;
-                     
-    /*
-     * Get verify ingredients
-     */
-    xs       = X509_STORE_CTX_get_current_cert(ctx);
-    errnum   = X509_STORE_CTX_get_error(ctx);
-    errdepth = X509_STORE_CTX_get_error_depth(ctx);
-
-    /* 
-     * Log verification information
-     */
-    cp  = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-    cp2 = X509_NAME_oneline(X509_get_issuer_name(xs),  NULL, 0);
-    ssl_log(s, SSL_LOG_DEBUG,
-            "SSL Proxy: (%s) Certificate Verification for remote server %s: "
-            "depth: %d, subject: %s, issuer: %s", 
-            servername, peer != NULL ? peer : "-unknown-",
-            errdepth, cp != NULL ? cp : "-unknown-", 
-            cp2 != NULL ? cp2 : "-unknown");
-    OPENSSL_free(cp);
-    OPENSSL_free(cp2);
-
-    /*
-     * If we already know it's not ok, log the real reason
-     */
-    if (!ok) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "SSL Proxy: (%s) Certificate Verification failed for %s: "
-                "Error (%d): %s", servername,
-                peer != NULL ? peer : "-unknown-",
-                errnum, X509_verify_cert_error_string(errnum));
-        ap_ctx_set(pCtx, "ssl::proxy::verifyerror", 
-                   (void *)X509_verify_cert_error_string(errnum));
-        return ok;
-    }
-
-    /*
-     * Check the depth of the certificate chain
-     */
-    if (sc->nProxyVerifyDepth > 0) {
-        if (errdepth > sc->nProxyVerifyDepth) {
-            ssl_log(s, SSL_LOG_ERROR,
-                "SSL Proxy: (%s) Certificate Verification failed for %s: "
-                "Certificate Chain too long "
-                "(chain has %d certificates, but maximum allowed are only %d)", 
-                servername, peer, errdepth, sc->nProxyVerifyDepth);
-            ap_ctx_set(pCtx, "ssl::proxy::verifyerror",
-                       (void *)X509_verify_cert_error_string(X509_V_ERR_CERT_CHAIN_TOO_LONG));
-            ok = FALSE;
-        }
-    }
-
-    /*
-     * And finally signal OpenSSL the (perhaps changed) state
-     */
-    return (ok);
-}
-
-#endif /* SSL_EXPERIMENTAL_PROXY */
-
-/*  _________________________________________________________________
-**
-**  SSL Extension to mod_status
-**  _________________________________________________________________
-*/
-
-static void ssl_ext_ms_display(request_rec *, int, int);
-
-static void ssl_ext_ms_register(void)
-{
-    ap_hook_register("ap::mod_status::display", ssl_ext_ms_display, AP_HOOK_NOCTX);
-    return;
-}
-
-static void ssl_ext_ms_unregister(void)
-{
-    ap_hook_unregister("ap::mod_status::display", ssl_ext_ms_display);
-    return;
-}
-
-static void ssl_ext_ms_display_cb(char *str, void *_r)
-{
-    request_rec *r = (request_rec *)_r;
-    if (str != NULL)
-        ap_rputs(str, r);
-    return;
-}
-
-static void ssl_ext_ms_display(request_rec *r, int no_table_report, int short_report)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
-
-    if (sc == NULL)
-        return;
-    if (short_report)
-        return;
-    ap_rputs("<hr>\n", r);
-    ap_rputs("<table cellspacing=0 cellpadding=0>\n", r);
-    ap_rputs("<tr><td bgcolor=\"#000000\">\n", r);
-    ap_rputs("<b><font color=\"#ffffff\" face=\"Arial,Helvetica\">SSL/TLS Session Cache Status:</font></b>\r", r);
-    ap_rputs("</td></tr>\n", r);
-    ap_rputs("<tr><td bgcolor=\"#ffffff\">\n", r);
-    ssl_scache_status(r->server, r->pool, ssl_ext_ms_display_cb, r);
-    ap_rputs("</td></tr>\n", r);
-    ap_rputs("</table>\n", r);
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
deleted file mode 100644
index 282ec56de8b..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
+++ /dev/null
@@ -1,1138 +0,0 @@
-/* $OpenBSD: ssl_engine_init.c,v 1.32 2013/07/16 13:22:55 jsing Exp $ */
-
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_init.c
-**  Initialization of Servers
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* ====================================================================
- * Copyright (c) 1995-1999 Ben Laurie. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * 4. The name "Apache-SSL Server" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission.
- *
- * 5. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * THIS SOFTWARE IS PROVIDED BY BEN LAURIE ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BEN LAURIE OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Recursive, adj.;
-                                  see Recursive.''
-                                        -- Unknown   */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Module Initialization
-**  _________________________________________________________________
-*/
-
-/*
- *  Per-module initialization
- */
-void ssl_init_Module(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSLSrvConfigRec *sc;
-    server_rec *s2;
-    char *cp;
-    int SSLenabled = 0;
-
-    mc->nInitCount++;
-
-    /*
-     * Let us cleanup on restarts and exists
-     */
-    ap_register_cleanup(p, s, ssl_init_ModuleKill, ssl_init_ChildKill);
-
-    /*
-     * Any init round fixes the global config
-     */
-    ssl_config_global_create(); /* just to avoid problems */
-    ssl_config_global_fix();
-
-    /*
-     *  try to fix the configuration and open the dedicated SSL
-     *  logfile as early as possible
-     */
-    for (s2 = s; s2 != NULL; s2 = s2->next) {
-        sc = mySrvConfig(s2);
-
-        /* Fix up stuff that may not have been set */
-        if (sc->bEnabled == UNSET)
-            sc->bEnabled = FALSE;
-        if (sc->nVerifyClient == SSL_CVERIFY_UNSET)
-            sc->nVerifyClient = SSL_CVERIFY_NONE;
-        if (sc->nVerifyDepth == UNSET)
-            sc->nVerifyDepth = 1;
-#ifdef SSL_EXPERIMENTAL_PROXY
-        if (sc->nProxyVerifyDepth == UNSET)
-            sc->nProxyVerifyDepth = 1;
-#endif
-        if (sc->nSessionCacheTimeout == UNSET)
-            sc->nSessionCacheTimeout = SSL_SESSION_CACHE_TIMEOUT;
-        if (sc->nPassPhraseDialogType == SSL_PPTYPE_UNSET)
-            sc->nPassPhraseDialogType = SSL_PPTYPE_BUILTIN;
-
-        /* Open the dedicated SSL logfile */
-        if (!ap_server_is_chrooted())
-            ssl_log_open(s, s2, p);
-    }
-
-    /*
-     * Identification
-     */
-    if (mc->nInitCount == 1) {
-        ssl_log(s, SSL_LOG_INFO, "Server: %s, Interface: %s, Library: %s",
-                SERVER_BASEVERSION,
-                ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_INTERFACE"),
-                ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_LIBRARY"));
-    }
-
-    /*
-     * Initialization round information
-     */
-    if (mc->nInitCount == 1)
-        ssl_log(s, SSL_LOG_INFO, "Init: 1st startup round (still not detached)");
-    else if (mc->nInitCount == 2)
-        ssl_log(s, SSL_LOG_INFO, "Init: 2nd startup round (already detached)");
-    else
-        ssl_log(s, SSL_LOG_INFO, "Init: %d%s restart round (already detached)",
-                mc->nInitCount-2, (mc->nInitCount-2) == 1 ? "st" : "nd");
-
-#ifdef SSL_VENDOR
-    ap_hook_use("ap::mod_ssl::vendor::init_module",
-                AP_HOOK_SIG3(void,ptr,ptr), AP_HOOK_ALL, s, p);
-#endif
-
-    /*
-     *  The initialization phase inside the Apache API is totally bogus.
-     *  We actually have three non-trivial problems:
-     *
-     *  1. Under Unix the API does a 2-round initialization of modules while
-     *     under Win32 it doesn't. This means we have to make sure that at
-     *     least the pass phrase dialog doesn't occur twice.  We overcome this
-     *     problem by using a counter (mc->nInitCount) which has to
-     *     survive the init rounds.
-     *
-     *  2. Between the first and the second round Apache detaches from
-     *     the terminal under Unix. This means that our pass phrase dialog
-     *     _has_ to be done in the first round and _cannot_ be done in the
-     *     second round.
-     *
-     *  3. When Dynamic Shared Object (DSO) mechanism is used under Unix the
-     *     module segment (code & data) gets unloaded and re-loaded between
-     *     the first and the second round. This means no global data survives
-     *     between first and the second init round. We overcome this by using
-     *     an entry ("ssl_module") inside the ap_global_ctx.
-     *
-     *  The situation as a table:
-     *
-     *  Unix/static Unix/DSO          Win32     Action Required
-     *              (-DSHARED_MODULE) (-DWIN32)
-     *  ----------- ----------------- --------- -----------------------------------
-     *  -           load module       -         -
-     *  init        init              init      SSL library init, Pass Phrase Dialog
-     *  detach      detach            -         -
-     *  -           reload module     -         -
-     *  init        init              -         SSL library init, mod_ssl init
-     *
-     *  Ok, now try to solve this totally ugly situation...
-     */
-
-#ifdef SHARED_MODULE
-    ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
-            mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    ssl_init_Engine(s, p);
-#endif
-    ssl_init_SSLLibrary();
-#else
-    if (mc->nInitCount <= 2) {
-        ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
-                mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
-#ifdef SSL_EXPERIMENTAL_ENGINE
-        ssl_init_Engine(s, p);
-#endif
-        ssl_init_SSLLibrary();
-    }
-#endif
-    if (mc->nInitCount == 1) {
-        ssl_pphrase_Handle(s, p);
-        return;
-    }
-
-    for (s2 = s; s2 != NULL; s2 = s2->next) {
-        sc = mySrvConfig(s2);
-       /* find out if anyone's actually doing SSL */
-        if (sc->bEnabled)
-            SSLenabled = 1;
-    }
-    if (SSLenabled) /* skip expensive bits if we're not doing SSL */
-      ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p);
-
-    /*
-     * SSL external crypto device ("engine") support
-     */
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    ssl_init_Engine(s, p);
-#endif
-
-    /*
-     * Warn the user that he should use the session cache.
-     * But we can operate without it, of course.
-     */
-    if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) {
-        ssl_log(s, SSL_LOG_WARN,
-                "Init: Session Cache is not configured [hint: SSLSessionCache]");
-        mc->nSessionCacheMode = SSL_SCMODE_NONE;
-    }
-
-    /*
-     *  initialize the mutex handling and session caching
-     */
-    ssl_mutex_init(s, p);
-    ssl_scache_init(s, p);
-
-    /*
-     * Seed the Pseudo Random Number Generator (PRNG)
-     */
-    ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
-
-    /*
-     *  allocate the temporary RSA keys and DH params
-     */
-    if (SSLenabled)  /* skip expensive bits if we're not doing SSL */
-	ssl_init_TmpKeysHandle(SSL_TKP_ALLOC, s, p);
-
-    /*
-     *  initialize servers
-     */
-    ssl_log(s, SSL_LOG_INFO, "Init: Initializing (virtual) servers for SSL");
-    for (s2 = s; s2 != NULL; s2 = s2->next) {
-        sc = mySrvConfig(s2);
-        /*
-         * Either now skip this server when SSL is disabled for
-         * it or give out some information about what we're
-         * configuring.
-         */
-        if (!sc->bEnabled)
-            continue;
-        ssl_log(s2, SSL_LOG_INFO,
-                "Init: Configuring server %s for SSL protocol",
-                ssl_util_vhostid(p, s2));
-
-        /*
-         * Read the server certificate and key
-         */
-        ssl_init_ConfigureServer(s2, p, sc);
-    }
-
-    /*
-     * Configuration consistency checks
-     */
-    ssl_init_CheckServers(s, p);
-
-    /*
-     *  Announce mod_ssl and SSL library in HTTP Server field
-     *  as ``mod_ssl/X.X.X OpenSSL/X.X.X''
-     */
-    if ((cp = ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_PRODUCT")) != NULL && cp[0] != NUL)
-        ap_add_version_component(cp);
-    ap_add_version_component(ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_INTERFACE"));
-    ap_add_version_component(ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_LIBRARY"));
-
-    return;
-}
-
-/*
- *  Initialize SSL library (also already needed for the pass phrase dialog)
- */
-void ssl_init_SSLLibrary(void)
-{
-    SSL_load_error_strings();
-    SSL_library_init();
-    ssl_util_thread_setup();
-    X509V3_add_standard_extensions();
-    return;
-}
-
-/*
- * Support for external a Crypto Device ("engine"), usually
- * a hardware accellerator card for crypto operations.
- */
-#ifdef SSL_EXPERIMENTAL_ENGINE
-void ssl_init_Engine(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    ENGINE *e;
-
-    if (mc->szCryptoDevice != NULL) {
-        if ((e = ENGINE_by_id(mc->szCryptoDevice)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load Crypto Device API `%s'",
-                    mc->szCryptoDevice);
-            ssl_die();
-        }
-        if (strEQ(mc->szCryptoDevice, "chil")) 
-            ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
-        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
-            ssl_log(s, SSL_LOG_ERROR, "Init: Failed to enable Crypto Device API `%s'",
-                    mc->szCryptoDevice);
-            ssl_die();
-        }
-        ENGINE_free(e);
-    }
-    return;
-}
-#endif
-
-/*
- * Handle the Temporary RSA Keys and DH Params
- */
-void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    ssl_asn1_t *asn1;
-    unsigned char *ucp;
-    RSA *rsa;
-    DH *dh;
-
-    /* Generate Keys and Params */
-    if (action == SSL_TKP_GEN) {
-
-        /* seed PRNG */
-        ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
-
-        /* generate 512 bit RSA key */
-        ssl_log(s, SSL_LOG_INFO, "Init: Generating temporary RSA private keys (512/1024 bits)");
-        if ((rsa = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
-                    "Init: Failed to generate temporary 512 bit RSA private key");
-            ssl_die();
-        }
-        asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:512");
-        asn1->nData  = i2d_RSAPrivateKey(rsa, NULL);
-        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-        ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
-        RSA_free(rsa);
-
-        /* generate 1024 bit RSA key */
-        if ((rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
-                    "Init: Failed to generate temporary 1024 bit RSA private key");
-            ssl_die();
-        }
-        asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:1024");
-        asn1->nData  = i2d_RSAPrivateKey(rsa, NULL);
-        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-        ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
-        RSA_free(rsa);
-
-        ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)");
-
-        /* import 512 bit DH param */
-        if ((dh = ssl_dh_GetTmpParam(512)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR, "Init: Failed to import temporary 512 bit DH parameters");
-            ssl_die();
-        }
-        asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "DH:512");
-        asn1->nData  = i2d_DHparams(dh, NULL);
-        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-        ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */
-        DH_free(dh);
-
-        /* import 1024 bit DH param */
-        if ((dh = ssl_dh_GetTmpParam(1024)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR, "Init: Failed to import temporary 1024 bit DH parameters");
-            ssl_die();
-        }
-        asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "DH:1024");
-        asn1->nData  = i2d_DHparams(dh, NULL);
-        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-        ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */
-        DH_free(dh);
-    }
-
-    /* Allocate Keys and Params */
-    else if (action == SSL_TKP_ALLOC) {
-
-        ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary RSA private keys (512/1024 bits)");
-
-        /* allocate 512 bit RSA key */
-        if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "RSA:512")) != NULL) {
-            ucp = asn1->cpData;
-            if ((mc->pTmpKeys[SSL_TKPIDX_RSA512] = 
-                 (void *)d2i_RSAPrivateKey(NULL, (const unsigned char **)&ucp, asn1->nData)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 512 bit RSA private key");
-                ssl_die();
-            }
-	    if (RSA_blinding_on ((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512], NULL) != 1) {
-		ssl_log(s, SSL_LOG_ERROR, "Init: Failed to add blinding for temporary 512 bit RSA private key");
-                ssl_die();
-	    }
-        }
-
-        /* allocate 1024 bit RSA key */
-        if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "RSA:1024")) != NULL) {
-            ucp = asn1->cpData;
-            if ((mc->pTmpKeys[SSL_TKPIDX_RSA1024] = 
-                 (void *)d2i_RSAPrivateKey(NULL, (const unsigned char **)&ucp, asn1->nData)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 1024 bit RSA private key");
-                ssl_die();
-            }
-	    if (RSA_blinding_on ((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024], NULL) != 1) {
-		ssl_log(s, SSL_LOG_ERROR, "Init: Failed to add blinding for temporary 1024 bit RSA private key");
-                ssl_die();
-	    }
-        }
-
-        ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)");
-
-        /* allocate 512 bit DH param */
-        if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "DH:512")) != NULL) {
-            ucp = asn1->cpData;
-            if ((mc->pTmpKeys[SSL_TKPIDX_DH512] = 
-                 (void *)d2i_DHparams(NULL, (const unsigned char **)&ucp, asn1->nData)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 512 bit DH parameters");
-                ssl_die();
-            }
-        }
-
-        /* allocate 1024 bit DH param */
-        if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "DH:1024")) != NULL) {
-            ucp = asn1->cpData;
-            if ((mc->pTmpKeys[SSL_TKPIDX_DH1024] = 
-                 (void *)d2i_DHparams(NULL, (const unsigned char **)&ucp, asn1->nData)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 1024 bit DH parameters");
-                ssl_die();
-            }
-        }
-    }
-
-    /* Free Keys and Params */
-    else if (action == SSL_TKP_FREE) {
-        if (mc->pTmpKeys[SSL_TKPIDX_RSA512] != NULL) {
-            RSA_free((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512]);
-            mc->pTmpKeys[SSL_TKPIDX_RSA512] = NULL;
-        }
-        if (mc->pTmpKeys[SSL_TKPIDX_RSA1024] != NULL) {
-            RSA_free((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024]);
-            mc->pTmpKeys[SSL_TKPIDX_RSA1024] = NULL;
-        }
-        if (mc->pTmpKeys[SSL_TKPIDX_DH512] != NULL) {
-            DH_free((DH *)mc->pTmpKeys[SSL_TKPIDX_DH512]);
-            mc->pTmpKeys[SSL_TKPIDX_DH512] = NULL;
-        }
-        if (mc->pTmpKeys[SSL_TKPIDX_DH1024] != NULL) {
-            DH_free((DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024]);
-            mc->pTmpKeys[SSL_TKPIDX_DH1024] = NULL;
-        }
-    }
-    return;
-}
-
-/*
- * Configure a particular server
- */
-void ssl_init_ConfigureServer(server_rec *s, pool *p, SSLSrvConfigRec *sc)
-{
-    SSLModConfigRec *mc = myModConfig();
-    int nVerify;
-    char *cpVHostID;
-    EVP_PKEY *pKey;
-    SSL_CTX *ctx;
-    EC_KEY *ecdhKey;
-    STACK_OF(X509_NAME) *skCAList;
-    ssl_asn1_t *asn1;
-    unsigned char *ucp;
-    char *cp;
-    BOOL ok;
-    BOOL bSkipFirst;
-    int isca, pathlen;
-    int i, n;
-
-    /*
-     * Create the server host:port string because we need it a lot
-     */
-    cpVHostID = ssl_util_vhostid(p, s);
-
-    /*
-     * Now check for important parameters and the
-     * possibility that the user forgot to set them.
-     */
-    if (sc->szPublicCertFile[0] == NULL) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) No SSL Certificate set [hint: SSLCertificateFile]",
-                cpVHostID);
-        ssl_die();
-    }
-
-    /*
-     *  Check for problematic re-initializations
-     */
-    if (sc->pPublicCert[SSL_AIDX_RSA] != NULL ||
-        sc->pPublicCert[SSL_AIDX_DSA] != NULL   ) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) Illegal attempt to re-initialise SSL for server "
-                "(theoretically shouldn't happen!)", cpVHostID);
-        ssl_die();
-    }
-
-    /*
-     *  Create the new per-server SSL context
-     */
-    if (sc->nProtocol == SSL_PROTOCOL_NONE) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) No SSL protocols available [hint: SSLProtocol]",
-                cpVHostID);
-        ssl_die();
-    }
-    cp = ap_pstrcat(p, (sc->nProtocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""),
-                       (sc->nProtocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),
-                       (sc->nProtocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), NULL);
-    cp[strlen(cp)-2] = NUL;
-    ssl_log(s, SSL_LOG_TRACE,
-            "Init: (%s) Creating new SSL context (protocols: %s)", cpVHostID, cp);
-    ctx = SSL_CTX_new(SSLv23_server_method());
-    SSL_CTX_set_options(ctx, SSL_OP_ALL);
-    if (!(sc->nProtocol & SSL_PROTOCOL_SSLV2))
-        SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-    if (!(sc->nProtocol & SSL_PROTOCOL_SSLV3))
-        SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
-    if (!(sc->nProtocol & SSL_PROTOCOL_TLSV1))
-        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
-    if (sc->bCompression == FALSE)
-        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
-    if (sc->bHonorCipherOrder == TRUE)
-    	SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
-    SSL_CTX_set_app_data(ctx, s);
-    sc->pSSLCtx = ctx;
-
-    /*
-     * Configure additional context ingredients
-     */
-    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-    if (mc->nSessionCacheMode == SSL_SCMODE_NONE)
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
-    else
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
-
-    /*
-     * Disallow a session from being resumed during a renegotiation,
-     * so that an acceptable cipher suite can be negotiated.
-     */
-    SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-
-    /*
-     *  Configure callbacks for SSL context
-     */
-    nVerify = SSL_VERIFY_NONE;
-    if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE)
-        nVerify |= SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-    if (   (sc->nVerifyClient == SSL_CVERIFY_OPTIONAL)
-        || (sc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) )
-        nVerify |= SSL_VERIFY_PEER;
-    SSL_CTX_set_verify(ctx, nVerify,  ssl_callback_SSLVerify);
-    SSL_CTX_sess_set_new_cb(ctx,      ssl_callback_NewSessionCacheEntry);
-    SSL_CTX_sess_set_get_cb(ctx,      ssl_callback_GetSessionCacheEntry);
-    SSL_CTX_sess_set_remove_cb(ctx,   ssl_callback_DelSessionCacheEntry);
-    SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
-    SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
-    SSL_CTX_set_info_callback(ctx,    ssl_callback_LogTracingState);
-
-    /*
-     *  Configure SSL Cipher Suite
-     */
-    if (sc->szCipherSuite != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring permitted SSL ciphers [%s]", 
-                cpVHostID, sc->szCipherSuite);
-        if (!SSL_CTX_set_cipher_list(ctx, sc->szCipherSuite)) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure permitted SSL ciphers",
-                    cpVHostID);
-            ssl_die();
-        }
-    }
-
-    /*
-     *  Configure ECDH Curve
-     */
-    if (sc->nECDHCurve > 0) {
-        ecdhKey = EC_KEY_new_by_curve_name(sc->nECDHCurve);
-        if (ecdhKey == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Failed to create new EC key using named curve",
-                    cpVHostID);
-            ssl_die();
-        }
-        SSL_CTX_set_tmp_ecdh(ctx, ecdhKey);
-        SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
-        EC_KEY_free(ecdhKey);
-    }
-
-    /*
-     * Configure Client Authentication details
-     */
-    if (sc->szCACertificateFile != NULL || sc->szCACertificatePath != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring client authentication", cpVHostID);
-        if (!SSL_CTX_load_verify_locations(ctx,
-                                           sc->szCACertificateFile,
-                                           sc->szCACertificatePath)) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure verify locations "
-                    "for client authentication", cpVHostID);
-            ssl_die();
-        }
-        if ((skCAList = ssl_init_FindCAList(s, p, sc->szCACertificateFile,
-                                            sc->szCACertificatePath)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR,
-                    "Init: (%s) Unable to determine list of available "
-                    "CA certificates for client authentication", cpVHostID);
-            ssl_die();
-        }
-        SSL_CTX_set_client_CA_list(sc->pSSLCtx, skCAList);
-    }
-
-    /*
-     * Configure Certificate Revocation List (CRL) Details
-     */
-    if (sc->szCARevocationFile != NULL || sc->szCARevocationPath != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring certificate revocation facility", cpVHostID);
-        if ((sc->pRevocationStore =
-                SSL_X509_STORE_create(sc->szCARevocationFile,
-                                      sc->szCARevocationPath)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure X.509 CRL storage "
-                    "for certificate revocation", cpVHostID);
-            ssl_die();
-        }
-    }
-
-    /*
-     * Give a warning when no CAs were configured but client authentication
-     * should take place. This cannot work.
-     */
-    if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE) {
-        skCAList = SSL_CTX_get_client_CA_list(ctx);
-        if (sk_X509_NAME_num(skCAList) == 0)
-            ssl_log(s, SSL_LOG_WARN,
-                    "Init: Ops, you want to request client authentication, "
-                    "but no CAs are known for verification!? "
-                    "[Hint: SSLCACertificate*]");
-    }
-
-    /*
-     *  Configure server certificate(s)
-     */
-    ok = FALSE;
-    cp = ap_psprintf(p, "%s:RSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPublicCert, cp)) != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring RSA server certificate", cpVHostID);
-        ucp = asn1->cpData;
-        if ((sc->pPublicCert[SSL_AIDX_RSA] = d2i_X509(NULL, &ucp, asn1->nData)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to import RSA server certificate",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (SSL_CTX_use_certificate(ctx, sc->pPublicCert[SSL_AIDX_RSA]) <= 0) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure RSA server certificate",
-                    cpVHostID);
-            ssl_die();
-        }
-        ok = TRUE;
-    }
-    cp = ap_psprintf(p, "%s:DSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPublicCert, cp)) != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring DSA server certificate", cpVHostID);
-        ucp = asn1->cpData;
-        if ((sc->pPublicCert[SSL_AIDX_DSA] = d2i_X509(NULL, &ucp, asn1->nData)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to import DSA server certificate",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (SSL_CTX_use_certificate(ctx, sc->pPublicCert[SSL_AIDX_DSA]) <= 0) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure DSA server certificate",
-                    cpVHostID);
-            ssl_die();
-        }
-        ok = TRUE;
-    }
-    if (!ok) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) Ops, no RSA or DSA server certificate found?!", cpVHostID);
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) You have to perform a *full* server restart when you added or removed a certificate and/or key file", cpVHostID);
-        ssl_die();
-    }
-
-    /*
-     * Some information about the certificate(s)
-     */
-    for (i = 0; i < SSL_AIDX_MAX; i++) {
-        if (sc->pPublicCert[i] != NULL) {
-            if (SSL_X509_isSGC(sc->pPublicCert[i])) {
-                ssl_log(s, SSL_LOG_INFO,
-                        "Init: (%s) %s server certificate enables "
-                        "Server Gated Cryptography (SGC)", 
-                        cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"));
-            }
-            if (SSL_X509_getBC(sc->pPublicCert[i], &isca, &pathlen)) {
-                if (isca)
-                    ssl_log(s, SSL_LOG_WARN,
-                        "Init: (%s) %s server certificate is a CA certificate "
-                        "(BasicConstraints: CA == TRUE !?)",
-                        cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"));
-                if (pathlen > 0)
-                    ssl_log(s, SSL_LOG_WARN,
-                        "Init: (%s) %s server certificate is not a leaf certificate "
-                        "(BasicConstraints: pathlen == %d > 0 !?)",
-                        cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), pathlen);
-            }
-            if (SSL_X509_getCN(p, sc->pPublicCert[i], &cp)) {
-                if (ap_is_fnmatch(cp) &&
-                    ap_fnmatch(cp, s->server_hostname, 
-                               FNM_PERIOD|FNM_CASE_BLIND) == FNM_NOMATCH) {
-                    ssl_log(s, SSL_LOG_WARN,
-                        "Init: (%s) %s server certificate wildcard CommonName (CN) `%s' "
-                        "does NOT match server name!?", cpVHostID, 
-                        (i == SSL_AIDX_RSA ? "RSA" : "DSA"), cp);
-                }
-                else if (strNE(s->server_hostname, cp)) {
-                    ssl_log(s, SSL_LOG_WARN,
-                        "Init: (%s) %s server certificate CommonName (CN) `%s' "
-                        "does NOT match server name!?", cpVHostID, 
-                        (i == SSL_AIDX_RSA ? "RSA" : "DSA"), cp);
-                }
-            }
-        }
-    }
-
-    /*
-     *  Configure server private key(s)
-     */
-    ok = FALSE;
-    cp = ap_psprintf(p, "%s:RSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring RSA server private key", cpVHostID);
-        ucp = asn1->cpData;
-        if ((sc->pPrivateKey[SSL_AIDX_RSA] = 
-             d2i_PrivateKey(EVP_PKEY_RSA, NULL, &ucp, asn1->nData)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to import RSA server private key",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (!RSA_blinding_on(sc->pPrivateKey[SSL_AIDX_RSA]->pkey.rsa, NULL)) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to enable RSA blinding (probably PRNG failure)",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_RSA]) <= 0) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure RSA server private key",
-                    cpVHostID);
-            ssl_die();
-        }
-        ok = TRUE;
-    }
-    cp = ap_psprintf(p, "%s:DSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring DSA server private key", cpVHostID);
-        ucp = asn1->cpData;
-        if ((sc->pPrivateKey[SSL_AIDX_DSA] = 
-             d2i_PrivateKey(EVP_PKEY_DSA, NULL, &ucp, asn1->nData)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to import DSA server private key",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_DSA]) <= 0) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure DSA server private key",
-                    cpVHostID);
-            ssl_die();
-        }
-        ok = TRUE;
-    }
-    if (!ok) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) Ops, no RSA or DSA server private key found?!", cpVHostID);
-        ssl_die();
-    }
-
-    /*
-     * Optionally copy DSA parameters for certificate from private key
-     * (see http://www.psy.uq.edu.au/~ftp/Crypto/ssleay/TODO.html)
-     */
-    if (   sc->pPublicCert[SSL_AIDX_DSA] != NULL
-        && sc->pPrivateKey[SSL_AIDX_DSA] != NULL) {
-        pKey = X509_get_pubkey(sc->pPublicCert[SSL_AIDX_DSA]);
-        if (   pKey != NULL
-            && EVP_PKEY_type(pKey->type) == EVP_PKEY_DSA 
-            && EVP_PKEY_missing_parameters(pKey))
-            EVP_PKEY_copy_parameters(pKey, sc->pPrivateKey[SSL_AIDX_DSA]);
-    }
-
-    /* 
-     * Optionally configure extra server certificate chain certificates.
-     * This is usually done by OpenSSL automatically when one of the
-     * server cert issuers are found under SSLCACertificatePath or in
-     * SSLCACertificateFile. But because these are intended for client
-     * authentication it can conflict. For instance when you use a
-     * Global ID server certificate you've to send out the intermediate
-     * CA certificate, too. When you would just configure this with
-     * SSLCACertificateFile and also use client authentication mod_ssl
-     * would accept all clients also issued by this CA. Obviously this
-     * isn't what we want in this situation. So this feature here exists
-     * to allow one to explicity configure CA certificates which are
-     * used only for the server certificate chain.
-     */
-    if (sc->szCertificateChain != NULL) {
-        bSkipFirst = FALSE;
-        for (i = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) {
-            if (strEQ(sc->szPublicCertFile[i], sc->szCertificateChain)) {
-                bSkipFirst = TRUE;
-                break;
-            }
-        }
-        if ((n = SSL_CTX_use_certificate_chain(ctx, sc->szCertificateChain, 
-                                               bSkipFirst, NULL)) < 0) {
-            ssl_log(s, SSL_LOG_ERROR,
-                    "Init: (%s) Failed to configure CA certificate chain!", cpVHostID);
-            ssl_die();
-        }
-        ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring "
-                "server certificate chain (%d CA certificate%s)", cpVHostID,
-                n, n == 1 ? "" : "s");
-    }
-
-#ifdef SSL_VENDOR
-    ap_hook_use("ap::mod_ssl::vendor::configure_server",
-                AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_ALL, 
-                s, p, sc);
-#endif
-
-    return;
-}
-
-void ssl_init_CheckServers(server_rec *sm, pool *p)
-{
-    server_rec *s;
-    server_rec **ps;
-    SSLSrvConfigRec *sc;
-    ssl_ds_table *t;
-    pool *sp;
-    char *key;
-    BOOL bConflict;
-
-    /*
-     * Give out warnings when a server has HTTPS configured 
-     * for the HTTP port or vice versa
-     */
-    for (s = sm; s != NULL; s = s->next) {
-        sc = mySrvConfig(s);
-        if (sc->bEnabled && s->port == DEFAULT_HTTP_PORT)
-            ssl_log(sm, SSL_LOG_WARN,
-                    "Init: (%s) You configured HTTPS(%d) on the standard HTTP(%d) port!",
-                    ssl_util_vhostid(p, s), DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
-        if (!sc->bEnabled && s->port == DEFAULT_HTTPS_PORT)
-            ssl_log(sm, SSL_LOG_WARN,
-                    "Init: (%s) You configured HTTP(%d) on the standard HTTPS(%d) port!",
-                    ssl_util_vhostid(p, s), DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
-    }
-
-    /*
-     * Give out warnings if more than one SSL-aware virtual server uses the
-     * same IP:port. This doesn't work because mod_ssl then will always use
-     * just the certificate/keys of one virtual host (which one cannot be said
-     * easily - but that doesn't matter here).
-     */
-    sp = ap_make_sub_pool(p);
-    t = ssl_ds_table_make(sp, sizeof(server_rec *));
-    bConflict = FALSE;
-    for (s = sm; s != NULL; s = s->next) {
-        sc = mySrvConfig(s);
-        if (!sc->bEnabled)
-            continue;
-        if (s->addrs == NULL)
-            continue;
-        key = ap_psprintf(sp, "%pA:%u", &s->addrs->host_addr, s->addrs->host_port);
-        ps = ssl_ds_table_get(t, key);
-        if (ps != NULL) {
-            ssl_log(sm, SSL_LOG_WARN,
-                    "Init: SSL server IP/port conflict: %s (%s:%d) vs. %s (%s:%d)",
-                    ssl_util_vhostid(p, s), 
-                    (s->defn_name != NULL ? s->defn_name : "unknown"),
-                    s->defn_line_number,
-                    ssl_util_vhostid(p, *ps),
-                    ((*ps)->defn_name != NULL ? (*ps)->defn_name : "unknown"), 
-                    (*ps)->defn_line_number);
-            bConflict = TRUE;
-            continue;
-        }
-        ps = ssl_ds_table_push(t, key);
-        *ps = s;
-    }
-    ssl_ds_table_kill(t);
-    ap_destroy_pool(sp);
-    if (bConflict)
-        ssl_log(sm, SSL_LOG_WARN,
-                "Init: You should not use name-based virtual hosts in conjunction with SSL!!");
-
-    return;
-}
-
-static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b)
-{
-    return(X509_NAME_cmp(*a, *b));
-}
-
-STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, pool *pp, char *cpCAfile, char *cpCApath)
-{
-    STACK_OF(X509_NAME) *skCAList;
-    STACK_OF(X509_NAME) *sk;
-    DIR *dir;
-    struct DIR_TYPE *direntry;
-    char *cp;
-    pool *p;
-    int n;
-    char buf[256];
-
-    /*
-     * Use a subpool so we don't bloat up the server pool which
-     * is remains in memory for the complete operation time of
-     * the server.
-     */
-    p = ap_make_sub_pool(pp);
-
-    /*
-     * Start with a empty stack/list where new
-     * entries get added in sorted order.
-     */
-    skCAList = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);
-
-    /*
-     * Process CA certificate bundle file
-     */
-    if (cpCAfile != NULL) {
-        sk = SSL_load_client_CA_file(cpCAfile);
-        for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
-            X509_NAME *name = sk_X509_NAME_value(sk, n);
-            ssl_log(s, SSL_LOG_TRACE,
-                    "CA certificate: %s",
-                    X509_NAME_oneline(name, buf, sizeof(buf)));
-            if (sk_X509_NAME_find(skCAList, name) < 0)
-                sk_X509_NAME_push(skCAList, name); /* will be freed when skCAList is */
-            else
-                X509_NAME_free(name);
-        }
-        sk_X509_NAME_free(sk);
-    }
-
-    /*
-     * Process CA certificate path files
-     */
-    if (cpCApath != NULL) {
-        dir = ap_popendir(p, cpCApath);
-        while ((direntry = readdir(dir)) != NULL) {
-            cp = ap_pstrcat(p, cpCApath, "/", direntry->d_name, NULL);
-            sk = SSL_load_client_CA_file(cp);
-            for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
-                X509_NAME *name = sk_X509_NAME_value(sk, n);
-                ssl_log(s, SSL_LOG_TRACE,
-                        "CA certificate: %s",
-                        X509_NAME_oneline(name, buf, sizeof(buf)));
-                if (sk_X509_NAME_find(skCAList, name) < 0)
-                    sk_X509_NAME_push(skCAList, name);
-                else
-                    X509_NAME_free(name);
-            }
-            sk_X509_NAME_free(sk);
-        }
-        ap_pclosedir(p, dir);
-    }
-
-    /*
-     * Cleanup
-     */
-    sk_X509_NAME_set_cmp_func(skCAList, NULL);
-    ap_destroy_pool(p);
-
-    return skCAList;
-}
-
-void ssl_init_Child(server_rec *s, pool *p)
-{
-     /* open the mutex lockfile */
-     ssl_mutex_reinit(s, p);
-     return;
-}
-
-void ssl_init_ChildKill(void *data)
-{
-    /* currently nothing to do */
-    return;
-}
-
-void ssl_init_ModuleKill(void *data)
-{
-    SSLSrvConfigRec *sc;
-    server_rec *s = (server_rec *)data;
-
-    /*
-     * Drop the session cache and mutex
-     */
-    ssl_scache_kill(s);
-    ssl_mutex_kill(s);
-
-    /* 
-     * Destroy the temporary keys and params
-     */
-    ssl_init_TmpKeysHandle(SSL_TKP_FREE, s, NULL);
-
-    /*
-     * Free the non-pool allocated structures
-     * in the per-server configurations
-     */
-    for (; s != NULL; s = s->next) {
-        sc = mySrvConfig(s);
-        if (sc->pRevocationStore != NULL) {
-            X509_STORE_free(sc->pRevocationStore);
-            sc->pRevocationStore = NULL;
-        }
-        if (sc->pPublicCert[SSL_AIDX_RSA] != NULL) {
-            X509_free(sc->pPublicCert[SSL_AIDX_RSA]);
-            sc->pPublicCert[SSL_AIDX_RSA] = NULL;
-        }
-        if (sc->pPublicCert[SSL_AIDX_DSA] != NULL) {
-            X509_free(sc->pPublicCert[SSL_AIDX_DSA]);
-            sc->pPublicCert[SSL_AIDX_DSA] = NULL;
-        }
-        if (sc->pPrivateKey[SSL_AIDX_RSA] != NULL) {
-            EVP_PKEY_free(sc->pPrivateKey[SSL_AIDX_RSA]);
-            sc->pPrivateKey[SSL_AIDX_RSA] = NULL;
-        }
-        if (sc->pPrivateKey[SSL_AIDX_DSA] != NULL) {
-            EVP_PKEY_free(sc->pPrivateKey[SSL_AIDX_DSA]);
-            sc->pPrivateKey[SSL_AIDX_DSA] = NULL;
-        }
-        if (sc->pSSLCtx != NULL) {
-            SSL_CTX_free(sc->pSSLCtx);
-            sc->pSSLCtx = NULL;
-        }
-    }
-
-    /*
-     * Try to kill the internals of the SSL library.
-     */
-#ifdef SHARED_MODULE
-    ERR_free_strings();
-    ERR_remove_state(0);
-    EVP_cleanup();
-#endif
-
-    ssl_util_thread_cleanup();
-
-    return;
-}
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c
deleted file mode 100644
index 3d6fcc467ab..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c
+++ /dev/null
@@ -1,545 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_io.c
-**  I/O Functions
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``MY HACK: This universe.
-                                  Just one little problem:
-                                  core keeps dumping.''
-                                            -- Unknown    */
-#include "mod_ssl.h"
-
-/*  _________________________________________________________________
-**
-**  I/O Request Body Sucking and Re-Injection
-**  _________________________________________________________________
-*/
-
-#ifndef SSL_CONSERVATIVE
-
-/*
- * Background:
- *
- * 1. When the client sends a HTTP/HTTPS request, Apache's core code
- * reads only the request line ("METHOD /path HTTP/x.y") and the
- * attached MIME headers ("Foo: bar") up to the terminating line ("CR
- * LF"). An attached request body (for instance the data of a POST
- * method) is _NOT_ read. Instead it is read by mod_cgi's content
- * handler and directly passed to the CGI script.
- *
- * 2. mod_ssl supports per-directory re-configuration of SSL parameters.
- * This is implemented by performing an SSL renegotiation of the
- * re-configured parameters after the request is read, but before the
- * response is sent. In more detail: the renegotiation happens after the
- * request line and MIME headers were read, but _before_ the attached
- * request body is read. The reason simply is that in the HTTP protocol
- * usually there is no acknowledgment step between the headers and the
- * body (there is the 100-continue feature and the chunking facility
- * only), so Apache has no API hook for this step.
- *
- * 3. the problem now occurs when the client sends a POST request for
- * URL /foo via HTTPS the server and the server has SSL parameters
- * re-configured on a per-URL basis for /foo. Then mod_ssl has to
- * perform an SSL renegotiation after the request was read and before
- * the response is sent. But the problem is the pending POST body data
- * in the receive buffer of SSL (which Apache still has not read - it's
- * pending until mod_cgi sucks it in). When mod_ssl now tries to perform
- * the renegotiation the pending data leads to an I/O error.
- *
- * Solution Idea:
- *
- * There are only two solutions: Either to simply state that POST
- * requests to URLs with SSL re-configurations are not allowed, or to
- * renegotiate really after the _complete_ request (i.e. including
- * the POST body) was read. Obviously the latter would be preferred,
- * but it cannot be done easily inside Apache, because as already
- * mentioned, there is no API step between the body reading and the body
- * processing. And even when we mod_ssl would hook directly into the
- * loop of mod_cgi, we wouldn't solve the problem for other handlers, of
- * course. So the only general solution is to suck in the pending data
- * of the request body from the OpenSSL BIO into the Apache BUFF. Then
- * the renegotiation can be done and after this step Apache can proceed
- * processing the request as before.
- *
- * Solution Implementation:
- *
- * We cannot simply suck in the data via an SSL_read-based loop because of
- * HTTP chunking. Instead we _have_ to use the Apache API for this step which
- * is aware of HTTP chunking. So the trick is to suck in the pending request
- * data via the Apache API (which uses Apache's BUFF code and in the
- * background mod_ssl's I/O glue code) and re-inject it later into the Apache
- * BUFF code again. This way the data flows twice through the Apache BUFF, of
- * course. But this way the solution doesn't depend on any Apache specifics
- * and is fully transparent to Apache modules.
- */
-
-struct ssl_io_suck_st {
-    BOOL  active;
-    char *bufptr;
-    int   buflen;
-    char *pendptr;
-    int   pendlen;
-};
-
-/* prepare request_rec structure for input sucking */
-static void ssl_io_suck_start(request_rec *r)
-{
-    struct ssl_io_suck_st *ss;
-
-    ss = ap_ctx_get(r->ctx, "ssl::io::suck");
-    if (ss == NULL) {
-        ss = ap_palloc(r->pool, sizeof(struct ssl_io_suck_st));
-        ap_ctx_set(r->ctx, "ssl::io::suck", ss);
-        ss->buflen  = 8192;
-        ss->bufptr  = ap_palloc(r->pool, ss->buflen);
-    }
-    ss->pendptr = ss->bufptr;
-    ss->pendlen = 0;
-    ss->active = FALSE;
-    return;
-}
-
-/* record a sucked input chunk */
-static void ssl_io_suck_record(request_rec *r, char *buf, int len)
-{
-    struct ssl_io_suck_st *ss;
-    
-    if ((ss = ap_ctx_get(r->ctx, "ssl::io::suck")) == NULL)
-        return;
-    if (((ss->bufptr + ss->buflen) - (ss->pendptr + ss->pendlen)) < len) {
-        /* "expand" buffer: actually we cannot really expand the buffer
-           here, because Apache's pool system doesn't support expanding chunks
-           of memory. Instead we have to either reuse processed data or
-           allocate a new chunk of memory in advance if we really need more
-           memory. */
-        int newlen;
-        char *newptr;
-
-        if ((  (ss->pendptr - ss->bufptr) 
-             + ((ss->bufptr + ss->buflen) - (ss->pendptr + ss->pendlen)) ) >= len) {
-            /* make memory available by reusing already processed data */
-            memmove(ss->bufptr, ss->pendptr, ss->pendlen);
-            ss->pendptr = ss->bufptr;
-        }
-        else {
-            /* too bad, we have to allocate a new larger buffer */
-            newlen = (ss->buflen * 2) + len;
-            newptr = ap_palloc(r->pool, newlen);
-            ss->bufptr  = newptr;
-            ss->buflen  = newlen;
-            memcpy(ss->bufptr, ss->pendptr, ss->pendlen);
-            ss->pendptr = ss->bufptr;
-        }
-    }
-    memcpy(ss->pendptr+ss->pendlen, buf, len);
-    ss->pendlen += len;
-    return;
-}
-
-/* finish request_rec after input sucking */
-static void ssl_io_suck_end(request_rec *r)
-{
-    struct ssl_io_suck_st *ss;
-    
-    if ((ss = ap_ctx_get(r->ctx, "ssl::io::suck")) == NULL)
-        return;
-    ss->active = TRUE;
-    r->read_body    = REQUEST_NO_BODY;
-    r->read_length  = 0;
-    r->read_chunked = 0;
-    r->remaining    = 0;
-    ap_bsetflag(r->connection->client, B_CHUNK, 0);
-    return;
-}
-
-void ssl_io_suck(request_rec *r, SSL *ssl)
-{
-    int rc;
-    int len;
-    char *buf;
-    int buflen;
-    char c;
-    int sucked;
-
-    if ((rc = ap_setup_client_block(r, REQUEST_CHUNKED_DECHUNK)) == OK) {
-        if (ap_should_client_block(r)) {
-
-            /* read client request block through Apache API */
-            buflen = HUGE_STRING_LEN;
-            buf = ap_palloc(r->pool, buflen);
-            ap_hard_timeout("SSL I/O request body pre-sucking", r);
-            sucked = 0;
-            ssl_io_suck_start(r);
-            while ((len = ap_get_client_block(r, buf, buflen)) > 0) {
-                ssl_io_suck_record(r, buf, len);
-                sucked += len;
-            }
-            ssl_io_suck_end(r);
-            ap_kill_timeout(r);
-
-            /* suck trailing data (usually CR LF) which 
-               is still in the Apache BUFF layer */
-            ap_hard_timeout("SSL I/O request trailing data pre-sucking", r);
-            while (ap_bpeekc(r->connection->client) != EOF) {
-                c = ap_bgetc(r->connection->client);
-                ssl_io_suck_record(r, &c, 1);
-                sucked++;
-            }
-            ap_kill_timeout(r);
-
-            ssl_log(r->server, SSL_LOG_TRACE, 
-                    "I/O: sucked %d bytes of input data from SSL/TLS I/O layer "
-                    "for delayed injection into Apache I/O layer", sucked);
-        }
-    }
-    return;
-}
-    
-/* the SSL_read replacement routine which knows about the suck buffer */
-static int ssl_io_suck_read(SSL *ssl, char *buf, int len)
-{
-    ap_ctx *actx;
-    struct ssl_io_suck_st *ss;
-    request_rec *r = NULL;
-    int rv;
-
-    actx = (ap_ctx *)SSL_get_app_data2(ssl);
-    if (actx != NULL)
-        r = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
-
-    rv = -1;
-    if (r != NULL) {
-        ss = ap_ctx_get(r->ctx, "ssl::io::suck");
-        if (ss != NULL) {
-            if (ss->active && ss->pendlen > 0) {
-                /* ok, there is pre-sucked data */
-                len = (ss->pendlen > len ? len : ss->pendlen);
-                memcpy(buf, ss->pendptr, len);
-                ss->pendptr += len;
-                ss->pendlen -= len;
-                ssl_log(r->server, SSL_LOG_TRACE, 
-                        "I/O: injecting %d bytes of pre-sucked data "
-                        "into Apache I/O layer", len);
-                rv = len;
-            }
-        }
-    }
-    if (rv == -1)
-        rv = SSL_read(ssl, buf, len);
-    return rv;
-}
-
-/* override SSL_read in the following code... */
-#define SSL_read ssl_io_suck_read
-
-#endif /* !SSL_CONSERVATIVE */
-
-/*  _________________________________________________________________
-**
-**  I/O Hooks
-**  _________________________________________________________________
-*/
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-static int ssl_io_hook_read(BUFF *fb, char *buf, int len);
-static int ssl_io_hook_write(BUFF *fb, char *buf, int len);
-static int ssl_io_hook_writev(BUFF *fb, const struct iovec *iov, int iovcnt);
-
-void ssl_io_register(void)
-{
-    ap_hook_register("ap::buff::read",   ssl_io_hook_read,  AP_HOOK_NOCTX);
-    ap_hook_register("ap::buff::write",  ssl_io_hook_write, AP_HOOK_NOCTX);
-    ap_hook_register("ap::buff::writev", ssl_io_hook_writev, AP_HOOK_NOCTX);
-    return;
-}
-
-void ssl_io_unregister(void)
-{
-    ap_hook_unregister("ap::buff::read",   ssl_io_hook_read);
-    ap_hook_unregister("ap::buff::write",  ssl_io_hook_write);
-    ap_hook_unregister("ap::buff::writev", ssl_io_hook_writev);
-    return;
-}
-
-static int ssl_io_hook_read(BUFF *fb, char *buf, int len)
-{
-    SSL *ssl;
-    conn_rec *c;
-    int rc;
-
-    if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
-        rc = SSL_read(ssl, buf, len);
-        /*
-         * Simulate an EINTR in case OpenSSL wants to read more.
-         * (This is usually the case when the client forces an SSL
-         * renegotiation which is handled implicitly by OpenSSL.)
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)
-            errno = EINTR;
-        /*
-         * Log SSL errors
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
-            c = (conn_rec *)SSL_get_app_data(ssl);
-            ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "SSL error on reading data");
-        }
-        /*
-         * read(2) returns only the generic error number -1
-         */
-        if (rc < 0)
-            rc = -1;
-    }
-    else
-        rc = read(fb->fd_in, buf, len);
-    return rc;
-}
-
-static int ssl_io_hook_write(BUFF *fb, char *buf, int len)
-{
-    SSL *ssl;
-    conn_rec *c;
-    int rc;
-
-    if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
-        rc = SSL_write(ssl, buf, len);
-        /*
-         * Simulate an EINTR in case OpenSSL wants to write more.
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE)
-            errno = EINTR;
-        /*
-         * Log SSL errors
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
-            c = (conn_rec *)SSL_get_app_data(ssl);
-            ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "SSL error on writing data");
-        }
-        /*
-         * write(2) returns only the generic error number -1
-         */
-        if (rc < 0)
-            rc = -1;
-    }
-    else
-        rc = write(fb->fd, buf, len);
-    return rc;
-}
-
-/* the prototype for our own SSL_writev() */
-static int SSL_writev(SSL *, const struct iovec *, int);
-
-static int ssl_io_hook_writev(BUFF *fb, const struct iovec *iov, int iovcnt)
-{
-    SSL *ssl;
-    conn_rec *c;
-    int rc;
-
-    if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
-        rc = SSL_writev(ssl, iov, iovcnt);
-        /*
-         * Simulate an EINTR in case OpenSSL wants to write more.
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE)
-            errno = EINTR;
-        /*
-         * Log SSL errors
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
-            c = (conn_rec *)SSL_get_app_data(ssl);
-            ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "SSL error on writing data");
-        }
-        /*
-         * writev(2) returns only the generic error number -1
-         */
-        if (rc < 0)
-            rc = -1;
-    }
-    else
-        rc = writev(fb->fd, iov, iovcnt);
-    return rc;
-}
-
-
-/*  _________________________________________________________________
-**
-**  Special Functions for OpenSSL
-**  _________________________________________________________________
-*/
-
-
-/*
- * There is no SSL_writev() provided by OpenSSL. The reason is mainly because
- * OpenSSL has to fragment the data itself again for the SSL record layer, so a
- * writev() like interface makes not much sense.  What we do is to emulate it
- * to at least being able to use the write() like interface. But keep in mind
- * that the network I/O performance is not write() like, of course.
- */
-static int SSL_writev(SSL *ssl, const struct iovec *iov, int iovcnt)
-{
-    int i;
-    int n;
-    int rc;
-
-    rc = 0;
-    for (i = 0; i < iovcnt; i++) {
-        if ((n = SSL_write(ssl, iov[i].iov_base, iov[i].iov_len)) == -1) {
-            rc = -1;
-            break;
-        }
-        rc += n;
-    }
-    return rc;
-}
-
-/*  _________________________________________________________________
-**
-**  I/O Data Debugging
-**  _________________________________________________________________
-*/
-
-#define DUMP_WIDTH 16
-
-static void ssl_io_data_dump(server_rec *srvr, const char *s, long len)
-{
-    char buf[256];
-    char tmp[64];
-    int i, j, rows, trunc;
-    unsigned char ch;
-
-    trunc = 0;
-    for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
-        trunc++;
-    rows = (len / DUMP_WIDTH);
-    if ((rows * DUMP_WIDTH) < len)
-        rows++;
-    ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
-            "+-------------------------------------------------------------------------+");
-    for(i = 0 ; i< rows; i++) {
-        ap_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
-        ap_cpystrn(buf, tmp, sizeof(buf));
-        for (j = 0; j < DUMP_WIDTH; j++) {
-            if (((i * DUMP_WIDTH) + j) >= len)
-                ap_cpystrn(buf+strlen(buf), "   ", sizeof(buf)-strlen(buf));
-            else {
-                ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
-                ap_snprintf(tmp, sizeof(tmp), "%02x%c", ch , j==7 ? '-' : ' ');
-                ap_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
-            }
-        }
-        ap_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
-        for (j = 0; j < DUMP_WIDTH; j++) {
-            if (((i * DUMP_WIDTH) + j) >= len)
-                ap_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
-            else {
-                ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
-                ap_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.');
-                ap_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
-            }
-        }
-        ap_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
-        ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, "%s", buf);
-    }
-    if (trunc > 0)
-        ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
-                "| %04x - <SPACES/NULS>", len + trunc);
-    ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
-            "+-------------------------------------------------------------------------+");
-    return;
-}
-
-long ssl_io_data_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long rc)
-{
-    SSL *ssl;
-    conn_rec *c;
-    server_rec *s;
-
-    if ((ssl = (SSL *)BIO_get_callback_arg(bio)) == NULL)
-        return rc;
-    if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
-        return rc;
-    s = c->server;
-
-    if (   cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
-        || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
-        if (rc >= 0) {
-            ssl_log(s, SSL_LOG_DEBUG,
-                    "%s: %s %ld/%d bytes %s BIO#%08X [mem: %08lX] %s",
-                    SSL_LIBRARY_NAME,
-                    (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
-                    rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
-                    bio, argp,
-                    (argp != NULL ? "(BIO dump follows)" : "(Ops, no memory buffer?)"));
-            if (argp != NULL)
-                ssl_io_data_dump(s, argp, rc);
-        }
-        else {
-            ssl_log(s, SSL_LOG_DEBUG,
-                    "%s: I/O error, %d bytes expected to %s on BIO#%08X [mem: %08lX]",
-                    SSL_LIBRARY_NAME, argi,
-                    (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
-                    bio, argp);
-        }
-    }
-    return rc;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c
deleted file mode 100644
index 254757b60cc..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c
+++ /dev/null
@@ -1,1966 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_kernel.c
-**  The SSL engine kernel
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* ====================================================================
- * Copyright (c) 1995-1999 Ben Laurie. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * 4. The name "Apache-SSL Server" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission.
- *
- * 5. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * THIS SOFTWARE IS PROVIDED BY BEN LAURIE ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BEN LAURIE OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``It took me fifteen years to discover
-                                  I had no talent for programming, but
-                                  I couldn't give it up because by that
-                                  time I was too famous.''
-                                            -- Unknown                */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  SSL Engine Kernel
-**  _________________________________________________________________
-*/
-
-/*
- *  Connect Handler:
- *  Connect SSL to the accepted socket
- *
- *  Usually we would need an Apache API hook which is triggered right after
- *  the socket is accepted for handling a new request. But Apache 1.3 doesn't
- *  provide such a hook, so we have to patch http_main.c and call this
- *  function directly.
- */
-void ssl_hook_NewConnection(conn_rec *conn)
-{
-    server_rec *srvr;
-    BUFF *fb;
-    SSLSrvConfigRec *sc;
-    ap_ctx *apctx;
-    SSL *ssl;
-    char *cp;
-    char *cpVHostID;
-    char *cpVHostMD5;
-    X509 *xs;
-    int rc;
-
-    /*
-     * Get context
-     */
-    srvr = conn->server;
-    fb   = conn->client;
-    sc   = mySrvConfig(srvr);
-
-    /*
-     * Create SSL context
-     */
-    ap_ctx_set(fb->ctx, "ssl", NULL);
-
-    /*
-     * Immediately stop processing if SSL
-     * is disabled for this connection
-     */
-    if (sc == NULL || !sc->bEnabled)
-        return;
-
-    /*
-     * Remember the connection information for
-     * later access inside callback functions
-     */
-    cpVHostID = ssl_util_vhostid(conn->pool, srvr);
-    ssl_log(srvr, SSL_LOG_INFO, "Connection to child %d established "
-            "(server %s, client %s)", conn->child_num, cpVHostID, 
-            conn->remote_ip != NULL ? conn->remote_ip : "unknown");
-
-    /*
-     * Seed the Pseudo Random Number Generator (PRNG)
-     */
-    ssl_rand_seed(srvr, conn->pool, SSL_RSCTX_CONNECT, "");
-
-    /*
-     * Create a new SSL connection with the configured server SSL context and
-     * attach this to the socket. Additionally we register this attachment
-     * so we can detach later.
-     */
-    if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
-        ssl_log(conn->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                "Unable to create a new SSL connection from the SSL context");
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-        conn->aborted = 1;
-        return;
-    }
-    SSL_clear(ssl);
-    cpVHostMD5 = ap_md5(conn->pool, (unsigned char *)cpVHostID);
-    if (!SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5, strlen(cpVHostMD5))) {
-        ssl_log(conn->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                "Unable to set session id context to `%s'", cpVHostMD5);
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-        conn->aborted = 1;
-        return;
-    }
-    SSL_set_app_data(ssl, conn);
-    apctx = ap_ctx_new(conn->pool);
-    ap_ctx_set(apctx, "ssl::request_rec", NULL);
-    ap_ctx_set(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
-    SSL_set_app_data2(ssl, apctx);
-    SSL_set_fd(ssl, fb->fd);
-    ap_ctx_set(fb->ctx, "ssl", ssl);
-
-    /*
-     *  Configure callbacks for SSL connection
-     */
-    SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
-    SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
-    if (sc->nLogLevel >= SSL_LOG_DEBUG) {
-        BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
-        BIO_set_callback_arg(SSL_get_rbio(ssl), ssl);
-    }
-
-    /*
-     * Predefine some client verification results
-     */
-    ap_ctx_set(fb->ctx, "ssl::client::dn", NULL);
-    ap_ctx_set(fb->ctx, "ssl::verify::error", NULL);
-    ap_ctx_set(fb->ctx, "ssl::verify::info", NULL);
-    SSL_set_verify_result(ssl, X509_V_OK);
-
-    /*
-     * We have to manage a I/O timeout ourself, because Apache
-     * does it the first time when reading the request, but we're
-     * working some time before this happens.
-     */
-    ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-    ap_set_callback_and_alarm(ssl_hook_TimeoutConnection, srvr->timeout);
-
-    /*
-     * Now enter the SSL Handshake Phase
-     */
-    while (!SSL_is_init_finished(ssl)) {
-
-        if ((rc = SSL_accept(ssl)) <= 0) {
-
-            if (SSL_get_error(ssl, rc) == SSL_ERROR_ZERO_RETURN) {
-                /*
-                 * The case where the connection was closed before any data
-                 * was transferred. That's not a real error and can occur
-                 * sporadically with some clients.
-                 */
-                ssl_log(srvr, SSL_LOG_INFO,
-                        "SSL handshake stopped: connection was closed");
-                SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-                conn->aborted = 1;
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-                return;
-            }
-            else if ((ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) &&
-                     (ERR_GET_LIB(ERR_peek_error()) == ERR_LIB_SSL)) {
-                /*
-                 * The case where OpenSSL has recognized a HTTP request:
-                 * This means the client speaks plain HTTP on our HTTPS
-                 * port. Hmmmm...  At least for this error we can be more friendly
-                 * and try to provide him with a HTML error page. We have only one
-                 * problem: OpenSSL has already read some bytes from the HTTP
-                 * request. So we have to skip the request line manually and
-                 * instead provide a faked one in order to continue the internal
-                 * Apache processing.
-                 *
-                 */
-                char ca[2];
-                int rv;
-
-                /* log the situation */
-                ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "SSL handshake failed: HTTP spoken on HTTPS port; "
-                        "trying to send HTML error page");
-
-                /* first: skip the remaining bytes of the request line */
-                do {
-                    do {
-                        rv = read(fb->fd, ca, 1);
-                    } while (rv == -1 && errno == EINTR);
-                } while (rv > 0 && ca[0] != '\012' /*LF*/);
-
-                /* second: fake the request line */
-                fb->inbase = ap_palloc(fb->pool, fb->bufsiz);
-                ap_cpystrn((char *)fb->inbase, "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n",
-                           fb->bufsiz);
-                fb->inptr = fb->inbase;
-                fb->incnt = strlen((char *)fb->inptr);
-
-                /* third: kick away the SSL stuff */
-                SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-
-                /* finally: let Apache go on with processing */
-                return;
-            }
-            else if (ap_ctx_get(ap_global_ctx, "ssl::handshake::timeout") == (void *)TRUE) {
-                ssl_log(srvr, SSL_LOG_ERROR,
-                        "SSL handshake timed out (client %s, server %s)",
-                        conn->remote_ip != NULL ? conn->remote_ip : "unknown", cpVHostID);
-                SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-                conn->aborted = 1;
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-                return;
-            }
-            else if (SSL_get_error(ssl, rc) == SSL_ERROR_SYSCALL) {
-                if (errno == EINTR)
-                    continue;
-                if (errno > 0)
-                    ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
-                            "SSL handshake interrupted by system "
-                            "[Hint: Stop button pressed in browser?!]");
-                else
-                    ssl_log(srvr, SSL_LOG_INFO|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
-                            "Spurious SSL handshake interrupt"
-                            "[Hint: Usually just one of those OpenSSL confusions!?]");
-                SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-                conn->aborted = 1;
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-                return;
-            }
-            else if (   (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ  && BIO_should_retry(SSL_get_rbio(ssl)))
-                     || (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE && BIO_should_retry(SSL_get_wbio(ssl)))) {
-                ssl_log(srvr, SSL_LOG_TRACE, "SSL handshake I/O retry (server %s, client %s)",
-                        cpVHostID, conn->remote_ip != NULL ? conn->remote_ip : "unknown");
-                continue;
-            }
-            else {
-                /*
-                 * Ok, anything else is a fatal error
-                 */
-                ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
-                        "SSL handshake failed (server %s, client %s)", cpVHostID, 
-                        conn->remote_ip != NULL ? conn->remote_ip : "unknown");
-
-                /*
-                 * try to gracefully shutdown the connection:
-                 * - send an own shutdown message (be gracefully)
-                 * - don't wait for peer's shutdown message (deadloop)
-                 * - kick away the SSL stuff immediately
-                 * - block the socket, so Apache cannot operate any more
-                 */
-                SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-                conn->aborted = 1;
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-                return;
-            }
-        }
-
-        /*
-         * Check for failed client authentication
-         */
-        if (   SSL_get_verify_result(ssl) != X509_V_OK
-            || ap_ctx_get(fb->ctx, "ssl::verify::error") != NULL) {
-            cp = (char *)ap_ctx_get(fb->ctx, "ssl::verify::error");
-            ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "SSL client authentication failed: %s", 
-                    cp != NULL ? cp : "unknown reason");
-            SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-            SSL_smart_shutdown(ssl);
-            SSL_free(ssl);
-            ap_ctx_set(fb->ctx, "ssl", NULL);
-            ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-            conn->aborted = 1;
-            ap_set_callback_and_alarm(NULL, 0);
-            ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-            return;
-        }
-
-        /*
-         * Remember the peer certificate's DN
-         */
-        if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
-            cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-            ap_ctx_set(fb->ctx, "ssl::client::dn", ap_pstrdup(conn->pool, cp));
-            OPENSSL_free(cp);
-            X509_free(xs);
-        }
-
-        /*
-         * Make really sure that when a peer certificate
-         * is required we really got one... (be paranoid)
-         */
-        if (   sc->nVerifyClient == SSL_CVERIFY_REQUIRE
-            && ap_ctx_get(fb->ctx, "ssl::client::dn") == NULL) {
-            ssl_log(srvr, SSL_LOG_ERROR,
-                    "No acceptable peer certificate available");
-            SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-            SSL_smart_shutdown(ssl);
-            SSL_free(ssl);
-            ap_ctx_set(fb->ctx, "ssl", NULL);
-            ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-            conn->aborted = 1;
-            ap_set_callback_and_alarm(NULL, 0);
-            ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-            return;
-        }
-    }
-
-    /*
-     * Remove the timeout handling
-     */
-    ap_set_callback_and_alarm(NULL, 0);
-    ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-
-    /*
-     * Improve I/O throughput by using
-     * OpenSSL's read-ahead functionality
-     * (don't used under Win32, because
-     * there we use select())
-     */
-    SSL_set_read_ahead(ssl, TRUE);
-
-#ifdef SSL_VENDOR
-    /* Allow vendors to do more things on connection time... */
-    ap_hook_use("ap::mod_ssl::vendor::new_connection",
-                AP_HOOK_SIG2(void,ptr), AP_HOOK_ALL, conn);
-#endif
-
-    return;
-}
-
-/*
- * Signal handler function for the SSL handshake phase
- */
-void ssl_hook_TimeoutConnection(int sig)
-{
-    /* we just set a flag for the handshake processing loop */
-    ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)TRUE);
-    return;
-}
-
-/*
- *  Close the SSL part of the socket connection
- *  (called immediately _before_ the socket is closed)
- */
-void ssl_hook_CloseConnection(conn_rec *conn)
-{
-    SSL *ssl;
-    char *cpType;
-
-    ssl = ap_ctx_get(conn->client->ctx, "ssl");
-    if (ssl == NULL)
-        return;
-
-    /*
-     * First make sure that no more data is pending in Apache's BUFF,
-     * because when it's (implicitly) flushed later by the ap_bclose()
-     * calls of Apache it would lead to an I/O error in the browser due
-     * to the fact that the SSL layer was already removed by us.
-     */
-    ap_bflush(conn->client);
-
-    /*
-     * Now close the SSL layer of the connection. We've to take
-     * the TLSv1 standard into account here:
-     *
-     * | 7.2.1. Closure alerts
-     * |
-     * | The client and the server must share knowledge that the connection is
-     * | ending in order to avoid a truncation attack. Either party may
-     * | initiate the exchange of closing messages.
-     * |
-     * | close_notify
-     * |     This message notifies the recipient that the sender will not send
-     * |     any more messages on this connection. The session becomes
-     * |     unresumable if any connection is terminated without proper
-     * |     close_notify messages with level equal to warning.
-     * |
-     * | Either party may initiate a close by sending a close_notify alert.
-     * | Any data received after a closure alert is ignored.
-     * |
-     * | Each party is required to send a close_notify alert before closing
-     * | the write side of the connection. It is required that the other party
-     * | respond with a close_notify alert of its own and close down the
-     * | connection immediately, discarding any pending writes. It is not
-     * | required for the initiator of the close to wait for the responding
-     * | close_notify alert before closing the read side of the connection.
-     *
-     * This means we've to send a close notify message, but haven't to wait
-     * for the close notify of the client. Actually we cannot wait for the
-     * close notify of the client because some clients (including Netscape
-     * 4.x) don't send one, so we would hang.
-     */
-
-    /*
-     * exchange close notify messages, but allow the user
-     * to force the type of handshake via SetEnvIf directive
-     */
-    if (ap_ctx_get(conn->client->ctx, "ssl::flag::unclean-shutdown") == PTRUE) {
-        /* perform no close notify handshake at all
-           (violates the SSL/TLS standard!) */
-        SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-        cpType = "unclean";
-    }
-    else if (ap_ctx_get(conn->client->ctx, "ssl::flag::accurate-shutdown") == PTRUE) {
-        /* send close notify and wait for clients close notify
-           (standard compliant, but usually causes connection hangs) */
-        SSL_set_shutdown(ssl, 0);
-        cpType = "accurate";
-    }
-    else {
-        /* send close notify, but don't wait for clients close notify
-           (standard compliant and safe, so it's the DEFAULT!) */
-        SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-        cpType = "standard";
-    }
-    SSL_smart_shutdown(ssl);
-
-    /* deallocate the SSL connection */
-    SSL_free(ssl);
-    ap_ctx_set(conn->client->ctx, "ssl", NULL);
-
-    /* and finally log the fact that we've closed the connection */
-    ssl_log(conn->server, SSL_LOG_INFO,
-            "Connection to child %d closed with %s shutdown (server %s, client %s)",
-            conn->child_num, cpType, ssl_util_vhostid(conn->pool, conn->server),
-            conn->remote_ip != NULL ? conn->remote_ip : "unknown");
-    return;
-}
-
-/*
- *  Post Read Request Handler
- */
-int ssl_hook_ReadReq(request_rec *r)
-{
-    SSL *ssl;
-    ap_ctx *apctx;
-
-    /*
-     * Get the SSL connection structure and perform the
-     * delayed interlinking from SSL back to request_rec
-     */
-    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
-    if (ssl != NULL) {
-        apctx = SSL_get_app_data2(ssl);
-        ap_ctx_set(apctx, "ssl::request_rec", r);
-    }
-
-    /*
-     * Force the mod_ssl content handler when URL indicates this
-     */
-    if (strEQn(r->uri, "/mod_ssl:", 9))
-        r->handler = "mod_ssl:content-handler";
-    if (ssl != NULL) {
-        ap_ctx_set(r->ctx, "ap::http::method",  "https");
-        ap_ctx_set(r->ctx, "ap::default::port", "443");
-    }
-    else {
-        ap_ctx_set(r->ctx, "ap::http::method",  NULL);
-        ap_ctx_set(r->ctx, "ap::default::port", NULL);
-    }
-    return DECLINED;
-}
-
-/*
- *  URL Translation Handler
- */
-int ssl_hook_Translate(request_rec *r)
-{
-    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
-        return DECLINED;
-
-    /*
-     * Log information about incoming HTTPS requests
-     */
-    if (ap_is_initial_req(r))
-        ssl_log(r->server, SSL_LOG_INFO,
-                "%s HTTPS request received for child %d (server %s)",
-                r->connection->keepalives <= 0 ?
-                    "Initial (No.1)" :
-                    ap_psprintf(r->pool, "Subsequent (No.%d)",
-                                r->connection->keepalives+1),
-                r->connection->child_num,
-                ssl_util_vhostid(r->pool, r->server));
-
-    /*
-     * Move SetEnvIf information from request_rec to conn_rec/BUFF
-     * to allow the close connection handler to use them.
-     */
-    if (ap_table_get(r->subprocess_env, "ssl-unclean-shutdown") != NULL)
-        ap_ctx_set(r->connection->client->ctx, "ssl::flag::unclean-shutdown", PTRUE);
-    else
-        ap_ctx_set(r->connection->client->ctx, "ssl::flag::unclean-shutdown", PFALSE);
-    if (ap_table_get(r->subprocess_env, "ssl-accurate-shutdown") != NULL)
-        ap_ctx_set(r->connection->client->ctx, "ssl::flag::accurate-shutdown", PTRUE);
-    else
-        ap_ctx_set(r->connection->client->ctx, "ssl::flag::accurate-shutdown", PFALSE);
-
-    return DECLINED;
-}
-
-/*
- *  Content Handler
- */
-int ssl_hook_Handler(request_rec *r)
-{
-    int port;
-    char *thisport;
-    char *thisurl;
-
-    if (strNEn(r->uri, "/mod_ssl:", 9))
-        return DECLINED;
-
-    if (strEQ(r->uri, "/mod_ssl:error:HTTP-request")) {
-        thisport = "";
-        port = ap_get_server_port(r);
-        if (!ap_is_default_port(port, r))
-            thisport = ap_psprintf(r->pool, ":%u", port);
-        thisurl = ap_psprintf(r->pool, "https://%s%s/",
-                              ap_escape_html(r->pool, ap_get_server_name(r)),
-			      thisport);
-
-        ap_table_setn(r->notes, "error-notes", ap_psprintf(r->pool,
-                      "Reason: You're speaking plain HTTP to an SSL-enabled server port.<BR>\n"
-                      "Instead use the HTTPS scheme to access this URL, please.<BR>\n"
-                      "<BLOCKQUOTE>Hint: <A HREF=\"%s\"><B>%s</B></A></BLOCKQUOTE>",
-                      thisurl, thisurl));
-    }
-
-    return HTTP_BAD_REQUEST;
-}
-
-/*
- *  Access Handler
- */
-int ssl_hook_Access(request_rec *r)
-{
-    SSLDirConfigRec *dc;
-    SSLSrvConfigRec *sc;
-    SSL *ssl;
-    SSL_CTX *ctx = NULL;
-    array_header *apRequirement;
-    ssl_require_t *pRequirements;
-    ssl_require_t *pRequirement;
-    char *cp;
-    int ok;
-    int i;
-    BOOL renegotiate;
-    BOOL renegotiate_quick;
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    BOOL reconfigured_locations;
-    STACK_OF(X509_NAME) *skCAList;
-    char *cpCAPath;
-    char *cpCAFile;
-#endif
-    X509 *cert;
-    STACK_OF(X509) *certstack;
-    X509_STORE *certstore;
-    X509_STORE_CTX certstorectx;
-    int depth;
-    STACK_OF(SSL_CIPHER) *skCipherOld;
-    STACK_OF(SSL_CIPHER) *skCipher = NULL;
-    SSL_CIPHER *pCipher;
-    ap_ctx *apctx;
-    int nVerifyOld;
-    int nVerify;
-    int n;
-    void *vp;
-    int rc;
-
-    dc  = myDirConfig(r);
-    sc  = mySrvConfig(r->server);
-    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
-    if (ssl != NULL)
-        ctx = SSL_get_SSL_CTX(ssl);
-
-    /*
-     * Support for SSLRequireSSL directive
-     */
-    if (dc->bSSLRequired && ssl == NULL) {
-        ap_log_reason("SSL connection required", r->filename, r);
-        /* remember forbidden access for strict require option */
-        ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
-        return FORBIDDEN;
-    }
-
-    /*
-     * Check to see if SSL protocol is on
-     */
-    if (!sc->bEnabled)
-        return DECLINED;
-    if (ssl == NULL)
-        return DECLINED;
-
-    /*
-     * Support for per-directory reconfigured SSL connection parameters.
-     *
-     * This is implemented by forcing an SSL renegotiation with the
-     * reconfigured parameter suite. But Apache's internal API processing
-     * makes our life very hard here, because when internal sub-requests occur
-     * we nevertheless should avoid multiple unnecessary SSL handshakes (they
-     * require extra network I/O and especially time to perform). 
-     * 
-     * But the optimization for filtering out the unnecessary handshakes isn't
-     * obvious and trivial.  Especially because while Apache is in its
-     * sub-request processing the client could force additional handshakes,
-     * too. And these take place perhaps without our notice. So the only
-     * possibility is to explicitly _ask_ OpenSSL whether the renegotiation
-     * has to be performed or not. It has to performed when some parameters
-     * which were previously known (by us) are not those we've now
-     * reconfigured (as known by OpenSSL) or (in optimized way) at least when
-     * the reconfigured parameter suite is stronger (more restrictions) than
-     * the currently active one.
-     */
-    renegotiate            = FALSE;
-    renegotiate_quick      = FALSE;
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    reconfigured_locations = FALSE;
-#endif
-
-    /*
-     * Override of SSLCipherSuite
-     *
-     * We provide two options here:
-     *
-     * o The paranoid and default approach where we force a renegotiation when
-     *   the cipher suite changed in _any_ way (which is straight-forward but
-     *   often forces renegotiations too often and is perhaps not what the
-     *   user actually wanted).
-     *
-     * o The optimized and still secure way where we force a renegotiation
-     *   only if the currently active cipher is no longer contained in the
-     *   reconfigured/new cipher suite. Any other changes are not important
-     *   because it's the servers choice to select a cipher from the ones the
-     *   client supports. So as long as the current cipher is still in the new
-     *   cipher suite we're happy. Because we can assume we would have
-     *   selected it again even when other (better) ciphers exists now in the
-     *   new cipher suite. This approach is fine because the user explicitly
-     *   has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
-     *   implicit optimizations.
-     */
-    if (dc->szCipherSuite != NULL) {
-        /* remember old state */
-        pCipher = NULL;
-        skCipherOld = NULL;
-        if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE)
-            pCipher = SSL_get_current_cipher(ssl);
-        else {
-            skCipherOld = SSL_get_ciphers(ssl);
-            if (skCipherOld != NULL)
-                skCipherOld = sk_SSL_CIPHER_dup(skCipherOld);
-        }
-        /* configure new state */
-        if (!SSL_set_cipher_list(ssl, dc->szCipherSuite)) {
-            ssl_log(r->server, SSL_LOG_WARN|SSL_ADD_SSLERR,
-                    "Unable to reconfigure (per-directory) permitted SSL ciphers");
-            if (skCipherOld != NULL)
-                sk_SSL_CIPHER_free(skCipherOld);
-            return FORBIDDEN;
-        }
-        /* determine whether a renegotiation has to be forced */
-        skCipher = SSL_get_ciphers(ssl);
-        if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
-            /* optimized way */
-            if ((pCipher == NULL && skCipher != NULL) ||
-                (pCipher != NULL && skCipher == NULL)   )
-                renegotiate = TRUE;
-            else if (pCipher != NULL && skCipher != NULL
-                     && sk_SSL_CIPHER_find(skCipher, pCipher) < 0) {
-                renegotiate = TRUE;
-            }
-        }
-        else {
-            /* paranoid way */
-            if ((skCipherOld == NULL && skCipher != NULL) ||
-                (skCipherOld != NULL && skCipher == NULL)   )
-                renegotiate = TRUE;
-            else if (skCipherOld != NULL && skCipher != NULL) {
-                for (n = 0; !renegotiate && n < sk_SSL_CIPHER_num(skCipher); n++) {
-                    if (sk_SSL_CIPHER_find(skCipherOld, sk_SSL_CIPHER_value(skCipher, n)) < 0)
-                        renegotiate = TRUE;
-                }
-                for (n = 0; !renegotiate && n < sk_SSL_CIPHER_num(skCipherOld); n++) {
-                    if (sk_SSL_CIPHER_find(skCipher, sk_SSL_CIPHER_value(skCipherOld, n)) < 0)
-                        renegotiate = TRUE;
-                }
-            }
-        }
-        /* cleanup */
-        if (skCipherOld != NULL)
-            sk_SSL_CIPHER_free(skCipherOld);
-        /* tracing */
-        if (renegotiate) {
-	    if (sc->bHonorCipherOrder == TRUE)
-	    	SSL_set_options(ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
-            ssl_log(r->server, SSL_LOG_TRACE,
-                    "Reconfigured cipher suite will force renegotiation");
-	}
-    }
-
-    /*
-     * override of SSLVerifyDepth
-     *
-     * The depth checks are handled by us manually inside the verify callback
-     * function and not by OpenSSL internally (and our function is aware of
-     * both the per-server and per-directory contexts). So we cannot ask
-     * OpenSSL about the currently verify depth. Instead we remember it in our
-     * ap_ctx attached to the SSL* of OpenSSL.  We've to force the
-     * renegotiation if the reconfigured/new verify depth is less than the
-     * currently active/remembered verify depth (because this means more
-     * restriction on the certificate chain).
-     */
-    if (dc->nVerifyDepth != UNSET) {
-        apctx = SSL_get_app_data2(ssl);
-        if ((vp = ap_ctx_get(apctx, "ssl::verify::depth")) != NULL)
-            n = (int)AP_CTX_PTR2NUM(vp);
-        else
-            n = sc->nVerifyDepth;
-        ap_ctx_set(apctx, "ssl::verify::depth",
-                   AP_CTX_NUM2PTR(dc->nVerifyDepth));
-        /* determine whether a renegotiation has to be forced */
-        if (dc->nVerifyDepth < n) {
-            renegotiate = TRUE;
-            ssl_log(r->server, SSL_LOG_TRACE,
-                    "Reduced client verification depth will force renegotiation");
-        }
-    }
-
-    /*
-     * override of SSLVerifyClient
-     *
-     * We force a renegotiation if the reconfigured/new verify type is
-     * stronger than the currently active verify type. 
-     *
-     * The order is: none << optional_no_ca << optional << require
-     *
-     * Additionally the following optimization is possible here: When the
-     * currently active verify type is "none" but a client certificate is
-     * already known/present, it's enough to manually force a client
-     * verification but at least skip the I/O-intensive renegotiation
-     * handshake.
-     */
-    if (dc->nVerifyClient != SSL_CVERIFY_UNSET) {
-        /* remember old state */
-        nVerifyOld = SSL_get_verify_mode(ssl);
-        /* configure new state */
-        nVerify = SSL_VERIFY_NONE;
-        if (dc->nVerifyClient == SSL_CVERIFY_REQUIRE)
-            nVerify |= SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-        if (   (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL)
-            || (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) )
-            nVerify |= SSL_VERIFY_PEER;
-        SSL_set_verify(ssl, nVerify, ssl_callback_SSLVerify);
-        SSL_set_verify_result(ssl, X509_V_OK);
-        /* determine whether we've to force a renegotiation */
-        if (!renegotiate && nVerify != nVerifyOld) {
-            if (   (   (nVerifyOld == SSL_VERIFY_NONE)
-                    && (nVerify    != SSL_VERIFY_NONE))
-                || (  !(nVerifyOld &  SSL_VERIFY_PEER)
-                    && (nVerify    &  SSL_VERIFY_PEER))
-                || (  !(nVerifyOld &  SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
-                    && (nVerify    &  SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
-                renegotiate = TRUE;
-                /* optimization */
-                if (   dc->nOptions & SSL_OPT_OPTRENEGOTIATE
-                    && nVerifyOld == SSL_VERIFY_NONE
-                    && (cert = SSL_get_peer_certificate(ssl)) != NULL) {
-                    renegotiate_quick = TRUE;
-                    X509_free(cert);
-                }
-                ssl_log(r->server, SSL_LOG_TRACE,
-                        "Changed client verification type will force %srenegotiation",
-                        renegotiate_quick ? "quick " : "");
-             }
-        }
-    }
-
-    /*
-     *  override SSLCACertificateFile & SSLCACertificatePath
-     *  This is tagged experimental because it has to use an ugly kludge: We
-     *  have to change the locations inside the SSL_CTX* (per-server global)
-     *  instead inside SSL* (per-connection local) and reconfigure it to the
-     *  old values later. That's problematic at least for the threaded process
-     *  model of Apache under Win32 or when an error occurs. But unless
-     *  OpenSSL provides a SSL_load_verify_locations() function we've no other
-     *  chance to provide this functionality...
-     */
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    if (   (   dc->szCACertificateFile != NULL
-            && (   sc->szCACertificateFile == NULL
-                || (   sc->szCACertificateFile != NULL
-                    && strNE(dc->szCACertificateFile, sc->szCACertificateFile))))
-        || (   dc->szCACertificatePath != NULL
-            && (   sc->szCACertificatePath == NULL
-                || (   sc->szCACertificatePath != NULL
-                    && strNE(dc->szCACertificatePath, sc->szCACertificatePath)))) ) {
-        cpCAFile = dc->szCACertificateFile != NULL ?
-                   dc->szCACertificateFile : sc->szCACertificateFile;
-        cpCAPath = dc->szCACertificatePath != NULL ?
-                   dc->szCACertificatePath : sc->szCACertificatePath;
-        /*
-           FIXME: This should be...
-           if (!SSL_load_verify_locations(ssl, cpCAFile, cpCAPath)) {
-           ...but OpenSSL still doesn't provide this!
-         */
-        if (!SSL_CTX_load_verify_locations(ctx, cpCAFile, cpCAPath)) {
-            ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Unable to reconfigure verify locations "
-                    "for client authentication");
-            return FORBIDDEN;
-        }
-        if ((skCAList = ssl_init_FindCAList(r->server, r->pool,
-                                            cpCAFile, cpCAPath)) == NULL) {
-            ssl_log(r->server, SSL_LOG_ERROR,
-                    "Unable to determine list of available "
-                    "CA certificates for client authentication");
-            return FORBIDDEN;
-        }
-        SSL_set_client_CA_list(ssl, skCAList);
-        renegotiate = TRUE;
-        reconfigured_locations = TRUE;
-        ssl_log(r->server, SSL_LOG_TRACE,
-                "Changed client verification locations will force renegotiation");
-    }
-#endif /* SSL_EXPERIMENTAL_PERDIRCA */
-
-#ifdef SSL_CONSERVATIVE 
-    /* 
-     *  SSL renegotiations in conjunction with HTTP
-     *  requests using the POST method are not supported.
-     */
-    if (renegotiate && r->method_number == M_POST) {
-        ssl_log(r->server, SSL_LOG_ERROR,
-                "SSL Re-negotiation in conjunction with POST method not supported!");
-        ssl_log(r->server, SSL_LOG_INFO,
-                "You have to compile without -DSSL_CONSERVATIVE to enabled support for this.");
-        return METHOD_NOT_ALLOWED;
-    }
-#endif /* SSL_CONSERVATIVE */
-
-    /*
-     * now do the renegotiation if anything was actually reconfigured
-     */
-    if (renegotiate) {
-        /*
-         * Now we force the SSL renegotiation by sending the Hello Request
-         * message to the client. Here we have to do a workaround: Actually
-         * OpenSSL returns immediately after sending the Hello Request (the
-         * intent AFAIK is because the SSL/TLS protocol says it's not a must
-         * that the client replies to a Hello Request). But because we insist
-         * on a reply (anything else is an error for us) we have to go to the
-         * ACCEPT state manually. Using SSL_set_accept_state() doesn't work
-         * here because it resets too much of the connection.  So we set the
-         * state explicitly and continue the handshake manually.
-         */
-        ssl_log(r->server, SSL_LOG_INFO, "Requesting connection re-negotiation");
-        if (renegotiate_quick) {
-            /* perform just a manual re-verification of the peer */
-            ssl_log(r->server, SSL_LOG_TRACE,
-                    "Performing quick renegotiation: just re-verifying the peer");
-            certstack = SSL_get_peer_cert_chain(ssl);
-            cert = SSL_get_peer_certificate(ssl);
-            if (certstack == NULL && cert != NULL) {
-                /* client certificate is in the SSL session cache, but
-                   there is no chain, since ssl3_get_client_certificate()
-                   sk_X509_shift()'ed the peer certificate out of the
-                   chain. So we put it back here for the purpose of quick
-                   renegotiation. */
-                certstack = sk_new_null();
-                sk_X509_push(certstack, cert);
-            }
-            if (certstack == NULL || sk_X509_num(certstack) == 0) {
-                ssl_log(r->server, SSL_LOG_ERROR, "Cannot find peer certificate chain");
-                return FORBIDDEN;
-            }
-            if (cert == NULL)
-                cert = sk_X509_value(certstack, 0);
-
-            if ((certstore = SSL_CTX_get_cert_store(ctx)) == NULL) {
-                ssl_log(r->server, SSL_LOG_ERROR, "Cannot find certificate storage");
-                return FORBIDDEN;
-            }
-            X509_STORE_CTX_init(&certstorectx, certstore, cert, certstack);
-            depth = SSL_get_verify_depth(ssl);
-            if (depth >= 0)
-                X509_STORE_CTX_set_depth(&certstorectx, depth);
-            X509_STORE_CTX_set_ex_data(&certstorectx,
-                SSL_get_ex_data_X509_STORE_CTX_idx(), (char *)ssl);
-            if (!X509_verify_cert(&certstorectx))
-                ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
-                        "Re-negotiation verification step failed");
-            SSL_set_verify_result(ssl, certstorectx.error);
-            X509_STORE_CTX_cleanup(&certstorectx);
-            if (SSL_get_peer_cert_chain(ssl) != certstack) {
-                /* created by us above, so free it */
-                sk_X509_pop_free(certstack, X509_free);
-            }
-            else {
-                /* X509_free(cert); not necessary AFAIK --rse */
-            }
-        }
-        else {
-            /* do a full renegotiation */
-            ssl_log(r->server, SSL_LOG_TRACE,
-                    "Performing full renegotiation: complete handshake protocol");
-            if (r->main != NULL)
-                SSL_set_session_id_context(ssl, (unsigned char *)&(r->main), sizeof(r->main));
-            else
-                SSL_set_session_id_context(ssl, (unsigned char *)&r, sizeof(r));
-#ifndef SSL_CONSERVATIVE
-            ssl_io_suck(r, ssl);
-#endif
-            SSL_renegotiate(ssl);
-            SSL_do_handshake(ssl);
-            if (SSL_get_state(ssl) != SSL_ST_OK) {
-                ssl_log(r->server, SSL_LOG_ERROR, "Re-negotiation request failed");
-                return FORBIDDEN;
-            }
-            ssl_log(r->server, SSL_LOG_INFO, "Awaiting re-negotiation handshake");
-            SSL_set_state(ssl, SSL_ST_ACCEPT);
-            SSL_do_handshake(ssl);
-            if (SSL_get_state(ssl) != SSL_ST_OK) {
-                ssl_log(r->server, SSL_LOG_ERROR,
-                        "Re-negotiation handshake failed: Not accepted by client!?");
-                return FORBIDDEN;
-            }
-        }
-
-        /*
-         * Remember the peer certificate's DN
-         */
-        if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
-            cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
-            ap_ctx_set(r->connection->client->ctx, "ssl::client::dn", 
-                       ap_pstrdup(r->connection->pool, cp));
-            OPENSSL_free(cp);
-            X509_free(cert);
-        }
-
-        /*
-         * Finally check for acceptable renegotiation results
-         */
-        if (dc->nVerifyClient != SSL_CVERIFY_NONE) {
-            if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
-                && SSL_get_verify_result(ssl) != X509_V_OK  ) {
-                ssl_log(r->server, SSL_LOG_ERROR,
-                        "Re-negotiation handshake failed: Client verification failed");
-                return FORBIDDEN;
-            }
-            cert = SSL_get_peer_certificate(ssl);
-            if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
-                && cert == NULL) {
-                ssl_log(r->server, SSL_LOG_ERROR,
-                        "Re-negotiation handshake failed: Client certificate missing");
-                return FORBIDDEN;
-            }
-            if (cert != NULL)
-                X509_free(cert);
-        }
-
-        /*
-         * Also check that SSLCipherSuite has been enforced as expected
-         */
-        if (skCipher != NULL) {
-            pCipher = SSL_get_current_cipher(ssl);
-            if (sk_SSL_CIPHER_find(skCipher, pCipher) < 0) {
-                ssl_log(r->server, SSL_LOG_ERROR,
-                        "SSL cipher suite not renegotiated: "
-                        "access to %s denied using cipher %s",
-                        r->filename, SSL_CIPHER_get_name(pCipher));
-                return FORBIDDEN;
-            }
-        }
-    }
-
-    /*
-     * Under old OpenSSL we had to change the X509_STORE inside the
-     * SSL_CTX instead inside the SSL structure, so we have to reconfigure it
-     * to the old values. This should be changed with forthcoming OpenSSL
-     * versions when better functionality is avaiable.
-     */
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    if (renegotiate && reconfigured_locations) {
-        if (!SSL_CTX_load_verify_locations(ctx,
-                sc->szCACertificateFile, sc->szCACertificatePath)) {
-            ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Unable to reconfigure verify locations "
-                    "to per-server configuration parameters");
-            return FORBIDDEN;
-        }
-    }
-#endif /* SSL_EXPERIMENTAL_PERDIRCA */
-
-    /*
-     * Check SSLRequire boolean expressions
-     */
-    apRequirement = dc->aRequirement;
-    pRequirements = (ssl_require_t *)apRequirement->elts;
-    for (i = 0; i < apRequirement->nelts; i++) {
-        pRequirement = &pRequirements[i];
-        ok = ssl_expr_exec(r, pRequirement->mpExpr);
-        if (ok < 0) {
-            cp = ap_psprintf(r->pool, "Failed to execute SSL requirement expression: %s",
-                             ssl_expr_get_error());
-            ap_log_reason(cp, r->filename, r);
-            /* remember forbidden access for strict require option */
-            ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
-            return FORBIDDEN;
-        }
-        if (ok != 1) {
-            ssl_log(r->server, SSL_LOG_INFO,
-                    "Access to %s denied for %s (requirement expression not fulfilled)",
-                    r->filename, r->connection->remote_ip);
-            ssl_log(r->server, SSL_LOG_INFO,
-                    "Failed expression: %s", pRequirement->cpExpr);
-            ap_log_reason("SSL requirement expression not fulfilled "
-                          "(see SSL logfile for more details)", r->filename, r);
-            /* remember forbidden access for strict require option */
-            ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
-            return FORBIDDEN;
-        }
-    }
-
-    /*
-     * Else access is granted from our point of view (except vendor
-     * handlers override). But we have to return DECLINED here instead
-     * of OK, because mod_auth and other modules still might want to
-     * deny access.
-     */
-    rc = DECLINED;
-#ifdef SSL_VENDOR
-    ap_hook_use("ap::mod_ssl::vendor::access_handler",
-                AP_HOOK_SIG2(int,ptr), AP_HOOK_DECLINE(DECLINED),
-                &rc, r);
-#endif
-    return rc;
-}
-
-/*
- *  Auth Handler:
- *  Fake a Basic authentication from the X509 client certificate.
- *
- *  This must be run fairly early on to prevent a real authentication from
- *  occuring, in particular it must be run before anything else that
- *  authenticates a user.  This means that the Module statement for this
- *  module should be LAST in the Configuration file.
- */
-int ssl_hook_Auth(request_rec *r)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
-    SSLDirConfigRec *dc = myDirConfig(r);
-    char *clientdn;
-    const char *cpAL;
-    const char *cpUN;
-    const char *cpPW;
-
-    /*
-     * Additionally forbid access (again)
-     * when strict require option is used.
-     */
-    if (   (dc->nOptions & SSL_OPT_STRICTREQUIRE)
-        && (ap_table_get(r->notes, "ssl-access-forbidden") != NULL))
-        return FORBIDDEN;
-
-    /*
-     * Make sure the user is not able to fake the client certificate
-     * based authentication by just entering an X.509 Subject DN
-     * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
-     * password.
-     */
-    if (   ap_is_initial_req(r)
-        && (cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
-        if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) {
-            while (*cpAL == ' ' || *cpAL == '\t')
-                cpAL++;
-            cpAL = ap_pbase64decode(r->pool, cpAL);
-            cpUN = ap_getword_nulls(r->pool, &cpAL, ':');
-            cpPW = cpAL;
-            if (cpUN[0] == '/' && strEQ(cpPW, "password")) {
-                ssl_log(r->server, SSL_LOG_WARN, 
-                        "real Basic Authentication with DN \"%s\" and fake password attempted", cpUN);
-                return FORBIDDEN;
-            }
-        }
-    }
-
-    /*
-     * We decline operation in various situations...
-     */
-    if (!sc->bEnabled)
-        return DECLINED;
-    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
-        return DECLINED;
-    if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
-        return DECLINED;
-    if (r->connection->user)
-        return DECLINED;
-    if ((clientdn = (char *)ap_ctx_get(r->connection->client->ctx, "ssl::client::dn")) == NULL)
-        return DECLINED;
-
-    /*
-     * Fake a password - which one would be immaterial, as, it seems, an empty
-     * password in the users file would match ALL incoming passwords, if only
-     * we were using the standard crypt library routine. Unfortunately, OpenSSL
-     * "fixes" a "bug" in crypt and thus prevents blank passwords from
-     * working.  (IMHO what they really fix is a bug in the users of the code
-     * - failing to program correctly for shadow passwords).  We need,
-     * therefore, to provide a password. This password can be matched by
-     * adding the string "xxj31ZMTZzkVA" as the password in the user file.
-     * This is just the crypted variant of the word "password" ;-)
-     */
-    cpAL = ap_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool,
-        ap_pstrcat(r->pool, clientdn, ":password", NULL)), NULL);
-    ap_table_set(r->headers_in, "Authorization", cpAL);
-    ssl_log(r->server, SSL_LOG_INFO,
-            "Faking HTTP Basic Auth header: \"Authorization: %s\"", cpAL);
-
-    return DECLINED;
-}
-
-int ssl_hook_UserCheck(request_rec *r)
-{
-    SSLDirConfigRec *dc = myDirConfig(r);
-
-    /*
-     * Additionally forbid access (again)
-     * when strict require option is used.
-     */
-    if (   (dc->nOptions & SSL_OPT_STRICTREQUIRE)
-        && (ap_table_get(r->notes, "ssl-access-forbidden") != NULL))
-        return FORBIDDEN;
-
-    return DECLINED;
-}
-
-/*
- *   Fixup Handler
- */
-
-static const char *ssl_hook_Fixup_vars[] = {
-    "SSL_VERSION_INTERFACE",
-    "SSL_VERSION_LIBRARY",
-    "SSL_PROTOCOL",
-    "SSL_CIPHER",
-    "SSL_CIPHER_EXPORT",
-    "SSL_CIPHER_USEKEYSIZE",
-    "SSL_CIPHER_ALGKEYSIZE",
-    "SSL_CLIENT_VERIFY",
-    "SSL_CLIENT_M_VERSION",
-    "SSL_CLIENT_M_SERIAL",
-    "SSL_CLIENT_V_START",
-    "SSL_CLIENT_V_END",
-    "SSL_CLIENT_S_DN",
-    "SSL_CLIENT_S_DN_C",
-    "SSL_CLIENT_S_DN_ST",
-    "SSL_CLIENT_S_DN_L",
-    "SSL_CLIENT_S_DN_O",
-    "SSL_CLIENT_S_DN_OU",
-    "SSL_CLIENT_S_DN_CN",
-    "SSL_CLIENT_S_DN_T",
-    "SSL_CLIENT_S_DN_I",
-    "SSL_CLIENT_S_DN_G",
-    "SSL_CLIENT_S_DN_S",
-    "SSL_CLIENT_S_DN_D",
-    "SSL_CLIENT_S_DN_UID",
-    "SSL_CLIENT_S_DN_Email",
-    "SSL_CLIENT_I_DN",
-    "SSL_CLIENT_I_DN_C",
-    "SSL_CLIENT_I_DN_ST",
-    "SSL_CLIENT_I_DN_L",
-    "SSL_CLIENT_I_DN_O",
-    "SSL_CLIENT_I_DN_OU",
-    "SSL_CLIENT_I_DN_CN",
-    "SSL_CLIENT_I_DN_T",
-    "SSL_CLIENT_I_DN_I",
-    "SSL_CLIENT_I_DN_G",
-    "SSL_CLIENT_I_DN_S",
-    "SSL_CLIENT_I_DN_D",
-    "SSL_CLIENT_I_DN_UID",
-    "SSL_CLIENT_I_DN_Email",
-    "SSL_CLIENT_A_KEY",
-    "SSL_CLIENT_A_SIG",
-    "SSL_SERVER_M_VERSION",
-    "SSL_SERVER_M_SERIAL",
-    "SSL_SERVER_V_START",
-    "SSL_SERVER_V_END",
-    "SSL_SERVER_S_DN",
-    "SSL_SERVER_S_DN_C",
-    "SSL_SERVER_S_DN_ST",
-    "SSL_SERVER_S_DN_L",
-    "SSL_SERVER_S_DN_O",
-    "SSL_SERVER_S_DN_OU",
-    "SSL_SERVER_S_DN_CN",
-    "SSL_SERVER_S_DN_T",
-    "SSL_SERVER_S_DN_I",
-    "SSL_SERVER_S_DN_G",
-    "SSL_SERVER_S_DN_S",
-    "SSL_SERVER_S_DN_D",
-    "SSL_SERVER_S_DN_UID",
-    "SSL_SERVER_S_DN_Email",
-    "SSL_SERVER_I_DN",
-    "SSL_SERVER_I_DN_C",
-    "SSL_SERVER_I_DN_ST",
-    "SSL_SERVER_I_DN_L",
-    "SSL_SERVER_I_DN_O",
-    "SSL_SERVER_I_DN_OU",
-    "SSL_SERVER_I_DN_CN",
-    "SSL_SERVER_I_DN_T",
-    "SSL_SERVER_I_DN_I",
-    "SSL_SERVER_I_DN_G",
-    "SSL_SERVER_I_DN_S",
-    "SSL_SERVER_I_DN_D",
-    "SSL_SERVER_I_DN_UID",
-    "SSL_SERVER_I_DN_Email",
-    "SSL_SERVER_A_KEY",
-    "SSL_SERVER_A_SIG",
-    "SSL_SESSION_ID",
-    NULL
-};
-
-int ssl_hook_Fixup(request_rec *r)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
-    SSLDirConfigRec *dc = myDirConfig(r);
-    table *e = r->subprocess_env;
-    char *var;
-    char *val;
-    STACK_OF(X509) *sk;
-    SSL *ssl;
-    int i;
-
-    /*
-     * Check to see if SSL is on
-     */
-    if (!sc->bEnabled)
-        return DECLINED;
-    if ((ssl = ap_ctx_get(r->connection->client->ctx, "ssl")) == NULL)
-        return DECLINED;
-
-    /*
-     * Annotate the SSI/CGI environment with standard SSL information
-     */
-    /* the always present HTTPS (=HTTP over SSL) flag! */
-    ap_table_set(e, "HTTPS", "on"); 
-    /* standard SSL environment variables */
-    if (dc->nOptions & SSL_OPT_STDENVVARS) {
-        for (i = 0; ssl_hook_Fixup_vars[i] != NULL; i++) {
-            var = (char *)ssl_hook_Fixup_vars[i];
-            val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-            if (!strIsEmpty(val))
-                ap_table_set(e, var, val);
-        }
-    }
-
-    /*
-     * On-demand bloat up the SSI/CGI environment with certificate data
-     */
-    if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
-        val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_SERVER_CERT");
-        ap_table_set(e, "SSL_SERVER_CERT", val);
-        val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT");
-        ap_table_set(e, "SSL_CLIENT_CERT", val);
-        if ((sk = SSL_get_peer_cert_chain(ssl)) != NULL) {
-            for (i = 0; i < sk_X509_num(sk); i++) {
-                var = ap_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
-                val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-                if (val != NULL)
-                     ap_table_set(e, var, val);
-            }
-        }
-    }
-
-    /*
-     * On-demand bloat up the SSI/CGI environment with compat variables
-     */
-#ifdef SSL_COMPAT
-    if (dc->nOptions & SSL_OPT_COMPATENVVARS)
-        ssl_compat_variables(r);
-#endif
-
-    return DECLINED;
-}
-
-/*  _________________________________________________________________
-**
-**  OpenSSL Callback Functions
-**  _________________________________________________________________
-*/
-
-/*
- * Handle out temporary RSA private keys on demand
- *
- * The background of this as the TLSv1 standard explains it:
- *
- * | D.1. Temporary RSA keys
- * |
- * |    US Export restrictions limit RSA keys used for encryption to 512
- * |    bits, but do not place any limit on lengths of RSA keys used for
- * |    signing operations. Certificates often need to be larger than 512
- * |    bits, since 512-bit RSA keys are not secure enough for high-value
- * |    transactions or for applications requiring long-term security. Some
- * |    certificates are also designated signing-only, in which case they
- * |    cannot be used for key exchange.
- * |
- * |    When the public key in the certificate cannot be used for encryption,
- * |    the server signs a temporary RSA key, which is then exchanged. In
- * |    exportable applications, the temporary RSA key should be the maximum
- * |    allowable length (i.e., 512 bits). Because 512-bit RSA keys are
- * |    relatively insecure, they should be changed often. For typical
- * |    electronic commerce applications, it is suggested that keys be
- * |    changed daily or every 500 transactions, and more often if possible.
- * |    Note that while it is acceptable to use the same temporary key for
- * |    multiple transactions, it must be signed each time it is used.
- * |
- * |    RSA key generation is a time-consuming process. In many cases, a
- * |    low-priority process can be assigned the task of key generation.
- * |    Whenever a new key is completed, the existing temporary key can be
- * |    replaced with the new one.
- *
- * So we generated 512 and 1024 bit temporary keys on startup
- * which we now just handle out on demand....
- */
-RSA *ssl_callback_TmpRSA(SSL *pSSL, int nExport, int nKeyLen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    RSA *rsa;
-
-    rsa = NULL;
-    if (nExport) {
-        /* It's because an export cipher is used */
-        if (nKeyLen == 512)
-            rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512];
-        else if (nKeyLen == 1024)
-            rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024];
-        else
-            /* it's too expensive to generate on-the-fly, so keep 1024bit */
-            rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024];
-    }
-    else {
-        /* It's because a sign-only certificate situation exists */
-        rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024];
-    }
-    return rsa;
-}
-
-/* 
- * Handle out the already generated DH parameters...
- */
-DH *ssl_callback_TmpDH(SSL *pSSL, int nExport, int nKeyLen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DH *dh;
-
-    dh = NULL;
-    if (nExport) {
-        /* It's because an export cipher is used */
-        if (nKeyLen == 512)
-            dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH512];
-        else if (nKeyLen == 1024)
-            dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024];
-        else
-            /* it's too expensive to generate on-the-fly, so keep 1024bit */
-            dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024];
-    }
-    else {
-        /* It's because a sign-only certificate situation exists */
-        dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024];
-    }
-    return dh;
-}
-
-/*
- * This OpenSSL callback function is called when OpenSSL
- * does client authentication and verifies the certificate chain.
- */
-int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
-{
-    SSL *ssl;
-    conn_rec *conn;
-    server_rec *s;
-    request_rec *r;
-    SSLSrvConfigRec *sc;
-    SSLDirConfigRec *dc;
-    ap_ctx *actx;
-    X509 *xs;
-    int errnum;
-    int errdepth;
-    char *cp;
-    char *cp2;
-    int depth;
-    int verify;
-
-    /*
-     * Get Apache context back through OpenSSL context
-     */
-    ssl  = (SSL *)X509_STORE_CTX_get_app_data(ctx);
-    conn = (conn_rec *)SSL_get_app_data(ssl);
-    actx = (ap_ctx *)SSL_get_app_data2(ssl);
-    r    = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
-    s    = conn->server;
-    sc   = mySrvConfig(s);
-    dc   = (r != NULL ? myDirConfig(r) : NULL);
-
-    /*
-     * Get verify ingredients
-     */
-    xs       = X509_STORE_CTX_get_current_cert(ctx);
-    errnum   = X509_STORE_CTX_get_error(ctx);
-    errdepth = X509_STORE_CTX_get_error_depth(ctx);
-
-    /*
-     * Log verification information
-     */
-    cp  = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-    cp2 = X509_NAME_oneline(X509_get_issuer_name(xs),  NULL, 0);
-    ssl_log(s, SSL_LOG_TRACE,
-            "Certificate Verification: depth: %d, subject: %s, issuer: %s",
-            errdepth, cp != NULL ? cp : "-unknown-",
-            cp2 != NULL ? cp2 : "-unknown");
-    if (cp)
-        OPENSSL_free(cp);
-    if (cp2)
-        OPENSSL_free(cp2);
-
-    /*
-     * Check for optionally acceptable non-verifiable issuer situation
-     */
-    if (dc != NULL && dc->nVerifyClient != SSL_CVERIFY_UNSET)
-        verify = dc->nVerifyClient;
-    else
-        verify = sc->nVerifyClient;
-    if (   (   errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
-            || errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
-            || errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
-            || errnum == X509_V_ERR_CERT_UNTRUSTED
-            || errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE  )
-        && verify == SSL_CVERIFY_OPTIONAL_NO_CA                       ) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Certificate Verification: Verifiable Issuer is configured as "
-                "optional, therefore we're accepting the certificate");
-        ap_ctx_set(conn->client->ctx, "ssl::verify::info", "GENEROUS");
-        SSL_set_verify_result(ssl, X509_V_OK);
-        ok = TRUE;
-    }
-
-    /*
-     * Additionally perform CRL-based revocation checks
-     */
-    if (ok) {
-        ok = ssl_callback_SSLVerify_CRL(ok, ctx, s);
-        if (!ok)
-            errnum = X509_STORE_CTX_get_error(ctx);
-    }
-
-    /*
-     * If we already know it's not ok, log the real reason
-     */
-    if (!ok) {
-        ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
-                errnum, X509_verify_cert_error_string(errnum));
-        ap_ctx_set(conn->client->ctx, "ssl::client::dn", NULL);
-        ap_ctx_set(conn->client->ctx, "ssl::verify::error",
-                   (void *)X509_verify_cert_error_string(errnum));
-    }
-
-    /*
-     * Finally check the depth of the certificate verification
-     */
-    if (dc != NULL && dc->nVerifyDepth != UNSET)
-        depth = dc->nVerifyDepth;
-    else
-        depth = sc->nVerifyDepth;
-    if (errdepth > depth) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Certificate Verification: Certificate Chain too long "
-                "(chain has %d certificates, but maximum allowed are only %d)",
-                errdepth, depth);
-        ap_ctx_set(conn->client->ctx, "ssl::verify::error",
-                   (void *)X509_verify_cert_error_string(X509_V_ERR_CERT_CHAIN_TOO_LONG));
-        ok = FALSE;
-    }
-
-    /*
-     * And finally signal OpenSSL the (perhaps changed) state
-     */
-    return (ok);
-}
-
-int ssl_callback_SSLVerify_CRL(
-    int ok, X509_STORE_CTX *ctx, server_rec *s)
-{
-    SSLSrvConfigRec *sc;
-    X509_OBJECT obj;
-    X509_NAME *subject;
-    X509_NAME *issuer;
-    X509 *xs;
-    X509_CRL *crl;
-    X509_REVOKED *revoked;
-    EVP_PKEY *pubkey;
-    long serial;
-    BIO *bio;
-    int i, n, rc;
-    char *cp;
-    char *cp2;
-    ASN1_TIME *t;
-
-    /*
-     * Unless a revocation store for CRLs was created we
-     * cannot do any CRL-based verification, of course.
-     */
-    sc = mySrvConfig(s);
-    if (sc->pRevocationStore == NULL)
-        return ok;
-
-    /*
-     * Determine certificate ingredients in advance
-     */
-    xs      = X509_STORE_CTX_get_current_cert(ctx);
-    subject = X509_get_subject_name(xs);
-    issuer  = X509_get_issuer_name(xs);
-
-    /*
-     * OpenSSL provides the general mechanism to deal with CRLs but does not
-     * use them automatically when verifying certificates, so we do it
-     * explicitly here. We will check the CRL for the currently checked
-     * certificate, if there is such a CRL in the store.
-     *
-     * We come through this procedure for each certificate in the certificate
-     * chain, starting with the root-CA's certificate. At each step we've to
-     * both verify the signature on the CRL (to make sure it's a valid CRL)
-     * and it's revocation list (to make sure the current certificate isn't
-     * revoked).  But because to check the signature on the CRL we need the
-     * public key of the issuing CA certificate (which was already processed
-     * one round before), we've a little problem. But we can both solve it and
-     * at the same time optimize the processing by using the following
-     * verification scheme (idea and code snippets borrowed from the GLOBUS
-     * project):
-     *
-     * 1. We'll check the signature of a CRL in each step when we find a CRL
-     *    through the _subject_ name of the current certificate. This CRL
-     *    itself will be needed the first time in the next round, of course.
-     *    But we do the signature processing one round before this where the
-     *    public key of the CA is available.
-     *
-     * 2. We'll check the revocation list of a CRL in each step when
-     *    we find a CRL through the _issuer_ name of the current certificate.
-     *    This CRLs signature was then already verified one round before.
-     *
-     * This verification scheme allows a CA to revoke its own certificate as
-     * well, of course.
-     */
-
-    /*
-     * Try to retrieve a CRL corresponding to the _subject_ of
-     * the current certificate in order to verify it's integrity.
-     */
-    memset((char *)&obj, 0, sizeof(obj));
-    rc = SSL_X509_STORE_lookup(sc->pRevocationStore, X509_LU_CRL, subject, &obj);
-    crl = obj.data.crl;
-    if (rc > 0 && crl != NULL) {
-        /*
-         * Log information about CRL
-         * (A little bit complicated because of ASN.1 and BIOs...)
-         */
-        if (ssl_log_applies(s, SSL_LOG_TRACE)) {
-            bio = BIO_new(BIO_s_mem());
-            BIO_printf(bio, "lastUpdate: ");
-            ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
-            BIO_printf(bio, ", nextUpdate: ");
-            ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
-            n = BIO_pending(bio);
-            cp = malloc(n+1);
-            n = BIO_read(bio, cp, n);
-            cp[n] = NUL;
-            BIO_free(bio);
-            cp2 = X509_NAME_oneline(subject, NULL, 0);
-            ssl_log(s, SSL_LOG_TRACE, "CA CRL: Issuer: %s, %s", cp2, cp);
-            OPENSSL_free(cp2);
-            free(cp);
-        }
-
-        /*
-         * Verify the signature on this CRL
-         */
-        pubkey = X509_get_pubkey(xs);
-        if (X509_CRL_verify(crl, pubkey) <= 0) {
-            ssl_log(s, SSL_LOG_WARN, "Invalid signature on CRL");
-            X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
-            X509_OBJECT_free_contents(&obj);
-            if (pubkey != NULL)
-                EVP_PKEY_free(pubkey);
-            return FALSE;
-        }
-        if (pubkey != NULL)
-            EVP_PKEY_free(pubkey);
-
-        /*
-         * Check date of CRL to make sure it's not expired
-         */
-        if ((t = X509_CRL_get_nextUpdate(crl)) == NULL) {
-            ssl_log(s, SSL_LOG_WARN, "Found CRL has invalid nextUpdate field");
-            X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
-            X509_OBJECT_free_contents(&obj);
-            return FALSE;
-        }
-        if (X509_cmp_current_time(t) < 0) {
-            ssl_log(s, SSL_LOG_WARN,
-                    "Found CRL is expired - "
-                    "revoking all certificates until you get updated CRL");
-            X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
-            X509_OBJECT_free_contents(&obj);
-            return FALSE;
-        }
-        X509_OBJECT_free_contents(&obj);
-    }
-
-    /*
-     * Try to retrieve a CRL corresponding to the _issuer_ of
-     * the current certificate in order to check for revocation.
-     */
-    memset((char *)&obj, 0, sizeof(obj));
-    rc = SSL_X509_STORE_lookup(sc->pRevocationStore, X509_LU_CRL, issuer, &obj);
-    crl = obj.data.crl;
-    if (rc > 0 && crl != NULL) {
-        /*
-         * Check if the current certificate is revoked by this CRL
-         */
-        n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
-        for (i = 0; i < n; i++) {
-            revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-            if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) {
-
-                serial = ASN1_INTEGER_get(revoked->serialNumber);
-                cp = X509_NAME_oneline(issuer, NULL, 0);
-                ssl_log(s, SSL_LOG_INFO,
-                        "Certificate with serial %ld (0x%lX) "
-                        "revoked per CRL from issuer %s",
-                        serial, serial, cp);
-                OPENSSL_free(cp);
-
-                X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
-                X509_OBJECT_free_contents(&obj);
-                return FALSE;
-            }
-        }
-        X509_OBJECT_free_contents(&obj);
-    }
-    return ok;
-}
-
-/*
- *  This callback function is executed by OpenSSL whenever a new SSL_SESSION is
- *  added to the internal OpenSSL session cache. We use this hook to spread the
- *  SSL_SESSION also to the inter-process disk-cache to make share it with our
- *  other Apache pre-forked server processes.
- */
-int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *pNew)
-{
-    conn_rec *conn;
-    server_rec *s;
-    SSLSrvConfigRec *sc;
-    long t;
-    BOOL rc;
-
-    /*
-     * Get Apache context back through OpenSSL context
-     */
-    conn = (conn_rec *)SSL_get_app_data(ssl);
-    s    = conn->server;
-    sc   = mySrvConfig(s);
-
-    /*
-     * Set the timeout also for the internal OpenSSL cache, because this way
-     * our inter-process cache is consulted only when it's really necessary.
-     */
-    t = sc->nSessionCacheTimeout;
-    SSL_set_timeout(pNew, t);
-
-    /*
-     * Store the SSL_SESSION in the inter-process cache with the
-     * same expire time, so it expires automatically there, too.
-     */
-    t = (SSL_get_time(pNew) + sc->nSessionCacheTimeout);
-    rc = ssl_scache_store(s, pNew->session_id, pNew->session_id_length, t, pNew);
-
-    /*
-     * Log this cache operation
-     */
-    ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-            "request=SET status=%s id=%s timeout=%ds (session caching)",
-            rc == TRUE ? "OK" : "BAD",
-            SSL_SESSION_id2sz(pNew->session_id, pNew->session_id_length),
-            t-time(NULL));
-
-    /*
-     * return 0 which means to OpenSSL that the pNew is still
-     * valid and was not freed by us with SSL_SESSION_free().
-     */
-    return 0;
-}
-
-/*
- *  This callback function is executed by OpenSSL whenever a
- *  SSL_SESSION is looked up in the internal OpenSSL cache and it
- *  was not found. We use this to lookup the SSL_SESSION in the
- *  inter-process disk-cache where it was perhaps stored by one
- *  of our other Apache pre-forked server processes.
- */
-SSL_SESSION *ssl_callback_GetSessionCacheEntry(
-    SSL *ssl, unsigned char *id, int idlen, int *pCopy)
-{
-    conn_rec *conn;
-    server_rec *s;
-    SSL_SESSION *pSession;
-
-    /*
-     * Get Apache context back through OpenSSL context
-     */
-    conn = (conn_rec *)SSL_get_app_data(ssl);
-    s    = conn->server;
-
-    /*
-     * Try to retrieve the SSL_SESSION from the inter-process cache
-     */
-    pSession = ssl_scache_retrieve(s, id, idlen);
-
-    /*
-     * Log this cache operation
-     */
-    if (pSession != NULL)
-        ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-                "request=GET status=FOUND id=%s (session reuse)",
-                SSL_SESSION_id2sz(id, idlen));
-    else
-        ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-                "request=GET status=MISSED id=%s (session renewal)",
-                SSL_SESSION_id2sz(id, idlen));
-
-    /*
-     * Return NULL or the retrieved SSL_SESSION. But indicate (by
-     * setting pCopy to 0) that the reference count on the
-     * SSL_SESSION should not be incremented by the SSL library,
-     * because we will no longer hold a reference to it ourself.
-     */
-    *pCopy = 0;
-    return pSession;
-}
-
-/*
- *  This callback function is executed by OpenSSL whenever a
- *  SSL_SESSION is removed from the the internal OpenSSL cache.
- *  We use this to remove the SSL_SESSION in the inter-process
- *  disk-cache, too.
- */
-void ssl_callback_DelSessionCacheEntry(
-    SSL_CTX *ctx, SSL_SESSION *pSession)
-{
-    server_rec *s;
-
-    /*
-     * Get Apache context back through OpenSSL context
-     */
-    s = (server_rec *)SSL_CTX_get_app_data(ctx);
-    if (s == NULL) /* on server shutdown Apache is already gone */
-        return;
-
-    /*
-     * Remove the SSL_SESSION from the inter-process cache
-     */
-    ssl_scache_remove(s, pSession->session_id, pSession->session_id_length);
-
-    /*
-     * Log this cache operation
-     */
-    ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-            "request=REM status=OK id=%s (session dead)",
-            SSL_SESSION_id2sz(pSession->session_id,
-            pSession->session_id_length));
-
-    return;
-}
-
-/*
- * This callback function is executed while OpenSSL processes the
- * SSL handshake and does SSL record layer stuff. We use it to
- * trace OpenSSL's processing in out SSL logfile.
- */
-void ssl_callback_LogTracingState(const SSL *ssl, int where, int rc)
-{
-    conn_rec *c;
-    server_rec *s;
-    SSLSrvConfigRec *sc;
-    char *str;
-
-    /*
-     * find corresponding server
-     */
-    if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL)
-        return;
-    s = c->server;
-    if ((sc = mySrvConfig(s)) == NULL)
-        return;
-
-    /*
-     * create the various trace messages
-     */
-    if (sc->nLogLevel >= SSL_LOG_TRACE) {
-        if (where & SSL_CB_HANDSHAKE_START)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Handshake: start", SSL_LIBRARY_NAME);
-        else if (where & SSL_CB_HANDSHAKE_DONE)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Handshake: done", SSL_LIBRARY_NAME);
-        else if (where & SSL_CB_LOOP)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Loop: %s",
-                    SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-        else if (where & SSL_CB_READ)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Read: %s",
-                    SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-        else if (where & SSL_CB_WRITE)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Write: %s",
-                    SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-        else if (where & SSL_CB_ALERT) {
-            str = (where & SSL_CB_READ) ? "read" : "write";
-            ssl_log(s, SSL_LOG_TRACE, "%s: Alert: %s:%s:%s\n",
-                    SSL_LIBRARY_NAME, str,
-                    SSL_alert_type_string_long(rc),
-                    SSL_alert_desc_string_long(rc));
-        }
-        else if (where & SSL_CB_EXIT) {
-            if (rc == 0)
-                ssl_log(s, SSL_LOG_TRACE, "%s: Exit: failed in %s",
-                        SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-            else if (rc < 0)
-                ssl_log(s, SSL_LOG_TRACE, "%s: Exit: error in %s",
-                        SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-        }
-    }
-
-    /*
-     * Because SSL renegotiations can happen at any time (not only after
-     * SSL_accept()), the best way to log the current connection details is
-     * right after a finished handshake.
-     */
-    if (where & SSL_CB_HANDSHAKE_DONE) {
-        ssl_log(s, SSL_LOG_INFO,
-                "Connection: Client IP: %s, Protocol: %s, Cipher: %s (%s/%s bits)",
-                ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
-                ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
-                ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
-                ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
-                ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
-    }
-
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_log.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_log.c
deleted file mode 100644
index e5bf3107707..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_log.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_log.c
-**  Logging Facility
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``The difference between a computer
-                                  industry job and open-source software
-                                  hacking is about 30 hours a week.''
-                                         -- Ralf S. Engelschall     */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Logfile Support
-**  _________________________________________________________________
-*/
-
-/*
- * Open the SSL logfile
- */
-void ssl_log_open(server_rec *s_main, server_rec *s, pool *p)
-{
-    char *szLogFile;
-    SSLSrvConfigRec *sc_main = mySrvConfig(s_main);
-    SSLSrvConfigRec *sc = mySrvConfig(s);
-    piped_log *pl;
-    char *cp;
-
-    /* 
-     * Short-circuit for inherited logfiles in order to save
-     * filedescriptors in mass-vhost situation. Be careful, this works
-     * fine because the close happens implicitly by the pool facility.
-     */
-    if (   s != s_main 
-        && sc_main->fileLogFile != NULL
-        && (   (sc->szLogFile == NULL)
-            || (   sc->szLogFile != NULL 
-                && sc_main->szLogFile != NULL 
-                && strEQ(sc->szLogFile, sc_main->szLogFile)))) {
-        sc->fileLogFile = sc_main->fileLogFile;
-    }
-    else if (sc->szLogFile != NULL) {
-        if (strEQ(sc->szLogFile, "/dev/null"))
-            return;
-        else if (sc->szLogFile[0] == '|') {
-            cp = sc->szLogFile+1;
-            while (*cp == ' ' || *cp == '\t')
-                cp++;
-            szLogFile = ssl_util_server_root_relative(p, "log", cp);
-            if ((pl = ap_open_piped_log(p, szLogFile)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                        "Cannot open reliable pipe to SSL logfile filter %s", szLogFile);
-                ssl_die();
-            }
-            sc->fileLogFile = ap_pfdopen(p, ap_piped_log_write_fd(pl), "a");
-            setbuf(sc->fileLogFile, NULL);
-        }
-        else {
-            szLogFile = ssl_util_server_root_relative(p, "log", sc->szLogFile);
-            if ((sc->fileLogFile = ap_pfopen(p, szLogFile, "a")) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                        "Cannot open SSL logfile %s", szLogFile);
-                ssl_die();
-            }
-            setbuf(sc->fileLogFile, NULL);
-        }
-    }
-    return;
-}
-
-static struct {
-    int   nLevel;
-    char *szLevel;
-} ssl_log_level2string[] = {
-    { SSL_LOG_ERROR, "error" },
-    { SSL_LOG_WARN,  "warn"  },
-    { SSL_LOG_INFO,  "info"  },
-    { SSL_LOG_TRACE, "trace" },
-    { SSL_LOG_DEBUG, "debug" },
-    { 0, NULL }
-};
-
-static struct {
-    char *cpPattern;
-    char *cpAnnotation;
-} ssl_log_annotate[] = {
-    { "*envelope*bad*decrypt*", "wrong pass phrase!?" },
-    { "*CLIENT_HELLO*unknown*protocol*", "speaking not SSL to HTTPS port!?" },
-    { "*CLIENT_HELLO*http*request*", "speaking HTTP to HTTPS port!?" },
-    { "*SSL3_READ_BYTES:sslv3*alert*bad*certificate*", "Subject CN in certificate not server name or identical to CA!?" },
-    { "*self signed certificate in certificate chain*", "Client certificate signed by CA not known to server?" },
-    { "*peer did not return a certificate*", "No CAs known to server for verification?" },
-    { "*no shared cipher*", "Too restrictive SSLCipherSuite or using DSA server certificate?" },
-    { "*no start line*", "Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?" },
-    { "*bad password read*", "You entered an incorrect pass phrase!?" },
-    { "*bad mac decode*", "Browser still remembered details of a re-created server certificate?" },
-    { NULL, NULL }
-};
-
-static char *ssl_log_annotation(char *error)
-{
-    char *errstr;
-    int i;
-
-    errstr = NULL;
-    for (i = 0; ssl_log_annotate[i].cpPattern != NULL; i++) {
-        if (ap_strcmp_match(error, ssl_log_annotate[i].cpPattern) == 0) {
-            errstr = ssl_log_annotate[i].cpAnnotation;
-            break;
-        }
-    }
-    return errstr;
-}
-
-BOOL ssl_log_applies(server_rec *s, int level)
-{
-    SSLSrvConfigRec *sc;
-
-    sc = mySrvConfig(s);
-    if (   sc->fileLogFile == NULL
-        && !(level & SSL_LOG_ERROR))
-        return FALSE;
-    if (   level > sc->nLogLevel
-        && !(level & SSL_LOG_ERROR))
-        return FALSE;
-    return TRUE;
-}
-
-void ssl_log(server_rec *s, int level, const char *msg, ...)
-{
-    char tstr[80];
-    char lstr[20];
-    char vstr[1024];
-    char str[1024];
-    char nstr[2];
-    int timz;
-    struct tm *t;
-    va_list ap;
-    int add;
-    int i;
-    char *astr;
-    int safe_errno;
-    unsigned long e;
-    SSLSrvConfigRec *sc;
-    char *cpE;
-    char *cpA;
-
-    /*  initialization  */
-    va_start(ap, msg);
-    safe_errno = errno;
-    sc = mySrvConfig(s);
-
-    /*  strip out additional flags  */
-    add   = (level & ~SSL_LOG_MASK);
-    level = (level & SSL_LOG_MASK);
-
-    /*  reduce flags when not reasonable in context  */
-    if (add & SSL_ADD_ERRNO && errno == 0)
-        add &= ~SSL_ADD_ERRNO;
-    if (add & SSL_ADD_SSLERR && ERR_peek_error() == 0)
-        add &= ~SSL_ADD_SSLERR;
-
-    /*  we log only levels below, except for errors */
-    if (   sc->fileLogFile == NULL
-        && !(level & SSL_LOG_ERROR))
-        return;
-    if (   level > sc->nLogLevel
-        && !(level & SSL_LOG_ERROR))
-        return;
-
-    /*  determine the time entry string  */
-    if (add & SSL_NO_TIMESTAMP)
-        tstr[0] = NUL;
-    else {
-        t = ap_get_gmtoff(&timz);
-        strftime(tstr, 80, "[%d/%b/%Y %H:%M:%S", t);
-        i = strlen(tstr);
-        ap_snprintf(tstr+i, 80-i, " %05d] ", (unsigned int)getpid());
-    }
-
-    /*  determine whether newline should be written */
-    if (add & SSL_NO_NEWLINE)
-        nstr[0] = NUL;
-    else {
-        nstr[0] = '\n';
-        nstr[1] = NUL;
-    }
-
-    /*  determine level name  */
-    lstr[0] = NUL;
-    if (!(add & SSL_NO_LEVELID)) {
-        for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) {
-            if (ssl_log_level2string[i].nLevel == level) {
-                ap_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel);
-                break;
-            }
-        }
-        for (i = strlen(lstr); i <= 7; i++)
-            lstr[i] = ' ';
-        lstr[i] = NUL;
-    }
-
-    /*  create custom message  */
-    ap_vsnprintf(vstr, sizeof(vstr), msg, ap);
-
-    /*  write out SSLog message  */
-    if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR))
-        astr = " (System and " SSL_LIBRARY_NAME " library errors follow)";
-    else if (add & SSL_ADD_ERRNO)
-        astr = " (System error follows)";
-    else if (add & SSL_ADD_SSLERR)
-        astr = " (" SSL_LIBRARY_NAME " library error follows)";
-    else
-        astr = "";
-    if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
-        ap_snprintf(str, sizeof(str), "%s%s%s%s%s", tstr, lstr, vstr, astr, nstr);
-        fprintf(sc->fileLogFile, "%s", str);
-    }
-    if (level & SSL_LOG_ERROR)
-        ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
-                     "mod_ssl: %s%s", vstr, astr);
-
-    /*  write out additional attachment messages  */
-    if (add & SSL_ADD_ERRNO) {
-        if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
-            ap_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
-                        tstr, lstr, strerror(safe_errno), safe_errno, nstr);
-            fprintf(sc->fileLogFile, "%s", str);
-        }
-        if (level & SSL_LOG_ERROR)
-            ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
-                         "System: %s (errno: %d)",
-                         strerror(safe_errno), safe_errno);
-    }
-    if (add & SSL_ADD_SSLERR) {
-        while ((e = ERR_get_error())) {
-            cpE = ERR_error_string(e, NULL);
-            cpA = ssl_log_annotation(cpE);
-            if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
-                ap_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
-                            tstr, lstr, SSL_LIBRARY_NAME, cpE,
-                            cpA != NULL ? " [Hint: " : "",
-                            cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
-                            nstr);
-                fprintf(sc->fileLogFile, "%s", str);
-            }
-            if (level & SSL_LOG_ERROR)
-                ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
-                             "%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE,
-                             cpA != NULL ? " [Hint: " : "",
-                             cpA != NULL ? cpA : "", cpA != NULL ? "]" : "");
-        }
-    }
-    /* make sure the next log starts from a clean base */
-    /* ERR_clear_error(); */
-
-    /*  cleanup and return  */
-    if (sc->fileLogFile != NULL)
-        fflush(sc->fileLogFile);
-    errno = safe_errno;
-    va_end(ap);
-    return;
-}
-
-void ssl_die(void)
-{
-    /*
-     * This is used for fatal errors and here
-     * it is common module practice to really
-     * exit from the complete program.
-     */
-    exit(1);
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_mutex.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_mutex.c
deleted file mode 100644
index 229360d8f20..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_mutex.c
+++ /dev/null
@@ -1,356 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_mutex.c
-**  Semaphore for Mutual Exclusion
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Real programmers confuse
-                                  Christmas and Halloween
-                                  because DEC 25 = OCT 31.''
-                                             -- Unknown     */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Mutex Support (Common)
-**  _________________________________________________________________
-*/
-
-void ssl_mutex_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ssl_mutex_file_create(s, p);
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ssl_mutex_sem_create(s, p);
-    return;
-}
-
-void ssl_mutex_reinit(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ssl_mutex_file_open(s, p);
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ssl_mutex_sem_open(s, p);
-    return;
-}
-
-void ssl_mutex_on(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    BOOL ok = TRUE;
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ok = ssl_mutex_file_acquire();
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ok = ssl_mutex_sem_acquire();
-    if (!ok)
-        ssl_log(s, SSL_LOG_WARN, "Failed to acquire global mutex lock");
-    return;
-}
-
-void ssl_mutex_off(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    BOOL ok = TRUE;
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ok = ssl_mutex_file_release();
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ok = ssl_mutex_sem_release();
-    if (!ok)
-        ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock");
-    return;
-}
-
-void ssl_mutex_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ssl_mutex_file_remove(s);
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ssl_mutex_sem_remove(s);
-    return;
-}
-
-
-/*  _________________________________________________________________
-**
-**  Mutex Support (Lockfile)
-**  _________________________________________________________________
-*/
-
-void ssl_mutex_file_create(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    char mutexfile[MAXPATHLEN];
-
-    /* create the lockfile */
-    strlcpy(mutexfile, mc->szMutexFile, sizeof(mutexfile));
-    ap_server_strip_chroot(mutexfile, 0);
-    unlink(mutexfile);
-    if ((mc->nMutexFD = ap_popenf(p, mutexfile,
-                                  O_WRONLY|O_CREAT, SSL_MUTEX_LOCK_MODE)) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent process could not create SSLMutex lockfile %s",
-                mutexfile);
-        ssl_die();
-    }
-    ap_pclosef(p, mc->nMutexFD);
-
-    /* make sure the childs have access to this file */
-    if (geteuid() == 0 /* is superuser */)
-        chown(mutexfile, ap_user_id, -1 /* no gid change */);
-
-    /* open the lockfile for real */
-    if ((mc->nMutexFD = ap_popenf(p, mutexfile,
-                                  O_WRONLY, SSL_MUTEX_LOCK_MODE)) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent could not open SSLMutex lockfile %s",
-                mutexfile);
-        ssl_die();
-    }
-    return;
-}
-
-void ssl_mutex_file_open(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    char mutexfile[MAXPATHLEN];
-
-    strlcpy(mutexfile, mc->szMutexFile, sizeof(mutexfile));
-    ap_server_strip_chroot(mutexfile, 0);
-
-    /* open the lockfile (once per child) to get a unique fd */
-    if ((mc->nMutexFD = ap_popenf(p, mutexfile,
-                                  O_WRONLY, SSL_MUTEX_LOCK_MODE)) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Child could not open SSLMutex lockfile %s",
-                mutexfile);
-        ssl_die();
-    }
-    return;
-}
-
-void ssl_mutex_file_remove(void *data)
-{
-    SSLModConfigRec *mc = myModConfig();
-    char mutexfile[MAXPATHLEN];
-    strlcpy(mutexfile, mc->szMutexFile, sizeof(mutexfile));
-    ap_server_strip_chroot(mutexfile, 0);
-
-    /* remove the mutex lockfile */
-    unlink(mutexfile);
-    return;
-}
-
-#ifdef SSL_USE_FCNTL
-static struct flock   lock_it;
-static struct flock unlock_it;
-#endif
-
-BOOL ssl_mutex_file_acquire(void)
-{
-    int rc = -1;
-    SSLModConfigRec *mc = myModConfig();
-
-#ifdef SSL_USE_FCNTL
-    lock_it.l_whence = SEEK_SET; /* from current point */
-    lock_it.l_start  = 0;        /* -"- */
-    lock_it.l_len    = 0;        /* until end of file */
-    lock_it.l_type   = F_WRLCK;  /* set exclusive/write lock */
-    lock_it.l_pid    = 0;        /* pid not actually interesting */
-
-    while (   ((rc = fcntl(mc->nMutexFD, F_SETLKW, &lock_it)) < 0)
-           && (errno == EINTR)                                    ) 
-        ;
-#endif
-#ifdef SSL_USE_FLOCK
-    while (   ((rc = flock(mc->nMutexFD, LOCK_EX)) < 0)
-           && (errno == EINTR)                         )
-        ;
-#endif
-
-    if (rc < 0)
-        return FALSE;
-    else
-        return TRUE;
-}
-
-BOOL ssl_mutex_file_release(void)
-{
-    int rc = -1;
-    SSLModConfigRec *mc = myModConfig();
-
-#ifdef SSL_USE_FCNTL
-    unlock_it.l_whence = SEEK_SET; /* from current point */
-    unlock_it.l_start  = 0;        /* -"- */
-    unlock_it.l_len    = 0;        /* until end of file */
-    unlock_it.l_type   = F_UNLCK;  /* unlock */
-    unlock_it.l_pid    = 0;        /* pid not actually interesting */
-
-    while (   (rc = fcntl(mc->nMutexFD, F_SETLKW, &unlock_it)) < 0
-           && (errno == EINTR)                                    )
-        ;
-#endif
-#ifdef SSL_USE_FLOCK
-    while (   (rc = flock(mc->nMutexFD, LOCK_UN)) < 0
-           && (errno == EINTR)                       ) 
-        ;
-#endif
-
-    if (rc < 0)
-        return FALSE;
-    else
-        return TRUE;
-}
-
-/*  _________________________________________________________________
-**
-**  Mutex Support (Process Semaphore)
-**  _________________________________________________________________
-*/
-
-void ssl_mutex_sem_create(server_rec *s, pool *p)
-{
-    int semid;
-    SSLModConfigRec *mc = myModConfig();
-    union ssl_ipc_semun semctlarg;
-    struct semid_ds semctlbuf;
-
-    semid = semget(IPC_PRIVATE, 1, IPC_CREAT|IPC_EXCL|S_IRUSR|S_IWUSR);
-    if (semid == -1 && errno == EEXIST)
-        semid = semget(IPC_PRIVATE, 1, IPC_EXCL|S_IRUSR|S_IWUSR);
-    if (semid == -1) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent process could not create private SSLMutex semaphore");
-        ssl_die();
-    }
-    semctlarg.val = 0;
-    if (semctl(semid, 0, SETVAL, semctlarg) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent process could not initialize SSLMutex semaphore value");
-        ssl_die();
-    }
-    semctlbuf.sem_perm.uid  = ap_user_id;
-    semctlbuf.sem_perm.gid  = ap_group_id;
-    semctlbuf.sem_perm.mode = 0600;
-    semctlarg.buf = &semctlbuf;
-    if (semctl(semid, 0, IPC_SET, semctlarg) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent process could not set permissions for SSLMutex semaphore");
-        ssl_die();
-    }
-    mc->nMutexSEMID = semid;
-    return;
-}
-
-void ssl_mutex_sem_open(server_rec *s, pool *p)
-{
-    return;
-}
-
-void ssl_mutex_sem_remove(void *data)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    semctl(mc->nMutexSEMID, 0, IPC_RMID, 0);
-    return;
-}
-
-BOOL ssl_mutex_sem_acquire(void)
-{
-    int rc = 0;
-    SSLModConfigRec *mc = myModConfig();
-
-    struct sembuf sb[] = {
-        { 0, 0, 0 },       /* wait for semaphore */
-        { 0, 1, SEM_UNDO } /* increment semaphore */
-    };
-
-    while (   (rc = semop(mc->nMutexSEMID, sb, 2)) < 0
-           && (errno == EINTR)                        ) 
-        ;
-    if (rc != 0)
-        return FALSE;
-    else
-        return TRUE;
-}
-
-BOOL ssl_mutex_sem_release(void)
-{
-    int rc = 0;
-    SSLModConfigRec *mc = myModConfig();
-
-    struct sembuf sb[] = {
-        { 0, -1, SEM_UNDO } /* decrements semaphore */
-    };
-
-    while (   (rc = semop(mc->nMutexSEMID, sb, 1)) < 0 
-           && (errno == EINTR)                        ) 
-        ;
-    if (rc != 0)
-        return FALSE;
-    else
-        return TRUE;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c
deleted file mode 100644
index 78f4ec4a83e..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c
+++ /dev/null
@@ -1,540 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_pphrase.c
-**  Pass Phrase Dialog
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Treat your password like your
-                                  toothbrush. Don't let anybody
-                                  else use it, and get a new one
-                                  every six months.''
-                                           -- Clifford Stoll     */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Pass Phrase and Private Key Handling
-**  _________________________________________________________________
-*/
-
-#define STDERR_FILENO_STORE 50
-#define BUILTIN_DIALOG_BACKOFF 2
-#define BUILTIN_DIALOG_RETRIES 5
-
-void ssl_pphrase_Handle(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSLSrvConfigRec *sc;
-    server_rec *pServ;
-    char *cpVHostID;
-    char szPath[MAX_STRING_LEN];
-    EVP_PKEY *pPrivateKey;
-    ssl_asn1_t *asn1;
-    unsigned char *ucp;
-    X509 *pX509Cert;
-    FILE *fp;
-    BOOL bReadable;
-    ssl_ds_array *aPassPhrase;
-    int nPassPhrase;
-    int nPassPhraseCur;
-    char *cpPassPhraseCur;
-    int nPassPhraseRetry;
-    int nPassPhraseDialog;
-    int nPassPhraseDialogCur;
-    BOOL bPassPhraseDialogOnce;
-    char **cpp;
-    int i, j;
-    ssl_algo_t algoCert, algoKey, at;
-    char *an;
-    char *cp;
-
-    /*
-     * Start with a fresh pass phrase array
-     */
-    aPassPhrase       = ssl_ds_array_make(p, sizeof(char *));
-    nPassPhrase       = 0;
-    nPassPhraseDialog = 0;
-
-    /*
-     * Walk through all configured servers
-     */
-    for (pServ = s; pServ != NULL; pServ = pServ->next) {
-        sc = mySrvConfig(pServ);
-
-        if (!sc->bEnabled)
-            continue;
-
-        cpVHostID = ssl_util_vhostid(p, pServ);
-        ssl_log(pServ, SSL_LOG_INFO,
-                "Init: Loading certificate & private key of SSL-aware server %s",
-                cpVHostID);
-
-        /*
-         * Read in server certificate(s): This is the easy part
-         * because this file isn't encrypted in any way.
-         */
-        if (sc->szPublicCertFile[0] == NULL) {
-            ssl_log(pServ, SSL_LOG_ERROR,
-                    "Init: Server %s should be SSL-aware but has no certificate configured "
-                    "[Hint: SSLCertificateFile]", cpVHostID);
-            ssl_die();
-        }
-        algoCert = SSL_ALGO_UNKNOWN;
-        algoKey  = SSL_ALGO_UNKNOWN;
-        for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) {
-
-            ap_cpystrn(szPath, sc->szPublicCertFile[i], sizeof(szPath));
-            if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                        "Init: Can't open server certificate file %s", szPath);
-                ssl_die();
-            }
-            if ((pX509Cert = SSL_read_X509(fp, NULL, NULL)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: Unable to read server certificate from file %s", szPath);
-                ssl_die();
-            }
-            ap_pfclose(p, fp);
-
-            /*
-             * check algorithm type of certificate and make
-             * sure only one certificate per type is used.
-             */
-            at = ssl_util_algotypeof(pX509Cert, NULL);
-            an = ssl_util_algotypestr(at);
-            if (algoCert & at) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: Multiple %s server certificates not allowed", an);
-                ssl_die();
-            }
-            algoCert |= at;
-
-            /*
-             * Insert the certificate into global module configuration to let it
-             * survive the processing between the 1st Apache API init round (where
-             * we operate here) and the 2nd Apache init round (where the
-             * certificate is actually used to configure mod_ssl's per-server
-             * configuration structures).
-             */
-            cp = ap_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
-            asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPublicCert, cp);
-            asn1->nData  = i2d_X509(pX509Cert, NULL);
-            asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-            ucp = asn1->cpData; i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */
-
-            /*
-             * Free the X509 structure
-             */
-            X509_free(pX509Cert);
-
-            /*
-             * Read in the private key: This is the non-trivial part, because the
-             * key is typically encrypted, so a pass phrase dialog has to be used
-             * to request it from the user (or it has to be alternatively gathered
-             * from a dialog program). The important point here is that ISPs
-             * usually have hundrets of virtual servers configured and a lot of
-             * them use SSL, so really we have to minimize the pass phrase
-             * dialogs.
-             *
-             * The idea is this: When N virtual hosts are configured and all of
-             * them use encrypted private keys with different pass phrases, we
-             * have no chance and have to pop up N pass phrase dialogs. But
-             * usually the admin is clever enough and uses the same pass phrase
-             * for more private key files (typically he even uses one single pass
-             * phrase for all). When this is the case we can minimize the dialogs
-             * by trying to re-use already known/entered pass phrases.
-             */
-            if (sc->szPrivateKeyFile[j] != NULL)
-                ap_cpystrn(szPath, sc->szPrivateKeyFile[j++], sizeof(szPath));
-
-            /*
-             * Try to read the private key file with the help of
-             * the callback function which serves the pass
-             * phrases to OpenSSL
-             */
-            myCtxVarSet(mc,  1, pServ);
-            myCtxVarSet(mc,  2, p);
-            myCtxVarSet(mc,  3, aPassPhrase);
-            myCtxVarSet(mc,  4, &nPassPhraseCur);
-            myCtxVarSet(mc,  5, &cpPassPhraseCur);
-            myCtxVarSet(mc,  6, cpVHostID);
-            myCtxVarSet(mc,  7, an);
-            myCtxVarSet(mc,  8, &nPassPhraseDialog);
-            myCtxVarSet(mc,  9, &nPassPhraseDialogCur);
-            myCtxVarSet(mc, 10, &bPassPhraseDialogOnce);
-
-            nPassPhraseCur        = 0;
-            nPassPhraseRetry      = 0;
-            nPassPhraseDialogCur  = 0;
-            bPassPhraseDialogOnce = TRUE;
-
-			pPrivateKey = NULL;
-
-            for (;;) {
-                /*
-                 * Try to read the private key file with the help of
-                 * the callback function which serves the pass
-                 * phrases to OpenSSL
-                 */
-                if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
-                    ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                            "Init: Can't open server private key file %s", szPath);
-                    ssl_die();
-                }
-                cpPassPhraseCur = NULL;
-                /* Ensure that the error stack is empty; otherwise the
-                   OpenSSL UI code may dump it to stderr. */
-                ERR_clear_error();
-                bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL,
-                             ssl_pphrase_Handle_CB)) != NULL ? TRUE : FALSE);
-                ap_pfclose(p, fp);
-
-                /*
-                 * when the private key file now was readable,
-                 * it's fine and we go out of the loop
-                 */
-                if (bReadable)
-                   break;
-
-                /*
-                 * when we have more remembered pass phrases
-                 * try to reuse these first.
-                 */
-                if (nPassPhraseCur < nPassPhrase) {
-                    nPassPhraseCur++;
-                    continue;
-                }
-
-                /*
-                 * else it's not readable and we have no more
-                 * remembered pass phrases. Then this has to mean
-                 * that the callback function popped up the dialog
-                 * but a wrong pass phrase was entered.  We give the
-                 * user (but not the dialog program) a few more
-                 * chances...
-                 */
-                if (   sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN
-                    && cpPassPhraseCur != NULL
-                    && nPassPhraseRetry < BUILTIN_DIALOG_RETRIES ) {
-                    fprintf(stdout, "Apache:mod_ssl:Error: Pass phrase incorrect "
-                            "(%d more retr%s permitted).\n",
-                            (BUILTIN_DIALOG_RETRIES-nPassPhraseRetry),
-                            (BUILTIN_DIALOG_RETRIES-nPassPhraseRetry) == 1 ? "y" : "ies");
-                    nPassPhraseRetry++;
-                    if (nPassPhraseRetry > BUILTIN_DIALOG_BACKOFF)
-                        sleep((nPassPhraseRetry-BUILTIN_DIALOG_BACKOFF)*5);
-                    continue;
-                }
-
-                /*
-                 * Ok, anything else now means a fatal error.
-                 */
-                if (cpPassPhraseCur == NULL) {
-                    ssl_log(pServ, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: Private key not found");
-                    if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
-                        fprintf(stdout, "Apache:mod_ssl:Error: Private key not found.\n");
-                        fprintf(stdout, "**Stopped\n");
-                    }
-                } else {
-                    ssl_log(pServ, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: Pass phrase incorrect");
-                    if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
-                        fprintf(stdout, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
-                        fprintf(stdout, "**Stopped\n");
-                    }
-                }
-                ssl_die();
-            }
-
-            if (pPrivateKey == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: Unable to read server private key from file %s", szPath);
-                ssl_die();
-            }
-
-            /*
-             * check algorithm type of private key and make
-             * sure only one private key per type is used.
-             */
-            at = ssl_util_algotypeof(NULL, pPrivateKey);
-            an = ssl_util_algotypestr(at);
-            if (algoKey & at) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: Multiple %s server private keys not allowed", an);
-                ssl_die();
-            }
-            algoKey |= at;
-
-            /*
-             * Log the type of reading
-             */
-            if (nPassPhraseDialogCur == 0)
-                ssl_log(pServ, SSL_LOG_TRACE, 
-                        "Init: (%s) unencrypted %s private key - pass phrase not required", 
-                        cpVHostID, an);
-            else {
-                if (cpPassPhraseCur != NULL)
-                    ssl_log(pServ, SSL_LOG_TRACE, 
-                            "Init: (%s) encrypted %s private key - pass phrase requested", 
-                            cpVHostID, an);
-                else
-                    ssl_log(pServ, SSL_LOG_TRACE, 
-                            "Init: (%s) encrypted %s private key - pass phrase reused", 
-                            cpVHostID, an);
-            }
-
-            /*
-             * Ok, when we have one more pass phrase store it
-             */
-            if (cpPassPhraseCur != NULL) {
-                cpp = (char **)ssl_ds_array_push(aPassPhrase);
-                *cpp = cpPassPhraseCur;
-                nPassPhrase++;
-            }
-
-	    /*
-	     * For RSA keys, add blinding.
-	     */
-	    if (at == SSL_ALGO_RSA)
-		    if (RSA_blinding_on (pPrivateKey->pkey.rsa, NULL) != 1) {
-			    ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-				    "Init: RSA blinding failed for private key");
-			    ssl_die();
-		    }		
-    
-            /*
-             * Insert private key into the global module configuration
-             * (we convert it to a stand-alone DER byte sequence
-             * because the SSL library uses static variables inside a
-             * RSA structure which do not survive DSO reloads!)
-             */
-            cp = ap_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
-            asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPrivateKey, cp);
-            asn1->nData  = i2d_PrivateKey(pPrivateKey, NULL);
-            asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-            ucp = asn1->cpData; i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
-
-            /*
-             * Free the private key structure
-             */
-            EVP_PKEY_free(pPrivateKey);
-        }
-    }
-
-    /*
-     * Let the user know when we're successful.
-     */
-    if (nPassPhraseDialog > 0) {
-        sc = mySrvConfig(s);
-        if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
-            fprintf(stdout, "\n");
-            fprintf(stdout, "Ok: Pass Phrase Dialog successful.\n");
-        }
-    }
-
-    /*
-     * Wipe out the used memory from the
-     * pass phrase array and then deallocate it
-     */
-    if (!ssl_ds_array_isempty(aPassPhrase)) {
-        ssl_ds_array_wipeout(aPassPhrase);
-        ssl_ds_array_kill(aPassPhrase);
-        ssl_log(s, SSL_LOG_INFO, "Init: Wiped out the queried pass phrases from memory");
-    }
-
-    return;
-}
-
-int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
-{
-    SSLModConfigRec *mc = myModConfig();
-    server_rec *s;
-    pool *p;
-    ssl_ds_array *aPassPhrase;
-    SSLSrvConfigRec *sc;
-    int *pnPassPhraseCur;
-    char **cppPassPhraseCur;
-    char *cpVHostID;
-    char *cpAlgoType;
-    int *pnPassPhraseDialog;
-    int *pnPassPhraseDialogCur;
-    BOOL *pbPassPhraseDialogOnce;
-    int stderr_store;
-    char **cpp;
-    int len = -1;
-
-    /*
-     * Reconnect to the context of ssl_phrase_Handle()
-     */
-    s                      = myCtxVarGet(mc,  1, server_rec *);
-    p                      = myCtxVarGet(mc,  2, pool *);
-    aPassPhrase            = myCtxVarGet(mc,  3, ssl_ds_array *);
-    pnPassPhraseCur        = myCtxVarGet(mc,  4, int *);
-    cppPassPhraseCur       = myCtxVarGet(mc,  5, char **);
-    cpVHostID              = myCtxVarGet(mc,  6, char *);
-    cpAlgoType             = myCtxVarGet(mc,  7, char *);
-    pnPassPhraseDialog     = myCtxVarGet(mc,  8, int *);
-    pnPassPhraseDialogCur  = myCtxVarGet(mc,  9, int *);
-    pbPassPhraseDialogOnce = myCtxVarGet(mc, 10, BOOL *);
-    sc                     = mySrvConfig(s);
-
-    (*pnPassPhraseDialog)++;
-    (*pnPassPhraseDialogCur)++;
-
-    /*
-     * When remembered pass phrases are available use them...
-     */
-    if ((cpp = (char **)ssl_ds_array_get(aPassPhrase, *pnPassPhraseCur)) != NULL) {
-        ap_cpystrn(buf, *cpp, bufsize);
-        len = strlen(buf);
-        return len;
-    }
-
-    /*
-     * Builtin dialog
-     */
-    if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
-        char *prompt;
-        int i;
-
-        ssl_log(s, SSL_LOG_INFO,
-                "Init: Requesting pass phrase via builtin terminal dialog");
-
-        /*
-         * Reconnect STDERR to terminal (here STDOUT) because
-         * at our init stage Apache already connected STDERR
-         * to the general error logfile.
-         */
-        if ((stderr_store = open("/dev/null", O_WRONLY)) == -1)
-            stderr_store = STDERR_FILENO_STORE;
-        dup2(STDERR_FILENO, stderr_store);
-        dup2(STDOUT_FILENO, STDERR_FILENO);
-
-        /*
-         * The first time display a header to inform the user about what
-         * program he actually speaks to, which module is responsible for
-         * this terminal dialog and why to the hell he has to enter
-         * something...
-         */
-        if (*pnPassPhraseDialog == 1) {
-            fprintf(stderr, "%s mod_ssl/%s (Pass Phrase Dialog)\n",
-                    SERVER_BASEVERSION, MOD_SSL_VERSION);
-            fprintf(stderr, "Some of your private key files are encrypted for security reasons.\n");
-            fprintf(stderr, "In order to read them you have to provide us with the pass phrases.\n");
-        }
-        if (*pbPassPhraseDialogOnce) {
-            *pbPassPhraseDialogOnce = FALSE;
-            fprintf(stderr, "\n");
-            fprintf(stderr, "Server %s (%s)\n", cpVHostID, cpAlgoType);
-        }
-
-        /*
-         * Emulate the OpenSSL internal pass phrase dialog
-         * (see crypto/pem/pem_lib.c:def_callback() for details)
-         */
-        prompt = "Enter pass phrase:";
-        for (;;) {
-            if ((i = EVP_read_pw_string(buf, bufsize, prompt, FALSE)) != 0) {
-                PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
-                memset(buf, 0, (unsigned int)bufsize);
-                return (-1);
-            }
-            len = strlen(buf);
-            if (len < 1)
-                fprintf(stderr, "Apache:mod_ssl:Error: Pass phrase empty (needs to be at least 1 character).\n");
-            else
-                break;
-        }
-
-        /*
-         * Restore STDERR to Apache error logfile
-         */
-        dup2(stderr_store, STDERR_FILENO);
-        close(stderr_store);
-    }
-
-    /*
-     * Filter program
-     */
-    else if (sc->nPassPhraseDialogType == SSL_PPTYPE_FILTER) {
-        char *cmd;
-        char *result;
-
-        ssl_log(s, SSL_LOG_INFO,
-                "Init: Requesting pass phrase from dialog filter program (%s)",
-                sc->szPassPhraseDialogPath);
-
-        if (strchr(sc->szPassPhraseDialogPath, ' ') != NULL)
-            cmd = ap_psprintf(p, "\"%s\" %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
-        else
-            cmd = ap_psprintf(p, "%s %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
-        result = ssl_util_readfilter(s, p, cmd);
-        ap_cpystrn(buf, result, bufsize);
-        len = strlen(buf);
-    }
-
-    /*
-     * Ok, we now have the pass phrase, so give it back
-     */
-    *cppPassPhraseCur = ap_pstrdup(p, buf);
-
-    /*
-     * And return it's length to OpenSSL...
-     */
-    return (len);
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c
deleted file mode 100644
index 32a849a09fb..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_rand.c
-**  Random Number Generator Seeding
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``The generation of random
-                                  numbers is too important
-                                  to be left to chance.'' */
-
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Support for better seeding of SSL library's RNG
-**  _________________________________________________________________
-*/
-
-static int ssl_rand_choosenum(int);
-static int ssl_rand_feedfp(pool *, FILE *, int);
-
-int ssl_rand_seed(server_rec *s, pool *p, ssl_rsctx_t nCtx, char *prefix)
-{
-    SSLModConfigRec *mc;
-    array_header *apRandSeed;
-    ssl_randseed_t *pRandSeeds;
-    ssl_randseed_t *pRandSeed;
-    unsigned char stackdata[256];
-    int nReq, nDone;
-    FILE *fp;
-    int i, n, l;
-    time_t t;
-    pid_t pid;
-    int m;
-
-    mc = myModConfig();
-    nReq  = 0;
-    nDone = 0;
-    apRandSeed = mc->aRandSeed;
-    pRandSeeds = (ssl_randseed_t *)apRandSeed->elts;
-    for (i = 0; i < apRandSeed->nelts; i++) {
-        pRandSeed = &pRandSeeds[i];
-        if (pRandSeed->nCtx == nCtx) {
-            nReq += pRandSeed->nBytes;
-            if (pRandSeed->nSrc == SSL_RSSRC_FILE) {
-                /*
-                 * seed in contents of an external file
-                 */
-                if ((fp = ap_pfopen(p, pRandSeed->cpPath, "r")) == NULL)
-                    continue;
-                nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
-                ap_pfclose(p, fp);
-            }
-            else if (pRandSeed->nSrc == SSL_RSSRC_EXEC) {
-                /*
-                 * seed in contents generated by an external program
-                 */
-                if ((fp = ssl_util_ppopen(s, p, ap_psprintf(p, "%s %d",
-                                          pRandSeed->cpPath, pRandSeed->nBytes))) == NULL)
-                    continue;
-                nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
-                ssl_util_ppclose(s, p, fp);
-            }
-            else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
-                /*
-                 * seed in contents provided by the external
-                 * Entropy Gathering Daemon (EGD)
-                 */
-                if ((n = RAND_egd_bytes(pRandSeed->cpPath, pRandSeed->nBytes)) == -1)
-                    continue;
-                nDone += n;
-            }
-            else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
-                /*
-                 * seed in the current time (usually just 4 bytes)
-                 */
-                t = time(NULL);
-                l = sizeof(time_t);
-                RAND_seed((unsigned char *)&t, l);
-                nDone += l;
-
-                /*
-                 * seed in the current process id (usually just 4 bytes)
-                 */
-                pid = getpid();
-                l = sizeof(pid_t);
-                RAND_seed((unsigned char *)&pid, l);
-                nDone += l;
-                
-                /*
-                 * seed in some current state of the run-time stack (128 bytes)
-                 */
-                n = ssl_rand_choosenum(sizeof(stackdata)-128-1);
-                RAND_seed(stackdata+n, 128);
-                nDone += 128;
-
-                /*
-                 * seed in extract data from the current scoreboard
-                 */
-                if (ap_scoreboard_image != NULL && SCOREBOARD_SIZE > 16) {
-                    if ((m = ((SCOREBOARD_SIZE / 2) - 1)) > 1024)
-                        m = 1024;
-                    n = ssl_rand_choosenum(m);
-                    RAND_seed(((unsigned char *)ap_scoreboard_image)+n, m);
-                    nDone += m;
-                }
-            }
-        }
-    }
-    ssl_log(s, SSL_LOG_INFO, "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
-
-    if (RAND_status() == 0)
-        ssl_log(s, SSL_LOG_WARN, "%sPRNG still contains insufficient entropy!", prefix);
-    return nDone;
-}
-
-#define BUFSIZE 8192
-
-static int ssl_rand_feedfp(pool *p, FILE *fp, int nReq)
-{
-    int nDone;
-    unsigned char caBuf[BUFSIZE];
-    int nBuf;
-    int nRead;
-    int nTodo;
-
-    nDone = 0;
-    nRead = BUFSIZE;
-    nTodo = nReq;
-    while (1) {
-        if (nReq > 0)
-            nRead = (nTodo < BUFSIZE ? nTodo : BUFSIZE);
-        if ((nBuf = (int)fread(caBuf, 1, nRead, fp)) <= 0)
-            break;
-        RAND_seed(caBuf, nBuf);
-        nDone += nBuf;
-        if (nReq > 0) {
-            nTodo -= nBuf;
-            if (nTodo <= 0)
-                break;
-        }
-    }
-    return nDone;
-}
-
-/* Generate a random number in the range 1-h */
-static int ssl_rand_choosenum(int h)
-{
-	return (int)(arc4random() / ((double)0xffffffffU + 1) * h + 1);
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c
deleted file mode 100644
index 10965df9e71..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_vars.c
-**  Variable Lookup Facility
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Those of you who think they
-                                  know everything are very annoying
-                                  to those of us who do.''
-                                                  -- Unknown       */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Variable Lookup
-**  _________________________________________________________________
-*/
-
-static char *ssl_var_lookup_header(pool *p, request_rec *r, const char *name);
-static char *ssl_var_lookup_ssl(pool *p, conn_rec *c, char *var);
-static char *ssl_var_lookup_ssl_cert(pool *p, X509 *xs, char *var);
-static char *ssl_var_lookup_ssl_cert_dn(pool *p, X509_NAME *xsname, char *var);
-static char *ssl_var_lookup_ssl_cert_valid(pool *p, ASN1_UTCTIME *tm);
-static char *ssl_var_lookup_ssl_cert_serial(pool *p, X509 *xs);
-static char *ssl_var_lookup_ssl_cert_chain(pool *p, STACK_OF(X509) *sk, char *var);
-static char *ssl_var_lookup_ssl_cert_PEM(pool *p, X509 *xs);
-static char *ssl_var_lookup_ssl_cert_verify(pool *p, conn_rec *c);
-static char *ssl_var_lookup_ssl_cipher(pool *p, conn_rec *c, char *var);
-static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
-static char *ssl_var_lookup_ssl_version(pool *p, char *var);
-
-void ssl_var_register(void)
-{
-    ap_hook_configure("ap::mod_ssl::var_lookup",
-                      AP_HOOK_SIG6(ptr,ptr,ptr,ptr,ptr,ptr), AP_HOOK_DECLINE(NULL));
-    ap_hook_register("ap::mod_ssl::var_lookup",
-                     ssl_var_lookup, AP_HOOK_NOCTX);
-    return;
-}
-
-void ssl_var_unregister(void)
-{
-    ap_hook_unregister("ap::mod_ssl::var_lookup", ssl_var_lookup);
-    return;
-}
-
-char *ssl_var_lookup(pool *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
-{
-    SSLModConfigRec *mc = myModConfig();
-    char *result;
-    BOOL resdup;
-    time_t tc;
-    struct tm *tm;
-
-    result = NULL;
-    resdup = TRUE;
-
-    /*
-     * When no pool is given try to find one
-     */
-    if (p == NULL) {
-        if (r != NULL)
-            p = r->pool;
-        else if (c != NULL)
-            p = c->pool;
-        else
-            p = mc->pPool;
-    }
-
-    /*
-     * Request dependent stuff
-     */
-    if (r != NULL) {
-        if (strcEQ(var, "HTTP_USER_AGENT"))
-            result = ssl_var_lookup_header(p, r, "User-Agent");
-        else if (strcEQ(var, "HTTP_REFERER"))
-            result = ssl_var_lookup_header(p, r, "Referer");
-        else if (strcEQ(var, "HTTP_COOKIE"))
-            result = ssl_var_lookup_header(p, r, "Cookie");
-        else if (strcEQ(var, "HTTP_FORWARDED"))
-            result = ssl_var_lookup_header(p, r, "Forwarded");
-        else if (strcEQ(var, "HTTP_HOST"))
-            result = ssl_var_lookup_header(p, r, "Host");
-        else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
-            result = ssl_var_lookup_header(p, r, "Proxy-Connection");
-        else if (strcEQ(var, "HTTP_ACCEPT"))
-            result = ssl_var_lookup_header(p, r, "Accept");
-        else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
-            /* all other headers from which we are still not know about */
-            result = ssl_var_lookup_header(p, r, var+5);
-        else if (strcEQ(var, "THE_REQUEST"))
-            result = r->the_request;
-        else if (strcEQ(var, "REQUEST_METHOD"))
-            result = (char *)(r->method);
-        else if (strcEQ(var, "REQUEST_SCHEME"))
-            result = ap_http_method(r);
-        else if (strcEQ(var, "REQUEST_URI"))
-            result = r->uri;
-        else if (strcEQ(var, "SCRIPT_FILENAME") ||
-                 strcEQ(var, "REQUEST_FILENAME"))
-            result = r->filename;
-        else if (strcEQ(var, "PATH_INFO"))
-            result = r->path_info;
-        else if (strcEQ(var, "QUERY_STRING"))
-            result = r->args;
-        else if (strcEQ(var, "REMOTE_HOST"))
-            result = (char *)ap_get_remote_host(r->connection,
-                                                r->per_dir_config, REMOTE_NAME);
-        else if (strcEQ(var, "REMOTE_IDENT"))
-            result = (char *)ap_get_remote_logname(r);
-        else if (strcEQ(var, "IS_SUBREQ"))
-            result = (r->main != NULL ? "true" : "false");
-        else if (strcEQ(var, "DOCUMENT_ROOT"))
-            result = (char *)ap_document_root(r);
-        else if (strcEQ(var, "SERVER_ADMIN"))
-            result = r->server->server_admin;
-        else if (strcEQ(var, "SERVER_NAME"))
-            result = (char *)ap_get_server_name(r);
-        else if (strcEQ(var, "SERVER_PORT"))
-            result = ap_psprintf(p, "%u", ap_get_server_port(r));
-        else if (strcEQ(var, "SERVER_PROTOCOL"))
-            result = r->protocol;
-    }
-
-    /*
-     * Connection stuff
-     */
-    if (result == NULL && c != NULL) {
-        if (strcEQ(var, "REMOTE_ADDR"))
-            result = c->remote_ip;
-        else if (strcEQ(var, "REMOTE_USER"))
-            result = c->user;
-        else if (strcEQ(var, "AUTH_TYPE"))
-            result = c->ap_auth_type;
-        else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
-            result = ssl_var_lookup_ssl(p, c, var+4);
-        else if (strcEQ(var, "HTTPS")) {
-            if (ap_ctx_get(c->client->ctx, "ssl") != NULL)
-                result = "on";
-            else
-                result = "off";
-        }
-    }
-
-    /*
-     * Totally independent stuff
-     */
-    if (result == NULL) {
-        if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
-            result = ssl_var_lookup_ssl_version(p, var+12);
-        else if (strcEQ(var, "SERVER_SOFTWARE"))
-            result = (char *)ap_get_server_version();
-        else if (strcEQ(var, "API_VERSION")) {
-            result = ap_psprintf(p, "%d", MODULE_MAGIC_NUMBER);
-            resdup = FALSE;
-        }
-        else if (strcEQ(var, "TIME_YEAR")) {
-            tc = time(NULL);
-            tm = localtime(&tc);
-            result = ap_psprintf(p, "%02d%02d",
-                                 (tm->tm_year / 100) + 19, tm->tm_year % 100);
-            resdup = FALSE;
-        }
-#define MKTIMESTR(format, tmfield) \
-            tc = time(NULL); \
-            tm = localtime(&tc); \
-            result = ap_psprintf(p, format, tm->tmfield); \
-            resdup = FALSE;
-        else if (strcEQ(var, "TIME_MON")) {
-            MKTIMESTR("%02d", tm_mon+1)
-        }
-        else if (strcEQ(var, "TIME_DAY")) {
-            MKTIMESTR("%02d", tm_mday)
-        }
-        else if (strcEQ(var, "TIME_HOUR")) {
-            MKTIMESTR("%02d", tm_hour)
-        }
-        else if (strcEQ(var, "TIME_MIN")) {
-            MKTIMESTR("%02d", tm_min)
-        }
-        else if (strcEQ(var, "TIME_SEC")) {
-            MKTIMESTR("%02d", tm_sec)
-        }
-        else if (strcEQ(var, "TIME_WDAY")) {
-            MKTIMESTR("%d", tm_wday)
-        }
-        else if (strcEQ(var, "TIME")) {
-            tc = time(NULL);
-            tm = localtime(&tc);
-            result = ap_psprintf(p,
-                        "%02d%02d%02d%02d%02d%02d%02d", (tm->tm_year / 100) + 19,
-                        (tm->tm_year % 100), tm->tm_mon+1, tm->tm_mday,
-                        tm->tm_hour, tm->tm_min, tm->tm_sec);
-            resdup = FALSE;
-        }
-        /* all other env-variables from the parent Apache process */
-        else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
-            result = (char *)ap_table_get(r->notes, var+4);
-            if (result == NULL)
-                result = (char *)ap_table_get(r->subprocess_env, var+4);
-            if (result == NULL)
-                result = getenv(var+4);
-        }
-    }
-
-    if (result != NULL && resdup)
-        result = ap_pstrdup(p, result);
-    if (result == NULL)
-        result = "";
-    return result;
-}
-
-static char *ssl_var_lookup_header(pool *p, request_rec *r, const char *name)
-{
-    array_header *hdrs_arr;
-    table_entry *hdrs;
-    int i;
-
-    hdrs_arr = ap_table_elts(r->headers_in);
-    hdrs = (table_entry *)hdrs_arr->elts;
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-        if (hdrs[i].key == NULL)
-            continue;
-        if (strcEQ(hdrs[i].key, name))
-            return ap_pstrdup(p, hdrs[i].val);
-    }
-    return NULL;
-}
-
-static char *ssl_var_lookup_ssl(pool *p, conn_rec *c, char *var)
-{
-    char *result;
-    X509 *xs;
-    STACK_OF(X509) *sk;
-    SSL *ssl;
-
-    result = NULL;
-
-    ssl = ap_ctx_get(c->client->ctx, "ssl");
-    if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
-        result = ssl_var_lookup_ssl_version(p, var+8);
-    }
-    else if (ssl != NULL && strcEQ(var, "PROTOCOL")) {
-        result = (char *)SSL_get_version(ssl);
-    }
-    else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
-        SSL_SESSION *pSession = SSL_get_session(ssl);
-        result = ap_pstrdup(p, SSL_SESSION_id2sz(pSession->session_id, 
-                                                 pSession->session_id_length));
-    }
-    else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
-        result = ssl_var_lookup_ssl_cipher(p, c, var+6);
-    }
-    else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
-        sk = SSL_get_peer_cert_chain(ssl);
-        result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18);
-    }
-    else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) {
-        result = ssl_var_lookup_ssl_cert_verify(p, c);
-    }
-    else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
-        if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
-            result = ssl_var_lookup_ssl_cert(p, xs, var+7);
-            X509_free(xs);
-        }
-    }
-    else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
-        if ((xs = SSL_get_certificate(ssl)) != NULL) {
-            result = ssl_var_lookup_ssl_cert(p, xs, var+7);
-            /* SSL_get_certificate() as of OpenSSL 0.9.7a does not increment
-               the reference count the same way SSL_get_peer_certificate does,
-               so no need to X509_free(xs) the stuff here. */
-        }
-    }
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert(pool *p, X509 *xs, char *var)
-{
-    char *result;
-    BOOL resdup;
-    X509_NAME *xsname;
-    int nid;
-    char *cp;
-
-    result = NULL;
-    resdup = TRUE;
-
-    if (strcEQ(var, "M_VERSION")) {
-        result = ap_psprintf(p, "%lu", X509_get_version(xs)+1);
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "M_SERIAL")) {
-        result = ssl_var_lookup_ssl_cert_serial(p, xs);
-    }
-    else if (strcEQ(var, "V_START")) {
-        result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
-    }
-    else if (strcEQ(var, "V_END")) {
-        result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
-    }
-    else if (strcEQ(var, "S_DN")) {
-        xsname = X509_get_subject_name(xs);
-        cp = X509_NAME_oneline(xsname, NULL, 0);
-        result = ap_pstrdup(p, cp);
-        OPENSSL_free(cp);
-        resdup = FALSE;
-    }
-    else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
-        xsname = X509_get_subject_name(xs);
-        result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5);
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "I_DN")) {
-        xsname = X509_get_issuer_name(xs);
-        cp = X509_NAME_oneline(xsname, NULL, 0);
-        result = ap_pstrdup(p, cp);
-        OPENSSL_free(cp);
-        resdup = FALSE;
-    }
-    else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
-        xsname = X509_get_issuer_name(xs);
-        result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5);
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "A_SIG")) {
-        nid = OBJ_obj2nid(xs->cert_info->signature->algorithm);
-        result = ap_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "A_KEY")) {
-        nid = OBJ_obj2nid(xs->cert_info->key->algor->algorithm);
-        result = ap_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "CERT")) {
-        result = ssl_var_lookup_ssl_cert_PEM(p, xs);
-    }
-
-    if (result != NULL && resdup)
-        result = ap_pstrdup(p, result);
-    return result;
-}
-
-static const struct {
-    char *name;
-    int   nid;
-} ssl_var_lookup_ssl_cert_dn_rec[] = {
-    { "C",     NID_countryName            },
-    { "ST",    NID_stateOrProvinceName    }, /* officially    (RFC2156) */
-    { "SP",    NID_stateOrProvinceName    }, /* compatibility (SSLeay)  */
-    { "L",     NID_localityName           },
-    { "O",     NID_organizationName       },
-    { "OU",    NID_organizationalUnitName },
-    { "CN",    NID_commonName             },
-    { "T",     NID_title                  },
-    { "I",     NID_initials               },
-    { "G",     NID_givenName              },
-    { "S",     NID_surname                },
-    { "D",     NID_description            },
-    { "UID",   NID_x500UniqueIdentifier   },
-    { "Email", NID_pkcs9_emailAddress     },
-    { NULL,    0                          }
-};
-
-static char *ssl_var_lookup_ssl_cert_dn(pool *p, X509_NAME *xsname, char *var)
-{
-    char *result;
-    X509_NAME_ENTRY *xsne;
-    int i, j, n;
-
-    result = NULL;
-
-    for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) {
-        if (strEQ(var, ssl_var_lookup_ssl_cert_dn_rec[i].name)) {
-            for (j = 0; j < sk_X509_NAME_ENTRY_num(xsname->entries); j++) {
-                xsne = sk_X509_NAME_ENTRY_value(xsname->entries, j);
-                n = OBJ_obj2nid(xsne->object);
-                if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid) {
-                    result = ap_palloc(p, xsne->value->length+1);
-                    ap_cpystrn(result, (char *)xsne->value->data, xsne->value->length+1);
-                    result[xsne->value->length] = NUL;
-                    break;
-                }
-            }
-            break;
-        }
-    }
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_valid(pool *p, ASN1_UTCTIME *tm)
-{
-    char *result;
-    BIO* bio;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_mem())) == NULL)
-        return NULL;
-    ASN1_UTCTIME_print(bio, tm);
-    n = BIO_pending(bio);
-    result = ap_pcalloc(p, n+1);
-    n = BIO_read(bio, result, n);
-    result[n] = NUL;
-    BIO_free(bio);
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_serial(pool *p, X509 *xs)
-{
-    char *result;
-    BIO *bio;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_mem())) == NULL)
-        return NULL;
-    i2a_ASN1_INTEGER(bio, X509_get_serialNumber(xs));
-    n = BIO_pending(bio);
-    result = ap_pcalloc(p, n+1);
-    n = BIO_read(bio, result, n);
-    result[n] = NUL;
-    BIO_free(bio);
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_chain(pool *p, STACK_OF(X509) *sk, char *var)
-{
-    char *result;
-    X509 *xs;
-    int n;
-
-    result = NULL;
-
-    if (strspn(var, "0123456789") == strlen(var)) {
-        n = atoi(var);
-        if (n < sk_X509_num(sk)) {
-            xs = sk_X509_value(sk, n);
-            result = ssl_var_lookup_ssl_cert_PEM(p, xs);
-        }
-    }
-
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_PEM(pool *p, X509 *xs)
-{
-    char *result;
-    BIO *bio;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_mem())) == NULL)
-        return NULL;
-    PEM_write_bio_X509(bio, xs);
-    n = BIO_pending(bio);
-    result = ap_pcalloc(p, n+1);
-    n = BIO_read(bio, result, n);
-    result[n] = NUL;
-    BIO_free(bio);
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_verify(pool *p, conn_rec *c)
-{
-    char *result;
-    long vrc;
-    char *verr;
-    char *vinfo;
-    SSL *ssl;
-    X509 *xs;
-
-    result = NULL;
-    ssl   = ap_ctx_get(c->client->ctx, "ssl");
-    verr  = ap_ctx_get(c->client->ctx, "ssl::verify::error");
-    vinfo = ap_ctx_get(c->client->ctx, "ssl::verify::info");
-    vrc   = SSL_get_verify_result(ssl);
-    xs    = SSL_get_peer_certificate(ssl);
-
-    if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs == NULL)
-        /* no client verification done at all */
-        result = "NONE";
-    else if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs != NULL)
-        /* client verification done successful */
-        result = "SUCCESS";
-    else if (vrc == X509_V_OK && vinfo != NULL && strEQ(vinfo, "GENEROUS"))
-        /* client verification done in generous way */
-        result = "GENEROUS";
-    else
-        /* client verification failed */
-        result = ap_psprintf(p, "FAILED:%s", verr);
-
-    if (xs != NULL)
-        X509_free(xs);
-
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cipher(pool *p, conn_rec *c, char *var)
-{
-    char *result;
-    BOOL resdup;
-    int usekeysize, algkeysize;
-    SSL *ssl;
-
-    result = NULL;
-    resdup = TRUE;
-
-    ssl = ap_ctx_get(c->client->ctx, "ssl");
-    ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
-
-    if (strEQ(var, ""))
-        result = (ssl != NULL ? (char *)SSL_get_cipher_name(ssl) : NULL);
-    else if (strcEQ(var, "_EXPORT"))
-        result = (usekeysize < 56 ? "true" : "false");
-    else if (strcEQ(var, "_USEKEYSIZE")) {
-        result = ap_psprintf(p, "%d", usekeysize);
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "_ALGKEYSIZE")) {
-        result = ap_psprintf(p, "%d", algkeysize);
-        resdup = FALSE;
-    }
-
-    if (result != NULL && resdup)
-        result = ap_pstrdup(p, result);
-    return result;
-}
-
-static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
-{
-    SSL_CIPHER *cipher;
-
-    *usekeysize = 0;
-    *algkeysize = 0;
-    if (ssl != NULL)
-        if ((cipher = SSL_get_current_cipher(ssl)) != NULL)
-            *usekeysize = SSL_CIPHER_get_bits(cipher, algkeysize);
-    return;
-}
-
-static char *ssl_var_lookup_ssl_version(pool *p, char *var)
-{
-    char *result;
-    char *cp, *cp2;
-
-    result = NULL;
-
-    if (strEQ(var, "PRODUCT")) {
-#if defined(SSL_PRODUCT_NAME) && defined(SSL_PRODUCT_VERSION)
-        result = ap_psprintf(p, "%s/%s", SSL_PRODUCT_NAME, SSL_PRODUCT_VERSION);
-#else
-        result = NULL;
-#endif
-    }
-    else if (strEQ(var, "INTERFACE")) {
-        result = ap_psprintf(p, "mod_ssl/%s", MOD_SSL_VERSION);
-    }
-    else if (strEQ(var, "LIBRARY")) {
-        result = ap_pstrdup(p, SSL_LIBRARY_TEXT);
-        if ((cp = strchr(result, ' ')) != NULL) {
-            *cp = '/';
-            if ((cp2 = strchr(cp, ' ')) != NULL)
-                *cp2 = NUL;
-        }
-    }
-    return result;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr.c b/usr.sbin/httpd/src/modules/ssl/ssl_expr.c
deleted file mode 100644
index e992621ef29..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_expr.c
-**  Expression Handling
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``It is hard to fly with
-                                  the eagles when you work
-                                  with the turkeys.''
-                                          -- Unknown  */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Expression Handling
-**  _________________________________________________________________
-*/
-
-ssl_expr_info_type ssl_expr_info;
-char              *ssl_expr_error;
-
-ssl_expr *ssl_expr_comp(pool *p, char *expr)
-{
-    ssl_expr_info.pool       = p;
-    ssl_expr_info.inputbuf   = expr;
-    ssl_expr_info.inputlen   = strlen(expr);
-    ssl_expr_info.inputptr   = ssl_expr_info.inputbuf;
-    ssl_expr_info.expr       = FALSE;
-
-    ssl_expr_error = NULL;
-    if (ssl_expr_yyparse())
-        return NULL;
-    return ssl_expr_info.expr;
-}
-
-char *ssl_expr_get_error(void)
-{
-    if (ssl_expr_error == NULL)
-        return "";
-    return ssl_expr_error;
-}
-
-ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2)
-{
-    ssl_expr *node;
-
-    node = (ssl_expr *)ap_palloc(ssl_expr_info.pool, sizeof(ssl_expr));
-    node->node_op   = op;
-    node->node_arg1 = (char *)a1;
-    node->node_arg2 = (char *)a2;
-    return node;
-}
-
-int ssl_expr_exec(request_rec *r, ssl_expr *expr)
-{
-    BOOL rc;
-
-    rc = ssl_expr_eval(r, expr);
-    if (ssl_expr_error != NULL)
-        return (-1);
-    else
-        return (rc ? 1 : 0);
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr.h b/usr.sbin/httpd/src/modules/ssl/ssl_expr.h
deleted file mode 100644
index adf12e51639..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_expr.h
-**  Expression Handling (Header)
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                             /* ``May all your PUSHes be POPed.'' */
-
-#ifndef SSL_EXPR_H
-#define SSL_EXPR_H
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#ifndef TRUE
-#define TRUE !FALSE
-#endif
-
-#ifndef YY_NULL
-#define YY_NULL 0
-#endif
-
-#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#ifndef BOOL
-#define BOOL unsigned int
-#endif
-
-#ifndef NULL
-#define NULL (void *)0
-#endif
-
-#ifndef NUL
-#define NUL '\0'
-#endif
-
-#ifndef YYDEBUG
-#define YYDEBUG 0
-#endif
-
-typedef enum {
-    op_NOP, op_ListElement,
-    op_True, op_False, op_Not, op_Or, op_And, op_Comp,
-    op_EQ, op_NE, op_LT, op_LE, op_GT, op_GE, op_IN, op_REG, op_NRE,
-    op_Digit, op_String, op_Regex, op_Var, op_Func
-} ssl_expr_node_op;
-
-typedef struct {
-    ssl_expr_node_op node_op;
-    void *node_arg1;
-    void *node_arg2;
-} ssl_expr_node;
-
-typedef ssl_expr_node ssl_expr;
-
-typedef struct {
-	pool     *pool;
-    char     *inputbuf;
-    int       inputlen;
-    char     *inputptr;
-    ssl_expr *expr;
-} ssl_expr_info_type;
-
-extern ssl_expr_info_type ssl_expr_info;
-extern char *ssl_expr_error;
-
-#define yylval  ssl_expr_yylval
-#define yyerror ssl_expr_yyerror
-#define yyinput ssl_expr_yyinput
-
-extern int ssl_expr_yyparse(void);
-extern int ssl_expr_yyerror(char *);
-extern int ssl_expr_yylex(void);
-
-extern ssl_expr *ssl_expr_comp(pool *, char *);
-extern int       ssl_expr_exec(request_rec *, ssl_expr *);
-extern char     *ssl_expr_get_error(void);
-extern ssl_expr *ssl_expr_make(ssl_expr_node_op, void *, void *);
-extern BOOL      ssl_expr_eval(request_rec *, ssl_expr *);
-
-#endif /* SSL_EXPR_H */
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr_eval.c b/usr.sbin/httpd/src/modules/ssl/ssl_expr_eval.c
deleted file mode 100644
index dfcbf9e13dd..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr_eval.c
+++ /dev/null
@@ -1,282 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_expr_eval.c
-**  Expression Evaluation
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Make love,
-                                  not software!''
-                                        -- Unknown */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Expression Evaluation
-**  _________________________________________________________________
-*/
-
-static BOOL  ssl_expr_eval_comp(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_word(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_func_file(request_rec *, char *);
-static int   ssl_expr_eval_strcmplex(char *, char *);
-
-BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
-{
-    switch (node->node_op) {
-        case op_True: {
-            return TRUE;
-        }
-        case op_False: {
-            return FALSE;
-        }
-        case op_Not: {
-            ssl_expr *e = (ssl_expr *)node->node_arg1;
-            return (!ssl_expr_eval(r, e));
-        }
-        case op_Or: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2));
-        }
-        case op_And: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2));
-        }
-        case op_Comp: {
-            ssl_expr *e = (ssl_expr *)node->node_arg1;
-            return ssl_expr_eval_comp(r, e);
-        }
-        default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
-            return FALSE;
-        }
-    }
-}
-
-static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
-{
-    switch (node->node_op) {
-        case op_EQ: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0);
-        }
-        case op_NE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0);
-        }
-        case op_LT: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <  0);
-        }
-        case op_LE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0);
-        }
-        case op_GT: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >  0);
-        }
-        case op_GE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0);
-        }
-        case op_IN: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            ssl_expr *e3;
-            char *w1 = ssl_expr_eval_word(r, e1);
-            BOOL found = FALSE;
-            do {
-                e3 = (ssl_expr *)e2->node_arg1;
-                e2 = (ssl_expr *)e2->node_arg2;
-                if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) {
-                    found = TRUE;
-                    break;
-                }
-            } while (e2 != NULL);
-            return found;
-        }
-        case op_REG: {
-            ssl_expr *e1;
-            ssl_expr *e2;
-            char *word;
-            regex_t *regex;
-
-            e1 = (ssl_expr *)node->node_arg1;
-            e2 = (ssl_expr *)node->node_arg2;
-            word = ssl_expr_eval_word(r, e1);
-            regex = (regex_t *)(e2->node_arg1);
-            return (regexec(regex, word, 0, NULL, 0) == 0);
-        }
-        case op_NRE: {
-            ssl_expr *e1;
-            ssl_expr *e2;
-            char *word;
-            regex_t *regex;
-
-            e1 = (ssl_expr *)node->node_arg1;
-            e2 = (ssl_expr *)node->node_arg2;
-            word = ssl_expr_eval_word(r, e1);
-            regex = (regex_t *)(e2->node_arg1);
-            return !(regexec(regex, word, 0, NULL, 0) == 0);
-        }
-        default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
-            return FALSE;
-        }
-    }
-}
-
-static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
-{
-    switch (node->node_op) {
-        case op_Digit: {
-            char *string = (char *)node->node_arg1;
-            return string;
-        }
-        case op_String: {
-            char *string = (char *)node->node_arg1;
-            return string;
-        }
-        case op_Var: {
-            char *var = (char *)node->node_arg1;
-            char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-            return (val == NULL ? "" : val);
-        }
-        case op_Func: {
-            char *name = (char *)node->node_arg1;
-            ssl_expr *args = (ssl_expr *)node->node_arg2;
-            if (strEQ(name, "file"))
-                return ssl_expr_eval_func_file(r, (char *)(args->node_arg1));
-            else {
-                ssl_expr_error = "Internal evaluation error: Unknown function name";
-                return "";
-            }
-        }
-        default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
-            return FALSE;
-        }
-    }
-}
-
-static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
-{
-    FILE *fp;
-    char *buf;
-    int len;
-
-    if ((fp = ap_pfopen(r->pool, filename, "r")) == NULL) {
-        ssl_expr_error = "Cannot open file";
-        return "";
-    }
-    fseek(fp, 0, SEEK_END);
-    len = ftell(fp);
-    if (len == 0) {
-        buf = (char *)ap_palloc(r->pool, sizeof(char) * 1);
-        *buf = NUL;
-    }
-    else {
-        if ((buf = (char *)ap_palloc(r->pool, sizeof(char) * (len+1))) == NULL) {
-            ssl_expr_error = "Cannot allocate memory";
-            ap_pfclose(r->pool, fp);
-            return "";
-        }
-        fseek(fp, 0, SEEK_SET);
-        if (fread(buf, len, 1, fp) == 0) {
-            ssl_expr_error = "Cannot read from file";
-            fclose(fp);
-            return ("");
-        }
-        buf[len] = NUL;
-    }
-    ap_pfclose(r->pool, fp);
-    return buf;
-}
-
-/* a variant of strcmp(3) which works correctly also for number strings */
-static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2)
-{
-    int i, n1, n2;
-
-    if (cpNum1 == NULL)
-        return -1;
-    if (cpNum2 == NULL)
-        return +1;
-    n1 = strlen(cpNum1);
-    n2 = strlen(cpNum2);
-    if (n1 > n2)
-        return 1;
-    if (n1 < n2)
-        return -1;
-    for (i = 0; i < n1; i++) {
-        if (cpNum1[i] > cpNum2[i])
-            return 1;
-        if (cpNum1[i] < cpNum2[i])
-            return -1;
-    }
-    return 0;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr_parse.y b/usr.sbin/httpd/src/modules/ssl/ssl_expr_parse.y
deleted file mode 100644
index 8ac78e57142..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr_parse.y
+++ /dev/null
@@ -1,186 +0,0 @@
-/*                      _             _ 
-**  _ __ ___   ___   __| |    ___ ___| |  
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  
-** | | | | | | (_) | (_| |   \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
-** |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
-**                      |_____|         
-**  ssl_expr_parse.y
-**  Expression LR(1) Parser
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by 
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by 
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                             /* ``What you see is all you get.''
-							              -- Brian Kernighan      */
-
-/*  _________________________________________________________________
-**
-**  Expression Parser
-**  _________________________________________________________________
-*/
-
-%{
-#include "mod_ssl.h"
-%}
-
-%union {
-    char     *cpVal;
-    ssl_expr *exVal;
-}
-
-%token  T_TRUE
-%token  T_FALSE
-
-%token  <cpVal> T_DIGIT
-%token  <cpVal> T_ID
-%token  <cpVal> T_STRING
-%token  <cpVal> T_REGEX
-%token  <cpVal> T_REGEX_I
-
-%token  T_FUNC_FILE
-
-%token  T_OP_EQ
-%token  T_OP_NE
-%token  T_OP_LT
-%token  T_OP_LE
-%token  T_OP_GT
-%token  T_OP_GE
-%token  T_OP_REG
-%token  T_OP_NRE
-%token  T_OP_IN
-
-%token  T_OP_OR
-%token  T_OP_AND
-%token  T_OP_NOT
-
-%left   T_OP_OR
-%left   T_OP_AND
-%left   T_OP_NOT
-
-%type   <exVal>   expr
-%type   <exVal>   comparison
-%type   <exVal>   funccall
-%type   <exVal>   regex
-%type   <exVal>   words
-%type   <exVal>   word
-
-%%
-
-root      : expr                         { ssl_expr_info.expr = $1; }
-          ;
-
-expr      : T_TRUE                       { $$ = ssl_expr_make(op_True,  NULL, NULL); }
-          | T_FALSE                      { $$ = ssl_expr_make(op_False, NULL, NULL); }
-          | T_OP_NOT expr                { $$ = ssl_expr_make(op_Not,   $2,   NULL); }
-          | expr T_OP_OR expr            { $$ = ssl_expr_make(op_Or,    $1,   $3);   }
-          | expr T_OP_AND expr           { $$ = ssl_expr_make(op_And,   $1,   $3);   }
-          | comparison                   { $$ = ssl_expr_make(op_Comp,  $1,   NULL); }
-          | '(' expr ')'                 { $$ = $2; }
-          ;
-
-comparison: word T_OP_EQ word            { $$ = ssl_expr_make(op_EQ,  $1, $3); }
-          | word T_OP_NE word            { $$ = ssl_expr_make(op_NE,  $1, $3); }
-          | word T_OP_LT word            { $$ = ssl_expr_make(op_LT,  $1, $3); }
-          | word T_OP_LE word            { $$ = ssl_expr_make(op_LE,  $1, $3); }
-          | word T_OP_GT word            { $$ = ssl_expr_make(op_GT,  $1, $3); }
-          | word T_OP_GE word            { $$ = ssl_expr_make(op_GE,  $1, $3); }
-          | word T_OP_IN '{' words '}'   { $$ = ssl_expr_make(op_IN,  $1, $4); }
-          | word T_OP_REG regex          { $$ = ssl_expr_make(op_REG, $1, $3); }
-          | word T_OP_NRE regex          { $$ = ssl_expr_make(op_NRE, $1, $3); }
-          ;
-
-words     : word                         { $$ = ssl_expr_make(op_ListElement, $1, NULL); }
-          | words ',' word               { $$ = ssl_expr_make(op_ListElement, $3, $1);   }
-          ;
-
-word      : T_DIGIT                      { $$ = ssl_expr_make(op_Digit,  $1, NULL); }
-          | T_STRING                     { $$ = ssl_expr_make(op_String, $1, NULL); }
-          | '%' '{' T_ID '}'             { $$ = ssl_expr_make(op_Var,    $3, NULL); }
-          | funccall                     { $$ = $1; }
-          ;
-
-regex     : T_REGEX { 
-                regex_t *regex;
-                if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, 
-                                         REG_EXTENDED|REG_NOSUB)) == NULL) {
-                    ssl_expr_error = "Failed to compile regular expression";
-                    YYERROR;
-                    regex = NULL;
-                }
-                $$ = ssl_expr_make(op_Regex, regex, NULL);
-            }
-          | T_REGEX_I {
-                regex_t *regex;
-                if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, 
-                                         REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) {
-                    ssl_expr_error = "Failed to compile regular expression";
-                    YYERROR;
-                    regex = NULL;
-                }
-                $$ = ssl_expr_make(op_Regex, regex, NULL);
-            }
-          ;
-
-funccall  : T_FUNC_FILE '(' T_STRING ')' { 
-               ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL);
-               $$ = ssl_expr_make(op_Func, "file", args);
-            }
-          ;
-
-%%
-
-int yyerror(char *s)
-{
-    ssl_expr_error = s;
-    return 2;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr_scan.l b/usr.sbin/httpd/src/modules/ssl/ssl_expr_scan.l
deleted file mode 100644
index 005e4b58c3e..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr_scan.l
+++ /dev/null
@@ -1,261 +0,0 @@
-/*                      _             _ 
-**  _ __ ___   ___   __| |    ___ ___| |  
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  
-** | | | | | | (_) | (_| |   \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
-** |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
-**                      |_____|         
-**  ssl_expr_scan.l
-**  Expression Scanner
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by 
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by 
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                             /* ``Killing for peace is 
-                                  like fucking for virginity.''
-                                             -- Unknown  */
-
-/*  _________________________________________________________________
-**
-**  Expression Scanner
-**  _________________________________________________________________
-*/
-
-%{
-#include "mod_ssl.h"
-
-#include "ssl_expr_parse.h"
-
-#define YY_NO_UNPUT 1
-int yyinput(char *buf, int max_size);
-
-#undef  YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-    (result = yyinput(buf, max_size))
-
-#define MAX_STR_LEN 2048
-%}
-
-%pointer
-/* %option stack */
-%option never-interactive
-%option noyywrap
-%x str
-%x regex regex_flags
-
-%%
-  
-  char  caStr[MAX_STR_LEN];
-  char *cpStr = NULL;
-  char  caRegex[MAX_STR_LEN];
-  char *cpRegex = NULL;
-  char  cRegexDel = NUL;
-
- /*
-  * Whitespaces
-  */
-[ \t\n]+ { 
-    /* NOP */
-}
-
- /*
-  * C-style strings ("...")
-  */
-\" {
-    cpStr = caStr;
-    BEGIN(str);
-}
-<str>\" {
-    BEGIN(INITIAL);
-    *cpStr = NUL;
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, caStr);
-    return T_STRING;
-}
-<str>\n {
-    yyerror("Unterminated string");
-}
-<str>\\[0-7]{1,3} {
-    int result;
-
-    (void)sscanf(yytext+1, "%o", &result);
-    if (result > 0xff)
-        yyerror("Escape sequence out of bound");
-    else
-        *cpStr++ = result;
-}
-<str>\\[0-9]+ {
-    yyerror("Bad escape sequence");
-}
-<str>\\n { *cpStr++ = '\n'; }
-<str>\\r { *cpStr++ = '\r'; }
-<str>\\t { *cpStr++ = '\t'; }
-<str>\\b { *cpStr++ = '\b'; }
-<str>\\f { *cpStr++ = '\f'; }
-<str>\\(.|\n) {
-    *cpStr++ = yytext[1];
-}
-<str>[^\\\n\"]+ {
-    char *cp = yytext;
-    while (*cp != NUL)
-        *cpStr++ = *cp++;
-}
-<str>. {
-    *cpStr++ = yytext[1];
-}
-
- /*
-  * Regular Expression
-  */
-"m". {
-    cRegexDel = yytext[1];
-    cpRegex = caRegex;
-    BEGIN(regex);
-}
-<regex>.|\n {
-    if (yytext[0] == cRegexDel) {
-        *cpRegex = NUL;
-        BEGIN(regex_flags);
-    }
-    else {
-        *cpRegex++ = yytext[0];
-    }
-}
-<regex_flags>i {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, caRegex);
-    BEGIN(INITIAL);
-    return T_REGEX_I;
-}
-<regex_flags>.|\n {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, caRegex);
-    yyless(0);
-    BEGIN(INITIAL);
-    return T_REGEX;
-}
-<regex_flags><<EOF>> {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, caRegex);
-    BEGIN(INITIAL);
-    return T_REGEX;
-}
-
- /*
-  * Operators
-  */
-"eq"  { return T_OP_EQ; }
-"=="  { return T_OP_EQ; }
-"ne"  { return T_OP_NE; }
-"!="  { return T_OP_NE; }
-"lt"  { return T_OP_LT; }
-"<"   { return T_OP_LT; }
-"le"  { return T_OP_LE; }
-"<="  { return T_OP_LE; }
-"gt"  { return T_OP_GT; }
-">"   { return T_OP_GT; }
-"ge"  { return T_OP_GE; }
-">="  { return T_OP_GE; }
-"=~"  { return T_OP_REG; }
-"!~"  { return T_OP_NRE; }
-"and" { return T_OP_AND; }
-"&&"  { return T_OP_AND; }
-"or"  { return T_OP_OR; }
-"||"  { return T_OP_OR; }
-"not" { return T_OP_NOT; }
-"!"   { return T_OP_NOT; }
-"in"  { return T_OP_IN; }
-
- /*
-  * Functions
-  */
-"file" { return T_FUNC_FILE; }
-
- /*
-  * Specials
-  */
-"true"  { return T_TRUE; }
-"false" { return T_FALSE; }
-
- /*
-  * Digits
-  */
-[0-9]+ {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, yytext);
-    return T_DIGIT;
-}
-
- /*
-  * Identifiers
-  */
-[a-zA-Z][a-zA-Z0-9_:-]* {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, yytext);
-    return T_ID;
-}
-
- /*
-  * Anything else is returned as is...
-  */
-.|\n { 
-    return yytext[0];
-}
-
-%%
-
-int yyinput(char *buf, int max_size)
-{
-    int n;
-
-    if ((n = MIN(max_size, ssl_expr_info.inputbuf
-                         + ssl_expr_info.inputlen 
-                         - ssl_expr_info.inputptr)) <= 0)
-        return YY_NULL;
-    memcpy(buf, ssl_expr_info.inputptr, n);
-    ssl_expr_info.inputptr += n;
-    return n;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache.c
deleted file mode 100644
index 2b063b50ac8..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_scache.c
-**  Session Cache Abstraction
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Open-Source Software: generous
-                                  programmers from around the world all
-                                  join forces to help you shoot
-                                  yourself in the foot for free.''
-                                                 -- Unknown         */
-#include "mod_ssl.h"
-
-/*  _________________________________________________________________
-**
-**  Session Cache: Common Abstraction Layer
-**  _________________________________________________________________
-*/
-
-void ssl_scache_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_init(s, p);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_init(s, p);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_init(s, p);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_init",
-                    AP_HOOK_SIG3(void,ptr,ptr), AP_HOOK_ALL, s, p);
-#endif
-    return;
-}
-
-void ssl_scache_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_kill(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_kill(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_kill(s);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_kill",
-                    AP_HOOK_SIG2(void,ptr), AP_HOOK_ALL, s);
-#endif
-    return;
-}
-
-BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
-    SSLModConfigRec *mc = myModConfig();
-    BOOL rv = FALSE;
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        rv = ssl_scache_dbm_store(s, id, idlen, expiry, sess);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        rv = ssl_scache_shmht_store(s, id, idlen, expiry, sess);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        rv = ssl_scache_shmcb_store(s, id, idlen, expiry, sess);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_store",
-                    AP_HOOK_SIG6(int,ptr,ptr,int,int,ptr), AP_HOOK_ALL,
-                    (int *)&rv, s, id, idlen, (int)expiry, sess);
-#endif
-    return rv;
-}
-
-SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSL_SESSION *sess = NULL;
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        sess = ssl_scache_dbm_retrieve(s, id, idlen);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        sess = ssl_scache_shmht_retrieve(s, id, idlen);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        sess = ssl_scache_shmcb_retrieve(s, id, idlen);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_retrieve",
-                    AP_HOOK_SIG4(ptr,ptr,ptr,int), AP_HOOK_ALL, 
-                    &sess, s, id, idlen);
-#endif
-    return sess;
-}
-
-void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_remove(s, id, idlen);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_remove(s, id, idlen);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_remove(s, id, idlen);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_remove",
-                    AP_HOOK_SIG4(void,ptr,ptr,int), AP_HOOK_ALL, s, id, idlen);
-#endif
-    return;
-}
-
-void ssl_scache_status(server_rec *s, pool *p, void (*func)(char *, void *), void *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_status(s, p, func, arg);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_status(s, p, func, arg);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_status(s, p, func, arg);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_status",
-                    AP_HOOK_SIG5(void,ptr,ptr,ptr,ptr), AP_HOOK_ALL, 
-                    s, p, func, arg);
-#endif
-    return;
-}
-
-void ssl_scache_expire(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_expire(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_expire(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_expire(s);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_expire",
-                    AP_HOOK_SIG2(void,ptr), AP_HOOK_ALL, s);
-#endif
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c
deleted file mode 100644
index 78703958800..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c
+++ /dev/null
@@ -1,446 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_scache_dbm.c
-**  Session Cache via DBM
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-void ssl_scache_dbm_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-
-    /* for the DBM we need the data file */
-    if (mc->szSessionCacheDataFile == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
-        ssl_die();
-    }
-
-    /* open it once to create it and to make sure it _can_ be created */
-    ssl_mutex_on(s);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDWR|O_CREAT, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot create SSLSessionCache DBM file `%s'",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return;
-    }
-    ssl_dbm_close(dbm);
-
-    /*
-     * We have to make sure the Apache child processes have access to
-     * the DBM file. But because there are brain-dead platforms where we
-     * cannot exactly determine the suffixes we try all possibilities.
-     */
-    if (geteuid() == 0 /* is superuser */) {
-        chown(mc->szSessionCacheDataFile, ap_user_id, -1 /* no gid change */);
-        if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL),
-                  ap_user_id, -1) == -1) {
-            if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
-                      ap_user_id, -1) == -1)
-                chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL),
-                      ap_user_id, -1);
-        }
-        if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL),
-                  ap_user_id, -1) == -1) {
-            if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
-                      ap_user_id, -1) == -1)
-                chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL),
-                      ap_user_id, -1);
-        }
-    }
-    ssl_mutex_off(s);
-    ssl_scache_dbm_expire(s);
-    return;
-}
-
-void ssl_scache_dbm_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    pool *p;
-
-    if ((p = ap_make_sub_pool(NULL)) != NULL) {
-        /* the correct way */
-        ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL));
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL));
-        /* the additional ways to be sure */
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL));
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL));
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL));
-        unlink(mc->szSessionCacheDataFile);
-        ap_destroy_pool(p);
-    }
-    return;
-}
-
-BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-    datum dbmkey;
-    datum dbmval;
-    UCHAR ucaData[SSL_SESSION_MAX_DER];
-    int nData;
-    UCHAR *ucp;
-
-    /* streamline session data */
-    if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
-        return FALSE;
-    ucp = ucaData;
-    i2d_SSL_SESSION(sess, &ucp);
-
-    /* be careful: do not try to store too much bytes in a DBM file! */
-    if ((idlen + nData) >= 950 /* at least less than approx. 1KB */)
-        return FALSE;
-
-    /* create DBM key */
-    dbmkey.dptr  = (char *)id;
-    dbmkey.dsize = idlen;
-
-    /* create DBM value */
-    dbmval.dsize = sizeof(time_t) + nData;
-    dbmval.dptr  = (char *)malloc(dbmval.dsize);
-    if (dbmval.dptr == NULL)
-        return FALSE;
-    memcpy((char *)dbmval.dptr, &expiry, sizeof(time_t));
-    memcpy((char *)dbmval.dptr+sizeof(time_t), ucaData, nData);
-
-    /* and store it to the DBM file */
-    ssl_mutex_on(s);
-    ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot open SSLSessionCache DBM file `%s' for writing (store)",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        free(dbmval.dptr);
-        return FALSE;
-    }
-    if (ssl_dbm_store(dbm, dbmkey, dbmval, DBM_INSERT) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot store SSL session to DBM file `%s'",
-                mc->szSessionCacheDataFile);
-        ssl_dbm_close(dbm);
-        ssl_mutex_off(s);
-        free(dbmval.dptr);
-        return FALSE;
-    }
-    ssl_dbm_close(dbm);
-    ssl_mutex_off(s);
-
-    /* free temporary buffers */
-    free(dbmval.dptr);
-
-    /* allow the regular expiring to occur */
-    ssl_scache_dbm_expire(s);
-
-    return TRUE;
-}
-
-SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-    datum dbmkey;
-    datum dbmval;
-    SSL_SESSION *sess = NULL;
-    UCHAR *ucpData;
-    int nData;
-    time_t expiry;
-    time_t now;
-
-    /* allow the regular expiring to occur */
-    ssl_scache_dbm_expire(s);
-
-    /* create DBM key and values */
-    dbmkey.dptr  = (char *)id;
-    dbmkey.dsize = idlen;
-
-    /* and fetch it from the DBM file */
-    ssl_mutex_on(s);
-    ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDONLY, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot open SSLSessionCache DBM file `%s' for reading (fetch)",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return NULL;
-    }
-    dbmval = ssl_dbm_fetch(dbm, dbmkey);
-    ssl_mutex_off(s);
-
-    /* immediately return if not found */
-    if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t)) {
-	ssl_dbm_close(dbm);
-        return NULL;
-    }
-
-    /* parse resulting data */
-    nData = dbmval.dsize-sizeof(time_t);
-    ucpData = (UCHAR *)malloc(nData);
-    if (ucpData == NULL) {
-	ssl_dbm_close(dbm);
-        return NULL;
-    }
-    memcpy(ucpData, (char *)dbmval.dptr+sizeof(time_t), nData);
-    memcpy(&expiry, dbmval.dptr, sizeof(time_t));
-
-    ssl_dbm_close(dbm);
-
-    /* make sure the stuff is still not expired */
-    now = time(NULL);
-    if (expiry <= now) {
-        ssl_scache_dbm_remove(s, id, idlen);
-        return NULL;
-    }
-
-    /* unstreamed SSL_SESSION */
-    sess = d2i_SSL_SESSION(NULL, &ucpData, nData);
-
-    return sess;
-}
-
-void ssl_scache_dbm_remove(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-    datum dbmkey;
-
-    /* create DBM key and values */
-    dbmkey.dptr  = (char *)id;
-    dbmkey.dsize = idlen;
-
-    /* and delete it from the DBM file */
-    ssl_mutex_on(s);
-    ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot open SSLSessionCache DBM file `%s' for writing (delete)",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return;
-    }
-    ssl_dbm_delete(dbm, dbmkey);
-    ssl_dbm_close(dbm);
-    ssl_mutex_off(s);
-
-    return;
-}
-
-void ssl_scache_dbm_expire(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSLSrvConfigRec *sc = mySrvConfig(s);
-    static time_t tLast = 0;
-    DBM *dbm;
-    datum dbmkey;
-    datum dbmval;
-    pool *p;
-    time_t tExpiresAt;
-    int nElements = 0;
-    int nDeleted = 0;
-    int bDelete;
-    datum *keylist;
-    int keyidx;
-    int i;
-    time_t tNow;
-
-    /*
-     * make sure the expiration for still not-accessed session
-     * cache entries is done only from time to time
-     */
-    tNow = time(NULL);
-    if (tNow < tLast+sc->nSessionCacheTimeout)
-        return;
-    tLast = tNow;
-
-    /*
-     * Here we have to be very carefully: Not all DBM libraries are
-     * smart enough to allow one to iterate over the elements and at the
-     * same time delete expired ones. Some of them get totally crazy
-     * while others have no problems. So we have to do it the slower but
-     * more safe way: we first iterate over all elements and remember
-     * those which have to be expired. Then in a second pass we delete
-     * all those expired elements. Additionally we reopen the DBM file
-     * to be really safe in state.
-     */
-
-#define KEYMAX 1024
-
-    ssl_mutex_on(s);
-    for (;;) {
-        /* allocate the key array in a memory sub pool */
-        if ((p = ap_make_sub_pool(NULL)) == NULL)
-            break;
-        if ((keylist = ap_palloc(p, sizeof(dbmkey)*KEYMAX)) == NULL) {
-            ap_destroy_pool(p);
-            break;
-        }
-
-        /* pass 1: scan DBM database */
-        keyidx = 0;
-	ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-        if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                                O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                    "Cannot open SSLSessionCache DBM file `%s' for scanning",
-                    mc->szSessionCacheDataFile);
-            ap_destroy_pool(p);
-            break;
-        }
-        dbmkey = ssl_dbm_firstkey(dbm);
-        while (dbmkey.dptr != NULL) {
-            nElements++;
-            bDelete = FALSE;
-            dbmval = ssl_dbm_fetch(dbm, dbmkey);
-            if (dbmval.dsize <= sizeof(time_t) || dbmval.dptr == NULL)
-                bDelete = TRUE;
-            else {
-                memcpy(&tExpiresAt, dbmval.dptr, sizeof(time_t));
-                if (tExpiresAt <= tNow)
-                    bDelete = TRUE;
-            }
-            if (bDelete) {
-                if ((keylist[keyidx].dptr = ap_palloc(p, dbmkey.dsize)) != NULL) {
-                    memcpy(keylist[keyidx].dptr, dbmkey.dptr, dbmkey.dsize);
-                    keylist[keyidx].dsize = dbmkey.dsize;
-                    keyidx++;
-                    if (keyidx == KEYMAX)
-                        break;
-                }
-            }
-            dbmkey = ssl_dbm_nextkey(dbm);
-        }
-        ssl_dbm_close(dbm);
-
-        /* pass 2: delete expired elements */
-        if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                                O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                    "Cannot re-open SSLSessionCache DBM file `%s' for expiring",
-                    mc->szSessionCacheDataFile);
-            ap_destroy_pool(p);
-            break;
-        }
-        for (i = 0; i < keyidx; i++) {
-            ssl_dbm_delete(dbm, keylist[i]);
-            nDeleted++;
-        }
-        ssl_dbm_close(dbm);
-
-        /* destroy temporary pool */
-        ap_destroy_pool(p);
-
-        if (keyidx < KEYMAX)
-            break;
-    }
-    ssl_mutex_off(s);
-
-    ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (DBM) Expiry: "
-            "old: %d, new: %d, removed: %d", nElements, nElements-nDeleted, nDeleted);
-    return;
-}
-
-void ssl_scache_dbm_status(server_rec *s, pool *p, void (*func)(char *, void *), void *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-    datum dbmkey;
-    datum dbmval;
-    int nElem;
-    int nSize;
-    int nAverage;
-
-    nElem = 0;
-    nSize = 0;
-    ssl_mutex_on(s);
-    ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDONLY, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot open SSLSessionCache DBM file `%s' for status retrival",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return;
-    }
-    dbmkey = ssl_dbm_firstkey(dbm);
-    for ( ; dbmkey.dptr != NULL; dbmkey = ssl_dbm_nextkey(dbm)) {
-        dbmval = ssl_dbm_fetch(dbm, dbmkey);
-        if (dbmval.dptr == NULL)
-            continue;
-        nElem += 1;
-        nSize += dbmval.dsize;
-    }
-    ssl_dbm_close(dbm);
-    ssl_mutex_off(s);
-    if (nSize > 0 && nElem > 0)
-        nAverage = nSize / nElem;
-    else
-        nAverage = 0;
-    func(ap_psprintf(p, "cache type: <b>DBM</b>, maximum size: <b>unlimited</b><br>"), arg);
-    func(ap_psprintf(p, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize), arg);
-    func(ap_psprintf(p, "average session size: <b>%d</b> bytes<br>", nAverage), arg);
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmcb.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmcb.c
deleted file mode 100644
index e25f30cfe11..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmcb.c
+++ /dev/null
@@ -1,1310 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_scache_shmcb.c
-**  Session Cache via Shared Memory (Cyclic Buffer Variant)
-*/
-
-/* ====================================================================
- * Copyright (c) 2000-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-/* 
- * This shared memory based SSL session cache implementation was
- * originally written by Geoff Thorpe <geoff@geoffthorpe.net> for C2Net 
- * Europe and as a contribution to Ralf Engelschall's mod_ssl project.
- */
-
-/*
- * The shared-memory segment header can be cast to and from the
- * SHMCBHeader type, all other structures need to be initialised by
- * utility functions.
- *
- * The "header" looks like this;
- *
- * data applying to the overall structure:
- * - division_offset (unsigned int):
- *   how far into the shared memory segment the first division is.
- * - division_size (unsigned int):
- *   how many bytes each division occupies.
- *   (NB: This includes the queue and the cache)
- * - division_mask (unsigned char):
- *   the "mask" in the next line. Add one to this,
- *   and that's the number of divisions.
- *
- * data applying to within each division:
- * - queue_size (unsigned int):
- *   how big each "queue" is. NB: The queue is the first block in each
- *   division and is followed immediately by the cache itself so so
- *   there's no cache_offset value.
- *
- * data applying to within each queue:
- * - index_num (unsigned char):
- *   how many indexes in each cache's queue
- * - index_offset (unsigned char):
- *   how far into the queue the first index is.
- * - index_size:
- *   how big each index is.
- *
- * data applying to within each cache:
- * - cache_data_offset (unsigned int):
- *   how far into the cache the session-data array is stored.
- * - cache_data_size (unsigned int):
- *   how big each cache's data block is.
- *
- * statistics data (this will eventually be per-division but right now
- * there's only one mutex):
- * - stores (unsigned long):
- *   how many stores have been performed in the cache.
- * - expiries (unsigned long):
- *   how many session have been expired from the cache.
- * - scrolled (unsigned long):
- *   how many sessions have been scrolled out of full cache during a
- *   "store" operation. This is different to the "removes" stats as
- *   they are requested by mod_ssl/Apache, these are done because of
- *   cache logistics. (NB: Also, this value should be deducible from
- *   the others if my code has no bugs, but I count it anyway - plus
- *   it helps debugging :-).
- * - retrieves_hit (unsigned long):
- *   how many session-retrieves have succeeded.
- * - retrieves_miss (unsigned long):
- *   how many session-retrieves have failed.
- * - removes_hit (unsigned long):
- * - removes_miss (unsigned long):
- * 
- * Following immediately after the header is an array of "divisions".
- * Each division is simply a "queue" immediately followed by its
- * corresponding "cache". Each division handles some pre-defined band
- * of sessions by using the "division_mask" in the header. Eg. if
- * division_mask=0x1f then there are 32 divisions, the first of which
- * will store sessions whose least-significant 5 bits are 0, the second
- * stores session whose LS 5 bits equal 1, etc. A queue is an indexing
- * structure referring to its corresponding cache.
- *
- * A "queue" looks like this;
- *
- * - first_pos (unsigned int):
- *   the location within the array of indexes where the virtual
- *   "left-hand-edge" of the cyclic buffer is.
- * - pos_count (unsigned int):
- *   the number of indexes occupied from first_pos onwards.
- *
- * ...followed by an array of indexes, each of which can be
- * memcpy'd to and from an SHMCBIndex, and look like this;
- *
- * - expires (time_t):
- *   the time() value at which this session expires.
- * - offset (unsigned int):
- *   the offset within the cache data block where the corresponding
- *   session is stored.
- * - s_id2 (unsigned char):
- *   the second byte of the session_id, stored as an optimisation to
- *   reduce the number of d2i_SSL_SESSION calls that are made when doing
- *   a lookup.
- * - removed (unsigned char):
- *   a byte used to indicate whether a session has been "passively"
- *   removed. Ie. it is still in the cache but is to be disregarded by
- *   any "retrieve" operation.
- *
- * A "cache" looks like this;
- *
- * - first_pos (unsigned int):
- *   the location within the data block where the virtual
- *   "left-hand-edge" of the cyclic buffer is.
- * - pos_count (unsigned int):
- *   the number of bytes used in the data block from first_pos onwards.
- *
- * ...followed by the data block in which actual DER-encoded SSL
- * sessions are stored.
- */
-
-/* 
- * Header - can be memcpy'd to and from the front of the shared
- * memory segment. NB: The first copy (commented out) has the
- * elements in a meaningful order, but due to data-alignment
- * braindeadness, the second (uncommented) copy has the types grouped
- * so as to decrease "struct-bloat". sigh.
- */
-typedef struct {
-    unsigned long num_stores;
-    unsigned long num_expiries;
-    unsigned long num_scrolled;
-    unsigned long num_retrieves_hit;
-    unsigned long num_retrieves_miss;
-    unsigned long num_removes_hit;
-    unsigned long num_removes_miss;
-    unsigned int division_offset;
-    unsigned int division_size;
-    unsigned int queue_size;
-    unsigned int cache_data_offset;
-    unsigned int cache_data_size;
-    unsigned char division_mask;
-    unsigned int index_num;
-    unsigned int index_offset;
-    unsigned int index_size;
-} SHMCBHeader;
-
-/* 
- * Index - can be memcpy'd to and from an index inside each
- * queue's index array.
- */
-typedef struct {
-    time_t expires;
-    unsigned int offset;
-    unsigned char s_id2;
-    unsigned char removed;
-} SHMCBIndex;
-
-/* 
- * Queue - must be populated by a call to shmcb_get_division
- * and the structure's pointers are used for updating (ie.
- * the structure doesn't need any "set" to update values).
- */
-typedef struct {
-    SHMCBHeader *header;
-    unsigned int *first_pos;
-    unsigned int *pos_count;
-    SHMCBIndex *indexes;
-} SHMCBQueue;
-
-/* 
- * Cache - same comment as for Queue. 'Queue's are in a 1-1
- * correspondance with 'Cache's and are usually carried round
- * in a pair, they are only seperated for clarity.
- */
-typedef struct {
-    SHMCBHeader *header;
-    unsigned int *first_pos;
-    unsigned int *pos_count;
-    unsigned char *data;
-} SHMCBCache;
-
-/*
- * Forward function prototypes.
- */
-
-/* Functions for working around data-alignment-picky systems (sparcs,
-   Irix, etc). These use "memcpy" as a way of foxing these systems into
-   treating the composite types as byte-arrays rather than higher-level
-   primitives that it prefers to have 4-(or 8-)byte aligned. I don't
-   envisage this being a performance issue as a couple of 2 or 4 byte
-   memcpys can hardly make a dent on the massive memmove operations this
-   cache technique avoids, nor the overheads of ASN en/decoding. */
-static unsigned int shmcb_get_safe_uint(unsigned int *);
-static void shmcb_set_safe_uint_ex(unsigned char *, const unsigned char *);
-#define shmcb_set_safe_uint(pdest, src) \
-	do { \
-		unsigned int tmp_uint = src; \
-		shmcb_set_safe_uint_ex((unsigned char *)pdest, \
-			(const unsigned char *)(&tmp_uint)); \
-	} while(0)
-static time_t shmcb_get_safe_time(time_t *);
-static void shmcb_set_safe_time_ex(unsigned char *, const unsigned char *);
-#define shmcb_set_safe_time(pdest, src) \
-	do { \
-		time_t tmp_time = src; \
-		shmcb_set_safe_time_ex((unsigned char *)pdest, \
-			(const unsigned char *)(&tmp_time)); \
-	} while(0)
-
-/* This is necessary simply so that the size passed to memset() is not a
- * compile-time constant, preventing the compiler from optimising it. */
-static void shmcb_safe_clear(void *ptr, size_t size)
-{
-	memset(ptr, 0, size);
-}
-
-/* Underlying functions for session-caching */
-static BOOL shmcb_init_memory(server_rec *, void *, unsigned int);
-static BOOL shmcb_store_session(server_rec *, void *, UCHAR *, int, SSL_SESSION *, time_t);
-static SSL_SESSION *shmcb_retrieve_session(server_rec *, void *, UCHAR *, int);
-static BOOL shmcb_remove_session(server_rec *, void *, UCHAR *, int);
-
-/* Utility functions for manipulating the structures */
-static void shmcb_get_header(void *, SHMCBHeader **);
-static BOOL shmcb_get_division(SHMCBHeader *, SHMCBQueue *, SHMCBCache *, unsigned int);
-static SHMCBIndex *shmcb_get_index(const SHMCBQueue *, unsigned int);
-static unsigned int shmcb_expire_division(server_rec *, SHMCBQueue *, SHMCBCache *);
-static BOOL shmcb_insert_encoded_session(server_rec *, SHMCBQueue *, SHMCBCache *, unsigned char *, unsigned int, unsigned char *, time_t);
-static SSL_SESSION *shmcb_lookup_session_id(server_rec *, SHMCBQueue *, SHMCBCache *, UCHAR *, int);
-static BOOL shmcb_remove_session_id(server_rec *, SHMCBQueue *, SHMCBCache *, UCHAR *, int);
-
-/*
- * Data-alignment functions (a.k.a. avoidance tactics)
- *
- * NB: On HPUX (and possibly others) there is a *very* mischievous little
- * "optimisation" in the compilers where it will convert the following;
- *      memcpy(dest_ptr, &source, sizeof(unsigned int));
- * (where dest_ptr is of type (unsigned int *) and source is (unsigned int))
- * into;
- *      *dest_ptr = source; (or *dest_ptr = *(&source), not sure).
- * Either way, it completely destroys the whole point of these _safe_
- * functions, because the assignment operation will fall victim to the
- * architecture's byte-alignment dictations, whereas the memcpy (as a
- * byte-by-byte copy) should not. sigh. So, if you're wondering about the
- * apparently unnecessary conversions to (unsigned char *) in these
- * functions, you now have an explanation. Don't just revert them back and
- * say "ooh look, it still works" - if you try it on HPUX (well, 32-bit
- * HPUX 11.00 at least) you may find it fails with a SIGBUS. :-(
- */
-
-static unsigned int shmcb_get_safe_uint(unsigned int *ptr)
-{
-    unsigned int ret;
-    shmcb_set_safe_uint_ex((unsigned char *)(&ret),
-		    (const unsigned char *)ptr);
-    return ret;
-}
-
-static void shmcb_set_safe_uint_ex(unsigned char *dest,
-				const unsigned char *src)
-{
-    memcpy(dest, src, sizeof(unsigned int));
-}
-
-static time_t shmcb_get_safe_time(time_t * ptr)
-{
-    time_t ret;
-    shmcb_set_safe_time_ex((unsigned char *)(&ret),
-		    (const unsigned char *)ptr);
-    return ret;
-}
-
-static void shmcb_set_safe_time_ex(unsigned char *dest,
-				const unsigned char *src)
-{
-    memcpy(dest, src, sizeof(time_t));
-}
-
-/*
-**
-** High-Level "handlers" as per ssl_scache.c
-**
-*/
-
-static void *shmcb_malloc(size_t size)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return ap_mm_malloc(mc->pSessionCacheDataMM, size);
-}
-
-void ssl_scache_shmcb_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    AP_MM *mm;
-    void *shm_segment = NULL;
-    int avail, avail_orig;
-
-    /*
-     * Create shared memory segment
-     */
-    if (mc->szSessionCacheDataFile == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
-        ssl_die();
-    }
-    if ((mm = ap_mm_create(mc->nSessionCacheDataSize,
-                           mc->szSessionCacheDataFile)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Cannot allocate shared memory: %s", ap_mm_error());
-        ssl_die();
-    }
-    mc->pSessionCacheDataMM = mm;
-
-    /*
-     * Make sure the child processes have access to the underlying files
-     */
-    ap_mm_permission(mm, SSL_MM_FILE_MODE, ap_user_id, -1);
-
-    /*
-     * Create cache inside the shared memory segment
-     */
-    avail = avail_orig = ap_mm_available(mm);
-    ssl_log(s, SSL_LOG_TRACE, "Shared-memory segment has %u available",
-            avail);
-
-    /* 
-     * For some reason to do with MM's internal management, I can't
-     * allocate the full amount. Implement a reasonable form of trial
-     * and error and output trace information.
-     */
-    while ((shm_segment == NULL) && ((avail_orig - avail) * 100 < avail_orig)) {
-        shm_segment = shmcb_malloc(avail);
-        if (shm_segment == NULL) {
-            ssl_log(s, SSL_LOG_TRACE,
-                    "shmcb_malloc attempt for %u bytes failed", avail);
-            avail -= 2;
-        }
-    }
-    if (shm_segment == NULL) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Cannot allocate memory for the 'shmcb' session cache\n");
-        ssl_die();
-    }
-    ssl_log(s, SSL_LOG_TRACE, "shmcb_init allocated %u bytes of shared "
-            "memory", avail);
-    if (!shmcb_init_memory(s, shm_segment, avail)) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Failure initialising 'shmcb' shared memory");
-        ssl_die();
-    }
-    ssl_log(s, SSL_LOG_INFO, "Shared memory session cache initialised");
-
-    /* 
-     * Success ... we hack the memory block into place by cheating for
-     * now and stealing a member variable the original shared memory
-     * cache was using. :-)
-     */
-    mc->tSessionCacheDataTable = (table_t *) shm_segment;
-    return;
-}
-
-void ssl_scache_shmcb_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->pSessionCacheDataMM != NULL) {
-        ap_mm_destroy(mc->pSessionCacheDataMM);
-        mc->pSessionCacheDataMM = NULL;
-    }
-    return;
-}
-
-BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
-                           time_t timeout, SSL_SESSION * pSession)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *shm_segment;
-    BOOL to_return = FALSE;
-
-    /* We've kludged our pointer into the other cache's member variable. */
-    shm_segment = (void *) mc->tSessionCacheDataTable;
-    ssl_mutex_on(s);
-    if (!shmcb_store_session(s, shm_segment, id, idlen, pSession, timeout))
-        /* in this cache engine, "stores" should never fail. */
-        ssl_log(s, SSL_LOG_ERROR, "'shmcb' code was unable to store a "
-                "session in the cache.");
-    else {
-        ssl_log(s, SSL_LOG_TRACE, "shmcb_store successful");
-        to_return = TRUE;
-    }
-    ssl_mutex_off(s);
-    return to_return;
-}
-
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *shm_segment;
-    SSL_SESSION *pSession;
-
-    /* We've kludged our pointer into the other cache's member variable. */
-    shm_segment = (void *) mc->tSessionCacheDataTable;
-    ssl_mutex_on(s);
-    pSession = shmcb_retrieve_session(s, shm_segment, id, idlen);
-    ssl_mutex_off(s);
-    if (pSession)
-        ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a hit");
-    else {
-        ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a miss");
-        ssl_log(s, SSL_LOG_INFO, "Client requested a 'session-resume' but "
-                "we have no such session.");
-    }
-    return pSession;
-}
-
-void ssl_scache_shmcb_remove(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *shm_segment;
-
-    /* We've kludged our pointer into the other cache's member variable. */
-    shm_segment = (void *) mc->tSessionCacheDataTable;
-    ssl_mutex_on(s);
-    shmcb_remove_session(s, shm_segment, id, idlen);
-    ssl_mutex_off(s);
-}
-
-void ssl_scache_shmcb_expire(server_rec *s)
-{
-    /* NOP */
-    return;
-}
-
-void ssl_scache_shmcb_status(server_rec *s, pool *p,
-                            void (*func) (char *, void *), void *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    SHMCBIndex *idx;
-    void *shm_segment;
-    unsigned int loop, total, cache_total, non_empty_divisions;
-    int index_pct, cache_pct;
-    double expiry_total;
-    time_t average_expiry, now, max_expiry, min_expiry, idxexpiry;
-
-    ssl_log(s, SSL_LOG_TRACE, "inside ssl_scache_shmcb_status");
-
-    /* We've kludged our pointer into the other cache's member variable. */
-    shm_segment = (void *) mc->tSessionCacheDataTable;
-
-    /* Get the header structure. */
-    shmcb_get_header(shm_segment, &header);
-    total = cache_total = non_empty_divisions = 0;
-    average_expiry = max_expiry = min_expiry = 0;
-    expiry_total = 0;
-
-    /* It may seem strange to grab "now" at this point, but in theory
-     * we should never have a negative threshold but grabbing "now" after
-     * the loop (which performs expiries) could allow that chance. */
-    now = time(NULL);
-    for (loop = 0; loop <= header->division_mask; loop++) {
-        if (shmcb_get_division(header, &queue, &cache, loop)) {
-            shmcb_expire_division(s, &queue, &cache);
-            total += shmcb_get_safe_uint(queue.pos_count);
-            cache_total += shmcb_get_safe_uint(cache.pos_count);
-            if (shmcb_get_safe_uint(queue.pos_count) > 0) {
-                idx = shmcb_get_index(&queue,
-                                     shmcb_get_safe_uint(queue.first_pos));
-                non_empty_divisions++;
-                idxexpiry = shmcb_get_safe_time(&(idx->expires));
-                expiry_total += (double) idxexpiry;
-                max_expiry = (idxexpiry > max_expiry ? idxexpiry :
-                              max_expiry);
-                if (min_expiry == 0)
-                    min_expiry = idxexpiry;
-                else
-                    min_expiry = (idxexpiry < min_expiry ? idxexpiry :
-                                  min_expiry);
-            }
-        }
-    }
-    index_pct = (100 * total) / (header->index_num * (header->division_mask + 1));
-    cache_pct = (100 * cache_total) / (header->cache_data_size * (header->division_mask + 1));
-    func(ap_psprintf(p, "cache type: <b>SHMCB</b>, shared memory: <b>%d</b> "
-                     "bytes, current sessions: <b>%d</b><br>",
-                     mc->nSessionCacheDataSize, total), arg);
-    func(ap_psprintf(p, "sub-caches: <b>%d</b>, indexes per sub-cache: "
-                     "<b>%d</b><br>", (int) header->division_mask + 1,
-                     (int) header->index_num), arg);
-    if (non_empty_divisions != 0) {
-        average_expiry = (time_t)(expiry_total / (double)non_empty_divisions);
-        func(ap_psprintf(p, "time left on oldest entries' SSL sessions: "), arg);
-        if (now < average_expiry)
-            func(ap_psprintf(p, "avg: <b>%d</b> seconds, (range: %d...%d)<br>",
-                            (int)(average_expiry - now), (int) (min_expiry - now),
-                            (int)(max_expiry - now)), arg);
-        else
-            func(ap_psprintf(p, "expiry threshold: <b>Calculation Error!</b>" 
-                             "<br>"), arg);
-
-    }
-    func(ap_psprintf(p, "index usage: <b>%d%%</b>, cache usage: <b>%d%%</b>"
-                     "<br>", index_pct, cache_pct), arg);
-    func(ap_psprintf(p, "total sessions stored since starting: <b>%lu</b><br>",
-                     header->num_stores), arg);
-    func(ap_psprintf(p, "total sessions expired since starting: <b>%lu</b><br>",
-                     header->num_expiries), arg);
-    func(ap_psprintf(p, "total (pre-expiry) sessions scrolled out of the "
-                     "cache: <b>%lu</b><br>", header->num_scrolled), arg);
-    func(ap_psprintf(p, "total retrieves since starting: <b>%lu</b> hit, "
-                     "<b>%lu</b> miss<br>", header->num_retrieves_hit,
-                     header->num_retrieves_miss), arg);
-    func(ap_psprintf(p, "total removes since starting: <b>%lu</b> hit, "
-                     "<b>%lu</b> miss<br>", header->num_removes_hit,
-                     header->num_removes_miss), arg);
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_status");
-    return;
-}
-
-/*
-**
-** Memory manipulation and low-level cache operations 
-**
-*/
-
-static BOOL shmcb_init_memory(
-    server_rec *s, void *shm_mem,
-    unsigned int shm_mem_size)
-{
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    unsigned int temp, loop, granularity;
-
-    ssl_log(s, SSL_LOG_TRACE, "entered shmcb_init_memory()");
-
-    /* Calculate some sizes... */
-    temp = sizeof(SHMCBHeader);
-
-    /* If the segment is ridiculously too small, bail out */
-    if (shm_mem_size < (2*temp)) {
-        ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small");
-        return FALSE;
-    }
-
-    /* Make temp the amount of memory without the header */
-    temp = shm_mem_size - temp;
-
-    /* Work on the basis that you need 10 bytes index for each session
-     * (approx 150 bytes), which is to divide temp by 160 - and then
-     * make sure we err on having too index space to burn even when
-     * the cache is full, which is a lot less stupid than having
-     * having not enough index space to utilise the whole cache!. */
-    temp /= 120;
-    ssl_log(s, SSL_LOG_TRACE, "for %u bytes, recommending %u indexes",
-            shm_mem_size, temp);
-
-    /* We should divide these indexes evenly amongst the queues. Try
-     * to get it so that there are roughly half the number of divisions
-     * as there are indexes in each division. */
-    granularity = 256;
-    while ((temp / granularity) < (2 * granularity))
-        granularity /= 2;
-
-    /* So we have 'granularity' divisions, set 'temp' equal to the
-     * number of indexes in each division. */
-    temp /= granularity;
-
-    /* Too small? Bail ... */
-    if (temp < 5) {
-        ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small");
-        return FALSE;
-    }
-
-    /* OK, we're sorted - from here on in, the return should be TRUE */
-    header = (SHMCBHeader *)shm_mem;
-    header->division_mask = (unsigned char)(granularity - 1);
-    header->division_offset = sizeof(SHMCBHeader);
-    header->index_num = temp;
-    header->index_offset = (2 * sizeof(unsigned int));
-    header->index_size = sizeof(SHMCBIndex);
-    header->queue_size = header->index_offset +
-                         (header->index_num * header->index_size);
-
-    /* Now calculate the space for each division */
-    temp = shm_mem_size - header->division_offset;
-    header->division_size = temp / granularity;
-
-    /* Calculate the space left in each division for the cache */
-    temp -= header->queue_size;
-    header->cache_data_offset = (2 * sizeof(unsigned int));
-    header->cache_data_size = header->division_size -
-                              header->queue_size - header->cache_data_offset;
-
-    /* Output trace info */
-    ssl_log(s, SSL_LOG_TRACE, "shmcb_init_memory choices follow");
-    ssl_log(s, SSL_LOG_TRACE, "division_mask = 0x%02X", header->division_mask);
-    ssl_log(s, SSL_LOG_TRACE, "division_offset = %u", header->division_offset);
-    ssl_log(s, SSL_LOG_TRACE, "division_size = %u", header->division_size);
-    ssl_log(s, SSL_LOG_TRACE, "queue_size = %u", header->queue_size);
-    ssl_log(s, SSL_LOG_TRACE, "index_num = %u", header->index_num);
-    ssl_log(s, SSL_LOG_TRACE, "index_offset = %u", header->index_offset);
-    ssl_log(s, SSL_LOG_TRACE, "index_size = %u", header->index_size);
-    ssl_log(s, SSL_LOG_TRACE, "cache_data_offset = %u", header->cache_data_offset);
-    ssl_log(s, SSL_LOG_TRACE, "cache_data_size = %u", header->cache_data_size);
-
-    /* The header is done, make the caches empty */
-    for (loop = 0; loop < granularity; loop++) {
-        if (!shmcb_get_division(header, &queue, &cache, loop))
-            ssl_log(s, SSL_LOG_ERROR, "shmcb_init_memory, " "internal error");
-        shmcb_set_safe_uint(cache.first_pos, 0);
-        shmcb_set_safe_uint(cache.pos_count, 0);
-        shmcb_set_safe_uint(queue.first_pos, 0);
-        shmcb_set_safe_uint(queue.pos_count, 0);
-    }
-
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_init_memory()");
-    return TRUE;
-}
-
-static BOOL shmcb_store_session(
-    server_rec *s, void *shm_segment, UCHAR *id,
-    int idlen, SSL_SESSION * pSession,
-    time_t timeout)
-{
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    unsigned char masked_index;
-    unsigned char encoded[SSL_SESSION_MAX_DER];
-    unsigned char *ptr_encoded;
-    unsigned int len_encoded;
-    time_t expiry_time;
-
-    ssl_log(s, SSL_LOG_TRACE, "inside shmcb_store_session");
-
-    /* Get the header structure, which division this session will fall into etc. */
-    shmcb_get_header(shm_segment, &header);
-    masked_index = pSession->session_id[0] & header->division_mask;
-    ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, masked index=%u",
-            pSession->session_id[0], masked_index);
-    if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_store_session, " "internal error");
-        return FALSE;
-    }
-
-    /* Serialise the session, work out how much we're dealing
-     * with. NB: This check could be removed if we're not paranoid
-     * or we find some assurance that it will never be necessary. */
-    len_encoded = i2d_SSL_SESSION(pSession, NULL);
-    if (len_encoded > SSL_SESSION_MAX_DER) {
-        ssl_log(s, SSL_LOG_ERROR, "session is too big (%u bytes)",
-                len_encoded);
-        return FALSE;
-    }
-    ptr_encoded = encoded;
-    len_encoded = i2d_SSL_SESSION(pSession, &ptr_encoded);
-    expiry_time = timeout;
-    if (!shmcb_insert_encoded_session(s, &queue, &cache, encoded,
-                                     len_encoded, pSession->session_id,
-                                     expiry_time)) {
-        ssl_log(s, SSL_LOG_ERROR, "can't store a session!");
-        return FALSE;
-    }
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_store successfully");
-    header->num_stores++;
-    return TRUE;
-}
-
-static SSL_SESSION *shmcb_retrieve_session(
-    server_rec *s, void *shm_segment,
-    UCHAR *id, int idlen)
-{
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    unsigned char masked_index;
-    SSL_SESSION *pSession;
-
-    ssl_log(s, SSL_LOG_TRACE, "inside shmcb_retrieve_session");
-    if (idlen < 2) {
-        ssl_log(s, SSL_LOG_ERROR, "unusably short session_id provided "
-                "(%u bytes)", idlen);
-        return FALSE;
-    }
-
-    /* Get the header structure, which division this session lookup
-     * will come from etc. */
-    shmcb_get_header(shm_segment, &header);
-    masked_index = id[0] & header->division_mask;
-    ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u", id[0],
-            masked_index);
-    if (!shmcb_get_division(header, &queue, &cache, (unsigned int) masked_index)) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_retrieve_session, " "internal error");
-        header->num_retrieves_miss++;
-        return FALSE;
-    }
-
-    /* Get the session corresponding to the session_id or NULL if it
-     * doesn't exist (or is flagged as "removed"). */
-    pSession = shmcb_lookup_session_id(s, &queue, &cache, id, idlen);
-    if (pSession)
-        header->num_retrieves_hit++;
-    else
-        header->num_retrieves_miss++;
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_retrieve_session");
-    return pSession;
-}
-
-static BOOL shmcb_remove_session(
-    server_rec *s, void *shm_segment,
-    UCHAR *id, int idlen)
-{
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    unsigned char masked_index;
-    BOOL res;
-
-    ssl_log(s, SSL_LOG_TRACE, "inside shmcb_remove_session");
-    if (id == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "remove called with NULL session_id!");
-        return FALSE;
-    }
-
-    /* Get the header structure, which division this session remove
-     * will happen in etc. */
-    shmcb_get_header(shm_segment, &header);
-    masked_index = id[0] & header->division_mask;
-    ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u",
-            id[0], masked_index);
-    if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session, internal error");
-        header->num_removes_miss++;
-        return FALSE;
-    }
-    res = shmcb_remove_session_id(s, &queue, &cache, id, idlen);
-    if (res)
-        header->num_removes_hit++;
-    else
-        header->num_removes_miss++;
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session");
-    return res;
-}
-
-
-/* 
-**
-** Weirdo cyclic buffer functions
-**
-*/
-
-/* This gets used in the cyclic "index array" (in the 'Queue's) and
- * in the cyclic 'Cache's too ... you provide the "width" of the
- * cyclic store, the starting position and how far to move (with
- * wrapping if necessary). Basically it's addition modulo buf_size. */
-static unsigned int shmcb_cyclic_increment(
-    unsigned int buf_size,
-    unsigned int start_pos,
-    unsigned int to_add)
-{
-    start_pos += to_add;
-    while (start_pos >= buf_size)
-        start_pos -= buf_size;
-    return start_pos;
-}
-
-/* Given two positions in a cyclic buffer, calculate the "distance".
- * This is to cover the case ("non-trivial") where the 'next' offset
- * is to the left of the 'start' offset. NB: This calculates the
- * space inclusive of one end-point but not the other. There is an
- * ambiguous case (which is why we use the <start_pos,offset>
- * coordinate system rather than <start_pos,end_pos> one) when 'start'
- * is the same as 'next'. It could indicate the buffer is full or it
- * can indicate the buffer is empty ... I choose the latter as it's
- * easier and usually necessary to check if the buffer is full anyway
- * before doing incremental logic (which is this useful for), but we
- * definitely need the empty case handled - in fact it's our starting
- * state!! */
-static unsigned int shmcb_cyclic_space(
-    unsigned int buf_size,
-    unsigned int start_offset,
-    unsigned int next_offset)
-{
-    /* Is it the trivial case? */
-    if (start_offset <= next_offset)
-        return (next_offset - start_offset);              /* yes */
-    else
-        return ((buf_size - start_offset) + next_offset); /* no */
-}
-
-/* A "normal-to-cyclic" memcpy ... this takes a linear block of
- * memory and copies it onto a cyclic buffer. The purpose and
- * function of this is pretty obvious, you need to cover the case
- * that the destination (cyclic) buffer has to wrap round. */
-static void shmcb_cyclic_ntoc_memcpy(
-    unsigned int buf_size,
-    unsigned char *data,
-    unsigned int dest_offset,
-    unsigned char *src, unsigned int src_len)
-{
-    /* Can it be copied all in one go? */
-    if (dest_offset + src_len < buf_size)
-        /* yes */
-        memcpy(data + dest_offset, src, src_len);
-    else {
-        /* no */
-        memcpy(data + dest_offset, src, buf_size - dest_offset);
-        memcpy(data, src + buf_size - dest_offset,
-               src_len + dest_offset - buf_size);
-    }
-    return;
-}
-
-/* A "cyclic-to-normal" memcpy ... given the last function, this
- * one's purpose is clear, it copies out of a cyclic buffer handling
- * wrapping. */
-static void shmcb_cyclic_cton_memcpy(
-    unsigned int buf_size,
-    unsigned char *dest,
-    unsigned char *data,
-    unsigned int src_offset,
-    unsigned int src_len)
-{
-    /* Can it be copied all in one go? */
-    if (src_offset + src_len < buf_size)
-        /* yes */
-        memcpy(dest, data + src_offset, src_len);
-    else {
-        /* no */
-        memcpy(dest, data + src_offset, buf_size - src_offset);
-        memcpy(dest + buf_size - src_offset, data,
-               src_len + src_offset - buf_size);
-    }
-    return;
-}
-
-/* Here's the cool hack that makes it all work ... by simply
- * making the first collection of bytes *be* our header structure
- * (casting it into the C structure), we have the perfect way to
- * maintain state in a shared-memory session cache from one call
- * (and process) to the next, use the shared memory itself! The
- * original mod_ssl shared-memory session cache uses variables
- * inside the context, but we simply use that for storing the
- * pointer to the shared memory itself. And don't forget, after
- * Apache's initialisation, this "header" is constant/read-only
- * so we can read it outside any locking.
- * <grin> - sometimes I just *love* coding y'know?!  */
-static void shmcb_get_header(void *shm_mem, SHMCBHeader **header)
-{
-    *header = (SHMCBHeader *)shm_mem;
-    return;
-}
-
-/* This is what populates our "interesting" structures. Given a
- * pointer to the header, and an index into the appropriate
- * division (this must have already been masked using the
- * division_mask by the caller!), we can populate the provided
- * SHMCBQueue and SHMCBCache structures with values and
- * pointers to the underlying shared memory. Upon returning
- * (if not FALSE), the caller can meddle with the pointer
- * values and they will map into the shared-memory directly,
- * as such there's no need to "free" or "set" the Queue or
- * Cache values, they were themselves references to the *real*
- * data. */
-static BOOL shmcb_get_division(
-    SHMCBHeader *header, SHMCBQueue *queue,
-    SHMCBCache *cache, unsigned int idx)
-{
-    unsigned char *pQueue;
-    unsigned char *pCache;
-
-    /* bounds check */
-    if (idx > (unsigned int) header->division_mask)
-        return FALSE;
-
-    /* Locate the blocks of memory storing the corresponding data */
-    pQueue = ((unsigned char *) header) + header->division_offset +
-        (idx * header->division_size);
-    pCache = pQueue + header->queue_size;
-
-    /* Populate the structures with appropriate pointers */
-    queue->first_pos = (unsigned int *) pQueue;
-
-    /* Our structures stay packed, no matter what the system's
-     * data-alignment regime is. */
-    queue->pos_count = (unsigned int *) (pQueue + sizeof(unsigned int));
-    queue->indexes = (SHMCBIndex *) (pQueue + (2 * sizeof(unsigned int)));
-    cache->first_pos = (unsigned int *) pCache;
-    cache->pos_count = (unsigned int *) (pCache + sizeof(unsigned int));
-    cache->data = (unsigned char *) (pCache + (2 * sizeof(unsigned int)));
-    queue->header = cache->header = header;
-
-    return TRUE;
-}
-
-/* This returns a pointer to the piece of shared memory containing
- * a specified 'Index'. SHMCBIndex, like SHMCBHeader, is a fixed
- * width non-referencing structure of primitive types that can be
- * cast onto the corresponding block of shared memory. Thus, by
- * returning a cast pointer to that section of shared memory, the
- * caller can read and write values to and from the "structure" and
- * they are actually reading and writing the underlying shared
- * memory. */
-static SHMCBIndex *shmcb_get_index(
-    const SHMCBQueue *queue, unsigned int idx)
-{
-    /* bounds check */
-    if (idx > queue->header->index_num)
-        return NULL;
-
-    /* Return a pointer to the index. NB: I am being horribly pendantic
-     * here so as to avoid any potential data-alignment assumptions being
-     * placed on the pointer arithmetic by the compiler (sigh). */
-    return (SHMCBIndex *)(((unsigned char *) queue->indexes) +
-                          (idx * sizeof(SHMCBIndex)));
-}
-
-/* This functions rolls expired cache (and index) entries off the front
- * of the cyclic buffers in a division. The function returns the number
- * of expired sessions. */
-static unsigned int shmcb_expire_division(
-    server_rec *s, SHMCBQueue *queue, SHMCBCache *cache)
-{
-    SHMCBIndex *idx;
-    time_t now;
-    unsigned int loop, index_num, pos_count, new_pos;
-    SHMCBHeader *header;
-
-    ssl_log(s, SSL_LOG_TRACE, "entering shmcb_expire_division");
-
-    /* We must calculate num and space ourselves based on expiry times. */
-    now = time(NULL);
-    loop = 0;
-    new_pos = shmcb_get_safe_uint(queue->first_pos);
-
-    /* Cache useful values */
-    header = queue->header;
-    index_num = header->index_num;
-    pos_count = shmcb_get_safe_uint(queue->pos_count);
-    while (loop < pos_count) {
-        idx = shmcb_get_index(queue, new_pos);
-        if (shmcb_get_safe_time(&(idx->expires)) > now)
-            /* it hasn't expired yet, we're done iterating */
-            break;
-        /* This one should be expired too. Shift to the next entry. */
-        loop++;
-        new_pos = shmcb_cyclic_increment(index_num, new_pos, 1);
-    }
-
-    /* Find the new_offset and make the expiries happen. */
-    if (loop > 0) {
-        ssl_log(s, SSL_LOG_TRACE, "will be expiring %u sessions", loop);
-        /* We calculate the new_offset by "peeking" (or in the
-         * case it's the last entry, "sneaking" ;-). */
-        if (loop == pos_count) {
-            /* We are expiring everything! This is easy to do... */
-            shmcb_set_safe_uint(queue->pos_count, 0);
-            shmcb_set_safe_uint(cache->pos_count, 0);
-        }
-        else {
-            /* The Queue is easy to adjust */
-            shmcb_set_safe_uint(queue->pos_count,
-                               shmcb_get_safe_uint(queue->pos_count) - loop);
-            shmcb_set_safe_uint(queue->first_pos, new_pos);
-            /* peek to the start of the next session */
-            idx = shmcb_get_index(queue, new_pos);
-            /* We can use shmcb_cyclic_space because we've guaranteed 
-             * we don't fit the ambiguous full/empty case. */
-            shmcb_set_safe_uint(cache->pos_count,
-                               shmcb_get_safe_uint(cache->pos_count) -
-                               shmcb_cyclic_space(header->cache_data_size,
-                                                  shmcb_get_safe_uint(cache->first_pos),
-                                                  shmcb_get_safe_uint(&(idx->offset))));
-            shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
-        }
-        ssl_log(s, SSL_LOG_TRACE, "we now have %u sessions",
-                shmcb_get_safe_uint(queue->pos_count));
-    }
-    header->num_expiries += loop;
-    return loop;
-}
-
-/* Inserts a new encoded session into a queue/cache pair - expiring
- * (early or otherwise) any leading sessions as necessary to ensure
- * there is room. An error return (FALSE) should only happen in the
- * event of surreal values being passed on, or ridiculously small
- * cache sizes. NB: For tracing purposes, this function is also given
- * the server_rec to allow "ssl_log()". */
-static BOOL shmcb_insert_encoded_session(
-    server_rec *s, SHMCBQueue * queue,
-    SHMCBCache * cache,
-    unsigned char *encoded,
-    unsigned int encoded_len,
-    unsigned char *session_id,
-    time_t expiry_time)
-{
-    SHMCBHeader *header;
-    SHMCBIndex *idx = NULL;
-    unsigned int gap, new_pos, loop, new_offset;
-    int need;
-
-    ssl_log(s, SSL_LOG_TRACE, "entering shmcb_insert_encoded_session, "
-            "*queue->pos_count = %u", shmcb_get_safe_uint(queue->pos_count));
-
-    /* If there's entries to expire, ditch them first thing. */
-    shmcb_expire_division(s, queue, cache);
-    header = cache->header;
-    gap = header->cache_data_size - shmcb_get_safe_uint(cache->pos_count);
-    if (gap < encoded_len) {
-        new_pos = shmcb_get_safe_uint(queue->first_pos);
-        loop = 0;
-        need = (int) encoded_len - (int) gap;
-        while ((need > 0) && (loop + 1 < shmcb_get_safe_uint(queue->pos_count))) {
-            new_pos = shmcb_cyclic_increment(header->index_num, new_pos, 1);
-            loop += 1;
-            idx = shmcb_get_index(queue, new_pos);
-            need = (int) encoded_len - (int) gap -
-                shmcb_cyclic_space(header->cache_data_size,
-                                   shmcb_get_safe_uint(cache->first_pos),
-                                   shmcb_get_safe_uint(&(idx->offset)));
-        }
-        if (loop > 0) {
-            ssl_log(s, SSL_LOG_TRACE, "about to scroll %u sessions from %u",
-                    loop, shmcb_get_safe_uint(queue->pos_count));
-            /* We are removing "loop" items from the cache. */
-            shmcb_set_safe_uint(cache->pos_count,
-                                shmcb_get_safe_uint(cache->pos_count) -
-                                shmcb_cyclic_space(header->cache_data_size,
-                                                   shmcb_get_safe_uint(cache->first_pos),
-                                                   shmcb_get_safe_uint(&(idx->offset))));
-            shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
-            shmcb_set_safe_uint(queue->pos_count, shmcb_get_safe_uint(queue->pos_count) - loop);
-            shmcb_set_safe_uint(queue->first_pos, new_pos);
-            ssl_log(s, SSL_LOG_TRACE, "now only have %u sessions",
-                    shmcb_get_safe_uint(queue->pos_count));
-            /* Update the stats!!! */
-            header->num_scrolled += loop;
-        }
-    }
-
-    /* probably unnecessary checks, but I'll leave them until this code
-     * is verified. */
-    if (shmcb_get_safe_uint(cache->pos_count) + encoded_len >
-        header->cache_data_size) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
-                "internal error");
-        return FALSE;
-    }
-    if (shmcb_get_safe_uint(queue->pos_count) == header->index_num) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
-                "internal error");
-        return FALSE;
-    }
-    ssl_log(s, SSL_LOG_TRACE, "we have %u bytes and %u indexes free - "
-            "enough", header->cache_data_size -
-            shmcb_get_safe_uint(cache->pos_count), header->index_num -
-            shmcb_get_safe_uint(queue->pos_count));
-
-
-    /* HERE WE ASSUME THAT THE NEW SESSION SHOULD GO ON THE END! I'M NOT
-     * CHECKING WHETHER IT SHOULD BE GENUINELY "INSERTED" SOMEWHERE.
-     *
-     * We either fix that, or find out at a "higher" (read "mod_ssl")
-     * level whether it is possible to have distinct session caches for
-     * any attempted tomfoolery to do with different session timeouts.
-     * Knowing in advance that we can have a cache-wide constant timeout
-     * would make this stuff *MUCH* more efficient. Mind you, it's very
-     * efficient right now because I'm ignoring this problem!!!
-     */
-
-    /* Increment to the first unused byte */
-    new_offset = shmcb_cyclic_increment(header->cache_data_size,
-                                        shmcb_get_safe_uint(cache->first_pos),
-                                        shmcb_get_safe_uint(cache->pos_count));
-    /* Copy the DER-encoded session into place */
-    shmcb_cyclic_ntoc_memcpy(header->cache_data_size, cache->data,
-                            new_offset, encoded, encoded_len);
-    /* Get the new index that this session is stored in. */
-    new_pos = shmcb_cyclic_increment(header->index_num,
-                                     shmcb_get_safe_uint(queue->first_pos),
-                                     shmcb_get_safe_uint(queue->pos_count));
-    ssl_log(s, SSL_LOG_TRACE, "storing in index %u, at offset %u", new_pos,
-            new_offset);
-    idx = shmcb_get_index(queue, new_pos);
-    if (idx == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
-                "internal error");
-        return FALSE;
-    }
-    shmcb_safe_clear(idx, sizeof(SHMCBIndex));
-    shmcb_set_safe_time(&(idx->expires), expiry_time);
-    shmcb_set_safe_uint(&(idx->offset), new_offset);
-
-    /* idx->removed = (unsigned char)0; */ /* Not needed given the memset above. */
-    idx->s_id2 = session_id[1];
-    ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, idx->s_id2=%u",
-            session_id[0], session_id[1]);
-
-    /* All that remains is to adjust the cache's and queue's "pos_count"s. */
-    shmcb_set_safe_uint(cache->pos_count,
-                       shmcb_get_safe_uint(cache->pos_count) + encoded_len);
-    shmcb_set_safe_uint(queue->pos_count,
-                       shmcb_get_safe_uint(queue->pos_count) + 1);
-
-    /* And just for good debugging measure ... */
-    ssl_log(s, SSL_LOG_TRACE, "leaving now with %u bytes in the cache and "
-            "%u indexes", shmcb_get_safe_uint(cache->pos_count),
-            shmcb_get_safe_uint(queue->pos_count));
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_insert_encoded_session");
-    return TRUE;
-}
-
-/* Performs a lookup into a queue/cache pair for a
- * session_id. If found, the session is deserialised
- * and returned, otherwise NULL. */
-static SSL_SESSION *shmcb_lookup_session_id(
-    server_rec *s, SHMCBQueue *queue,
-    SHMCBCache *cache, UCHAR *id,
-    int idlen)
-{
-    unsigned char tempasn[SSL_SESSION_MAX_DER];
-    SHMCBIndex *idx;
-    SHMCBHeader *header;
-    SSL_SESSION *pSession = NULL;
-    unsigned int curr_pos, loop, count;
-    unsigned char *ptr;
-    time_t now;
-
-    ssl_log(s, SSL_LOG_TRACE, "entering shmcb_lookup_session_id");
-
-    /* If there are entries to expire, ditch them first thing. */
-    shmcb_expire_division(s, queue, cache);
-    now = time(NULL);
-    curr_pos = shmcb_get_safe_uint(queue->first_pos);
-    count = shmcb_get_safe_uint(queue->pos_count);
-    header = queue->header;
-    for (loop = 0; loop < count; loop++) {
-        ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u",
-                loop, count, curr_pos);
-        idx = shmcb_get_index(queue, curr_pos);
-        ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u, offset=%u",
-                idx->s_id2, id[1], shmcb_get_safe_uint(&(idx->offset)));
-        /* Only look into the session further if;
-         * (a) the second byte of the session_id matches,
-         * (b) the "removed" flag isn't set,
-         * (c) the session hasn't expired yet.
-         * We do (c) like this so that it saves us having to
-         * do natural expiries ... naturally expired sessions
-         * scroll off the front anyway when the cache is full and
-         * "rotating", the only real issue that remains is the
-         * removal or disabling of forcibly killed sessions. */
-        if ((idx->s_id2 == id[1]) && !idx->removed &&
-            (shmcb_get_safe_time(&(idx->expires)) > now)) {
-            ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible "
-                    "session match", curr_pos);
-            shmcb_cyclic_cton_memcpy(header->cache_data_size,
-                                     tempasn, cache->data,
-                                     shmcb_get_safe_uint(&(idx->offset)),
-                                     SSL_SESSION_MAX_DER);
-            ptr = tempasn;
-            pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
-            if (pSession == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "scach2_lookup_"
-                        "session_id, internal error");
-                return NULL;
-            }
-            if ((pSession->session_id_length == idlen) &&
-                (memcmp(pSession->session_id, id, idlen) == 0)) {
-                ssl_log(s, SSL_LOG_TRACE, "a match!");
-                return pSession;
-            }
-            ssl_log(s, SSL_LOG_TRACE, "not a match");
-            SSL_SESSION_free(pSession);
-            pSession = NULL;
-        }
-        curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
-    }
-    ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found");
-    return NULL;
-}
-
-static BOOL shmcb_remove_session_id(
-    server_rec *s, SHMCBQueue *queue,
-    SHMCBCache *cache, UCHAR *id, int idlen)
-{
-    unsigned char tempasn[SSL_SESSION_MAX_DER];
-    SSL_SESSION *pSession = NULL;
-    SHMCBIndex *idx;
-    SHMCBHeader *header;
-    unsigned int curr_pos, loop, count;
-    unsigned char *ptr;
-    BOOL to_return = FALSE;
-
-    ssl_log(s, SSL_LOG_TRACE, "entering shmcb_remove_session_id");
-
-    /* If there's entries to expire, ditch them first thing. */
-    /* shmcb_expire_division(s, queue, cache); */
-
-    /* Regarding the above ... hmmm ... I know my expiry code is slightly
-     * "faster" than all this remove stuff ... but if the higher level
-     * code calls a "remove" operation (and this *only* seems to happen
-     * when it has spotted an expired session before we had a chance to)
-     * then it should get credit for a remove (stats-wise). Also, in the
-     * off-chance that the server *requests* a renegotiate and wants to
-     * wipe the session clean we should give that priority over our own
-     * routine expiry handling. So I've moved the expiry check to *after*
-     * this general remove stuff. */
-    curr_pos = shmcb_get_safe_uint(queue->first_pos);
-    count = shmcb_get_safe_uint(queue->pos_count);
-    header = cache->header;
-    for (loop = 0; loop < count; loop++) {
-        ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u",
-                loop, count, curr_pos);
-        idx = shmcb_get_index(queue, curr_pos);
-        ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u", idx->s_id2,
-                id[1]);
-        /* Only look into the session further if the second byte of the
-         * session_id matches. */
-        if (idx->s_id2 == id[1]) {
-            ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible "
-                    "session match", curr_pos);
-            shmcb_cyclic_cton_memcpy(header->cache_data_size,
-                                     tempasn, cache->data,
-                                     shmcb_get_safe_uint(&(idx->offset)),
-                                     SSL_SESSION_MAX_DER);
-            ptr = tempasn;
-            pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
-            if (pSession == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session_id, "
-                        "internal error");
-                goto end;
-            }
-            if ((pSession->session_id_length == idlen) 
-                 && (memcmp(id, pSession->session_id, idlen) == 0)) {
-                ssl_log(s, SSL_LOG_TRACE, "a match!");
-                /* Scrub out this session "quietly" */
-                idx->removed = (unsigned char) 1;
-                SSL_SESSION_free(pSession);
-                to_return = TRUE;
-                goto end;
-            }
-            ssl_log(s, SSL_LOG_TRACE, "not a match");
-            SSL_SESSION_free(pSession);
-            pSession = NULL;
-        }
-        curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
-    }
-    ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found");
-
-    /* If there's entries to expire, ditch them now. */
-    shmcb_expire_division(s, queue, cache);
-end:
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session_id");
-    return to_return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmht.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmht.c
deleted file mode 100644
index 94a0ad9f0a7..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmht.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_scache_shmht.c
-**  Session Cache via Shared Memory (Hash Table Variant)
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-/*
- *  Wrapper functions for table library which resemble malloc(3) & Co 
- *  but use the variants from the MM shared memory library.
- */
-
-static void *ssl_scache_shmht_malloc(size_t size)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return ap_mm_malloc(mc->pSessionCacheDataMM, size);
-}
-
-static void *ssl_scache_shmht_calloc(size_t number, size_t size)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return ap_mm_calloc(mc->pSessionCacheDataMM, number, size);
-}
-
-static void *ssl_scache_shmht_realloc(void *ptr, size_t size)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return ap_mm_realloc(mc->pSessionCacheDataMM, ptr, size);
-}
-
-static void ssl_scache_shmht_free(void *ptr)
-{
-    SSLModConfigRec *mc = myModConfig();
-    ap_mm_free(mc->pSessionCacheDataMM, ptr);
-    return;
-}
-
-/*
- * Now the actual session cache implementation
- * based on a hash table inside a shared memory segment.
- */
-
-void ssl_scache_shmht_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    AP_MM *mm;
-    table_t *ta;
-    int ta_errno;
-    int avail;
-    int n;
-
-    /*
-     * Create shared memory segment
-     */
-    if (mc->szSessionCacheDataFile == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
-        ssl_die();
-    }
-    if ((mm = ap_mm_create(mc->nSessionCacheDataSize, 
-                           mc->szSessionCacheDataFile)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, 
-                "Cannot allocate shared memory: %s", ap_mm_error());
-        ssl_die();
-    }
-    mc->pSessionCacheDataMM = mm;
-
-    /* 
-     * Make sure the childs have access to the underlaying files
-     */
-    ap_mm_permission(mm, SSL_MM_FILE_MODE, ap_user_id, -1);
-
-    /*
-     * Create hash table in shared memory segment
-     */
-    avail = ap_mm_available(mm);
-    n = (avail/2) / 1024;
-    n = n < 10 ? 10 : n;
-    if ((ta = table_alloc(n, &ta_errno, 
-                          ssl_scache_shmht_malloc,  
-                          ssl_scache_shmht_calloc, 
-                          ssl_scache_shmht_realloc, 
-                          ssl_scache_shmht_free    )) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Cannot allocate hash table in shared memory: %s",
-                table_strerror(ta_errno));
-        ssl_die();
-    }
-    table_attr(ta, TABLE_FLAG_AUTO_ADJUST|TABLE_FLAG_ADJUST_DOWN);
-    table_set_data_alignment(ta, sizeof(char *));
-    table_clear(ta);
-    mc->tSessionCacheDataTable = ta;
-
-    /*
-     * Log the done work
-     */
-    ssl_log(s, SSL_LOG_INFO, 
-            "Init: Created hash-table (%d buckets) "
-            "in shared memory (%d bytes) for SSL session cache", n, avail);
-    return;
-}
-
-void ssl_scache_shmht_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->pSessionCacheDataMM != NULL) {
-        ap_mm_destroy(mc->pSessionCacheDataMM);
-        mc->pSessionCacheDataMM = NULL;
-    }
-    return;
-}
-
-BOOL ssl_scache_shmht_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *vp;
-    UCHAR ucaData[SSL_SESSION_MAX_DER];
-    int nData;
-    UCHAR *ucp;
-
-    /* streamline session data */
-    if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
-        return FALSE;
-    ucp = ucaData;
-    i2d_SSL_SESSION(sess, &ucp);
-
-    ssl_mutex_on(s);
-    if (table_insert_kd(mc->tSessionCacheDataTable, 
-                        id, idlen, NULL, sizeof(time_t)+nData,
-                        NULL, &vp, 1) != TABLE_ERROR_NONE) {
-        ssl_mutex_off(s);
-        return FALSE;
-    }
-    memcpy(vp, &expiry, sizeof(time_t));
-    memcpy((char *)vp+sizeof(time_t), ucaData, nData);
-    ssl_mutex_off(s);
-
-    /* allow the regular expiring to occur */
-    ssl_scache_shmht_expire(s);
-
-    return TRUE;
-}
-
-SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *vp;
-    SSL_SESSION *sess = NULL;
-    UCHAR *ucpData;
-    int nData;
-    time_t expiry;
-    time_t now;
-    int n;
-
-    /* allow the regular expiring to occur */
-    ssl_scache_shmht_expire(s);
-
-    /* lookup key in table */
-    ssl_mutex_on(s);
-    if (table_retrieve(mc->tSessionCacheDataTable,
-                       id, idlen, &vp, &n) != TABLE_ERROR_NONE) {
-        ssl_mutex_off(s);
-        return NULL;
-    }
-
-    /* copy over the information to the SCI */
-    nData = n-sizeof(time_t);
-    ucpData = (UCHAR *)malloc(nData);
-    if (ucpData == NULL) {
-        ssl_mutex_off(s);
-        return NULL;
-    }
-    memcpy(&expiry, vp, sizeof(time_t));
-    memcpy(ucpData, (char *)vp+sizeof(time_t), nData);
-    ssl_mutex_off(s);
-
-    /* make sure the stuff is still not expired */
-    now = time(NULL);
-    if (expiry <= now) {
-        ssl_scache_shmht_remove(s, id, idlen);
-        return NULL;
-    }
-
-    /* unstreamed SSL_SESSION */
-    sess = d2i_SSL_SESSION(NULL, &ucpData, nData);
-
-    return sess;
-}
-
-void ssl_scache_shmht_remove(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    /* remove value under key in table */
-    ssl_mutex_on(s);
-    table_delete(mc->tSessionCacheDataTable, id, idlen, NULL, NULL);
-    ssl_mutex_off(s);
-    return;
-}
-
-void ssl_scache_shmht_expire(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSLSrvConfigRec *sc = mySrvConfig(s);
-    static time_t tLast = 0;
-    table_linear_t iterator;
-    time_t tExpiresAt;
-    void *vpKey;
-    void *vpKeyThis;
-    void *vpData;
-    int nKey;
-    int nKeyThis;
-    int nData;
-    int nElements = 0;
-    int nDeleted = 0;
-    int bDelete;
-    int rc;
-    time_t tNow;
-
-    /*
-     * make sure the expiration for still not-accessed session
-     * cache entries is done only from time to time
-     */
-    tNow = time(NULL);
-    if (tNow < tLast+sc->nSessionCacheTimeout)
-        return;
-    tLast = tNow;
-
-    ssl_mutex_on(s);
-    if (table_first_r(mc->tSessionCacheDataTable, &iterator,
-                      &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE) {
-        do {
-            bDelete = FALSE;
-            nElements++;
-            if (nData < sizeof(time_t) || vpData == NULL)
-                bDelete = TRUE;
-            else {
-                memcpy(&tExpiresAt, vpData, sizeof(time_t));
-                if (tExpiresAt <= tNow)
-                   bDelete = TRUE;
-            }
-            vpKeyThis = vpKey;
-            nKeyThis  = nKey;
-            rc = table_next_r(mc->tSessionCacheDataTable, &iterator,
-                              &vpKey, &nKey, &vpData, &nData);
-            if (bDelete) {
-                table_delete(mc->tSessionCacheDataTable,
-                             vpKeyThis, nKeyThis, NULL, NULL);
-                nDeleted++;
-            }
-        } while (rc == TABLE_ERROR_NONE);
-    }
-    ssl_mutex_off(s);
-    ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (SHMHT) Expiry: "
-            "old: %d, new: %d, removed: %d", nElements, nElements-nDeleted, nDeleted);
-    return;
-}
-
-void ssl_scache_shmht_status(server_rec *s, pool *p, void (*func)(char *, void *), void *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *vpKey;
-    void *vpData;
-    int nKey;
-    int nData;
-    int nElem;
-    int nSize;
-    int nAverage;
-
-    nElem = 0;
-    nSize = 0;
-    ssl_mutex_on(s);
-    if (table_first(mc->tSessionCacheDataTable,
-                    &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE) {
-        do {
-            if (vpKey == NULL || vpData == NULL)
-                continue;
-            nElem += 1;
-            nSize += nData;
-        } while (table_next(mc->tSessionCacheDataTable,
-                            &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE);
-    }
-    ssl_mutex_off(s);
-    if (nSize > 0 && nElem > 0)
-        nAverage = nSize / nElem;
-    else
-        nAverage = 0;
-    func(ap_psprintf(p, "cache type: <b>SHMHT</b>, maximum size: <b>%d</b> bytes<br>", mc->nSessionCacheDataSize), arg);
-    func(ap_psprintf(p, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize), arg);
-    func(ap_psprintf(p, "average session size: <b>%d</b> bytes<br>", nAverage), arg);
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util.c b/usr.sbin/httpd/src/modules/ssl/ssl_util.c
deleted file mode 100644
index e23e3703c9e..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util.c
-**  Utility Functions
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* ====================================================================
- * Copyright (c) 1995-1999 Ben Laurie. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * 4. The name "Apache-SSL Server" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission.
- *
- * 5. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * THIS SOFTWARE IS PROVIDED BY BEN LAURIE ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BEN LAURIE OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Every day of my life
-                                  I am forced to add another
-                                  name to the list of people
-                                  who piss me off!''
-                                            -- Calvin          */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Utility Functions
-**  _________________________________________________________________
-*/
-
-char *ssl_util_server_root_relative(pool *p, char *what, char *arg)
-{
-    char *rv = NULL;
-
-#ifdef SSL_VENDOR
-    ap_hook_use("ap::mod_ssl::vendor::ssl_server_root_relative",
-                AP_HOOK_SIG4(ptr,ptr,ptr,ptr), AP_HOOK_ALL, &rv, p, what, arg);
-    if (rv != NULL)
-        return rv;
-#endif
-    rv = ap_server_root_relative(p, arg);
-    return rv;
-}
-
-char *ssl_util_vhostid(pool *p, server_rec *s)
-{
-    char *id;
-    SSLSrvConfigRec *sc;
-    char *host;
-    unsigned int port;
-
-    host = s->server_hostname;
-    if (s->port != 0)
-        port = s->port;
-    else {
-        sc = mySrvConfig(s);
-        if (sc->bEnabled)
-            port = DEFAULT_HTTPS_PORT;
-        else
-            port = DEFAULT_HTTP_PORT;
-    }
-    id = ap_psprintf(p, "%s:%u", host, port);
-    return id;
-}
-
-FILE *ssl_util_ppopen(server_rec *s, pool *p, char *cmd)
-{
-    FILE *fpout;
-    int rc;
-
-    fpout = NULL;
-    rc = ap_spawn_child(p, ssl_util_ppopen_child,
-                        (void *)cmd, kill_after_timeout,
-                        NULL, &fpout, NULL);
-    if (rc == 0 || fpout == NULL) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "ssl_util_ppopen: could not run: %s", cmd);
-        return NULL;
-    }
-    return (fpout);
-}
-
-int ssl_util_ppopen_child(void *cmd, child_info *pinfo)
-{
-    int child_pid = 1;
-
-    /*
-     * Prepare for exec
-     */
-    ap_cleanup_for_exec();
-    signal(SIGHUP, SIG_IGN);
-
-    /*
-     * Exec() the child program
-     */
-    /* Standard Unix */
-    execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, (char *)NULL);
-    return (child_pid);
-}
-
-void ssl_util_ppclose(server_rec *s, pool *p, FILE *fp)
-{
-    ap_pfclose(p, fp);
-    return;
-}
-
-/*
- * Run a filter program and read the first line of its stdout output
- */
-char *ssl_util_readfilter(server_rec *s, pool *p, char *cmd)
-{
-    static char buf[MAX_STRING_LEN];
-    FILE *fp;
-    char c;
-    int k;
-
-    if ((fp = ssl_util_ppopen(s, p, cmd)) == NULL)
-        return NULL;
-    for (k = 0;    read(fileno(fp), &c, 1) == 1
-                && (k < MAX_STRING_LEN-1)       ; ) {
-        if (c == '\n' || c == '\r')
-            break;
-        buf[k++] = c;
-    }
-    buf[k] = NUL;
-    ssl_util_ppclose(s, p, fp);
-
-    return buf;
-}
-
-BOOL ssl_util_path_check(ssl_pathcheck_t pcm, char *path)
-{
-    struct stat sb;
-
-    if (path == NULL)
-        return FALSE;
-    if (pcm & SSL_PCM_EXISTS && stat(path, &sb) != 0)
-        return FALSE;
-    if (pcm & SSL_PCM_ISREG && !S_ISREG(sb.st_mode))
-        return FALSE;
-    if (pcm & SSL_PCM_ISDIR && !S_ISDIR(sb.st_mode))
-        return FALSE;
-    if (pcm & SSL_PCM_ISNONZERO && sb.st_mode <= 0)
-        return FALSE;
-    return TRUE;
-}
-
-ssl_algo_t ssl_util_algotypeof(X509 *pCert, EVP_PKEY *pKey) 
-{
-    ssl_algo_t t;
-            
-    t = SSL_ALGO_UNKNOWN;
-    if (pCert != NULL)
-        pKey = X509_get_pubkey(pCert);
-    if (pKey != NULL) {
-        switch (EVP_PKEY_type(pKey->type)) {
-            case EVP_PKEY_RSA: 
-                t = SSL_ALGO_RSA;
-                break;
-            case EVP_PKEY_DSA: 
-                t = SSL_ALGO_DSA;
-                break;
-            default:
-                break;
-        }
-    }
-    return t;
-}
-
-char *ssl_util_algotypestr(ssl_algo_t t) 
-{
-    char *cp;
-
-    cp = "UNKNOWN";
-    switch (t) {
-        case SSL_ALGO_RSA: 
-            cp = "RSA";
-            break;
-        case SSL_ALGO_DSA: 
-            cp = "DSA";
-            break;
-        default:
-            break;
-    }
-    return cp;
-}
-
-char *ssl_util_ptxtsub(
-    pool *p, const char *cpLine, const char *cpMatch, char *cpSubst)
-{
-#define MAX_PTXTSUB 100
-    char *cppMatch[MAX_PTXTSUB + 1];
-    char *cpResult;
-    int nResult;
-    int nLine;
-    int nSubst;
-    int nMatch;
-    char *cpI;
-    char *cpO;
-    char *cp;
-    int i;
-
-    /*
-     * Pass 1: find substitution locations and calculate sizes
-     */
-    nLine  = strlen(cpLine);
-    nMatch = strlen(cpMatch);
-    nSubst = strlen(cpSubst);
-    for (cpI = (char *)cpLine, i = 0, nResult = 0;
-         cpI < cpLine+nLine && i < MAX_PTXTSUB;    ) {
-        if ((cp = strstr(cpI, cpMatch)) != NULL) {
-            cppMatch[i++] = cp;
-            nResult += ((cp-cpI)+nSubst);
-            cpI = (cp+nMatch);
-        }
-        else {
-            nResult += strlen(cpI);
-            break;
-        }
-    }
-    cppMatch[i] = NULL;
-    if (i == 0)
-        return NULL;
-
-    /*
-     * Pass 2: allocate memory and assemble result
-     */
-    cpResult = ap_pcalloc(p, nResult+1);
-    for (cpI = (char *)cpLine, cpO = cpResult, i = 0; cppMatch[i] != NULL; i++) {
-        ap_cpystrn(cpO, cpI, cppMatch[i]-cpI+1);
-        cpO += (cppMatch[i]-cpI);
-        ap_cpystrn(cpO, cpSubst, nSubst+1);
-        cpO += nSubst;
-        cpI = (cppMatch[i]+nMatch);
-    }
-    ap_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);
-
-    return cpResult;
-}
-
-/*  _________________________________________________________________
-**
-**  Special Functions for Win32/OpenSSL
-**  _________________________________________________________________
-*/
-
-void ssl_util_thread_setup(void)
-{
-    return;
-}
-
-void ssl_util_thread_cleanup(void)
-{
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.c b/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.c
deleted file mode 100644
index 441a46babf1..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.c
+++ /dev/null
@@ -1,511 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util_ssl.c
-**  Additional Utility Functions for OpenSSL
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
-  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Additional High-Level Functions for OpenSSL
-**  _________________________________________________________________
-*/
-
-int SSL_get_app_data2_idx(void)
-{
-   static int app_data2_idx = -1;
-
-   if (app_data2_idx < 0) {
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-   }
-   return(app_data2_idx);
-}
-
-void *SSL_get_app_data2(SSL *ssl)
-{
-    return (void *)SSL_get_ex_data(ssl, SSL_get_app_data2_idx());
-}
-
-void SSL_set_app_data2(SSL *ssl, void *arg)
-{
-    SSL_set_ex_data(ssl, SSL_get_app_data2_idx(), (char *)arg);
-    return;
-}
-
-/*  _________________________________________________________________
-**
-**  High-Level Certificate / Private Key Loading
-**  _________________________________________________________________
-*/
-
-X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)())
-{
-    X509 *rc;
-    BIO *bioS;
-    BIO *bioF;
-
-    /* 1. try PEM (= DER+Base64+headers) */
-    rc = PEM_read_X509(fp, x509, cb, NULL);
-    if (rc == NULL) {
-        /* 2. try DER+Base64 */
-        fseek(fp, 0L, SEEK_SET);
-        if ((bioS = BIO_new(BIO_s_fd())) == NULL)
-            return NULL;
-        BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
-        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
-            BIO_free(bioS);
-            return NULL;
-        }
-        bioS = BIO_push(bioF, bioS);
-        rc = d2i_X509_bio(bioS, NULL);
-        BIO_free_all(bioS);
-        if (rc == NULL) {
-            /* 3. try plain DER */
-            fseek(fp, 0L, SEEK_SET);
-            if ((bioS = BIO_new(BIO_s_fd())) == NULL)
-                return NULL;
-            BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
-            rc = d2i_X509_bio(bioS, NULL);
-            BIO_free(bioS);
-        }
-    }
-    if (rc != NULL && x509 != NULL) {
-        if (*x509 != NULL)
-            X509_free(*x509);
-        *x509 = rc;
-    }
-    return rc;
-}
-
-EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)())
-{
-    EVP_PKEY *rc;
-    BIO *bioS;
-    BIO *bioF;
-
-    /* 1. try PEM (= DER+Base64+headers) */
-    rc = PEM_read_PrivateKey(fp, key, cb, NULL);
-    if (rc == NULL) {
-        /* 2. try DER+Base64 */
-        fseek(fp, 0L, SEEK_SET);
-        if ((bioS = BIO_new(BIO_s_fd())) == NULL)
-            return NULL;
-        BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
-        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
-            BIO_free(bioS);
-            return NULL;
-        }
-        bioS = BIO_push(bioF, bioS);
-        rc = d2i_PrivateKey_bio(bioS, NULL);
-        BIO_free_all(bioS);
-        if (rc == NULL) {
-            /* 3. try plain DER */
-            fseek(fp, 0L, SEEK_SET);
-            if ((bioS = BIO_new(BIO_s_fd())) == NULL)
-                return NULL;
-            BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
-            rc = d2i_PrivateKey_bio(bioS, NULL);
-            BIO_free(bioS);
-        }
-    }
-    if (rc != NULL && key != NULL) {
-        if (*key != NULL)
-            EVP_PKEY_free(*key);
-        *key = rc;
-    }
-    return rc;
-}
-
-/*  _________________________________________________________________
-**
-**  Smart shutdown
-**  _________________________________________________________________
-*/
-
-int SSL_smart_shutdown(SSL *ssl)
-{
-    int i;
-    int rc;
-
-    /*
-     * Repeat the calls, because SSL_shutdown internally dispatches through a
-     * little state machine. Usually only one or two interation should be
-     * needed, so we restrict the total number of restrictions in order to
-     * avoid process hangs in case the client played bad with the socket
-     * connection and OpenSSL cannot recognize it.
-     */
-    rc = 0;
-    for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
-        if ((rc = SSL_shutdown(ssl)))
-            break;
-    }
-    return rc;
-}
-
-/*  _________________________________________________________________
-**
-**  Certificate Revocation List (CRL) Storage
-**  _________________________________________________________________
-*/
-
-X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
-{
-    X509_STORE *pStore;
-    X509_LOOKUP *pLookup;
-
-    if (cpFile == NULL && cpPath == NULL)
-        return NULL;
-    if ((pStore = X509_STORE_new()) == NULL)
-        return NULL;
-    if (cpFile != NULL) {
-        if ((pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_file())) == NULL) {
-            X509_STORE_free(pStore);
-            return NULL;
-        }
-        X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
-    }
-    if (cpPath != NULL) {
-        if ((pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir())) == NULL) {
-            X509_STORE_free(pStore);
-            return NULL;
-        }
-        X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
-    }
-    return pStore;
-}
-
-int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType,
-                          X509_NAME *pName, X509_OBJECT *pObj)
-{
-    X509_STORE_CTX pStoreCtx;
-    int rc;
-
-    X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL);
-    rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj);
-    X509_STORE_CTX_cleanup(&pStoreCtx);
-    return rc;
-}
-
-/*  _________________________________________________________________
-**
-**  Cipher Suite Spec String Creation
-**  _________________________________________________________________
-*/
-
-char *SSL_make_ciphersuite(pool *p, SSL *ssl)
-{
-    STACK_OF(SSL_CIPHER) *sk;
-    SSL_CIPHER *c;
-    int i;
-    int l;
-    char *cpCipherSuite;
-    char *cp;
-
-    if (ssl == NULL) 
-        return "";
-    if ((sk = SSL_get_ciphers(ssl)) == NULL)
-        return "";
-    l = 0;
-    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-        c = sk_SSL_CIPHER_value(sk, i);
-        l += strlen(c->name)+2+1;
-    }
-    if (l == 0)
-        return "";
-    cpCipherSuite = (char *)ap_palloc(p, l+1);
-    cp = cpCipherSuite;
-    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-        c = sk_SSL_CIPHER_value(sk, i);
-        l = strlen(c->name);
-        memcpy(cp, c->name, l);
-        cp += l;
-        *cp++ = '/';
-        *cp++ = (c->valid == 1 ? '1' : '0');
-        *cp++ = ':';
-    }
-    *(cp-1) = NUL;
-    return cpCipherSuite;
-}
-
-/*  _________________________________________________________________
-**
-**  Certificate Checks
-**  _________________________________________________________________
-*/
-
-/* check whether cert contains extended key usage with a SGC tag */
-BOOL SSL_X509_isSGC(X509 *cert)
-{
-    X509_EXTENSION *ext;
-    int ext_nid;
-    STACK_OF(ASN1_OBJECT) *sk;
-    BOOL is_sgc;
-    int idx;
-    int i;
-    
-    is_sgc = FALSE;
-    idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
-    if (idx >= 0) {
-        ext = X509_get_ext(cert, idx);
-        if ((sk = (STACK_OF(ASN1_OBJECT)*) X509V3_EXT_d2i(ext)) != NULL) {
-            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
-                ext_nid = OBJ_obj2nid(sk_ASN1_OBJECT_value(sk, i));
-                if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
-                    is_sgc = TRUE;
-                    break;
-                }
-            }
-        }
-    }
-    return is_sgc;
-}
-
-/* retrieve basic constraints ingredients */
-BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
-{
-    X509_EXTENSION *ext;
-    BASIC_CONSTRAINTS *bc;
-    int idx;
-    BIGNUM *bn = NULL;
-    char *cp;
-    
-    if ((idx = X509_get_ext_by_NID(cert, NID_basic_constraints, -1)) < 0)
-        return FALSE;
-    ext = X509_get_ext(cert, idx);
-    if (ext == NULL)
-        return FALSE;
-    if ((bc = (BASIC_CONSTRAINTS *)X509V3_EXT_d2i(ext)) == NULL)
-        return FALSE;
-    *ca = bc->ca;
-    *pathlen = -1 /* unlimited */;
-    if (bc->pathlen != NULL) {
-        if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL)
-            return FALSE;
-        if ((cp = BN_bn2dec(bn)) == NULL)
-            return FALSE;
-        *pathlen = atoi(cp);
-        OPENSSL_free(cp);
-        BN_free(bn);
-    }
-    BASIC_CONSTRAINTS_free(bc);
-    return TRUE;
-}
-
-/* retrieve subject CommonName of certificate */
-BOOL SSL_X509_getCN(pool *p, X509 *xs, char **cppCN)
-{
-    X509_NAME *xsn;
-    X509_NAME_ENTRY *xsne;
-    int i, nid;
-
-    xsn = X509_get_subject_name(xs);
-    for (i = 0; i < sk_X509_NAME_ENTRY_num(xsn->entries); i++) {
-        xsne = sk_X509_NAME_ENTRY_value(xsn->entries, i);
-        nid = OBJ_obj2nid(xsne->object);
-        if (nid == NID_commonName) {
-            *cppCN = ap_palloc(p, xsne->value->length+1);
-            ap_cpystrn(*cppCN, (char *)xsne->value->data, xsne->value->length+1);
-            (*cppCN)[xsne->value->length] = NUL;
-            return TRUE;
-        }
-    }
-    return FALSE;
-}
-
-/*  _________________________________________________________________
-**
-**  Low-Level CA Certificate Loading
-**  _________________________________________________________________
-*/
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-
-BOOL SSL_load_CrtAndKeyInfo_file(pool *p, STACK_OF(X509_INFO) *sk, char *filename)
-{
-    BIO *in;
-
-    if ((in = BIO_new(BIO_s_file())) == NULL)
-        return FALSE;
-    if (BIO_read_filename(in, filename) <= 0) {
-        BIO_free(in);
-        return FALSE;
-    }
-    ERR_clear_error();
-    PEM_X509_INFO_read_bio(in, sk, NULL, NULL);
-    BIO_free(in);
-    return TRUE;
-}
-
-BOOL SSL_load_CrtAndKeyInfo_path(pool *p, STACK_OF(X509_INFO) *sk, char *pathname)
-{
-    struct stat st;
-    DIR *dir;
-    pool *sp;
-    struct dirent *nextent;
-    char *fullname;
-    BOOL ok;
-
-    sp = ap_make_sub_pool(p);
-    if ((dir = ap_popendir(sp, pathname)) == NULL) {
-        ap_destroy_pool(sp);
-        return FALSE;
-    }
-    ok = FALSE;
-    while ((nextent = readdir(dir)) != NULL) {
-        fullname = ap_pstrcat(sp, pathname, "/", nextent->d_name, NULL);
-        if (stat(fullname, &st) != 0)
-            continue;
-        if (!S_ISREG(st.st_mode))
-            continue;
-        if (SSL_load_CrtAndKeyInfo_file(sp, sk, fullname))
-            ok = TRUE;
-    }
-    ap_pclosedir(p, dir);
-    ap_destroy_pool(sp);
-    return ok;
-}              
-
-#endif /* SSL_EXPERIMENTAL_PROXY */
-
-/*  _________________________________________________________________
-**
-**  Extra Server Certificate Chain Support
-**  _________________________________________________________________
-*/
-
-/* 
- * Read a file that optionally contains the server certificate in PEM
- * format, possibly followed by a sequence of CA certificates that
- * should be sent to the peer in the SSL Certificate message.
- */
-int SSL_CTX_use_certificate_chain(
-    SSL_CTX *ctx, char *file, int skipfirst, int (*cb)())
-{
-    BIO *bio;
-    X509 *x509;
-    unsigned long err;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
-        return -1;
-    if (BIO_read_filename(bio, file) <= 0) {
-        BIO_free(bio);
-        return -1;
-    }
-    /* optionally skip a leading server certificate */
-    if (skipfirst) {
-        if ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) == NULL) {
-            BIO_free(bio);
-            return -1;
-        }
-        X509_free(x509);
-    }
-    /* free a perhaps already configured extra chain */
-    if (ctx->extra_certs != NULL) {
-        sk_X509_pop_free(ctx->extra_certs, X509_free);
-        ctx->extra_certs = NULL;
-    }
-    /* create new extra chain by loading the certs */
-    n = 0;
-    while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
-        if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) { 
-            X509_free(x509);
-            BIO_free(bio);
-            return -1;
-        }
-        n++;
-    }
-    /* Make sure that only the error is just an EOF */
-    if ((err = ERR_peek_error()) > 0) {
-        if (!(   ERR_GET_LIB(err) == ERR_LIB_PEM 
-              && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
-            BIO_free(bio);
-            return -1;
-        }
-        while (ERR_get_error() > 0) ;
-    }
-    BIO_free(bio);
-    return n;
-}
-
-/*  _________________________________________________________________
-**
-**  Session Stuff
-**  _________________________________________________________________
-*/
-
-char *SSL_SESSION_id2sz(unsigned char *id, int idlen)
-{
-    static char str[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2];
-    char *cp;
-    int n;
-
-    cp = str;
-    for (n = 0; n < idlen && n < SSL_MAX_SSL_SESSION_ID_LENGTH; n++) {
-        ap_snprintf(cp, sizeof(str)-(cp-str), "%02X", id[n]);
-        cp += strlen(cp);
-    }
-    *cp = NUL;
-    return str;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.h b/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.h
deleted file mode 100644
index 56c9a044186..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util_ssl.h
-**  Additional Utility Functions for OpenSSL
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#ifndef SSL_UTIL_SSL_H
-#define SSL_UTIL_SSL_H
-
-/*
- * Determine SSL library version number
- */
-#ifdef OPENSSL_VERSION_NUMBER
-#define SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
-#define SSL_LIBRARY_NAME    "OpenSSL"
-#define SSL_LIBRARY_TEXT    OPENSSL_VERSION_TEXT
-#else
-#define SSL_LIBRARY_VERSION 0x0000
-#define SSL_LIBRARY_NAME    "OtherSSL"
-#define SSL_LIBRARY_TEXT    "OtherSSL 0.0.0 00 XXX 0000"
-#endif
-
-/*
- * Support for retrieving/overriding states
- */
-#ifndef SSL_get_state
-#define SSL_get_state(ssl) SSL_state(ssl)
-#endif
-#define SSL_set_state(ssl,val) (ssl)->state = val
-
-/*
- * Backward compatibility.
- */
-#if SSL_LIBRARY_VERSION < 0x00906100
-#define OPENSSL_free free
-#endif
-
-/*
- *  Maximum length of a DER encoded session.
- *  FIXME: There is no define in OpenSSL, but OpenSSL uses 1024*10,
- *         so this value should be ok. Although we have no warm feeling.
- */
-#define SSL_SESSION_MAX_DER 1024*10
-
-/*  
- *  Additional Functions
- */
-int         SSL_get_app_data2_idx(void);
-void       *SSL_get_app_data2(SSL *);
-void        SSL_set_app_data2(SSL *, void *);
-X509       *SSL_read_X509(FILE *, X509 **, int (*)());
-EVP_PKEY   *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)());
-int         SSL_smart_shutdown(SSL *ssl);
-X509_STORE *SSL_X509_STORE_create(char *, char *);
-int         SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);
-char       *SSL_make_ciphersuite(pool *, SSL *);
-BOOL        SSL_X509_isSGC(X509 *);
-BOOL        SSL_X509_getBC(X509 *, int *, int *);
-BOOL        SSL_X509_getCN(pool *, X509 *, char **);
-#ifdef SSL_EXPERIMENTAL_PROXY
-BOOL        SSL_load_CrtAndKeyInfo_file(pool *, STACK_OF(X509_INFO) *, char *);
-BOOL        SSL_load_CrtAndKeyInfo_path(pool *, STACK_OF(X509_INFO) *, char *);
-#endif /* SSL_EXPERIMENTAL_PROXY */
-int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)());
-char       *SSL_SESSION_id2sz(unsigned char *, int);
-
-#endif /* SSL_UTIL_SSL_H */
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util_table.c b/usr.sbin/httpd/src/modules/ssl/ssl_util_table.c
deleted file mode 100644
index a9090bf47e9..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util_table.c
+++ /dev/null
@@ -1,2864 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util_table.c
-**  High Performance Hash Table Functions
-*/
-
-/* ====================================================================
- * Copyright (c) 1999-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/*
- * Generic hash table handler
- * Table 4.1.0 July-28-1998
- *
- * This library is a generic open hash table with buckets and
- * linked lists.  It is pretty high performance.  Each element
- * has a key and a data.  The user indexes on the key to find the
- * data.
- *
- * Copyright 1998 by Gray Watson <gray@letters.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose and without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies,
- * and that the name of Gray Watson not be used in advertising or
- * publicity pertaining to distribution of the document or software
- * without specific, written prior permission.
- *
- * Gray Watson makes no representations about the suitability of the
- * software described herein for any purpose.  It is provided "as is"
- * without express or implied warranty.
- *
- * Modified in March 1999 by Ralf S. Engelschall <rse@engelschall.com>
- * for use in the mod_ssl project:
- *   o merged table_loc.h header into table.c
- *   o removed fillproto-comments from table.h
- *   o removed mmap() support because it's too unportable
- *   o added support for MM library via ta_{malloc,calloc,realloc,free}
- */
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-/* forward definitions for table.h */
-typedef struct table_st table_t;
-typedef struct table_entry_st table_entry_t;
-
-#define TABLE_PRIVATE
-#include "ssl_util_table.h"
-
-/****************************** local defines ******************************/
-
-#ifndef BITSPERBYTE
-#define BITSPERBYTE     8
-#endif
-#ifndef BITS
-#define BITS(type)      (BITSPERBYTE * (int)sizeof(type))
-#endif
-
-#define TABLE_MAGIC     0xBADF00D       /* very magic magicness */
-#define LINEAR_MAGIC    0xAD00D00       /* magic value for linear struct */
-#define DEFAULT_SIZE    1024    /* default table size */
-#define MAX_ALIGNMENT   128     /* max alignment value */
-#define MAX_SORT_SPLITS 128     /* qsort can handle 2^128 entries */
-
-/* returns 1 when we should grow or shrink the table */
-#define SHOULD_TABLE_GROW(tab)  ((tab)->ta_entry_n > (tab)->ta_bucket_n * 2)
-#define SHOULD_TABLE_SHRINK(tab) ((tab)->ta_entry_n < (tab)->ta_bucket_n / 2)
-
-/*
- * void HASH_MIX
- *
- * DESCRIPTION:
- *
- * Mix 3 32-bit values reversibly.  For every delta with one or two bits
- * set, and the deltas of all three high bits or all three low bits,
- * whether the original value of a,b,c is almost all zero or is
- * uniformly distributed.
- *
- * If HASH_MIX() is run forward or backward, at least 32 bits in a,b,c
- * have at least 1/4 probability of changing.  If mix() is run
- * forward, every bit of c will change between 1/3 and 2/3 of the
- * time.  (Well, 22/100 and 78/100 for some 2-bit deltas.)
- *
- * HASH_MIX() takes 36 machine instructions, but only 18 cycles on a
- * superscalar machine (like a Pentium or a Sparc).  No faster mixer
- * seems to work, that's the result of my brute-force search.  There
- * were about 2^68 hashes to choose from.  I only tested about a
- * billion of those.
- */
-#define HASH_MIX(a, b, c) \
- do { \
-   a -= b; a -= c; a ^= (c >> 13); \
-   b -= c; b -= a; b ^= (a << 8); \
-   c -= a; c -= b; c ^= (b >> 13); \
-   a -= b; a -= c; a ^= (c >> 12); \
-   b -= c; b -= a; b ^= (a << 16); \
-   c -= a; c -= b; c ^= (b >> 5); \
-   a -= b; a -= c; a ^= (c >> 3); \
-   b -= c; b -= a; b ^= (a << 10); \
-   c -= a; c -= b; c ^= (b >> 15); \
- } while(0)
-
-#define TABLE_POINTER(table, type, pnt)         (pnt)
-
-/*
- * Macros to get at the key and the data pointers
- */
-#define ENTRY_KEY_BUF(entry_p)          ((entry_p)->te_key_buf)
-#define ENTRY_DATA_BUF(tab_p, entry_p)  \
-     (ENTRY_KEY_BUF(entry_p) + (entry_p)->te_key_size)
-
-/*
- * Table structures...
- */
-
-/*
- * HACK: this should be equiv as the table_entry_t without the key_buf
- * char.  We use this with the ENTRY_SIZE() macro above which solves
- * the problem with the lack of the [0] GNU hack.  We use the
- * table_entry_t structure to better map the memory and make things
- * faster.
- */
-typedef struct table_shell_st {
-    unsigned int te_key_size;   /* size of data */
-    unsigned int te_data_size;  /* size of data */
-    struct table_shell_st *te_next_p;   /* pointer to next in the list */
-    /* NOTE: this does not have the te_key_buf field here */
-} table_shell_t;
-
-/*
- * Elements in the bucket linked-lists.  The key[1] is the start of
- * the key with the rest of the key and all of the data information
- * packed in memory directly after the end of this structure.
- *
- * NOTE: if this structure is changed, the table_shell_t must be changed
- * to match.
- */
-struct table_entry_st {
-    unsigned int te_key_size;   /* size of data */
-    unsigned int te_data_size;  /* size of data */
-    struct table_entry_st *te_next_p;   /* pointer to next in the list */
-    unsigned char te_key_buf[1];        /* 1st byte of key buf */
-};
-
-/* external structure for debuggers be able to see void */
-typedef table_entry_t table_entry_ext_t;
-
-/* main table structure */
-struct table_st {
-    unsigned int ta_magic;      /* magic number */
-    unsigned int ta_flags;      /* table's flags defined in table.h */
-    unsigned int ta_bucket_n;   /* num of buckets, should be 2^X */
-    unsigned int ta_entry_n;    /* num of entries in all buckets */
-    unsigned int ta_data_align; /* data alignment value */
-    table_entry_t **ta_buckets; /* array of linked lists */
-    table_linear_t ta_linear;   /* linear tracking */
-    unsigned long ta_file_size; /* size of on-disk space */
-    void *(*ta_malloc)(size_t size);
-    void *(*ta_calloc)(size_t number, size_t size);
-    void *(*ta_realloc)(void *ptr, size_t size);
-    void (*ta_free)(void *ptr);
-};
-
-/* external table structure for debuggers */
-typedef table_t table_ext_t;
-
-/* local comparison functions */
-typedef int (*compare_t) (const void *element1_p, const void *element2_p,
-                          table_compare_t user_compare,
-                          const table_t * table_p);
-
-/*
- * to map error to string
- */
-typedef struct {
-    int es_error;               /* error number */
-    char *es_string;            /* assocaited string */
-} error_str_t;
-
-static error_str_t errors[] =
-{
-    {TABLE_ERROR_NONE, "no error"},
-    {TABLE_ERROR_PNT, "invalid table pointer"},
-    {TABLE_ERROR_ARG_NULL, "buffer argument is null"},
-    {TABLE_ERROR_SIZE, "incorrect size argument"},
-    {TABLE_ERROR_OVERWRITE, "key exists and no overwrite"},
-    {TABLE_ERROR_NOT_FOUND, "key does not exist"},
-    {TABLE_ERROR_ALLOC, "error allocating memory"},
-    {TABLE_ERROR_LINEAR, "linear access not in progress"},
-    {TABLE_ERROR_OPEN, "could not open file"},
-    {TABLE_ERROR_SEEK, "could not seek to position in file"},
-    {TABLE_ERROR_READ, "could not read from file"},
-    {TABLE_ERROR_WRITE, "could not write to file"},
-    {TABLE_ERROR_EMPTY, "table is empty"},
-    {TABLE_ERROR_NOT_EMPTY, "table contains data"},
-    {TABLE_ERROR_ALIGNMENT, "invalid alignment value"},
-    {0}
-};
-
-#define INVALID_ERROR   "invalid error code"
-
-/****************************** local functions ******************************/
-
-/*
- * static table_entry_t *first_entry
- *
- * DESCRIPTION:
- *
- * Return the first entry in the table.  It will set the linear
- * structure counter to the position of the first entry.
- *
- * RETURNS:
- *
- * Success: A pointer to the first entry in the table.
- *
- * Failure: NULL if there is no first entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table whose next entry we are finding.
- *
- * linear_p - Pointer to a linear structure which we will advance and
- * then find the corresponding entry.
- */
-static table_entry_t *first_entry(table_t * table_p,
-                                  table_linear_t * linear_p)
-{
-    table_entry_t *entry_p;
-    unsigned int bucket_c = 0;
-
-    /* look for the first non-empty bucket */
-    for (bucket_c = 0; bucket_c < table_p->ta_bucket_n; bucket_c++) {
-        entry_p = table_p->ta_buckets[bucket_c];
-        if (entry_p != NULL) {
-            if (linear_p != NULL) {
-                linear_p->tl_bucket_c = bucket_c;
-                linear_p->tl_entry_c = 0;
-            }
-            return TABLE_POINTER(table_p, table_entry_t *, entry_p);
-        }
-    }
-
-    return NULL;
-}
-
-/*
- * static table_entry_t *next_entry
- *
- * DESCRIPTION:
- *
- * Return the next entry in the table which is past the position in
- * our linear pointer.  It will advance the linear structure counters.
- *
- * RETURNS:
- *
- * Success: A pointer to the next entry in the table.
- *
- * Failure: NULL.
- *
- * ARGUMENTS:
- *
- * table_p - Table whose next entry we are finding.
- *
- * linear_p - Pointer to a linear structure which we will advance and
- * then find the corresponding entry.
- *
- * error_p - Pointer to an integer which when the routine returns will
- * contain a table error code.
- */
-static table_entry_t *next_entry(table_t * table_p, table_linear_t * linear_p,
-                                 int *error_p)
-{
-    table_entry_t *entry_p;
-    int entry_c;
-
-    /* can't next if we haven't first-ed */
-    if (linear_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_LINEAR;
-        return NULL;
-    }
-
-    if (linear_p->tl_bucket_c >= table_p->ta_bucket_n) {
-        /*
-         * NOTE: this might happen if we delete an item which shortens the
-         * table bucket numbers.
-         */
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_NOT_FOUND;
-        return NULL;
-    }
-
-    linear_p->tl_entry_c++;
-
-    /* find the entry which is the nth in the list */
-    entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
-    /* NOTE: we swap the order here to be more efficient */
-    for (entry_c = linear_p->tl_entry_c; entry_c > 0; entry_c--) {
-        /* did we reach the end of the list? */
-        if (entry_p == NULL)
-            break;
-        entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p)->te_next_p;
-    }
-
-    /* did we find an entry in the current bucket? */
-    if (entry_p != NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_NONE;
-        return TABLE_POINTER(table_p, table_entry_t *, entry_p);
-    }
-
-    /* find the first entry in the next non-empty bucket */
-
-    linear_p->tl_entry_c = 0;
-    for (linear_p->tl_bucket_c++; linear_p->tl_bucket_c < table_p->ta_bucket_n;
-         linear_p->tl_bucket_c++) {
-        entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
-        if (entry_p != NULL) {
-            if (error_p != NULL)
-                *error_p = TABLE_ERROR_NONE;
-            return TABLE_POINTER(table_p, table_entry_t *, entry_p);
-        }
-    }
-
-    if (error_p != NULL)
-        *error_p = TABLE_ERROR_NOT_FOUND;
-    return NULL;
-}
-
-/*
- * static unsigned int hash
- *
- * DESCRIPTION:
- *
- * Hash a variable-length key into a 32-bit value.  Every bit of the
- * key affects every bit of the return value.  Every 1-bit and 2-bit
- * delta achieves avalanche.  About (6 * len + 35) instructions.  The
- * best hash table sizes are powers of 2.  There is no need to use mod
- * (sooo slow!).  If you need less than 32 bits, use a bitmask.  For
- * example, if you need only 10 bits, do h = (h & hashmask(10)); In
- * which case, the hash table should have hashsize(10) elements.
- *
- * By Bob Jenkins, 1996.  bob_jenkins@compuserve.com.  You may use
- * this code any way you wish, private, educational, or commercial.
- * It's free.  See
- * http://ourworld.compuserve.com/homepages/bob_jenkins/evahash.htm
- * Use for hash table lookup, or anything where one collision in 2^^32
- * is acceptable.  Do NOT use for cryptographic purposes.
- *
- * RETURNS:
- *
- * Returns a 32-bit hash value.
- *
- * ARGUMENTS:
- *
- * key - Key (the unaligned variable-length array of bytes) that we
- * are hashing.
- *
- * length - Length of the key in bytes.
- *
- * init_val - Initialization value of the hash if you need to hash a
- * number of strings together.  For instance, if you are hashing N
- * strings (unsigned char **)keys, do it like this:
- *
- * for (i=0, h=0; i<N; ++i) h = hash( keys[i], len[i], h);
- */
-static unsigned int hash(const unsigned char *key,
-                         const unsigned int length,
-                         const unsigned int init_val)
-{
-    const unsigned char *key_p = key;
-    unsigned int a, b, c, len;
-
-    /* set up the internal state */
-    a = 0x9e3779b9;             /* the golden ratio; an arbitrary value */
-    b = 0x9e3779b9;
-    c = init_val;               /* the previous hash value */
-
-    /* handle most of the key */
-    for (len = length; len >= 12; len -= 12) {
-        a += (key_p[0]
-              + ((unsigned long) key_p[1] << 8)
-              + ((unsigned long) key_p[2] << 16)
-              + ((unsigned long) key_p[3] << 24));
-        b += (key_p[4]
-              + ((unsigned long) key_p[5] << 8)
-              + ((unsigned long) key_p[6] << 16)
-              + ((unsigned long) key_p[7] << 24));
-        c += (key_p[8]
-              + ((unsigned long) key_p[9] << 8)
-              + ((unsigned long) key_p[10] << 16)
-              + ((unsigned long) key_p[11] << 24));
-        HASH_MIX(a, b, c);
-        key_p += 12;
-    }
-
-    c += length;
-
-    /* all the case statements fall through to the next */
-    switch (len) {
-    case 11:
-        c += ((unsigned long) key_p[10] << 24);
-    case 10:
-        c += ((unsigned long) key_p[9] << 16);
-    case 9:
-        c += ((unsigned long) key_p[8] << 8);
-        /* the first byte of c is reserved for the length */
-    case 8:
-        b += ((unsigned long) key_p[7] << 24);
-    case 7:
-        b += ((unsigned long) key_p[6] << 16);
-    case 6:
-        b += ((unsigned long) key_p[5] << 8);
-    case 5:
-        b += key_p[4];
-    case 4:
-        a += ((unsigned long) key_p[3] << 24);
-    case 3:
-        a += ((unsigned long) key_p[2] << 16);
-    case 2:
-        a += ((unsigned long) key_p[1] << 8);
-    case 1:
-        a += key_p[0];
-        /* case 0: nothing left to add */
-    }
-    HASH_MIX(a, b, c);
-
-    return c;
-}
-
-/*
- * static int entry_size
- *
- * DESCRIPTION:
- *
- * Calculates the appropriate size of an entry to include the key and
- * data sizes as well as any associated alignment to the data.
- *
- * RETURNS:
- *
- * The associated size of the entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table associated with the entries whose size we are
- * determining.
- *
- * key_size - Size of the entry key.
- *
- * data - Size of the entry data.
- */
-static int entry_size(const table_t * table_p, const unsigned int key_size,
-                      const unsigned int data_size)
-{
-    int size, left;
-
-    /* initial size -- key is already aligned if right after struct */
-    size = sizeof(struct table_shell_st) + key_size;
-
-    /* if there is no alignment then it is easy */
-    if (table_p->ta_data_align == 0)
-        return size + data_size;
-    /* add in our alignement */
-    left = size & (table_p->ta_data_align - 1);
-    if (left > 0)
-        size += table_p->ta_data_align - left;
-    /* we add the data size here after the alignment */
-    size += data_size;
-
-    return size;
-}
-
-/*
- * static unsigned char *entry_data_buf
- *
- * DESCRIPTION:
- *
- * Companion to the ENTRY_DATA_BUF macro but this handles any
- * associated alignment to the data in the entry.
- *
- * RETURNS:
- *
- * Pointer to the data segment of the entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table associated with the entry.
- *
- * entry_p - Entry whose data pointer we are determining.
- */
-static unsigned char *entry_data_buf(const table_t * table_p,
-                                     const table_entry_t * entry_p)
-{
-    const unsigned char *buf_p;
-    int size, pad;
-
-    buf_p = entry_p->te_key_buf + entry_p->te_key_size;
-
-    /* if there is no alignment then it is easy */
-    if (table_p->ta_data_align == 0)
-        return (unsigned char *) buf_p;
-    /* we need the size of the space before the data */
-    size = sizeof(struct table_shell_st) + entry_p->te_key_size;
-
-    /* add in our alignment */
-    pad = size & (table_p->ta_data_align - 1);
-    if (pad > 0)
-        pad = table_p->ta_data_align - pad;
-    return (unsigned char *) buf_p + pad;
-}
-
-/******************************* sort routines *******************************/
-
-/*
- * static int our_compare
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * compare - User comparison function.  Ignored.
- *
- * table_p - Associated table being ordered.  Ignored.
- */
-static int local_compare(const void *p1, const void *p2,
-                         table_compare_t compare, const table_t * table_p)
-{
-    const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
-    int cmp;
-    unsigned int size;
-
-    /* compare as many bytes as we can */
-    size = (*ent1_p)->te_key_size;
-    if ((*ent2_p)->te_key_size < size)
-        size = (*ent2_p)->te_key_size;
-    cmp = memcmp(ENTRY_KEY_BUF(*ent1_p), ENTRY_KEY_BUF(*ent2_p), size);
-    /* if common-size equal, then if next more bytes, it is larger */
-    if (cmp == 0)
-        cmp = (*ent1_p)->te_key_size - (*ent2_p)->te_key_size;
-    return cmp;
-}
-
-/*
- * static int external_compare
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * user_compare - User comparison function.
- *
- * table_p - Associated table being ordered.
- */
-static int external_compare(const void *p1, const void *p2,
-                            table_compare_t user_compare,
-                            const table_t * table_p)
-{
-    const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
-    /* since we know we are not aligned we can use the EXTRY_DATA_BUF macro */
-    return user_compare(ENTRY_KEY_BUF(*ent1_p), (*ent1_p)->te_key_size,
-                        ENTRY_DATA_BUF(table_p, *ent1_p),
-                        (*ent1_p)->te_data_size,
-                        ENTRY_KEY_BUF(*ent2_p), (*ent2_p)->te_key_size,
-                        ENTRY_DATA_BUF(table_p, *ent2_p),
-                        (*ent2_p)->te_data_size);
-}
-
-/*
- * static int external_compare_align
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp.  Alignment information is necessary.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * user_compare - User comparison function.
- *
- * table_p - Associated table being ordered.
- */
-static int external_compare_align(const void *p1, const void *p2,
-                                  table_compare_t user_compare,
-                                  const table_t * table_p)
-{
-    const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
-    /* since we are aligned we have to use the entry_data_buf function */
-    return user_compare(ENTRY_KEY_BUF(*ent1_p), (*ent1_p)->te_key_size,
-                        entry_data_buf(table_p, *ent1_p),
-                        (*ent1_p)->te_data_size,
-                        ENTRY_KEY_BUF(*ent2_p), (*ent2_p)->te_key_size,
-                        entry_data_buf(table_p, *ent2_p),
-                        (*ent2_p)->te_data_size);
-}
-
-/*
- * static void split
- *
- * DESCRIPTION:
- *
- * This sorts an array of longs via the quick sort algorithm (it's
- * pretty quick)
- *
- * RETURNS:
- *
- * None.
- *
- * ARGUMENTS:
- *
- * first_p - Start of the list that we are splitting.
- *
- * last_p - Last entry in the list that we are splitting.
- *
- * compare - Comparison function which is handling the actual
- * elements.  This is either a local function or a function to setup
- * the problem element key and data pointers which then hands off to
- * the user function.
- *
- * user_compare - User comparison function.  Could be NULL if we are
- * just using a local comparison function.
- *
- * table_p - Associated table being sorted.
- */
-static void split(void *first_p, void *last_p, compare_t compare,
-                  table_compare_t user_compare, table_t * table_p)
-{
-    void *pivot_p, *left_p, *right_p, *left_last_p, *right_first_p;
-    void *firsts[MAX_SORT_SPLITS], *lasts[MAX_SORT_SPLITS];
-    int split_c = 0;
-
-    for (;;) {
-
-        /* no need to split the list if it is < 2 elements */
-        while (first_p >= last_p) {
-            if (split_c == 0) {
-                /* we are done */
-                return;
-            }
-            split_c--;
-            first_p = firsts[split_c];
-            last_p = lasts[split_c];
-        }
-
-        left_p = first_p;
-        right_p = last_p;
-        pivot_p = first_p;
-
-        do {
-            /* scan from right hand side */
-            while (right_p > left_p
-                   && compare(right_p, pivot_p, user_compare, table_p) > 0)
-                right_p = (char *) right_p - sizeof(table_entry_t *);
-            /* scan from left hand side */
-            while (right_p > left_p
-                   && compare(pivot_p, left_p, user_compare, table_p) >= 0)
-                left_p = (char *) left_p + sizeof(table_entry_t *);
-            /* if the pointers haven't met then swap values */
-            if (right_p > left_p) {
-                /* swap_bytes(left_p, right_p) */
-                table_entry_t *temp;
-
-                temp = *(table_entry_t **) left_p;
-                *(table_entry_t **) left_p = *(table_entry_t **) right_p;
-                *(table_entry_t **) right_p = temp;
-            }
-        } while (right_p > left_p);
-
-        /* now we swap the pivot with the right-hand side */
-        {
-            /* swap_bytes(pivot_p, right_p); */
-            table_entry_t *temp;
-
-            temp = *(table_entry_t **) pivot_p;
-            *(table_entry_t **) pivot_p = *(table_entry_t **) right_p;
-            *(table_entry_t **) right_p = temp;
-        }
-        pivot_p = right_p;
-
-        /* save the section to the right of the pivot in our stack */
-        right_first_p = (char *) pivot_p + sizeof(table_entry_t *);
-        left_last_p = (char *) pivot_p - sizeof(table_entry_t *);
-
-        /* do we need to save the righthand side? */
-        if (right_first_p < last_p) {
-            if (split_c >= MAX_SORT_SPLITS) {
-                /* sanity check here -- we should never get here */
-                abort();
-            }
-            firsts[split_c] = right_first_p;
-            lasts[split_c] = last_p;
-            split_c++;
-        }
-
-        /* do the left hand side of the pivot */
-        /* first_p = first_p */
-        last_p = left_last_p;
-    }
-}
-
-/*************************** exported routines *******************************/
-
-/*
- * table_t *table_alloc
- *
- * DESCRIPTION:
- *
- * Allocate a new table structure.
- *
- * RETURNS:
- *
- * A pointer to the new table structure which must be passed to
- * table_free to be deallocated.  On error a NULL is returned.
- *
- * ARGUMENTS:
- *
- * bucket_n - Number of buckets for the hash table.  Our current hash
- * value works best with base two numbers.  Set to 0 to take the
- * library default of 1024.
- *
- * error_p - Pointer to an integer which, if not NULL, will contain a
- * table error code.
- *
- * malloc_f, realloc_f, free_f - Pointers to malloc(3)-, realloc(3)-
- * and free(3)-style functions.
- */
-table_t *table_alloc(const unsigned int bucket_n, int *error_p,
-                     void *(*malloc_f)(size_t size),
-                     void *(*calloc_f)(size_t number, size_t size),
-                     void *(*realloc_f)(void *ptr, size_t size),
-                     void (*free_f)(void *ptr))
-{
-    table_t *table_p = NULL;
-    unsigned int buck_n;
-
-    /* allocate a table structure */
-    if (malloc_f != NULL)
-        table_p = malloc_f(sizeof(table_t));
-    else
-        table_p = malloc(sizeof(table_t));
-    if (table_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        return NULL;
-    }
-
-    if (bucket_n > 0)
-        buck_n = bucket_n;
-    else
-        buck_n = DEFAULT_SIZE;
-    /* allocate the buckets which are NULLed */
-    if (calloc_f != NULL)
-        table_p->ta_buckets = (table_entry_t **)calloc_f(buck_n, sizeof(table_entry_t *));
-    else
-        table_p->ta_buckets = (table_entry_t **)calloc(buck_n, sizeof(table_entry_t *));
-    if (table_p->ta_buckets == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        if (free_f != NULL)
-            free_f(table_p);
-        else
-            free(table_p);
-        return NULL;
-    }
-
-    /* initialize structure */
-    table_p->ta_magic = TABLE_MAGIC;
-    table_p->ta_flags = 0;
-    table_p->ta_bucket_n = buck_n;
-    table_p->ta_entry_n = 0;
-    table_p->ta_data_align = 0;
-    table_p->ta_linear.tl_magic = 0;
-    table_p->ta_linear.tl_bucket_c = 0;
-    table_p->ta_linear.tl_entry_c = 0;
-    table_p->ta_file_size = 0;
-    table_p->ta_malloc  = malloc_f  != NULL ? malloc_f  : malloc;
-    table_p->ta_calloc  = calloc_f  != NULL ? calloc_f  : calloc;
-    table_p->ta_realloc = realloc_f != NULL ? realloc_f : realloc;
-    table_p->ta_free    = free_f    != NULL ? free_f    : free;
-
-    if (error_p != NULL)
-        *error_p = TABLE_ERROR_NONE;
-    return table_p;
-}
-
-/*
- * int table_attr
- *
- * DESCRIPTION:
- *
- * Set the attributes for the table.  The available attributes are
- * specified at the top of table.h.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to a table structure which we will be altering.
- *
- * attr - Attribute(s) that we will be applying to the table.
- */
-int table_attr(table_t * table_p, const int attr)
-{
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    table_p->ta_flags = attr;
-
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_set_data_alignment
- *
- * DESCRIPTION:
- *
- * Set the alignment for the data in the table.  For data elements
- * sizeof(long) is recommended unless you use smaller data types
- * exclusively.
- *
- * WARNING: This must be done before any data gets put into the table.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to a table structure which we will be altering.
- *
- * alignment - Alignment requested for the data.  Must be a power of
- * 2.  Set to 0 for none.
- */
-int table_set_data_alignment(table_t * table_p, const int alignment)
-{
-    int val;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (table_p->ta_entry_n > 0)
-        return TABLE_ERROR_NOT_EMPTY;
-    /* defaults */
-    if (alignment < 2)
-        table_p->ta_data_align = 0;
-    else {
-        /* verify we have a base 2 number */
-        for (val = 2; val < MAX_ALIGNMENT; val *= 2) {
-            if (val == alignment)
-                break;
-        }
-        if (val >= MAX_ALIGNMENT)
-            return TABLE_ERROR_ALIGNMENT;
-        table_p->ta_data_align = alignment;
-    }
-
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_clear
- *
- * DESCRIPTION:
- *
- * Clear out and free all elements in a table structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer that we will be clearing.
- */
-int table_clear(table_t * table_p)
-{
-    table_entry_t *entry_p, *next_p;
-    table_entry_t **bucket_p, **bounds_p;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    /* free the table allocation and table structure */
-    bounds_p = table_p->ta_buckets + table_p->ta_bucket_n;
-    for (bucket_p = table_p->ta_buckets; bucket_p < bounds_p; bucket_p++) {
-        for (entry_p = *bucket_p; entry_p != NULL; entry_p = next_p) {
-            /* record the next pointer before we free */
-            next_p = entry_p->te_next_p;
-            table_p->ta_free(entry_p);
-        }
-
-        /* clear the bucket entry after we free its entries */
-        *bucket_p = NULL;
-    }
-
-    /* reset table state info */
-    table_p->ta_entry_n = 0;
-    table_p->ta_linear.tl_magic = 0;
-    table_p->ta_linear.tl_bucket_c = 0;
-    table_p->ta_linear.tl_entry_c = 0;
-
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_free
- *
- * DESCRIPTION:
- *
- * Deallocates a table structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer that we will be freeing.
- */
-int table_free(table_t * table_p)
-{
-    int ret;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    ret = table_clear(table_p);
-
-    if (table_p->ta_buckets != NULL)
-        table_p->ta_free(table_p->ta_buckets);
-    table_p->ta_magic = 0;
-    table_p->ta_free(table_p);
-
-    return ret;
-}
-
-/*
- * int table_insert_kd
- *
- * DESCRIPTION:
- *
- * Like table_insert except it passes back a pointer to the key and
- * the data buffers after they have been inserted into the table
- * structure.
- *
- * This routine adds a key/data pair both of which are made up of a
- * buffer of bytes and an associated size.  Both the key and the data
- * will be copied into buffers allocated inside the table.  If the key
- * exists already, the associated data will be replaced if the
- * overwrite flag is set, otherwise an error is returned.
- *
- * NOTE: be very careful changing the values since the table library
- * provides the pointers to its memory.  The key can _never_ be
- * changed otherwise you will not find it again.  The data can be
- * changed but its length can never be altered unless you delete and
- * re-insert it into the table.
- *
- * WARNING: The pointers to the key and data are not in any specific
- * alignment.  Accessing the key and/or data as an short, integer, or
- * long pointer directly can cause problems.
- *
- * WARNING: Replacing a data cell (not inserting) will cause the table
- * linked list to be temporarily invalid.  Care must be taken with
- * multiple threaded programs which are relying on the first/next
- * linked list to be always valid.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be inserting a
- * new key/data pair.
- *
- * key_buf - Buffer of bytes of the key that we are inserting.  If you
- * are storing an (int) as the key (for example) then key_buf should
- * be a (int *).
- *
- * key_size - Size of the key_buf buffer.  If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'.  If you
- * are storing an (int) as the key (for example) then key_size should
- * be sizeof(int).
- *
- * data_buf - Buffer of bytes of the data that we are inserting.  If
- * it is NULL then the library will allocate space for the data in the
- * table without copying in any information.  If data_buf is NULL and
- * data_size is 0 then the library will associate a NULL data pointer
- * with the key.  If you are storing a (long) as the data (for
- * example) then data_buf should be a (long *).
- *
- * data_size - Size of the data_buf buffer.  If set to < 0 then the
- * library will do a strlen of data_buf and add 1 for the '\0'.  If
- * you are storing an (long) as the key (for example) then key_size
- * should be sizeof(long).
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the key storage that was allocated in the table.  If you are
- * storing an (int) as the key (for example) then key_buf_p should be
- * (int **) i.e. the address of a (int *).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table.  If you are
- * storing an (long) as the data (for example) then data_buf_p should
- * be (long **) i.e. the address of a (long *).
- *
- * overwrite - Flag which, if set to 1, will allow the overwriting of
- * the data in the table with the new data if the key already exists
- * in the table.
- */
-int table_insert_kd(table_t * table_p,
-                    const void *key_buf, const int key_size,
-                    const void *data_buf, const int data_size,
-                    void **key_buf_p, void **data_buf_p,
-                    const char overwrite_b)
-{
-    int bucket;
-    unsigned int ksize, dsize;
-    table_entry_t *entry_p, *last_p;
-    void *key_copy_p, *data_copy_p;
-
-    /* check the arguments */
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (key_buf == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    /* data_buf can be null but size must be >= 0, if it isn't null size != 0 */
-    if ((data_buf == NULL && data_size < 0)
-        || (data_buf != NULL && data_size == 0))
-        return TABLE_ERROR_SIZE;
-    /* determine sizes of key and data */
-    if (key_size < 0)
-        ksize = strlen((char *) key_buf) + sizeof(char);
-    else
-        ksize = key_size;
-    if (data_size < 0)
-        dsize = strlen((char *) data_buf) + sizeof(char);
-    else
-        dsize = data_size;
-    /* get the bucket number via a hash function */
-    bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
-    /* look for the entry in this bucket, only check keys of the same size */
-    last_p = NULL;
-    for (entry_p = table_p->ta_buckets[bucket];
-         entry_p != NULL;
-         last_p = entry_p, entry_p = entry_p->te_next_p) {
-        if (entry_p->te_key_size == ksize
-            && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
-            break;
-    }
-
-    /* did we find it?  then we are in replace mode. */
-    if (entry_p != NULL) {
-
-        /* can we not overwrite existing data? */
-        if (!overwrite_b) {
-            if (key_buf_p != NULL)
-                *key_buf_p = ENTRY_KEY_BUF(entry_p);
-            if (data_buf_p != NULL) {
-                if (entry_p->te_data_size == 0)
-                    *data_buf_p = NULL;
-                else {
-                    if (table_p->ta_data_align == 0)
-                        *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-                    else
-                        *data_buf_p = entry_data_buf(table_p, entry_p);
-                }
-            }
-            return TABLE_ERROR_OVERWRITE;
-        }
-
-        /* re-alloc entry's data if the new size != the old */
-        if (dsize != entry_p->te_data_size) {
-
-            /*
-             * First we delete it from the list to keep the list whole.
-             * This properly preserves the linked list in case we have a
-             * thread marching through the linked list while we are
-             * inserting.  Maybe this is an unnecessary protection but it
-             * should not harm that much.
-             */
-            if (last_p == NULL)
-                table_p->ta_buckets[bucket] = entry_p->te_next_p;
-            else
-                last_p->te_next_p = entry_p->te_next_p;
-            /*
-             * Realloc the structure which may change its pointer. NOTE:
-             * this may change any previous data_key_p and data_copy_p
-             * pointers.
-             */
-            entry_p = (table_entry_t *) table_p->ta_realloc(entry_p,
-                                                entry_size(table_p,
-                                                       entry_p->te_key_size,
-                                                           dsize));
-            if (entry_p == NULL)
-                return TABLE_ERROR_ALLOC;
-            /* add it back to the front of the list */
-            entry_p->te_data_size = dsize;
-            entry_p->te_next_p = table_p->ta_buckets[bucket];
-            table_p->ta_buckets[bucket] = entry_p;
-        }
-
-        /* copy or replace data in storage */
-        if (dsize > 0) {
-            if (table_p->ta_data_align == 0)
-                data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                data_copy_p = entry_data_buf(table_p, entry_p);
-            if (data_buf != NULL)
-                memcpy(data_copy_p, data_buf, dsize);
-        }
-        else
-            data_copy_p = NULL;
-        if (key_buf_p != NULL)
-            *key_buf_p = ENTRY_KEY_BUF(entry_p);
-        if (data_buf_p != NULL)
-            *data_buf_p = data_copy_p;
-        /* returning from the section where we were overwriting table data */
-        return TABLE_ERROR_NONE;
-    }
-
-    /*
-     * It is a new entry.
-     */
-
-    /* allocate a new entry */
-    entry_p = (table_entry_t *) table_p->ta_malloc(entry_size(table_p, ksize, dsize));
-    if (entry_p == NULL)
-        return TABLE_ERROR_ALLOC;
-    /* copy key into storage */
-    entry_p->te_key_size = ksize;
-    key_copy_p = ENTRY_KEY_BUF(entry_p);
-    memcpy(key_copy_p, key_buf, ksize);
-
-    /* copy data in */
-    entry_p->te_data_size = dsize;
-    if (dsize > 0) {
-        if (table_p->ta_data_align == 0)
-            data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
-        else
-            data_copy_p = entry_data_buf(table_p, entry_p);
-        if (data_buf != NULL)
-            memcpy(data_copy_p, data_buf, dsize);
-    }
-    else
-        data_copy_p = NULL;
-    if (key_buf_p != NULL)
-        *key_buf_p = key_copy_p;
-    if (data_buf_p != NULL)
-        *data_buf_p = data_copy_p;
-    /* insert into list, no need to append */
-    entry_p->te_next_p = table_p->ta_buckets[bucket];
-    table_p->ta_buckets[bucket] = entry_p;
-
-    table_p->ta_entry_n++;
-
-    /* do we need auto-adjust? */
-    if (table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST
-        && SHOULD_TABLE_GROW(table_p))
-        return table_adjust(table_p, table_p->ta_entry_n);
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_insert
- *
- * DESCRIPTION:
- *
- * Exactly the same as table_insert_kd except it does not pass back a
- * pointer to the key after they have been inserted into the table
- * structure.  This is still here for backwards compatibility.
- *
- * See table_insert_kd for more information.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be inserting a
- * new key/data pair.
- *
- * key_buf - Buffer of bytes of the key that we are inserting.  If you
- * are storing an (int) as the key (for example) then key_buf should
- * be a (int *).
- *
- * key_size - Size of the key_buf buffer.  If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'.  If you
- * are storing an (int) as the key (for example) then key_size should
- * be sizeof(int).
- *
- * data_buf - Buffer of bytes of the data that we are inserting.  If
- * it is NULL then the library will allocate space for the data in the
- * table without copying in any information.  If data_buf is NULL and
- * data_size is 0 then the library will associate a NULL data pointer
- * with the key.  If you are storing a (long) as the data (for
- * example) then data_buf should be a (long *).
- *
- * data_size - Size of the data_buf buffer.  If set to < 0 then the
- * library will do a strlen of data_buf and add 1 for the '\0'.  If
- * you are storing an (long) as the key (for example) then key_size
- * should be sizeof(long).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table.  If you are
- * storing an (long) as the data (for example) then data_buf_p should
- * be (long **) i.e. the address of a (long *).
- *
- * overwrite - Flag which, if set to 1, will allow the overwriting of
- * the data in the table with the new data if the key already exists
- * in the table.
- */
-int table_insert(table_t * table_p,
-                 const void *key_buf, const int key_size,
-                 const void *data_buf, const int data_size,
-                 void **data_buf_p, const char overwrite_b)
-{
-    return table_insert_kd(table_p, key_buf, key_size, data_buf, data_size,
-                           NULL, data_buf_p, overwrite_b);
-}
-
-/*
- * int table_retrieve
- *
- * DESCRIPTION:
- *
- * This routine looks up a key made up of a buffer of bytes and an
- * associated size in the table.  If found then it returns the
- * associated data information.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be searching
- * for the key.
- *
- * key_buf - Buffer of bytes of the key that we are searching for.  If
- * you are looking for an (int) as the key (for example) then key_buf
- * should be a (int *).
- *
- * key_size - Size of the key_buf buffer.  If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'.  If you
- * are looking for an (int) as the key (for example) then key_size
- * should be sizeof(int).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that is
- * associated with the key.  If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data stored in the table that is associated with
- * the key.
- */
-int table_retrieve(table_t * table_p,
-                   const void *key_buf, const int key_size,
-                   void **data_buf_p, int *data_size_p)
-{
-    int bucket;
-    unsigned int ksize;
-    table_entry_t *entry_p, **buckets;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (key_buf == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    /* find key size */
-    if (key_size < 0)
-        ksize = strlen((char *) key_buf) + sizeof(char);
-    else
-        ksize = key_size;
-    /* get the bucket number via a has function */
-    bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
-    /* look for the entry in this bucket, only check keys of the same size */
-    buckets = table_p->ta_buckets;
-    for (entry_p = buckets[bucket];
-         entry_p != NULL;
-         entry_p = entry_p->te_next_p) {
-        entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p);
-        if (entry_p->te_key_size == ksize
-            && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
-            break;
-    }
-
-    /* not found? */
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_delete
- *
- * DESCRIPTION:
- *
- * This routine looks up a key made up of a buffer of bytes and an
- * associated size in the table.  If found then it will be removed
- * from the table.  The associated data can be passed back to the user
- * if requested.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * NOTE: this could be an allocation error if the library is to return
- * the data to the user.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we will be deleteing
- * the key.
- *
- * key_buf - Buffer of bytes of the key that we are searching for to
- * delete.  If you are deleting an (int) key (for example) then
- * key_buf should be a (int *).
- *
- * key_size - Size of the key_buf buffer.  If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'.  If you
- * are deleting an (int) key (for example) then key_size should be
- * sizeof(int).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that was
- * associated with the key.  If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *).  If a pointer is passed in, the caller is responsible for
- * freeing it after use.  If data_buf_p is NULL then the library will
- * free up the data allocation itself.
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that was stored in the table and that was
- * associated with the key.
- */
-int table_delete(table_t * table_p,
-                 const void *key_buf, const int key_size,
-                 void **data_buf_p, int *data_size_p)
-{
-    int bucket;
-    unsigned int ksize;
-    unsigned char *data_copy_p;
-    table_entry_t *entry_p, *last_p;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (key_buf == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    /* get the key size */
-    if (key_size < 0)
-        ksize = strlen((char *) key_buf) + sizeof(char);
-    else
-        ksize = key_size;
-    /* find our bucket */
-    bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
-    /* look for the entry in this bucket, only check keys of the same size */
-    for (last_p = NULL, entry_p = table_p->ta_buckets[bucket]; entry_p != NULL;
-         last_p = entry_p, entry_p = entry_p->te_next_p) {
-        if (entry_p->te_key_size == ksize
-            && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
-            break;
-    }
-
-    /* did we find it? */
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    /*
-     * NOTE: we may want to adjust the linear counters here if the entry
-     * we are deleting is the one we are pointing on or is ahead of the
-     * one in the bucket list
-     */
-
-    /* remove entry from the linked list */
-    if (last_p == NULL)
-        table_p->ta_buckets[bucket] = entry_p->te_next_p;
-    else
-        last_p->te_next_p = entry_p->te_next_p;
-    /* free entry */
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            /*
-             * if we were storing it compacted, we now need to malloc some
-             * space if the user wants the value after the delete.
-             */
-            *data_buf_p = table_p->ta_malloc(entry_p->te_data_size);
-            if (*data_buf_p == NULL)
-                return TABLE_ERROR_ALLOC;
-            if (table_p->ta_data_align == 0)
-                data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                data_copy_p = entry_data_buf(table_p, entry_p);
-            memcpy(*data_buf_p, data_copy_p, entry_p->te_data_size);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    table_p->ta_free(entry_p);
-
-    table_p->ta_entry_n--;
-
-    /* do we need auto-adjust down? */
-    if ((table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST)
-        && (table_p->ta_flags & TABLE_FLAG_ADJUST_DOWN)
-        && SHOULD_TABLE_SHRINK(table_p))
-        return table_adjust(table_p, table_p->ta_entry_n);
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_delete_first
- *
- * DESCRIPTION:
- *
- * This is like the table_delete routines except it deletes the first
- * key/data pair in the table instead of an entry corresponding to a
- * particular key.  The associated key and data information can be
- * passed back to the user if requested.  This routines is handy to
- * clear out a table.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * NOTE: this could be an allocation error if the library is to return
- * the data to the user.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we will be deleteing
- * the first key.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that was allocated in the table.
- * If an (int) was stored as the first key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *).  If a
- * pointer is passed in, the caller is responsible for freeing it
- * after use.  If key_buf_p is NULL then the library will free up the
- * key allocation itself.
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that was stored in the table and that was
- * associated with the key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that was
- * associated with the key.  If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *).  If a pointer is passed in, the caller is responsible for
- * freeing it after use.  If data_buf_p is NULL then the library will
- * free up the data allocation itself.
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that was stored in the table and that was
- * associated with the key.
- */
-int table_delete_first(table_t * table_p,
-                       void **key_buf_p, int *key_size_p,
-                       void **data_buf_p, int *data_size_p)
-{
-    unsigned char *data_copy_p;
-    table_entry_t *entry_p;
-    table_linear_t linear;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    /* take the first entry */
-    entry_p = first_entry(table_p, &linear);
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    /*
-     * NOTE: we may want to adjust the linear counters here if the entry
-     * we are deleting is the one we are pointing on or is ahead of the
-     * one in the bucket list
-     */
-
-    /* remove entry from the linked list */
-    table_p->ta_buckets[linear.tl_bucket_c] = entry_p->te_next_p;
-
-    /* free entry */
-    if (key_buf_p != NULL) {
-        if (entry_p->te_key_size == 0)
-            *key_buf_p = NULL;
-        else {
-            /*
-             * if we were storing it compacted, we now need to malloc some
-             * space if the user wants the value after the delete.
-             */
-            *key_buf_p = table_p->ta_malloc(entry_p->te_key_size);
-            if (*key_buf_p == NULL)
-                return TABLE_ERROR_ALLOC;
-            memcpy(*key_buf_p, ENTRY_KEY_BUF(entry_p), entry_p->te_key_size);
-        }
-    }
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            /*
-             * if we were storing it compacted, we now need to malloc some
-             * space if the user wants the value after the delete.
-             */
-            *data_buf_p = table_p->ta_malloc(entry_p->te_data_size);
-            if (*data_buf_p == NULL)
-                return TABLE_ERROR_ALLOC;
-            if (table_p->ta_data_align == 0)
-                data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                data_copy_p = entry_data_buf(table_p, entry_p);
-            memcpy(*data_buf_p, data_copy_p, entry_p->te_data_size);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    table_p->ta_free(entry_p);
-
-    table_p->ta_entry_n--;
-
-    /* do we need auto-adjust down? */
-    if ((table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST)
-        && (table_p->ta_flags & TABLE_FLAG_ADJUST_DOWN)
-        && SHOULD_TABLE_SHRINK(table_p))
-        return table_adjust(table_p, table_p->ta_entry_n);
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_info
- *
- * DESCRIPTION:
- *
- * Get some information about a table_p structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting
- * information.
- *
- * num_buckets_p - Pointer to an integer which, if not NULL, will
- * contain the number of buckets in the table.
- *
- * num_entries_p - Pointer to an integer which, if not NULL, will
- * contain the number of entries stored in the table.
- */
-int table_info(table_t * table_p, int *num_buckets_p, int *num_entries_p)
-{
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (num_buckets_p != NULL)
-        *num_buckets_p = table_p->ta_bucket_n;
-    if (num_entries_p != NULL)
-        *num_entries_p = table_p->ta_entry_n;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_adjust
- *
- * DESCRIPTION:
- *
- * Set the number of buckets in a table to a certain value.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer of which we are adjusting.
- *
- * bucket_n - Number buckets to adjust the table to.  Set to 0 to
- * adjust the table to its number of entries.
- */
-int table_adjust(table_t * table_p, const int bucket_n)
-{
-    table_entry_t *entry_p, *next_p;
-    table_entry_t **buckets, **bucket_p, **bounds_p;
-    int bucket;
-    unsigned int buck_n;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    /*
-     * NOTE: we walk through the entries and rehash them.  If we stored
-     * the hash value as a full int in the table-entry, all we would
-     * have to do is remod it.
-     */
-
-    /* normalize to the number of entries */
-    if (bucket_n == 0)
-        buck_n = table_p->ta_entry_n;
-    else
-        buck_n = bucket_n;
-    /* we must have at least 1 bucket */
-    if (buck_n == 0)
-        buck_n = 1;
-    /* make sure we have somethign to do */
-    if (buck_n == table_p->ta_bucket_n)
-        return TABLE_ERROR_NONE;
-    /* allocate a new bucket list */
-    if ((buckets = (table_entry_t **) table_p->ta_calloc(buck_n, sizeof(table_entry_t *))) == NULL)
-        return TABLE_ERROR_ALLOC;
-    if (table_p->ta_buckets == NULL)
-        return TABLE_ERROR_ALLOC;
-    /*
-     * run through each of the items in the current table and rehash
-     * them into the newest bucket sizes
-     */
-    bounds_p = table_p->ta_buckets + table_p->ta_bucket_n;
-    for (bucket_p = table_p->ta_buckets; bucket_p < bounds_p; bucket_p++) {
-        for (entry_p = *bucket_p; entry_p != NULL; entry_p = next_p) {
-
-            /* hash the old data into the new table size */
-            bucket = hash(ENTRY_KEY_BUF(entry_p), entry_p->te_key_size, 0) % buck_n;
-
-            /* record the next one now since we overwrite next below */
-            next_p = entry_p->te_next_p;
-
-            /* insert into new list, no need to append */
-            entry_p->te_next_p = buckets[bucket];
-            buckets[bucket] = entry_p;
-
-            /*
-             * NOTE: we may want to adjust the bucket_c linear entry here to
-             * keep it current
-             */
-        }
-        /* remove the old table pointers as we go by */
-        *bucket_p = NULL;
-    }
-
-    /* replace the table buckets with the new ones */
-    table_p->ta_free(table_p->ta_buckets);
-    table_p->ta_buckets = buckets;
-    table_p->ta_bucket_n = buck_n;
-
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * const char *table_strerror
- *
- * DESCRIPTION:
- *
- * Return the corresponding string for the error number.
- *
- * RETURNS:
- *
- * Success - String equivalient of the error.
- *
- * Failure - String "invalid error code"
- *
- * ARGUMENTS:
- *
- * error - Error number that we are converting.
- */
-const char *table_strerror(const int error)
-{
-    error_str_t *err_p;
-
-    for (err_p = errors; err_p->es_error != 0; err_p++) {
-        if (err_p->es_error == error)
-            return err_p->es_string;
-    }
-
-    return INVALID_ERROR;
-}
-
-/*
- * int table_type_size
- *
- * DESCRIPTION:
- *
- * Return the size of the internal table type.
- *
- * RETURNS:
- *
- * The size of the table_t type.
- *
- * ARGUMENTS:
- *
- * None.
- */
-int table_type_size(void)
-{
-    return sizeof(table_t);
-}
-
-/************************* linear access routines ****************************/
-
-/*
- * int table_first
- *
- * DESCRIPTION:
- *
- * Find first element in a table and pass back information about the
- * key/data pair.  If any of the key/data pointers are NULL then they
- * are ignored.
- *
- * NOTE: This function is not reentrant.  More than one thread cannot
- * be doing a first and next on the same table at the same time.  Use
- * the table_first_r version below for this.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * first element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that is allocated in the table.  If
- * an (int) is stored as the first key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the first key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the first key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the first key.
- */
-int table_first(table_t * table_p,
-                void **key_buf_p, int *key_size_p,
-                void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    /* initialize our linear magic number */
-    table_p->ta_linear.tl_magic = LINEAR_MAGIC;
-
-    entry_p = first_entry(table_p, &table_p->ta_linear);
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_next
- *
- * DESCRIPTION:
- *
- * Find the next element in a table and pass back information about
- * the key/data pair.  If any of the key/data pointers are NULL then
- * they are ignored.
- *
- * NOTE: This function is not reentrant.  More than one thread cannot
- * be doing a first and next on the same table at the same time.  Use
- * the table_next_r version below for this.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * next element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the next key that is allocated in the table.  If
- * an (int) is stored as the next key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the next key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the next key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the next key.
- */
-int table_next(table_t * table_p,
-               void **key_buf_p, int *key_size_p,
-               void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-    int error;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (table_p->ta_linear.tl_magic != LINEAR_MAGIC)
-        return TABLE_ERROR_LINEAR;
-    /* move to the next entry */
-    entry_p = next_entry(table_p, &table_p->ta_linear, &error);
-    if (entry_p == NULL)
-        return error;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_this
- *
- * DESCRIPTION:
- *
- * Find the current element in a table and pass back information about
- * the key/data pair.  If any of the key/data pointers are NULL then
- * they are ignored.
- *
- * NOTE: This function is not reentrant.  Use the table_current_r
- * version below.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * current element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the current key that is allocated in the table.
- * If an (int) is stored as the current key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the current key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the current key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the current key.
- */
-int table_this(table_t * table_p,
-               void **key_buf_p, int *key_size_p,
-               void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p = NULL;
-    int entry_c;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (table_p->ta_linear.tl_magic != LINEAR_MAGIC)
-        return TABLE_ERROR_LINEAR;
-    /* if we removed an item that shorted the bucket list, we may get this */
-    if (table_p->ta_linear.tl_bucket_c >= table_p->ta_bucket_n) {
-        /*
-         * NOTE: this might happen if we delete an item which shortens the
-         * table bucket numbers.
-         */
-        return TABLE_ERROR_NOT_FOUND;
-    }
-
-    /* find the entry which is the nth in the list */
-    entry_p = table_p->ta_buckets[table_p->ta_linear.tl_bucket_c];
-    /* NOTE: we swap the order here to be more efficient */
-    for (entry_c = table_p->ta_linear.tl_entry_c; entry_c > 0; entry_c--) {
-        /* did we reach the end of the list? */
-        if (entry_p == NULL)
-            break;
-        entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p)->te_next_p;
-    }
-
-    /* is this a NOT_FOUND or a LINEAR error */
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_first_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_first routine above.  Find first
- * element in a table and pass back information about the key/data
- * pair.  If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * first element.
- *
- * linear_p - Pointer to a table linear structure which is initialized
- * here.  The same pointer should then be passed to table_next_r
- * below.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that is allocated in the table.  If
- * an (int) is stored as the first key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the first key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the first key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the first key.
- */
-int table_first_r(table_t * table_p, table_linear_t * linear_p,
-                  void **key_buf_p, int *key_size_p,
-                  void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (linear_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    /* initialize our linear magic number */
-    linear_p->tl_magic = LINEAR_MAGIC;
-
-    entry_p = first_entry(table_p, linear_p);
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_next_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_next routine above.  Find next
- * element in a table and pass back information about the key/data
- * pair.  If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * next element.
- *
- * linear_p - Pointer to a table linear structure which is incremented
- * here.  The same pointer must have been passed to table_first_r
- * first so that it can be initialized.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the next key that is allocated in the table.  If
- * an (int) is stored as the next key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL will be set
- * to the size of the key that is stored in the table and that is
- * associated with the next key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the next key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the next key.
- */
-int table_next_r(table_t * table_p, table_linear_t * linear_p,
-                 void **key_buf_p, int *key_size_p,
-                 void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-    int error;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (linear_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (linear_p->tl_magic != LINEAR_MAGIC)
-        return TABLE_ERROR_LINEAR;
-    /* move to the next entry */
-    entry_p = next_entry(table_p, linear_p, &error);
-    if (entry_p == NULL)
-        return error;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_this_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_this routine above.  Find current
- * element in a table and pass back information about the key/data
- * pair.  If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * current element.
- *
- * linear_p - Pointer to a table linear structure which is accessed
- * here.  The same pointer must have been passed to table_first_r
- * first so that it can be initialized.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the current key that is allocated in the table.
- * If an (int) is stored as the current key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the current key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the current key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the current key.
- */
-int table_this_r(table_t * table_p, table_linear_t * linear_p,
-                 void **key_buf_p, int *key_size_p,
-                 void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-    int entry_c;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (linear_p->tl_magic != LINEAR_MAGIC)
-        return TABLE_ERROR_LINEAR;
-    /* if we removed an item that shorted the bucket list, we may get this */
-    if (linear_p->tl_bucket_c >= table_p->ta_bucket_n) {
-        /*
-         * NOTE: this might happen if we delete an item which shortens the
-         * table bucket numbers.
-         */
-        return TABLE_ERROR_NOT_FOUND;
-    }
-
-    /* find the entry which is the nth in the list */
-    for (entry_c = linear_p->tl_entry_c,
-         entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
-         entry_p != NULL && entry_c > 0;
-         entry_c--, entry_p = TABLE_POINTER(table_p, table_entry_t *,
-                                            entry_p)->te_next_p) {
-    }
-
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/******************************* file routines *******************************/
-
-/*
- * int table_read
- *
- * DESCRIPTION:
- *
- * Read in a table from a file that had been written to disk earlier
- * via table_write.
- *
- * RETURNS:
- *
- * Success - Pointer to the new table structure which must be passed
- * to table_free to be deallocated.
- *
- * Failure - NULL
- *
- * ARGUMENTS:
- *
- * path - Table file to read in.
- *
- * error_p - Pointer to an integer which, if not NULL, will contain a
- * table error code.
- */
-table_t *table_read(const char *path, int *error_p,
-                    void *(*malloc_f)(size_t size),
-                    void *(*calloc_f)(size_t number, size_t size),
-                    void *(*realloc_f)(void *ptr, size_t size),
-                    void (*free_f)(void *ptr))
-{
-    unsigned int size;
-    int fd, ent_size;
-    FILE *infile;
-    table_entry_t entry, **bucket_p, *entry_p = NULL, *last_p;
-    unsigned long pos;
-    table_t *table_p;
-
-    /* open the file */
-    fd = open(path, O_RDONLY, 0);
-    if (fd < 0) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_OPEN;
-        return NULL;
-    }
-
-    /* allocate a table structure */
-    if (malloc_f != NULL)
-        table_p = malloc_f(sizeof(table_t));
-    else
-        table_p = malloc(sizeof(table_t));
-    if (table_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        return NULL;
-    }
-
-    /* now open the fd to get buffered i/o */
-    infile = fdopen(fd, "r");
-    if (infile == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_OPEN;
-        return NULL;
-    }
-
-    /* read the main table struct */
-    if (fread(table_p, sizeof(table_t), 1, infile) != 1) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_READ;
-        if (free_f != NULL)
-            free_f(table_p);
-        else
-            free(table_p);
-        return NULL;
-    }
-    table_p->ta_file_size = 0;
-
-    table_p->ta_malloc  = malloc_f  != NULL ? malloc_f  : malloc;
-    table_p->ta_calloc  = calloc_f  != NULL ? calloc_f  : calloc;
-    table_p->ta_realloc = realloc_f != NULL ? realloc_f : realloc;
-    table_p->ta_free    = free_f    != NULL ? free_f    : free;
-
-    /* is the file contain bad info or maybe another system type? */
-    if (table_p->ta_magic != TABLE_MAGIC) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_PNT;
-        return NULL;
-    }
-
-    /* allocate the buckets */
-    table_p->ta_buckets = (table_entry_t **)table_p->ta_calloc(table_p->ta_bucket_n, sizeof(table_entry_t *));
-    if (table_p->ta_buckets == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        table_p->ta_free(table_p);
-        return NULL;
-    }
-
-    if (fread(table_p->ta_buckets, sizeof(table_entry_t *), table_p->ta_bucket_n,
-              infile) != (size_t) table_p->ta_bucket_n) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_READ;
-        table_p->ta_free(table_p->ta_buckets);
-        table_p->ta_free(table_p);
-        return NULL;
-    }
-
-    /* read in the entries */
-    for (bucket_p = table_p->ta_buckets;
-         bucket_p < table_p->ta_buckets + table_p->ta_bucket_n;
-         bucket_p++) {
-
-        /* skip null buckets */
-        if (*bucket_p == NULL)
-            continue;
-        /* run through the entry list */
-        last_p = NULL;
-        for (pos = *(unsigned long *) bucket_p;;
-             pos = (unsigned long) entry_p->te_next_p) {
-
-            /* read in the entry */
-            if (fseek(infile, pos, SEEK_SET) != 0) {
-                if (error_p != NULL)
-                    *error_p = TABLE_ERROR_SEEK;
-                table_p->ta_free(table_p->ta_buckets);
-                if (entry_p != NULL)
-                    table_p->ta_free(entry_p);
-                table_p->ta_free(table_p);
-                /* the other table elements will not be freed */
-                return NULL;
-            }
-            if (fread(&entry, sizeof(struct table_shell_st), 1, infile) != 1) {
-                if (error_p != NULL)
-                    *error_p = TABLE_ERROR_READ;
-                table_p->ta_free(table_p->ta_buckets);
-                if (entry_p != NULL)
-                    table_p->ta_free(entry_p);
-                table_p->ta_free(table_p);
-                /* the other table elements will not be freed */
-                return NULL;
-            }
-
-            /* make a new entry */
-            ent_size = entry_size(table_p, entry.te_key_size, entry.te_data_size);
-            entry_p = (table_entry_t *)table_p->ta_malloc(ent_size);
-            if (entry_p == NULL) {
-                if (error_p != NULL)
-                    *error_p = TABLE_ERROR_ALLOC;
-                table_p->ta_free(table_p->ta_buckets);
-                table_p->ta_free(table_p);
-                /* the other table elements will not be freed */
-                return NULL;
-            }
-            entry_p->te_key_size = entry.te_key_size;
-            entry_p->te_data_size = entry.te_data_size;
-            entry_p->te_next_p = entry.te_next_p;
-
-            if (last_p == NULL)
-                *bucket_p = entry_p;
-            else
-                last_p->te_next_p = entry_p;
-            /* determine how much more we have to read */
-            size = ent_size - sizeof(struct table_shell_st);
-            if (fread(ENTRY_KEY_BUF(entry_p), sizeof(char), size, infile) != size) {
-                if (error_p != NULL)
-                    *error_p = TABLE_ERROR_READ;
-                table_p->ta_free(table_p->ta_buckets);
-                table_p->ta_free(entry_p);
-                table_p->ta_free(table_p);
-                /* the other table elements will not be freed */
-                return NULL;
-            }
-
-            /* we are done if the next pointer is null */
-            if (entry_p->te_next_p == (unsigned long) 0)
-                break;
-            last_p = entry_p;
-        }
-    }
-
-    (void) fclose(infile);
-
-    if (error_p != NULL)
-        *error_p = TABLE_ERROR_NONE;
-    return table_p;
-}
-
-/*
- * int table_write
- *
- * DESCRIPTION:
- *
- * Write a table from memory to file.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to the table that we are writing to the file.
- *
- * path - Table file to write out to.
- *
- * mode - Mode of the file.  This argument is passed on to open when
- * the file is created.
- */
-int table_write(const table_t * table_p, const char *path, const int mode)
-{
-    int fd, rem, ent_size;
-    unsigned int bucket_c;
-    unsigned long size;
-    table_entry_t *entry_p, **buckets, **bucket_p, *next_p;
-    table_t tmain;
-    FILE *outfile;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    fd = open(path, O_WRONLY | O_CREAT, mode);
-    if (fd < 0)
-        return TABLE_ERROR_OPEN;
-    outfile = fdopen(fd, "w");
-    if (outfile == NULL)
-        return TABLE_ERROR_OPEN;
-    /* allocate a block of sizes for each bucket */
-    buckets = (table_entry_t **) table_p->ta_malloc(sizeof(table_entry_t *) *
-                                        table_p->ta_bucket_n);
-    if (buckets == NULL)
-        return TABLE_ERROR_ALLOC;
-    /* make a copy of the tmain struct */
-    tmain = *table_p;
-
-    /* start counting the bytes */
-    size = 0;
-    size += sizeof(table_t);
-
-    /* buckets go right after tmain struct */
-    tmain.ta_buckets = (table_entry_t **) size;
-    size += sizeof(table_entry_t *) * table_p->ta_bucket_n;
-
-    /* run through and count the buckets */
-    for (bucket_c = 0; bucket_c < table_p->ta_bucket_n; bucket_c++) {
-        bucket_p = table_p->ta_buckets + bucket_c;
-        if (*bucket_p == NULL) {
-            buckets[bucket_c] = NULL;
-            continue;
-        }
-        buckets[bucket_c] = (table_entry_t *) size;
-        for (entry_p = *bucket_p; entry_p != NULL; entry_p = entry_p->te_next_p) {
-            size += entry_size(table_p, entry_p->te_key_size, entry_p->te_data_size);
-            /*
-             * We now have to round the file to the nearest long so the
-             * mmaping of the longs in the entry structs will work.
-             */
-            rem = size & (sizeof(long) - 1);
-            if (rem > 0)
-                size += sizeof(long) - rem;
-        }
-    }
-    /* add a \0 at the end to fill the last section */
-    size++;
-
-    /* set the tmain fields */
-    tmain.ta_linear.tl_magic = 0;
-    tmain.ta_linear.tl_bucket_c = 0;
-    tmain.ta_linear.tl_entry_c = 0;
-    tmain.ta_file_size = size;
-
-    /*
-     * Now we can start the writing because we got the bucket offsets.
-     */
-
-    /* write the tmain table struct */
-    size = 0;
-    if (fwrite(&tmain, sizeof(table_t), 1, outfile) != 1) {
-        table_p->ta_free(buckets);
-        return TABLE_ERROR_WRITE;
-    }
-    size += sizeof(table_t);
-    if (fwrite(buckets, sizeof(table_entry_t *), table_p->ta_bucket_n,
-               outfile) != (size_t) table_p->ta_bucket_n) {
-        table_p->ta_free(buckets);
-        return TABLE_ERROR_WRITE;
-    }
-    size += sizeof(table_entry_t *) * table_p->ta_bucket_n;
-
-    /* write out the entries */
-    for (bucket_p = table_p->ta_buckets;
-         bucket_p < table_p->ta_buckets + table_p->ta_bucket_n;
-         bucket_p++) {
-        for (entry_p = *bucket_p; entry_p != NULL; entry_p = entry_p->te_next_p) {
-
-            ent_size = entry_size(table_p, entry_p->te_key_size,
-                                  entry_p->te_data_size);
-            size += ent_size;
-            /* round to nearest long here so we can write copy */
-            rem = size & (sizeof(long) - 1);
-            if (rem > 0)
-                size += sizeof(long) - rem;
-            next_p = entry_p->te_next_p;
-            if (next_p != NULL)
-                entry_p->te_next_p = (table_entry_t *) size;
-            /* now write to disk */
-            if (fwrite(entry_p, ent_size, 1, outfile) != 1) {
-                table_p->ta_free(buckets);
-                return TABLE_ERROR_WRITE;
-            }
-
-            /* restore the next pointer */
-            if (next_p != NULL)
-                entry_p->te_next_p = next_p;
-            /* now write the padding information */
-            if (rem > 0) {
-                rem = sizeof(long) - rem;
-                /*
-                 * NOTE: this won't leave fseek'd space at the end but we
-                 * don't care there because there is no accessed memory
-                 * afterwards.  We write 1 \0 at the end to make sure.
-                 */
-                if (fseek(outfile, rem, SEEK_CUR) != 0) {
-                    table_p->ta_free(buckets);
-                    return TABLE_ERROR_SEEK;
-                }
-            }
-        }
-    }
-    /*
-     * Write a \0 at the end of the file to make sure that the last
-     * fseek filled with nulls.
-     */
-    (void) fputc('\0', outfile);
-
-    (void) fclose(outfile);
-    table_p->ta_free(buckets);
-
-    return TABLE_ERROR_NONE;
-}
-
-/******************************** table order ********************************/
-
-/*
- * table_entry_t *table_order
- *
- * DESCRIPTION:
- *
- * Order a table by building an array of table entry pointers and then
- * sorting this array using the qsort function.  To retrieve the
- * sorted entries, you can then use the table_entry routine to access
- * each entry in order.
- *
- * NOTE: This routine is now thread safe in that two table_order calls
- * can now happen at the same time, even on the same table.
- *
- * RETURNS:
- *
- * An allocated list of entry pointers which must be freed later.
- * Returns null on error.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to the table that we are ordering.
- *
- * compare - Comparison function defined by the user.  Its definition
- * is at the top of the table.h file.  If this is NULL then it will
- * order the table my memcmp-ing the keys.
- *
- * num_entries_p - Pointer to an integer which, if not NULL, will
- * contain the number of entries in the returned entry pointer array.
- *
- * error_p - Pointer to an integer which, if not NULL, will contain a
- * table error code.
- */
-table_entry_t **table_order(table_t * table_p, table_compare_t compare,
-                            int *num_entries_p, int *error_p)
-{
-    table_entry_t *entry_p, **entries, **entries_p;
-    table_linear_t linear;
-    compare_t comp_func;
-    int error;
-
-    if (table_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ARG_NULL;
-        return NULL;
-    }
-    if (table_p->ta_magic != TABLE_MAGIC) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_PNT;
-        return NULL;
-    }
-
-    /* there must be at least 1 element in the table for this to work */
-    if (table_p->ta_entry_n == 0) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_EMPTY;
-        return NULL;
-    }
-
-    entries = (table_entry_t **) table_p->ta_malloc(table_p->ta_entry_n *
-                                        sizeof(table_entry_t *));
-    if (entries == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        return NULL;
-    }
-
-    /* get a pointer to all entries */
-    entry_p = first_entry(table_p, &linear);
-    if (entry_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_NOT_FOUND;
-        return NULL;
-    }
-
-    /* add all of the entries to the array */
-    for (entries_p = entries;
-         entry_p != NULL;
-         entry_p = next_entry(table_p, &linear, &error))
-        *entries_p++ = entry_p;
-    if (error != TABLE_ERROR_NOT_FOUND) {
-        if (error_p != NULL)
-            *error_p = error;
-        return NULL;
-    }
-
-    if (compare == NULL) {
-        /* this is regardless of the alignment */
-        comp_func = local_compare;
-    }
-    else if (table_p->ta_data_align == 0)
-        comp_func = external_compare;
-    else
-        comp_func = external_compare_align;
-    /* now qsort the entire entries array from first to last element */
-    split(entries, entries + table_p->ta_entry_n - 1, comp_func, compare,
-          table_p);
-
-    if (num_entries_p != NULL)
-        *num_entries_p = table_p->ta_entry_n;
-    if (error_p != NULL)
-        *error_p = TABLE_ERROR_NONE;
-    return entries;
-}
-
-/*
- * int table_entry
- *
- * DESCRIPTION:
- *
- * Get information about an element.  The element is one from the
- * array returned by the table_order function.  If any of the key/data
- * pointers are NULL then they are ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * element.
- *
- * entry_p - Pointer to a table entry from the array returned by the
- * table_order function.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of this entry that is allocated in the table.  If an
- * (int) is stored as this entry (for example) then key_buf_p should
- * be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage of this entry that is allocated in the table.
- * If a (long) is stored as this entry data (for example) then
- * data_buf_p should be (long **) i.e. the address of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table.
- */
-int table_entry_info(table_t * table_p, table_entry_t * entry_p,
-                void **key_buf_p, int *key_size_p,
-                void **data_buf_p, int *data_size_p)
-{
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (entry_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util_table.h b/usr.sbin/httpd/src/modules/ssl/ssl_util_table.h
deleted file mode 100644
index 1cccf5b8681..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util_table.h
+++ /dev/null
@@ -1,189 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util_table.h
-**  High Performance Hash Table Header
-*/
-
-/* ====================================================================
- * Copyright (c) 1999-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall <rse@engelschall.com> for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/*
- * Generic hash table defines
- * Table 4.1.0 July-28-1998
- *
- * This library is a generic open hash table with buckets and
- * linked lists.  It is pretty high performance.  Each element
- * has a key and a data.  The user indexes on the key to find the
- * data.
- *
- * Copyright 1998 by Gray Watson <gray@letters.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose and without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies,
- * and that the name of Gray Watson not be used in advertising or
- * publicity pertaining to distribution of the document or software
- * without specific, written prior permission.
- *
- * Gray Watson makes no representations about the suitability of the
- * software described herein for any purpose.  It is provided "as is"
- * without express or implied warranty.
- */
-
-#ifndef SSL_UTIL_TABLE_H
-#define SSL_UTIL_TABLE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-/*
- * To build a "key" in any of the below routines, pass in a pointer to
- * the key and its size [i.e. sizeof(int), etc].  With any of the
- * "key" or "data" arguments, if their size is < 0, it will do an
- * internal strlen of the item and add 1 for the \0.
- *
- * If you are using firstkey() and nextkey() functions, be careful if,
- * after starting your firstkey loop, you use delete or insert, it
- * will not crash but may produce interesting results.  If you are
- * deleting from firstkey to NULL it will work fine.
- */
-
-/* return types for table functions */
-#define TABLE_ERROR_NONE    1   /* no error from function */
-#define TABLE_ERROR_PNT     2   /* bad table pointer */
-#define TABLE_ERROR_ARG_NULL    3   /* buffer args were null */
-#define TABLE_ERROR_SIZE    4   /* size of data was bad */
-#define TABLE_ERROR_OVERWRITE   5   /* key exists and we cant overwrite */
-#define TABLE_ERROR_NOT_FOUND   6   /* key does not exist */
-#define TABLE_ERROR_ALLOC   7   /* memory allocation error */
-#define TABLE_ERROR_LINEAR  8   /* no linear access started */
-#define TABLE_ERROR_OPEN    9   /* could not open file */
-#define TABLE_ERROR_SEEK    10  /* could not seek to pos in file */
-#define TABLE_ERROR_READ    11  /* could not read from file */
-#define TABLE_ERROR_WRITE   12  /* could not write to file */
-#define TABLE_ERROR_EMPTY   13  /* table is empty */
-#define TABLE_ERROR_NOT_EMPTY   14  /* table contains data */
-#define TABLE_ERROR_ALIGNMENT   15  /* invalid alignment value */
-
-/*
- * Table flags set with table_attr.
- */
-
-/*
- * Automatically adjust the number of table buckets on the fly.
- * Whenever the number of entries gets above some threshold, the
- * number of buckets is realloced to a new size and each entry is
- * re-hashed.  Although this may take some time when it re-hashes, the
- * table will perform better over time.
- */
-#define TABLE_FLAG_AUTO_ADJUST  (1<<0)
-
-/*
- * If the above auto-adjust flag is set, also adjust the number of
- * table buckets down as we delete entries.
- */
-#define TABLE_FLAG_ADJUST_DOWN  (1<<1)
-
-/* structure to walk through the fields in a linear order */
-typedef struct {
-  unsigned int  tl_magic;   /* magic structure to ensure correct init */
-  unsigned int  tl_bucket_c;    /* where in the table buck array we are */
-  unsigned int  tl_entry_c; /* in the bucket, which entry we are on */
-} table_linear_t;
-
-typedef int (*table_compare_t)(const void *key1, const int key1_size,
-                   const void *data1, const int data1_size,
-                   const void *key2, const int key2_size,
-                   const void *data2, const int data2_size);
-
-#ifndef TABLE_PRIVATE
-typedef void    table_t;
-typedef void    table_entry_t;
-#endif
-
-/*
- * Prototypes
- */
-extern table_t        *table_alloc(const unsigned int bucket_n, int *error_p, void *(*malloc_f)(size_t size), void *(*calloc_f)(size_t number, size_t size), void *(*realloc_f)(void *ptr, size_t size), void (*free_f)(void *ptr));
-extern int             table_attr(table_t *table_p, const int attr);
-extern int             table_set_data_alignment(table_t *table_p, const int alignment);
-extern int             table_clear(table_t *table_p);
-extern int             table_free(table_t *table_p);
-extern int             table_insert_kd(table_t *table_p, const void *key_buf, const int key_size, const void *data_buf, const int data_size, void **key_buf_p, void **data_buf_p, const char overwrite_b);
-extern int             table_insert(table_t *table_p, const void *key_buf, const int key_size, const void *data_buf, const int data_size, void **data_buf_p, const char overwrite_b);
-extern int             table_retrieve(table_t *table_p, const void *key_buf, const int key_size, void **data_buf_p, int *data_size_p);
-extern int             table_delete(table_t *table_p, const void *key_buf, const int key_size, void **data_buf_p, int *data_size_p);
-extern int             table_delete_first(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_info(table_t *table_p, int *num_buckets_p, int *num_entries_p);
-extern int             table_adjust(table_t *table_p, const int bucket_n);
-extern const char     *table_strerror(const int error);
-extern int             table_type_size(void);
-extern int             table_first(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_next(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_this(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_first_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_next_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_this_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern table_t        *table_read(const char *path, int *error_p, void *(*malloc_f)(size_t size), void *(*calloc_f)(size_t number, size_t size), void *(*realloc_f)(void *ptr, size_t size), void (*free_f)(void *ptr));
-extern int             table_write(const table_t *table_p, const char *path, const int mode);
-extern table_entry_t **table_order(table_t *table_p, table_compare_t compare, int *num_entries_p, int *error_p);
-extern int             table_entry_info(table_t *table_p, table_entry_t *entry_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* ! SSL_UTIL_TABLE_H */
diff --git a/usr.sbin/httpd/src/modules/standard/.indent.pro b/usr.sbin/httpd/src/modules/standard/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/modules/standard/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/modules/standard/Makefile.tmpl b/usr.sbin/httpd/src/modules/standard/Makefile.tmpl
deleted file mode 100644
index 9cd16354ecd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/Makefile.tmpl
+++ /dev/null
@@ -1,258 +0,0 @@
-# $OpenBSD: Makefile.tmpl,v 1.6 2006/04/04 11:39:28 henning Exp $
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_access.o: mod_access.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_request.h
-mod_actions.o: mod_actions.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h
-mod_alias.o: mod_alias.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h
-mod_asis.o: mod_asis.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_log.h \
- $(INCDIR)/util_script.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_request.h
-mod_auth.o: mod_auth.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h
-mod_auth_anon.o: mod_auth_anon.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h
-mod_auth_db.o: mod_auth_db.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h
-mod_auth_dbm.o: mod_auth_dbm.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h
-mod_autoindex.o: mod_autoindex.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/util_script.h
-mod_cern_meta.o: mod_cern_meta.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/util_script.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_request.h
-mod_cgi.o: mod_cgi.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h \
- $(INCDIR)/http_conf_globals.h
-mod_digest.o: mod_digest.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/util_md5.h \
- $(INCDIR)/ap_md5.h
-mod_dir.o: mod_dir.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/util_script.h
-mod_env.o: mod_env.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h
-mod_expires.o: mod_expires.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h
-mod_headers.o: mod_headers.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h
-mod_imap.o: mod_imap.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h
-mod_include.o: mod_include.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/util_script.h
-mod_info.o: mod_info.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/util_script.h $(INCDIR)/http_conf_globals.h
-mod_log_agent.o: mod_log_agent.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/fdcache.h
-mod_log_config.o: mod_log_config.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/fdcache.h
-mod_log_referer.o: mod_log_referer.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/fdcache.h
-mod_mime.o: mod_mime.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h
-mod_mime_magic.o: mod_mime_magic.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_protocol.h
-mod_negotiation.o: mod_negotiation.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h
-mod_rewrite.o: mod_rewrite.c mod_rewrite.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_vhost.h $(INCDIR)/fdcache.h
-mod_setenvif.o: mod_setenvif.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h
-mod_so.o: mod_so.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h
-mod_speling.o: mod_speling.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_log.h
-mod_status.o: mod_status.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_main.h \
- $(INCDIR)/util_script.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/http_log.h
-mod_unique_id.o: mod_unique_id.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/multithread.h
-mod_userdir.o: mod_userdir.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h
-mod_usertrack.o: mod_usertrack.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h
diff --git a/usr.sbin/httpd/src/modules/standard/mod_access.c b/usr.sbin/httpd/src/modules/standard/mod_access.c
deleted file mode 100644
index c1f33c48e18..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_access.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Security options etc.
- * 
- * Module derived from code originally written by Rob McCool
- * 
- */
-
-#include "httpd.h"
-#include "http_core.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_request.h"
-
-enum allowdeny_type {
-    T_ENV,
-    T_ALL,
-    T_IP,
-    T_HOST,
-    T_FAIL,
-    T_IP6,
-};
-
-typedef struct {
-    int limited;
-    union {
-	char *from;
-	struct {
-	    struct in_addr net;
-	    struct in_addr mask;
-	} ip;
-	struct {
-	    struct in6_addr net6;
-	    struct in6_addr mask6;
-	} ip6;
-    } x;
-    enum allowdeny_type type;
-} allowdeny;
-
-/* things in the 'order' array */
-#define DENY_THEN_ALLOW 0
-#define ALLOW_THEN_DENY 1
-#define MUTUAL_FAILURE 2
-
-typedef struct {
-    int order[METHODS];
-    array_header *allows;
-    array_header *denys;
-} access_dir_conf;
-
-module MODULE_VAR_EXPORT access_module;
-
-static void *create_access_dir_config(pool *p, char *dummy)
-{
-    access_dir_conf *conf =
-    (access_dir_conf *) ap_pcalloc(p, sizeof(access_dir_conf));
-    int i;
-
-    for (i = 0; i < METHODS; ++i)
-	conf->order[i] = DENY_THEN_ALLOW;
-    conf->allows = ap_make_array(p, 1, sizeof(allowdeny));
-    conf->denys = ap_make_array(p, 1, sizeof(allowdeny));
-
-    return (void *) conf;
-}
-
-static const char *order(cmd_parms *cmd, void *dv, char *arg)
-{
-    access_dir_conf *d = (access_dir_conf *) dv;
-    int i, o;
-
-    if (!strcasecmp(arg, "allow,deny"))
-	o = ALLOW_THEN_DENY;
-    else if (!strcasecmp(arg, "deny,allow"))
-	o = DENY_THEN_ALLOW;
-    else if (!strcasecmp(arg, "mutual-failure"))
-	o = MUTUAL_FAILURE;
-    else
-	return "unknown order";
-
-    for (i = 0; i < METHODS; ++i)
-	if (cmd->limited & (1 << i))
-	    d->order[i] = o;
-
-    return NULL;
-}
-
-static int is_ip(const char *host)
-{
-    while ((*host == '.') || ap_isdigit(*host))
-	host++;
-    return (*host == '\0');
-}
-
-static const char *allow_cmd(cmd_parms *cmd, void *dv, char *from, char *where)
-{
-    access_dir_conf *d = (access_dir_conf *) dv;
-    allowdeny *a;
-    char *s;
-
-    if (strcasecmp(from, "from"))
-	return "allow and deny must be followed by 'from'";
-
-    a = (allowdeny *) ap_push_array(cmd->info ? d->allows : d->denys);
-    a->x.from = where;
-    a->limited = cmd->limited;
-
-    if (!strncasecmp(where, "env=", 4)) {
-	a->type = T_ENV;
-	a->x.from += 4;
-
-    }
-    else if (!strcasecmp(where, "all")) {
-	a->type = T_ALL;
-
-    }
-    else if ((s = strchr(where, '/'))) {
-	struct addrinfo hints, *resnet, *resmask;
-	struct sockaddr_storage net, mask;
-	int error;
-	char *p;
-	int justdigits;
-
-	a->type = T_FAIL;	/*just in case*/
-	/* trample on where, we won't be using it any more */
-	*s++ = '\0';
-
-	justdigits = 0;
-	for (p = s; *p; p++) {
-	    if (!isdigit(*p))
-		break;
-	}
-	if (!*p)
-	    justdigits++;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;	/*dummy*/
-#ifdef AI_NUMERICHOST
-	hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
-#endif
-	resnet = NULL;
-	error = getaddrinfo(where, NULL, &hints, &resnet);
-	if (error || !resnet) {
-	    if (resnet)
-		freeaddrinfo(resnet);
-	    a->type = T_FAIL;
-	    return "syntax error in network portion of network/netmask";
-	}
-	if (resnet->ai_next) {
-	    freeaddrinfo(resnet);
-	    a->type = T_FAIL;
-	    return "network/netmask resolved to multiple addresses";
-	}
-	memcpy(&net, resnet->ai_addr, resnet->ai_addrlen);
-	freeaddrinfo(resnet);
-
-	switch (net.ss_family) {
-	case AF_INET:
-	    a->type = T_IP;
-	    a->x.ip.net.s_addr = ((struct sockaddr_in *)&net)->sin_addr.s_addr;
-	    break;
-	case AF_INET6:
-	    a->type = T_IP6;
-	    memcpy(&a->x.ip6.net6, &((struct sockaddr_in6 *)&net)->sin6_addr,
-		sizeof(a->x.ip6.net6));
-	    break;
-	default:
-	    a->type = T_FAIL;
-	    return "unknown address family for network";
-	}
-
-	if (!justdigits) {
-	    memset(&hints, 0, sizeof(hints));
-	    hints.ai_family = PF_UNSPEC;
-	    hints.ai_socktype = SOCK_STREAM;	/*dummy*/ 
-#ifdef AI_NUMERICHOST
-	    hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
-#endif
-	    resmask = NULL;
-	    error = getaddrinfo(s, NULL, &hints, &resmask);
-	    if (error || !resmask) {
-		if (resmask)
-		    freeaddrinfo(resmask);
-		a->type = T_FAIL;
-		return "syntax error in mask portion of network/netmask";
-	    }
-	    if (resmask->ai_next) {
-		freeaddrinfo(resmask);
-		a->type = T_FAIL;
-		return "network/netmask resolved to multiple addresses";
-	    }
-	    memcpy(&mask, resmask->ai_addr, resmask->ai_addrlen);
-	    freeaddrinfo(resmask);
-
-	    if (net.ss_family != mask.ss_family) {
-		a->type = T_FAIL;
-		return "network/netmask resolved to different address family";
-	    }
-
-	    switch (a->type) {
-	    case T_IP:
-		a->x.ip.mask.s_addr =
-		    ((struct sockaddr_in *)&mask)->sin_addr.s_addr;
-		break;
-	    case T_IP6:
-		memcpy(&a->x.ip6.mask6,
-		    &((struct sockaddr_in6 *)&mask)->sin6_addr,
-		    sizeof(a->x.ip6.mask6));
-		break;
-	    }
-	} else {
-	    int mask;
-	    mask = atoi(s);
-	    switch (a->type) {
-	    case T_IP:
-		if (mask < 0 || 32 < mask) {
-		    a->type = T_FAIL;
-		    return "netmask out of range";
-		}
-		a->x.ip.mask.s_addr = htonl(0xFFFFFFFFUL << (32 - mask));
-		break;
-	    case T_IP6:
-	      {
-		int i;
-		if (mask < 0 || 128 < mask) {
-		    a->type = T_FAIL;
-		    return "netmask out of range";
-		}
-		for (i = 0; i < mask / 8; i++) {
-		    a->x.ip6.mask6.s6_addr[i] = 0xff;
-		}
-		if (mask % 8)
-		    a->x.ip6.mask6.s6_addr[i] = 0xff << (8 - (mask % 8));
-		break;
-	      }
-	    }
-	}
-    }
-    else {
-	struct addrinfo hints, *res;
-	struct sockaddr_storage ss;
-	int error;
-
-	a->type = T_FAIL;	/*just in case*/
-
-	/* First, try using the old apache code to match */
-	/* legacy syntax for ip addrs: a.b.c. ==> a.b.c.0/24 for example */
-	if (ap_isdigit(*where) && is_ip(where)) {
-	    int shift;
-	    char *t;
-	    int octet;
-
-	    a->type = T_IP;
-	    /* parse components */
-	    s = where;
-	    a->x.ip.net.s_addr = 0;
-	    a->x.ip.mask.s_addr = 0;
-	    shift = 24;
-	    while (*s) {
-		t = s;
-		if (!ap_isdigit(*t)) {
-		    a->type = T_FAIL;
-		    return "invalid ip address";
-		}
-		while (ap_isdigit(*t)) {
-		    ++t;
-		}
-		if (*t == '.') {
-		    *t++ = 0;
-		}
-		else if (*t) {
-		    a->type = T_FAIL;
-		    return "invalid ip address";
-		}
-		if (shift < 0) {
-		    return "invalid ip address, only 4 octets allowed";
-		}
-		octet = atoi(s);
-		if (octet < 0 || octet > 255) {
-		    a->type = T_FAIL;
-		    return "each octet must be between 0 and 255 inclusive";
-		}
-		a->x.ip.net.s_addr |= octet << shift;
-		a->x.ip.mask.s_addr |= 0xFFUL << shift;
-		s = t;
-		shift -= 8;
-	    }
-	    a->x.ip.net.s_addr = ntohl(a->x.ip.net.s_addr);
-	    a->x.ip.mask.s_addr = ntohl(a->x.ip.mask.s_addr);
-
-	    return NULL;
-	}
-
-	/* IPv4/v6 numeric address */
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;	/*dummy*/
-#ifdef AI_NUMERICHOST
-	hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
-#endif
-	res = NULL;
-	error = getaddrinfo(where, NULL, &hints, &res);
-	if (error || !res) {
-	    if (res)
-		freeaddrinfo(res);
-	    a->type = T_HOST;
-	    return NULL;
-	}
-	if (res->ai_next) {
-	    freeaddrinfo(res);
-	    a->type = T_FAIL;
-	    return "network/netmask resolved to multiple addresses";
-	}
-	memcpy(&ss, res->ai_addr, res->ai_addrlen);
-	freeaddrinfo(res);
-
-	switch (ss.ss_family) {
-	case AF_INET:
-	    a->type = T_IP;
-	    a->x.ip.net.s_addr = ((struct sockaddr_in *)&ss)->sin_addr.s_addr;
-	    memset(&a->x.ip.mask, 0xff, sizeof(a->x.ip.mask));
-	    break;
-	case AF_INET6:
-	    a->type = T_IP6;
-	    memcpy(&a->x.ip6.net6, &((struct sockaddr_in6 *)&ss)->sin6_addr,
-		sizeof(a->x.ip6.net6));
-	    memset(&a->x.ip6.mask6, 0xff, sizeof(a->x.ip6.mask6));
-	    break;
-	default:
-	    a->type = T_FAIL;
-	    return "unknown address family for network";
-	}
-    }
-
-    return NULL;
-}
-
-static char its_an_allow;
-
-static const command_rec access_cmds[] =
-{
-    {"order", order, NULL, OR_LIMIT, TAKE1,
-     "'allow,deny', 'deny,allow', or 'mutual-failure'"},
-    {"allow", allow_cmd, &its_an_allow, OR_LIMIT, ITERATE2,
-     "'from' followed by hostnames or IP-address wildcards"},
-    {"deny", allow_cmd, NULL, OR_LIMIT, ITERATE2,
-     "'from' followed by hostnames or IP-address wildcards"},
-    {NULL}
-};
-
-static int in_domain(const char *domain, const char *what)
-{
-    int dl = strlen(domain);
-    int wl = strlen(what);
-
-    if ((wl - dl) >= 0) {
-	if (strcasecmp(domain, &what[wl - dl]) != 0)
-	    return 0;
-
-	/* Make sure we matched an *entire* subdomain --- if the user
-	 * said 'allow from good.com', we don't want people from nogood.com
-	 * to be able to get in.
-	 */
-
-	if (wl == dl)
-	    return 1;		/* matched whole thing */
-	else
-	    return (domain[0] == '.' || what[wl - dl - 1] == '.');
-    }
-    else
-	return 0;
-}
-
-static int find_allowdeny(request_rec *r, array_header *a, int method)
-{
-    allowdeny *ap = (allowdeny *) a->elts;
-    int mmask = (1 << method);
-    int i;
-    int gothost = 0;
-    const char *remotehost = NULL;
-
-    for (i = 0; i < a->nelts; ++i) {
-	if (!(mmask & ap[i].limited))
-	    continue;
-
-	switch (ap[i].type) {
-	case T_ENV:
-	    if (ap_table_get(r->subprocess_env, ap[i].x.from)) {
-		return 1;
-	    }
-	    break;
-
-	case T_ALL:
-	    return 1;
-
-	case T_IP:
-	    if (ap[i].x.ip.net.s_addr == INADDR_NONE)
-		break;
-	    switch (r->connection->remote_addr.ss_family) {
-	    case AF_INET:
-		if ((((struct sockaddr_in *)&r->connection->remote_addr)->sin_addr.s_addr
-			& ap[i].x.ip.mask.s_addr) == ap[i].x.ip.net.s_addr) {
-		    return 1;
-		}
-		break;
-	    case AF_INET6:
-		if (!IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr))	/*XXX*/
-		    break;
-		if ((*(uint32_t *)&((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr.s6_addr[12]
-			& ap[i].x.ip.mask.s_addr) == ap[i].x.ip.net.s_addr) {
-		    return 1;
-		}
-		break;
-	    }
-	    break;
-
-	case T_IP6:
-	  {
-	    struct in6_addr masked;
-	    int j;
-	    if (IN6_IS_ADDR_UNSPECIFIED(&ap[i].x.ip6.net6))
-		break;
-	    switch (r->connection->remote_addr.ss_family) {
-	    case AF_INET:
-		if (!IN6_IS_ADDR_V4MAPPED(&ap[i].x.ip6.net6))	/*XXX*/
-		    break;
-		memset(&masked, 0, sizeof(masked));
-		masked.s6_addr[10] = masked.s6_addr[11] = 0xff;
-		memcpy(&masked.s6_addr[12],
-		    &((struct sockaddr_in *)&r->connection->remote_addr)->sin_addr.s_addr,
-		    sizeof(in_addr_t));
-		for (j = 0; j < sizeof(struct in6_addr); j++)
-			masked.s6_addr[j] &= ap[i].x.ip6.mask6.s6_addr[j];
-		if (memcmp(&masked, &ap[i].x.ip6.net6, sizeof(masked)) == 0)
-		    return 1;
-		break;
-	    case AF_INET6:
-		memset(&masked, 0, sizeof(masked));
-		memcpy(&masked,
-		    &((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr,
-		    sizeof(masked));
-		for (j = 0; j < sizeof(struct in6_addr); j++)
-		    masked.s6_addr[j] &= ap[i].x.ip6.mask6.s6_addr[j];
-		if (memcmp(&masked, &ap[i].x.ip6.net6, sizeof(masked)) == 0)
-		    return 1;
-		break;
-	    }
-	    break;
-	  }
-
-	case T_HOST:
-	    if (!gothost) {
-		remotehost = ap_get_remote_host(r->connection, r->per_dir_config,
-					    REMOTE_DOUBLE_REV);
-
-		if ((remotehost == NULL) || is_ip(remotehost))
-		    gothost = 1;
-		else
-		    gothost = 2;
-	    }
-
-	    if ((gothost == 2) && in_domain(ap[i].x.from, remotehost))
-		return 1;
-	    break;
-
-	case T_FAIL:
-	    /* do nothing? */
-	    break;
-	}
-    }
-
-    return 0;
-}
-
-static int check_dir_access(request_rec *r)
-{
-    int method = r->method_number;
-    access_dir_conf *a =
-    (access_dir_conf *)
-    ap_get_module_config(r->per_dir_config, &access_module);
-    int ret = OK;
-
-    if (a->order[method] == ALLOW_THEN_DENY) {
-	ret = FORBIDDEN;
-	if (find_allowdeny(r, a->allows, method))
-	    ret = OK;
-	if (find_allowdeny(r, a->denys, method))
-	    ret = FORBIDDEN;
-    }
-    else if (a->order[method] == DENY_THEN_ALLOW) {
-	if (find_allowdeny(r, a->denys, method))
-	    ret = FORBIDDEN;
-	if (find_allowdeny(r, a->allows, method))
-	    ret = OK;
-    }
-    else {
-	if (find_allowdeny(r, a->allows, method)
-	    && !find_allowdeny(r, a->denys, method))
-	    ret = OK;
-	else
-	    ret = FORBIDDEN;
-    }
-
-    if (ret == FORBIDDEN
-	&& (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		  "client denied by server configuration: %s",
-		  r->filename);
-    }
-
-    return ret;
-}
-
-
-
-module MODULE_VAR_EXPORT access_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_access_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    access_cmds,
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    check_dir_access,		/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_actions.c b/usr.sbin/httpd/src/modules/standard/mod_actions.c
deleted file mode 100644
index 45fbd3faa14..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_actions.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_actions.c: executes scripts based on MIME type or HTTP method
- *
- * by Alexei Kosut; based on mod_cgi.c, mod_mime.c and mod_includes.c,
- * adapted by rst from original NCSA code by Rob McCool
- *
- * Usage instructions:
- *
- * Action mime/type /cgi-bin/script
- * 
- * will activate /cgi-bin/script when a file of content type mime/type is 
- * requested. It sends the URL and file path of the requested document using 
- * the standard CGI PATH_INFO and PATH_TRANSLATED environment variables.
- *
- * Script PUT /cgi-bin/script
- *
- * will activate /cgi-bin/script when a request is received with the
- * HTTP method "PUT".  The available method names are defined in httpd.h.
- * If the method is GET, the script will only be activated if the requested
- * URI includes query information (stuff after a ?-mark).
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "util_script.h"
-
-typedef struct {
-    char *method;
-    char *script;
-} xmethod_t;
-
-/*
- * HTTP methods are case-sensitive, so we can't use a table structure to
- * track extension method mappings -- table keys are case-INsensitive.
- */
-typedef struct {
-    table *action_types;       /* Added with Action... */
-    char *scripted[METHODS];   /* Added with Script... */
-    array_header *xmethods;    /* Added with Script -- extension methods */
-} action_dir_config;
-
-module action_module;
-
-static void *create_action_dir_config(pool *p, char *dummy)
-{
-    action_dir_config *new =
-	(action_dir_config *) ap_palloc(p, sizeof(action_dir_config));
-
-    new->action_types = ap_make_table(p, 4);
-    memset(new->scripted, 0, sizeof(new->scripted));
-    new->xmethods = ap_make_array(p, 4, sizeof(xmethod_t));
-    return new;
-}
-
-static void *merge_action_dir_configs(pool *p, void *basev, void *addv)
-{
-    action_dir_config *base = (action_dir_config *) basev;
-    action_dir_config *add = (action_dir_config *) addv;
-    action_dir_config *new = (action_dir_config *) ap_palloc(p,
-                                  sizeof(action_dir_config));
-    int i;
-
-    new->action_types = ap_overlay_tables(p, add->action_types,
-				       base->action_types);
-
-    for (i = 0; i < METHODS; ++i) {
-        new->scripted[i] = add->scripted[i] ? add->scripted[i]
-                                            : base->scripted[i];
-    }
-    new->xmethods = ap_append_arrays(p, add->xmethods, base->xmethods);
-    return new;
-}
-
-static const char *add_action(cmd_parms *cmd, action_dir_config *m, char *type,
-			      char *script)
-{
-    ap_table_setn(m->action_types, type, script);
-    return NULL;
-}
-
-static const char *set_script(cmd_parms *cmd, action_dir_config *m,
-                              char *method, char *script)
-{
-    int methnum;
-
-    methnum = ap_method_number_of(method);
-    if (methnum == M_TRACE) {
-	return "TRACE not allowed for Script";
-    }
-    else if (methnum != M_INVALID) {
-        m->scripted[methnum] = script;
-    }
-    else {
-	/*
-	 * We used to return "Unknown method type for Script"
-	 * but now we actually handle unknown methods.
-	 */
-	xmethod_t *xm;
-	xmethod_t *list;
-	int i;
-
-	/*
-	 * Scan through the list; if the method already has a script
-	 * defined, overwrite it.  Otherwise, add it.
-	 */
-	list = (xmethod_t *) m->xmethods->elts;
-	for (i = 0; i < m->xmethods->nelts; ++i) {
-	    xm = &list[i];
-	    if (strcmp(method, xm->method) == 0) {
-		xm->script = script;
-		break;
-	    }
-	}
-	if (i <= m->xmethods->nelts) {
-	    xm = ap_push_array(m->xmethods);
-	    xm->method = method;
-	    xm->script = script;
-	}
-    }
-    return NULL;
-}
-
-static const command_rec action_cmds[] =
-{
-    {"Action", add_action, NULL, OR_FILEINFO, TAKE2,
-     "a media type followed by a script name"},
-    {"Script", set_script, NULL, ACCESS_CONF | RSRC_CONF, TAKE2,
-     "a method followed by a script name"},
-    {NULL}
-};
-
-static int action_handler(request_rec *r)
-{
-    action_dir_config *conf = (action_dir_config *)
-        ap_get_module_config(r->per_dir_config, &action_module);
-    const char *t, *action = r->handler ? r->handler : 
-	ap_field_noparam(r->pool, r->content_type);
-    const char *script;
-    int i;
-
-    /* Set allowed stuff */
-    for (i = 0; i < METHODS; ++i) {
-	if (conf->scripted[i]) {
-	    r->allowed |= (1 << i);
-	}
-    }
-
-    /* First, check for the method-handling scripts */
-    if (r->method_number == M_GET) {
-        if (r->args) {
-            script = conf->scripted[M_GET];
-	}
-        else {
-            script = NULL;
-	}
-    }
-    else {
-	if (r->method_number != M_INVALID) {
-	    script = conf->scripted[r->method_number];
-	}
-	else {
-	    int j;
-	    xmethod_t *xm;
-	    xmethod_t *list;
-
-	    script = NULL;
-	    list = (xmethod_t *) conf->xmethods->elts;
-	    for (j = 0; j < conf->xmethods->nelts; ++j) {
-		xm = &list[j];
-		if (strcmp(r->method, xm->method) == 0) {
-		    script = xm->script;
-		    break;
-		}
-	    }
-	}
-    }
-
-    /* Check for looping, which can happen if the CGI script isn't */
-    if (script && r->prev && r->prev->prev) {
-	return DECLINED;
-    }
-
-    /* Second, check for actions (which override the method scripts) */
-    if ((t = ap_table_get(conf->action_types,
-			  action ? action : ap_default_type(r)))) {
-	script = t;
-    }
-
-    if (script == NULL) {
-	return DECLINED;
-    }
-
-    ap_internal_redirect_handler(ap_pstrcat(r->pool, script,
-					    ap_escape_uri(r->pool,
-							  r->uri),
-					    r->args ? "?" : NULL,
-					    r->args, NULL), r);
-    return OK;
-}
-
-static const handler_rec action_handlers[] =
-{
-    {"*/*", action_handler},
-    {NULL}
-};
-
-module action_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_action_dir_config,	/* dir config creater */
-    merge_action_dir_configs,	/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    action_cmds,		/* command table */
-    action_handlers,		/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_alias.c b/usr.sbin/httpd/src/modules/standard/mod_alias.c
deleted file mode 100644
index 4f43d56a224..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_alias.c
+++ /dev/null
@@ -1,451 +0,0 @@
-/*	$OpenBSD: mod_alias.c,v 1.12 2004/12/02 19:42:47 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_alias.c: Stuff for dealing with directory aliases
- * 
- * Original by Rob McCool, rewritten in succession by David Robinson
- * and rst.
- * 
- */
-
-#include "httpd.h"
-#include "http_core.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-
-typedef struct {
-    char *real;
-    char *fake;
-    char *handler;
-    regex_t *regexp;
-    int redir_status;		/* 301, 302, 303, 410, etc */
-} alias_entry;
-
-typedef struct {
-    array_header *aliases;
-    array_header *redirects;
-} alias_server_conf;
-
-typedef struct {
-    array_header *redirects;
-} alias_dir_conf;
-
-module MODULE_VAR_EXPORT alias_module;
-
-static void *create_alias_config(pool *p, server_rec *s)
-{
-    alias_server_conf *a =
-    (alias_server_conf *) ap_pcalloc(p, sizeof(alias_server_conf));
-
-    a->aliases = ap_make_array(p, 20, sizeof(alias_entry));
-    a->redirects = ap_make_array(p, 20, sizeof(alias_entry));
-    return a;
-}
-
-static void *create_alias_dir_config(pool *p, char *d)
-{
-    alias_dir_conf *a =
-    (alias_dir_conf *) ap_pcalloc(p, sizeof(alias_dir_conf));
-    a->redirects = ap_make_array(p, 2, sizeof(alias_entry));
-    return a;
-}
-
-static void *merge_alias_config(pool *p, void *basev, void *overridesv)
-{
-    alias_server_conf *a =
-    (alias_server_conf *) ap_pcalloc(p, sizeof(alias_server_conf));
-    alias_server_conf *base = (alias_server_conf *) basev, *overrides = (alias_server_conf *) overridesv;
-
-    a->aliases = ap_append_arrays(p, overrides->aliases, base->aliases);
-    a->redirects = ap_append_arrays(p, overrides->redirects, base->redirects);
-    return a;
-}
-
-static void *merge_alias_dir_config(pool *p, void *basev, void *overridesv)
-{
-    alias_dir_conf *a =
-    (alias_dir_conf *) ap_pcalloc(p, sizeof(alias_dir_conf));
-    alias_dir_conf *base = (alias_dir_conf *) basev, *overrides = (alias_dir_conf *) overridesv;
-    a->redirects = ap_append_arrays(p, overrides->redirects, base->redirects);
-    return a;
-}
-
-static const char *add_alias_internal(cmd_parms *cmd, void *dummy, char *f, char *r,
-				      int use_regex)
-{
-    server_rec *s = cmd->server;
-    alias_server_conf *conf =
-    (alias_server_conf *) ap_get_module_config(s->module_config, &alias_module);
-    alias_entry *new = ap_push_array(conf->aliases);
-
-    /* XX r can NOT be relative to DocumentRoot here... compat bug. */
-
-    ap_server_strip_chroot(r, 1);
-
-    if (use_regex) {
-	new->regexp = ap_pregcomp(cmd->pool, f, REG_EXTENDED);
-	if (new->regexp == NULL)
-	    return "Regular expression could not be compiled.";
-        new->real = r;
-    }
-    else
-        new->real = ap_os_canonical_filename(cmd->pool, r);
-    new->fake = f;
-    new->handler = cmd->info;
-
-    return NULL;
-}
-
-static const char *add_alias(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    return add_alias_internal(cmd, dummy, f, r, 0);
-}
-
-static const char *add_alias_regex(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    return add_alias_internal(cmd, dummy, f, r, 1);
-}
-
-static const char *add_redirect_internal(cmd_parms *cmd, alias_dir_conf * dirconf,
-					 char *arg1, char *arg2, char *arg3,
-					 int use_regex)
-{
-    alias_entry *new;
-    server_rec *s = cmd->server;
-    alias_server_conf *serverconf =
-    (alias_server_conf *) ap_get_module_config(s->module_config, &alias_module);
-    int status = (int) (long) cmd->info;
-    regex_t *r = NULL;
-    char *f = arg2;
-    char *url = arg3;
-
-    if (!strcasecmp(arg1, "gone"))
-	status = HTTP_GONE;
-    else if (!strcasecmp(arg1, "permanent"))
-	status = HTTP_MOVED_PERMANENTLY;
-    else if (!strcasecmp(arg1, "temp"))
-	status = HTTP_MOVED_TEMPORARILY;
-    else if (!strcasecmp(arg1, "seeother"))
-	status = HTTP_SEE_OTHER;
-    else if (ap_isdigit(*arg1))
-	status = atoi(arg1);
-    else {
-	f = arg1;
-	url = arg2;
-    }
-
-    if (use_regex) {
-	r = ap_pregcomp(cmd->pool, f, REG_EXTENDED);
-	if (r == NULL)
-	    return "Regular expression could not be compiled.";
-    }
-
-    if (ap_is_HTTP_REDIRECT(status)) {
-	if (!url)
-	    return "URL to redirect to is missing";
-	if (!use_regex && !ap_is_url(url))
-	    return "Redirect to non-URL";
-    }
-    else {
-	if (url)
-	    return "Redirect URL not valid for this status";
-    }
-
-    if (cmd->path)
-	new = ap_push_array(dirconf->redirects);
-    else
-	new = ap_push_array(serverconf->redirects);
-
-    new->fake = f;
-    new->real = url;
-    new->regexp = r;
-    new->redir_status = status;
-    return NULL;
-}
-
-static const char *add_redirect(cmd_parms *cmd, alias_dir_conf * dirconf, char *arg1,
-				char *arg2, char *arg3)
-{
-    return add_redirect_internal(cmd, dirconf, arg1, arg2, arg3, 0);
-}
-
-static const char *add_redirect_regex(cmd_parms *cmd, alias_dir_conf * dirconf,
-				      char *arg1, char *arg2, char *arg3)
-{
-    return add_redirect_internal(cmd, dirconf, arg1, arg2, arg3, 1);
-}
-
-static const command_rec alias_cmds[] =
-{
-    {"Alias", add_alias, NULL, RSRC_CONF, TAKE2,
-     "a fakename and a realname"},
-    {"ScriptAlias", add_alias, "cgi-script", RSRC_CONF, TAKE2,
-     "a fakename and a realname"},
-    {"Redirect", add_redirect, (void *) HTTP_MOVED_TEMPORARILY,
-     OR_FILEINFO, TAKE23,
-     "an optional status, then document to be redirected and destination URL"},
-    {"AliasMatch", add_alias_regex, NULL, RSRC_CONF, TAKE2,
-     "a regular expression and a filename"},
-    {"ScriptAliasMatch", add_alias_regex, "cgi-script", RSRC_CONF, TAKE2,
-     "a regular expression and a filename"},
-    {"RedirectMatch", add_redirect_regex, (void *) HTTP_MOVED_TEMPORARILY,
-     OR_FILEINFO, TAKE23,
-     "an optional status, then a regular expression and destination URL"},
-    {"RedirectTemp", add_redirect, (void *) HTTP_MOVED_TEMPORARILY,
-     OR_FILEINFO, TAKE2,
-     "a document to be redirected, then the destination URL"},
-    {"RedirectPermanent", add_redirect, (void *) HTTP_MOVED_PERMANENTLY,
-     OR_FILEINFO, TAKE2,
-     "a document to be redirected, then the destination URL"},
-    {NULL}
-};
-
-static int alias_matches(const char *uri, const char *alias_fakename)
-{
-    const char *end_fakename = alias_fakename + strlen(alias_fakename);
-    const char *aliasp = alias_fakename, *urip = uri;
-
-    while (aliasp < end_fakename) {
-	if (*aliasp == '/') {
-	    /* any number of '/' in the alias matches any number in
-	     * the supplied URI, but there must be at least one...
-	     */
-	    if (*urip != '/')
-		return 0;
-
-	    while (*aliasp == '/')
-		++aliasp;
-	    while (*urip == '/')
-		++urip;
-	}
-	else {
-	    /* Other characters are compared literally */
-	    if (*urip++ != *aliasp++)
-		return 0;
-	}
-    }
-
-    /* Check last alias path component matched all the way */
-
-    if (aliasp[-1] != '/' && *urip != '\0' && *urip != '/')
-	return 0;
-
-    /* Return number of characters from URI which matched (may be
-     * greater than length of alias, since we may have matched
-     * doubled slashes)
-     */
-
-    return urip - uri;
-}
-
-static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int *status)
-{
-    alias_entry *entries = (alias_entry *) aliases->elts;
-    regmatch_t regm[AP_MAX_REG_MATCH];
-    char *found = NULL;
-    int i;
-
-    for (i = 0; i < aliases->nelts; ++i) {
-	alias_entry *p = &entries[i];
-	int l;
-
-	if (p->regexp) {
-	    if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
-		if (p->real) {
-		    found = ap_pregsub(r->pool, p->real, r->uri,
-                                       AP_MAX_REG_MATCH, regm);
-		    if (found && doesc) {
-			found = ap_escape_uri(r->pool, found);
-		    }
-		}
-		else {
-		    /* need something non-null */
-		    found = ap_pstrdup(r->pool, "");
-		}
-	    }
-	}
-	else {
-	    l = alias_matches(r->uri, p->fake);
-
-	    if (l > 0) {
-		if (doesc) {
-		    char *escurl;
-		    escurl = ap_os_escape_path(r->pool, r->uri + l, 1);
-
-		    found = ap_pstrcat(r->pool, p->real, escurl, NULL);
-		}
-		else
-		    found = ap_pstrcat(r->pool, p->real, r->uri + l, NULL);
-	    }
-	}
-
-	if (found) {
-	    if (p->handler) {	/* Set handler, and leave a note for mod_cgi */
-		r->handler = p->handler;
-		ap_table_setn(r->notes, "alias-forced-type", r->handler);
-	    }
-
-	    *status = p->redir_status;
-
-	    return found;
-	}
-    }
-
-    return NULL;
-}
-
-static int translate_alias_redir(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    alias_server_conf *serverconf =
-    (alias_server_conf *) ap_get_module_config(sconf, &alias_module);
-    char *ret;
-    int status;
-
-    if (r->uri[0] != '/' && r->uri[0] != '\0')
-	return DECLINED;
-
-    if ((ret = try_alias_list(r, serverconf->redirects, 1, &status)) != NULL) {
-	if (ap_is_HTTP_REDIRECT(status)) {
-	    /* include QUERY_STRING if any */
-	    if (r->args) {
-		ret = ap_pstrcat(r->pool, ret, "?", r->args, NULL);
-	    }
-	    ap_table_setn(r->headers_out, "Location", ret);
-	}
-	return status;
-    }
-
-    if ((ret = try_alias_list(r, serverconf->aliases, 0, &status)) != NULL) {
-	r->filename = ret;
-	return OK;
-    }
-
-    return DECLINED;
-}
-
-static int fixup_redir(request_rec *r)
-{
-    void *dconf = r->per_dir_config;
-    alias_dir_conf *dirconf =
-    (alias_dir_conf *) ap_get_module_config(dconf, &alias_module);
-    char *ret;
-    int status;
-
-    /* It may have changed since last time, so try again */
-
-    if ((ret = try_alias_list(r, dirconf->redirects, 1, &status)) != NULL) {
-        if (ap_is_HTTP_REDIRECT(status)) {
-            if (ret[0] == '/') {
-                char *orig_target = ret;
-
-                ret = ap_construct_url(r->pool, ret, r);
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                              "incomplete redirection target of '%s' for "
-                              "URI '%s' modified to '%s'",
-                              orig_target, r->uri, ret);
-            }
-            if (!ap_is_url(ret)) {
-                status = HTTP_INTERNAL_SERVER_ERROR;
-                ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-                              "cannot redirect '%s' to '%s'; "
-                              "target is not a valid absoluteURI or abs_path",
-                              r->uri, ret);
-            }
-            else {
-                /* append requested query only, if the config didn't
-                 * supply its own.
-                 */
-                if (r->args && !strchr(ret, '?')) {
-                    ret = ap_pstrcat(r->pool, ret, "?", r->args, NULL);
-                }
-                ap_table_setn(r->headers_out, "Location", ret);
-            }
-        }
-	return status;
-    }
-
-    return DECLINED;
-}
-
-module MODULE_VAR_EXPORT alias_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_alias_dir_config,	/* dir config creater */
-    merge_alias_dir_config,	/* dir merger --- default is to override */
-    create_alias_config,	/* server config */
-    merge_alias_config,		/* merge server configs */
-    alias_cmds,			/* command table */
-    NULL,			/* handlers */
-    translate_alias_redir,	/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    fixup_redir,		/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_asis.c b/usr.sbin/httpd/src/modules/standard/mod_asis.c
deleted file mode 100644
index e28cc1440e5..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_asis.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_protocol.h"
-#include "http_log.h"
-#include "util_script.h"
-#include "http_main.h"
-#include "http_request.h"
-
-static int asis_handler(request_rec *r)
-{
-    FILE *f;
-    const char *location;
-
-    r->allowed |= (1 << M_GET);
-    if (r->method_number != M_GET)
-	return DECLINED;
-    if (r->finfo.st_mode == 0) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "File does not exist: %s", r->filename);
-	return NOT_FOUND;
-    }
-
-    f = ap_pfopen(r->pool, r->filename, "r");
-
-    if (f == NULL) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "file permissions deny server access: %s", r->filename);
-	return FORBIDDEN;
-    }
-
-    ap_scan_script_header_err(r, f, NULL);
-    location = ap_table_get(r->headers_out, "Location");
-
-    if (location && location[0] == '/' &&
-	((r->status == HTTP_OK) || ap_is_HTTP_REDIRECT(r->status))) {
-
-	ap_pfclose(r->pool, f);
-
-	/* Internal redirect -- fake-up a pseudo-request */
-	r->status = HTTP_OK;
-
-	/* This redirect needs to be a GET no matter what the original
-	 * method was.
-	 */
-	r->method = ap_pstrdup(r->pool, "GET");
-	r->method_number = M_GET;
-
-	ap_internal_redirect_handler(location, r);
-	return OK;
-    }
-
-    ap_send_http_header(r);
-    if (!r->header_only)
-	ap_send_fd(f, r);
-
-    ap_pfclose(r->pool, f);
-    return OK;
-}
-
-static const handler_rec asis_handlers[] =
-{
-    {ASIS_MAGIC_TYPE, asis_handler},
-    {"send-as-is", asis_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT asis_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    NULL,			/* create per-directory config structure */
-    NULL,			/* merge per-directory config structures */
-    NULL,			/* create per-server config structure */
-    NULL,			/* merge per-server config structures */
-    NULL,			/* command table */
-    asis_handlers,		/* handlers */
-    NULL,			/* translate_handler */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* pre-run fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth.c b/usr.sbin/httpd/src/modules/standard/mod_auth.c
deleted file mode 100644
index 8253a10245b..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/*	$OpenBSD: mod_auth.c,v 1.13 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_auth: authentication
- * 
- * Rob McCool
- * 
- * Adapted to Apache by rst.
- *
- * dirkx - Added Authoritative control to allow passing on to lower
- *         modules if and only if the user-id is not known to this
- *         module. A known user with a faulty or absent password still
- *         causes an AuthRequired. The default is 'Authoritative', i.e.
- *         no control is passed along.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-
-typedef struct auth_config_struct {
-    char *auth_pwfile;
-    char *auth_grpfile;
-    int auth_authoritative;
-} auth_config_rec;
-
-static void *create_auth_dir_config(pool *p, char *d)
-{
-    auth_config_rec *sec =
-    (auth_config_rec *) ap_pcalloc(p, sizeof(auth_config_rec));
-    sec->auth_pwfile = NULL;	/* just to illustrate the default really */
-    sec->auth_grpfile = NULL;	/* unless you have a broken HP cc */
-    sec->auth_authoritative = 1;	/* keep the fortress secure by default */
-    return sec;
-}
-
-static const char *set_auth_slot(cmd_parms *cmd, void *offset, char *f, char *t)
-{
-    if (t && strcmp(t, "standard"))
-	return ap_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
-
-    return ap_set_file_slot(cmd, offset, f);
-}
-
-static const command_rec auth_cmds[] =
-{
-    {"AuthUserFile", set_auth_slot,
-     (void *) XtOffsetOf(auth_config_rec, auth_pwfile), OR_AUTHCFG, TAKE12,
-     "text file containing user IDs and passwords"},
-    {"AuthGroupFile", set_auth_slot,
-     (void *) XtOffsetOf(auth_config_rec, auth_grpfile), OR_AUTHCFG, TAKE12,
-     "text file containing group names and member user IDs"},
-    {"AuthAuthoritative", ap_set_flag_slot,
-     (void *) XtOffsetOf(auth_config_rec, auth_authoritative),
-     OR_AUTHCFG, FLAG,
-     "Set to 'off' to allow access control to be passed along to "
-     "lower modules if the UserID is not known to this module"},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT auth_module;
-
-static char *get_pw(request_rec *r, char *user, char *auth_pwfile)
-{
-    configfile_t *f;
-    char l[MAX_STRING_LEN];
-    const char *rpw, *w;
-
-    ap_server_strip_chroot(auth_pwfile, 1);
-
-    if (!(f = ap_pcfg_openfile(r->pool, auth_pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "Could not open password file: %s", auth_pwfile);
-	return NULL;
-    }
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	rpw = l;
-	w = ap_getword(r->pool, &rpw, ':');
-
-	if (!strcmp(user, w)) {
-	    ap_cfg_closefile(f);
-	    return ap_getword(r->pool, &rpw, ':');
-	}
-    }
-    ap_cfg_closefile(f);
-    return NULL;
-}
-
-static table *groups_for_user(pool *p, char *user, char *grpfile)
-{
-    configfile_t *f;
-    table *grps = ap_make_table(p, 15);
-    pool *sp;
-    char l[MAX_STRING_LEN];
-    const char *group_name, *ll, *w;
-
-    ap_server_strip_chroot(grpfile, 1);
-
-    if (!(f = ap_pcfg_openfile(p, grpfile))) {
-/*add?	aplog_error(APLOG_MARK, APLOG_ERR, NULL,
-		    "Could not open group file: %s", grpfile);*/
-	return NULL;
-    }
-
-    sp = ap_make_sub_pool(p);
-
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	ll = l;
-	ap_clear_pool(sp);
-
-	group_name = ap_getword(sp, &ll, ':');
-
-	while (ll[0]) {
-	    w = ap_getword_conf(sp, &ll);
-	    if (!strcmp(w, user)) {
-		ap_table_setn(grps, ap_pstrdup(p, group_name), "in");
-		break;
-	    }
-	}
-    }
-    ap_cfg_closefile(f);
-    ap_destroy_pool(sp);
-    return grps;
-}
-
-/* These functions return 0 if client is OK, and proper error status
- * if not... either AUTH_REQUIRED, if we made a check, and it failed, or
- * SERVER_ERROR, if things are so totally confused that we couldn't
- * figure out how to tell if the client is authorized or not.
- *
- * If they return DECLINED, and all other modules also decline, that's
- * treated by the server core as a configuration error, logged and
- * reported as such.
- */
-
-/* Determine user ID, and check if it really is that user, for HTTP
- * basic authentication...
- */
-
-static int authenticate_basic_user(request_rec *r)
-{
-    auth_config_rec *sec =
-    (auth_config_rec *) ap_get_module_config(r->per_dir_config, &auth_module);
-    conn_rec *c = r->connection;
-    const char *sent_pw;
-    char *real_pw;
-    char *invalid_pw;
-    int res;
-
-    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
-	return res;
-
-    if (!sec->auth_pwfile)
-	return DECLINED;
-
-    if (!(real_pw = get_pw(r, c->user, sec->auth_pwfile))) {
-	if (!(sec->auth_authoritative))
-	    return DECLINED;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "user %s not found: %s", c->user, r->uri);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    invalid_pw = ap_validate_password(sent_pw, real_pw);
-    if (invalid_pw != NULL) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "user %s: authentication failure for \"%s\": %s",
-		      c->user, r->uri, invalid_pw);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    return OK;
-}
-
-/* Checking ID */
-
-static int check_user_access(request_rec *r)
-{
-    auth_config_rec *sec =
-    (auth_config_rec *) ap_get_module_config(r->per_dir_config, &auth_module);
-    char *user = r->connection->user;
-    int m = r->method_number;
-    int method_restricted = 0;
-    int x;
-    const char *t, *w;
-    table *grpstatus;
-    const array_header *reqs_arr = ap_requires(r);
-    require_line *reqs;
-
-    /* BUG FIX: tadc, 11-Nov-1995.  If there is no "requires" directive, 
-     * then any user will do.
-     */
-    if (reqs_arr == NULL) {
-	return (OK);
-    }
-    reqs = (require_line *) reqs_arr->elts;
-
-    if (sec->auth_grpfile) {
-	grpstatus = groups_for_user(r->pool, user, sec->auth_grpfile);
-    }
-    else {
-	grpstatus = NULL;
-    }
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-        if (! (reqs[x].method_mask & (1 << m))) {
-            continue;
-        }
-
-	method_restricted = 1;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-	if (strcmp(w, "valid-user") == 0) {
-	    return OK;
-        }
-        /*
-         * If requested, allow access if the user is valid and the
-         * owner of the document.
-         */
-	if (strcmp(w, "file-owner") == 0) {
-            struct passwd *pwent;
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                          "checking for 'owner' access for file '%s'",
-                          r->filename);
-            if (r->finfo.st_ino == 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "no stat info for '%s'", r->filename);
-                continue;
-            }
-            pwent = getpwuid(r->finfo.st_uid);
-            if (pwent == NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "no username for UID %d (owner of '%s')",
-                              r->finfo.st_uid, r->filename);
-            }
-            else {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "checking authenticated user '%s' "
-                              "against owner '%s' of '%s'",
-                              user, pwent->pw_name, r->filename);
-                if (strcmp(user, pwent->pw_name) == 0) {
-                    return OK;
-                }
-                else {
-                    continue;
-                }
-            }
-        }
-	if (strcmp(w, "file-group") == 0) {
-            struct group *grent;
-            if (sec->auth_grpfile == NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-                              "no AuthGroupFile, so 'file-group' "
-                              "requirement cannot succeed for file '%s'",
-                              r->filename);
-                continue;
-            }
-            if (grpstatus == NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
-                              "authenticated user '%s' not a member of "
-                              "any groups, so 'file-group' requirement "
-                              "cannot succeed for file '%s'",
-                              user, r->filename);
-                continue;
-            }
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                          "checking for 'group' access for file '%s'",
-                          r->filename);
-            if (r->finfo.st_ino == 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "no stat info for '%s'", r->filename);
-                continue;
-            }
-            grent = getgrgid(r->finfo.st_gid);
-            if (grent == NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "no group name for GID %d (owner of '%s')",
-                              r->finfo.st_gid, r->filename);
-            }
-            else {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "checking groups of authenticated user '%s' "
-                              "against owner group '%s' of '%s'",
-                              user, grent->gr_name, r->filename);
-                if (ap_table_get(grpstatus, grent->gr_name) != NULL) {
-                    return OK;
-                }
-                else {
-                    continue;
-                }
-            }
-        }
-	if (strcmp(w, "user") == 0) {
-	    while (t[0] != '\0') {
-		w = ap_getword_conf(r->pool, &t);
-		if (strcmp(user, w) == 0) {
-		    return OK;
-                }
-	    }
-	}
-	else if (strcmp(w, "group") == 0) {
-	    if (grpstatus == NULL) {
-		return DECLINED;	/* DBM group?  Something else? */
-            }
-
-	    while (t[0]) {
-		w = ap_getword_conf(r->pool, &t);
-		if (ap_table_get(grpstatus, w)) {
-		    return OK;
-                }
-	    }
-	}
-        else if (sec->auth_authoritative) {
-	    /* if we aren't authoritative, any require directive could be
-	     * valid even if we don't grok it.  However, if we are 
-	     * authoritative, we can warn the user they did something wrong.
-	     * That something could be a missing "AuthAuthoritative off", but
-	     * more likely is a typo in the require directive.
-	     */
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                          "access to %s failed, "
-                          "reason: unknown require directive:"
-                          "\"%s\"", r->uri, reqs[x].requirement);
-	}
-    }
-
-    if (! method_restricted) {
-	return OK;
-    }
-
-    if (! sec->auth_authoritative) {
-	return DECLINED;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                  "access to %s failed, reason: user %s not allowed access",
-                  r->uri, user);
-	
-    ap_note_basic_auth_failure(r);
-    return AUTH_REQUIRED;
-}
-
-module MODULE_VAR_EXPORT auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_auth_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    auth_cmds,			/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    authenticate_basic_user,	/* check_user_id */
-    check_user_access,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_anon.c b/usr.sbin/httpd/src/modules/standard/mod_auth_anon.c
deleted file mode 100644
index 7548c68557e..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_anon.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_auth: authentication
- * 
- * Rob McCool & Brian Behlendorf.
- * 
- * Adapted to Apache by rst.
- *
- * Version 0.5 May 1996
- *
- * Modified by Dirk.vanGulik@jrc.it to
- * 
- * Adapted to allow anonymous logins, just like with Anon-FTP, when
- * one gives the magic user name 'anonymous' and ones email address
- * as the password.
- *
- * Just add the following tokes to your <directory> setup:
- * 
- * Anonymous                    magic-user-id [magic-user-id]...
- *
- * Anonymous_MustGiveEmail      [ on | off ] default = on
- * Anonymous_LogEmail           [ on | off ] default = on
- * Anonymous_VerifyEmail        [ on | off ] default = off
- * Anonymous_NoUserId           [ on | off ] default = off
- * Anonymous_Authoritative      [ on | off ] default = off
- *
- * The magic user id is something like 'anonymous', it is NOT case sensitive. 
- * 
- * The MustGiveEmail flag can be used to force users to enter something
- * in the password field (like an email address). Default is on.
- *
- * Furthermore the 'NoUserID' flag can be set to allow completely empty
- * usernames in as well; this can be is convenient as a single return
- * in broken GUIs like W95 is often given by the user. The Default is off.
- *
- * Dirk.vanGulik@jrc.it; http://ewse.ceo.org; http://me-www.jrc.it/~dirkx
- * 
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h"
-
-typedef struct auth_anon {
-    char *password;
-    struct auth_anon *next;
-} auth_anon;
-
-typedef struct {
-
-    auth_anon *auth_anon_passwords;
-    int auth_anon_nouserid;
-    int auth_anon_logemail;
-    int auth_anon_verifyemail;
-    int auth_anon_mustemail;
-    int auth_anon_authoritative;
-
-} anon_auth_config_rec;
-
-static void *create_anon_auth_dir_config(pool *p, char *d)
-{
-    anon_auth_config_rec *sec = (anon_auth_config_rec *)
-    ap_pcalloc(p, sizeof(anon_auth_config_rec));
-
-    if (!sec)
-	return NULL;		/* no memory... */
-
-    /* just to illustrate the defaults really. */
-    sec->auth_anon_passwords = NULL;
-
-    sec->auth_anon_nouserid = 0;
-    sec->auth_anon_logemail = 1;
-    sec->auth_anon_verifyemail = 0;
-    sec->auth_anon_mustemail = 1;
-    sec->auth_anon_authoritative = 0;
-    return sec;
-}
-
-static const char *anon_set_passwd_flag(cmd_parms *cmd,
-				 anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_mustemail = arg;
-    return NULL;
-}
-
-static const char *anon_set_userid_flag(cmd_parms *cmd,
-				 anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_nouserid = arg;
-    return NULL;
-}
-static const char *anon_set_logemail_flag(cmd_parms *cmd,
-				   anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_logemail = arg;
-    return NULL;
-}
-static const char *anon_set_verifyemail_flag(cmd_parms *cmd,
-				      anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_verifyemail = arg;
-    return NULL;
-}
-static const char *anon_set_authoritative_flag(cmd_parms *cmd,
-					anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_authoritative = arg;
-    return NULL;
-}
-
-static const char *anon_set_string_slots(cmd_parms *cmd,
-				  anon_auth_config_rec * sec, char *arg)
-{
-
-    auth_anon *first;
-
-    if (!(*arg))
-	return "Anonymous string cannot be empty, use Anonymous_NoUserId instead";
-
-    /* squeeze in a record */
-    first = sec->auth_anon_passwords;
-
-    if (
-	   (!(sec->auth_anon_passwords = (auth_anon *) ap_palloc(cmd->pool, sizeof(auth_anon)))) ||
-           (!(sec->auth_anon_passwords->password = arg))
-    )
-	     return "Failed to claim memory for an anonymous password...";
-
-    /* and repair the next */
-    sec->auth_anon_passwords->next = first;
-
-    return NULL;
-}
-
-static const command_rec anon_auth_cmds[] =
-{
-    {"Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG, ITERATE,
-     "a space-separated list of user IDs"},
-    {"Anonymous_MustGiveEmail", anon_set_passwd_flag, NULL, OR_AUTHCFG, FLAG,
-     "Limited to 'on' or 'off'"},
-    {"Anonymous_NoUserId", anon_set_userid_flag, NULL, OR_AUTHCFG, FLAG,
-     "Limited to 'on' or 'off'"},
-{"Anonymous_VerifyEmail", anon_set_verifyemail_flag, NULL, OR_AUTHCFG, FLAG,
- "Limited to 'on' or 'off'"},
-    {"Anonymous_LogEmail", anon_set_logemail_flag, NULL, OR_AUTHCFG, FLAG,
-     "Limited to 'on' or 'off'"},
-    {"Anonymous_Authoritative", anon_set_authoritative_flag, NULL, OR_AUTHCFG, FLAG,
-     "Limited to 'on' or 'off'"},
-
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT anon_auth_module;
-
-static int anon_authenticate_basic_user(request_rec *r)
-{
-    anon_auth_config_rec *sec =
-    (anon_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					       &anon_auth_module);
-    conn_rec *c = r->connection;
-    const char *sent_pw;
-    int res = DECLINED;
-
-    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
-	return res;
-
-    /* Ignore if we are not configured */
-    if (!sec->auth_anon_passwords)
-	return DECLINED;
-
-    /* Do we allow an empty userID and/or is it the magic one
-     */
-
-    if ((!(c->user[0])) && (sec->auth_anon_nouserid)) {
-	res = OK;
-    }
-    else {
-	auth_anon *p = sec->auth_anon_passwords;
-	res = DECLINED;
-	while ((res == DECLINED) && (p != NULL)) {
-	    if (!(strcasecmp(c->user, p->password)))
-		res = OK;
-	    p = p->next;
-	}
-    }
-    if (
-    /* username is OK */
-	   (res == OK)
-    /* password been filled out ? */
-	   && ((!sec->auth_anon_mustemail) || strlen(sent_pw))
-    /* does the password look like an email address ? */
-	   && ((!sec->auth_anon_verifyemail)
-	       || ((strpbrk("@", sent_pw) != NULL)
-		   && (strpbrk(".", sent_pw) != NULL)))) {
-	if (sec->auth_anon_logemail && ap_is_initial_req(r)) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-			"Anonymous: Passwd <%s> Accepted",
-			sent_pw ? sent_pw : "\'none\'");
-	}
-	return OK;
-    }
-    else {
-	if (sec->auth_anon_authoritative) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"Anonymous: Authoritative, Passwd <%s> not accepted",
-			sent_pw ? sent_pw : "\'none\'");
-	    return AUTH_REQUIRED;
-	}
-	/* Drop out the bottom to return DECLINED */
-    }
-
-    return DECLINED;
-}
-
-static int check_anon_access(request_rec *r)
-{
-#ifdef NOTYET
-    conn_rec *c = r->connection;
-    anon_auth_config_rec *sec =
-    (anon_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					       &anon_auth_module);
-
-    if (!sec->auth_anon)
-	return DECLINED;
-
-    if (strcasecmp(r->connection->user, sec->auth_anon))
-	return DECLINED;
-
-    return OK;
-#endif
-    return DECLINED;
-}
-
-
-module MODULE_VAR_EXPORT anon_auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_anon_auth_dir_config,	/* dir config creater */
-    NULL,			/* dir merger ensure strictness */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    anon_auth_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    anon_authenticate_basic_user,	/* check_user_id */
-    check_anon_access,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_db.c b/usr.sbin/httpd/src/modules/standard/mod_auth_db.c
deleted file mode 100644
index b1b68a6b897..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_db.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/*	$OpenBSD: mod_auth_db.c,v 1.13 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_auth_db: authentication
- * 
- * Original work by Rob McCool & Brian Behlendorf.
- * 
- * Adapted to Apache by rst (mod_auth_dbm)
- *
- * Adapted for Berkeley DB by Andrew Cohen 
- *
- * mod_auth_db was based on mod_auth_dbm.
- * 
- * Warning, this is not a drop in replacement for mod_auth_dbm, 
- * for people wanting to switch from dbm to Berkeley DB.
- * It requires the use of AuthDBUserFile and AuthDBGroupFile
- *           instead of   AuthDBMUserFile    AuthDBMGroupFile
- *
- * Also, in the configuration file you need to specify
- *  db_auth_module rather than dbm_auth_module
- *
- * On some BSD systems (e.g. FreeBSD and NetBSD) dbm is automatically
- * mapped to Berkeley DB. You can use either mod_auth_dbm or
- * mod_auth_db. The latter makes it more obvious that it's Berkeley.
- * On other platforms where you want to use the DB library you
- * usually have to install it first. See http://www.sleepycat.com/
- * for the distribution. The interface this module uses is the
- * one from DB version 1.85 and 1.86, but DB version 2.x
- * can also be used when compatibility mode is enabled.
- *
- * dirkx - Added Authoritative control to allow passing on to lower  
- *         modules if and only if the user-id is not known to this
- *         module. A known user with a faulty or absent password still
- *         causes an AuthRequired. The default is 'Authoritative', i.e.
- *         no control is passed along.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include <db.h>
-
-#if defined(DB_VERSION_MAJOR)
-#if (DB_VERSION_MAJOR == 2)
-#define DB2
-#endif
-#if (DB_VERSION_MAJOR == 3)
-#define DB3
-#endif
-#if (DB_VERSION_MAJOR == 4)
-#define DB4
-#endif
-#endif
-
-typedef struct {
-
-    char *auth_dbpwfile;
-    char *auth_dbgrpfile;
-    int auth_dbauthoritative;
-} db_auth_config_rec;
-
-static void *create_db_auth_dir_config(pool *p, char *d)
-{
-    db_auth_config_rec *sec
-    = (db_auth_config_rec *) ap_pcalloc(p, sizeof(db_auth_config_rec));
-    sec->auth_dbpwfile = NULL;
-    sec->auth_dbgrpfile = NULL;
-    sec->auth_dbauthoritative = 1;	/* fortress is secure by default */
-    return sec;
-}
-
-static const char *set_db_slot(cmd_parms *cmd, void *offset, char *f, char *t)
-{
-    if (!t || strcmp(t, "db"))
-	return DECLINE_CMD;
-
-    return ap_set_file_slot(cmd, offset, f);
-}
-
-static const command_rec db_auth_cmds[] =
-{
-    {"AuthDBUserFile", ap_set_file_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbpwfile),
-     OR_AUTHCFG, TAKE1, NULL},
-    {"AuthDBGroupFile", ap_set_file_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbgrpfile),
-     OR_AUTHCFG, TAKE1, NULL},
-    {"AuthUserFile", set_db_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbpwfile),
-     OR_AUTHCFG, TAKE12, NULL},
-    {"AuthGroupFile", set_db_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbgrpfile),
-     OR_AUTHCFG, TAKE12, NULL},
-    {"AuthDBAuthoritative", ap_set_flag_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbauthoritative),
-     OR_AUTHCFG, FLAG,
-     "Set to 'no' to allow access control to be passed along to lower modules if the userID is not known to this module"},
-    {NULL}
-};
-
-module db_auth_module;
-
-static char *get_db_pw(request_rec *r, char *user, const char *auth_dbpwfile)
-{
-    DB *f;
-    DBT d, q;
-    char *pw = NULL;
-
-    memset(&d, 0, sizeof(d));
-    memset(&q, 0, sizeof(q));
-
-    q.data = user;
-    q.size = strlen(q.data);
-
-    ap_server_strip_chroot(auth_dbpwfile, 1);
-
-#if defined(DB3) || defined(DB4)
-    if (   db_create(&f, NULL, 0) != 0 
-        || f->open(f, auth_dbpwfile, NULL, DB_HASH, DB_RDONLY, 0664) != 0) {
-#elif defined(DB2)
-    if (db_open(auth_dbpwfile, DB_HASH, DB_RDONLY, 0664, NULL, NULL, &f) != 0) {
-#else
-    if (!(f = dbopen(auth_dbpwfile, O_RDONLY, 0664, DB_HASH, NULL))) {
-#endif
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "could not open db auth file: %s", auth_dbpwfile);
-	return NULL;
-    }
-
-#if defined(DB2) || defined(DB3) || defined(DB4)
-    if (!((f->get) (f, NULL, &q, &d, 0))) {
-#else
-    if (!((f->get) (f, &q, &d, 0))) {
-#endif
-	pw = ap_palloc(r->pool, d.size + 1);
-	strncpy(pw, d.data, d.size);
-	pw[d.size] = '\0';	/* Terminate the string */
-    }
-
-#if defined(DB2) || defined(DB3) || defined(DB4)
-    (f->close) (f, 0);
-#else
-    (f->close) (f);
-#endif
-    return pw;
-}
-
-/* We do something strange with the group file.  If the group file
- * contains any : we assume the format is
- *      key=username value=":"groupname [":"anything here is ignored]
- * otherwise we now (0.8.14+) assume that the format is
- *      key=username value=groupname
- * The first allows the password and group files to be the same 
- * physical DB file;   key=username value=password":"groupname[":"anything]
- *
- * mark@telescope.org, 22Sep95
- */
-
-static char *get_db_grp(request_rec *r, char *user, const char *auth_dbgrpfile)
-{
-    char *grp_data = get_db_pw(r, user, auth_dbgrpfile);
-    char *grp_colon;
-    char *grp_colon2;
-
-    if (grp_data == NULL)
-	return NULL;
-
-    if ((grp_colon = strchr(grp_data, ':')) != NULL) {
-	grp_colon2 = strchr(++grp_colon, ':');
-	if (grp_colon2)
-	    *grp_colon2 = '\0';
-	return grp_colon;
-    }
-    return grp_data;
-}
-
-static int db_authenticate_basic_user(request_rec *r)
-{
-    db_auth_config_rec *sec =
-    (db_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					     &db_auth_module);
-    conn_rec *c = r->connection;
-    const char *sent_pw;
-    char *real_pw, *colon_pw;
-    char *invalid_pw;
-    int res;
-
-    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
-	return res;
-
-    if (!sec->auth_dbpwfile)
-	return DECLINED;
-
-    if (!(real_pw = get_db_pw(r, c->user, sec->auth_dbpwfile))) {
-	if (!(sec->auth_dbauthoritative))
-	    return DECLINED;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "DB user %s not found: %s", c->user, r->filename);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    /* Password is up to first : if exists */
-    colon_pw = strchr(real_pw, ':');
-    if (colon_pw) {
-	*colon_pw = '\0';
-    }
-    invalid_pw = ap_validate_password(sent_pw, real_pw);
-    if (invalid_pw != NULL) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "DB user %s: authentication failure for \"%s\": %s",
-		      c->user, r->uri, invalid_pw);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    return OK;
-}
-
-/* Checking ID */
-
-static int db_check_auth(request_rec *r)
-{
-    db_auth_config_rec *sec =
-    (db_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					     &db_auth_module);
-    char *user = r->connection->user;
-    int m = r->method_number;
-
-    const array_header *reqs_arr = ap_requires(r);
-    require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
-
-    int x;
-    const char *t;
-    char *w;
-
-    if (!sec->auth_dbgrpfile)
-	return DECLINED;
-    if (!reqs_arr)
-	return DECLINED;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-	if (!(reqs[x].method_mask & (1 << m)))
-	    continue;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-
-	if (!strcmp(w, "group") && sec->auth_dbgrpfile) {
-	    const char *orig_groups, *groups;
-	    char *v;
-
-	    if (!(groups = get_db_grp(r, user, sec->auth_dbgrpfile))) {
-		if (!(sec->auth_dbauthoritative))
-		    return DECLINED;
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "user %s not in DB group file %s: %s",
-			    user, sec->auth_dbgrpfile, r->filename);
-		ap_note_basic_auth_failure(r);
-		return AUTH_REQUIRED;
-	    }
-	    orig_groups = groups;
-	    while (t[0]) {
-		w = ap_getword_white(r->pool, &t);
-		groups = orig_groups;
-		while (groups[0]) {
-		    v = ap_getword(r->pool, &groups, ',');
-		    if (!strcmp(v, w))
-			return OK;
-		}
-	    }
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"user %s not in right group: %s", user, r->filename);
-	    ap_note_basic_auth_failure(r);
-	    return AUTH_REQUIRED;
-	}
-    }
-
-    return DECLINED;
-}
-
-
-module db_auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_db_auth_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    db_auth_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    db_authenticate_basic_user,	/* check_user_id */
-    db_check_auth,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_db.module b/usr.sbin/httpd/src/modules/standard/mod_auth_db.module
deleted file mode 100644
index 1a903d6ae6a..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_db.module
+++ /dev/null
@@ -1,47 +0,0 @@
-Name: db_auth_module
-ConfigStart
-    DB_VERSION=''
-    DB_LIB=''
-    if sh ./helpers/TestCompile func db_create; then
-        DB_VERSION='Berkeley-DB/3.x'
-    elif sh ./helpers/TestCompile lib db db_create; then
-        DB_VERSION='Berkeley-DB/3.x'
-        DB_LIB='-ldb'
-    elif sh ./helpers/TestCompile func db_open; then
-        DB_VERSION='Berkeley-DB/2.x'
-    elif sh ./helpers/TestCompile lib db db_open; then
-        DB_VERSION='Berkeley-DB/2.x'
-        DB_LIB='-ldb'
-    elif sh ./helpers/TestCompile lib db2 db_open; then
-        DB_VERSION='Berkeley-DB/2.x'
-        DB_LIB='-ldb2'
-    elif sh ./helpers/TestCompile func dbopen; then
-        DB_VERSION='Berkeley-DB/1.x'
-    elif sh ./helpers/TestCompile lib db dbopen; then
-        DB_VERSION='Berkeley-DB/1.x'
-        DB_LIB='-ldb'
-    elif sh ./helpers/TestCompile lib db1 dbopen; then
-        DB_VERSION='Berkeley-DB/1.x'
-        DB_LIB='-ldb1'
-    elif TCADDINCL='#include <db.h>' INCLUDES1="$INCLUDES1 -I/usr/include/db1" TLIB="-ldb1" \
-         sh ./helpers/TestCompile func dbm_open; then
-        # For Red Hat 7
-        DB_VERSION='Berkeley-DB/1.x'
-        DB_LIB='-ldb1'
-        CFLAGS="$CFLAGS -I/usr/include/db1"
-    fi
-    if [ ".$DB_VERSION" != . ]; then
-        if [ ".$DB_LIB" != . ]; then
-            LIBS="$LIBS $DB_LIB"
-            echo "      using $DB_VERSION for mod_auth_db ($DB_LIB)"
-        else
-            echo "      using $DB_VERSION for mod_auth_db (-lc)"
-        fi
-    else
-        echo "Error: None of Berkeley-DB 1.x, 2.x or 3.x libraries found."
-        echo "       Either disable mod_auth_db or provide us with the paths"
-        echo "       to the Berkeley-DB include and library files."
-        echo "       (Hint: INCLUDES, LDFLAGS, LIBS)"
-        exit 1
-    fi
-ConfigEnd
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c b/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c
deleted file mode 100644
index 4cb355c0484..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*	$OpenBSD: mod_auth_dbm.c,v 1.14 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_auth: authentication
- * 
- * Rob McCool & Brian Behlendorf.
- * 
- * Adapted to Apache by rst.
- *
- * dirkx - Added Authoritative control to allow passing on to lower  
- *         modules if and only if the user-id is not known to this
- *         module. A known user with a faulty or absent password still
- *         causes an AuthRequired. The default is 'Authoritative', i.e.
- *         no control is passed along.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include <ndbm.h>
-
-/*
- * Module definition information - the part between the -START and -END
- * lines below is used by Configure. This could be stored in a separate
- * instead.
- *
- * MODULE-DEFINITION-START
- * Name: dbm_auth_module
- * ConfigStart
-    . ./helpers/find-dbm-lib
- * ConfigEnd
- * MODULE-DEFINITION-END
- */
-
-typedef struct {
-
-    char *auth_dbmpwfile;
-    char *auth_dbmgrpfile;
-    int auth_dbmauthoritative;
-
-} dbm_auth_config_rec;
-
-static void *create_dbm_auth_dir_config(pool *p, char *d)
-{
-    dbm_auth_config_rec *sec
-    = (dbm_auth_config_rec *) ap_pcalloc(p, sizeof(dbm_auth_config_rec));
-
-    sec->auth_dbmpwfile = NULL;
-    sec->auth_dbmgrpfile = NULL;
-    sec->auth_dbmauthoritative = 1;	/* fortress is secure by default */
-
-    return sec;
-}
-
-static const char *set_dbm_slot(cmd_parms *cmd, void *offset, char *f, char *t)
-{
-    if (!t || strcmp(t, "dbm"))
-	return DECLINE_CMD;
-
-    return ap_set_file_slot(cmd, offset, f);
-}
-
-static const command_rec dbm_auth_cmds[] =
-{
-    {"AuthDBMUserFile", ap_set_file_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmpwfile),
-     OR_AUTHCFG, TAKE1, NULL},
-    {"AuthDBMGroupFile", ap_set_file_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmgrpfile),
-     OR_AUTHCFG, TAKE1, NULL},
-    {"AuthUserFile", set_dbm_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmpwfile),
-     OR_AUTHCFG, TAKE12, NULL},
-    {"AuthGroupFile", set_dbm_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmgrpfile),
-     OR_AUTHCFG, TAKE12, NULL},
-    {"AuthDBMAuthoritative", ap_set_flag_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmauthoritative),
-     OR_AUTHCFG, FLAG, "Set to 'no' to allow access control to be passed along to lower modules, if the UserID is not known in this module"},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT dbm_auth_module;
-
-static char *get_dbm_pw(request_rec *r, char *user, char *auth_dbmpwfile)
-{
-    DBM *f;
-    datum d, q;
-    char *pw = NULL;
-
-    q.dptr = user;
-    q.dsize = strlen(q.dptr);
-
-    ap_server_strip_chroot(auth_dbmpwfile, 1);
-
-    if (!(f = dbm_open(auth_dbmpwfile, O_RDONLY, 0664))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "could not open dbm auth file: %s", auth_dbmpwfile);
-	return NULL;
-    }
-
-    d = dbm_fetch(f, q);
-
-    if (d.dptr) {
-	pw = ap_palloc(r->pool, d.dsize + 1);
-	strncpy(pw, d.dptr, d.dsize);
-	pw[d.dsize] = '\0';	/* Terminate the string */
-    }
-
-    dbm_close(f);
-    return pw;
-}
-
-/* We do something strange with the group file.  If the group file
- * contains any : we assume the format is
- *      key=username value=":"groupname [":"anything here is ignored]
- * otherwise we now (0.8.14+) assume that the format is
- *      key=username value=groupname
- * The first allows the password and group files to be the same 
- * physical DBM file;   key=username value=password":"groupname[":"anything]
- *
- * mark@telescope.org, 22Sep95
- */
-
-static char *get_dbm_grp(request_rec *r, char *user, char *auth_dbmgrpfile)
-{
-    char *grp_data = get_dbm_pw(r, user, auth_dbmgrpfile);
-    char *grp_colon;
-    char *grp_colon2;
-
-    if (grp_data == NULL)
-	return NULL;
-
-    if ((grp_colon = strchr(grp_data, ':')) != NULL) {
-	grp_colon2 = strchr(++grp_colon, ':');
-	if (grp_colon2)
-	    *grp_colon2 = '\0';
-	return grp_colon;
-    }
-    return grp_data;
-}
-
-static int dbm_authenticate_basic_user(request_rec *r)
-{
-    dbm_auth_config_rec *sec =
-    (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					      &dbm_auth_module);
-    conn_rec *c = r->connection;
-    const char *sent_pw;
-    char *real_pw, *colon_pw;
-    char *invalid_pw;
-    int res;
-
-    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
-	return res;
-
-    if (!sec->auth_dbmpwfile)
-	return DECLINED;
-
-    if (!(real_pw = get_dbm_pw(r, c->user, sec->auth_dbmpwfile))) {
-	if (!(sec->auth_dbmauthoritative))
-	    return DECLINED;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "DBM user %s not found: %s", c->user, r->filename);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    /* Password is up to first : if exists */
-    colon_pw = strchr(real_pw, ':');
-    if (colon_pw) {
-	*colon_pw = '\0';
-    }
-    invalid_pw = ap_validate_password(sent_pw, real_pw);
-    if (invalid_pw != NULL) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "DBM user %s: authentication failure for \"%s\": %s",
-		      c->user, r->uri, invalid_pw);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    return OK;
-}
-
-/* Checking ID */
-
-static int dbm_check_auth(request_rec *r)
-{
-    dbm_auth_config_rec *sec =
-    (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					      &dbm_auth_module);
-    char *user = r->connection->user;
-    int m = r->method_number;
-
-    const array_header *reqs_arr = ap_requires(r);
-    require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
-
-    int x;
-    const char *t;
-    char *w;
-
-    if (!sec->auth_dbmgrpfile)
-	return DECLINED;
-    if (!reqs_arr)
-	return DECLINED;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-	if (!(reqs[x].method_mask & (1 << m)))
-	    continue;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-
-	if (!strcmp(w, "group") && sec->auth_dbmgrpfile) {
-	    const char *orig_groups, *groups;
-	    char *v;
-
-	    if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
-		if (!(sec->auth_dbmauthoritative))
-		    return DECLINED;
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "user %s not in DBM group file %s: %s",
-			    user, sec->auth_dbmgrpfile, r->filename);
-		ap_note_basic_auth_failure(r);
-		return AUTH_REQUIRED;
-	    }
-	    orig_groups = groups;
-	    while (t[0]) {
-		w = ap_getword_white(r->pool, &t);
-		groups = orig_groups;
-		while (groups[0]) {
-		    v = ap_getword(r->pool, &groups, ',');
-		    if (!strcmp(v, w))
-			return OK;
-		}
-	    }
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"user %s not in right group: %s",
-			user, r->filename);
-	    ap_note_basic_auth_failure(r);
-	    return AUTH_REQUIRED;
-	}
-    }
-
-    return DECLINED;
-}
-
-
-module MODULE_VAR_EXPORT dbm_auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_dbm_auth_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    dbm_auth_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    dbm_authenticate_basic_user,	/* check_user_id */
-    dbm_check_auth,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_autoindex.c b/usr.sbin/httpd/src/modules/standard/mod_autoindex.c
deleted file mode 100644
index 1c7a976650a..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_autoindex.c
+++ /dev/null
@@ -1,1836 +0,0 @@
-/*	$OpenBSD: mod_autoindex.c,v 1.13 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_autoindex.c: Handles the on-the-fly html index generation
- * 
- * Rob McCool
- * 3/23/93
- * 
- * Adapted to Apache by rst.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_request.h"
-#include "http_protocol.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "util_script.h"
-#include "fnmatch.h"
-
-module MODULE_VAR_EXPORT autoindex_module;
-
-/****************************************************************
- *
- * Handling configuration directives...
- */
-
-#define HRULE 1
-#define NO_HRULE 0
-#define FRONT_MATTER 1
-#define END_MATTER 0
-
-#define FANCY_INDEXING 1	/* Indexing options */
-#define ICONS_ARE_LINKS 2
-#define SCAN_HTML_TITLES 4
-#define SUPPRESS_LAST_MOD 8
-#define SUPPRESS_SIZE 16
-#define SUPPRESS_DESC 32
-#define SUPPRESS_PREAMBLE 64
-#define SUPPRESS_COLSORT 128
-#define NO_OPTIONS 256
-#define FOLDERS_FIRST 512
-#define TRACK_MODIFIED 1024
-#define SORT_NOCASE 2048
-
-#define K_PAD 1
-#define K_NOPAD 0
-
-#define K_NOADJUST 0
-#define K_ADJUST 1
-#define K_UNSET 2
-
-/*
- * Define keys for sorting.
- */
-#define K_NAME 'N'		/* Sort by file name (default) */
-#define K_LAST_MOD 'M'		/* Last modification date */
-#define K_SIZE 'S'		/* Size (absolute, not as displayed) */
-#define K_DESC 'D'		/* Description */
-
-#define D_ASCENDING 'A'
-#define D_DESCENDING 'D'
-
-/*
- * These are the dimensions of the default icons supplied with Apache.
- */
-#define DEFAULT_ICON_WIDTH 20
-#define DEFAULT_ICON_HEIGHT 22
-
-/*
- * Other default dimensions.
- */
-#define DEFAULT_NAME_WIDTH 23
-#define DEFAULT_DESC_WIDTH 23
-
-struct item {
-    char *type;
-    char *apply_to;
-    char *apply_path;
-    char *data;
-};
-
-typedef struct ai_desc_t {
-    char *pattern;
-    char *description;
-    int full_path;
-    int wildcards;
-} ai_desc_t;
-
-typedef struct autoindex_config_struct {
-    char *default_icon;
-    int opts;
-    int incremented_opts;
-    int decremented_opts;
-    int name_width;
-    int name_adjust;
-    int desc_width;
-    int desc_adjust;
-    int icon_width;
-    int icon_height;
-    char *default_order;
-
-    array_header *icon_list;
-    array_header *alt_list;
-    array_header *desc_list;
-    array_header *ign_list;
-    array_header *hdr_list;
-    array_header *rdme_list;
-
-} autoindex_config_rec;
-
-static char c_by_encoding, c_by_type, c_by_path;
-
-#define BY_ENCODING &c_by_encoding
-#define BY_TYPE &c_by_type
-#define BY_PATH &c_by_path
-
-/*
- * Return true if the specified string refers to the parent directory (i.e.,
- * matches ".." or "../").  Hopefully this one call is significantly less
- * expensive than multiple strcmp() calls.
- */
-static ap_inline int is_parent(const char *name)
-{
-    /*
-     * Now, IFF the first two bytes are dots, and the third byte is either
-     * EOS (\0) or a slash followed by EOS, we have a match.
-     */
-    if (((name[0] == '.') && (name[1] == '.'))
-	&& ((name[2] == '\0')
-	    || ((name[2] == '/') && (name[3] == '\0')))) {
-        return 1;
-    }
-    return 0;
-}
-
-/*
- * This routine puts the standard HTML header at the top of the index page.
- * We include the DOCTYPE because we may be using features therefrom (i.e.,
- * HEIGHT and WIDTH attributes on the icons if we're FancyIndexing).
- */
-static void emit_preamble(request_rec *r, char *title)
-{
-    ap_rvputs(r, DOCTYPE_HTML_3_2,
-	      "<HTML>\n <HEAD>\n  <TITLE>Index of ", title,
-	      "</TITLE>\n </HEAD>\n <BODY>\n", NULL);
-}
-
-static void push_item(array_header *arr, char *type, char *to, char *path,
-		      char *data)
-{
-    struct item *p = (struct item *) ap_push_array(arr);
-
-    if (!to) {
-	to = "";
-    }
-    if (!path) {
-	path = "";
-    }
-
-    p->type = type;
-    p->data = data ? ap_pstrdup(arr->pool, data) : NULL;
-    p->apply_path = ap_pstrcat(arr->pool, path, "*", NULL);
-
-    if ((type == BY_PATH) && (!ap_is_matchexp(to))) {
-	p->apply_to = ap_pstrcat(arr->pool, "*", to, NULL);
-    }
-    else if (to) {
-	p->apply_to = ap_pstrdup(arr->pool, to);
-    }
-    else {
-	p->apply_to = NULL;
-    }
-}
-
-static const char *add_alt(cmd_parms *cmd, void *d, char *alt, char *to)
-{
-    if (cmd->info == BY_PATH) {
-        if (!strcmp(to, "**DIRECTORY**")) {
-	    to = "^^DIRECTORY^^";
-	}
-    }
-    if (cmd->info == BY_ENCODING) {
-	ap_str_tolower(to);
-    }
-
-    push_item(((autoindex_config_rec *) d)->alt_list, cmd->info, to,
-	      cmd->path, alt);
-    return NULL;
-}
-
-static const char *add_icon(cmd_parms *cmd, void *d, char *icon, char *to)
-{
-    char *iconbak = ap_pstrdup(cmd->pool, icon);
-
-    if (icon[0] == '(') {
-	char *alt;
-	char *cl = strchr(iconbak, ')');
-
-	if (cl == NULL) {
-	    return "missing closing paren";
-	}
-	alt = ap_getword_nc(cmd->pool, &iconbak, ',');
-	*cl = '\0';				/* Lose closing paren */
-	add_alt(cmd, d, &alt[1], to);
-    }
-    if (cmd->info == BY_PATH) {
-        if (!strcmp(to, "**DIRECTORY**")) {
-	    to = "^^DIRECTORY^^";
-	}
-    }
-    if (cmd->info == BY_ENCODING) {
-	ap_str_tolower(to);
-    }
-
-    push_item(((autoindex_config_rec *) d)->icon_list, cmd->info, to,
-	      cmd->path, iconbak);
-    return NULL;
-}
-
-/*
- * Add description text for a filename pattern.  If the pattern has
- * wildcards already (or we need to add them), add leading and
- * trailing wildcards to it to ensure substring processing.  If the
- * pattern contains a '/' anywhere, force wildcard matching mode,
- * add a slash to the prefix so that "bar/bletch" won't be matched
- * by "foobar/bletch", and make a note that there's a delimiter;
- * the matching routine simplifies to just the actual filename
- * whenever it can.  This allows definitions in parent directories
- * to be made for files in subordinate ones using relative paths.
- */
-
-/*
- * Absent a strcasestr() function, we have to force wildcards on
- * systems for which "AAA" and "aaa" mean the same file.
- */
-#define WILDCARDS_REQUIRED 0
-
-static const char *add_desc(cmd_parms *cmd, void *d, char *desc, char *to)
-{
-    autoindex_config_rec *dcfg = (autoindex_config_rec *) d;
-    ai_desc_t *desc_entry;
-    char *prefix = "";
-
-    desc_entry = (ai_desc_t *) ap_push_array(dcfg->desc_list);
-    desc_entry->full_path = (strchr(to, '/') == NULL) ? 0 : 1;
-    desc_entry->wildcards = (WILDCARDS_REQUIRED
-			     || desc_entry->full_path
-			     || ap_is_fnmatch(to));
-    if (desc_entry->wildcards) {
-	prefix = desc_entry->full_path ? "*/" : "*";
-	desc_entry->pattern = ap_pstrcat(dcfg->desc_list->pool,
-					 prefix, to, "*", NULL);
-    }
-    else {
-	desc_entry->pattern = ap_pstrdup(dcfg->desc_list->pool, to);
-    }
-    desc_entry->description = ap_pstrdup(dcfg->desc_list->pool, desc);
-    return NULL;
-}
-
-static const char *add_ignore(cmd_parms *cmd, void *d, char *ext)
-{
-    push_item(((autoindex_config_rec *) d)->ign_list, 0, ext, cmd->path, NULL);
-    return NULL;
-}
-
-static const char *add_header(cmd_parms *cmd, void *d, char *name)
-{
-    push_item(((autoindex_config_rec *) d)->hdr_list, 0, NULL, cmd->path,
-	      name);
-    return NULL;
-}
-
-static const char *add_readme(cmd_parms *cmd, void *d, char *name)
-{
-    push_item(((autoindex_config_rec *) d)->rdme_list, 0, NULL, cmd->path,
-	      name);
-    return NULL;
-}
-
-/* A legacy directive, FancyIndexing is superseded by the IndexOptions
- * keyword.  But for compatibility..
- */
-static const char *fancy_indexing(cmd_parms *cmd, void *d, int arg)
-{
-    int curopts;
-    int newopts;
-    autoindex_config_rec *cfg;
-
-    cfg = (autoindex_config_rec *) d;
-    curopts = cfg->opts;
-    if (curopts & NO_OPTIONS) {
-	return "FancyIndexing directive conflicts with existing "
-	       "IndexOptions None";
-    }
-    newopts = (arg ? (curopts | FANCY_INDEXING) : (curopts & ~FANCY_INDEXING));
-    cfg->opts = newopts;
-    return NULL;
-}
-
-static const char *add_opts(cmd_parms *cmd, void *d, const char *optstr)
-{
-    char *w;
-    int opts;
-    int opts_add;
-    int opts_remove;
-    char action;
-    autoindex_config_rec *d_cfg = (autoindex_config_rec *) d;
-
-    opts = d_cfg->opts;
-    opts_add = d_cfg->incremented_opts;
-    opts_remove = d_cfg->decremented_opts;
-    while (optstr[0]) {
-	int option = 0;
-
-	w = ap_getword_conf(cmd->pool, &optstr);
-	if ((*w == '+') || (*w == '-')) {
-	    action = *(w++);
-	}
-	else {
-	    action = '\0';
-	}
-	if (!strcasecmp(w, "FancyIndexing")) {
-	    option = FANCY_INDEXING;
-	}
-	else if (!strcasecmp(w, "IconsAreLinks")) {
-	    option = ICONS_ARE_LINKS;
-	}
-	else if (!strcasecmp(w, "ScanHTMLTitles")) {
-	    option = SCAN_HTML_TITLES;
-	}
-	else if (!strcasecmp(w, "SuppressLastModified")) {
-	    option = SUPPRESS_LAST_MOD;
-	}
-	else if (!strcasecmp(w, "SuppressSize")) {
-	    option = SUPPRESS_SIZE;
-	}
-	else if (!strcasecmp(w, "SuppressDescription")) {
-	    option = SUPPRESS_DESC;
-	}
-	else if (!strcasecmp(w, "SuppressHTMLPreamble")) {
-	    option = SUPPRESS_PREAMBLE;
-	}
-        else if (!strcasecmp(w, "SuppressColumnSorting")) {
-            option = SUPPRESS_COLSORT;
-	}
-        else if (!strcasecmp(w, "FoldersFirst")) {
-            option = FOLDERS_FIRST;
-	}
-	else if (!strcasecmp(w, "TrackModified")) {
-            option = TRACK_MODIFIED;
-	}
-	else if (!strcasecmp(w, "IgnoreCase")) {
-            option = SORT_NOCASE;
-	}
-        else if (!strcasecmp(w, "None")) {
-	    if (action != '\0') {
-		return "Cannot combine '+' or '-' with 'None' keyword";
-	    }
-	    opts = NO_OPTIONS;
-	    opts_add = 0;
-	    opts_remove = 0;
-	}
-	else if (!strcasecmp(w, "IconWidth")) {
-	    if (action != '-') {
-		d_cfg->icon_width = DEFAULT_ICON_WIDTH;
-	    }
-	    else {
-		d_cfg->icon_width = 0;
-	    }
-	}
-	else if (!strncasecmp(w, "IconWidth=", 10)) {
-	    if (action == '-') {
-		return "Cannot combine '-' with IconWidth=n";
-	    }
-	    d_cfg->icon_width = atoi(&w[10]);
-	}
-	else if (!strcasecmp(w, "IconHeight")) {
-	    if (action != '-') {
-		d_cfg->icon_height = DEFAULT_ICON_HEIGHT;
-	    }
-	    else {
-		d_cfg->icon_height = 0;
-	    }
-	}
-	else if (!strncasecmp(w, "IconHeight=", 11)) {
-	    if (action == '-') {
-		return "Cannot combine '-' with IconHeight=n";
-	    }
-	    d_cfg->icon_height = atoi(&w[11]);
-	}
-	else if (!strcasecmp(w, "NameWidth")) {
-	    if (action != '-') {
-		return "NameWidth with no value may only appear as "
-		       "'-NameWidth'";
-	    }
-	    d_cfg->name_width = DEFAULT_NAME_WIDTH;
-	    d_cfg->name_adjust = K_NOADJUST;
-	}
-	else if (!strncasecmp(w, "NameWidth=", 10)) {
-	    if (action == '-') {
-		return "Cannot combine '-' with NameWidth=n";
-	    }
-	    if (w[10] == '*') {
-		d_cfg->name_adjust = K_ADJUST;
-	    }
-	    else {
-		int width = atoi(&w[10]);
-
-		if (width < 5) {
-		    return "NameWidth value must be greater than 5";
-		}
-		d_cfg->name_width = width;
-		d_cfg->name_adjust = K_NOADJUST;
-	    }
-	}
-	else if (!strcasecmp(w, "DescriptionWidth")) {
-	    if (action != '-') {
-		return "DescriptionWidth with no value may only appear as "
-		       "'-DescriptionWidth'";
-	    }
-	    d_cfg->desc_width = DEFAULT_DESC_WIDTH;
-	    d_cfg->desc_adjust = K_NOADJUST;
-	}
-	else if (!strncasecmp(w, "DescriptionWidth=", 17)) {
-	    if (action == '-') {
-		return "Cannot combine '-' with DescriptionWidth=n";
-	    }
-	    if (w[17] == '*') {
-		d_cfg->desc_adjust = K_ADJUST;
-	    }
-	    else {
-		int width = atoi(&w[17]);
-
-		if (width < 12) {
-		    return "DescriptionWidth value must be greater than 12";
-		}
-		d_cfg->desc_width = width;
-		d_cfg->desc_adjust = K_NOADJUST;
-	    }
-	}
-        else {
-	    return "Invalid directory indexing option";
-	}
-	if (action == '\0') {
-	    opts |= option;
-	    opts_add = 0;
-	    opts_remove = 0;
-	}
-	else if (action == '+') {
-	    opts_add |= option;
-	    opts_remove &= ~option;
-	}
-	else {
-	    opts_remove |= option;
-	    opts_add &= ~option;
-	}
-    }
-    if ((opts & NO_OPTIONS) && (opts & ~NO_OPTIONS)) {
-	return "Cannot combine other IndexOptions keywords with 'None'";
-    }
-    d_cfg->incremented_opts = opts_add;
-    d_cfg->decremented_opts = opts_remove;
-    d_cfg->opts = opts;
-    return NULL;
-}
-
-static const char *set_default_order(cmd_parms *cmd, void *m, char *direction,
-				     char *key)
-{
-    char temp[4];
-    autoindex_config_rec *d_cfg = (autoindex_config_rec *) m;
-
-    ap_cpystrn(temp, "k=d", sizeof(temp));
-    if (!strcasecmp(direction, "Ascending")) {
-	temp[2] = D_ASCENDING;
-    }
-    else if (!strcasecmp(direction, "Descending")) {
-	temp[2] = D_DESCENDING;
-    }
-    else {
-	return "First keyword must be 'Ascending' or 'Descending'";
-    }
-
-    if (!strcasecmp(key, "Name")) {
-	temp[0] = K_NAME;
-    }
-    else if (!strcasecmp(key, "Date")) {
-	temp[0] = K_LAST_MOD;
-    }
-    else if (!strcasecmp(key, "Size")) {
-	temp[0] = K_SIZE;
-    }
-    else if (!strcasecmp(key, "Description")) {
-	temp[0] = K_DESC;
-    }
-    else {
-	return "Second keyword must be 'Name', 'Date', 'Size', or "
-	    "'Description'";
-    }
-
-    if (d_cfg->default_order == NULL) {
-	d_cfg->default_order = ap_palloc(cmd->pool, 4);
-	d_cfg->default_order[3] = '\0';
-    }
-    ap_cpystrn(d_cfg->default_order, temp, sizeof(temp));
-    return NULL;
-}
-
-#define DIR_CMD_PERMS OR_INDEXES
-
-static const command_rec autoindex_cmds[] =
-{
-    {"AddIcon", add_icon, BY_PATH, DIR_CMD_PERMS, ITERATE2,
-     "an icon URL followed by one or more filenames"},
-    {"AddIconByType", add_icon, BY_TYPE, DIR_CMD_PERMS, ITERATE2,
-     "an icon URL followed by one or more MIME types"},
-    {"AddIconByEncoding", add_icon, BY_ENCODING, DIR_CMD_PERMS, ITERATE2,
-     "an icon URL followed by one or more content encodings"},
-    {"AddAlt", add_alt, BY_PATH, DIR_CMD_PERMS, ITERATE2,
-     "alternate descriptive text followed by one or more filenames"},
-    {"AddAltByType", add_alt, BY_TYPE, DIR_CMD_PERMS, ITERATE2,
-     "alternate descriptive text followed by one or more MIME types"},
-    {"AddAltByEncoding", add_alt, BY_ENCODING, DIR_CMD_PERMS, ITERATE2,
-     "alternate descriptive text followed by one or more content encodings"},
-    {"IndexOptions", add_opts, NULL, DIR_CMD_PERMS, RAW_ARGS,
-     "one or more index options"},
-    {"IndexOrderDefault", set_default_order, NULL, DIR_CMD_PERMS, TAKE2,
-     "{Ascending,Descending} {Name,Size,Description,Date}"},
-    {"IndexIgnore", add_ignore, NULL, DIR_CMD_PERMS, ITERATE,
-     "one or more file extensions"},
-    {"AddDescription", add_desc, BY_PATH, DIR_CMD_PERMS, ITERATE2,
-     "Descriptive text followed by one or more filenames"},
-    {"HeaderName", add_header, NULL, DIR_CMD_PERMS, TAKE1, "a filename"},
-    {"ReadmeName", add_readme, NULL, DIR_CMD_PERMS, TAKE1, "a filename"},
-    {"FancyIndexing", fancy_indexing, NULL, DIR_CMD_PERMS, FLAG,
-     "Limited to 'on' or 'off' (superseded by IndexOptions FancyIndexing)"},
-    {"DefaultIcon", ap_set_string_slot,
-     (void *) XtOffsetOf(autoindex_config_rec, default_icon),
-     DIR_CMD_PERMS, TAKE1, "an icon URL"},
-    {NULL}
-};
-
-static void *create_autoindex_config(pool *p, char *dummy)
-{
-    autoindex_config_rec *new =
-    (autoindex_config_rec *) ap_pcalloc(p, sizeof(autoindex_config_rec));
-
-    new->icon_width = 0;
-    new->icon_height = 0;
-    new->name_width = DEFAULT_NAME_WIDTH;
-    new->name_adjust = K_UNSET;
-    new->desc_width = DEFAULT_DESC_WIDTH;
-    new->desc_adjust = K_UNSET;
-    new->icon_list = ap_make_array(p, 4, sizeof(struct item));
-    new->alt_list = ap_make_array(p, 4, sizeof(struct item));
-    new->desc_list = ap_make_array(p, 4, sizeof(ai_desc_t));
-    new->ign_list = ap_make_array(p, 4, sizeof(struct item));
-    new->hdr_list = ap_make_array(p, 4, sizeof(struct item));
-    new->rdme_list = ap_make_array(p, 4, sizeof(struct item));
-    new->opts = 0;
-    new->incremented_opts = 0;
-    new->decremented_opts = 0;
-    new->default_order = NULL;
-
-    return (void *) new;
-}
-
-static void *merge_autoindex_configs(pool *p, void *basev, void *addv)
-{
-    autoindex_config_rec *new;
-    autoindex_config_rec *base = (autoindex_config_rec *) basev;
-    autoindex_config_rec *add = (autoindex_config_rec *) addv;
-
-    new = (autoindex_config_rec *) ap_pcalloc(p, sizeof(autoindex_config_rec));
-    new->default_icon = add->default_icon ? add->default_icon
-                                          : base->default_icon;
-    new->icon_height = add->icon_height ? add->icon_height : base->icon_height;
-    new->icon_width = add->icon_width ? add->icon_width : base->icon_width;
-
-    new->alt_list = ap_append_arrays(p, add->alt_list, base->alt_list);
-    new->ign_list = ap_append_arrays(p, add->ign_list, base->ign_list);
-    new->hdr_list = ap_append_arrays(p, add->hdr_list, base->hdr_list);
-    new->desc_list = ap_append_arrays(p, add->desc_list, base->desc_list);
-    new->icon_list = ap_append_arrays(p, add->icon_list, base->icon_list);
-    new->rdme_list = ap_append_arrays(p, add->rdme_list, base->rdme_list);
-    if (add->opts & NO_OPTIONS) {
-	/*
-	 * If the current directory says 'no options' then we also
-	 * clear any incremental mods from being inheritable further down.
-	 */
-	new->opts = NO_OPTIONS;
-	new->incremented_opts = 0;
-	new->decremented_opts = 0;
-    }
-    else {
-	/*
-	 * If there were any non-incremental options selected for
-	 * this directory, they dominate and we don't inherit *anything.*
-	 * Contrariwise, we *do* inherit if the only settings here are
-	 * incremental ones.
-	 */
-	if (add->opts == 0) {
-	    new->incremented_opts = (base->incremented_opts 
-				     | add->incremented_opts)
-		                    & ~add->decremented_opts;
-	    new->decremented_opts = (base->decremented_opts
-				     | add->decremented_opts);
-	    /*
-	     * We may have incremental settings, so make sure we don't
-	     * inadvertently inherit an IndexOptions None from above.
-	     */
-	    new->opts = (base->opts & ~NO_OPTIONS);
-	}
-	else {
-	    /*
-	     * There are local non-incremental settings, which clear
-	     * all inheritance from above.  They *are* the new base settings.
-	     */
-	    new->opts = add->opts;
-	}
-	/*
-	 * We're guaranteed that there'll be no overlap between
-	 * the add-options and the remove-options.
-	 */
-	new->opts |= new->incremented_opts;
-	new->opts &= ~new->decremented_opts;
-    }
-    /*
-     * Inherit the NameWidth settings if there aren't any specific to
-     * the new location; otherwise we'll end up using the defaults set in the
-     * config-rec creation routine.
-     */
-    if (add->name_adjust == K_UNSET) {
-	new->name_width = base->name_width;
-	new->name_adjust = base->name_adjust;
-    }
-    else {
-	new->name_width = add->name_width;
-	new->name_adjust = add->name_adjust;
-    }
-    /*
-     * Likewise for DescriptionWidth.
-     */
-    if (add->desc_adjust == K_UNSET) {
-	new->desc_width = base->desc_width;
-	new->desc_adjust = base->desc_adjust;
-    }
-    else {
-	new->desc_width = add->desc_width;
-	new->desc_adjust = add->desc_adjust;
-    }
-
-    new->default_order = (add->default_order != NULL)
-	? add->default_order : base->default_order;
-    return new;
-}
-
-/****************************************************************
- *
- * Looking things up in config entries...
- */
-
-/* Structure used to hold entries when we're actually building an index */
-
-struct ent {
-    char *name;
-    char *icon;
-    char *alt;
-    char *desc;
-    off_t size;
-    time_t lm;
-    struct ent *next;
-    int ascending;
-    int isdir;
-    int checkdir;
-    int ignorecase;
-    char key;
-};
-
-static char *find_item(request_rec *r, array_header *list, int path_only)
-{
-    const char *content_type = ap_field_noparam(r->pool, r->content_type);
-    const char *content_encoding = r->content_encoding;
-    char *path = r->filename;
-
-    struct item *items = (struct item *) list->elts;
-    int i;
-
-    for (i = 0; i < list->nelts; ++i) {
-	struct item *p = &items[i];
-
-	/* Special cased for ^^DIRECTORY^^ and ^^BLANKICON^^ */
-	if ((path[0] == '^') || (!ap_strcmp_match(path, p->apply_path))) {
-	    if (!*(p->apply_to)) {
-		return p->data;
-	    }
-	    else if (p->type == BY_PATH || path[0] == '^') {
-	        if (!ap_strcmp_match(path, p->apply_to)) {
-		    return p->data;
-		}
-	    }
-	    else if (!path_only) {
-		if (!content_encoding) {
-		    if (p->type == BY_TYPE) {
-			if (content_type
-			    && !ap_strcasecmp_match(content_type,
-						    p->apply_to)) {
-			    return p->data;
-			}
-		    }
-		}
-		else {
-		    if (p->type == BY_ENCODING) {
-			if (!ap_strcasecmp_match(content_encoding,
-						 p->apply_to)) {
-			    return p->data;
-			}
-		    }
-		}
-	    }
-	}
-    }
-    return NULL;
-}
-
-#define find_icon(d,p,t) find_item(p,d->icon_list,t)
-#define find_alt(d,p,t) find_item(p,d->alt_list,t)
-#define find_header(d,p) find_item(p,d->hdr_list,0)
-#define find_readme(d,p) find_item(p,d->rdme_list,0)
-
-static char *find_default_icon(autoindex_config_rec *d, char *bogus_name)
-{
-    request_rec r;
-
-    /* Bleah.  I tried to clean up find_item, and it lead to this bit
-     * of ugliness.   Note that the fields initialized are precisely
-     * those that find_item looks at...
-     */
-
-    r.filename = bogus_name;
-    r.content_type = r.content_encoding = NULL;
-
-    return find_item(&r, d->icon_list, 1);
-}
-
-/*
- * Look through the list of pattern/description pairs and return the first one
- * if any) that matches the filename in the request.  If multiple patterns
- * match, only the first one is used; since the order in the array is the
- * same as the order in which directives were processed, earlier matching
- * directives will dominate.
- */
-
-#define MATCH_FLAGS 0
-
-static char *find_desc(autoindex_config_rec *dcfg, request_rec *r)
-{
-    int i;
-    ai_desc_t *list = (ai_desc_t *) dcfg->desc_list->elts;
-    const char *filename_full = r->filename;
-    const char *filename_only;
-    const char *filename;
-
-    /*
-     * If the filename includes a path, extract just the name itself
-     * for the simple matches.
-     */
-    if ((filename_only = strrchr(filename_full, '/')) == NULL) {
-	filename_only = filename_full;
-    }
-    else {
-	filename_only++;
-    }
-    for (i = 0; i < dcfg->desc_list->nelts; ++i) {
-	ai_desc_t *tuple = &list[i];
-	int found;
-
-	/*
-	 * Only use the full-path filename if the pattern contains '/'s.
-	 */
-	filename = (tuple->full_path) ? filename_full : filename_only;
-	/*
-	 * Make the comparison using the cheapest method; only do
-	 * wildcard checking if we must.
-	 */
-	if (tuple->wildcards) {
-	    found = (ap_fnmatch(tuple->pattern, filename, MATCH_FLAGS) == 0);
-	}
-	else {
-	    found = (strstr(filename, tuple->pattern) != NULL);
-	}
-	if (found) {
-	    return tuple->description;
-	}
-    }
-    return NULL;
-}
-
-static int ignore_entry(autoindex_config_rec *d, char *path)
-{
-    array_header *list = d->ign_list;
-    struct item *items = (struct item *) list->elts;
-    char *tt;
-    int i;
-
-    if ((tt = strrchr(path, '/')) == NULL) {
-	tt = path;
-    }
-    else {
-	tt++;
-    }
-
-    for (i = 0; i < list->nelts; ++i) {
-	struct item *p = &items[i];
-	char *ap;
-
-	if ((ap = strrchr(p->apply_to, '/')) == NULL) {
-	    ap = p->apply_to;
-	}
-	else {
-	    ap++;
-	}
-
-	if (!ap_strcmp_match(path, p->apply_path)
-	    && !ap_strcmp_match(tt, ap)) {
-	    return 1;
-	}
-    }
-    return 0;
-}
-
-/*****************************************************************
- *
- * Actually generating output
- */
-
-/*
- * Elements of the emitted document:
- *	Preamble
- *		Emitted unless SUPPRESS_PREAMBLE is set AND ap_run_sub_req
- *		succeeds for the (content_type == text/html) header file.
- *	Header file
- *		Emitted if found (and able).
- *	H1 tag line
- *		Emitted if a header file is NOT emitted.
- *	Directory stuff
- *		Always emitted.
- *	HR
- *		Emitted if FANCY_INDEXING is set.
- *	Readme file
- *		Emitted if found (and able).
- *	ServerSig
- *		Emitted if ServerSignature is not Off AND a readme file
- *		is NOT emitted.
- *	Postamble
- *		Emitted unless SUPPRESS_PREAMBLE is set AND ap_run_sub_req
- *		succeeds for the (content_type == text/html) readme file.
- */
-
-
-/*
- * emit a plain text file
- */
-static void do_emit_plain(request_rec *r, FILE *f)
-{
-    char buf[IOBUFSIZE + 1];
-    int i, n, c, ch;
-
-    ap_rputs("<PRE>\n", r);
-    while (!feof(f)) {
-	do {
-	    n = fread(buf, sizeof(char), IOBUFSIZE, f);
-	}
-	while (n == -1 && ferror(f) && errno == EINTR);
-	if (n == -1 || n == 0) {
-	    break;
-	}
-	buf[n] = '\0';
-	c = 0;
-	while (c < n) {
-	    for (i = c; i < n; i++) {
-		if (buf[i] == '<' || buf[i] == '>' || buf[i] == '&') {
-		    break;
-		}
-	    }
-	    ch = buf[i];
-	    buf[i] = '\0';
-	    ap_rputs(&buf[c], r);
-	    if (ch == '<') {
-		ap_rputs("&lt;", r);
-	    }
-	    else if (ch == '>') {
-		ap_rputs("&gt;", r);
-	    }
-	    else if (ch == '&') {
-		ap_rputs("&amp;", r);
-	    }
-	    c = i + 1;
-	}
-    }
-    ap_rputs("</PRE>\n", r);
-}
-
-/* See mod_include */
-#define SUB_REQ_STRING	"Sub request to mod_include"
-#define PARENT_STRING	"Parent request to mod_include"
-
-/*
- * Handle the preamble through the H1 tag line, inclusive.  Locate
- * the file with a subrequests.  Process text/html documents by actually
- * running the subrequest; text/xxx documents get copied verbatim,
- * and any other content type is ignored.  This means that a non-text
- * document (such as HEADER.gif) might get multiviewed as the result
- * instead of a text document, meaning nothing will be displayed, but
- * oh well.
- */
-static void emit_head(request_rec *r, char *header_fname, int suppress_amble,
-		      char *title)
-{
-    FILE *f;
-    request_rec *rr = NULL;
-    int emit_amble = 1;
-    int emit_H1 = 1;
-    const char *r_accept;
-    const char *r_accept_enc;
-    table *hdrs = r->headers_in;
-
-    /*
-     * If there's a header file, send a subrequest to look for it.  If it's
-     * found and html do the subrequest, otherwise handle it
-     */
-    r_accept = ap_table_get(hdrs, "Accept");
-    r_accept_enc = ap_table_get(hdrs, "Accept-Encoding");
-    ap_table_setn(hdrs, "Accept", "text/html, text/plain;q=.5, text/*;q=.1");
-    ap_table_unset(hdrs, "Accept-Encoding");
-
-    /*
-     * If there's a header file, send a subrequest to look for it.  If it's
-     * found and a text file, handle it -- otherwise fall through and
-     * pretend there's nothing there.
-     */
-    if ((header_fname != NULL)
-	&& (rr = ap_sub_req_lookup_uri(header_fname, r))
-	&& (rr->status == HTTP_OK)
-	&& (rr->filename != NULL)
-	&& S_ISREG(rr->finfo.st_mode)) {
-	/*
-	 * Check for the two specific cases we allow: text/html and
-	 * text/anything-else.  The former is allowed to be processed for
-	 * SSIs.
-	 */
-	if (rr->content_type != NULL) {
-	    if (!strcasecmp(ap_field_noparam(r->pool, rr->content_type),
-			    "text/html")) {
-		/* Hope everything will work... */
-		emit_amble = 0;
-		emit_H1 = 0;
-
-		if (! suppress_amble) {
-		    emit_preamble(r, title);
-		}
-
-		/* See mod_include */
-		ap_table_add(r->notes, PARENT_STRING, "");
-		ap_table_add(rr->notes, SUB_REQ_STRING, "");
-
-		/*
-		 * If there's a problem running the subrequest, display the
-		 * preamble if we didn't do it before -- the header file
-		 * didn't get displayed.
-		 */
-		if (ap_run_sub_req(rr) != OK) {
-		    /* It didn't work */
-		    emit_amble = suppress_amble;
-		    emit_H1 = 1;
-		}
-		ap_table_unset(r->notes, PARENT_STRING);	/* cleanup */
-	    }
-	    else if (!strncasecmp("text/", rr->content_type, 5)) {
-		/*
-		 * If we can open the file, prefix it with the preamble
-		 * regardless; since we'll be sending a <PRE> block around
-		 * the file's contents, any HTML header it had won't end up
-		 * where it belongs.
-		 */
-		if ((f = ap_pfopen(r->pool, rr->filename, "r")) != 0) {
-		    emit_preamble(r, title);
-		    emit_amble = 0;
-		    do_emit_plain(r, f);
-		    ap_pfclose(r->pool, f);
-		    emit_H1 = 0;
-		}
-	    }
-	}
-    }
-
-    if (r_accept) {
-        ap_table_setn(hdrs, "Accept", r_accept);
-    }
-    else {
-        ap_table_unset(hdrs, "Accept");
-    }
-
-    if (r_accept_enc) {
-        ap_table_setn(hdrs, "Accept-Encoding", r_accept_enc);
-    }
-
-    if (emit_amble) {
-	emit_preamble(r, title);
-    }
-    if (emit_H1) {
-	ap_rvputs(r, "<H1>Index of ", title, "</H1>\n", NULL);
-    }
-    if (rr != NULL) {
-	ap_destroy_sub_req(rr);
-    }
-}
-
-
-/*
- * Handle the Readme file through the postamble, inclusive.  Locate
- * the file with a subrequests.  Process text/html documents by actually
- * running the subrequest; text/xxx documents get copied verbatim,
- * and any other content type is ignored.  This means that a non-text
- * document (such as FOOTER.gif) might get multiviewed as the result
- * instead of a text document, meaning nothing will be displayed, but
- * oh well.
- */
-static void emit_tail(request_rec *r, char *readme_fname, int suppress_amble)
-{
-    FILE *f;
-    request_rec *rr = NULL;
-    int suppress_post = 0;
-    int suppress_sig = 0;
-    const char *r_accept;
-    const char *r_accept_enc;
-    table *hdrs = r->headers_in;
-
-    /*
-     * If there's a readme file, send a subrequest to look for it.  If it's
-     * found and html do the subrequest, otherwise handle it
-     */
-    r_accept = ap_table_get(hdrs, "Accept");
-    r_accept_enc = ap_table_get(hdrs, "Accept-Encoding");
-    ap_table_setn(hdrs, "Accept", "text/html, text/plain;q=.5, text/*;q=.1");
-    ap_table_unset(hdrs, "Accept-Encoding");
-
-    /*
-     * If there's a readme file, send a subrequest to look for it.  If it's
-     * found and a text file, handle it -- otherwise fall through and
-     * pretend there's nothing there.
-     */
-    if ((readme_fname != NULL)
-	&& (rr = ap_sub_req_lookup_uri(readme_fname, r))
-	&& (rr->status == HTTP_OK)
-	&& (rr->filename != NULL)
-	&& S_ISREG(rr->finfo.st_mode)) {
-	/*
-	 * Check for the two specific cases we allow: text/html and
-	 * text/anything-else.  The former is allowed to be processed for
-	 * SSIs.
-	 */
-	if (rr->content_type != NULL) {
-	    if (!strcasecmp(ap_field_noparam(r->pool, rr->content_type),
-			    "text/html")) {
-
-		/* See mod_include */
-		ap_table_add(r->notes, PARENT_STRING, "");
-		ap_table_add(rr->notes, SUB_REQ_STRING, "");
-
-		if (ap_run_sub_req(rr) == OK) {
-		    /* worked... */
-		    suppress_sig = 1;
-		    suppress_post = suppress_amble;
-		}
-		ap_table_unset(r->notes, PARENT_STRING);	/* cleanup */
-	    }
-	    else if (!strncasecmp("text/", rr->content_type, 5)) {
-		/*
-		 * If we can open the file, suppress the signature.
-		 */
-		if ((f = ap_pfopen(r->pool, rr->filename, "r")) != 0) {
-		    do_emit_plain(r, f);
-		    ap_pfclose(r->pool, f);
-		    suppress_sig = 1;
-		}
-	    }
-	}
-    }
-    
-    if (r_accept) {
-        ap_table_setn(hdrs, "Accept", r_accept);
-    }
-    else {
-        ap_table_unset(hdrs, "Accept");
-    }
-
-    if (r_accept_enc) {
-        ap_table_setn(hdrs, "Accept-Encoding", r_accept_enc);
-    }
-
-    if (!suppress_sig) {
-	ap_rputs(ap_psignature("", r), r);
-    }
-    if (!suppress_post) {
-	ap_rputs("</BODY></HTML>\n", r);
-    }
-    if (rr != NULL) {
-	ap_destroy_sub_req(rr);
-    }
-}
-
-
-static char *find_title(request_rec *r)
-{
-    char titlebuf[MAX_STRING_LEN], *find = "<TITLE>";
-    FILE *thefile = NULL;
-    int x, y, n, p;
-
-    if (r->status != HTTP_OK) {
-	return NULL;
-    }
-    if ((r->content_type != NULL)
-	&& (!strcasecmp(ap_field_noparam(r->pool, r->content_type),
-			"text/html")
-	    || !strcmp(r->content_type, INCLUDES_MAGIC_TYPE))
-	&& !r->content_encoding) {
-        if (!(thefile = ap_pfopen(r->pool, r->filename, "r"))) {
-	    return NULL;
-	}
-	n = fread(titlebuf, sizeof(char), MAX_STRING_LEN - 1, thefile);
-	if (n <= 0) {
-	    ap_pfclose(r->pool, thefile);
-	    return NULL;
-	}
-	titlebuf[n] = '\0';
-	for (x = 0, p = 0; titlebuf[x]; x++) {
-	    if (ap_toupper(titlebuf[x]) == find[p]) {
-		if (!find[++p]) {
-		    if ((p = ap_ind(&titlebuf[++x], '<')) != -1) {
-			titlebuf[x + p] = '\0';
-		    }
-		    /* Scan for line breaks for Tanmoy's secretary */
-		    for (y = x; titlebuf[y]; y++) {
-			if ((titlebuf[y] == CR) || (titlebuf[y] == LF)) {
-			    if (y == x) {
-				x++;
-			    }
-			    else {
-				titlebuf[y] = ' ';
-			    }
-			}
-		    }
-		    ap_pfclose(r->pool, thefile);
-		    return ap_pstrdup(r->pool, &titlebuf[x]);
-		}
-	    }
-	    else {
-		p = 0;
-	    }
-	}
-	ap_pfclose(r->pool, thefile);
-    }
-    return NULL;
-}
-
-static struct ent *make_autoindex_entry(char *name, int autoindex_opts,
-					autoindex_config_rec *d,
-					request_rec *r, char keyid,
-					char direction)
-{
-    struct ent *p;
-
-    if ((name[0] == '.') && (!name[1])) {
-	return (NULL);
-    }
-
-    if (ignore_entry(d, ap_make_full_path(r->pool, r->filename, name))) {
-        return (NULL);
-    }
-
-    p = (struct ent *) ap_pcalloc(r->pool, sizeof(struct ent));
-    p->name = ap_pstrdup(r->pool, name);
-    p->size = -1;
-    p->icon = NULL;
-    p->alt = NULL;
-    p->desc = NULL;
-    p->lm = -1;
-    p->isdir = 0;
-    /*
-     * It's obnoxious to have to include this in every entry, but the qsort()
-     * comparison routine only takes two arguments..  The alternative would
-     * add another function call to each invocation.  Let's use memory
-     * rather than CPU.
-     */
-    p->checkdir = ((d->opts & FOLDERS_FIRST) != 0);
-    p->ignorecase = ((d->opts & SORT_NOCASE) != 0);
-    p->key = ap_toupper(keyid);
-    p->ascending = (ap_toupper(direction) == D_ASCENDING);
-
-    if (autoindex_opts & FANCY_INDEXING) {
-	request_rec *rr = ap_sub_req_lookup_file(name, r);
-
-	if (rr->finfo.st_mode != 0) {
-	    p->lm = rr->finfo.st_mtime;
-	    if (S_ISDIR(rr->finfo.st_mode)) {
-		p->isdir = 1;
-	        if (!(p->icon = find_icon(d, rr, 1))) {
-		    p->icon = find_default_icon(d, "^^DIRECTORY^^");
-		}
-		if (!(p->alt = find_alt(d, rr, 1))) {
-		    p->alt = "DIR";
-		}
-		p->size = -1;
-		p->name = ap_pstrcat(r->pool, name, "/", NULL);
-	    }
-	    else {
-		p->icon = find_icon(d, rr, 0);
-		p->alt = find_alt(d, rr, 0);
-		p->size = rr->finfo.st_size;
-	    }
-	}
-
-	p->desc = find_desc(d, rr);
-
-	if ((!p->desc) && (autoindex_opts & SCAN_HTML_TITLES)) {
-	    p->desc = ap_pstrdup(r->pool, find_title(rr));
-	}
-
-	ap_destroy_sub_req(rr);
-    }
-    /*
-     * We don't need to take any special action for the file size key.  If
-     * we did, it would go here.
-     */
-    if (keyid == K_LAST_MOD) {
-        if (p->lm < 0) {
-	    p->lm = 0;
-	}
-    }
-    return (p);
-}
-
-static char *terminate_description(autoindex_config_rec *d, char *desc,
-				   int autoindex_opts, int desc_width)
-{
-    int maxsize = desc_width;
-    int x;
-
-    /*
-     * If there's no DescriptionWidth in effect, default to the old
-     * behaviour of adjusting the description size depending upon
-     * what else is being displayed.  Otherwise, stick with the
-     * setting.
-     */
-    if (d->desc_adjust == K_UNSET) {
-	if (autoindex_opts & SUPPRESS_LAST_MOD) {
-	    maxsize += 19;
-	}
-	if (autoindex_opts & SUPPRESS_SIZE) {
-	    maxsize += 7;
-	}
-    }
-
-    for (x = 0; desc[x] && ((maxsize > 0) || (desc[x] == '<')); x++) {
-	if (desc[x] == '<') {
-	    while (desc[x] != '>') {
-		if (!desc[x]) {
-		    maxsize = 0;
-		    break;
-		}
-		++x;
-	    }
-	}
- 	else if (desc[x] == '&') {
- 	    /* entities like &auml; count as one character */
- 	    --maxsize;
- 	    for ( ; desc[x] != ';'; ++x) {
- 		if (desc[x] == '\0') {
-                     maxsize = 0;
-                     break;
-		}
-	    }
-        }
-	else {
-	    --maxsize;
-	}
-    }
-    if (!maxsize && desc[x] != '\0') {
-	desc[x - 1] = '>';	/* Grump. */
-	desc[x] = '\0';		/* Double Grump! */
-    }
-    return desc;
-}
-
-/*
- * Emit the anchor for the specified field.  If a field is the key for the
- * current request, the link changes its meaning to reverse the order when
- * selected again.  Non-active fields always start in ascending order.
- */
-static void emit_link(request_rec *r, char *anchor, char fname, char curkey,
-                      char curdirection, int nosort)
-{
-    char qvalue[5];
-    int reverse;
-
-    if (!nosort) {
-	qvalue[0] = '?';
-	qvalue[1] = fname;
-	qvalue[2] = '=';
-	qvalue[4] = '\0';
-	reverse = ((curkey == fname) && (curdirection == D_ASCENDING));
-	qvalue[3] = reverse ? D_DESCENDING : D_ASCENDING;
-	ap_rvputs(r, "<A HREF=\"", qvalue, "\">", anchor, "</A>", NULL);
-    }
-    else {
-        ap_rputs(anchor, r);
-    }
-}
-
-static void output_directories(struct ent **ar, int n,
-			       autoindex_config_rec *d, request_rec *r,
-			       int autoindex_opts, char keyid, char direction)
-{
-    int x;
-    char *name = r->uri;
-    char *tp;
-    int static_columns = (autoindex_opts & SUPPRESS_COLSORT);
-    pool *scratch = ap_make_sub_pool(r->pool);
-    int name_width;
-    int desc_width;
-    char *name_scratch;
-    char *pad_scratch;
-
-    if (name[0] == '\0') {
-	name = "/";
-    }
-
-    desc_width = d->desc_width;
-    if (d->desc_adjust == K_ADJUST) {
-	for (x = 0; x < n; x++) {
-	    if (ar[x]->desc != NULL) {
-		int t = strlen(ar[x]->desc);
-		if (t > desc_width) {
-		    desc_width = t;
-		}
-	    }
-	}
-    }
-    name_width = d->name_width;
-    if (d->name_adjust == K_ADJUST) {
-	for (x = 0; x < n; x++) {
-	    int t = strlen(ar[x]->name);
-	    if (t > name_width) {
-		name_width = t;
-	    }
-	}
-    }
-    name_scratch = ap_palloc(r->pool, name_width + 1);
-    pad_scratch = ap_palloc(r->pool, name_width + 1);
-    memset(pad_scratch, ' ', name_width);
-    pad_scratch[name_width] = '\0';
-
-    if (autoindex_opts & FANCY_INDEXING) {
-	ap_rputs("<PRE>", r);
-	if ((tp = find_default_icon(d, "^^BLANKICON^^"))) {
-	    ap_rvputs(r, "<IMG SRC=\"", ap_escape_html(scratch, tp),
-		   "\" ALT=\"     \"", NULL);
-	    if (d->icon_width && d->icon_height) {
-		ap_rprintf
-		    (
-			r,
-			" HEIGHT=\"%d\" WIDTH=\"%d\"",
-			d->icon_height,
-			d->icon_width
-		    );
-	    }
-	    ap_rputs("> ", r);
-	}
-        emit_link(r, "Name", K_NAME, keyid, direction, static_columns);
-	ap_rputs(pad_scratch + 4, r);
-	/*
-	 * Emit the guaranteed-at-least-one-space-between-columns byte.
-	 */
-	ap_rputs(" ", r);
-	if (!(autoindex_opts & SUPPRESS_LAST_MOD)) {
-            emit_link(r, "Last modified", K_LAST_MOD, keyid, direction,
-                      static_columns);
-	    ap_rputs("       ", r);
-	}
-	if (!(autoindex_opts & SUPPRESS_SIZE)) {
-            emit_link(r, "Size", K_SIZE, keyid, direction, static_columns);
-	    ap_rputs("  ", r);
-	}
-	if (!(autoindex_opts & SUPPRESS_DESC)) {
-            emit_link(r, "Description", K_DESC, keyid, direction,
-                      static_columns);
-	}
-	ap_rputs("\n<HR>\n", r);
-    }
-    else {
-	ap_rputs("<UL>", r);
-    }
-
-    for (x = 0; x < n; x++) {
-	char *anchor, *t, *t2;
-	int nwidth;
-
-	ap_clear_pool(scratch);
-
-	if (is_parent(ar[x]->name)) {
-	    t = ap_make_full_path(scratch, name, "../");
-	    ap_getparents(t);
-	    if (t[0] == '\0') {
-		t = "/";
-	    }
-	    t2 = "Parent Directory";
-	    anchor = ap_escape_html(scratch, ap_os_escape_path(scratch, t, 0));
-	}
-	else {
-	    t = ar[x]->name;
-	    t2 = t;
-	    anchor = ap_escape_html(scratch, ap_os_escape_path(scratch, t, 0));
-	}
-
-	if (autoindex_opts & FANCY_INDEXING) {
-	    if (autoindex_opts & ICONS_ARE_LINKS) {
-		ap_rvputs(r, "<A HREF=\"", anchor, "\">", NULL);
-	    }
-	    if ((ar[x]->icon) || d->default_icon) {
-		ap_rvputs(r, "<IMG SRC=\"",
-			  ap_escape_html(scratch,
-					 ar[x]->icon ? ar[x]->icon
-					             : d->default_icon),
-			  "\" ALT=\"[", (ar[x]->alt ? ar[x]->alt : "   "),
-			  "]\"", NULL);
-		if (d->icon_width && d->icon_height) {
-		    ap_rprintf(r, " HEIGHT=\"%d\" WIDTH=\"%d\"",
-			       d->icon_height, d->icon_width);
-		}
-		ap_rputs(">", r);
-	    }
-	    if (autoindex_opts & ICONS_ARE_LINKS) {
-		ap_rputs("</A>", r);
-	    }
-
-	    nwidth = strlen(t2);
-	    if (nwidth > name_width) {
-		memcpy(name_scratch, t2, name_width - 3);
-		name_scratch[name_width - 3] = '.';
-		name_scratch[name_width - 2] = '.';
-		name_scratch[name_width - 1] = '>';
-		name_scratch[name_width] = 0;
-		t2 = name_scratch;
-		nwidth = name_width;
-	    }
-	    ap_rvputs(r, " <A HREF=\"", anchor, "\">",
-		      ap_escape_html(scratch, t2), "</A>",
-		      pad_scratch + nwidth, NULL);
-	    /*
-	     * The blank before the storm.. er, before the next field.
-	     */
-	    ap_rputs(" ", r);
-	    if (!(autoindex_opts & SUPPRESS_LAST_MOD)) {
-		if (ar[x]->lm != -1) {
-		    char time_str[MAX_STRING_LEN];
-		    struct tm *ts = localtime(&ar[x]->lm);
-		    strftime(time_str, MAX_STRING_LEN, "%d-%b-%Y %H:%M  ", ts);
-		    ap_rputs(time_str, r);
-		}
-		else {
-		    /*Length="22-Feb-1998 23:42  " (see 4 lines above) */
-		    ap_rputs("                   ", r);
-		}
-	    }
-	    if (!(autoindex_opts & SUPPRESS_SIZE)) {
-		ap_send_size(ar[x]->size, r);
-		ap_rputs("  ", r);
-	    }
-	    if (!(autoindex_opts & SUPPRESS_DESC)) {
-		if (ar[x]->desc) {
-		    ap_rputs(terminate_description(d, ar[x]->desc,
-						   autoindex_opts,
-						   desc_width), r);
-		}
-	    }
-	}
-	else {
-	    ap_rvputs(r, "<LI><A HREF=\"", anchor, "\"> ", t2,
-		      "</A>", NULL);
-	}
-	ap_rputc('\n', r);
-    }
-    if (autoindex_opts & FANCY_INDEXING) {
-	ap_rputs("</PRE>", r);
-    }
-    else {
-	ap_rputs("</UL>", r);
-    }
-}
-
-/*
- * Compare two file entries according to the sort criteria.  The return
- * is essentially a signum function value.
- */
-
-static int dsortf(struct ent **e1, struct ent **e2)
-{
-    struct ent *c1;
-    struct ent *c2;
-    int result = 0;
-    int ignorecase;
-
-    /*
-     * First, see if either of the entries is for the parent directory.
-     * If so, that *always* sorts lower than anything else.
-     */
-    if (is_parent((*e1)->name)) {
-        return -1;
-    }
-    if (is_parent((*e2)->name)) {
-        return 1;
-    }
-    /*
-     * Now see if one's a directory and one isn't, AND we're listing
-     * directories first.
-     */
-    if ((*e1)->checkdir) {
-	if ((*e1)->isdir != (*e2)->isdir) {
-	    return (*e1)->isdir ? -1 : 1;
-	}
-    }
-    /*
-     * All of our comparisons will be of the c1 entry against the c2 one,
-     * so assign them appropriately to take care of the ordering.
-     */
-    if ((*e1)->ascending) {
-        c1 = *e1;
-        c2 = *e2;
-    }
-    else {
-        c1 = *e2;
-        c2 = *e1;
-    }
-    switch (c1->key) {
-    case K_LAST_MOD:
-	if (c1->lm > c2->lm) {
-            return 1;
-        }
-        else if (c1->lm < c2->lm) {
-            return -1;
-        }
-        break;
-    case K_SIZE:
-        if (c1->size > c2->size) {
-            return 1;
-        }
-        else if (c1->size < c2->size) {
-            return -1;
-        }
-        break;
-    case K_DESC:
-        result = strcmp(c1->desc ? c1->desc : "", c2->desc ? c2->desc : "");
-        if (result) {
-            return result;
-        }
-        break;
-    }
-
-    ignorecase = c1->ignorecase;
-    if (ignorecase) {
-        result = strcasecmp(c1->name, c2->name);
-        if (result == 0) {
-            /*
-             * They're identical when treated case-insensitively, so
-             * pretend they weren't and let strcmp() put them in a
-             * deterministic order.  This means that 'ABC' and 'abc'
-             * will always appear in the same order, rather than
-             * unpredictably 'ABC abc' or 'abc ABC'.
-             */
-            ignorecase = 0;
-        }
-    }
-    if (! ignorecase) {
-        result = strcmp(c1->name, c2->name);
-    }
-    return result;
-}
-
-
-static int index_directory(request_rec *r,
-			   autoindex_config_rec *autoindex_conf)
-{
-    char *title_name = ap_escape_html(r->pool, r->uri);
-    char *title_endp;
-    char *name = r->filename;
-
-    DIR *d;
-    struct DIR_TYPE *dstruct;
-    int num_ent = 0, x;
-    struct ent *head, *p;
-    struct ent **ar = NULL;
-    const char *qstring;
-    int autoindex_opts = autoindex_conf->opts;
-    char keyid;
-    char direction;
-
-    if (!(d = ap_popendir(r->pool, name))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "Can't open directory for index: %s", r->filename);
-	return HTTP_FORBIDDEN;
-    }
-
-    r->content_type = "text/html";
-    if (autoindex_opts & TRACK_MODIFIED) {
-        ap_update_mtime(r, r->finfo.st_mtime);
-        ap_set_last_modified(r);
-        ap_set_etag(r);
-    }
-    ap_send_http_header(r);
-
-    if (r->header_only) {
-	ap_pclosedir(r->pool, d);
-	return 0;
-    }
-    ap_hard_timeout("send directory", r);
-
-    /* Spew HTML preamble */
-
-    title_endp = title_name + strlen(title_name) - 1;
-
-    while (title_endp > title_name && *title_endp == '/') {
-	*title_endp-- = '\0';
-    }
-
-    emit_head(r, find_header(autoindex_conf, r),
-	      autoindex_opts & SUPPRESS_PREAMBLE, title_name);
-
-    /*
-     * Figure out what sort of indexing (if any) we're supposed to use.
-     *
-     * If no QUERY_STRING was specified or column sorting has been
-     * explicitly disabled, we use the default specified by the
-     * IndexOrderDefault directive (if there is one); otherwise,
-     * we fall back to ascending by name.
-     */
-    qstring = r->args;
-    if ((autoindex_opts & SUPPRESS_COLSORT)
-	|| ((qstring == NULL) || (*qstring == '\0'))) {
-	qstring = autoindex_conf->default_order;
-    }
-    /*
-     * If there is no specific ordering defined for this directory,
-     * default to ascending by filename.
-     */
-    if ((qstring == NULL) || (*qstring == '\0')) {
-	keyid = K_NAME;
-	direction = D_ASCENDING;
-    }
-    else {
-	keyid = *qstring;
-	ap_getword(r->pool, &qstring, '=');
-	if (*qstring == D_DESCENDING) {
-	    direction = D_DESCENDING;
-	}
-	else {
-	    direction = D_ASCENDING;
-	}
-    }
-
-    /* 
-     * Since we don't know how many dir. entries there are, put them into a 
-     * linked list and then arrayificate them so qsort can use them. 
-     */
-    head = NULL;
-    while ((dstruct = readdir(d))) {
-	p = make_autoindex_entry(dstruct->d_name, autoindex_opts,
-				 autoindex_conf, r, keyid, direction);
-	if (p != NULL) {
-	    p->next = head;
-	    head = p;
-	    num_ent++;
-	}
-    }
-    if (num_ent > 0) {
-	ar = (struct ent **) ap_palloc(r->pool,
-				       num_ent * sizeof(struct ent *));
-	p = head;
-	x = 0;
-	while (p) {
-	    ar[x++] = p;
-	    p = p->next;
-	}
-
-	qsort((void *) ar, num_ent, sizeof(struct ent *),
-	      (int (*)(const void *, const void *)) dsortf);
-    }
-    output_directories(ar, num_ent, autoindex_conf, r, autoindex_opts, keyid,
-		       direction);
-    ap_pclosedir(r->pool, d);
-
-    if (autoindex_opts & FANCY_INDEXING) {
-	ap_rputs("<HR>\n", r);
-    }
-    emit_tail(r, find_readme(autoindex_conf, r),
-	      autoindex_opts & SUPPRESS_PREAMBLE);
-
-    ap_kill_timeout(r);
-    return 0;
-}
-
-/* The formal handler... */
-
-static int handle_autoindex(request_rec *r)
-{
-    autoindex_config_rec *d;
-    int allow_opts = ap_allow_options(r);
-
-    d = (autoindex_config_rec *) ap_get_module_config(r->per_dir_config,
-						      &autoindex_module);
-
-    r->allowed |= (1 << M_GET);
-    if (r->method_number != M_GET) {
-	return DECLINED;
-    }
-
-    /* OK, nothing easy.  Trot out the heavy artillery... */
-
-    if (allow_opts & OPT_INDEXES) {
-	/* KLUDGE --- make the sub_req lookups happen in the right directory.
-	 * Fixing this in the sub_req_lookup functions themselves is difficult,
-	 * and would probably break virtual includes...
-	 */
-
-	if (r->filename[strlen(r->filename) - 1] != '/') {
-	    r->filename = ap_pstrcat(r->pool, r->filename, "/", NULL);
-	}
-	return index_directory(r, d);
-    }
-    else {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		     "Directory index forbidden by rule: %s", r->filename);
-	return HTTP_FORBIDDEN;
-    }
-}
-
-
-static const handler_rec autoindex_handlers[] =
-{
-    {DIR_MAGIC_TYPE, handle_autoindex},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT autoindex_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_autoindex_config,	/* dir config creater */
-    merge_autoindex_configs,	/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    autoindex_cmds,		/* command table */
-    autoindex_handlers,		/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_cern_meta.c b/usr.sbin/httpd/src/modules/standard/mod_cern_meta.c
deleted file mode 100644
index 586fb0786d3..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_cern_meta.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_cern_meta.c
- * version 0.1.0
- * status beta
- * 
- * Andrew Wilson <Andrew.Wilson@cm.cf.ac.uk> 25.Jan.96
- *
- * *** IMPORTANT ***
- * This version of mod_cern_meta.c controls Meta File behaviour on a
- * per-directory basis.  Previous versions of the module defined behaviour
- * on a per-server basis.  The upshot is that you'll need to revisit your 
- * configuration files in order to make use of the new module.
- * ***
- *
- * Emulate the CERN HTTPD Meta file semantics.  Meta files are HTTP
- * headers that can be output in addition to the normal range of
- * headers for each file accessed.  They appear rather like the Apache
- * .asis files, and are able to provide a crude way of influencing
- * the Expires: header, as well as providing other curiosities.
- * There are many ways to manage meta information, this one was
- * chosen because there is already a large number of CERN users
- * who can exploit this module.  It should be noted that there are probably
- * more sensitive ways of managing the Expires: header specifically.
- *
- * The module obeys the following directives, which can appear 
- * in the server's .conf files and in .htaccess files.
- *
- *  MetaFiles <on|off> 
- *
- *    turns on|off meta file processing for any directory.  
- *    Default value is off
- *
- *        # turn on MetaFiles in this directory
- *        MetaFiles on
- *
- *  MetaDir <directory name>
- *      
- *    specifies the name of the directory in which Apache can find
- *    meta information files.  The directory is usually a 'hidden'
- *    subdirectory of the directory that contains the file being
- *    accessed.  eg:
- *
- *        # .meta files are in the *same* directory as the 
- *        # file being accessed
- *        MetaDir .
- *
- *    the default is to look in a '.web' subdirectory. This is the
- *    same as for CERN 3.+ webservers and behaviour is the same as 
- *    for the directive:
- *
- *        MetaDir .web
- *
- *  MetaSuffix <meta file suffix>
- *
- *    specifies the file name suffix for the file containing the
- *    meta information.  eg:
- *
- *       # our meta files are suffixed with '.cern_meta'
- *       MetaSuffix .cern_meta
- *
- *    the default is to look for files with the suffix '.meta'.  This
- *    behaviour is the same as for the directive:
- *
- *       MetaSuffix .meta
- *
- * When accessing the file
- *
- *   DOCUMENT_ROOT/somedir/index.html
- *
- * this module will look for the file
- *
- *   DOCUMENT_ROOT/somedir/.web/index.html.meta
- *
- * and will use its contents to generate additional MIME header 
- * information.
- *
- * For more information on the CERN Meta file semantics see:
- *
- *   http://www.w3.org/hypertext/WWW/Daemon/User/Config/General.html#MetaDir
- *
- * Change-log:
- * 29.Jan.96 pfopen/pfclose instead of fopen/fclose
- *           DECLINE when real file not found, we may be checking each
- *           of the index.html/index.shtml/index.htm variants and don't
- *           need to report missing ones as spurious errors. 
- * 31.Jan.96 log_error reports about a malformed .meta file, rather
- *           than a script error.
- * 20.Jun.96 MetaFiles <on|off> default off, added, so that module
- *           can be configured per-directory.  Prior to this the module
- *           was running for each request anywhere on the server, naughty..
- * 29.Jun.96 All directives made per-directory.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "util_script.h"
-#include "http_log.h"
-#include "http_request.h"
-
-#define DIR_CMD_PERMS OR_INDEXES
-
-#define DEFAULT_METADIR		".web"
-#define DEFAULT_METASUFFIX	".meta"
-#define DEFAULT_METAFILES	0
-
-module MODULE_VAR_EXPORT cern_meta_module;
-
-typedef struct {
-    char *metadir;
-    char *metasuffix;
-    int metafiles;
-} cern_meta_dir_config;
-
-static void *create_cern_meta_dir_config(pool *p, char *dummy)
-{
-    cern_meta_dir_config *new =
-    (cern_meta_dir_config *) ap_palloc(p, sizeof(cern_meta_dir_config));
-
-    new->metadir = NULL;
-    new->metasuffix = NULL;
-    new->metafiles = DEFAULT_METAFILES;
-
-    return new;
-}
-
-static void *merge_cern_meta_dir_configs(pool *p, void *basev, void *addv)
-{
-    cern_meta_dir_config *base = (cern_meta_dir_config *) basev;
-    cern_meta_dir_config *add = (cern_meta_dir_config *) addv;
-    cern_meta_dir_config *new =
-    (cern_meta_dir_config *) ap_palloc(p, sizeof(cern_meta_dir_config));
-
-    new->metadir = add->metadir ? add->metadir : base->metadir;
-    new->metasuffix = add->metasuffix ? add->metasuffix : base->metasuffix;
-    new->metafiles = add->metafiles;
-
-    return new;
-}
-
-static const char *set_metadir(cmd_parms *parms, cern_meta_dir_config * dconf, char *arg)
-{
-    dconf->metadir = arg;
-    return NULL;
-}
-
-static const char *set_metasuffix(cmd_parms *parms, cern_meta_dir_config * dconf, char *arg)
-{
-    dconf->metasuffix = arg;
-    return NULL;
-}
-
-static const char *set_metafiles(cmd_parms *parms, cern_meta_dir_config * dconf, int arg)
-{
-    dconf->metafiles = arg;
-    return NULL;
-}
-
-
-static const command_rec cern_meta_cmds[] =
-{
-    {"MetaFiles", set_metafiles, NULL, DIR_CMD_PERMS, FLAG,
-    "Limited to 'on' or 'off'"},
-    {"MetaDir", set_metadir, NULL, DIR_CMD_PERMS, TAKE1,
-     "the name of the directory containing meta files"},
-    {"MetaSuffix", set_metasuffix, NULL, DIR_CMD_PERMS, TAKE1,
-     "the filename suffix for meta files"},
-    {NULL}
-};
-
-/* XXX: this is very similar to ap_scan_script_header_err_core...
- * are the differences deliberate, or just a result of bit rot?
- */
-static int scan_meta_file(request_rec *r, FILE *f)
-{
-    char w[MAX_STRING_LEN];
-    char *l;
-    int p;
-    table *tmp_headers;
-
-    tmp_headers = ap_make_table(r->pool, 5);
-    while (fgets(w, sizeof(w), f) != NULL) {
-
-	/* Delete terminal (CR?)LF */
-
-	p = strlen(w);
-	if (p > 0 && w[p - 1] == '\n') {
-	    if (p > 1 && w[p - 2] == '\015')
-		w[p - 2] = '\0';
-	    else
-		w[p - 1] = '\0';
-	}
-
-	if (w[0] == '\0') {
-	    return OK;
-	}
-
-	/* if we see a bogus header don't ignore it. Shout and scream */
-
-	if (!(l = strchr(w, ':'))) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"malformed header in meta file: %s", r->filename);
-	    return SERVER_ERROR;
-	}
-
-	*l++ = '\0';
-	while (ap_isspace(*l))
-	    ++l;
-
-	if (!strcasecmp(w, "Content-type")) {
-	    char *tmp;
-	    /* Nuke trailing whitespace */
-
-	    char *endp = l + strlen(l) - 1;
-	    while (endp > l && ap_isspace(*endp))
-		*endp-- = '\0';
-
-	    tmp = ap_pstrdup(r->pool, l);
-	    ap_content_type_tolower(tmp);
-	    r->content_type = tmp;
-	}
-	else if (!strcasecmp(w, "Status")) {
-	    sscanf(l, "%d", &r->status);
-	    r->status_line = ap_pstrdup(r->pool, l);
-	}
-	else {
-	    ap_table_set(tmp_headers, w, l);
-	}
-    }
-    ap_overlap_tables(r->headers_out, tmp_headers, AP_OVERLAP_TABLES_SET);
-    return OK;
-}
-
-static int add_cern_meta_data(request_rec *r)
-{
-    char *metafilename;
-    char *last_slash;
-    char *real_file;
-    char *scrap_book;
-    FILE *f;
-    cern_meta_dir_config *dconf;
-    int rv;
-    request_rec *rr;
-
-    dconf = ap_get_module_config(r->per_dir_config, &cern_meta_module);
-
-    if (!dconf->metafiles) {
-	return DECLINED;
-    };
-
-    /* if ./.web/$1.meta exists then output 'asis' */
-
-    if (r->finfo.st_mode == 0) {
-	return DECLINED;
-    };
-
-    /* is this a directory? */
-    if (S_ISDIR(r->finfo.st_mode) || r->uri[strlen(r->uri) - 1] == '/') {
-	return DECLINED;
-    };
-
-    /* what directory is this file in? */
-    scrap_book = ap_pstrdup(r->pool, r->filename);
-    /* skip leading slash, recovered in later processing */
-    scrap_book++;
-    last_slash = strrchr(scrap_book, '/');
-    if (last_slash != NULL) {
-	/* skip over last slash */
-	real_file = last_slash;
-	real_file++;
-	*last_slash = '\0';
-    }
-    else {
-	/* no last slash, buh?! */
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "internal error in mod_cern_meta: %s", r->filename);
-	/* should really barf, but hey, let's be friends... */
-	return DECLINED;
-    };
-
-    metafilename = ap_pstrcat(r->pool, "/", scrap_book, "/",
-			   dconf->metadir ? dconf->metadir : DEFAULT_METADIR,
-			   "/", real_file,
-		 dconf->metasuffix ? dconf->metasuffix : DEFAULT_METASUFFIX,
-			   NULL);
-
-    /* XXX: it sucks to require this subrequest to complete, because this
-     * means people must leave their meta files accessible to the world.
-     * A better solution might be a "safe open" feature of pfopen to avoid
-     * pipes, symlinks, and crap like that.
-     */
-    rr = ap_sub_req_lookup_file(metafilename, r);
-    if (rr->status != HTTP_OK) {
-	ap_destroy_sub_req(rr);
-	return DECLINED;
-    }
-    ap_destroy_sub_req(rr);
-
-    f = ap_pfopen(r->pool, metafilename, "r");
-    if (f == NULL) {
-	if (errno == ENOENT) {
-	    return DECLINED;
-	}
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-	      "meta file permissions deny server access: %s", metafilename);
-	return FORBIDDEN;
-    };
-
-    /* read the headers in */
-    rv = scan_meta_file(r, f);
-    ap_pfclose(r->pool, f);
-
-    return rv;
-}
-
-module MODULE_VAR_EXPORT cern_meta_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_cern_meta_dir_config,	/* dir config creater */
-    merge_cern_meta_dir_configs,	/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server configs */
-    cern_meta_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    add_cern_meta_data,		/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_cgi.c b/usr.sbin/httpd/src/modules/standard/mod_cgi.c
deleted file mode 100644
index 0eff52558a0..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_cgi.c
+++ /dev/null
@@ -1,548 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_script: keeps all script-related ramblings together.
- * 
- * Compliant to CGI/1.1 spec
- * 
- * Adapted by rst from original NCSA code by Rob McCool
- *
- * Apache adds some new env vars; REDIRECT_URL and REDIRECT_QUERY_STRING for
- * custom error responses, and DOCUMENT_ROOT because we found it useful.
- * It also adds SERVER_ADMIN - useful for scripts to know who to mail when 
- * they fail.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "util_script.h"
-#include "http_conf_globals.h"
-
-module MODULE_VAR_EXPORT cgi_module;
-
-/* KLUDGE --- for back-combatibility, we don't have to check ExecCGI
- * in ScriptAliased directories, which means we need to know if this
- * request came through ScriptAlias or not... so the Alias module
- * leaves a note for us.
- */
-
-static int is_scriptaliased(request_rec *r)
-{
-    const char *t = ap_table_get(r->notes, "alias-forced-type");
-    return t && (!strcasecmp(t, "cgi-script"));
-}
-
-/* Configuration stuff */
-
-#define DEFAULT_LOGBYTES 10385760
-#define DEFAULT_BUFBYTES 1024
-
-typedef struct {
-    char *logname;
-    long logbytes;
-    int bufbytes;
-} cgi_server_conf;
-
-static void *create_cgi_config(pool *p, server_rec *s)
-{
-    cgi_server_conf *c =
-    (cgi_server_conf *) ap_pcalloc(p, sizeof(cgi_server_conf));
-
-    c->logname = NULL;
-    c->logbytes = DEFAULT_LOGBYTES;
-    c->bufbytes = DEFAULT_BUFBYTES;
-
-    return c;
-}
-
-static void *merge_cgi_config(pool *p, void *basev, void *overridesv)
-{
-    cgi_server_conf *base = (cgi_server_conf *) basev, *overrides = (cgi_server_conf *) overridesv;
-
-    return overrides->logname ? overrides : base;
-}
-
-static const char *set_scriptlog(cmd_parms *cmd, void *dummy, char *arg)
-{
-    server_rec *s = cmd->server;
-    cgi_server_conf *conf =
-    (cgi_server_conf *) ap_get_module_config(s->module_config, &cgi_module);
-
-    conf->logname = arg;
-    return NULL;
-}
-
-static const char *set_scriptlog_length(cmd_parms *cmd, void *dummy, char *arg)
-{
-    server_rec *s = cmd->server;
-    cgi_server_conf *conf =
-    (cgi_server_conf *) ap_get_module_config(s->module_config, &cgi_module);
-
-    conf->logbytes = atol(arg);
-    return NULL;
-}
-
-static const char *set_scriptlog_buffer(cmd_parms *cmd, void *dummy, char *arg)
-{
-    server_rec *s = cmd->server;
-    cgi_server_conf *conf =
-    (cgi_server_conf *) ap_get_module_config(s->module_config, &cgi_module);
-
-    conf->bufbytes = atoi(arg);
-    return NULL;
-}
-
-static const command_rec cgi_cmds[] =
-{
-    {"ScriptLog", set_scriptlog, NULL, RSRC_CONF, TAKE1,
-     "the name of a log for script debugging info"},
-    {"ScriptLogLength", set_scriptlog_length, NULL, RSRC_CONF, TAKE1,
-     "the maximum length (in bytes) of the script debug log"},
-    {"ScriptLogBuffer", set_scriptlog_buffer, NULL, RSRC_CONF, TAKE1,
-     "the maximum size (in bytes) to record of a POST request"},
-    {NULL}
-};
-
-static int log_scripterror(request_rec *r, cgi_server_conf * conf, int ret,
-			   int show_errno, char *error)
-{
-    FILE *f;
-    struct stat finfo;
-
-    ap_log_rerror(APLOG_MARK, show_errno|APLOG_ERR, r, 
-		"%s: %s", error, r->filename);
-
-    if (!conf->logname ||
-	((stat(ap_server_root_relative(r->pool, conf->logname), &finfo) == 0)
-	 &&   (finfo.st_size > conf->logbytes)) ||
-         ((f = ap_pfopen(r->pool, ap_server_root_relative(r->pool, conf->logname),
-		      "a")) == NULL)) {
-	return ret;
-    }
-
-    /* "%% [Wed Jun 19 10:53:21 1996] GET /cgi-bin/printenv HTTP/1.0" */
-    fprintf(f, "%%%% [%s] %s %s%s%s %s\n", ap_get_time(), r->method, r->uri,
-	    r->args ? "?" : "", r->args ? r->args : "", r->protocol);
-    /* "%% 500 /usr/local/apache/cgi-bin */
-    fprintf(f, "%%%% %d %s\n", ret, r->filename);
-
-    fprintf(f, "%%error\n%s\n", error);
-
-    ap_pfclose(r->pool, f);
-    return ret;
-}
-
-static int log_script(request_rec *r, cgi_server_conf * conf, int ret,
-		  char *dbuf, const char *sbuf, BUFF *script_in, BUFF *script_err)
-{
-    array_header *hdrs_arr = ap_table_elts(r->headers_in);
-    table_entry *hdrs = (table_entry *) hdrs_arr->elts;
-    char argsbuffer[HUGE_STRING_LEN];
-    FILE *f;
-    int i;
-    struct stat finfo;
-
-    if (!conf->logname ||
-	((stat(ap_server_root_relative(r->pool, conf->logname), &finfo) == 0)
-	 &&   (finfo.st_size > conf->logbytes)) ||
-         ((f = ap_pfopen(r->pool, ap_server_root_relative(r->pool, conf->logname),
-		      "a")) == NULL)) {
-	/* Soak up script output */
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_in) > 0)
-	    continue;
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0)
-	    continue;
-	return ret;
-    }
-
-    /* "%% [Wed Jun 19 10:53:21 1996] GET /cgi-bin/printenv HTTP/1.0" */
-    fprintf(f, "%%%% [%s] %s %s%s%s %s\n", ap_get_time(), r->method, r->uri,
-	    r->args ? "?" : "", r->args ? r->args : "", r->protocol);
-    /* "%% 500 /usr/local/apache/cgi-bin" */
-    fprintf(f, "%%%% %d %s\n", ret, r->filename);
-
-    fputs("%request\n", f);
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-	if (!hdrs[i].key)
-	    continue;
-	fprintf(f, "%s: %s\n", hdrs[i].key, hdrs[i].val);
-    }
-    if ((r->method_number == M_POST || r->method_number == M_PUT)
-	&& dbuf && *dbuf) {
-	fprintf(f, "\n%s\n", dbuf);
-    }
-
-    fputs("%response\n", f);
-    hdrs_arr = ap_table_elts(r->err_headers_out);
-    hdrs = (table_entry *) hdrs_arr->elts;
-
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-	if (!hdrs[i].key)
-	    continue;
-	fprintf(f, "%s: %s\n", hdrs[i].key, hdrs[i].val);
-    }
-
-    if (sbuf && *sbuf)
-	fprintf(f, "%s\n", sbuf);
-
-    if (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_in) > 0) {
-	fputs("%stdout\n", f);
-	fputs(argsbuffer, f);
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_in) > 0)
-	    fputs(argsbuffer, f);
-	fputs("\n", f);
-    }
-
-    if (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0) {
-	fputs("%stderr\n", f);
-	fputs(argsbuffer, f);
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0)
-	    fputs(argsbuffer, f);
-	fputs("\n", f);
-    }
-
-    ap_bclose(script_in);
-    ap_bclose(script_err);
-
-    ap_pfclose(r->pool, f);
-    return ret;
-}
-
-/****************************************************************
- *
- * Actual CGI handling...
- */
-
-
-struct cgi_child_stuff {
-    request_rec *r;
-    int nph;
-    int debug;
-    char *argv0;
-};
-
-static int cgi_child(void *child_stuff, child_info *pinfo)
-{
-    struct cgi_child_stuff *cld = (struct cgi_child_stuff *) child_stuff;
-    request_rec *r = cld->r;
-    char *argv0 = cld->argv0;
-    int child_pid;
-
-#ifdef DEBUG_CGI
-    FILE *dbg = fopen("/dev/tty", "w");
-    int i;
-#endif
-
-    char **env;
-
-    RAISE_SIGSTOP(CGI_CHILD);
-#ifdef DEBUG_CGI
-    fprintf(dbg, "Attempting to exec %s as %sCGI child (argv0 = %s)\n",
-	    r->filename, cld->nph ? "NPH " : "", argv0);
-#endif
-
-    ap_add_cgi_vars(r);
-    env = ap_create_environment(r->pool, r->subprocess_env);
-
-#ifdef DEBUG_CGI
-    fprintf(dbg, "Environment: \n");
-    for (i = 0; env[i]; ++i)
-	fprintf(dbg, "'%s'\n", env[i]);
-#endif
-
-    ap_chdir_file(r->filename);
-    if (!cld->debug)
-	ap_error_log2stderr(r->server);
-
-    /* Transumute outselves into the script.
-     * NB only ISINDEX scripts get decoded arguments.
-     */
-
-    ap_cleanup_for_exec();
-
-    child_pid = ap_call_exec(r, pinfo, argv0, env, 0);
-
-    /* Uh oh.  Still here.  Where's the kaboom?  There was supposed to be an
-     * EARTH-shattering kaboom!
-     *
-     * Oh, well.  Muddle through as best we can...
-     *
-     * Note that only stderr is available at this point, so don't pass in
-     * a server to aplog_error.
-     */
-
-    ap_log_error(APLOG_MARK, APLOG_ERR, NULL, "exec of %s failed", r->filename);
-    exit(0);
-    /* NOT REACHED */
-    return (0);
-}
-
-static int cgi_handler(request_rec *r)
-{
-    int retval, nph, dbpos = 0;
-    char *argv0, *dbuf = NULL;
-    BUFF *script_out, *script_in, *script_err;
-    char argsbuffer[HUGE_STRING_LEN];
-    int is_included = !strcmp(r->protocol, "INCLUDED");
-    void *sconf = r->server->module_config;
-    cgi_server_conf *conf =
-    (cgi_server_conf *) ap_get_module_config(sconf, &cgi_module);
-
-    struct cgi_child_stuff cld;
-
-    if (r->method_number == M_OPTIONS) {
-	/* 99 out of 100 CGI scripts, this is all they support */
-	r->allowed |= (1 << M_GET);
-	r->allowed |= (1 << M_POST);
-	return DECLINED;
-    }
-
-    if ((argv0 = strrchr(r->filename, '/')) != NULL)
-	argv0++;
-    else
-	argv0 = r->filename;
-
-    nph = !(strncmp(argv0, "nph-", 4));
-
-    if (!(ap_allow_options(r) & OPT_EXECCGI) && !is_scriptaliased(r))
-	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-			       "Options ExecCGI is off in this directory");
-    if (nph && is_included)
-	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-			       "attempt to include NPH CGI script");
-
-    if (r->finfo.st_mode == 0)
-	return log_scripterror(r, conf, NOT_FOUND, APLOG_NOERRNO,
-			       "script not found or unable to stat");
-    if (S_ISDIR(r->finfo.st_mode))
-	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-			       "attempt to invoke directory as script");
-    if (!ap_suexec_enabled) {
-	if (!ap_can_exec(&r->finfo))
-	    return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-				   "file permissions deny server execution");
-    }
-
-    if ((retval = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))
-	return retval;
-
-    ap_add_common_vars(r);
-    cld.argv0 = argv0;
-    cld.r = r;
-    cld.nph = nph;
-    cld.debug = conf->logname ? 1 : 0;
-
-    /*
-     * we spawn out of r->main if it's there so that we can avoid
-     * waiting for free_proc_chain to cleanup in the middle of an
-     * SSI request -djg
-     */
-    if (!ap_bspawn_child(r->main ? r->main->pool : r->pool, cgi_child,
-			 (void *) &cld, kill_after_timeout,
-			 &script_out, &script_in, &script_err)) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "couldn't spawn child process: %s", r->filename);
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /* Transfer any put/post args, CERN style...
-     * Note that we already ignore SIGPIPE in the core server.
-     */
-
-    if (ap_should_client_block(r)) {
-	int dbsize, len_read;
-
-	if (conf->logname) {
-	    dbuf = ap_pcalloc(r->pool, conf->bufbytes + 1);
-	    dbpos = 0;
-	}
-
-	ap_hard_timeout("copy script args", r);
-
-	while ((len_read =
-		ap_get_client_block(r, argsbuffer, HUGE_STRING_LEN)) > 0) {
-	    if (conf->logname) {
-		if ((dbpos + len_read) > conf->bufbytes) {
-		    dbsize = conf->bufbytes - dbpos;
-		}
-		else {
-		    dbsize = len_read;
-		}
-		memcpy(dbuf + dbpos, argsbuffer, dbsize);
-		dbpos += dbsize;
-	    }
-	    ap_reset_timeout(r);
-	    if (ap_bwrite(script_out, argsbuffer, len_read) < len_read) {
-		/* silly script stopped reading, soak up remaining message */
-		while (ap_get_client_block(r, argsbuffer, HUGE_STRING_LEN) > 0) {
-		    /* dump it */
-		}
-		break;
-	    }
-	}
-
-	ap_bflush(script_out);
-
-	ap_kill_timeout(r);
-    }
-
-    ap_bclose(script_out);
-
-    /* Handle script return... */
-    if (script_in && !nph) {
-	const char *location;
-	char sbuf[MAX_STRING_LEN];
-	int ret;
-
-	if ((ret = ap_scan_script_header_err_buff(r, script_in, sbuf))) {
-	    return log_script(r, conf, ret, dbuf, sbuf, script_in, script_err);
-	}
-
-	location = ap_table_get(r->headers_out, "Location");
-
-	if (location && location[0] == '/' && r->status == 200) {
-
-	    /* Soak up all the script output */
-	    ap_hard_timeout("read from script", r);
-	    while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_in) > 0) {
-		continue;
-	    }
-	    while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0) {
-	        continue;
-	    }
-	    ap_kill_timeout(r);
-
-
-	    /* This redirect needs to be a GET no matter what the original
-	     * method was.
-	     */
-	    r->method = ap_pstrdup(r->pool, "GET");
-	    r->method_number = M_GET;
-
-	    /* We already read the message body (if any), so don't allow
-	     * the redirected request to think it has one.  We can ignore 
-	     * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR.
-	     */
-	    ap_table_unset(r->headers_in, "Content-Length");
-
-	    ap_internal_redirect_handler(location, r);
-	    return OK;
-	}
-	else if (location && r->status == 200) {
-	    /* XX Note that if a script wants to produce its own Redirect
-	     * body, it now has to explicitly *say* "Status: 302"
-	     */
-	    return REDIRECT;
-	}
-
-	ap_send_http_header(r);
-	if (!r->header_only) {
-	    ap_send_fb(script_in, r);
-	}
-	ap_bclose(script_in);
-
-	ap_soft_timeout("soaking script stderr", r);
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0) {
-	    continue;
-	}
-	ap_kill_timeout(r);
-	ap_bclose(script_err);
-    }
-
-    if (script_in && nph) {
-	ap_send_fb(script_in, r);
-    }
-
-    return OK;			/* NOT r->status, even if it has changed. */
-}
-
-static const handler_rec cgi_handlers[] =
-{
-    {CGI_MAGIC_TYPE, cgi_handler},
-    {"cgi-script", cgi_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT cgi_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    NULL,			/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    create_cgi_config,		/* server config */
-    merge_cgi_config,		/* merge server config */
-    cgi_cmds,			/* command table */
-    cgi_handlers,		/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_digest.c b/usr.sbin/httpd/src/modules/standard/mod_digest.c
deleted file mode 100644
index d684bd838d8..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_digest.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/*	$OpenBSD: mod_digest.c,v 1.11 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_digest: MD5 digest authentication
- * 
- * by Alexei Kosut <akosut@nueva.pvt.k12.ca.us>
- * based on mod_auth, by Rob McCool and Robert S. Thau
- *
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "util_md5.h"
-
-typedef struct digest_config_struct {
-    char *pwfile;
-} digest_config_rec;
-
-typedef struct digest_header_struct {
-    char *username;
-    char *realm;
-    char *nonce;
-    char *requested_uri;
-    char *digest;
-} digest_header_rec;
-
-static void *create_digest_dir_config(pool *p, char *d)
-{
-    return ap_pcalloc(p, sizeof(digest_config_rec));
-}
-
-static const char *set_digest_slot(cmd_parms *cmd, void *offset, char *f, char *t)
-{
-    if (t && strcmp(t, "standard"))
-	return ap_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
-
-    return ap_set_string_slot(cmd, offset, f);
-}
-
-static const command_rec digest_cmds[] =
-{
-    {"AuthDigestFile", set_digest_slot,
-  (void *) XtOffsetOf(digest_config_rec, pwfile), OR_AUTHCFG, TAKE12, NULL},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT digest_module;
-
-static char *get_hash(request_rec *r, char *user, char *auth_pwfile)
-{
-    configfile_t *f;
-    char l[MAX_STRING_LEN];
-    const char *rpw;
-    char *w, *x;
-
-    if (!(f = ap_pcfg_openfile(r->pool, auth_pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "Could not open password file: %s", auth_pwfile);
-	return NULL;
-    }
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	rpw = l;
-	w = ap_getword(r->pool, &rpw, ':');
-	x = ap_getword(r->pool, &rpw, ':');
-
-	if (x && w && !strcmp(user, w) && !strcmp(ap_auth_name(r), x)) {
-	    ap_cfg_closefile(f);
-	    return ap_pstrdup(r->pool, rpw);
-	}
-    }
-    ap_cfg_closefile(f);
-    return NULL;
-}
-
-/* Parse the Authorization header, if it exists */
-
-static int get_digest_rec(request_rec *r, digest_header_rec * response)
-{
-    const char *auth_line;
-    int l;
-    int s, vk = 0, vv = 0;
-    const char *t;
-    char *key, *value;
-    const char *scheme;
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
-	return DECLINED;
-
-    if (!ap_auth_name(r)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "need AuthName: %s", r->uri);
-	return SERVER_ERROR;
-    }
-
-    auth_line = ap_table_get(r->headers_in,
-			     r->proxyreq == STD_PROXY ? "Proxy-Authorization"
-			                              : "Authorization");
-    if (!auth_line) {
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-
-    if (strcasecmp(scheme = ap_getword_white(r->pool, &auth_line), "Digest")) {
-	/* Client tried to authenticate using wrong auth scheme */
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
-		    "client used wrong authentication scheme: %s for %s", 
-		    scheme, r->uri);
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-
-    l = strlen(auth_line);
-
-    /* Note we don't allocate l + 1 bytes for these deliberately, because
-     * there has to be at least one '=' character for either of these two
-     * new strings to be terminated.  That takes care of the need for +1.
-     */
-    key = ap_palloc(r->pool, l);
-    value = ap_palloc(r->pool, l);
-
-    /* There's probably a better way to do this, but for the time being... 
-     *
-     * Right now the parsing is very 'slack'. Actual rules from RFC 2617 are:
-     *
-     * Authorization     = "Digest" digest-response
-     * digest-response   = 1#( username | realm | nonce | digest-uri |
-     * 				response | [ cnonce ] | [ algorithm ] |
-     *                    	[opaque] | [message-qop] | [nonce-count] |
-     *				[auth-param] )			(see note 4)
-     * username           = "username" "=" username-value
-     *   username-value   = quoted-string
-     * digest-uri         = "uri" "=" digest-uri-value
-     *   digest-uri-value = request-uri         
-     * message-qop      = "qop" "=" qop-value
-     *   qop-options       = "qop" "=" <"> 1#qop-value <">      (see note 3)
-     *   qop-value         = "auth" | "auth-int" | token
-     * cnonce           = "cnonce" "=" cnonce-value
-     *    cnonce-value     = nonce-value
-     * nonce-count      = "nc" "=" nc-value
-     *    nc-value         = 8LHEX
-     * response           = "response" "=" response-digest
-     *   response-digest  = <"> *LHEX <">
-     *     LHEX           = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
-     *                      "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f"
-     * 
-     * Current Discrepancies:
-     *   quoted-string	 	section 2.2 of RFC 2068
-     *   --> We also acccept unquoted strings or strings
-     *       like foo" bar". And take a space, comma or EOL as
-     *       the terminator in that case.
-     *
-     *   request-uri		section 5.1 of RFC 2068
-     *   --> We currently also accept any quoted string - and
-     *       ignore those quotes.
-     *
-     *   response/entity-digest
-     *   --> We ignore the presense of the " if any.
-     *
-     * Note: There is an inherent problem with the request URI; as it should
-     *       be used unquoted - yet may contain a ',' - which is used as
-     *       a terminator:       
-     *       Authorization: Digest username="dirkx", realm="DAV", nonce="1031662894",
-     *       uri=/mary,+dirkx,+peter+and+mary.ics, response="99a6275793be28c31a5b6e4467fa4c79",
-     *       algorithm=MD5
-     *
-     * Note3: Taken from section 3.2.1 - as this is not actually defined in section 3.2.2 
-     *       which deals with the Authorization Request Header.
-     *
-     * Note4: The 'comma separated' list concept is refered to in the RFC
-     *       but whitespace eating and other such things are assumed to be
-     *       as per MIME/RFC2068 spec.
-     */
-
-#define D_KEY 0
-#define D_VALUE 1
-#define D_STRING 2
-#define D_EXIT -1
-
-    s = D_KEY;
-    while (s != D_EXIT) {
-	switch (s) {
-	case D_STRING:
-	    if (auth_line[0] == '\"') {
-		s = D_VALUE;
-	    }
-	    else {
-		value[vv] = auth_line[0];
-		vv++;
-	    }
-	    auth_line++;
-	    break;
-
-	case D_VALUE:
-	    /* A request URI may be unquoted and yet
-             * contain non alpha/num chars. (Though gets terminated by 
-             * a ',' - which in fact may be in the URI - so I guess 
-             * 2069 should be updated to suggest strongly to quote).
-             */
-	    if (auth_line[0] == '\"') {
-		s = D_STRING;
-	    }
-	    else if ((auth_line[0] != ',') && (auth_line[0] != ' ') && (auth_line[0] != '\0')) {
-		value[vv] = auth_line[0];
-		vv++;
-	    }
-	    else {
-		value[vv] = '\0';
-
-		if (!strcasecmp(key, "username"))
-		    response->username = ap_pstrdup(r->pool, value);
-		else if (!strcasecmp(key, "realm"))
-		    response->realm = ap_pstrdup(r->pool, value);
-		else if (!strcasecmp(key, "nonce"))
-		    response->nonce = ap_pstrdup(r->pool, value);
-		else if (!strcasecmp(key, "uri"))
-		    response->requested_uri = ap_pstrdup(r->pool, value);
-		else if (!strcasecmp(key, "response"))
-		    response->digest = ap_pstrdup(r->pool, value);
-
-		vv = 0;
-		s = D_KEY;
-	    }
-	    auth_line++;
-	    break;
-
-	case D_KEY:
-	    if (ap_isalnum(auth_line[0])) {
-		key[vk] = auth_line[0];
-		vk++;
-	    }
-	    else if (auth_line[0] == '=') {
-		key[vk] = '\0';
-		vk = 0;
-		s = D_VALUE;
-	    }
-	    auth_line++;
-	    break;
-	}
-
-	if (auth_line[-1] == '\0')
-	    s = D_EXIT;
-    }
-
-    if (!response->username || !response->realm || !response->nonce ||
-	!response->requested_uri || !response->digest) {
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-
-    r->connection->user = response->username;
-    r->connection->ap_auth_type = "Digest";
-
-    return OK;
-}
-
-/* The actual MD5 code... whee */
-
-/* Check that a given nonce is actually one which was
- * issued by this server in the right context.
- */
-static int check_nonce(pool *p, const char *prefix, const char *nonce) {
-    char *timestamp = (char *)nonce + 2 * MD5_DIGESTSIZE;
-    char *md5;
-
-    if (strlen(nonce) < MD5_DIGESTSIZE)
-       return AUTH_REQUIRED;
-
-    md5 = ap_md5(p, (unsigned char *)ap_pstrcat(p, prefix, timestamp, NULL));
-
-    return strncmp(md5, nonce, 2 * MD5_DIGESTSIZE);
-}
-
-/* Check the digest itself.
- */
-static char *find_digest(request_rec *r, digest_header_rec * h, char *a1)
-{
-    return ap_md5(r->pool,
-		  (unsigned char *)ap_pstrcat(r->pool, a1, ":", h->nonce, ":",
-					   ap_md5(r->pool,
-		           (unsigned char *)ap_pstrcat(r->pool, r->method, ":",
-						    h->requested_uri, NULL)),
-					   NULL));
-}
-
-/* These functions return 0 if client is OK, and proper error status
- * if not... either AUTH_REQUIRED, if we made a check, and it failed, or
- * SERVER_ERROR, if things are so totally confused that we couldn't
- * figure out how to tell if the client is authorized or not.
- *
- * If they return DECLINED, and all other modules also decline, that's
- * treated by the server core as a configuration error, logged and
- * reported as such.
- */
-
-/* Determine user ID, and check if it really is that user, for HTTP
- * basic authentication...
- */
-
-static int authenticate_digest_user(request_rec *r)
-{
-    digest_config_rec *sec =
-    (digest_config_rec *) ap_get_module_config(r->per_dir_config,
-					    &digest_module);
-    digest_header_rec *response = ap_pcalloc(r->pool, sizeof(digest_header_rec));
-    conn_rec *c = r->connection;
-    char *a1;
-    int res;
-
-    if ((res = get_digest_rec(r, response)))
-	return res;
-
-    if (!sec->pwfile)
-	return DECLINED;
-
-    /* Check that the nonce was one we actually issued. */
-    if (check_nonce(r->pool, ap_auth_nonce(r), response->nonce)) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-            "Client is using a nonce which was not issued by "
-            "this server for this context: %s", r->uri);
-        ap_note_digest_auth_failure(r);
-        return AUTH_REQUIRED;
-    }
-
-    if (!(a1 = get_hash(r, c->user, sec->pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "user %s not found: %s", c->user, r->uri);
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    if (strcmp(response->digest, find_digest(r, response, a1))) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "user %s: password mismatch: %s", c->user, r->uri);
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    return OK;
-}
-
-/* Checking ID */
-
-static int digest_check_auth(request_rec *r)
-{
-    char *user = r->connection->user;
-    int m = r->method_number;
-    int method_restricted = 0;
-     int x;
-    const char *t;
-    char *w;
-    const array_header *reqs_arr;
-    require_line *reqs;
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
-	return DECLINED;
-
-    reqs_arr = ap_requires(r);
-    /* If there is no "requires" directive, 
-     * then any user will do.
-     */
-    if (!reqs_arr)
-	return OK;
-    reqs = (require_line *) reqs_arr->elts;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-	if (!(reqs[x].method_mask & (1 << m)))
-	    continue;
-
-	method_restricted = 1;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-	if (!strcmp(w, "valid-user"))
-	    return OK;
-	else if (!strcmp(w, "user")) {
-	    while (t[0]) {
-		w = ap_getword_conf(r->pool, &t);
-		if (!strcmp(user, w))
-		    return OK;
-	    }
-	}
-	else
-	    return DECLINED;
-    }
-
-    if (!method_restricted)
-	return OK;
-
-    ap_note_digest_auth_failure(r);
-    return AUTH_REQUIRED;
-}
-
-module MODULE_VAR_EXPORT digest_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_digest_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    digest_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    authenticate_digest_user,	/* check_user_id */
-    digest_check_auth,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_dir.c b/usr.sbin/httpd/src/modules/standard/mod_dir.c
deleted file mode 100644
index 92307920f90..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_dir.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_dir.c: handle default index files, and trailing-/ redirects
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_request.h"
-#include "http_protocol.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "util_script.h"
-
-module MODULE_VAR_EXPORT dir_module;
-
-typedef struct dir_config_struct {
-    array_header *index_names;
-} dir_config_rec;
-
-#define DIR_CMD_PERMS OR_INDEXES
-
-static const char *add_index(cmd_parms *cmd, void *dummy, char *arg)
-{
-    dir_config_rec *d = dummy;
-
-    if (!d->index_names) {
-	d->index_names = ap_make_array(cmd->pool, 2, sizeof(char *));
-    }
-    *(char **)ap_push_array(d->index_names) = arg;
-    return NULL;
-}
-
-static const command_rec dir_cmds[] =
-{
-    {"DirectoryIndex", add_index, NULL,
-     DIR_CMD_PERMS, ITERATE,
-     "a list of file names"},
-    {NULL}
-};
-
-static void *create_dir_config(pool *p, char *dummy)
-{
-    dir_config_rec *new =
-    (dir_config_rec *) ap_pcalloc(p, sizeof(dir_config_rec));
-
-    new->index_names = NULL;
-    return (void *) new;
-}
-
-static void *merge_dir_configs(pool *p, void *basev, void *addv)
-{
-    dir_config_rec *new = (dir_config_rec *) ap_pcalloc(p, sizeof(dir_config_rec));
-    dir_config_rec *base = (dir_config_rec *) basev;
-    dir_config_rec *add = (dir_config_rec *) addv;
-
-    new->index_names = add->index_names ? add->index_names : base->index_names;
-    return new;
-}
-
-static int handle_dir(request_rec *r)
-{
-    dir_config_rec *d =
-    (dir_config_rec *) ap_get_module_config(r->per_dir_config,
-                                         &dir_module);
-    char *dummy_ptr[1];
-    char **names_ptr;
-    int num_names;
-    int error_notfound = 0;
-
-    if (r->uri[0] == '\0' || r->uri[strlen(r->uri) - 1] != '/') {
-        char *ifile;
-        if (r->args != NULL)
-            ifile = ap_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
-                            "/", "?", r->args, NULL);
-        else
-            ifile = ap_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
-                            "/", NULL);
-
-        ap_table_setn(r->headers_out, "Location",
-                  ap_construct_url(r->pool, ifile, r));
-        return HTTP_MOVED_PERMANENTLY;
-    }
-
-    /* KLUDGE --- make the sub_req lookups happen in the right directory.
-     * Fixing this in the sub_req_lookup functions themselves is difficult,
-     * and would probably break virtual includes...
-     */
-
-    if (r->filename[strlen(r->filename) - 1] != '/') {
-        r->filename = ap_pstrcat(r->pool, r->filename, "/", NULL);
-    }
-
-    if (d->index_names) {
-	names_ptr = (char **)d->index_names->elts;
-	num_names = d->index_names->nelts;
-    }
-    else {
-	dummy_ptr[0] = DEFAULT_INDEX;
-	names_ptr = dummy_ptr;
-	num_names = 1;
-    }
-
-    for (; num_names; ++names_ptr, --num_names) {
-        char *name_ptr = *names_ptr;
-        request_rec *rr = ap_sub_req_lookup_uri(name_ptr, r);
-
-        if (rr->status == HTTP_OK && S_ISREG(rr->finfo.st_mode)) {
-            char *new_uri = ap_escape_uri(r->pool, rr->uri);
-
-            if (rr->args != NULL)
-                new_uri = ap_pstrcat(r->pool, new_uri, "?", rr->args, NULL);
-            else if (r->args != NULL)
-                new_uri = ap_pstrcat(r->pool, new_uri, "?", r->args, NULL);
-
-            ap_destroy_sub_req(rr);
-            ap_internal_redirect(new_uri, r);
-            return OK;
-        }
-
-        /* If the request returned a redirect, propagate it to the client */
-
-        if (ap_is_HTTP_REDIRECT(rr->status) ||
-            (rr->status == HTTP_NOT_ACCEPTABLE && num_names == 1) ||
-            (rr->status == HTTP_UNAUTHORIZED && num_names == 1)) {
-
-            ap_pool_join(r->pool, rr->pool);
-            error_notfound = rr->status;
-            r->notes = ap_overlay_tables(r->pool, r->notes, rr->notes);
-            r->headers_out = ap_overlay_tables(r->pool, r->headers_out,
-                                            rr->headers_out);
-            r->err_headers_out = ap_overlay_tables(r->pool, r->err_headers_out,
-                                                rr->err_headers_out);
-            return error_notfound;
-        }
-
-        /* If the request returned something other than 404 (or 200),
-         * it means the module encountered some sort of problem. To be
-         * secure, we should return the error, rather than create
-         * along a (possibly unsafe) directory index.
-         *
-         * So we store the error, and if none of the listed files
-         * exist, we return the last error response we got, instead
-         * of a directory listing.
-         */
-        if (rr->status && rr->status != HTTP_NOT_FOUND && rr->status != HTTP_OK)
-            error_notfound = rr->status;
-
-        ap_destroy_sub_req(rr);
-    }
-
-    if (error_notfound)
-        return error_notfound;
-
-    if (r->method_number != M_GET)
-        return DECLINED;
-
-    /* nothing for us to do, pass on through */
-
-    return DECLINED;
-}
-
-
-static const handler_rec dir_handlers[] =
-{
-    {DIR_MAGIC_TYPE, handle_dir},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT dir_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_dir_config,          /* dir config creater */
-    merge_dir_configs,          /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    dir_cmds,                   /* command table */
-    dir_handlers,               /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_env.c b/usr.sbin/httpd/src/modules/standard/mod_env.c
deleted file mode 100644
index 16037b1db30..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_env.c
+++ /dev/null
@@ -1,280 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_env.c
- * version 0.0.5
- * status beta
- * Pass environment variables to CGI/SSI scripts.
- * 
- * Andrew Wilson <Andrew.Wilson@cm.cf.ac.uk> 06.Dec.95
- *
- * Change log:
- * 08.Dec.95 Now allows PassEnv directive to appear more than once in
- *           conf files.
- * 10.Dec.95 optimisation.  getenv() only called at startup and used 
- *           to build a fast-to-access table.  table used to build 
- *           per-server environment for each request.
- *           robustness.  better able to handle errors in configuration
- *           files:
- *           1)  PassEnv directive present, but no environment variable listed
- *           2)  PassEnv FOO present, but $FOO not present in environment
- *           3)  no PassEnv directive present
- * 23.Dec.95 Now allows SetEnv directive with same semantics as 'sh' setenv:
- *              SetEnv Var      sets Var to the empty string
- *              SetEnv Var Val  sets Var to the value Val
- *           Values containing whitespace should be quoted, eg:
- *              SetEnv Var "this is some text"
- *           Environment variables take their value from the last instance
- *           of PassEnv / SetEnv to be reached in the configuration file.
- *           For example, the sequence:
- *              PassEnv FOO
- *              SetEnv FOO override
- *           Causes FOO to take the value 'override'.
- * 23.Feb.96 Added UnsetEnv directive to allow environment variables
- *           to be removed.
- *           Virtual hosts now 'inherit' parent server environment which
- *           they're able to overwrite with their own directives or
- *           selectively ignore with UnsetEnv.
- *       *** IMPORTANT - the way that virtual hosts inherit their ***
- *       *** environment variables from the default server's      ***
- *       *** configuration has changed.  You should test your     ***
- *       *** configuration carefully before accepting this        ***
- *       *** version of the module in a live webserver which used ***
- *       *** older versions of the module.                        ***
- */
-
-#include "httpd.h"
-#include "http_config.h"
-
-typedef struct {
-    table *vars;
-    char *unsetenv;
-    int vars_present;
-} env_dir_config_rec;
-
-module MODULE_VAR_EXPORT env_module;
-
-static void *create_env_dir_config(pool *p, char *dummy)
-{
-    env_dir_config_rec *new =
-    (env_dir_config_rec *) ap_palloc(p, sizeof(env_dir_config_rec));
-    new->vars = ap_make_table(p, 50);
-    new->unsetenv = "";
-    new->vars_present = 0;
-    return (void *) new;
-}
-
-static void *merge_env_dir_configs(pool *p, void *basev, void *addv)
-{
-    env_dir_config_rec *base = (env_dir_config_rec *) basev;
-    env_dir_config_rec *add = (env_dir_config_rec *) addv;
-    env_dir_config_rec *new =
-    (env_dir_config_rec *) ap_palloc(p, sizeof(env_dir_config_rec));
-
-    table *new_table;
-    table_entry *elts;
-    array_header *arr;
-
-    int i;
-    const char *uenv, *unset;
-
-    /* 
-     * new_table = copy_table( p, base->vars );
-     * foreach $element ( @add->vars ) {
-     *     table_set( new_table, $element.key, $element.val );
-     * };
-     * foreach $unsetenv ( @UNSETENV ) {
-     *     table_unset( new_table, $unsetenv );
-     * }
-     */
-
-    new_table = ap_copy_table(p, base->vars);
-
-    arr = ap_table_elts(add->vars);
-    elts = (table_entry *)arr->elts;
-
-    for (i = 0; i < arr->nelts; ++i) {
-        ap_table_setn(new_table, elts[i].key, elts[i].val);
-    }
-
-    unset = add->unsetenv;
-    uenv = ap_getword_conf(p, &unset);
-    while (uenv[0] != '\0') {
-        ap_table_unset(new_table, uenv);
-        uenv = ap_getword_conf(p, &unset);
-    }
-
-    new->vars = new_table;
-
-    new->vars_present = base->vars_present || add->vars_present;
-
-    return new;
-}
-
-static const char *add_env_module_vars_passed(cmd_parms *cmd,
-					      env_dir_config_rec *sconf,
-                                              const char *arg)
-{
-    table *vars = sconf->vars;
-    char *env_var;
-    char *name_ptr;
-
-    while (*arg) {
-        name_ptr = ap_getword_conf(cmd->pool, &arg);
-        env_var = getenv(name_ptr);
-        if (env_var != NULL) {
-            sconf->vars_present = 1;
-            ap_table_setn(vars, name_ptr, ap_pstrdup(cmd->pool, env_var));
-        }
-    }
-    return NULL;
-}
-
-static const char *add_env_module_vars_set(cmd_parms *cmd,
-					   env_dir_config_rec *sconf,
-                                           const char *arg)
-{
-    table *vars = sconf->vars;
-    char *name, *value;
-
-    name = ap_getword_conf(cmd->pool, &arg);
-    value = ap_getword_conf(cmd->pool, &arg);
-
-    /* name is mandatory, value is optional.  no value means
-     * set the variable to an empty string
-     */
-
-
-    if ((*name == '\0') || (*arg != '\0')) {
-        return "SetEnv takes one or two arguments.  An environment variable name and an optional value to pass to CGI.";
-    }
-
-    sconf->vars_present = 1;
-    ap_table_setn(vars, name, value);
-
-    return NULL;
-}
-
-static const char *add_env_module_vars_unset(cmd_parms *cmd,
-					     env_dir_config_rec *sconf,
-                                             char *arg)
-{
-    sconf->unsetenv = sconf->unsetenv ?
-        ap_pstrcat(cmd->pool, sconf->unsetenv, " ", arg, NULL) :
-         arg;
-
-    if (sconf->vars_present && !cmd->path) {
-        /* if {Set,Pass}Env FOO, UnsetEnv FOO
-         * are in the base config, merge never happens,
-         * unset never happens, so just unset now
-         */
-        ap_table_unset(sconf->vars, arg);
-    }
-
-    return NULL;
-}
-
-static const command_rec env_module_cmds[] =
-{
-    {"PassEnv", add_env_module_vars_passed, NULL,
-     OR_FILEINFO, RAW_ARGS, "a list of environment variables to pass to CGI."},
-    {"SetEnv", add_env_module_vars_set, NULL,
-     OR_FILEINFO, RAW_ARGS, "an environment variable name and a value to pass to CGI."},
-    {"UnsetEnv", add_env_module_vars_unset, NULL,
-     OR_FILEINFO, RAW_ARGS, "a list of variables to remove from the CGI environment."},
-    {NULL},
-};
-
-static int fixup_env_module(request_rec *r)
-{
-    table *e = r->subprocess_env;
-    env_dir_config_rec *sconf = ap_get_module_config(r->per_dir_config,
-                                                     &env_module);
-    table *vars = sconf->vars;
-
-    if (!sconf->vars_present)
-        return DECLINED;
-
-    r->subprocess_env = ap_overlay_tables(r->pool, e, vars);
-
-    return OK;
-}
-
-module MODULE_VAR_EXPORT env_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_env_dir_config,      /* dir config creater */
-    merge_env_dir_configs,      /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server configs */
-    env_module_cmds,            /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    fixup_env_module,           /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_expires.c b/usr.sbin/httpd/src/modules/standard/mod_expires.c
deleted file mode 100644
index 238f03c0368..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_expires.c
+++ /dev/null
@@ -1,515 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_expires.c
- * version 0.0.11
- * status beta
- * 
- * Andrew Wilson <Andrew.Wilson@cm.cf.ac.uk> 26.Jan.96
- *
- * This module allows you to control the form of the Expires: header
- * that Apache issues for each access.  Directives can appear in
- * configuration files or in .htaccess files so expiry semantics can
- * be defined on a per-directory basis.  
- *
- * DIRECTIVE SYNTAX
- *
- * Valid directives are:
- *
- *     ExpiresActive on | off
- *     ExpiresDefault <code><seconds>
- *     ExpiresByType type/encoding <code><seconds>
- *
- * Valid values for <code> are:
- *
- *     'M'      expires header shows file modification date + <seconds>
- *     'A'      expires header shows access time + <seconds>
- *
- *              [I'm not sure which of these is best under different
- *              circumstances, I guess it's for other people to explore.
- *              The effects may be indistinguishable for a number of cases]
- *
- * <seconds> should be an integer value [acceptable to atoi()]
- *
- * There is NO space between the <code> and <seconds>.
- *
- * For example, a directory which contains information which changes
- * frequently might contain:
- *
- *     # reports generated by cron every hour.  don't let caches
- *     # hold onto stale information
- *     ExpiresDefault M3600
- *
- * Another example, our html pages can change all the time, the gifs
- * tend not to change often:
- * 
- *     # pages are hot (1 week), images are cold (1 month)
- *     ExpiresByType text/html A604800
- *     ExpiresByType image/gif A2592000
- *
- * Expires can be turned on for all URLs on the server by placing the
- * following directive in a conf file:
- *
- *     ExpiresActive on
- *
- * ExpiresActive can also appear in .htaccess files, enabling the
- * behaviour to be turned on or off for each chosen directory.
- *
- *     # turn off Expires behaviour in this directory
- *     # and subdirectories
- *     ExpiresActive off
- *
- * Directives defined for a directory are valid in subdirectories
- * unless explicitly overridden by new directives in the subdirectory
- * .htaccess files.
- *
- * ALTERNATIVE DIRECTIVE SYNTAX
- *
- * Directives can also be defined in a more readable syntax of the form:
- *
- *     ExpiresDefault "<base> [plus] {<num> <type>}*"
- *     ExpiresByType type/encoding "<base> [plus] {<num> <type>}*"
- *
- * where <base> is one of:
- *      access  
- *      now             equivalent to 'access'
- *      modification
- *
- * where the 'plus' keyword is optional
- *
- * where <num> should be an integer value [acceptable to atoi()]
- *
- * where <type> is one of:
- *      years
- *      months
- *      weeks
- *      days
- *      hours
- *      minutes
- *      seconds
- *
- * For example, any of the following directives can be used to make
- * documents expire 1 month after being accessed, by default:
- *
- *      ExpiresDefault "access plus 1 month"
- *      ExpiresDefault "access plus 4 weeks"
- *      ExpiresDefault "access plus 30 days"
- *
- * The expiry time can be fine-tuned by adding several '<num> <type>'
- * clauses:
- *
- *      ExpiresByType text/html "access plus 1 month 15 days 2 hours"
- *      ExpiresByType image/gif "modification plus 5 hours 3 minutes"
- *
- * ---
- *
- * Change-log:
- * 29.Jan.96    Hardened the add_* functions.  Server will now bail out
- *              if bad directives are given in the conf files.
- * 02.Feb.96    Returns DECLINED if not 'ExpiresActive on', giving other
- *              expires-aware modules a chance to play with the same
- *              directives. [Michael Rutman]
- * 03.Feb.96    Call tzset() before localtime().  Trying to get the module
- *              to work properly in non GMT timezones.
- * 12.Feb.96    Modified directive syntax to allow more readable commands:
- *                ExpiresDefault "now plus 10 days 20 seconds"
- *                ExpiresDefault "access plus 30 days"
- *                ExpiresDefault "modification plus 1 year 10 months 30 days"
- * 13.Feb.96    Fix call to table_get() with NULL 2nd parameter [Rob Hartill]
- * 19.Feb.96    Call gm_timestr_822() to get time formatted correctly, can't
- *              rely on presence of HTTP_TIME_FORMAT in Apache 1.1+.
- * 21.Feb.96    This version (0.0.9) reverses assumptions made in 0.0.8
- *              about star/star handlers.  Reverting to 0.0.7 behaviour.
- * 08.Jun.96    allows ExpiresDefault to be used with responses that use 
- *              the DefaultType by not DECLINING, but instead skipping 
- *              the table_get check and then looking for an ExpiresDefault.
- *              [Rob Hartill]
- * 04.Nov.96    'const' definitions added.
- *
- * TODO
- * add support for Cache-Control: max-age=20 from the HTTP/1.1
- * proposal (in this case, a ttl of 20 seconds) [ask roy]
- * add per-file expiry and explicit expiry times - duplicates some
- * of the mod_cern_meta.c functionality.  eg:
- *              ExpiresExplicit index.html "modification plus 30 days"
- *
- * BUGS
- * Hi, welcome to the internet.
- */
-
-#include <ctype.h>
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-
-typedef struct {
-    int active;
-    char *expiresdefault;
-    table *expiresbytype;
-} expires_dir_config;
-
-/* from mod_dir, why is this alias used?
- */
-#define DIR_CMD_PERMS OR_INDEXES
-
-#define ACTIVE_ON       1
-#define ACTIVE_OFF      0
-#define ACTIVE_DONTCARE 2
-
-module MODULE_VAR_EXPORT expires_module;
-
-static void *create_dir_expires_config(pool *p, char *dummy)
-{
-    expires_dir_config *new =
-    (expires_dir_config *) ap_pcalloc(p, sizeof(expires_dir_config));
-    new->active = ACTIVE_DONTCARE;
-    new->expiresdefault = "";
-    new->expiresbytype = ap_make_table(p, 4);
-    return (void *) new;
-}
-
-static const char *set_expiresactive(cmd_parms *cmd, expires_dir_config * dir_config, int arg)
-{
-    /* if we're here at all it's because someone explicitly
-     * set the active flag
-     */
-    dir_config->active = ACTIVE_ON;
-    if (arg == 0) {
-        dir_config->active = ACTIVE_OFF;
-    };
-    return NULL;
-}
-
-/* check_code() parse 'code' and return NULL or an error response
- * string.  If we return NULL then real_code contains code converted
- * to the cnnnn format.
- */
-static char *check_code(pool *p, const char *code, char **real_code)
-{
-    char *word;
-    char base = 'X';
-    int modifier = 0;
-    int num = 0;
-    int factor = 0;
-
-    /* 0.0.4 compatibility?
-     */
-    if ((code[0] == 'A') || (code[0] == 'M')) {
-        *real_code = (char *)code;
-        return NULL;
-    };
-
-    /* <base> [plus] {<num> <type>}*
-     */
-
-    /* <base>
-     */
-    word = ap_getword_conf(p, &code);
-    if (!strncasecmp(word, "now", 1) ||
-        !strncasecmp(word, "access", 1)) {
-        base = 'A';
-    }
-    else if (!strncasecmp(word, "modification", 1)) {
-        base = 'M';
-    }
-    else {
-        return ap_pstrcat(p, "bad expires code, unrecognised <base> '",
-                       word, "'", NULL);
-    };
-
-    /* [plus]
-     */
-    word = ap_getword_conf(p, &code);
-    if (!strncasecmp(word, "plus", 1)) {
-        word = ap_getword_conf(p, &code);
-    };
-
-    /* {<num> <type>}*
-     */
-    while (word[0]) {
-        /* <num>
-         */
-        if (ap_isdigit(word[0])) {
-            num = atoi(word);
-        }
-        else {
-            return ap_pstrcat(p, "bad expires code, numeric value expected <num> '",
-                           word, "'", NULL);
-        };
-
-        /* <type>
-         */
-        word = ap_getword_conf(p, &code);
-        if (word[0]) {
-            /* do nothing */
-        }
-        else {
-            return ap_pstrcat(p, "bad expires code, missing <type>", NULL);
-        };
-
-        factor = 0;
-        if (!strncasecmp(word, "years", 1)) {
-            factor = 60 * 60 * 24 * 365;
-        }
-        else if (!strncasecmp(word, "months", 2)) {
-            factor = 60 * 60 * 24 * 30;
-        }
-        else if (!strncasecmp(word, "weeks", 1)) {
-            factor = 60 * 60 * 24 * 7;
-        }
-        else if (!strncasecmp(word, "days", 1)) {
-            factor = 60 * 60 * 24;
-        }
-        else if (!strncasecmp(word, "hours", 1)) {
-            factor = 60 * 60;
-        }
-        else if (!strncasecmp(word, "minutes", 2)) {
-            factor = 60;
-        }
-        else if (!strncasecmp(word, "seconds", 1)) {
-            factor = 1;
-        }
-        else {
-            return ap_pstrcat(p, "bad expires code, unrecognised <type>",
-                           "'", word, "'", NULL);
-        };
-
-        modifier = modifier + factor * num;
-
-        /* next <num>
-         */
-        word = ap_getword_conf(p, &code);
-    };
-
-    *real_code = ap_psprintf(p, "%c%d", base, modifier);
-
-    return NULL;
-}
-
-static const char *set_expiresbytype(cmd_parms *cmd, expires_dir_config * dir_config, char *mime, char *code)
-{
-    char *response, *real_code;
-
-    if ((response = check_code(cmd->pool, code, &real_code)) == NULL) {
-        ap_table_setn(dir_config->expiresbytype, mime, real_code);
-        return NULL;
-    };
-    return ap_pstrcat(cmd->pool,
-                 "'ExpiresByType ", mime, " ", code, "': ", response, NULL);
-}
-
-static const char *set_expiresdefault(cmd_parms *cmd, expires_dir_config * dir_config, char *code)
-{
-    char *response, *real_code;
-
-    if ((response = check_code(cmd->pool, code, &real_code)) == NULL) {
-        dir_config->expiresdefault = real_code;
-        return NULL;
-    };
-    return ap_pstrcat(cmd->pool,
-                   "'ExpiresDefault ", code, "': ", response, NULL);
-}
-
-static const command_rec expires_cmds[] =
-{
-    {"ExpiresActive", set_expiresactive, NULL, DIR_CMD_PERMS, FLAG,
-     "Limited to 'on' or 'off'"},
-    {"ExpiresBytype", set_expiresbytype, NULL, DIR_CMD_PERMS, TAKE2,
-     "a MIME type followed by an expiry date code"},
-    {"ExpiresDefault", set_expiresdefault, NULL, DIR_CMD_PERMS, TAKE1,
-     "an expiry date code"},
-    {NULL}
-};
-
-static void *merge_expires_dir_configs(pool *p, void *basev, void *addv)
-{
-    expires_dir_config *new = (expires_dir_config *) ap_pcalloc(p, sizeof(expires_dir_config));
-    expires_dir_config *base = (expires_dir_config *) basev;
-    expires_dir_config *add = (expires_dir_config *) addv;
-
-    if (add->active == ACTIVE_DONTCARE) {
-        new->active = base->active;
-    }
-    else {
-        new->active = add->active;
-    };
-
-    if (add->expiresdefault != '\0') {
-        new->expiresdefault = add->expiresdefault;
-    };
-
-    new->expiresbytype = ap_overlay_tables(p, add->expiresbytype,
-                                        base->expiresbytype);
-    return new;
-}
-
-static int add_expires(request_rec *r)
-{
-    expires_dir_config *conf;
-    char *code;
-    time_t base;
-    time_t additional;
-    time_t expires;
-    char age[20];
-
-    if (ap_is_HTTP_ERROR(r->status))       /* Don't add Expires headers to errors */
-        return DECLINED;
-
-    if (r->main != NULL)        /* Say no to subrequests */
-        return DECLINED;
-
-    conf = (expires_dir_config *) ap_get_module_config(r->per_dir_config, &expires_module);
-    if (conf == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "internal error: %s", r->filename);
-        return SERVER_ERROR;
-    };
-
-    if (conf->active != ACTIVE_ON)
-        return DECLINED;
-
-    /* we perhaps could use the default_type(r) in its place but that
-     * may be 2nd guesing the desired configuration...  calling table_get
-     * with a NULL key will SEGV us
-     *
-     * I still don't know *why* r->content_type would ever be NULL, this
-     * is possibly a result of fixups being called in many different
-     * places.  Fixups is probably the wrong place to be doing all this
-     * work...  Bah.
-     *
-     * Changed as of 08.Jun.96 don't DECLINE, look for an ExpiresDefault.
-     */
-    if (r->content_type == NULL)
-        code = NULL;
-    else
-        code = (char *) ap_table_get(conf->expiresbytype, 
-		ap_field_noparam(r->pool, r->content_type));
-
-    if (code == NULL) {
-        /* no expires defined for that type, is there a default? */
-        code = conf->expiresdefault;
-
-        if (code[0] == '\0')
-            return OK;
-    };
-
-    /* we have our code */
-
-    switch (code[0]) {
-    case 'M':
-	if (r->finfo.st_mode == 0) { 
-	    /* file doesn't exist on disk, so we can't do anything based on
-	     * modification time.  Note that this does _not_ log an error.
-	     */
-	    return DECLINED;
-	}
-        base = r->finfo.st_mtime;
-        additional = atoi(&code[1]);
-        break;
-    case 'A':
-        /* there's been some discussion and it's possible that 
-         * 'access time' will be stored in request structure
-         */
-        base = r->request_time;
-        additional = atoi(&code[1]);
-        break;
-    default:
-        /* expecting the add_* routines to be case-hardened this 
-         * is just a reminder that module is beta
-         */
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "internal error: bad expires code: %s", r->filename);
-        return SERVER_ERROR;
-    };
-
-    expires = base + additional;
-    ap_snprintf(age, sizeof(age), "max-age=%d",
-		(int) expires - (int) r->request_time);
-    ap_table_mergen(r->headers_out, "Cache-Control", ap_pstrdup(r->pool, age));
-    tzset();                    /* redundant? called implicitly by localtime,
-				 * at least under FreeBSD
-                                 */
-    ap_table_setn(r->headers_out, "Expires",
-		  ap_gm_timestr_822(r->pool, expires));
-    return OK;
-}
-
-module MODULE_VAR_EXPORT expires_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_dir_expires_config,  /* dir config creater */
-    merge_expires_dir_configs,  /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server configs */
-    expires_cmds,               /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    add_expires,                /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_headers.c b/usr.sbin/httpd/src/modules/standard/mod_headers.c
deleted file mode 100644
index ca2b5e7b1c3..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_headers.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_headers.c: Add/append/remove HTTP response headers
- *     Written by Paul Sutton, paul@ukweb.com, 1 Oct 1996
- *     Updated with RequestHeader by Martin Algesten,
- *       puckman@taglab.com, 13 Jul 2002.
- *
- * New directive, Header, can be used to add/replace/remove HTTP headers.
- * Valid in both per-server and per-dir configurations.
- * In addition directive, RequestHeader, can be used exactly as Header but
- * with the difference that the header is added to the request headers rather
- * than the response.
- *
- * Syntax is:
- *
- *   Header        action header value
- *   RequestHeader action header value
- *
- * Where action is one of:
- *     set    - set this header, replacing any old value
- *     add    - add this header, possible resulting in two or more
- *              headers with the same name
- *     append - append this text onto any existing header of this same
- *     unset  - remove this header
- *
- * Where action is unset, the third argument (value) should not be given.
- * The header name can include the colon, or not.
- *
- * The directives can only be used where allowed by the FileInfo 
- * override.
- *
- * When the request is processed, the header directives are processed in
- * this order: firstly, the main server, then the virtual server handling
- * this request (if any), then any <Directory> sections (working downwards 
- * from the root dir), then an <Location> sections (working down from 
- * shortest URL component), the any <File> sections. This order is
- * important if any 'set' or 'unset' actions are used. For example,
- * the following two directives have different effect if applied in
- * the reverse order:
- *
- *   Header append Author "John P. Doe"
- *   Header unset Author
- *
- * Examples:
- *
- *  To set the "Author" header, use
- *     Header add Author "John P. Doe"
- *
- *  To remove a header:
- *     Header unset Author
- *
- */
-
-#include "httpd.h"
-#include "http_config.h"
-
-typedef enum {
-    hdr_add = 'a',              /* add header (could mean multiple hdrs) */
-    hdr_set = 's',              /* set (replace old value) */
-    hdr_append = 'm',           /* append (merge into any old value) */
-    hdr_unset = 'u'             /* unset header */
-} hdr_actions;
-
-
-typedef enum {
-    hdrs_in  = 'i',             /* Add header to incoming (request) headers */
-    hdrs_out = 'o'              /* Add header to outgoing (response) headers */
-} hdrs_inout;
-
-
-typedef struct {
-    hdrs_inout inout;
-    hdr_actions action;
-    char *header;
-    char *value;
-    int do_err;
-} header_entry;
-
-/*
- * headers_conf is our per-module configuration. This is used as both
- * a per-dir and per-server config
- */
-typedef struct {
-    array_header *headers;
-} headers_conf;
-
-module MODULE_VAR_EXPORT headers_module;
-
-static void *create_headers_config(pool *p, server_rec *s)
-{
-    headers_conf *a =
-    (headers_conf *) ap_pcalloc(p, sizeof(headers_conf));
-
-    a->headers = ap_make_array(p, 2, sizeof(header_entry));
-    return a;
-}
-
-static void *create_headers_dir_config(pool *p, char *d)
-{
-    return (headers_conf *) create_headers_config(p, NULL);
-}
-
-static void *merge_headers_config(pool *p, void *basev, void *overridesv)
-{
-    headers_conf *a =
-    (headers_conf *) ap_pcalloc(p, sizeof(headers_conf));
-    headers_conf *base = (headers_conf *) basev, *overrides = (headers_conf *) overridesv;
-
-    a->headers = ap_append_arrays(p, base->headers, overrides->headers);
-
-    return a;
-}
-
-static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value, hdrs_inout inout )
-{
-    header_entry *new;
-    server_rec *s = cmd->server;
-    headers_conf *serverconf =
-    (headers_conf *) ap_get_module_config(s->module_config, &headers_module);
-    char *colon;
-
-    if (cmd->path) {
-        new = (header_entry *) ap_push_array(dirconf->headers);
-    }
-    else {
-        new = (header_entry *) ap_push_array(serverconf->headers);
-    }
-
-    if (cmd->info) {
-	new->do_err = 1;
-    } else {
-	new->do_err = 0;
-    }
-
-    new->inout = inout;
-
-    if (!strcasecmp(action, "set"))
-        new->action = hdr_set;
-    else if (!strcasecmp(action, "add"))
-        new->action = hdr_add;
-    else if (!strcasecmp(action, "append"))
-        new->action = hdr_append;
-    else if (!strcasecmp(action, "unset"))
-        new->action = hdr_unset;
-    else
-        return "first argument must be add, set, append or unset.";
-
-    if (new->action == hdr_unset) {
-        if (value)
-            return "Header unset takes two arguments";
-    }
-    else if (!value)
-        return "Header requires three arguments";
-
-    if ((colon = strchr(hdr, ':')))
-        *colon = '\0';
-
-    new->header = hdr;
-    new->value = value;
-
-    return NULL;
-}
-
-static const char *outheader_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value)
-{
-    header_cmd( cmd, dirconf, action, hdr, value, hdrs_out );
-}
-
-static const char *inheader_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value)
-{
-    header_cmd( cmd, dirconf, action, hdr, value, hdrs_in );
-}
-
-static const command_rec headers_cmds[] =
-{
-    {"Header", outheader_cmd, NULL, OR_FILEINFO, TAKE23,
-     "an action, header and value"},
-    {"RequestHeader", inheader_cmd, NULL, OR_FILEINFO, TAKE23,
-     "an action, header and value"},
-    {"ErrorHeader", outheader_cmd, (void *)1, OR_FILEINFO, TAKE23,
-     "an action, header and value"},
-    {NULL}
-};
-
-static void do_headers_fixup(request_rec *r, array_header *headers)
-{
-    int i;
-
-    for (i = 0; i < headers->nelts; ++i) {
-        header_entry *hdr = &((header_entry *) (headers->elts))[i];
-        table *tbl;
-        switch (hdr->inout) {
-        case hdrs_out:
-            tbl = (hdr->do_err ? r->err_headers_out : r->headers_out);
-            break;
-        case hdrs_in:
-            tbl = r->headers_in;
-            break;
-        }
-        switch (hdr->action) {
-        case hdr_add:
-            ap_table_addn(tbl, hdr->header, hdr->value);
-            break;
-        case hdr_append:
-            ap_table_mergen(tbl, hdr->header, hdr->value);
-            break;
-        case hdr_set:
-            ap_table_setn(tbl, hdr->header, hdr->value);
-            break;
-        case hdr_unset:
-            ap_table_unset(tbl, hdr->header);
-            break;
-        }
-    }
-
-}
-
-static int fixup_headers(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    headers_conf *serverconf =
-    (headers_conf *) ap_get_module_config(sconf, &headers_module);
-    void *dconf = r->per_dir_config;
-    headers_conf *dirconf =
-    (headers_conf *) ap_get_module_config(dconf, &headers_module);
-
-    do_headers_fixup(r, serverconf->headers);
-    do_headers_fixup(r, dirconf->headers);
-
-    return DECLINED;
-}
-
-module MODULE_VAR_EXPORT headers_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_headers_dir_config,  /* dir config creater */
-    merge_headers_config,       /* dir merger --- default is to override */
-    create_headers_config,      /* server config */
-    merge_headers_config,       /* merge server configs */
-    headers_cmds,               /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    fixup_headers,              /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_imap.c b/usr.sbin/httpd/src/modules/standard/mod_imap.c
deleted file mode 100644
index 8d04cbd00ff..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_imap.c
+++ /dev/null
@@ -1,918 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * This imagemap module started as a port of the original imagemap.c
- * written by Rob McCool (11/13/93 robm@ncsa.uiuc.edu).
- * This version includes the mapping algorithms found in version 1.3
- * of imagemap.c.
- *
- * Contributors to this code include:
- *
- * Kevin Hughes, kevinh@pulua.hcc.hawaii.edu
- *
- * Eric Haines, erich@eye.com
- * "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com
- *
- * Randy Terbush, randy@zyzzyva.com
- * port to Apache module format, "base_uri" and support for relative URLs
- * 
- * James H. Cloos, Jr., cloos@jhcloos.com
- * Added point datatype, using code in NCSA's version 1.8 imagemap.c
- * program, as distributed with version 1.4.1 of their server.
- * The point code is originally added by Craig Milo Rogers, Rogers@ISI.Edu
- *
- * Nathan Kurz, nate@tripod.com
- * Rewrite/reorganization.  New handling of default, base and relative URLs.  
- * New Configuration directives:
- *    ImapMenu {none, formatted, semiformatted, unformatted}
- *    ImapDefault {error, nocontent, referer, menu, URL}
- *    ImapBase {map, referer, URL}
- * Support for creating non-graphical menu added.  (backwards compatible):
- *    Old:  directive URL [x,y ...]
- *    New:  directive URL "Menu text" [x,y ...]
- *     or:  directive URL x,y ... "Menu text"
- * Map format and menu concept courtesy Joshua Bell, jsbell@acs.ucalgary.ca.
- *
- * Mark Cox, mark@ukweb.com, Allow relative URLs even when no base specified
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "util_script.h"
-
-#define IMAP_MAGIC_TYPE "application/x-httpd-imap"
-#define MAXVERTS 100
-#define X 0
-#define Y 1
-
-#define IMAP_MENU_DEFAULT "formatted"
-#define IMAP_DEFAULT_DEFAULT "nocontent"
-#define IMAP_BASE_DEFAULT "map"
-
-module MODULE_VAR_EXPORT imap_module;
-
-typedef struct {
-    char *imap_menu;
-    char *imap_default;
-    char *imap_base;
-} imap_conf_rec;
-
-static void *create_imap_dir_config(pool *p, char *dummy)
-{
-    imap_conf_rec *icr =
-    (imap_conf_rec *) ap_palloc(p, sizeof(imap_conf_rec));
-
-    icr->imap_menu = NULL;
-    icr->imap_default = NULL;
-    icr->imap_base = NULL;
-
-    return icr;
-}
-
-static void *merge_imap_dir_configs(pool *p, void *basev, void *addv)
-{
-    imap_conf_rec *new = (imap_conf_rec *) ap_pcalloc(p, sizeof(imap_conf_rec));
-    imap_conf_rec *base = (imap_conf_rec *) basev;
-    imap_conf_rec *add = (imap_conf_rec *) addv;
-
-    new->imap_menu = add->imap_menu ? add->imap_menu : base->imap_menu;
-    new->imap_default = add->imap_default ? add->imap_default
-                                          : base->imap_default;
-    new->imap_base = add->imap_base ? add->imap_base : base->imap_base;
-
-    return new;
-}
-
-
-static const command_rec imap_cmds[] =
-{
-    {"ImapMenu", ap_set_string_slot,
-     (void *) XtOffsetOf(imap_conf_rec, imap_menu), OR_INDEXES, TAKE1,
- "the type of menu generated: none, formatted, semiformatted, unformatted"},
-    {"ImapDefault", ap_set_string_slot,
-     (void *) XtOffsetOf(imap_conf_rec, imap_default), OR_INDEXES, TAKE1,
-     "the action taken if no match: error, nocontent, referer, menu, URL"},
-    {"ImapBase", ap_set_string_slot,
-     (void *) XtOffsetOf(imap_conf_rec, imap_base), OR_INDEXES, TAKE1,
-     "the base for all URL's: map, referer, URL (or start of)"},
-    {NULL}
-};
-
-static int pointinrect(const double point[2], double coords[MAXVERTS][2])
-{
-    double max[2], min[2];
-    if (coords[0][X] > coords[1][X]) {
-        max[0] = coords[0][X];
-        min[0] = coords[1][X];
-    }
-    else {
-        max[0] = coords[1][X];
-        min[0] = coords[0][X];
-    }
-
-    if (coords[0][Y] > coords[1][Y]) {
-        max[1] = coords[0][Y];
-        min[1] = coords[1][Y];
-    }
-    else {
-        max[1] = coords[1][Y];
-        min[1] = coords[0][Y];
-    }
-
-    return ((point[X] >= min[0] && point[X] <= max[0]) &&
-            (point[Y] >= min[1] && point[Y] <= max[1]));
-}
-
-static int pointincircle(const double point[2], double coords[MAXVERTS][2])
-{
-    double radius1, radius2;
-
-    radius1 = ((coords[0][Y] - coords[1][Y]) * (coords[0][Y] - coords[1][Y]))
-        + ((coords[0][X] - coords[1][X]) * (coords[0][X] - coords[1][X]));
-
-    radius2 = ((coords[0][Y] - point[Y]) * (coords[0][Y] - point[Y]))
-        + ((coords[0][X] - point[X]) * (coords[0][X] - point[X]));
-
-    return (radius2 <= radius1);
-}
-
-#define fmin(a,b) (((a)>(b))?(b):(a))
-#define fmax(a,b) (((a)>(b))?(a):(b))
-
-static int pointinpoly(const double point[2], double pgon[MAXVERTS][2])
-{
-    int i, numverts, crossings = 0;
-    double x = point[X], y = point[Y];
-
-    for (numverts = 0; pgon[numverts][X] != -1 && numverts < MAXVERTS;
-	numverts++) {
-	/* just counting the vertexes */
-    }
-
-    for (i = 0; i < numverts; i++) {
-        double x1=pgon[i][X];
-        double y1=pgon[i][Y];
-        double x2=pgon[(i + 1) % numverts][X];
-        double y2=pgon[(i + 1) % numverts][Y];
-        double d=(y - y1) * (x2 - x1) - (x - x1) * (y2 - y1);
-
-        if ((y1 >= y) != (y2 >= y)) {
-	    crossings +=y2 - y1 >= 0 ? d >= 0 : d <= 0;
-	}
-        if (!d && fmin(x1,x2) <= x && x <= fmax(x1,x2)
-	    && fmin(y1,y2) <= y && y <= fmax(y1,y2)) {
-	    return 1;
-	}
-    }
-    return crossings & 0x01;
-}
-
-
-static int is_closer(const double point[2], double coords[MAXVERTS][2],
-                     double *closest)
-{
-    double dist_squared = ((point[X] - coords[0][X])
-                           * (point[X] - coords[0][X]))
-                          + ((point[Y] - coords[0][Y])
-                             * (point[Y] - coords[0][Y]));
-
-    if (point[X] < 0 || point[Y] < 0) {
-        return (0);          /* don't mess around with negative coordinates */
-    }
-
-    if (*closest < 0 || dist_squared < *closest) {
-        *closest = dist_squared;
-        return (1);          /* if this is the first point or is the closest yet
-                                set 'closest' equal to this distance^2 */
-    }
-
-    return (0);              /* if it's not the first or closest */
-
-}
-
-static double get_x_coord(const char *args)
-{
-    char *endptr;               /* we want it non-null */
-    double x_coord = -1;        /* -1 is returned if no coordinate is given */
-
-    if (args == NULL) {
-        return (-1);            /* in case we aren't passed anything */
-    }
-
-    while (*args && !ap_isdigit(*args) && *args != ',') {
-        args++;                 /* jump to the first digit, but not past
-                                   a comma or end */
-    }
-
-    x_coord = strtod(args, &endptr);
-
-    if (endptr > args) {        /* if a conversion was made */
-        return (x_coord);
-    }
-
-    return (-1);                /* else if no conversion was made,
-                                   or if no args was given */
-}
-
-static double get_y_coord(const char *args)
-{
-    char *endptr;               /* we want it non-null */
-    char *start_of_y = NULL;
-    double y_coord = -1;        /* -1 is returned on error */
-
-    if (args == NULL) {
-        return (-1);            /* in case we aren't passed anything */
-    }
-
-    start_of_y = strchr(args, ',');     /* the comma */
-
-    if (start_of_y) {
-
-        start_of_y++;           /* start looking at the character after
-                                   the comma */
-
-        while (*start_of_y && !ap_isdigit(*start_of_y)) {
-            start_of_y++;       /* jump to the first digit, but not
-                                   past the end */
-	}
-
-        y_coord = strtod(start_of_y, &endptr);
-
-        if (endptr > start_of_y) {
-            return (y_coord);
-	}
-    }
-
-    return (-1);                /* if no conversion was made, or
-                                   no comma was found in args */
-}
-
-
-/* See if string has a "quoted part", and if so set *quoted_part to
- * the first character of the quoted part, then hammer a \0 onto the
- * trailing quote, and set *string to point at the first character
- * past the second quote.
- *
- * Otherwise set *quoted_part to NULL, and leave *string alone.
- */
-static void read_quoted(char **string, char **quoted_part)
-{
-    char *strp = *string;
-
-    /* assume there's no quoted part */
-    *quoted_part = NULL;
-
-    while (ap_isspace(*strp)) {
-        strp++;               	/* go along string until non-whitespace */
-    }
-
-    if (*strp == '"') {       	/* if that character is a double quote */
-        strp++;               	/* step over it */
-	*quoted_part = strp;  	/* note where the quoted part begins */
-
-        while (*strp && *strp != '"') {
-	    ++strp;		/* skip the quoted portion */
-        }
-
-        *strp = '\0';    	/* end the string with a NUL */
-
-        strp++;               	/* step over the last double quote */
-	*string = strp;
-    }
-}
-
-/*
- * returns the mapped URL or NULL.
- */
-static char *imap_url(request_rec *r, const char *base, const char *value)
-{
-/* translates a value into a URL. */
-    int slen, clen;
-    char *string_pos = NULL;
-    const char *string_pos_const = NULL;
-    char *directory = NULL;
-    const char *referer = NULL;
-    char *my_base;
-
-    if (!strcasecmp(value, "map") || !strcasecmp(value, "menu")) {
-	return ap_construct_url(r->pool, r->uri, r);
-    }
-
-    if (!strcasecmp(value, "nocontent") || !strcasecmp(value, "error")) {
-        return ap_pstrdup(r->pool, value);      /* these are handled elsewhere,
-                                                so just copy them */
-    }
-
-    if (!strcasecmp(value, "referer")) {
-        referer = ap_table_get(r->headers_in, "Referer");
-        if (referer && *referer) {
-	    return ap_escape_html(r->pool, referer);
-        }
-        else {
-	    /* XXX:  This used to do *value = '\0'; ... which is totally bogus
-	     * because it hammers the passed in value, which can be a string
-             * constant, or part of a config, or whatever.  Total garbage.
-             * This works around that without changing the rest of this
-             * code much
-             */
-            value = "";      /* if 'referer' but no referring page,
-                                null the value */
-        }
-    }
-
-    string_pos_const = value;
-    while (ap_isalpha(*string_pos_const)) {
-	string_pos_const++;           /* go along the URL from the map
-                                         until a non-letter */
-    }
-    if (*string_pos_const == ':') {
-	/* if letters and then a colon (like http:) */
-	/* it's an absolute URL, so use it! */
-	return ap_pstrdup(r->pool, value);
-    }
-
-    if (!base || !*base) {
-        if (value && *value) {
-	    return ap_pstrdup(r->pool, value); /* no base: use what is given */
-        }
-	/* no base, no value: pick a simple default */
-	return ap_construct_url(r->pool, "/", r);
-    }
-
-    /* must be a relative URL to be combined with base */
-    if (strchr(base, '/') == NULL && (!strncmp(value, "../", 3)
-        || !strcmp(value, ".."))) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "invalid base directive in map file: %s", r->uri);
-        return NULL;
-    }
-    my_base = ap_pstrdup(r->pool, base);
-    string_pos = my_base;
-    while (*string_pos) {
-        if (*string_pos == '/' && *(string_pos + 1) == '/') {
-            string_pos += 2;    /* if there are two slashes, jump over them */
-            continue;
-        }
-        if (*string_pos == '/') {       /* the first single slash */
-            if (value[0] == '/') {
-                *string_pos = '\0';
-            }                   /* if the URL from the map starts from root,
-                                   end the base URL string at the first single
-                                   slash */
-            else {
-                directory = string_pos;         /* save the start of
-                                                   the directory portion */
-
-                string_pos = strrchr(string_pos, '/');  /* now reuse
-                                                           string_pos */
-                string_pos++;   /* step over that last slash */
-                *string_pos = '\0';
-            }                   /* but if the map url is relative, leave the
-                                   slash on the base (if there is one) */
-            break;
-        }
-        string_pos++;           /* until we get to the end of my_base without
-                                   finding a slash by itself */
-    }
-
-    while (!strncmp(value, "../", 3) || !strcmp(value, "..")) {
-
-        if (directory && (slen = strlen(directory))) {
-
-            /* for each '..',  knock a directory off the end 
-               by ending the string right at the last slash.
-               But only consider the directory portion: don't eat
-               into the server name.  And only try if a directory
-               portion was found */
-
-            clen = slen - 1;
-
-            while ((slen - clen) == 1) {
-
-                if ((string_pos = strrchr(directory, '/'))) {
-                    *string_pos = '\0';
-		}
-                clen = strlen(directory);
-                if (clen == 0) {
-                    break;
-		}
-            }
-
-            value += 2;         /* jump over the '..' that we found in the
-                                   value */
-        }
-        else if (directory) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "invalid directory name in map file: %s", r->uri);
-            return NULL;
-        }
-
-        if (!strncmp(value, "/../", 4) || !strcmp(value, "/..")) {
-            value++;            /* step over the '/' if there are more '..'
-                                   to do.  This way, we leave the starting
-                                   '/' on value after the last '..', but get
-                                   rid of it otherwise */
-	}
-
-    }                           /* by this point, value does not start
-                                   with '..' */
-
-    if (value && *value) {
-	return ap_pstrcat(r->pool, my_base, value, NULL);
-    }
-    return my_base;
-}
-
-static int imap_reply(request_rec *r, char *redirect)
-{
-    if (!strcasecmp(redirect, "error")) {
-        return SERVER_ERROR;    /* they actually requested an error! */
-    }
-    if (!strcasecmp(redirect, "nocontent")) {
-        return HTTP_NO_CONTENT; /* tell the client to keep the page it has */
-    }
-    if (redirect && *redirect) {
-        ap_table_setn(r->headers_out, "Location", redirect);
-        return REDIRECT;        /* must be a URL, so redirect to it */
-    }
-    return SERVER_ERROR;
-}
-
-static void menu_header(request_rec *r, char *menu)
-{
-    r->content_type = "text/html; charset=ISO-8859-1";
-    ap_send_http_header(r);
-    ap_hard_timeout("send menu", r);       /* killed in menu_footer */
-
-    ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", 
-              ap_escape_html(r->pool, r->uri),
-              "</title>\n</head><body>\n", NULL);
-
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rvputs(r, "<h1>Menu for ", ap_escape_html(r->pool, r->uri),
-                  "</h1>\n<hr>\n\n", NULL);
-    }
-
-    return;
-}
-
-static void menu_blank(request_rec *r, char *menu)
-{
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rputs("\n", r);
-    }
-    if (!strcasecmp(menu, "semiformatted")) {
-        ap_rputs("<br>\n", r);
-    }
-    if (!strcasecmp(menu, "unformatted")) {
-        ap_rputs("\n", r);
-    }
-    return;
-}
-
-static void menu_comment(request_rec *r, char *menu, char *comment)
-{
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rputs("\n", r);         /* print just a newline if 'formatted' */
-    }
-    if (!strcasecmp(menu, "semiformatted") && *comment) {
-        ap_rvputs(r, comment, "\n", NULL);
-    }
-    if (!strcasecmp(menu, "unformatted") && *comment) {
-        ap_rvputs(r, comment, "\n", NULL);
-    }
-    return;                     /* comments are ignored in the
-                                   'formatted' form */
-}
-
-static void menu_default(request_rec *r, char *menu, char *href, char *text)
-{
-    if (!strcasecmp(href, "error") || !strcasecmp(href, "nocontent")) {
-        return;                 /* don't print such lines, these aren't
-                                   really href's */
-    }
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rvputs(r, "<pre>(Default) <a href=\"", href, "\">", text,
-               "</a></pre>\n", NULL);
-    }
-    if (!strcasecmp(menu, "semiformatted")) {
-        ap_rvputs(r, "<pre>(Default) <a href=\"", href, "\">", text,
-               "</a></pre>\n", NULL);
-    }
-    if (!strcasecmp(menu, "unformatted")) {
-        ap_rvputs(r, "<a href=\"", href, "\">", text, "</a>", NULL);
-    }
-    return;
-}
-
-static void menu_directive(request_rec *r, char *menu, char *href, char *text)
-{
-    if (!strcasecmp(href, "error") || !strcasecmp(href, "nocontent")) {
-        return;                 /* don't print such lines, as this isn't
-                                   really an href */
-    }
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rvputs(r, "<pre>          <a href=\"", href, "\">", text,
-               "</a></pre>\n", NULL);
-    }
-    if (!strcasecmp(menu, "semiformatted")) {
-        ap_rvputs(r, "<pre>          <a href=\"", href, "\">", text,
-               "</a></pre>\n", NULL);
-    }
-    if (!strcasecmp(menu, "unformatted")) {
-        ap_rvputs(r, "<a href=\"", href, "\">", text, "</a>", NULL);
-    }
-    return;
-}
-
-static void menu_footer(request_rec *r)
-{
-    ap_rputs("\n\n</body>\n</html>\n", r);         /* finish the menu */
-    ap_kill_timeout(r);
-}
-
-static int imap_handler(request_rec *r)
-{
-    char input[MAX_STRING_LEN];
-    char *directive;
-    char *value;
-    char *href_text;
-    char *base;
-    char *redirect;
-    char *mapdflt;
-    char *closest = NULL;
-    double closest_yet = -1;
-
-    double testpoint[2];
-    double pointarray[MAXVERTS + 1][2];
-    int vertex;
-
-    char *string_pos;
-    int showmenu = 0;
-
-    imap_conf_rec *icr = ap_get_module_config(r->per_dir_config, &imap_module);
-
-    char *imap_menu = icr->imap_menu ? icr->imap_menu : IMAP_MENU_DEFAULT;
-    char *imap_default = icr->imap_default
-			    ?  icr->imap_default : IMAP_DEFAULT_DEFAULT;
-    char *imap_base = icr->imap_base ? icr->imap_base : IMAP_BASE_DEFAULT;
-
-    configfile_t *imap; 
-
-    if (r->method_number != M_GET) {
-	return DECLINED;
-    }
-
-    imap = ap_pcfg_openfile(r->pool, r->filename);
-
-    if (!imap) {
-        return NOT_FOUND;
-    }
-
-    base = imap_url(r, NULL, imap_base);         /* set base according
-                                                    to default */
-    if (!base) {
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-    mapdflt = imap_url(r, NULL, imap_default);   /* and default to
-                                                    global default */
-    if (!mapdflt) {
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    testpoint[X] = get_x_coord(r->args);
-    testpoint[Y] = get_y_coord(r->args);
-
-    if ((testpoint[X] == -1 || testpoint[Y] == -1) ||
-        (testpoint[X] == 0 && testpoint[Y] == 0)) {
-        /* if either is -1 or if both are zero (new Lynx) */
-        /* we don't have valid coordinates */
-        testpoint[X] = -1;
-        testpoint[Y] = -1;
-        if (strncasecmp(imap_menu, "none", 2)) {
-            showmenu = 1;       /* show the menu _unless_ ImapMenu is
-                                   'none' or 'no' */
-	}
-    }
-
-    if (showmenu) {             /* send start of imagemap menu if
-                                   we're going to */
-        menu_header(r, imap_menu);
-    }
-
-    while (!ap_cfg_getline(input, sizeof(input), imap)) {
-        if (!input[0]) {
-            if (showmenu) {
-                menu_blank(r, imap_menu);
-            }
-            continue;
-        }
-
-        if (input[0] == '#') {
-            if (showmenu) {
-                menu_comment(r, imap_menu, input + 1);
-            }
-            continue;
-        }                       /* blank lines and comments are ignored
-                                   if we aren't printing a menu */
-
-	/* find the first two space delimited fields, recall that
-	 * ap_cfg_getline has removed leading/trailing whitespace.
-	 *
-	 * note that we're tokenizing as we go... if we were to use the
-	 * ap_getword() class of functions we would end up allocating extra
-	 * memory for every line of the map file
-	 */
-        string_pos = input;
-	if (!*string_pos) {		/* need at least two fields */
-	    goto need_2_fields;
-	}
-
-	directive = string_pos;
-	while (*string_pos && !ap_isspace(*string_pos)) {	/* past directive */
-	    ++string_pos;
-	}
-	if (!*string_pos) {		/* need at least two fields */
-	    goto need_2_fields;
-	}
-	*string_pos++ = '\0';
-
-	if (!*string_pos) {		/* need at least two fields */
-	    goto need_2_fields;
-	}
-	while(ap_isspace(*string_pos)) { /* past whitespace */
-	    ++string_pos;
-	}
-
-	value = string_pos;
-	while (*string_pos && !ap_isspace(*string_pos)) {	/* past value */
-	    ++string_pos;
-	}
-	if (ap_isspace(*string_pos)) {
-	    *string_pos++ = '\0';
-	}
-	else {
-	    /* end of input, don't advance past it */
-	    *string_pos = '\0';
-	}
-
-        if (!strncasecmp(directive, "base", 4)) {       /* base, base_uri */
-            base = imap_url(r, NULL, value);
-	    if (!base) {
-		goto menu_bail;
-	    }
-            continue;           /* base is never printed to a menu */
-        }
-
-        read_quoted(&string_pos, &href_text);
-
-        if (!strcasecmp(directive, "default")) {        /* default */
-            mapdflt = imap_url(r, NULL, value);
-	    if (!mapdflt) {
-		goto menu_bail;
-	    }
-            if (showmenu) {     /* print the default if there's a menu */
-                redirect = imap_url(r, base, mapdflt);
-		if (!redirect) {
-		    goto menu_bail;
-		}
-                menu_default(r, imap_menu, redirect,
-                             href_text ? href_text : mapdflt);
-            }
-            continue;
-        }
-
-        vertex = 0;
-        while (vertex < MAXVERTS &&
-               sscanf(string_pos, "%lf%*[, ]%lf",
-                      &pointarray[vertex][X], &pointarray[vertex][Y]) == 2) {
-            /* Now skip what we just read... we can't use ANSIism %n */
-            while (ap_isspace(*string_pos)) {      /* past whitespace */
-                string_pos++;
-	    }
-            while (ap_isdigit(*string_pos)) {      /* and the 1st number */
-                string_pos++;
-	    }
-            string_pos++;       /* skip the ',' */
-            while (ap_isspace(*string_pos)) {      /* past any more whitespace */
-                string_pos++;
-	    }
-            while (ap_isdigit(*string_pos)) {      /* 2nd number */
-                string_pos++;
-	    }
-            vertex++;
-        }                       /* so long as there are more vertices to
-                                   read, and we have room, read them in.
-                                   We start where we left off of the last
-                                   sscanf, not at the beginning. */
-
-        pointarray[vertex][X] = -1;     /* signals the end of vertices */
-
-        if (showmenu) {
-	    if (!href_text) {
-		read_quoted(&string_pos, &href_text);     /* href text could
-                                                             be here instead */
-	    }
-            redirect = imap_url(r, base, value);
-	    if (!redirect) {
-		goto menu_bail;
-	    }
-            menu_directive(r, imap_menu, redirect,
-                           href_text ? href_text : value);
-            continue;
-        }
-        /* note that we don't make it past here if we are making a menu */
-
-        if (testpoint[X] == -1 || pointarray[0][X] == -1) {
-            continue;           /* don't try the following tests if testpoints
-                                   are invalid, or if there are no
-                                   coordinates */
-	}
-
-        if (!strcasecmp(directive, "poly")) {   /* poly */
-
-            if (pointinpoly(testpoint, pointarray)) {
-		ap_cfg_closefile(imap);
-                redirect = imap_url(r, base, value);
-		if (!redirect) {
-		    return HTTP_INTERNAL_SERVER_ERROR;
-		}
-                return (imap_reply(r, redirect));
-            }
-            continue;
-        }
-
-        if (!strcasecmp(directive, "circle")) {         /* circle */
-
-            if (pointincircle(testpoint, pointarray)) {
-		ap_cfg_closefile(imap);
-                redirect = imap_url(r, base, value);
-		if (!redirect) {
-		    return HTTP_INTERNAL_SERVER_ERROR;
-		}
-                return (imap_reply(r, redirect));
-            }
-            continue;
-        }
-
-        if (!strcasecmp(directive, "rect")) {   /* rect */
-
-            if (pointinrect(testpoint, pointarray)) {
-		ap_cfg_closefile(imap);
-                redirect = imap_url(r, base, value);
-		if (!redirect) {
-		    return HTTP_INTERNAL_SERVER_ERROR;
-		}
-                return (imap_reply(r, redirect));
-            }
-            continue;
-        }
-
-        if (!strcasecmp(directive, "point")) {  /* point */
-
-            if (is_closer(testpoint, pointarray, &closest_yet)) {
-		closest = ap_pstrdup(r->pool, value);
-            }
-
-            continue;
-        }                       /* move on to next line whether it's
-                                   closest or not */
-
-    }                           /* nothing matched, so we get another line! */
-
-    ap_cfg_closefile(imap);        /* we are done with the map file; close it */
-
-    if (showmenu) {
-        menu_footer(r);         /* finish the menu and we are done */
-        return OK;
-    }
-
-    if (closest) {             /* if a 'point' directive has been seen */
-        redirect = imap_url(r, base, closest);
-	if (!redirect) {
-	    return HTTP_INTERNAL_SERVER_ERROR;
-	}
-        return (imap_reply(r, redirect));
-    }
-
-    if (mapdflt) {             /* a default should be defined, even if
-                                  only 'nocontent' */
-        redirect = imap_url(r, base, mapdflt);
-	if (!redirect) {
-	    return HTTP_INTERNAL_SERVER_ERROR;
-	}
-        return (imap_reply(r, redirect));
-    }
-
-    return HTTP_INTERNAL_SERVER_ERROR;        /* If we make it this far,
-                                                 we failed. They lose! */
-
-need_2_fields:
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		"map file %s, line %d syntax error: requires at "
-                "least two fields", r->uri, imap->line_number);
-    /* fall through */
-menu_bail:
-    ap_cfg_closefile(imap);
-    if (showmenu) {
-	/* There's not much else we can do ... we've already sent the headers
-	 * to the client.
-	 */
-	ap_rputs("\n\n[an internal server error occured]\n", r);
-	menu_footer(r);
-	return OK;
-    }
-    return HTTP_INTERNAL_SERVER_ERROR;
-}
-
-
-static const handler_rec imap_handlers[] =
-{
-    {IMAP_MAGIC_TYPE, imap_handler},
-    {"imap-file", imap_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT imap_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_imap_dir_config,     /* dir config creater */
-    merge_imap_dir_configs,     /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    imap_cmds,                  /* command table */
-    imap_handlers,              /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_include.c b/usr.sbin/httpd/src/modules/standard/mod_include.c
deleted file mode 100644
index 75518f5ff06..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_include.c
+++ /dev/null
@@ -1,2523 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_include.c: Handles the server-parsed HTML documents
- * 
- * Original by Rob McCool; substantial fixups by David Robinson;
- * incorporated into the Apache module framework by rst.
- * 
- */
-/* 
- * sub key may be anything a Perl*Handler can be:
- * subroutine name, package name (defaults to package::handler),
- * Class->method call or anoymous sub {}
- *
- * Child <!--#perl sub="sub {print $$}" --> accessed
- * <!--#perl sub="sub {print ++$Access::Cnt }" --> times. <br>
- *
- * <!--#perl arg="one" sub="mymod::includer" -->
- *
- * -Doug MacEachern
- */
-
-#ifdef USE_PERL_SSI
-#include "config.h"
-#undef VOIDUSED
-#ifdef USE_SFIO
-#undef USE_SFIO
-#define USE_STDIO
-#endif
-#include "modules/perl/mod_perl.h"
-#else
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "util_script.h"
-#endif
-
-#define STARTING_SEQUENCE "<!--#"
-#define ENDING_SEQUENCE "-->"
-#define DEFAULT_ERROR_MSG "[an error occurred while processing this directive]"
-#define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
-#define SIZEFMT_BYTES 0
-#define SIZEFMT_KMG 1
-#define RAW_ASCII_CHAR(ch)  (ch)
-
-module MODULE_VAR_EXPORT includes_module;
-
-/* ------------------------ Environment function -------------------------- */
-
-/* XXX: could use ap_table_overlap here */
-static void add_include_vars(request_rec *r, char *timefmt)
-{
-    struct passwd *pw;
-    table *e = r->subprocess_env;
-    char *t;
-    time_t date = r->request_time;
-
-    ap_table_setn(e, "DATE_LOCAL", ap_ht_time(r->pool, date, timefmt, 0));
-    ap_table_setn(e, "DATE_GMT", ap_ht_time(r->pool, date, timefmt, 1));
-    ap_table_setn(e, "LAST_MODIFIED",
-              ap_ht_time(r->pool, r->finfo.st_mtime, timefmt, 0));
-    ap_table_setn(e, "DOCUMENT_URI", r->uri);
-    ap_table_setn(e, "DOCUMENT_PATH_INFO", r->path_info);
-    pw = getpwuid(r->finfo.st_uid);
-    if (pw) {
-        ap_table_setn(e, "USER_NAME", ap_pstrdup(r->pool, pw->pw_name));
-    }
-    else {
-        ap_table_setn(e, "USER_NAME", ap_psprintf(r->pool, "user#%lu",
-                    (unsigned long) r->finfo.st_uid));
-    }
-
-    if ((t = strrchr(r->filename, '/'))) {
-        ap_table_setn(e, "DOCUMENT_NAME", ++t);
-    }
-    else {
-        ap_table_setn(e, "DOCUMENT_NAME", r->uri);
-    }
-    if (r->args) {
-        char *arg_copy = ap_pstrdup(r->pool, r->args);
-
-        ap_unescape_url(arg_copy);
-        ap_table_setn(e, "QUERY_STRING_UNESCAPED",
-                  ap_escape_shell_cmd(r->pool, arg_copy));
-    }
-}
-
-
-
-/* --------------------------- Parser functions --------------------------- */
-
-#define OUTBUFSIZE 4096
-/* PUT_CHAR and FLUSH_BUF currently only work within the scope of 
- * find_string(); they are hacks to avoid calling rputc for each and
- * every character output.  A common set of buffering calls for this 
- * type of output SHOULD be implemented.
- */
-#define PUT_CHAR(c,r) \
- { \
-    outbuf[outind++] = c; \
-    if (outind == OUTBUFSIZE) { \
-        FLUSH_BUF(r) \
-    }; \
- }
-
-/* there SHOULD be some error checking on the return value of
- * rwrite, however it is unclear what the API for rwrite returning
- * errors is and little can really be done to help the error in 
- * any case.
- */
-#define FLUSH_BUF(r) \
- { \
-   ap_rwrite(outbuf, outind, r); \
-   outind = 0; \
- }
-
-/*
- * f: file handle being read from
- * c: character to read into
- * ret: return value to use if input fails
- * r: current request_rec
- *
- * This macro is redefined after find_string() for historical reasons
- * to avoid too many code changes.  This is one of the many things
- * that should be fixed.
- */
-#define GET_CHAR(f,c,ret,r) \
- { \
-   int i = getc(f); \
-   if (i == EOF) { /* either EOF or error -- needs error handling if latter */ \
-       if (ferror(f)) { \
-           fprintf(stderr, "encountered error in GET_CHAR macro, " \
-                   "mod_include.\n"); \
-       } \
-       FLUSH_BUF(r); \
-       ap_pfclose(r->pool, f); \
-       return ret; \
-   } \
-   c = (char)i; \
- }
-
-static int find_string(FILE *in, const char *str, request_rec *r, int printing)
-{
-    int x, l = strlen(str), p;
-    char outbuf[OUTBUFSIZE];
-    int outind = 0;
-    char c;
-
-    p = 0;
-    while (1) {
-        GET_CHAR(in, c, 1, r);
-        if (c == str[p]) {
-            if ((++p) == l) {
-                FLUSH_BUF(r);
-                return 0;
-            }
-        }
-        else {
-            if (printing) {
-                for (x = 0; x < p; x++) {
-                    PUT_CHAR(str[x], r);
-                }
-                PUT_CHAR(c, r);
-            }
-            p = 0;
-        }
-    }
-}
-
-#undef FLUSH_BUF
-#undef PUT_CHAR
-#undef GET_CHAR
-#define GET_CHAR(f,c,r,p) \
- { \
-   int i = getc(f); \
-   if (i == EOF) { /* either EOF or error -- needs error handling if latter */ \
-       if (ferror(f)) { \
-           fprintf(stderr, "encountered error in GET_CHAR macro, " \
-                   "mod_include.\n"); \
-       } \
-       ap_pfclose(p, f); \
-       return r; \
-   } \
-   c = (char)i; \
- }
-
-/*
- * decodes a string containing html entities or numeric character references.
- * 's' is overwritten with the decoded string.
- * If 's' is syntatically incorrect, then the followed fixups will be made:
- *   unknown entities will be left undecoded;
- *   references to unused numeric characters will be deleted.
- *   In particular, &#00; will not be decoded, but will be deleted.
- *
- * drtr
- */
-
-/* maximum length of any ISO-LATIN-1 HTML entity name. */
-#define MAXENTLEN (6)
-
-/* The following is a shrinking transformation, therefore safe. */
-
-static void decodehtml(char *s)
-{
-    int val, i, j;
-    char *p = s;
-    const char *ents;
-    static const char * const entlist[MAXENTLEN + 1] =
-    {
-        NULL,                   /* 0 */
-        NULL,                   /* 1 */
-        "lt\074gt\076",         /* 2 */
-        "amp\046ETH\320eth\360",        /* 3 */
-        "quot\042Auml\304Euml\313Iuml\317Ouml\326Uuml\334auml\344euml\353\
-iuml\357ouml\366uuml\374yuml\377",      /* 4 */
-        "Acirc\302Aring\305AElig\306Ecirc\312Icirc\316Ocirc\324Ucirc\333\
-THORN\336szlig\337acirc\342aring\345aelig\346ecirc\352icirc\356ocirc\364\
-ucirc\373thorn\376",            /* 5 */
-        "Agrave\300Aacute\301Atilde\303Ccedil\307Egrave\310Eacute\311\
-Igrave\314Iacute\315Ntilde\321Ograve\322Oacute\323Otilde\325Oslash\330\
-Ugrave\331Uacute\332Yacute\335agrave\340aacute\341atilde\343ccedil\347\
-egrave\350eacute\351igrave\354iacute\355ntilde\361ograve\362oacute\363\
-otilde\365oslash\370ugrave\371uacute\372yacute\375"     /* 6 */
-    };
-
-    for (; *s != '\0'; s++, p++) {
-        if (*s != '&') {
-            *p = *s;
-            continue;
-        }
-        /* find end of entity */
-        for (i = 1; s[i] != ';' && s[i] != '\0'; i++) {
-            continue;
-        }
-
-        if (s[i] == '\0') {     /* treat as normal data */
-            *p = *s;
-            continue;
-        }
-
-        /* is it numeric ? */
-        if (s[1] == '#') {
-            for (j = 2, val = 0; j < i && ap_isdigit(s[j]); j++) {
-                val = val * 10 + s[j] - '0';
-            }
-            s += i;
-            if (j < i || val <= 8 || (val >= 11 && val <= 31) ||
-                (val >= 127 && val <= 160) || val >= 256) {
-                p--;            /* no data to output */
-            }
-            else {
-                *p = RAW_ASCII_CHAR(val);
-            }
-        }
-        else {
-            j = i - 1;
-            if (j > MAXENTLEN || entlist[j] == NULL) {
-                /* wrong length */
-                *p = '&';
-                continue;       /* skip it */
-            }
-            for (ents = entlist[j]; *ents != '\0'; ents += i) {
-                if (strncmp(s + 1, ents, j) == 0) {
-                    break;
-                }
-            }
-
-            if (*ents == '\0') {
-                *p = '&';       /* unknown */
-            }
-            else {
-                *p = RAW_ASCII_CHAR(((const unsigned char *) ents)[j]);
-                s += i;
-            }
-        }
-    }
-
-    *p = '\0';
-}
-
-/*
- * extract the next tag name and value.
- * if there are no more tags, set the tag name to 'done'
- * the tag value is html decoded if dodecode is non-zero
- */
-
-static char *get_tag(request_rec *r, FILE *in, char *tag, int tagbuf_len, int dodecode)
-{
-    char *t = tag, *tag_val, c, term;
-    pool *p = r->pool;
-
-    /* makes code below a little less cluttered */
-    --tagbuf_len;
-
-    do {                        /* skip whitespace */
-        GET_CHAR(in, c, NULL, p);
-    } while (ap_isspace(c));
-
-    /* tags can't start with - */
-    if (c == '-') {
-        GET_CHAR(in, c, NULL, p);
-        if (c == '-') {
-            do {
-                GET_CHAR(in, c, NULL, p);
-            } while (ap_isspace(c));
-            if (c == '>') {
-                ap_cpystrn(tag, "done", tagbuf_len);
-                return tag;
-            }
-        }
-        return NULL;            /* failed */
-    }
-
-    /* find end of tag name */
-    while (1) {
-        if (t == tag + tagbuf_len) {
-            *t = '\0';
-            return NULL;
-        }
-        if (c == '=' || ap_isspace(c)) {
-            break;
-        }
-        *(t++) = ap_tolower(c);
-        GET_CHAR(in, c, NULL, p);
-    }
-
-    *t++ = '\0';
-    tag_val = t;
-
-    while (ap_isspace(c)) {
-        GET_CHAR(in, c, NULL, p);       /* space before = */
-    }
-    if (c != '=') {
-        ungetc(c, in);
-        return NULL;
-    }
-
-    do {
-        GET_CHAR(in, c, NULL, p);       /* space after = */
-    } while (ap_isspace(c));
-
-    /* we should allow a 'name' as a value */
-
-    if (c != '"' && c != '\'') {
-        return NULL;
-    }
-    term = c;
-    while (1) {
-        GET_CHAR(in, c, NULL, p);
-        if (t == tag + tagbuf_len) {
-            *t = '\0';
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                          "mod_include: value length exceeds limit"
-                          " (%d) in %s", tagbuf_len, r->filename);
-            return NULL;
-        }
-	/* Want to accept \" as a valid character within a string. */
-        if (c == '\\') {
-            GET_CHAR(in, c, NULL, p);
-            /* Insert backslash only if not escaping a terminator char */
-            if (c != term) {
-                *(t++) = '\\';
-                /*
-                 * check to make sure that adding in the backslash won't cause
-                 * an overflow, since we're now 1 character ahead.
-                 */
-                if (t == tag + tagbuf_len) {
-                    *t = '\0';
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                  "mod_include: value length exceeds limit"
-                                  " (%d) in %s", tagbuf_len, r->filename);
-                    return NULL;
-                }
-            }
-        }
-        else if (c == term) {
-            break;
-        }
-        *(t++) = c;
-    }
-    *t = '\0';
-    if (dodecode) {
-        decodehtml(tag_val);
-    }
-    return ap_pstrdup(p, tag_val);
-}
-
-static int get_directive(FILE *in, char *dest, size_t len, pool *p)
-{
-    char *d = dest;
-    char c;
-
-    /* make room for nul terminator */
-    --len;
-
-    /* skip initial whitespace */
-    while (1) {
-        GET_CHAR(in, c, 1, p);
-        if (!ap_isspace(c)) {
-            break;
-        }
-    }
-    /* now get directive */
-    while (1) {
-	if (d == len + dest) {
-	    return 1;
-	}
-        *d++ = ap_tolower(c);
-        GET_CHAR(in, c, 1, p);
-        if (ap_isspace(c)) {
-            break;
-        }
-    }
-    *d = '\0';
-    return 0;
-}
-
-/*
- * Do variable substitution on strings
- */
-static void parse_string(request_rec *r, const char *in, char *out,
-			size_t length, int leave_name)
-{
-    char ch;
-    char *next = out;
-    char *end_out;
-
-    /* leave room for nul terminator */
-    end_out = out + length - 1;
-
-    while ((ch = *in++) != '\0') {
-        switch (ch) {
-        case '\\':
-	    if (next == end_out) {
-		/* truncated */
-		*next = '\0';
-		return;
-	    }
-            if (*in == '$') {
-                *next++ = *in++;
-            }
-            else {
-                *next++ = ch;
-            }
-            break;
-        case '$':
-            {
-		char var[MAX_STRING_LEN];
-		const char *start_of_var_name;
-		const char *end_of_var_name;	/* end of var name + 1 */
-		const char *expansion;
-		const char *val;
-		size_t l;
-
-		/* guess that the expansion won't happen */
-		expansion = in - 1;
-		if (*in == '{') {
-		    ++in;
-		    start_of_var_name = in;
-		    in = strchr(in, '}');
-		    if (in == NULL) {
-                        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
-				    r, "Missing '}' on variable \"%s\"",
-				    expansion);
-                        *next = '\0';
-                        return;
-                    }
-		    end_of_var_name = in;
-		    ++in;
-		}
-		else {
-		    start_of_var_name = in;
-		    while (ap_isalnum(*in) || *in == '_') {
-			++in;
-		    }
-		    end_of_var_name = in;
-		}
-		/* what a pain, too bad there's no table_getn where you can
-		 * pass a non-nul terminated string */
-		l = end_of_var_name - start_of_var_name;
-		if (l != 0) {
-		    l = (l > sizeof(var) - 1) ? (sizeof(var) - 1) : l;
-		    memcpy(var, start_of_var_name, l);
-		    var[l] = '\0';
-
-		    val = ap_table_get(r->subprocess_env, var);
-		    if (val) {
-			expansion = val;
-			l = strlen(expansion);
-		    }
-		    else if (leave_name) {
-			l = in - expansion;
-		    }
-		    else {
-			break;	/* no expansion to be done */
-		    }
-		}
-		else {
-		    /* zero-length variable name causes just the $ to be copied */
-		    l = 1;
-		}
-		l = (l + next > end_out) ? (end_out - next) : l;
-		memcpy(next, expansion, l);
-		next += l;
-                break;
-            }
-        default:
-	    if (next == end_out) {
-		/* truncated */
-		*next = '\0';
-		return;
-	    }
-            *next++ = ch;
-            break;
-        }
-    }
-    *next = '\0';
-    return;
-}
-
-/* --------------------------- Action handlers ---------------------------- */
-
-static int include_cgi(char *s, request_rec *r)
-{
-    request_rec *rr = ap_sub_req_lookup_uri(s, r);
-    int rr_status;
-
-    if (rr->status != HTTP_OK) {
-        return -1;
-    }
-
-    /* No hardwired path info or query allowed */
-
-    if ((rr->path_info && rr->path_info[0]) || rr->args) {
-        return -1;
-    }
-    if (rr->finfo.st_mode == 0) {
-        return -1;
-    }
-
-    /* Script gets parameters of the *document*, for back compatibility */
-
-    rr->path_info = r->path_info;       /* hard to get right; see mod_cgi.c */
-    rr->args = r->args;
-
-    /* Force sub_req to be treated as a CGI request, even if ordinary
-     * typing rules would have called it something else.
-     */
-
-    rr->content_type = CGI_MAGIC_TYPE;
-
-    /* Run it. */
-
-    rr_status = ap_run_sub_req(rr);
-    if (ap_is_HTTP_REDIRECT(rr_status)) {
-        const char *location = ap_table_get(rr->headers_out, "Location");
-        location = ap_escape_html(rr->pool, location);
-        ap_rvputs(r, "<A HREF=\"", location, "\">", location, "</A>", NULL);
-    }
-
-    ap_destroy_sub_req(rr);
-    ap_chdir_file(r->filename);
-
-    return 0;
-}
-
-/* ensure that path is relative, and does not contain ".." elements
- * ensentially ensure that it does not match the regex:
- * (^/|(^|/)\.\.(/|$))
- * XXX: this needs os abstraction... consider c:..\foo in win32
- * ???: No, c:../foo is not relative to ., it's potentially on another volume
- */
-static int is_only_below(const char *path)
-{
-    if (path[0] == '/') {
-	return 0;
-    }
-    if (path[0] == '.' && path[1] == '.'
-	&& (path[2] == '\0' || path[2] == '/')) {
-	return 0;
-    }
-    while (*path) {
-	if (*path == '/' && path[1] == '.' && path[2] == '.'
-	    && (path[3] == '\0' || path[3] == '/')) {
-	    return 0;
-	}
-	++path;
-    }
-    return 1;
-}
-
-static int handle_include(FILE *in, request_rec *r, const char *error, int noexec)
-{
-    char tag[MAX_STRING_LEN];
-    char parsed_string[MAX_STRING_LEN];
-    char *tag_val;
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        if (!strcmp(tag, "file") || !strcmp(tag, "virtual")) {
-            request_rec *rr = NULL;
-            char *error_fmt = NULL;
-
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            if (tag[0] == 'f') {
-                /* be safe; only files in this directory or below allowed */
-		if (!is_only_below(parsed_string)) {
-                    error_fmt = "unable to include file \"%s\" "
-                        "in parsed file %s";
-                }
-                else {
-                    rr = ap_sub_req_lookup_file(parsed_string, r);
-                }
-            }
-            else {
-                rr = ap_sub_req_lookup_uri(parsed_string, r);
-            }
-
-            if (!error_fmt && rr->status != HTTP_OK) {
-                error_fmt = "unable to include \"%s\" in parsed file %s";
-            }
-
-            if (!error_fmt && noexec && rr->content_type
-                && (strncmp(rr->content_type, "text/", 5))) {
-                error_fmt = "unable to include potential exec \"%s\" "
-                    "in parsed file %s";
-            }
-            if (error_fmt == NULL) {
-		/* try to avoid recursive includes.  We do this by walking
-		 * up the r->main list of subrequests, and at each level
-		 * walking back through any internal redirects.  At each
-		 * step, we compare the filenames and the URIs.  
-		 *
-		 * The filename comparison catches a recursive include
-		 * with an ever-changing URL, eg.
-		 * <!--#include virtual=
-		 *      "$REQUEST_URI/$QUERY_STRING?$QUERY_STRING/x"-->
-		 * which, although they would eventually be caught because
-		 * we have a limit on the length of files, etc., can 
-		 * recurse for a while.
-		 *
-		 * The URI comparison catches the case where the filename
-		 * is changed while processing the request, so the 
-		 * current name is never the same as any previous one.
-		 * This can happen with "DocumentRoot /foo" when you
-		 * request "/" on the server and it includes "/".
-		 * This only applies to modules such as mod_dir that 
-		 * (somewhat improperly) mess with r->filename outside 
-		 * of a filename translation phase.
-		 */
-		int founddupe = 0;
-                request_rec *p;
-                for (p = r; p != NULL && !founddupe; p = p->main) {
-		    request_rec *q;
-		    for (q = p; q != NULL; q = q->prev) {
-			if ( (q->filename && strcmp(q->filename, rr->filename) == 0) ||
-			     (strcmp(q->uri, rr->uri) == 0) ){
-			    founddupe = 1;
-			    break;
-			}
-		    }
-		}
-
-                if (p != NULL) {
-                    error_fmt = "Recursive include of \"%s\" "
-                        "in parsed file %s";
-                }
-            }
-
-	    /* see the Kludge in send_parsed_file for why */
-	    if (rr) 
-		ap_set_module_config(rr->request_config, &includes_module, r);
-
-            if (!error_fmt && ap_run_sub_req(rr)) {
-                error_fmt = "unable to include \"%s\" in parsed file %s";
-            }
-            ap_chdir_file(r->filename);
-            if (error_fmt) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
-			    r, error_fmt, tag_val, r->filename);
-                ap_rputs(error, r);
-            }
-
-	    if (rr != NULL) {
-		ap_destroy_sub_req(rr);
-            }
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag include in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-typedef struct {
-    request_rec *r;
-    char *s;
-} include_cmd_arg;
-
-static int include_cmd_child(void *arg, child_info *pinfo)
-{
-    request_rec *r = ((include_cmd_arg *) arg)->r;
-    char *s = ((include_cmd_arg *) arg)->s;
-    table *env = r->subprocess_env;
-    int child_pid = 0;
-#ifdef DEBUG_INCLUDE_CMD
-    FILE *dbg = fopen("/dev/tty", "w");
-#endif
-    char err_string[MAX_STRING_LEN];
-
-#ifdef DEBUG_INCLUDE_CMD
-    fprintf(dbg, "Attempting to include command '%s'\n", s);
-#endif
-
-    if (r->path_info && r->path_info[0] != '\0') {
-        request_rec *pa_req;
-
-        ap_table_setn(env, "PATH_INFO", ap_escape_shell_cmd(r->pool, r->path_info));
-
-        pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r);
-        if (pa_req->filename) {
-            ap_table_setn(env, "PATH_TRANSLATED",
-                      ap_pstrcat(r->pool, pa_req->filename, pa_req->path_info,
-                              NULL));
-        }
-    }
-
-    if (r->args) {
-        char *arg_copy = ap_pstrdup(r->pool, r->args);
-
-        ap_table_setn(env, "QUERY_STRING", r->args);
-        ap_unescape_url(arg_copy);
-        ap_table_setn(env, "QUERY_STRING_UNESCAPED",
-                  ap_escape_shell_cmd(r->pool, arg_copy));
-    }
-
-    ap_error_log2stderr(r->server);
-
-#ifdef DEBUG_INCLUDE_CMD
-    fprintf(dbg, "Attempting to exec '%s'\n", s);
-#endif
-    ap_cleanup_for_exec();
-    /* set shellcmd flag to pass arg to SHELL_PATH */
-    child_pid = ap_call_exec(r, pinfo, s, ap_create_environment(r->pool, env),
-			     1);
-    /* Oh, drat.  We're still here.  The log file descriptors are closed,
-     * so we have to whimper a complaint onto stderr...
-     */
-
-#ifdef DEBUG_INCLUDE_CMD
-    fprintf(dbg, "Exec failed\n");
-#endif
-    ap_snprintf(err_string, sizeof(err_string),
-                "exec of %s failed, reason: %s (errno = %d)\n",
-                SHELL_PATH, strerror(errno), errno);
-    write(STDERR_FILENO, err_string, strlen(err_string));
-    exit(0);
-    /* NOT REACHED */
-    return (child_pid);
-}
-
-static int include_cmd(char *s, request_rec *r)
-{
-    include_cmd_arg arg;
-    BUFF *script_in;
-
-    arg.r = r;
-    arg.s = s;
-
-    if (!ap_bspawn_child(r->pool, include_cmd_child, &arg,
-			 kill_after_timeout, NULL, &script_in, NULL)) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		     "couldn't spawn include command");
-        return -1;
-    }
-
-    ap_send_fb(script_in, r);
-    ap_bclose(script_in);
-    return 0;
-}
-
-static int handle_exec(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    char *file = r->filename;
-    char parsed_string[MAX_STRING_LEN];
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        if (!strcmp(tag, "cmd")) {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 1);
-            if (include_cmd(parsed_string, r) == -1) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "execution failure for parameter \"%s\" "
-                            "to tag exec in file %s",
-                            tag, r->filename);
-                ap_rputs(error, r);
-            }
-            /* just in case some stooge changed directories */
-            ap_chdir_file(r->filename);
-        }
-        else if (!strcmp(tag, "cgi")) {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            if (include_cgi(parsed_string, r) == -1) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "invalid CGI ref \"%s\" in %s", tag_val, file);
-                ap_rputs(error, r);
-            }
-            /* grumble groan */
-            ap_chdir_file(r->filename);
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag exec in %s",
-                        tag, file);
-            ap_rputs(error, r);
-        }
-    }
-
-}
-
-static int handle_echo(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    enum {E_NONE, E_URL, E_ENTITY} encode;
-
-    encode = E_ENTITY;
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        if (!strcmp(tag, "var")) {
-            const char *val = ap_table_get(r->subprocess_env, tag_val);
-
-            if (val) {
-		if (encode == E_NONE) {
-		    ap_rputs(val, r);
-		}
-		else if (encode == E_URL) {
-		    ap_rputs(ap_escape_uri(r->pool, val), r);
-		}
-		else if (encode == E_ENTITY) {
-		    ap_rputs(ap_escape_html(r->pool, val), r);
-		}
-            }
-            else {
-                ap_rputs("(none)", r);
-            }
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-	else if (!strcmp(tag, "encoding")) {
-	    if (!strcasecmp(tag_val, "none")) encode = E_NONE;
-	    else if (!strcasecmp(tag_val, "url")) encode = E_URL;
-	    else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY;
-	    else {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "unknown value \"%s\" to parameter \"encoding\" of "
-			    "tag echo in %s",
-			    tag_val, r->filename);
-		ap_rputs(error, r);
-	    }
-	}
-
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag echo in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-#ifdef USE_PERL_SSI
-static int handle_perl(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char parsed_string[MAX_STRING_LEN];
-    char *tag_val;
-    SV *sub = Nullsv;
-    AV *av = newAV();
-
-    if (ap_allow_options(r) & OPT_INCNOEXEC) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "#perl SSI disallowed by IncludesNoExec in %s",
-		      r->filename);
-        return DECLINED;
-    }
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            break;
-        }
-        if (strnEQ(tag, "sub", 3)) {
-            sub = newSVpv(tag_val, 0);
-        }
-        else if (strnEQ(tag, "arg", 3)) {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            av_push(av, newSVpv(parsed_string, 0));
-        }
-        else if (strnEQ(tag, "done", 4)) {
-            break;
-        }
-    }
-    perl_stdout2client(r);
-    perl_setup_env(r);
-    perl_call_handler(sub, r, av);
-    return OK;
-}
-#endif
-
-/* error and tf must point to a string with room for at 
- * least MAX_STRING_LEN characters 
- */
-static int handle_config(FILE *in, request_rec *r, char *error, char *tf,
-                         int *sizefmt)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    char parsed_string[MAX_STRING_LEN];
-    table *env = r->subprocess_env;
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 0))) {
-            return 1;
-        }
-        if (!strcmp(tag, "errmsg")) {
-            parse_string(r, tag_val, error, MAX_STRING_LEN, 0);
-        }
-        else if (!strcmp(tag, "timefmt")) {
-            time_t date = r->request_time;
-
-            parse_string(r, tag_val, tf, MAX_STRING_LEN, 0);
-            ap_table_setn(env, "DATE_LOCAL", ap_ht_time(r->pool, date, tf, 0));
-            ap_table_setn(env, "DATE_GMT", ap_ht_time(r->pool, date, tf, 1));
-            ap_table_setn(env, "LAST_MODIFIED",
-                      ap_ht_time(r->pool, r->finfo.st_mtime, tf, 0));
-        }
-        else if (!strcmp(tag, "sizefmt")) {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            decodehtml(parsed_string);
-            if (!strcmp(parsed_string, "bytes")) {
-                *sizefmt = SIZEFMT_BYTES;
-            }
-            else if (!strcmp(parsed_string, "abbrev")) {
-                *sizefmt = SIZEFMT_KMG;
-            }
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag config in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-
-static int find_file(request_rec *r, const char *directive, const char *tag,
-                     char *tag_val, struct stat *finfo, const char *error)
-{
-    char *to_send = tag_val;
-    request_rec *rr = NULL;
-    int ret=0;
-    char *error_fmt = NULL;
-
-    if (!strcmp(tag, "file")) {
-        /* be safe; only files in this directory or below allowed */
-        if (!is_only_below(tag_val)) {
-            error_fmt = "unable to access file \"%s\" "
-                        "in parsed file %s";
-        }
-        else {
-            ap_getparents(tag_val);    /* get rid of any nasties */
-            rr = ap_sub_req_lookup_file(tag_val, r);
-
-            if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
-                to_send = rr->filename;
-                if (stat(to_send, finfo)) {
-                    error_fmt = "unable to get information about \"%s\" "
-                                "in parsed file %s";
-                }
-            }
-            else {
-                error_fmt = "unable to lookup information about \"%s\" "
-                            "in parsed file %s";
-            }
-        }
-
-        if (error_fmt) {
-            ret = -1;
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r, error_fmt, to_send, r->filename);
-            ap_rputs(error, r);
-        }
-
-        if (rr) ap_destroy_sub_req(rr);
-        
-        return ret;
-    }
-    else if (!strcmp(tag, "virtual")) {
-        rr = ap_sub_req_lookup_uri(tag_val, r);
-
-        if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
-            memcpy((char *) finfo, (const char *) &rr->finfo,
-                   sizeof(struct stat));
-            ap_destroy_sub_req(rr);
-            return 0;
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unable to get information about \"%s\" "
-                        "in parsed file %s",
-                        tag_val, r->filename);
-            ap_rputs(error, r);
-            ap_destroy_sub_req(rr);
-            return -1;
-        }
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "unknown parameter \"%s\" to tag %s in %s",
-                    tag, directive, r->filename);
-        ap_rputs(error, r);
-        return -1;
-    }
-}
-
-
-static int handle_fsize(FILE *in, request_rec *r, const char *error, int sizefmt)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    struct stat finfo;
-    char parsed_string[MAX_STRING_LEN];
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            if (!find_file(r, "fsize", tag, parsed_string, &finfo, error)) {
-                if (sizefmt == SIZEFMT_KMG) {
-                    ap_send_size(finfo.st_size, r);
-                }
-                else {
-                    int l, x;
-#if defined(AP_OFF_T_IS_QUAD)
-                    ap_snprintf(tag, sizeof(tag), "%qd", finfo.st_size);
-#else
-                    ap_snprintf(tag, sizeof(tag), "%ld", finfo.st_size);
-#endif
-                    l = strlen(tag);    /* grrr */
-                    for (x = 0; x < l; x++) {
-                        if (x && (!((l - x) % 3))) {
-                            ap_rputc(',', r);
-                        }
-                        ap_rputc(tag[x], r);
-                    }
-                }
-            }
-        }
-    }
-}
-
-static int handle_flastmod(FILE *in, request_rec *r, const char *error, const char *tf)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    struct stat finfo;
-    char parsed_string[MAX_STRING_LEN];
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            if (!find_file(r, "flastmod", tag, parsed_string, &finfo, error)) {
-                ap_rputs(ap_ht_time(r->pool, finfo.st_mtime, tf, 0), r);
-            }
-        }
-    }
-}
-
-static int re_check(request_rec *r, char *string, char *rexp)
-{
-    regex_t *compiled;
-    int regex_error;
-
-    compiled = ap_pregcomp(r->pool, rexp, REG_EXTENDED | REG_NOSUB);
-    if (compiled == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "unable to compile pattern \"%s\"", rexp);
-        return -1;
-    }
-    regex_error = ap_regexec(compiled, string, 0, (regmatch_t *) NULL, 0);
-    ap_pregfree(r->pool, compiled);
-    return (!regex_error);
-}
-
-enum token_type {
-    token_string,
-    token_and, token_or, token_not, token_eq, token_ne,
-    token_rbrace, token_lbrace, token_group,
-    token_ge, token_le, token_gt, token_lt
-};
-struct token {
-    enum token_type type;
-    char value[MAX_STRING_LEN];
-};
-
-/* there is an implicit assumption here that string is at most MAX_STRING_LEN-1
- * characters long...
- */
-static const char *get_ptoken(request_rec *r, const char *string, struct token *token)
-{
-    char ch;
-    int next = 0;
-    int qs = 0;
-
-    /* Skip leading white space */
-    if (string == (char *) NULL) {
-        return (char *) NULL;
-    }
-    while ((ch = *string++)) {
-        if (!ap_isspace(ch)) {
-            break;
-        }
-    }
-    if (ch == '\0') {
-        return (char *) NULL;
-    }
-
-    token->type = token_string; /* the default type */
-    switch (ch) {
-    case '(':
-        token->type = token_lbrace;
-        return (string);
-    case ')':
-        token->type = token_rbrace;
-        return (string);
-    case '=':
-        token->type = token_eq;
-        return (string);
-    case '!':
-        if (*string == '=') {
-            token->type = token_ne;
-            return (string + 1);
-        }
-        else {
-            token->type = token_not;
-            return (string);
-        }
-    case '\'':
-        token->type = token_string;
-        qs = 1;
-        break;
-    case '|':
-        if (*string == '|') {
-            token->type = token_or;
-            return (string + 1);
-        }
-        break;
-    case '&':
-        if (*string == '&') {
-            token->type = token_and;
-            return (string + 1);
-        }
-        break;
-    case '>':
-        if (*string == '=') {
-            token->type = token_ge;
-            return (string + 1);
-        }
-        else {
-            token->type = token_gt;
-            return (string);
-        }
-    case '<':
-        if (*string == '=') {
-            token->type = token_le;
-            return (string + 1);
-        }
-        else {
-            token->type = token_lt;
-            return (string);
-        }
-    default:
-        token->type = token_string;
-        break;
-    }
-    /* We should only be here if we are in a string */
-    if (!qs) {
-        token->value[next++] = ch;
-    }
-
-    /* 
-     * Yes I know that goto's are BAD.  But, c doesn't allow me to
-     * exit a loop from a switch statement.  Yes, I could use a flag,
-     * but that is (IMHO) even less readable/maintainable than the goto.
-     */
-    /* 
-     * I used the ++string throughout this section so that string
-     * ends up pointing to the next token and I can just return it
-     */
-    for (ch = *string; ch != '\0'; ch = *++string) {
-        if (ch == '\\') {
-            if ((ch = *++string) == '\0') {
-                goto TOKEN_DONE;
-            }
-            token->value[next++] = ch;
-            continue;
-        }
-        if (!qs) {
-            if (ap_isspace(ch)) {
-                goto TOKEN_DONE;
-            }
-            switch (ch) {
-            case '(':
-                goto TOKEN_DONE;
-            case ')':
-                goto TOKEN_DONE;
-            case '=':
-                goto TOKEN_DONE;
-            case '!':
-                goto TOKEN_DONE;
-            case '|':
-                if (*(string + 1) == '|') {
-                    goto TOKEN_DONE;
-                }
-                break;
-            case '&':
-                if (*(string + 1) == '&') {
-                    goto TOKEN_DONE;
-                }
-                break;
-            case '<':
-                goto TOKEN_DONE;
-            case '>':
-                goto TOKEN_DONE;
-            }
-            token->value[next++] = ch;
-        }
-        else {
-            if (ch == '\'') {
-                qs = 0;
-                ++string;
-                goto TOKEN_DONE;
-            }
-            token->value[next++] = ch;
-        }
-    }
-  TOKEN_DONE:
-    /* If qs is still set, I have an unmatched ' */
-    if (qs) {
-        ap_rputs("\nUnmatched '\n", r);
-        next = 0;
-    }
-    token->value[next] = '\0';
-    return (string);
-}
-
-
-/*
- * Hey I still know that goto's are BAD.  I don't think that I've ever
- * used two in the same project, let alone the same file before.  But,
- * I absolutely want to make sure that I clean up the memory in all
- * cases.  And, without rewriting this completely, the easiest way
- * is to just branch to the return code which cleans it up.
- */
-/* there is an implicit assumption here that expr is at most MAX_STRING_LEN-1
- * characters long...
- */
-static int parse_expr(request_rec *r, const char *expr, const char *error)
-{
-    struct parse_node {
-        struct parse_node *left, *right, *parent;
-        struct token token;
-        int value, done;
-    }         *root, *current, *new;
-    const char *parse;
-    char buffer[MAX_STRING_LEN];
-    pool *expr_pool;
-    int retval = 0;
-
-    if ((parse = expr) == (char *) NULL) {
-        return (0);
-    }
-    root = current = (struct parse_node *) NULL;
-    expr_pool = ap_make_sub_pool(r->pool);
-
-    /* Create Parse Tree */
-    while (1) {
-        new = (struct parse_node *) ap_palloc(expr_pool,
-                                           sizeof(struct parse_node));
-        new->parent = new->left = new->right = (struct parse_node *) NULL;
-        new->done = 0;
-        if ((parse = get_ptoken(r, parse, &new->token)) == (char *) NULL) {
-            break;
-        }
-        switch (new->token.type) {
-
-        case token_string:
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Token: string (", new->token.value, ")\n", NULL);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                root = current = new;
-                break;
-            }
-            switch (current->token.type) {
-            case token_string:
-                if (current->token.value[0] != '\0') {
-                    strncat(current->token.value, " ",
-                         sizeof(current->token.value)
-			    - strlen(current->token.value) - 1);
-                }
-                strncat(current->token.value, new->token.value,
-                         sizeof(current->token.value)
-			    - strlen(current->token.value) - 1);
-		current->token.value[sizeof(current->token.value) - 1] = '\0';
-                break;
-            case token_eq:
-            case token_ne:
-            case token_and:
-            case token_or:
-            case token_lbrace:
-            case token_not:
-            case token_ge:
-            case token_gt:
-            case token_le:
-            case token_lt:
-                new->parent = current;
-                current = current->right = new;
-                break;
-            default:
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            break;
-
-        case token_and:
-        case token_or:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: and/or\n", r);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            /* Percolate upwards */
-            while (current != (struct parse_node *) NULL) {
-                switch (current->token.type) {
-                case token_string:
-                case token_group:
-                case token_not:
-                case token_eq:
-                case token_ne:
-                case token_and:
-                case token_or:
-                case token_ge:
-                case token_gt:
-                case token_le:
-                case token_lt:
-                    current = current->parent;
-                    continue;
-                case token_lbrace:
-                    break;
-                default:
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid expression \"%s\" in file %s",
-                                expr, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-                break;
-            }
-            if (current == (struct parse_node *) NULL) {
-                new->left = root;
-                new->left->parent = new;
-                new->parent = (struct parse_node *) NULL;
-                root = new;
-            }
-            else {
-                new->left = current->right;
-                new->left->parent = new;
-                current->right = new;
-                new->parent = current;
-            }
-            current = new;
-            break;
-
-        case token_not:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: not\n", r);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                root = current = new;
-                break;
-            }
-            /* Percolate upwards */
-            while (current != (struct parse_node *) NULL) {
-                switch (current->token.type) {
-                case token_not:
-                case token_eq:
-                case token_ne:
-                case token_and:
-                case token_or:
-                case token_lbrace:
-                case token_ge:
-                case token_gt:
-                case token_le:
-                case token_lt:
-                    break;
-                default:
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid expression \"%s\" in file %s",
-                                expr, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-                break;
-            /* NOTREACHED */
-            }
-            if (current == (struct parse_node *) NULL) {
-                new->left = root;
-                new->left->parent = new;
-                new->parent = (struct parse_node *) NULL;
-                root = new;
-            }
-            else {
-                new->left = current->right;
-                current->right = new;
-                new->parent = current;
-            }
-            current = new;
-            break;
-
-        case token_eq:
-        case token_ne:
-        case token_ge:
-        case token_gt:
-        case token_le:
-        case token_lt:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: eq/ne/ge/gt/le/lt\n", r);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            /* Percolate upwards */
-            while (current != (struct parse_node *) NULL) {
-                switch (current->token.type) {
-                case token_string:
-                case token_group:
-                    current = current->parent;
-                    continue;
-                case token_lbrace:
-                case token_and:
-                case token_or:
-                    break;
-                case token_not:
-                case token_eq:
-                case token_ne:
-                case token_ge:
-                case token_gt:
-                case token_le:
-                case token_lt:
-                default:
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid expression \"%s\" in file %s",
-                                expr, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-                break;
-            }
-            if (current == (struct parse_node *) NULL) {
-                new->left = root;
-                new->left->parent = new;
-                new->parent = (struct parse_node *) NULL;
-                root = new;
-            }
-            else {
-                new->left = current->right;
-                new->left->parent = new;
-                current->right = new;
-                new->parent = current;
-            }
-            current = new;
-            break;
-
-        case token_rbrace:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: rbrace\n", r);
-#endif
-            while (current != (struct parse_node *) NULL) {
-                if (current->token.type == token_lbrace) {
-                    current->token.type = token_group;
-                    break;
-                }
-                current = current->parent;
-            }
-            if (current == (struct parse_node *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Unmatched ')' in \"%s\" in file %s",
-			    expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            break;
-
-        case token_lbrace:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: lbrace\n", r);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                root = current = new;
-                break;
-            }
-            /* Percolate upwards */
-            while (current != (struct parse_node *) NULL) {
-                switch (current->token.type) {
-                case token_not:
-                case token_eq:
-                case token_ne:
-                case token_and:
-                case token_or:
-                case token_lbrace:
-                case token_ge:
-                case token_gt:
-                case token_le:
-                case token_lt:
-                    break;
-                case token_string:
-                case token_group:
-                default:
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid expression \"%s\" in file %s",
-                                expr, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-                break;
-            /* NOTREACHED */
-            }
-            if (current == (struct parse_node *) NULL) {
-                new->left = root;
-                new->left->parent = new;
-                new->parent = (struct parse_node *) NULL;
-                root = new;
-            }
-            else {
-                new->left = current->right;
-                current->right = new;
-                new->parent = current;
-            }
-            current = new;
-            break;
-        default:
-            break;
-        }
-    }
-
-    /* Evaluate Parse Tree */
-    current = root;
-    while (current != (struct parse_node *) NULL) {
-        switch (current->token.type) {
-        case token_string:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Evaluate string\n", r);
-#endif
-            parse_string(r, current->token.value, buffer, sizeof(buffer), 0);
-	    ap_cpystrn(current->token.value, buffer, sizeof(current->token.value));
-            current->value = (current->token.value[0] != '\0');
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_and:
-        case token_or:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Evaluate and/or\n", r);
-#endif
-            if (current->left == (struct parse_node *) NULL ||
-                current->right == (struct parse_node *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            if (!current->left->done) {
-                switch (current->left->token.type) {
-                case token_string:
-                    parse_string(r, current->left->token.value,
-                                 buffer, sizeof(buffer), 0);
-                    ap_cpystrn(current->left->token.value, buffer,
-                            sizeof(current->left->token.value));
-		    current->left->value = (current->left->token.value[0] != '\0');
-                    current->left->done = 1;
-                    break;
-                default:
-                    current = current->left;
-                    continue;
-                }
-            }
-            if (!current->right->done) {
-                switch (current->right->token.type) {
-                case token_string:
-                    parse_string(r, current->right->token.value,
-                                 buffer, sizeof(buffer), 0);
-                    ap_cpystrn(current->right->token.value, buffer,
-                            sizeof(current->right->token.value));
-		    current->right->value = (current->right->token.value[0] != '\0');
-                    current->right->done = 1;
-                    break;
-                default:
-                    current = current->right;
-                    continue;
-                }
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Left: ", current->left->value ? "1" : "0",
-                   "\n", NULL);
-            ap_rvputs(r, "     Right: ", current->right->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            if (current->token.type == token_and) {
-                current->value = current->left->value && current->right->value;
-            }
-            else {
-                current->value = current->left->value || current->right->value;
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Returning ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_eq:
-        case token_ne:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Evaluate eq/ne\n", r);
-#endif
-            if ((current->left == (struct parse_node *) NULL) ||
-                (current->right == (struct parse_node *) NULL) ||
-                (current->left->token.type != token_string) ||
-                (current->right->token.type != token_string)) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            parse_string(r, current->left->token.value,
-                         buffer, sizeof(buffer), 0);
-            ap_cpystrn(current->left->token.value, buffer,
-			sizeof(current->left->token.value));
-            parse_string(r, current->right->token.value,
-                         buffer, sizeof(buffer), 0);
-            ap_cpystrn(current->right->token.value, buffer,
-			sizeof(current->right->token.value));
-            if (current->right->token.value[0] == '/') {
-                int len;
-                len = strlen(current->right->token.value);
-                if (current->right->token.value[len - 1] == '/') {
-                    current->right->token.value[len - 1] = '\0';
-                }
-                else {
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid rexp \"%s\" in file %s",
-                                current->right->token.value, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-#ifdef DEBUG_INCLUDE
-                ap_rvputs(r, "     Re Compare (", current->left->token.value,
-                  ") with /", &current->right->token.value[1], "/\n", NULL);
-#endif
-                current->value =
-                    re_check(r, current->left->token.value,
-                             &current->right->token.value[1]);
-            }
-            else {
-#ifdef DEBUG_INCLUDE
-                ap_rvputs(r, "     Compare (", current->left->token.value,
-                       ") with (", current->right->token.value, ")\n", NULL);
-#endif
-                current->value =
-                    (strcmp(current->left->token.value,
-                            current->right->token.value) == 0);
-            }
-            if (current->token.type == token_ne) {
-                current->value = !current->value;
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Returning ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-        case token_ge:
-        case token_gt:
-        case token_le:
-        case token_lt:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Evaluate ge/gt/le/lt\n", r);
-#endif
-            if ((current->left == (struct parse_node *) NULL) ||
-                (current->right == (struct parse_node *) NULL) ||
-                (current->left->token.type != token_string) ||
-                (current->right->token.type != token_string)) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            parse_string(r, current->left->token.value,
-                         buffer, sizeof(buffer), 0);
-            ap_cpystrn(current->left->token.value, buffer,
-			sizeof(current->left->token.value));
-            parse_string(r, current->right->token.value,
-                         buffer, sizeof(buffer), 0);
-            ap_cpystrn(current->right->token.value, buffer,
-			sizeof(current->right->token.value));
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Compare (", current->left->token.value,
-                   ") with (", current->right->token.value, ")\n", NULL);
-#endif
-            current->value =
-                strcmp(current->left->token.value,
-                       current->right->token.value);
-            if (current->token.type == token_ge) {
-                current->value = current->value >= 0;
-            }
-            else if (current->token.type == token_gt) {
-                current->value = current->value > 0;
-            }
-            else if (current->token.type == token_le) {
-                current->value = current->value <= 0;
-            }
-            else if (current->token.type == token_lt) {
-                current->value = current->value < 0;
-            }
-            else {
-                current->value = 0;     /* Don't return -1 if unknown token */
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Returning ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_not:
-            if (current->right != (struct parse_node *) NULL) {
-                if (!current->right->done) {
-                    current = current->right;
-                    continue;
-                }
-                current->value = !current->right->value;
-            }
-            else {
-                current->value = 0;
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Evaluate !: ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_group:
-            if (current->right != (struct parse_node *) NULL) {
-                if (!current->right->done) {
-                    current = current->right;
-                    continue;
-                }
-                current->value = current->right->value;
-            }
-            else {
-                current->value = 1;
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Evaluate (): ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_lbrace:
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Unmatched '(' in \"%s\" in file %s",
-                        expr, r->filename);
-            ap_rputs(error, r);
-            goto RETURN;
-
-        case token_rbrace:
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Unmatched ')' in \"%s\" in file %s",
-                        expr, r->filename);
-            ap_rputs(error, r);
-            goto RETURN;
-
-        default:
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"bad token type");
-            ap_rputs(error, r);
-            goto RETURN;
-        }
-    }
-
-    retval = (root == (struct parse_node *) NULL) ? 0 : root->value;
-  RETURN:
-    ap_destroy_pool(expr_pool);
-    return (retval);
-}
-
-static int handle_if(FILE *in, request_rec *r, const char *error,
-                     int *conditional_status, int *printing)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    char *expr;
-
-    expr = NULL;
-    while (1) {
-        tag_val = get_tag(r, in, tag, sizeof(tag), 0);
-        if (!tag_val || *tag == '\0') {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-	    if (expr == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "missing expr in if statement: %s",
-			    r->filename);
-		ap_rputs(error, r);
-		return 1;
-	    }
-            *printing = *conditional_status = parse_expr(r, expr, error);
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** if conditional_status=\"",
-                   *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-            return 0;
-        }
-        else if (!strcmp(tag, "expr")) {
-            expr = tag_val;
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** if expr=\"", expr, "\"\n", NULL);
-#endif
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag if in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-static int handle_elif(FILE *in, request_rec *r, const char *error,
-                       int *conditional_status, int *printing)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    char *expr;
-
-    expr = NULL;
-    while (1) {
-        tag_val = get_tag(r, in, tag, sizeof(tag), 0);
-        if (!tag_val || *tag == '\0') {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** elif conditional_status=\"",
-                   *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-            if (*conditional_status) {
-                *printing = 0;
-                return (0);
-            }
-	    if (expr == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "missing expr in elif statement: %s",
-			    r->filename);
-		ap_rputs(error, r);
-		return 1;
-	    }
-            *printing = *conditional_status = parse_expr(r, expr, error);
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** elif conditional_status=\"",
-                   *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-            return 0;
-        }
-        else if (!strcmp(tag, "expr")) {
-            expr = tag_val;
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** if expr=\"", expr, "\"\n", NULL);
-#endif
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag if in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-static int handle_else(FILE *in, request_rec *r, const char *error,
-                       int *conditional_status, int *printing)
-{
-    char tag[MAX_STRING_LEN];
-
-    if (!get_tag(r, in, tag, sizeof(tag), 1)) {
-        return 1;
-    }
-    else if (!strcmp(tag, "done")) {
-#ifdef DEBUG_INCLUDE
-        ap_rvputs(r, "**** else conditional_status=\"",
-               *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-        *printing = !(*conditional_status);
-        *conditional_status = 1;
-        return 0;
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "else directive does not take tags in %s",
-		    r->filename);
-        if (*printing) {
-            ap_rputs(error, r);
-        }
-        return -1;
-    }
-}
-
-static int handle_endif(FILE *in, request_rec *r, const char *error,
-                        int *conditional_status, int *printing)
-{
-    char tag[MAX_STRING_LEN];
-
-    if (!get_tag(r, in, tag, sizeof(tag), 1)) {
-        return 1;
-    }
-    else if (!strcmp(tag, "done")) {
-#ifdef DEBUG_INCLUDE
-        ap_rvputs(r, "**** endif conditional_status=\"",
-               *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-        *printing = 1;
-        *conditional_status = 1;
-        return 0;
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "endif directive does not take tags in %s",
-		    r->filename);
-        ap_rputs(error, r);
-        return -1;
-    }
-}
-
-static int handle_set(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char parsed_string[MAX_STRING_LEN];
-    char *tag_val;
-    char *var;
-
-    var = (char *) NULL;
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else if (!strcmp(tag, "var")) {
-            var = tag_val;
-        }
-        else if (!strcmp(tag, "value")) {
-            if (var == (char *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "variable must precede value in set directive in %s",
-			    r->filename);
-                ap_rputs(error, r);
-                return -1;
-            }
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            ap_table_setn(r->subprocess_env, var, ap_pstrdup(r->pool, parsed_string));
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Invalid tag for set directive in %s", r->filename);
-            ap_rputs(error, r);
-            return -1;
-        }
-    }
-}
-
-static int handle_printenv(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    array_header *arr = ap_table_elts(r->subprocess_env);
-    table_entry *elts = (table_entry *) arr->elts;
-    int i;
-
-    if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-        return 1;
-    }
-    else if (!strcmp(tag, "done")) {
-        for (i = 0; i < arr->nelts; ++i) {
-            ap_rvputs(r, ap_escape_html(r->pool, elts[i].key), "=", 
-		ap_escape_html(r->pool, elts[i].val), "\n", NULL);
-        }
-        return 0;
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "printenv directive does not take tags in %s",
-		    r->filename);
-        ap_rputs(error, r);
-        return -1;
-    }
-}
-
-
-
-/* -------------------------- The main function --------------------------- */
-
-/* This is a stub which parses a file descriptor. */
-
-static void send_parsed_content(FILE *f, request_rec *r)
-{
-    char directive[MAX_STRING_LEN], error[MAX_STRING_LEN];
-    char timefmt[MAX_STRING_LEN];
-    int noexec = ap_allow_options(r) & OPT_INCNOEXEC;
-    int ret, sizefmt;
-    int if_nesting;
-    int printing;
-    int conditional_status;
-
-    ap_cpystrn(error, DEFAULT_ERROR_MSG, sizeof(error));
-    ap_cpystrn(timefmt, DEFAULT_TIME_FORMAT, sizeof(timefmt));
-    sizefmt = SIZEFMT_KMG;
-
-/*  Turn printing on */
-    printing = conditional_status = 1;
-    if_nesting = 0;
-
-    ap_chdir_file(r->filename);
-    if (r->args) {              /* add QUERY stuff to env cause it ain't yet */
-        char *arg_copy = ap_pstrdup(r->pool, r->args);
-
-        ap_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
-        ap_unescape_url(arg_copy);
-        ap_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
-                  ap_escape_shell_cmd(r->pool, arg_copy));
-    }
-
-    while (1) {
-        if (!find_string(f, STARTING_SEQUENCE, r, printing)) {
-            if (get_directive(f, directive, sizeof(directive), r->pool)) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "mod_include: error reading directive in %s",
-			    r->filename);
-		ap_rputs(error, r);
-                return;
-            }
-            if (!strcmp(directive, "if")) {
-                ret = 0;
-                if (!printing) {
-                    if_nesting++;
-                }
-                else {
-                    ret = handle_if(f, r, error, &conditional_status,
-                                    &printing);
-                    if_nesting = 0;
-                }
-            }
-            else if (!strcmp(directive, "else")) {
-                ret = 0;
-                if (!if_nesting) {
-                    ret = handle_else(f, r, error, &conditional_status,
-                                      &printing);
-                }
-            }
-            else if (!strcmp(directive, "elif")) {
-                ret = 0;
-                if (!if_nesting) {
-                    ret = handle_elif(f, r, error, &conditional_status,
-                                      &printing);
-                }
-            }
-            else if (!strcmp(directive, "endif")) {
-                ret = 0;
-                if (!if_nesting) {
-                    ret = handle_endif(f, r, error, &conditional_status,
-                                       &printing);
-                }
-                else {
-                    if_nesting--;
-                }
-            }
-            else if (!printing) {
-                continue;
-            }
-            else if (!strcmp(directive, "exec")) {
-                if (noexec) {
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-				  "exec used but not allowed in %s",
-				  r->filename);
-                    if (printing) {
-                        ap_rputs(error, r);
-                    }
-                    ret = find_string(f, ENDING_SEQUENCE, r, 0);
-                }
-                else {
-                    ret = handle_exec(f, r, error);
-                }
-            }
-            else if (!strcmp(directive, "config")) {
-                ret = handle_config(f, r, error, timefmt, &sizefmt);
-            }
-            else if (!strcmp(directive, "set")) {
-                ret = handle_set(f, r, error);
-            }
-            else if (!strcmp(directive, "include")) {
-                ret = handle_include(f, r, error, noexec);
-            }
-            else if (!strcmp(directive, "echo")) {
-                ret = handle_echo(f, r, error);
-            }
-            else if (!strcmp(directive, "fsize")) {
-                ret = handle_fsize(f, r, error, sizefmt);
-            }
-            else if (!strcmp(directive, "flastmod")) {
-                ret = handle_flastmod(f, r, error, timefmt);
-            }
-            else if (!strcmp(directive, "printenv")) {
-                ret = handle_printenv(f, r, error);
-            }
-#ifdef USE_PERL_SSI
-            else if (!strcmp(directive, "perl")) {
-                ret = handle_perl(f, r, error);
-            }
-#endif
-            else {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			      "unknown directive \"%s\" "
-			      "in parsed doc %s",
-			      directive, r->filename);
-                if (printing) {
-                    ap_rputs(error, r);
-                }
-                ret = find_string(f, ENDING_SEQUENCE, r, 0);
-            }
-            if (ret) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			      "premature EOF in parsed file %s",
-			      r->filename);
-                return;
-            }
-        }
-        else {
-            return;
-        }
-    }
-}
-
-/*****************************************************************
- *
- * XBITHACK.  Sigh...  NB it's configurable per-directory; the compile-time
- * option only changes the default.
- */
-
-module includes_module;
-enum xbithack {
-    xbithack_off, xbithack_on, xbithack_full
-};
-
-#ifdef XBITHACK
-#define DEFAULT_XBITHACK xbithack_full
-#else
-#define DEFAULT_XBITHACK xbithack_off
-#endif
-
-static void *create_includes_dir_config(pool *p, char *dummy)
-{
-    enum xbithack *result = (enum xbithack *) ap_palloc(p, sizeof(enum xbithack));
-    *result = DEFAULT_XBITHACK;
-    return result;
-}
-
-static const char *set_xbithack(cmd_parms *cmd, void *xbp, char *arg)
-{
-    enum xbithack *state = (enum xbithack *) xbp;
-
-    if (!strcasecmp(arg, "off")) {
-        *state = xbithack_off;
-    }
-    else if (!strcasecmp(arg, "on")) {
-        *state = xbithack_on;
-    }
-    else if (!strcasecmp(arg, "full")) {
-        *state = xbithack_full;
-    }
-    else {
-        return "XBitHack must be set to Off, On, or Full";
-    }
-
-    return NULL;
-}
-
-static int send_parsed_file(request_rec *r)
-{
-    FILE *f;
-    enum xbithack *state =
-    (enum xbithack *) ap_get_module_config(r->per_dir_config, &includes_module);
-    int errstatus;
-    request_rec *parent;
-
-    if (!(ap_allow_options(r) & OPT_INCLUDES)) {
-        return DECLINED;
-    }
-    r->allowed |= (1 << M_GET);
-    if (r->method_number != M_GET) {
-        return DECLINED;
-    }
-    if (r->finfo.st_mode == 0) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "File does not exist: %s",
-                    (r->path_info
-                     ? ap_pstrcat(r->pool, r->filename, r->path_info, NULL)
-                     : r->filename));
-        return HTTP_NOT_FOUND;
-    }
-
-    if (!(f = ap_pfopen(r->pool, r->filename, "r"))) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                    "file permissions deny server access: %s", r->filename);
-        return HTTP_FORBIDDEN;
-    }
-
-    if ((*state == xbithack_full)
-        && (r->finfo.st_mode & S_IXGRP)
-        ) {
-        ap_update_mtime(r, r->finfo.st_mtime);
-        ap_set_last_modified(r);
-    }
-    if ((errstatus = ap_meets_conditions(r)) != OK) {
-        return errstatus;
-    }
-
-    ap_send_http_header(r);
-
-    if (r->header_only) {
-        ap_pfclose(r->pool, f);
-        return OK;
-    }
-
-#define SUB_REQ_STRING	"Sub request to mod_include"
-#define PARENT_STRING	"Parent request to mod_include"
-
-    if (ap_table_get(r->notes, SUB_REQ_STRING)) {
-	/*
-	 * The note is a flag to mod_include that this request
-	 * should be treated as if it was a subrequest originating
-	 * in the handle_include() procedure of mod_include.
-	 */
-
-	/*
-	 * There is no good way to pass the parent request_rec to mod_include.
-	 * Tables only take string values and there is nowhere appropriate in
-	 * in the request_rec that can safely be used. So, search for the
-	 * parent note by walking up the r->main list of subrequests, and at
-	 * each level walking back through any internal redirects. This is
-	 * the same request walking that mod_include uses in the procedure
-	 * handle_include().
-	 */
-	request_rec *p = r->main;
-	request_rec *q = p;
-
-	while (q) {
-	    if (ap_table_get(q->notes, PARENT_STRING)) {
-		/* Kludge --- See below */
-		ap_set_module_config(r->request_config, &includes_module, q);
-
-		/* Create the initial environment in the parent */
-		ap_add_common_vars(q);
-		ap_add_cgi_vars(q);
-		add_include_vars(q, DEFAULT_TIME_FORMAT);
-
-		/* Cleanup - This should allow this technique to nest */
-		ap_table_unset(r->notes, SUB_REQ_STRING);
-		ap_table_unset(q->notes, PARENT_STRING);
-		break;
-	    }
-	    if (q->prev != NULL) {
-		q = q->prev;
-	    }
-	    else {
-		p = p->main;
-		q = p;
-	    }
-	}
-    }
-
-    if ((parent = ap_get_module_config(r->request_config, &includes_module))) {
-	/* Kludge --- for nested includes, we want to keep the subprocess
-	 * environment of the base document (for compatibility); that means
-	 * torquing our own last_modified date as well so that the
-	 * LAST_MODIFIED variable gets reset to the proper value if the
-	 * nested document resets <!--#config timefmt-->.
-	 * We also insist that the memory for this subrequest not be
-	 * destroyed, that's dealt with in handle_include().
-	 */
-	r->subprocess_env = parent->subprocess_env;
-	ap_pool_join(parent->pool, r->pool);
-	r->finfo.st_mtime = parent->finfo.st_mtime;
-    }
-    else {
-	/* we're not a nested include, so we create an initial
-	 * environment */
-        ap_add_common_vars(r);
-        ap_add_cgi_vars(r);
-        add_include_vars(r, DEFAULT_TIME_FORMAT);
-    }
-    /* XXX: this is bogus, at some point we're going to do a subrequest,
-     * and when we do it we're going to be subjecting code that doesn't
-     * expect to be signal-ready to SIGALRM.  There is no clean way to
-     * fix this, except to put alarm support into BUFF. -djg
-     */
-    ap_hard_timeout("send SSI", r);
-
-
-    send_parsed_content(f, r);
-
-    if (parent) {
-	/*
-	 * All the work is finished for this subrequest. The following
-	 * makes it safe for the creator of the subrequest to destroy it
-	 * via ap_destroy_sub_req() once the call to ap_run_sub_req()
-	 * returns. This is required since the original pool of the
-	 * subrequest has been merged into the pool of the parent request
-	 * of the subrequest (see Kludge above). The alternative is to
-	 * NOT destroy the subrequest.
-	 */
-	r->pool = ap_make_sub_pool(r->pool);
-    }
-
-    ap_kill_timeout(r);
-    return OK;
-}
-
-static int send_shtml_file(request_rec *r)
-{
-    r->content_type = "text/html";
-    return send_parsed_file(r);
-}
-
-static int xbithack_handler(request_rec *r)
-{
-    enum xbithack *state;
-
-    if (!(r->finfo.st_mode & S_IXUSR)) {
-        return DECLINED;
-    }
-
-    state = (enum xbithack *) ap_get_module_config(r->per_dir_config,
-                                                &includes_module);
-
-    if (*state == xbithack_off) {
-        return DECLINED;
-    }
-    return send_parsed_file(r);
-}
-
-static const command_rec includes_cmds[] =
-{
-    {"XBitHack", set_xbithack, NULL, OR_OPTIONS, TAKE1, "Off, On, or Full"},
-    {NULL}
-};
-
-static const handler_rec includes_handlers[] =
-{
-    {INCLUDES_MAGIC_TYPE, send_shtml_file},
-    {INCLUDES_MAGIC_TYPE3, send_shtml_file},
-    {"server-parsed", send_parsed_file},
-    {"text/html", xbithack_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT includes_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_includes_dir_config, /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    includes_cmds,              /* command table */
-    includes_handlers,          /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_info.c b/usr.sbin/httpd/src/modules/standard/mod_info.c
deleted file mode 100644
index 3d09421bacd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_info.c
+++ /dev/null
@@ -1,774 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* 
- * Info Module.  Display configuration information for the server and
- * all included modules.
- *
- * <Location /server-info>
- * SetHandler server-info
- * </Location>
- *
- * GET /server-info - Returns full configuration page for server and all modules
- * GET /server-info?server - Returns server configuration only
- * GET /server-info?module_name - Returns configuration for a single module
- * GET /server-info?list - Returns quick list of included modules
- *
- * Rasmus Lerdorf <rasmus@php.net>, May 1996
- *
- * 05.01.96 Initial Version
- *
- * Lou Langholtz <ldl@usi.utah.edu>, July 1997
- *
- * 07.11.97 Addition of the AddModuleInfo directive
- * 
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include "util_script.h"
-#include "http_conf_globals.h"
-
-typedef struct {
-    char *name;                 /* matching module name */
-    char *info;                 /* additional info */
-} info_entry;
-
-typedef struct {
-    array_header *more_info;
-} info_svr_conf;
-
-typedef struct info_cfg_lines {
-    char *cmd;
-    char *line;
-    struct info_cfg_lines *next;
-} info_cfg_lines;
-
-typedef struct {                /* shamelessly lifted from http_config.c */
-    char *fname;
-} info_fnames;
-
-typedef struct {
-    info_cfg_lines *clines;
-    char *fname;
-} info_clines;
-
-module MODULE_VAR_EXPORT info_module;
-extern module API_VAR_EXPORT *top_module;
-
-/* shamelessly lifted from http_config.c */
-static int fname_alphasort(const void *fn1, const void *fn2)
-{
-    const info_fnames *f1 = fn1;
-    const info_fnames *f2 = fn2;
-
-    return strcmp(f1->fname,f2->fname);
-}
-
-static void *create_info_config(pool *p, server_rec *s)
-{
-    info_svr_conf *conf = (info_svr_conf *) ap_pcalloc(p, sizeof(info_svr_conf));
-
-    conf->more_info = ap_make_array(p, 20, sizeof(info_entry));
-    return conf;
-}
-
-static void *merge_info_config(pool *p, void *basev, void *overridesv)
-{
-    info_svr_conf *new = (info_svr_conf *) ap_pcalloc(p, sizeof(info_svr_conf));
-    info_svr_conf *base = (info_svr_conf *) basev;
-    info_svr_conf *overrides = (info_svr_conf *) overridesv;
-
-    new->more_info = ap_append_arrays(p, overrides->more_info, base->more_info);
-    return new;
-}
-
-static char *mod_info_html_cmd_string(const char *string, char *buf, size_t buf_len)
-{
-    const char *s;
-    char *t;
-    char *end_buf;
-
-    s = string;
-    t = buf;
-    /* keep space for \0 byte */
-    end_buf = buf + buf_len - 1;
-    while ((*s) && (t < end_buf)) {
-        if (*s == '<') {
-            strncpy(t, "&lt;", end_buf - t);
-            t += 4;
-        }
-        else if (*s == '>') {
-            strncpy(t, "&gt;", end_buf - t);
-            t += 4;
-        }
-        else if (*s == '&') {
-            strncpy(t, "&amp;", end_buf - t);
-            t += 5;
-        }
-        else {
-            *t++ = *s;
-        }
-        s++;
-    }
-    /* oops, overflowed... don't overwrite */
-    if (t > end_buf) {
-        *end_buf = '\0';
-    }
-    else {
-        *t = '\0';
-    }
-    return (buf);
-}
-
-static info_cfg_lines *mod_info_load_config(pool *p, const char *filename,
-                                            request_rec *r)
-{
-    char s[MAX_STRING_LEN];
-    configfile_t *fp;
-    info_cfg_lines *new, *ret, *prev;
-    const char *t;
-
-    fp = ap_pcfg_openfile(p, filename);
-    if (!fp) {
-        ap_log_rerror(APLOG_MARK, APLOG_WARNING, r, 
-                    "mod_info: couldn't open config file %s",
-                    filename);
-        return NULL;
-    }
-    ret = NULL;
-    prev = NULL;
-    while (!ap_cfg_getline(s, MAX_STRING_LEN, fp)) {
-        if (*s == '#') {
-            continue;           /* skip comments */
-        }
-        new = ap_palloc(p, sizeof(struct info_cfg_lines));
-        new->next = NULL;
-        if (!ret) {
-            ret = new;
-        }
-        if (prev) {
-            prev->next = new;
-        }
-        t = s;
-        new->cmd = ap_getword_conf(p, &t);
-        if (*t) {
-            new->line = ap_pstrdup(p, t);
-        }
-        else {
-            new->line = NULL;
-        }
-        prev = new;
-    }
-    ap_cfg_closefile(fp);
-    return (ret);
-}
-
-static void mod_info_module_cmds(request_rec *r, info_cfg_lines *cfg,
-                                 const command_rec *cmds, char *label)
-{
-    const command_rec *cmd = cmds;
-    info_cfg_lines *li = cfg, *li_st = NULL, *li_se = NULL;
-    info_cfg_lines *block_start = NULL;
-    int lab = 0, nest = 0;
-    char buf[MAX_STRING_LEN];
-
-    while (li) {
-        if (!strncasecmp(li->cmd, "<directory", 10) ||
-            !strncasecmp(li->cmd, "<location", 9) ||
-            !strncasecmp(li->cmd, "<limit", 6) ||
-            !strncasecmp(li->cmd, "<files", 6)) {
-            if (nest) {
-                li_se = li;
-            }
-            else {
-                li_st = li;
-            }
-            li = li->next;
-            nest++;
-            continue;
-        }
-        else if (nest && (!strncasecmp(li->cmd, "</limit", 7) ||
-                          !strncasecmp(li->cmd, "</location", 10) ||
-                          !strncasecmp(li->cmd, "</directory", 11) ||
-                          !strncasecmp(li->cmd, "</files", 7))) {
-            if (block_start) {
-                if ((nest == 1 && block_start == li_st) ||
-                    (nest == 2 && block_start == li_se)) {
-                    ap_rputs("<dd><tt>", r);
-                    if (nest == 2) {
-                        ap_rputs("&nbsp;&nbsp;", r);
-                    }
-                    ap_rputs(mod_info_html_cmd_string(li->cmd, buf, sizeof(buf)), r);
-                    ap_rputs(" ", r);
-                    if (li->line) {
-                        ap_rputs(mod_info_html_cmd_string(li->line, buf, sizeof(buf)), r);
-                    }
-                    ap_rputs("</tt>\n", r);
-                    nest--;
-                    if (!nest) {
-                        block_start = NULL;
-                        li_st = NULL;
-                    }
-                    else {
-                        block_start = li_st;
-                    }
-                    li_se = NULL;
-                }
-                else {
-                    nest--;
-                    if (!nest) {
-                        li_st = NULL;
-                    }
-                    li_se = NULL;
-                }
-            }
-            else {
-                nest--;
-                if (!nest) {
-                    li_st = NULL;
-                }
-                li_se = NULL;
-            }
-            li = li->next;
-            continue;
-        }
-        cmd = cmds;
-        while (cmd) {
-            if (cmd->name) {
-                if (!strcasecmp(cmd->name, li->cmd)) {
-                    if (!lab) {
-                        ap_rputs("<dt><strong>", r);
-                        ap_rputs(label, r);
-                        ap_rputs("</strong>\n", r);
-                        lab = 1;
-                    }
-                    if (((nest && block_start == NULL) ||
-                         (nest == 2 && block_start == li_st)) &&
-                        (strncasecmp(li->cmd, "<directory", 10) &&
-                         strncasecmp(li->cmd, "<location", 9) &&
-                         strncasecmp(li->cmd, "<limit", 6) &&
-                         strncasecmp(li->cmd, "</limit", 7) &&
-                         strncasecmp(li->cmd, "</location", 10) &&
-                         strncasecmp(li->cmd, "</directory", 11) &&
-                         strncasecmp(li->cmd, "</files", 7))) {
-                        ap_rputs("<dd><tt>", r);
-                        ap_rputs(mod_info_html_cmd_string(li_st->cmd, buf, sizeof(buf)), r);
-                        ap_rputs(" ", r);
-                        if (li_st->line) {
-                            ap_rputs(mod_info_html_cmd_string(li_st->line, buf, sizeof(buf)), r);
-                        }
-                        ap_rputs("</tt>\n", r);
-                        block_start = li_st;
-                        if (li_se) {
-                            ap_rputs("<dd><tt>&nbsp;&nbsp;", r);
-                            ap_rputs(mod_info_html_cmd_string(li_se->cmd, buf, sizeof(buf)), r);
-                            ap_rputs(" ", r);
-                            if (li_se->line) {
-                                ap_rputs(mod_info_html_cmd_string(li_se->line, buf, sizeof(buf)), r);
-                            }
-                            ap_rputs("</tt>\n", r);
-                            block_start = li_se;
-                        }
-                    }
-                    ap_rputs("<dd><tt>", r);
-                    if (nest) {
-                        ap_rputs("&nbsp;&nbsp;", r);
-                    }
-                    if (nest == 2) {
-                        ap_rputs("&nbsp;&nbsp;", r);
-                    }
-                    ap_rputs(mod_info_html_cmd_string(li->cmd, buf, sizeof(buf)), r);
-                    if (li->line) {
-                        ap_rputs(" <i>", r);
-                        ap_rputs(mod_info_html_cmd_string(li->line, buf, sizeof(buf)), r);
-                        ap_rputs("</i>", r);
-                    }
-                    ap_rputs("</tt>", r);
-                }
-            }
-            else
-                break;
-            cmd++;
-        }
-        li = li->next;
-    }
-}
-
-static char *find_more_info(server_rec *s, const char *module_name)
-{
-    int i;
-    info_svr_conf *conf = (info_svr_conf *) ap_get_module_config(s->module_config,
-                                                              &info_module);
-    info_entry *entry = (info_entry *) conf->more_info->elts;
-
-    if (!module_name) {
-        return 0;
-    }
-    for (i = 0; i < conf->more_info->nelts; i++) {
-        if (!strcmp(module_name, entry->name)) {
-            return entry->info;
-        }
-        entry++;
-    }
-    return 0;
-}
-
-static void mod_info_dirwalk(pool *p, const char *fname,
-                             request_rec *r, array_header *carray)
-{
-    info_clines *cnew = NULL;
-    info_cfg_lines *mod_info_cfg_tmp = NULL;
-
-    if (!ap_is_rdirectory(fname)) {
-        mod_info_cfg_tmp = mod_info_load_config(p, fname, r);
-        cnew = (info_clines *) ap_push_array(carray);
-        cnew->fname = ap_pstrdup(p, fname);
-        cnew->clines = mod_info_cfg_tmp;
-    } else {
-        DIR *dirp;
-        struct DIR_TYPE *dir_entry;
-        int current;
-        array_header *candidates = NULL;
-        info_fnames *fnew;
-
-        dirp = ap_popendir(p, fname);
-        if (dirp == NULL) {
-            ap_log_rerror(APLOG_MARK, APLOG_WARNING, r, 
-                    "mod_info: couldn't open config directory %s",
-                    fname);
-            return;
-        }
-        candidates = ap_make_array(p, 1, sizeof(info_fnames));
-        while ((dir_entry = readdir(dirp)) != NULL) {
-            /* strip out '.' and '..' */
-            if (strcmp(dir_entry->d_name, ".") &&
-                strcmp(dir_entry->d_name, "..")) {
-                fnew = (info_fnames *) ap_push_array(candidates);
-                fnew->fname = ap_make_full_path(p, fname, dir_entry->d_name);
-            }
-        }
-        ap_pclosedir(p, dirp);
-        if (candidates->nelts != 0) {
-            qsort((void *) candidates->elts, candidates->nelts,
-              sizeof(info_fnames), fname_alphasort);
-            for (current = 0; current < candidates->nelts; ++current) {
-                fnew = &((info_fnames *) candidates->elts)[current];
-                mod_info_dirwalk(p, fnew->fname, r, carray);
-            }
-        }
-    }
-    return;
-}
-
-static int display_info(request_rec *r)
-{
-    module *modp = NULL;
-    char buf[MAX_STRING_LEN], *cfname;
-    char *more_info;
-    const command_rec *cmd = NULL;
-    const handler_rec *hand = NULL;
-    server_rec *serv = r->server;
-    int comma = 0;
-    array_header *allconfigs = NULL;
-    info_clines *cnew = NULL;
-    int current;
-    char *relpath;
-
-    r->allowed |= (1 << M_GET);
-    if (r->method_number != M_GET)
-        return DECLINED;
-
-    r->content_type = "text/html";
-    ap_send_http_header(r);
-    if (r->header_only) {
-        return 0;
-    }
-    ap_hard_timeout("send server info", r);
-
-    ap_rputs(DOCTYPE_HTML_3_2
-             "<html><head><title>Server Information</title></head>\n", r);
-    ap_rputs("<body><h1 align=center>Apache Server Information</h1>\n", r);
-    if (!r->args || strcasecmp(r->args, "list")) {
-        allconfigs = ap_make_array(r->pool, 1, sizeof(info_clines));
-        cfname = ap_server_root_relative(r->pool, ap_server_confname);
-        mod_info_dirwalk(r->pool, cfname, r, allconfigs);
-        cfname = ap_server_root_relative(r->pool, serv->srm_confname);
-        mod_info_dirwalk(r->pool, cfname, r, allconfigs);
-        cfname = ap_server_root_relative(r->pool, serv->access_confname);
-        mod_info_dirwalk(r->pool, cfname, r, allconfigs);
-        if (!r->args) {
-            ap_rputs("<tt><a href=\"#server\">Server Settings</a>, ", r);
-            for (modp = top_module; modp; modp = modp->next) {
-                ap_rprintf(r, "<a href=\"#%s\">%s</a>", modp->name, modp->name);
-                if (modp->next) {
-                    ap_rputs(", ", r);
-                }
-            }
-            ap_rputs("</tt><hr>", r);
-
-        }
-        if (!r->args || !strcasecmp(r->args, "server")) {
-            ap_rprintf(r, "<a name=\"server\"><strong>Server Version:</strong> "
-                        "<font size=+1><tt>%s</tt></a></font><br>\n",
-                        ap_get_server_version());
-            ap_rprintf(r, "<strong>API Version:</strong> "
-                        "<tt>%d:%d</tt><br>\n",
-                        MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
-            ap_rprintf(r, "<strong>Run Mode:</strong> <tt>%s</tt><br>\n",
-                        (ap_standalone ? "standalone" : "inetd"));
-            ap_rprintf(r, "<strong>User/Group:</strong> "
-                        "<tt>%s(%d)/%d</tt><br>\n",
-                        ap_user_name, (int) ap_user_id, (int) ap_group_id);
-            ap_rprintf(r, "<strong>Hostname/port:</strong> "
-                        "<tt>%s:%u</tt><br>\n",
-                        serv->server_hostname, serv->port);
-            ap_rprintf(r, "<strong>Daemons:</strong> "
-                        "<tt>start: %d &nbsp;&nbsp; "
-                        "min idle: %d &nbsp;&nbsp; "
-                        "max idle: %d &nbsp;&nbsp; "
-                        "max: %d</tt><br>\n",
-                        ap_daemons_to_start, ap_daemons_min_free,
-                        ap_daemons_max_free, ap_daemons_limit);
-            ap_rprintf(r, "<strong>Per-child rlimits:</strong><br>\n"
-                        "<tt>RLIMIT_CPU: %d &nbsp;&nbsp; </tt><br>\n"
-                        "<tt>RLIMIT_DATA: %d &nbsp;&nbsp; </tt><br>\n"
-                        "<tt>RLIMIT_NOFILE: %d &nbsp;&nbsp; </tt><br>\n"
-                        "<tt>RLIMIT_RSS: %d &nbsp;&nbsp; </tt><br>\n"
-                        "<tt>RLIMIT_STACK: %d &nbsp;&nbsp; </tt><br>\n",
-                        ap_max_cpu_per_child, ap_max_data_per_child,
-                        ap_max_nofile_per_child, ap_max_rss_per_child,
-                        ap_max_stack_per_child);
-            ap_rprintf(r, "<strong>Max Requests:</strong> "
-                        "<tt>per child: %d &nbsp;&nbsp; "
-                        "keep alive: %s &nbsp;&nbsp; "
-                        "max per connection: %d</tt><br>\n",
-                        ap_max_requests_per_child,
-                        (serv->keep_alive ? "on" : "off"),
-                        serv->keep_alive_max);
-            ap_rprintf(r, "<strong>Threads:</strong> "
-                        "<tt>per child: %d &nbsp;&nbsp; </tt><br>\n",
-                        ap_threads_per_child);
-            ap_rprintf(r, "<strong>Excess requests:</strong> "
-                        "<tt>per child: %d &nbsp;&nbsp; </tt><br>\n",
-                        ap_excess_requests_per_child);
-            ap_rprintf(r, "<strong>Timeouts:</strong> "
-                        "<tt>connection: %d &nbsp;&nbsp; "
-                        "keep-alive: %d</tt><br>",
-                        serv->timeout, serv->keep_alive_timeout);
-            ap_rprintf(r, "<strong>Server Root:</strong> "
-                        "<tt>%s</tt><br>\n", ap_server_root);
-            ap_rprintf(r, "<strong>Config File:</strong> "
-                        "<tt>%s</tt><br>\n", ap_server_confname);
-            ap_rprintf(r, "<strong>PID File:</strong> "
-                        "<tt>%s</tt><br>\n", ap_pid_fname);
-            ap_rprintf(r, "<strong>Scoreboard File:</strong> "
-                        "<tt>%s</tt><br>\n", ap_scoreboard_fname);
-        }
-        ap_rputs("<hr><dl>", r);
-        for (modp = top_module; modp; modp = modp->next) {
-            if (!r->args || !strcasecmp(modp->name, r->args)) {
-                ap_rprintf(r, "<dt><a name=\"%s\"><strong>Module Name:</strong> "
-                            "<font size=+1><tt>%s</tt></a></font>\n",
-                            modp->name, modp->name);
-                ap_rputs("<dt><strong>Content handlers:</strong>", r);
-                hand = modp->handlers;
-                if (hand) {
-                    while (hand) {
-                        if (hand->content_type) {
-                            ap_rprintf(r, " <tt>%s</tt>\n", hand->content_type);
-                        }
-                        else {
-                            break;
-                        }
-                        hand++;
-                        if (hand && hand->content_type) {
-                            ap_rputs(",", r);
-                        }
-                    }
-                }
-                else {
-                    ap_rputs("<tt> <EM>none</EM></tt>", r);
-                }
-                ap_rputs("<dt><strong>Configuration Phase Participation:</strong> \n",
-                      r);
-                if (modp->child_init) {
-                    ap_rputs("<tt>Child Init</tt>", r);
-                    comma = 1;
-                }
-                if (modp->create_dir_config) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Create Directory Config</tt>", r);
-                    comma = 1;
-                }
-                if (modp->merge_dir_config) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Merge Directory Configs</tt>", r);
-                    comma = 1;
-                }
-                if (modp->create_server_config) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Create Server Config</tt>", r);
-                    comma = 1;
-                }
-                if (modp->merge_server_config) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Merge Server Configs</tt>", r);
-                    comma = 1;
-                }
-                if (modp->child_exit) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Child Exit</tt>", r);
-                    comma = 1;
-                }
-                if (!comma)
-                    ap_rputs("<tt> <EM>none</EM></tt>", r);
-                comma = 0;
-                ap_rputs("<dt><strong>Request Phase Participation:</strong> \n",
-                      r);
-                if (modp->post_read_request) {
-                    ap_rputs("<tt>Post-Read Request</tt>", r);
-                    comma = 1;
-                }
-                if (modp->header_parser) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Header Parse</tt>", r);
-                    comma = 1;
-                }
-                if (modp->translate_handler) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Translate Path</tt>", r);
-                    comma = 1;
-                }
-                if (modp->access_checker) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Check Access</tt>", r);
-                    comma = 1;
-                }
-                if (modp->ap_check_user_id) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Verify User ID</tt>", r);
-                    comma = 1;
-                }
-                if (modp->auth_checker) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Verify User Access</tt>", r);
-                    comma = 1;
-                }
-                if (modp->type_checker) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Check Type</tt>", r);
-                    comma = 1;
-                }
-                if (modp->fixer_upper) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Fixups</tt>", r);
-                    comma = 1;
-                }
-                if (modp->logger) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("<tt>Logging</tt>", r);
-                    comma = 1;
-                }
-                if (!comma)
-                    ap_rputs("<tt> <EM>none</EM></tt>", r);
-                comma = 0;
-                ap_rputs("<dt><strong>Module Directives:</strong> ", r);
-                cmd = modp->cmds;
-                if (cmd) {
-                    while (cmd) {
-                        if (cmd->name) {
-                            ap_rprintf(r, "<dd><tt>%s - <i>",
-                                    mod_info_html_cmd_string(cmd->name,
-                                        buf, sizeof(buf)));
-                            if (cmd->errmsg) {
-                                ap_rputs(cmd->errmsg, r);
-                            }
-                            ap_rputs("</i></tt>\n", r);
-                        }
-                        else {
-                            break;
-                        }
-                        cmd++;
-                    }
-                    ap_rputs("<dt><strong>Current Configuration:</strong>\n", r);
-                    for (current = 0; current < allconfigs->nelts; ++current) {
-                        cnew = &((info_clines *) allconfigs->elts)[current];
-                        /* get relative pathname with some safeguards */
-			relpath = ap_stripprefix(cnew->fname,ap_server_root);
-			if (*relpath != '\0' && relpath != cnew->fname &&
-                            *relpath == '/')
-                            relpath++;
-                        mod_info_module_cmds(r, cnew->clines, modp->cmds,
-                                             relpath);
-                    }
-                }
-                else {
-                    ap_rputs("<tt> none</tt>\n", r);
-                }
-                more_info = find_more_info(serv, modp->name);
-                if (more_info) {
-                    ap_rputs("<dt><strong>Additional Information:</strong>\n<dd>",
-                          r);
-                    ap_rputs(more_info, r);
-                }
-                ap_rputs("<dt><hr>\n", r);
-                if (r->args) {
-                    break;
-                }
-            }
-        }
-        if (!modp && r->args && strcasecmp(r->args, "server")) {
-            ap_rputs("<b>No such module</b>\n", r);
-        }
-    }
-    else {
-        for (modp = top_module; modp; modp = modp->next) {
-            ap_rputs(modp->name, r);
-            if (modp->next) {
-                ap_rputs("<br>", r);
-            }
-        }
-    }
-    ap_rputs("</dl>\n", r);
-    ap_rputs(ap_psignature("",r), r);
-    ap_rputs("</body></html>\n", r);
-    /* Done, turn off timeout, close file and return */
-    ap_kill_timeout(r);
-    return 0;
-}
-
-static const char *add_module_info(cmd_parms *cmd, void *dummy, char *name,
-                                   char *info)
-{
-    server_rec *s = cmd->server;
-    info_svr_conf *conf = (info_svr_conf *) ap_get_module_config(s->module_config,
-                                                              &info_module);
-    info_entry *new = ap_push_array(conf->more_info);
-
-    new->name = name;
-    new->info = info;
-    return NULL;
-}
-
-static const command_rec info_cmds[] =
-{
-    {"AddModuleInfo", add_module_info, NULL, RSRC_CONF, TAKE2,
-     "a module name and additional information on that module"},
-    {NULL}
-};
-
-static const handler_rec info_handlers[] =
-{
-    {"server-info", display_info},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT info_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    NULL,                       /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    create_info_config,         /* server config */
-    merge_info_config,          /* merge server config */
-    info_cmds,                  /* command table */
-    info_handlers,              /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_log_agent.c b/usr.sbin/httpd/src/modules/standard/mod_log_agent.c
deleted file mode 100644
index d3b25799f13..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_log_agent.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*	$OpenBSD: mod_log_agent.c,v 1.8 2004/12/02 19:42:48 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "fdcache.h"
-
-module agent_log_module;
-
-static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
-static mode_t xfer_mode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-
-typedef struct {
-    char *fname;
-    int agent_fd;
-} agent_log_state;
-
-static void *make_agent_log_state(pool *p, server_rec *s)
-{
-    agent_log_state *cls =
-    (agent_log_state *) ap_palloc(p, sizeof(agent_log_state));
-
-    cls->fname = "";
-    cls->agent_fd = -1;
-
-    return (void *) cls;
-}
-
-static const char *set_agent_log(cmd_parms *parms, void *dummy, char *arg)
-{
-    agent_log_state *cls = ap_get_module_config(parms->server->module_config,
-                                             &agent_log_module);
-
-    cls->fname = arg;
-    return NULL;
-}
-
-static const command_rec agent_log_cmds[] =
-{
-    {"AgentLog", set_agent_log, NULL, RSRC_CONF, TAKE1,
-     "the filename of the agent log"},
-    {NULL}
-};
-
-static void open_agent_log(server_rec *s, pool *p)
-{
-    agent_log_state *cls = ap_get_module_config(s->module_config,
-                                             &agent_log_module);
-
-    char *fname = ap_server_root_relative(p, cls->fname);
-
-    if (cls->agent_fd > 0)
-        return;                 /* virtual log shared w/main server */
-
-    if (*cls->fname == '|') {
-        piped_log *pl;
-
-        pl = ap_open_piped_log(p, cls->fname + 1);
-        if (pl == NULL) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, s,
-			 "couldn't spawn agent log pipe");
-            exit(1);
-        }
-        cls->agent_fd = ap_piped_log_write_fd(pl);
-    }
-    else if (*cls->fname != '\0') {
-	if (ap_server_chroot_desired())
-	    cls->agent_fd = fdcache_open(fname, xfer_flags, xfer_mode);
-	else
-	    cls->agent_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1);
-
-        if (cls->agent_fd < 0) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "could not open agent log file %s.", fname);
-            exit(1);
-        }
-    }
-}
-
-static void init_agent_log(server_rec *s, pool *p)
-{
-    for (; s; s = s->next)
-        open_agent_log(s, p);
-}
-
-static int agent_log_transaction(request_rec *orig)
-{
-    agent_log_state *cls = ap_get_module_config(orig->server->module_config,
-                                             &agent_log_module);
-
-    char str[HUGE_STRING_LEN];
-    const char *agent;
-    request_rec *r;
-
-    if (cls->agent_fd < 0)
-        return OK;
-
-    for (r = orig; r->next; r = r->next)
-        continue;
-    if (*cls->fname == '\0')    /* Don't log agent */
-        return DECLINED;
-
-    agent = ap_table_get(orig->headers_in, "User-Agent");
-    if (agent != NULL) {
-        ap_snprintf(str, sizeof(str), "%s\n", agent);
-        write(cls->agent_fd, str, strlen(str));
-    }
-
-    return OK;
-}
-
-module agent_log_module =
-{
-    STANDARD_MODULE_STUFF,
-    init_agent_log,             /* initializer */
-    NULL,                       /* create per-dir config */
-    NULL,                       /* merge per-dir config */
-    make_agent_log_state,       /* server config */
-    NULL,                       /* merge server config */
-    agent_log_cmds,             /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    agent_log_transaction,      /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_log_config.c b/usr.sbin/httpd/src/modules/standard/mod_log_config.c
deleted file mode 100644
index 64e93178978..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_log_config.c
+++ /dev/null
@@ -1,1223 +0,0 @@
-/*	$OpenBSD: mod_log_config.c,v 1.20 2013/01/06 22:06:54 martynas Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Modified by djm@va.pubnix.com:
- * If no TransferLog is given explicitly, decline to log.
- *
- * This is module implements the TransferLog directive (same as the
- * common log module), and additional directives, LogFormat and CustomLog.
- *
- *
- * Syntax:
- *
- *    TransferLog fn      Logs transfers to fn in standard log format, unless
- *                        a custom format is set with LogFormat
- *    LogFormat format    Set a log format from TransferLog files
- *    CustomLog fn format
- *                        Log to file fn with format given by the format
- *                        argument
- *
- *    CookieLog fn        For backwards compatibility with old Cookie
- *                        logging module - now deprecated.
- *
- * There can be any number of TransferLog and CustomLog
- * commands. Each request will be logged to _ALL_ the
- * named files, in the appropriate format.
- *
- * If no TransferLog or CustomLog directive appears in a VirtualHost,
- * the request will be logged to the log file(s) defined outside
- * the virtual host section. If a TransferLog or CustomLog directive
- * appears in the VirtualHost section, the log files defined outside
- * the VirtualHost will _not_ be used. This makes this module compatible
- * with the CLF and config log modules, where the use of TransferLog
- * inside the VirtualHost section overrides its use outside.
- *
- * Examples:
- *
- *    TransferLog    logs/access_log
- *    <VirtualHost>
- *    LogFormat      "... custom format ..."
- *    TransferLog    log/virtual_only
- *    CustomLog      log/virtual_useragents "%t %{user-agent}i"
- *    </VirtualHost>
- *
- * This will log using CLF to access_log any requests handled by the
- * main server, while any requests to the virtual host will be logged
- * with the "... custom format..." to virtual_only _AND_ using
- * the custom user-agent log to virtual_useragents.
- *
- * Note that the NCSA referer and user-agent logs are easily added with
- * CustomLog:
- *   CustomLog   logs/referer  "%{referer}i -> %U"
- *   CustomLog   logs/agent    "%{user-agent}i"
- *
- * RefererIgnore functionality can be obtained with conditional
- * logging (SetEnvIf and CustomLog ... env=!VAR).
- *
- * But using this method allows much easier modification of the
- * log format, e.g. to log hosts along with UA:
- *   CustomLog   logs/referer "%{referer}i %U %h"
- *
- * The argument to LogFormat and CustomLog is a string, which can include
- * literal characters copied into the log files, and '%' directives as
- * follows:
- *
- * %...B:  bytes sent, excluding HTTP headers.
- * %...b:  bytes sent, excluding HTTP headers in CLF format, i.e. a '-'
- *         when no bytes where sent (rather than a '0'.
- * %...c:  Status of the connection.
- *         'X' = connection aborted before the response completed.
- *         '+' = connection may be kept alive after the response is sent.
- *         '-' = connection will be closed after the response is sent.
- * %...{FOOBAR}e:  The contents of the environment variable FOOBAR
- * %...f:  filename
- * %...h:  remote host
- * %...a:  remote IP-address
- * %...A:  local IP-address
- * %...{Foobar}i:  The contents of Foobar: header line(s) in the request
- *                 sent to the client.
- * %...l:  remote logname (from identd, if supplied)
- * %...{Foobar}n:  The contents of note "Foobar" from another module.
- * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
- * %...p:  the port the request was served to
- * %...P:  the process ID of the child that serviced the request.
- * %...r:  first line of request
- * %...s:  status.  For requests that got internally redirected, this
- *         is status of the *original* request --- %...>s for the last.
- * %...t:  time, in common log format time format
- * %...{format}t:  The time, in the form given by format, which should
- *                 be in strftime(3) format.
- * %...T:  the time taken to serve the request, in seconds.
- * %...u:  remote user (from auth; may be bogus if return status (%s) is 401)
- * %...U:  the URL path requested.
- * %...v:  the configured name of the server (i.e. which virtual host?)
- * %...V:  the server name according to the UseCanonicalName setting
- * %...m:  the request method
- * %...H:  the request protocol
- * %...q:  the query string prepended by "?", or empty if no query string
- *
- * The '...' can be nothing at all (e.g. "%h %u %r %s %b"), or it can
- * indicate conditions for inclusion of the item (which will cause it
- * to be replaced with '-' if the condition is not met).  Note that
- * there is no escaping performed on the strings from %r, %...i and
- * %...o; some with long memories may remember that I thought this was
- * a bad idea, once upon a time, and I'm still not comfortable with
- * it, but it is difficult to see how to "do the right thing" with all
- * of '%..i', unless we URL-escape everything and break with CLF.
- *
- * The forms of condition are a list of HTTP status codes, which may
- * or may not be preceded by '!'.  Thus, '%400,501{User-agent}i' logs
- * User-agent: on 400 errors and 501 errors (Bad Request, Not
- * Implemented) only; '%!200,304,302{Referer}i' logs Referer: on all
- * requests which did *not* return some sort of normal status.
- *
- * The default LogFormat reproduces CLF; see below.
- *
- * The way this is supposed to work with virtual hosts is as follows:
- * a virtual host can have its own LogFormat, or its own TransferLog.
- * If it doesn't have its own LogFormat, it inherits from the main
- * server.  If it doesn't have its own TransferLog, it writes to the
- * same descriptor (meaning the same process for "| ...").
- *
- * --- rst */
-
-#define DEFAULT_LOG_FORMAT "%h %l %u %t \"%r\" %>s %b"
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"		/* For REMOTE_NAME */
-#include "http_log.h"
-#include "http_main.h"
-#include "fdcache.h"
-#include <limits.h>
-
-module MODULE_VAR_EXPORT config_log_module;
-
-static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
-static mode_t xfer_mode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-
-/* POSIX.1 defines PIPE_BUF as the maximum number of bytes that is
- * guaranteed to be atomic when writing a pipe.  And PIPE_BUF >= 512
- * is guaranteed.  So we'll just guess 512 in the event the system
- * doesn't have this.  Now, for file writes there is actually no limit,
- * the entire write is atomic.  Whether all systems implement this
- * correctly is another question entirely ... so we'll just use PIPE_BUF
- * because it's probably a good guess as to what is implemented correctly
- * everywhere.
- */
-#ifdef PIPE_BUF
-#define LOG_BUFSIZE     PIPE_BUF
-#else
-#define LOG_BUFSIZE     (512)
-#endif
-
-/*
- * multi_log_state is our per-(virtual)-server configuration. We store
- * an array of the logs we are going to use, each of type config_log_state.
- * If a default log format is given by LogFormat, store in default_format
- * (backward compat. with mod_log_config).  We also store for each virtual
- * server a pointer to the logs specified for the main server, so that if this
- * vhost has no logs defined, we can use the main server's logs instead.
- *
- * So, for the main server, config_logs contains a list of the log files
- * and server_config_logs in empty. For a vhost, server_config_logs
- * points to the same array as config_logs in the main server, and
- * config_logs points to the array of logs defined inside this vhost,
- * which might be empty.
- */
-typedef struct {
-	char		*default_format_string;
-	array_header	*default_format;
-	array_header	*config_logs;
-	array_header	*server_config_logs;
-	table		*formats;
-} multi_log_state;
-
-/*
- * config_log_state holds the status of a single log file. fname might
- * be NULL, which means this module does no logging for this
- * request. format might be NULL, in which case the default_format
- * from the multi_log_state should be used, or if that is NULL as
- * well, use the CLF. log_fd is -1 before the log file is opened and
- * set to a valid fd after it is opened.
- */
-typedef struct {
-	char		*fname;
-	char		*format_string;
-	array_header	*format;
-	int		 log_fd;
-	char		*condition_var;
-#ifdef BUFFERED_LOGS
-	int		 outcnt;
-	char		 outbuf[LOG_BUFSIZE];
-#endif
-} config_log_state;
-
-/*
- * Format items...
- * Note that many of these could have ap_sprintfs replaced with static buffers.
- */
-typedef const char *(*item_key_func) (request_rec *, char *);
-
-typedef struct {
-	char		 ch;
-	item_key_func	 func;
-	char		*arg;
-	int		 condition_sense;
-	int		 want_orig;
-	array_header	*conditions;
-} log_format_item;
-
-static char *
-format_integer(pool *p, int i)
-{
-	return ap_psprintf(p, "%d", i);
-}
-
-static char *
-pfmt(pool *p, int i)
-{
-	if (i <= 0)
-		return "-";
-	else
-		return format_integer(p, i);
-}
-
-static const char *
-constant_item(request_rec *dummy, char *stuff)
-{
-	return stuff;
-}
-
-static const char *
-log_remote_host(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, ap_get_remote_host(r->connection,
-	    r->per_dir_config, REMOTE_NAME));
-}
-
-static const char *
-log_remote_address(request_rec *r, char *a)
-{
-	return r->connection->remote_ip;
-}
-
-static const char *
-log_local_address(request_rec *r, char *a)
-{
-	return r->connection->local_ip;
-}
-
-static const char *
-log_remote_logname(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, ap_get_remote_logname(r));
-}
-
-static const char *
-log_remote_user(request_rec *r, char *a)
-{
-	char *rvalue = r->connection->user;
-
-	if (rvalue == NULL)
-		rvalue = "-";
-	else if (strlen(rvalue) == 0)
-		rvalue = "\"\"";
-	else
-		rvalue = ap_escape_logitem(r->pool, rvalue);
-	return rvalue;
-}
-
-static const char *
-log_request_line(request_rec *r, char *a)
-{
-	/*
-         * NOTE: If the original request contained a password, we re-write the
-         * request line here to contain XXXXXX instead: (note the truncation
-         * before the protocol string for HTTP/0.9 requests) (note also that
-         * r->the_request contains the unmodified request)
-         */
-	return ap_escape_logitem(r->pool,
-	      (r->parsed_uri.password) ? ap_pstrcat(r->pool, r->method, " ",
-		      ap_unparse_uri_components(r->pool, &r->parsed_uri, 0),
-			    r->assbackwards ? NULL : " ", r->protocol, NULL)
-				 : r->the_request
-	);
-}
-
-static const char *
-log_request_file(request_rec *r, char *a)
-{
-	return r->filename;
-}
-
-static const char *
-log_request_uri(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, r->uri);
-}
-
-static const char *
-log_request_method(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, r->method);
-}
-
-static const char *log_request_protocol(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, r->protocol);
-}
-
-static const char *log_request_query(request_rec *r, char *a)
-{
-	return (r->args != NULL) ? ap_pstrcat(r->pool, "?",
-	    ap_escape_logitem(r->pool, r->args), NULL)
-	    : "";
-}
-
-static const char *
-log_status(request_rec *r, char *a)
-{
-	return pfmt(r->pool, r->status);
-}
-
-static const char *
-clf_log_bytes_sent(request_rec *r, char *a)
-{
-	if (!r->sent_bodyct)
-		return "-";
-	else {
-		off_t bs;
-		ap_bgetopt(r->connection->client, BO_BYTECT, &bs);
-		return ap_psprintf(r->pool, "%qd", bs);
-	}
-}
-
-static const char *
-log_bytes_sent(request_rec *r, char *a)
-{
-	if (!r->sent_bodyct)
-		return "0";
-	else {
-		off_t bs;
-		ap_bgetopt(r->connection->client, BO_BYTECT, &bs);
-		return ap_psprintf(r->pool, "%qd", bs);
-	}
-}
-
-static const char *
-log_header_in(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, ap_table_get(r->headers_in, a));
-}
-
-static const char *
-log_header_out(request_rec *r, char *a)
-{
-	const char *cp = ap_table_get(r->headers_out, a);
-
-	if (!strcasecmp(a, "Content-type") && r->content_type)
-		cp = ap_field_noparam(r->pool, r->content_type);
-
-	if (cp)
-		return cp;
-
-	return ap_table_get(r->err_headers_out, a);
-}
-
-static const char *
-log_note(request_rec *r, char *a)
-{
-	return ap_table_get(r->notes, a);
-}
-
-static const char *
-log_env_var(request_rec *r, char *a)
-{
-	return ap_table_get(r->subprocess_env, a);
-}
-
-static const char *
-log_request_time(request_rec *r, char *a)
-{
-	int timz;
-	struct tm *t;
-	char tstr[MAX_STRING_LEN];
-
-	t = ap_get_gmtoff(&timz);
-
-	if (a && *a)		/* Custom format */
-		strftime(tstr, MAX_STRING_LEN, a, t);
-	else {			/* CLF format */
-		char sign = (timz < 0 ? '-' : '+');
-
-		if (timz < 0)
-			timz = -timz;
-
-		ap_snprintf(tstr, sizeof(tstr),
-		    "[%02d/%s/%d:%02d:%02d:%02d %c%.2d%.2d]",
-		    t->tm_mday, ap_month_snames[t->tm_mon], t->tm_year + 1900,
-		    t->tm_hour, t->tm_min, t->tm_sec,
-		    sign, timz / 60, timz % 60);
-	}
-
-	return ap_pstrdup(r->pool, tstr);
-}
-
-static const char *
-log_request_duration(request_rec *r, char *a)
-{
-	return ap_psprintf(r->pool, "%ld",
-	    (long)(time(NULL) - r->request_time));
-}
-
-/*
- * These next two routines use the canonical name:port so that log
- * parsers don't need to duplicate all the vhost parsing crud.
- */
-static const char *
-log_virtual_host(request_rec *r, char *a)
-{
-	return r->server->server_hostname;
-}
-
-static const char *
-log_server_port(request_rec *r, char *a)
-{
-	return ap_psprintf(r->pool, "%u",
-	    r->server->port ? r->server->port : ap_default_port(r));
-}
-
-/*
- * This respects the setting of UseCanonicalName so that
- * the dynamic mass virtual hosting trick works better.
- */
-static const char *
-log_server_name(request_rec *r, char *a)
-{
-	return ap_get_server_name(r);
-}
-
-static const char *
-log_child_pid(request_rec *r, char *a)
-{
-	return ap_psprintf(r->pool, "%ld", (long) getpid());
-}
-
-static const char *
-log_connection_status(request_rec *r, char *a)
-{
-	if (r->connection->aborted)
-		return "X";
-
-	if ((r->connection->keepalive) &&
-	    ((r->server->keep_alive_max - r->connection->keepalives) > 0))
-		return "+";
-
-	return "-";
-}
-
-/* Parsing the log format string */
-static struct log_item_list {
-	char ch;
-	item_key_func func;
-	int want_orig_default;
-}             log_item_keys[] = {
-
-	{
-		'h', log_remote_host, 0
-	},
-	{
-		'a', log_remote_address, 0
-	},
-	{
-		'A', log_local_address, 0
-	},
-	{
-		'l', log_remote_logname, 0
-	},
-	{
-		'u', log_remote_user, 0
-	},
-	{
-		't', log_request_time, 0
-	},
-	{
-		'T', log_request_duration, 1
-	},
-	{
-		'r', log_request_line, 1
-	},
-	{
-		'f', log_request_file, 0
-	},
-	{
-		'U', log_request_uri, 1
-	},
-	{
-		's', log_status, 1
-	},
-	{
-		'b', clf_log_bytes_sent, 0
-	},
-	{
-		'B', log_bytes_sent, 0
-	},
-	{
-		'i', log_header_in, 0
-	},
-	{
-		'o', log_header_out, 0
-	},
-	{
-		'n', log_note, 0
-	},
-	{
-		'e', log_env_var, 0
-	},
-	{
-		'V', log_server_name, 0
-	},
-	{
-		'v', log_virtual_host, 0
-	},
-	{
-		'p', log_server_port, 0
-	},
-	{
-		'P', log_child_pid, 0
-	},
-	{
-		'H', log_request_protocol, 0
-	},
-	{
-		'm', log_request_method, 0
-	},
-	{
-		'q', log_request_query, 0
-	},
-	{
-		'c', log_connection_status, 0
-	},
-	{
-		'\0'
-	}
-};
-
-static struct log_item_list *
-find_log_func(pool *p, char k)
-{
-	int i;
-	struct log_item_list *lil;
-
-	for (i = 0; log_item_keys[i].ch; ++i)
-		if (k == log_item_keys[i].ch)
-			return &log_item_keys[i];
-
-	if (ap_hook_status(ap_psprintf(p, "ap::mod_log_config::log_%c", k))
-	    != AP_HOOK_STATE_NOTEXISTANT) {
-		lil = (struct log_item_list *)
-		    ap_pcalloc(p, sizeof(struct log_item_list));
-		if (lil == NULL)
-			return NULL;
-		lil->ch = k;
-		lil->func = NULL;
-		lil->want_orig_default = 0;
-		return lil;
-	}
-
-	return NULL;
-}
-
-static char *
-parse_log_misc_string(pool *p, log_format_item * it, const char **sa)
-{
-	const char *s;
-	char *d;
-
-	it->func = constant_item;
-	it->conditions = NULL;
-
-	s = *sa;
-	while (*s && *s != '%')
-		s++;
-
-	/*
-         * This might allocate a few chars extra if there's a backslash
-         * escape in the format string.
-         */
-	it->arg = ap_palloc(p, s - *sa + 1);
-
-	d = it->arg;
-	s = *sa;
-	while (*s && *s != '%') {
-		if (*s != '\\')
-			*d++ = *s++;
-		else {
-			s++;
-			switch (*s) {
-			case '\\':
-				*d++ = '\\';
-				s++;
-				break;
-			case 'n':
-				*d++ = '\n';
-				s++;
-				break;
-			case 't':
-				*d++ = '\t';
-				s++;
-				break;
-			default:
-				/* copy verbatim */
-				*d++ = '\\';
-				/*
-				 * Allow the loop to deal with this *s in
-				 * the normal
-				 * fashion so that it handles end of string etc.
-				 * properly.
-				 */
-				break;
-			}
-		}
-	}
-	*d = '\0';
-
-	*sa = s;
-	return NULL;
-}
-
-static char *
-parse_log_item(pool *p, log_format_item * it, const char **sa)
-{
-	const char *s = *sa;
-
-	if (*s != '%')
-		return parse_log_misc_string(p, it, sa);
-
-	++s;
-	it->condition_sense = 0;
-	it->conditions = NULL;
-	it->want_orig = -1;
-	it->arg = "";		/* For safety's sake... */
-
-	while (*s) {
-		int i;
-		struct log_item_list *l;
-
-		switch (*s) {
-		case '!':
-			++s;
-			it->condition_sense = !it->condition_sense;
-			break;
-		case '<':
-			++s;
-			it->want_orig = 1;
-			break;
-		case '>':
-			++s;
-			it->want_orig = 0;
-			break;
-		case ',':
-			++s;
-			break;
-		case '{':
-			++s;
-			it->arg = ap_getword(p, &s, '}');
-			break;
-		case '0':
-		case '1':
-		case '2':
-		case '3':
-		case '4':
-		case '5':
-		case '6':
-		case '7':
-		case '8':
-		case '9':
-			i = *s - '0';
-			while (ap_isdigit(*++s))
-				i = i * 10 + (*s) - '0';
-			if (!it->conditions)
-				it->conditions = ap_make_array(p, 4,
-				    sizeof(int));
-			*(int *)ap_push_array(it->conditions) = i;
-			break;
-		default:
-			l = find_log_func(p, *s++);
-			if (!l) {
-				char dummy[2];
-
-				dummy[0] = s[-1];
-				dummy[1] = '\0';
-				return ap_pstrcat(p, "Unrecognized LogFormat "
-				    "directive %", dummy, NULL);
-			}
-			it->ch = s[-1];
-			it->func = l->func;
-			if (it->want_orig == -1)
-				it->want_orig = l->want_orig_default;
-			*sa = s;
-			return NULL;
-		}
-	}
-
-	return "Ran off end of LogFormat parsing args to some directive";
-}
-
-static array_header *
-parse_log_string(pool *p, const char *s, const char **err)
-{
-	array_header *a = ap_make_array(p, 30, sizeof(log_format_item));
-	char *res;
-
-	while (*s) {
-		if ((res = parse_log_item(p,
-		    (log_format_item *)ap_push_array(a), &s))) {
-			*err = res;
-			return NULL;
-		}
-	}
-
-	s = "\n";
-	parse_log_item(p, (log_format_item *) ap_push_array(a), &s);
-	return a;
-}
-
-/* Actually logging. */
-static const char *
-process_item(request_rec *r, request_rec *orig, log_format_item * item)
-{
-	const char *cp;
-
-	/* First, see if we need to process this thing at all... */
-	if (item->conditions && item->conditions->nelts != 0) {
-		int i;
-		int *conds = (int *)item->conditions->elts;
-		int in_list = 0;
-
-		for (i = 0; i < item->conditions->nelts; ++i) {
-			if (r->status == conds[i]) {
-				in_list = 1;
-				break;
-			}
-		}
-
-		if ((item->condition_sense && in_list)
-		    || (!item->condition_sense && !in_list))
-			return "-";
-	}
-
-	/* We do.  Do it... */
-	if (item->func == NULL) {
-		cp = NULL;
-		ap_hook_use(ap_psprintf(r->pool, "ap::mod_log_config::log_%c",
-		    item->ch), AP_HOOK_SIG3(ptr, ptr, ptr),
-		    AP_HOOK_DECLINE(NULL), &cp, r, item->arg);
-	} else
-		cp = (*item->func) (item->want_orig ? orig : r, item->arg);
-	return cp ? cp : "-";
-}
-
-#ifdef BUFFERED_LOGS
-static void
-flush_log(config_log_state * cls)
-{
-	if (cls->outcnt && cls->log_fd != -1) {
-		write(cls->log_fd, cls->outbuf, cls->outcnt);
-		cls->outcnt = 0;
-	}
-}
-#endif
-
-static int
-config_log_transaction(request_rec *r, config_log_state * cls,
-    array_header *default_format)
-{
-	log_format_item *items;
-	char *str, *s;
-	const char **strs;
-	int *strl;
-	request_rec *orig;
-	int i;
-	int len = 0;
-	array_header *format;
-	char *envar;
-
-	if (cls->fname == NULL)
-		return DECLINED;
-
-	/*
-         * See if we've got any conditional envariable-controlled
-	 * logging decisions to make.
-         */
-	if (cls->condition_var != NULL) {
-		envar = cls->condition_var;
-		if (*envar != '!') {
-			if (ap_table_get(r->subprocess_env, envar) == NULL)
-				return DECLINED;
-		} else {
-			if (ap_table_get(r->subprocess_env, &envar[1]) != NULL)
-				return DECLINED;
-		}
-	}
-
-	format = cls->format ? cls->format : default_format;
-
-	strs = ap_palloc(r->pool, sizeof(char *) * (format->nelts));
-	strl = ap_palloc(r->pool, sizeof(int) * (format->nelts));
-	items = (log_format_item *)format->elts;
-
-	orig = r;
-	while (orig->prev)
-		orig = orig->prev;
-	while (r->next)
-		r = r->next;
-
-	for (i = 0; i < format->nelts; ++i)
-		strs[i] = process_item(r, orig, &items[i]);
-
-	for (i = 0; i < format->nelts; ++i)
-		len += strl[i] = strlen(strs[i]);
-
-#ifdef BUFFERED_LOGS
-	if (len + cls->outcnt > LOG_BUFSIZE)
-		flush_log(cls);
-	if (len >= LOG_BUFSIZE) {
-		str = ap_palloc(r->pool, len + 1);
-		for (i = 0, s = str; i < format->nelts; ++i) {
-			memcpy(s, strs[i], strl[i]);
-			s += strl[i];
-		}
-		write(cls->log_fd, str, len);
-	} else {
-		for (i = 0, s = &cls->outbuf[cls->outcnt]; i < format->nelts;
-		    ++i) {
-			memcpy(s, strs[i], strl[i]);
-			s += strl[i];
-		}
-		cls->outcnt += len;
-	}
-#else
-	str = ap_palloc(r->pool, len + 1);
-
-	for (i = 0, s = str; i < format->nelts; ++i) {
-		memcpy(s, strs[i], strl[i]);
-		s += strl[i];
-	}
-
-	write(cls->log_fd, str, len);
-#endif
-
-	return OK;
-}
-
-static int
-multi_log_transaction(request_rec *r)
-{
-	multi_log_state *mls =
-	    ap_get_module_config(r->server->module_config, &config_log_module);
-	config_log_state *clsarray;
-	int i;
-
-	/* Log this transaction.. */
-	if (mls->config_logs->nelts) {
-		clsarray = (config_log_state *) mls->config_logs->elts;
-		for (i = 0; i < mls->config_logs->nelts; ++i) {
-			config_log_state *cls = &clsarray[i];
-			config_log_transaction(r, cls, mls->default_format);
-		}
-	} else if (mls->server_config_logs) {
-		clsarray = (config_log_state *) mls->server_config_logs->elts;
-		for (i = 0; i < mls->server_config_logs->nelts; ++i) {
-			config_log_state *cls = &clsarray[i];
-			config_log_transaction(r, cls, mls->default_format);
-		}
-	}
-
-	return OK;
-}
-
-/* Module glue... */
-
-static void *
-make_config_log_state(pool *p, server_rec *s)
-{
-	multi_log_state *mls;
-
-	mls = (multi_log_state *)ap_palloc(p, sizeof(multi_log_state));
-	mls->config_logs = ap_make_array(p, 1, sizeof(config_log_state));
-	mls->default_format_string = NULL;
-	mls->default_format = NULL;
-	mls->server_config_logs = NULL;
-	mls->formats = ap_make_table(p, 4);
-	ap_table_setn(mls->formats, "CLF", DEFAULT_LOG_FORMAT);
-
-	return mls;
-}
-
-/*
- * Use the merger to simply add a pointer from the vhost log state
- * to the log of logs specified for the non-vhost configuration.  Make sure
- * vhosts inherit any globally-defined format names.
- */
-static void *
-merge_config_log_state(pool *p, void *basev, void *addv)
-{
-	multi_log_state *base = (multi_log_state *)basev;
-	multi_log_state *add = (multi_log_state *)addv;
-
-	add->server_config_logs = base->config_logs;
-	if (!add->default_format) {
-		add->default_format_string = base->default_format_string;
-		add->default_format = base->default_format;
-	}
-	add->formats = ap_overlay_tables(p, base->formats, add->formats);
-
-	return add;
-}
-
-/* Set the default logfile format, or define a nickname for a format string. */
-static const char *
-log_format(cmd_parms *cmd, void *dummy, char *fmt, char *name)
-{
-	const char *err_string = NULL;
-	multi_log_state *mls =
-	    ap_get_module_config(cmd->server->module_config,
-	    &config_log_module);
-
-	/*
-         * If we were given two arguments, the second is a name to be
-	 * given to the
-         * format.  This syntax just defines the nickname - it doesn't actually
-         * make the format the default.
-         */
-	if (name != NULL) {
-		parse_log_string(cmd->pool, fmt, &err_string);
-		if (err_string == NULL)
-			ap_table_setn(mls->formats, name, fmt);
-	} else {
-		mls->default_format_string = fmt;
-		mls->default_format = parse_log_string(cmd->pool, fmt,
-		    &err_string);
-	}
-	return err_string;
-}
-
-
-static const char *
-add_custom_log(cmd_parms *cmd, void *dummy, char *fn, char *fmt,
-    char *envclause)
-{
-	const char *err_string = NULL;
-	multi_log_state *mls = ap_get_module_config(cmd->server->module_config,
-	    &config_log_module);
-	config_log_state *cls;
-
-	cls = (config_log_state *)ap_push_array(mls->config_logs);
-	cls->condition_var = NULL;
-	if (envclause != NULL) {
-		if (strncasecmp(envclause, "env=", 4) != 0)
-			return "error in condition clause";
-		if ((envclause[4] == '\0')
-		    || ((envclause[4] == '!') && (envclause[5] == '\0')))
-			return "missing environment variable name";
-		cls->condition_var = ap_pstrdup(cmd->pool, &envclause[4]);
-	}
-
-	cls->fname = fn;
-	cls->format_string = fmt;
-	if (fmt == NULL)
-		cls->format = NULL;
-	else
-		cls->format = parse_log_string(cmd->pool, fmt, &err_string);
-	cls->log_fd = -1;
-
-	return err_string;
-}
-
-static const char *
-set_transfer_log(cmd_parms *cmd, void *dummy, char *fn)
-{
-	return add_custom_log(cmd, dummy, fn, NULL, NULL);
-}
-
-static const char *
-set_cookie_log(cmd_parms *cmd, void *dummy, char *fn)
-{
-	return add_custom_log(cmd, dummy, fn, "%{Cookie}n \"%r\" %t", NULL);
-}
-
-static const command_rec config_log_cmds[] =
-{
-	{"CustomLog", add_custom_log, NULL, RSRC_CONF, TAKE23,
-		"a file name, a custom log format string or format name, "
-	"and an optional \"env=\" clause (see docs)"},
-	{"TransferLog", set_transfer_log, NULL, RSRC_CONF, TAKE1,
-	"the filename of the access log"},
-	{"LogFormat", log_format, NULL, RSRC_CONF, TAKE12,
-	"a log format string (see docs) and an optional format name"},
-	{"CookieLog", set_cookie_log, NULL, RSRC_CONF, TAKE1,
-	"the filename of the cookie log"},
-	{NULL}
-};
-
-static config_log_state *
-open_config_log(server_rec *s, pool *p, config_log_state * cls,
-    array_header *default_format)
-{
-	if (cls->log_fd > 0)
-		return cls;	/* virtual config shared w/main server */
-
-	if (cls->fname == NULL)
-		return cls;	/* Leave it NULL to decline.  */
-
-	if (*cls->fname == '|') {
-		piped_log *pl;
-
-		pl = ap_open_piped_log(p, cls->fname + 1);
-		if (pl == NULL)
-			exit(1);
-		cls->log_fd = ap_piped_log_write_fd(pl);
-	} else {
-		char *fname = ap_server_root_relative(p, cls->fname);
-		if (ap_server_chroot_desired())
-			cls->log_fd = fdcache_open(fname, xfer_flags,
-			    xfer_mode);
-		else
-			cls->log_fd = ap_popenf_ex(p, fname, xfer_flags,
-			    xfer_mode, 1);
-
-		if (cls->log_fd < 0) {
-			ap_log_error(APLOG_MARK, APLOG_ERR, s,
-			     "could not open transfer log file %s.", fname);
-			exit(1);
-		}
-	}
-#ifdef BUFFERED_LOGS
-	cls->outcnt = 0;
-#endif
-
-	return cls;
-}
-
-static config_log_state *
-open_multi_logs(server_rec *s, pool *p)
-{
-	int i;
-	multi_log_state *mls = ap_get_module_config(s->module_config,
-	    &config_log_module);
-	config_log_state *clsarray;
-	const char *dummy;
-	const char *format;
-
-	if (mls->default_format_string) {
-		format = ap_table_get(mls->formats, mls->default_format_string);
-		if (format)
-			mls->default_format = parse_log_string(p, format,
-			    &dummy);
-	}
-
-	if (!mls->default_format)
-		mls->default_format = parse_log_string(p, DEFAULT_LOG_FORMAT,
-		    &dummy);
-
-	if (mls->config_logs->nelts) {
-		clsarray = (config_log_state *) mls->config_logs->elts;
-		for (i = 0; i < mls->config_logs->nelts; ++i) {
-			config_log_state *cls = &clsarray[i];
-
-			if (cls->format_string) {
-				format = ap_table_get(mls->formats,
-				    cls->format_string);
-				if (format)
-					cls->format = parse_log_string(p,
-					    format, &dummy);
-			}
-
-			cls = open_config_log(s, p, cls, mls->default_format);
-		}
-	} else if (mls->server_config_logs) {
-		clsarray = (config_log_state *) mls->server_config_logs->elts;
-		for (i = 0; i < mls->server_config_logs->nelts; ++i) {
-			config_log_state *cls = &clsarray[i];
-
-			if (cls->format_string) {
-				format = ap_table_get(mls->formats,
-				    cls->format_string);
-				if (format)
-					cls->format = parse_log_string(p,
-					    format, &dummy);
-			}
-
-			cls = open_config_log(s, p, cls, mls->default_format);
-		}
-	}
-
-	return NULL;
-}
-
-static void
-init_config_log(server_rec *s, pool *p)
-{
-	/*
-         * First, do "physical" server, which gets default log fd and format for
-         * the virtual servers, if they don't override...
-         */
-	open_multi_logs(s, p);
-
-	/* Then, virtual servers */
-	for (s = s->next; s; s = s->next)
-		open_multi_logs(s, p);
-}
-
-#ifdef BUFFERED_LOGS
-static void
-flush_all_logs(server_rec *s, pool *p)
-{
-	multi_log_state *mls;
-	array_header *log_list;
-	config_log_state *clsarray;
-	int i;
-
-	for (; s; s = s->next) {
-		mls = ap_get_module_config(s->module_config,
-		    &config_log_module);
-		log_list = NULL;
-		if (mls->config_logs->nelts)
-			log_list = mls->config_logs;
-		else if (mls->server_config_logs)
-			log_list = mls->server_config_logs;
-		if (log_list) {
-			clsarray = (config_log_state *) log_list->elts;
-			for (i = 0; i < log_list->nelts; ++i)
-				flush_log(&clsarray[i]);
-		}
-	}
-}
-#endif
-
-module MODULE_VAR_EXPORT config_log_module =
-{
-	STANDARD_MODULE_STUFF,
-	init_config_log,	/* initializer */
-	NULL,			/* create per-dir config */
-	NULL,			/* merge per-dir config */
-	make_config_log_state,	/* server config */
-	merge_config_log_state,	/* merge server config */
-	config_log_cmds,	/* command table */
-	NULL,			/* handlers */
-	NULL,			/* filename translation */
-	NULL,			/* check_user_id */
-	NULL,			/* check auth */
-	NULL,			/* check access */
-	NULL,			/* type_checker */
-	NULL,			/* fixups */
-	multi_log_transaction,	/* logger */
-	NULL,			/* header parser */
-	NULL,			/* child_init */
-#ifdef BUFFERED_LOGS
-	flush_all_logs,		/* child_exit */
-#else
-	NULL,
-#endif
-	NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_log_referer.c b/usr.sbin/httpd/src/modules/standard/mod_log_referer.c
deleted file mode 100644
index 2e13c8abe1b..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_log_referer.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*	$OpenBSD: mod_log_referer.c,v 1.8 2004/12/02 19:42:48 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "fdcache.h"
-
-module referer_log_module;
-
-static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
-
-static mode_t xfer_mode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-
-typedef struct {
-    char *fname;
-    int referer_fd;
-    array_header *referer_ignore_list;
-} referer_log_state;
-
-static void *make_referer_log_state(pool *p, server_rec *s)
-{
-    referer_log_state *cls =
-    (referer_log_state *) ap_palloc(p, sizeof(referer_log_state));
-
-    cls->fname = "";
-    cls->referer_fd = -1;
-    cls->referer_ignore_list = ap_make_array(p, 1, sizeof(char *));
-    return (void *) cls;
-}
-
-static const char *set_referer_log(cmd_parms *parms, void *dummy, char *arg)
-{
-    referer_log_state *cls = ap_get_module_config(parms->server->module_config,
-                                               &referer_log_module);
-
-    cls->fname = arg;
-    return NULL;
-}
-
-static const char *add_referer_ignore(cmd_parms *parms, void *dummy, char *arg)
-{
-    char **addme;
-    referer_log_state *cls = ap_get_module_config(parms->server->module_config,
-                                               &referer_log_module);
-
-    addme = ap_push_array(cls->referer_ignore_list);
-    ap_str_tolower(arg);
-    *addme = arg;
-    return NULL;
-}
-
-static const command_rec referer_log_cmds[] =
-{
-    {"RefererLog", set_referer_log, NULL, RSRC_CONF, TAKE1,
-     "the filename of the referer log"},
-    {"RefererIgnore", add_referer_ignore, NULL, RSRC_CONF, ITERATE,
-     "referer hostnames to ignore"},
-    {NULL}
-};
-
-static void open_referer_log(server_rec *s, pool *p)
-{
-    referer_log_state *cls = ap_get_module_config(s->module_config,
-                                               &referer_log_module);
-
-    char *fname = ap_server_root_relative(p, cls->fname);
-
-    if (cls->referer_fd > 0)
-        return;                 /* virtual log shared w/main server */
-
-    if (*cls->fname == '|') {
-        piped_log *pl;
-
-	pl = ap_open_piped_log(p, cls->fname + 1);
-	if (pl == NULL) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, s,
-			 "couldn't spawn referer log pipe");
-            exit(1);
-        }
-
-        cls->referer_fd = ap_piped_log_write_fd(pl);
-    }
-    else if (*cls->fname != '\0') {
-	if (ap_server_chroot_desired())
-	    cls->referer_fd = fdcache_open(fname, xfer_flags, xfer_mode);
-	else
-	    cls->referer_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1);
-
-        if (cls->referer_fd < 0) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, s,
-			 "could not open referer log file %s.", fname);        
-	    exit(1);
-	}
-    }
-}
-
-static void init_referer_log(server_rec *s, pool *p)
-{
-    for (; s; s = s->next)
-        open_referer_log(s, p);
-}
-
-static int referer_log_transaction(request_rec *orig)
-{
-    char **ptrptr, **ptrptr2;
-    referer_log_state *cls = ap_get_module_config(orig->server->module_config,
-                                               &referer_log_module);
-
-    char *str;
-    const char *referer;
-    char *referertest;
-    request_rec *r;
-
-    if (cls->referer_fd < 0)
-        return OK;
-
-    for (r = orig; r->next; r = r->next)
-        continue;
-    if (*cls->fname == '\0')    /* Don't log referer */
-        return DECLINED;
-
-    referer = ap_table_get(orig->headers_in, "Referer");
-    if (referer != NULL) {
-
-        referertest = ap_pstrdup(orig->pool, referer);
-        ap_str_tolower(referertest);
-        /* The following is an upsetting mess of pointers, I'm sorry
-           Anyone with the motiviation and/or the time should feel free
-           to make this cleaner... */
-
-        ptrptr2 = (char **) (cls->referer_ignore_list->elts +
-                             (cls->referer_ignore_list->nelts *
-                              cls->referer_ignore_list->elt_size));
-
-        /* Go through each element of the ignore list and compare it to the
-           referer_host.  If we get a match, return without logging */
-
-        for (ptrptr = (char **) cls->referer_ignore_list->elts;
-             ptrptr < ptrptr2;
-             ptrptr = (char **) ((char *) ptrptr + cls->referer_ignore_list->elt_size)) {
-            if (strstr(referertest, *ptrptr))
-                return OK;
-        }
-
-
-        str = ap_pstrcat(orig->pool, referer, " -> ", r->uri, "\n", NULL);
-        write(cls->referer_fd, str, strlen(str));
-    }
-
-    return OK;
-}
-
-module referer_log_module =
-{
-    STANDARD_MODULE_STUFF,
-    init_referer_log,           /* initializer */
-    NULL,                       /* create per-dir config */
-    NULL,                       /* merge per-dir config */
-    make_referer_log_state,     /* server config */
-    NULL,                       /* merge server config */
-    referer_log_cmds,           /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    referer_log_transaction,    /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_mime.c b/usr.sbin/httpd/src/modules/standard/mod_mime.c
deleted file mode 100644
index 32c0f03e4cf..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_mime.c
+++ /dev/null
@@ -1,804 +0,0 @@
-/*	$OpenBSD: mod_mime.c,v 1.14 2003/11/17 18:57:06 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_mime.c: Sends/gets MIME headers for requests
- * 
- * Rob McCool
- * 
- */
-
-#define MIME_PRIVATE
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-
-/*
- * isascii(c) isn't universal, and even those places where it is
- * defined it's not always right for our needs.  Roll our own that
- * we can rely on.
- */
-#define ap_isascii(c) ((OS_ASC(c) & 0x80) == 0)
-
-typedef struct attrib_info {
-    char *name;
-} attrib_info;
-
-typedef struct {
-    table *forced_types;        /* Additional AddTyped stuff */
-    table *encoding_types;      /* Added with AddEncoding... */
-    table *charset_types;	/* Added with AddCharset... */
-    table *language_types;      /* Added with AddLanguage... */
-    table *handlers;            /* Added with AddHandler...  */
-    array_header *handlers_remove; /* List of handlers to remove */
-    array_header *types_remove;	/* List of MIME types to remove */
-    array_header *encodings_remove; /* List of encodings to remove */
-
-    char *type;                 /* Type forced with ForceType  */
-    char *handler;              /* Handler forced with SetHandler */
-    char *default_language;     /* Language if no AddLanguage ext found */
-} mime_dir_config;
-
-typedef struct param_s {
-    char *attr;
-    char *val;
-    struct param_s *next;
-} param;
-
-typedef struct {
-    char *type;
-    char *subtype;
-    param *param;
-} content_type;
-
-static char tspecial[] = {
-    '(', ')', '<', '>', '@', ',', ';', ':',
-    '\\', '"', '/', '[', ']', '?', '=',
-    '\0'
-};
-
-module MODULE_VAR_EXPORT mime_module;
-
-static void *create_mime_dir_config(pool *p, char *dummy)
-{
-    mime_dir_config *new =
-    (mime_dir_config *) ap_palloc(p, sizeof(mime_dir_config));
-
-    new->forced_types = ap_make_table(p, 4);
-    new->encoding_types = ap_make_table(p, 4);
-    new->charset_types = ap_make_table(p, 4);
-    new->language_types = ap_make_table(p, 4);
-    new->handlers = ap_make_table(p, 4);
-    new->handlers_remove = ap_make_array(p, 4, sizeof(attrib_info));
-    new->types_remove = ap_make_array(p, 4, sizeof(attrib_info));
-    new->encodings_remove = ap_make_array(p, 4, sizeof(attrib_info));
-
-    new->type = NULL;
-    new->handler = NULL;
-    new->default_language = NULL;
-
-    return new;
-}
-
-static void *merge_mime_dir_configs(pool *p, void *basev, void *addv)
-{
-    mime_dir_config *base = (mime_dir_config *) basev;
-    mime_dir_config *add = (mime_dir_config *) addv;
-    mime_dir_config *new =
-        (mime_dir_config *) ap_palloc(p, sizeof(mime_dir_config));
-    int i;
-    attrib_info *suffix;
-
-    new->forced_types = ap_overlay_tables(p, add->forced_types,
-					  base->forced_types);
-    new->encoding_types = ap_overlay_tables(p, add->encoding_types,
-					    base->encoding_types);
-    new->charset_types = ap_overlay_tables(p, add->charset_types,
-					   base->charset_types);
-    new->language_types = ap_overlay_tables(p, add->language_types,
-					    base->language_types);
-    new->handlers = ap_overlay_tables(p, add->handlers,
-				      base->handlers);
-
-    suffix = (attrib_info *) add->handlers_remove->elts;
-    for (i = 0; i < add->handlers_remove->nelts; i++) {
-        ap_table_unset(new->handlers, suffix[i].name);
-    }
-    suffix = (attrib_info *) add->types_remove->elts;
-    for (i = 0; i < add->types_remove->nelts; i++) {
-        ap_table_unset(new->forced_types, suffix[i].name);
-    }
-    suffix = (attrib_info *) add->encodings_remove->elts;
-    for (i = 0; i < add->encodings_remove->nelts; i++) {
-        ap_table_unset(new->encoding_types, suffix[i].name);
-    }
-
-    new->type = add->type ? add->type : base->type;
-    new->handler = add->handler ? add->handler : base->handler;
-    new->default_language = add->default_language ?
-        add->default_language : base->default_language;
-
-    return new;
-}
-
-static const char *add_type(cmd_parms *cmd, mime_dir_config *m, char *ct,
-                            char *ext)
-{
-    if (*ext == '.')
-	++ext;
-	
-    ap_str_tolower(ct);
-    ap_table_setn(m->forced_types, ext, ct);
-    return NULL;
-}
-
-static const char *add_encoding(cmd_parms *cmd, mime_dir_config *m, char *enc,
-                                char *ext)
-{
-    if (*ext == '.')
-        ++ext;
-    ap_str_tolower(enc);
-    ap_table_setn(m->encoding_types, ext, enc);
-    return NULL;
-}
-
-static const char *add_charset(cmd_parms *cmd, mime_dir_config *m,
-			       char *charset, char *ext)
-{
-    if (*ext == '.') {
-	++ext;
-    }
-    ap_str_tolower(charset);
-    ap_table_setn(m->charset_types, ext, charset);
-    return NULL;
-}
-
-static const char *add_language(cmd_parms *cmd, mime_dir_config *m, char *lang,
-                                char *ext)
-{
-    if (*ext == '.') {
-	++ext;
-    }
-    ap_str_tolower(lang);
-    ap_table_setn(m->language_types, ext, lang);
-    return NULL;
-}
-
-static const char *add_handler(cmd_parms *cmd, mime_dir_config *m, char *hdlr,
-                               char *ext)
-{
-    if (*ext == '.')
-        ++ext;
-    ap_str_tolower(hdlr);
-    ap_table_setn(m->handlers, ext, hdlr);
-    return NULL;
-}
-
-/*
- * Note handler names that should be un-added for this location.  This
- * will keep the association from being inherited, as well, but not
- * from being re-added at a subordinate level.
- */
-static const char *remove_handler(cmd_parms *cmd, void *m, char *ext)
-{
-    mime_dir_config *mcfg = (mime_dir_config *) m;
-    attrib_info *suffix;
-
-    if (*ext == '.') {
-        ++ext;
-    }
-    suffix = (attrib_info *) ap_push_array(mcfg->handlers_remove);
-    suffix->name = ap_pstrdup(cmd->pool, ext);
-    return NULL;
-}
-
-/*
- * Just like the previous function, except that it records encoding
- * associations to be undone.
- */
-static const char *remove_encoding(cmd_parms *cmd, void *m, char *ext)
-{
-    mime_dir_config *mcfg = (mime_dir_config *) m;
-    attrib_info *suffix;
-
-    if (*ext == '.') {
-        ++ext;
-    }
-    suffix = (attrib_info *) ap_push_array(mcfg->encodings_remove);
-    suffix->name = ap_pstrdup(cmd->pool, ext);
-    return NULL;
-}
-
-/*
- * Similar to the previous functions, except that it deals with filename
- * suffix/MIME-type associations.
- */
-static const char *remove_type(cmd_parms *cmd, void *m, char *ext)
-{
-    mime_dir_config *mcfg = (mime_dir_config *) m;
-    attrib_info *suffix;
-
-    if (*ext == '.') {
-        ++ext;
-    }
-    suffix = (attrib_info *) ap_push_array(mcfg->types_remove);
-    suffix->name = ap_pstrdup(cmd->pool, ext);
-    return NULL;
-}
-
-/* The sole bit of server configuration that the MIME module has is
- * the name of its config file, so...
- */
-
-static const char *set_types_config(cmd_parms *cmd, void *dummy, char *arg)
-{
-    ap_set_module_config(cmd->server->module_config, &mime_module, arg);
-    return NULL;
-}
-
-static const command_rec mime_cmds[] =
-{
-    {"AddType", add_type, NULL, OR_FILEINFO, ITERATE2,
-     "a mime type followed by one or more file extensions"},
-    {"AddEncoding", add_encoding, NULL, OR_FILEINFO, ITERATE2,
-     "an encoding (e.g., gzip), followed by one or more file extensions"},
-    {"AddCharset", add_charset, NULL, OR_FILEINFO, ITERATE2,
-     "a charset (e.g., iso-2022-jp), followed by one or more file extensions"},
-    {"AddLanguage", add_language, NULL, OR_FILEINFO, ITERATE2,
-     "a language (e.g., fr), followed by one or more file extensions"},
-    {"AddHandler", add_handler, NULL, OR_FILEINFO, ITERATE2,
-     "a handler name followed by one or more file extensions"},
-    {"ForceType", ap_set_string_slot_lower, 
-     (void *)XtOffsetOf(mime_dir_config, type), OR_FILEINFO, TAKE1, 
-     "a media type"},
-    {"RemoveHandler", remove_handler, NULL, OR_FILEINFO, ITERATE,
-     "one or more file extensions"},
-    {"RemoveEncoding", remove_encoding, NULL, OR_FILEINFO, ITERATE,
-     "one or more file extensions"},
-    {"RemoveType", remove_type, NULL, OR_FILEINFO, ITERATE,
-     "one or more file extensions"},
-    {"SetHandler", ap_set_string_slot_lower, 
-     (void *)XtOffsetOf(mime_dir_config, handler), OR_FILEINFO, TAKE1, 
-     "a handler name"},
-    {"TypesConfig", set_types_config, NULL, RSRC_CONF, TAKE1,
-     "the MIME types config file"},
-    {"DefaultLanguage", ap_set_string_slot,
-     (void*)XtOffsetOf(mime_dir_config, default_language), OR_FILEINFO, TAKE1,
-     "language to use for documents with no other language file extension" },
-    {NULL}
-};
-
-/* Hash table  --- only one of these per daemon; virtual hosts can
- * get private versions through AddType...
- */
-
-#define MIME_HASHSIZE (32)
-#define hash(i) (ap_tolower(i) % MIME_HASHSIZE)
-
-static table *hash_buckets[MIME_HASHSIZE];
-
-static void init_mime(server_rec *s, pool *p)
-{
-    configfile_t *f;
-    char l[MAX_STRING_LEN];
-    int x;
-    char *types_confname = ap_get_module_config(s->module_config, &mime_module);
-
-    if (!types_confname)
-        types_confname = TYPES_CONFIG_FILE;
-
-    types_confname = ap_server_root_relative(p, types_confname);
-
-    ap_server_strip_chroot(types_confname, 0); /* only needed at restart */
-
-    if (!(f = ap_pcfg_openfile(p, types_confname))) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-		     "could not open mime types config file %s.", types_confname);
-        exit(1);
-    }
-
-    for (x = 0; x < MIME_HASHSIZE; x++)
-        hash_buckets[x] = ap_make_table(p, 10);
-
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-        const char *ll = l, *ct;
-
-        if (l[0] == '#')
-            continue;
-        ct = ap_getword_conf(p, &ll);
-
-        while (ll[0]) {
-            char *ext = ap_getword_conf(p, &ll);
-            ap_str_tolower(ext);   /* ??? */
-            ap_table_setn(hash_buckets[hash(ext[0])], ext, ct);
-        }
-    }
-    ap_cfg_closefile(f);
-}
-
-static char *zap_sp(char *s)
-{
-    char *tp;
-
-    if (s == NULL) {
-	return (NULL);
-    }
-    if (*s == '\0') {
-	return (s);
-    }
-
-    /* delete prefixed white space */
-    for (; *s == ' ' || *s == '\t' || *s == '\n'; s++);
-
-    /* delete postfixed white space */
-    for (tp = s; *tp != '\0'; tp++);
-    for (tp--; tp != s && (*tp == ' ' || *tp == '\t' || *tp == '\n'); tp--) {
-	*tp = '\0';
-    }
-    return (s);
-}
-
-static int is_token(int c)
-{
-    int res;
-
-    res = (ap_isascii(c) && ap_isgraph(c)
-	   && (strchr(tspecial, c) == NULL)) ? 1 : -1;
-    return res;
-}
-
-static int is_qtext(int c)
-{
-    int res;
-
-    res = (ap_isascii(c) && (c != '"') && (c != '\\') && (c != '\n'))
-	? 1 : -1;
-    return res;
-}
-
-static int is_quoted_pair(char *s)
-{
-    int res = -1;
-    int c;
-
-    if (((s + 1) != NULL) && (*s == '\\')) {
-	c = (int) *(s + 1);
-	if (ap_isascii(c)) {
-	    res = 1;
-	}
-    }
-    return (res);
-}
-
-static content_type *analyze_ct(pool *p, char *s)
-{
-    char *tp, *mp, *cp;
-    char *attribute, *value;
-    int quoted = 0;
-
-    content_type *ctp;
-    param *pp, *npp;
-
-    /* initialize ctp */
-    ctp = (content_type *) ap_palloc(p, sizeof(content_type));
-    ctp->type = NULL;
-    ctp->subtype = NULL;
-    ctp->param = NULL;
-
-    tp = ap_pstrdup(p, s);
-
-    mp = tp;
-    cp = mp;
-
-    /* getting a type */
-    if (!(cp = strchr(mp, '/'))) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		     "mod_mime: analyze_ct: cannot get media type from '%s'",
-		     mp);
-	return (NULL);
-    }
-    ctp->type = ap_pstrndup(p, mp, cp - mp);
-    ctp->type = zap_sp(ctp->type);
-    if (ctp->type == NULL || *(ctp->type) == '\0' ||
-	strchr(ctp->type, ';') || strchr(ctp->type, ' ') ||
-	strchr(ctp->type, '\t')) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		     "Cannot get media subtype.");
-	return (NULL);
-    }
-
-    /* getting a subtype */
-    cp++;
-    mp = cp;
-
-    for (; *cp != ';' && *cp != '\0'; cp++);
-    ctp->subtype = ap_pstrndup(p, mp, cp - mp);
-    ctp->subtype = zap_sp(ctp->subtype);
-    if ((ctp->subtype == NULL) || (*(ctp->subtype) == '\0') ||
-	strchr(ctp->subtype, ' ') || strchr(ctp->subtype, '\t')) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		     "Cannot get media subtype.");
-	return (NULL);
-    }
-    cp = zap_sp(cp);
-    if (cp == NULL || *cp == '\0') {
-	return (ctp);
-    }
-
-    /* getting parameters */
-    cp++;
-    cp = zap_sp(cp);
-    if (cp == NULL || *cp == '\0') {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		     "Cannot get media parameter.");
-	return (NULL);
-    }
-    mp = cp;
-    attribute = NULL;
-    value = NULL;
-
-    while (cp != NULL && *cp != '\0') {
-	if (attribute == NULL) {
-	    if (is_token((int) *cp) > 0) {
-		cp++;
-		continue;
-	    }
-	    else if (*cp == ' ' || *cp == '\t' || *cp == '\n') {
-		cp++;
-		continue;
-	    }
-	    else if (*cp == '=') {
-		attribute = ap_pstrndup(p, mp, cp - mp);
-		attribute = zap_sp(attribute);
-		if (attribute == NULL || *attribute == '\0') {
-		    ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				 "Cannot get media parameter.");
-		    return (NULL);
-		}
-		cp++;
-		cp = zap_sp(cp);
-		if (cp == NULL || *cp == '\0') {
-		    ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				 "Cannot get media parameter.");
-		    return (NULL);
-		}
-		mp = cp;
-		continue;
-	    }
-	    else {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-			     "Cannot get media parameter.");
-		return (NULL);
-	    }
-	}
-	else {
-	    if (mp == cp) {
-		if (*cp == '"') {
-		    quoted = 1;
-		    cp++;
-		}
-		else {
-		    quoted = 0;
-		}
-	    }
-	    if (quoted > 0) {
-		while (quoted && *cp != '\0') {
-		    if (is_qtext((int) *cp) > 0) {
-			cp++;
-		    }
-		    else if (is_quoted_pair(cp) > 0) {
-			cp += 2;
-		    }
-		    else if (*cp == '"') {
-			cp++;
-			while (*cp == ' ' || *cp == '\t' || *cp == '\n') {
-			    cp++;
-			}
-			if (*cp != ';' && *cp != '\0') {
-			    ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-					 "Cannot get media parameter.");
-			    return(NULL);
-			}
-			quoted = 0;
-		    }
-		    else {
-			ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				     "Cannot get media parameter.");
-			return (NULL);
-		    }
-		}
-	    }
-	    else {
-		while (1) {
-		    if (is_token((int) *cp) > 0) {
-			cp++;
-		    }
-		    else if (*cp == '\0' || *cp == ';') {
-			break;
-		    }
-		    else {
-			ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				     "Cannot get media parameter.");
-			return (NULL);
-		    }
-		}
-	    }
-	    value = ap_pstrndup(p, mp, cp - mp);
-	    value = zap_sp(value);
-	    if (value == NULL || *value == '\0') {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-			     "Cannot get media parameter.");
-		return (NULL);
-	    }
-
-	    pp = ap_palloc(p, sizeof(param));
-	    pp->attr = attribute;
-	    pp->val = value;
-	    pp->next = NULL;
-
-	    if (ctp->param == NULL) {
-		ctp->param = pp;
-	    }
-	    else {
-		npp = ctp->param;
-		while (npp->next) {
-		    npp = npp->next;
-		}
-		npp->next = pp;
-	    }
-	    quoted = 0;
-	    attribute = NULL;
-	    value = NULL;
-	    if (*cp == '\0') {
-		break;
-	    }
-	    cp++;
-	    mp = cp;
-	}
-    }
-    return (ctp);
-}
-
-static int find_ct(request_rec *r)
-{
-    mime_dir_config *conf;
-    array_header *exception_list;
-    const char *fn;
-    char *ext;
-    const char *type;
-    const char *charset = NULL;
-    int found_metadata = 0;
-
-    if (S_ISDIR(r->finfo.st_mode)) {
-        r->content_type = DIR_MAGIC_TYPE;
-        return OK;
-    }
-
-    conf = (mime_dir_config *) ap_get_module_config(r->per_dir_config, 
-                                                    &mime_module);
-
-    exception_list = ap_make_array(r->pool, 2, sizeof(char *));
-
-    /* Always drop the leading element */
-    fn = strrchr(r->filename, '/');
-    if (fn == NULL)
-	fn = r->filename;
-    else
-        ++fn;
-
-    /* The exception list keeps track of those filename components that
-     * are not associated with extensions indicating metadata.
-     * The base name is always the first exception (i.e., "txt.html" has
-     * a basename of "txt" even though it might look like an extension).
-     */
-    ext = ap_getword(r->pool, &fn, '.');
-    *((const char **) ap_push_array(exception_list)) = ext;
-
-    /* Parse filename extensions, which can be in any order */
-    while ((ext = ap_getword(r->pool, &fn, '.')) && *ext) {
-        int found = 0;
-
-        /* Check for Content-Type */
-        if ((type = ap_table_get(conf->forced_types, ext))
-            || (type = ap_table_get(hash_buckets[hash(*ext)], ext))) {
-            r->content_type = type;
-            found = 1;
-        }
-
-	/* Add charset to Content-Type */
-	if ((type = ap_table_get(conf->charset_types, ext))) {
-	    charset = type;
-	    found = 1;
-	}
-
-        /* Check for Content-Language */
-        if ((type = ap_table_get(conf->language_types, ext))) {
-            const char **new;
-
-            r->content_language = type;         /* back compat. only */
-            if (!r->content_languages)
-                r->content_languages = ap_make_array(r->pool, 2, sizeof(char *));
-            new = (const char **) ap_push_array(r->content_languages);
-            *new = type;
-            found = 1;
-        }
-
-        /* Check for Content-Encoding */
-        if ((type = ap_table_get(conf->encoding_types, ext))) {
-            if (!r->content_encoding)
-                r->content_encoding = type;
-            else
-                r->content_encoding = ap_pstrcat(r->pool, r->content_encoding,
-                                              ", ", type, NULL);
-            found = 1;
-        }
-
-        /* Check for a special handler, but not for proxy request */
-        if ((type = ap_table_get(conf->handlers, ext))
-	    && r->proxyreq == NOT_PROXY) {
-            r->handler = type;
-            found = 1;
-        }
-
-        if (found)
-            found_metadata = 1;
-        else
-            *((const char **) ap_push_array(exception_list)) = ext;
-    }
-
-    /* Need to see a notes entry on r for unrecognized elements.
-     * Somebody better claim them! If we did absolutly nothing,
-     * skip the notes to alert mod_negotiation we are clueless.
-     */
-    if (found_metadata) {
-        ap_table_setn(r->notes, "ap-mime-exceptions-list",
-                      (void *) exception_list);
-    }
-
-    if (r->content_type) {
-	content_type *ctp;
-	char *ct;
-	size_t ctlen;
-	int override = 0;
-
-	ctlen = sizeof(char) * (strlen(r->content_type) + 1);
-	ct = (char *) ap_palloc(r->pool, ctlen);
-	strlcpy(ct, r->content_type, ctlen);
-
-	if ((ctp = analyze_ct(r->pool, ct))) {
-	    param *pp = ctp->param;
-	    r->content_type = ap_pstrcat(r->pool, ctp->type, "/",
-					 ctp->subtype, NULL);
-	    while (pp != NULL) {
-		if (charset && !strcmp(pp->attr, "charset")) {
-		    if (!override) {
-			r->content_type = ap_pstrcat(r->pool, r->content_type,
-						     "; charset=", charset,
-						     NULL);
-			override = 1;
-		    }
-		}
-		else {
-		    r->content_type = ap_pstrcat(r->pool, r->content_type,
-						 "; ", pp->attr,
-						 "=", pp->val,
-						 NULL);
-		}
-		pp = pp->next;
-	    }
-	    if (charset && !override) {
-		r->content_type = ap_pstrcat(r->pool, r->content_type,
-					     "; charset=", charset,
-					     NULL);
-	    }
-	}
-    }
-
-    /* Set default language, if none was specified by the extensions
-     * and we have a DefaultLanguage setting in force
-     */
-
-    if (!r->content_languages && conf->default_language) {
-        const char **new;
-
-        r->content_language = conf->default_language; /* back compat. only */
-        if (!r->content_languages)
-            r->content_languages = ap_make_array(r->pool, 2, sizeof(char *));
-        new = (const char **) ap_push_array(r->content_languages);
-        *new = conf->default_language;
-    }
-
-    /* Check for overrides with ForceType/SetHandler */
-
-    if (conf->type && strcmp(conf->type, "none"))
-        r->content_type = conf->type;
-    if (conf->handler && strcmp(conf->handler, "none"))
-        r->handler = conf->handler;
-
-    if (!r->content_type)
-        return DECLINED;
-
-    return OK;
-}
-
-module MODULE_VAR_EXPORT mime_module =
-{
-    STANDARD_MODULE_STUFF,
-    init_mime,                  /* initializer */
-    create_mime_dir_config,     /* dir config creator */
-    merge_mime_dir_configs,     /* dir config merger */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    mime_cmds,                  /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    find_ct,                    /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_mime_magic.c b/usr.sbin/httpd/src/modules/standard/mod_mime_magic.c
deleted file mode 100644
index 0cf12f7e441..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_mime_magic.c
+++ /dev/null
@@ -1,2423 +0,0 @@
-/*	$OpenBSD: mod_mime_magic.c,v 1.14 2009/06/21 00:38:22 martynas Exp $	*/
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_mime_magic: MIME type lookup via file magic numbers
- * Copyright (c) 1996-1997 Cisco Systems, Inc.
- *
- * This software was submitted by Cisco Systems to the Apache Group in July
- * 1997.  Future revisions and derivatives of this source code must
- * acknowledge Cisco Systems as the original contributor of this module.
- * All other licensing and usage conditions are those of the Apache Group.
- *
- * Some of this code is derived from the free version of the file command
- * originally posted to comp.sources.unix.  Copyright info for that program
- * is included below as required.
- * ---------------------------------------------------------------------------
- * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
- *
- * This software is not subject to any license of the American Telephone and
- * Telegraph Company or of the Regents of the University of California.
- *
- * Permission is granted to anyone to use this software for any purpose on any
- * computer system, and to alter it and redistribute it freely, subject to
- * the following restrictions:
- *
- * 1. The author is not responsible for the consequences of use of this
- * software, no matter how awful, even if they arise from flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission.  Since few users ever read sources, credits
- * must appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software.  Since few users ever read
- * sources, credits must appear in the documentation.
- *
- * 4. This notice may not be removed or altered.
- * -------------------------------------------------------------------------
- *
- * For compliance with Mr Darwin's terms: this has been very significantly
- * modified from the free "file" command.
- * - all-in-one file for compilation convenience when moving from one
- *   version of Apache to the next.
- * - Memory allocation is done through the Apache API's pool structure.
- * - All functions have had necessary Apache API request or server
- *   structures passed to them where necessary to call other Apache API
- *   routines.  (i.e. usually for logging, files, or memory allocation in
- *   itself or a called function.)
- * - struct magic has been converted from an array to a single-ended linked
- *   list because it only grows one record at a time, it's only accessed
- *   sequentially, and the Apache API has no equivalent of realloc().
- * - Functions have been changed to get their parameters from the server
- *   configuration instead of globals.  (It should be reentrant now but has
- *   not been tested in a threaded environment.)
- * - Places where it used to print results to stdout now saves them in a
- *   list where they're used to set the MIME type in the Apache request
- *   record.
- * - Command-line flags have been removed since they will never be used here.
- *
- * Ian Kluft <ikluft@cisco.com>
- * Engineering Information Framework
- * Central Engineering
- * Cisco Systems, Inc.
- * San Jose, CA, USA
- *
- * Initial installation          July/August 1996
- * Misc bug fixes                May 1997
- * Submission to Apache Group    July 1997
- *
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include <utime.h>
-
-/*
- * data structures and related constants
- */
-
-#define MODNAME        "mod_mime_magic"
-#define MIME_MAGIC_DEBUG        0
-
-#define MIME_BINARY_UNKNOWN    "application/octet-stream"
-#define MIME_TEXT_UNKNOWN    "text/plain"
-
-#define MAXMIMESTRING        256
-
-/* HOWMANY must be at least 4096 to make gzip -dcq work */
-#define HOWMANY	4096
-/* SMALL_HOWMANY limits how much work we do to figure out text files */
-#define SMALL_HOWMANY 1024
-#define MAXDESC    50		/* max leng of text description */
-#define MAXstring 64		/* max leng of "string" types */
-
-struct magic {
-    struct magic *next;		/* link to next entry */
-    int lineno;			/* line number from magic file */
-
-    short flag;
-#define INDIR    1		/* if '>(...)' appears,  */
-#define    UNSIGNED 2		/* comparison is unsigned */
-    short cont_level;		/* level of ">" */
-    struct {
-	char type;		/* byte short long */
-	long offset;		/* offset from indirection */
-    } in;
-    long offset;		/* offset to magic number */
-    unsigned char reln;		/* relation (0=eq, '>'=gt, etc) */
-    char type;			/* int, short, long or string. */
-    char vallen;		/* length of string value, if any */
-#define BYTE    1
-#define SHORT    2
-#define LONG    4
-#define STRING    5
-#define DATE    6
-#define BESHORT    7
-#define BELONG    8
-#define BEDATE    9
-#define LESHORT    10
-#define LELONG    11
-#define LEDATE    12
-    union VALUETYPE {
-	unsigned char b;
-	unsigned short h;
-	unsigned long l;
-	char s[MAXstring];
-	unsigned char hs[2];	/* 2 bytes of a fixed-endian "short" */
-	unsigned char hl[4];	/* 2 bytes of a fixed-endian "long" */
-    } value;			/* either number or string */
-    unsigned long mask;		/* mask before comparison with value */
-    char nospflag;		/* supress space character */
-
-    /* NOTE: this string is suspected of overrunning - find it! */
-    char desc[MAXDESC];		/* description */
-};
-
-/*
- * data structures for tar file recognition
- * --------------------------------------------------------------------------
- * Header file for public domain tar (tape archive) program.
- *
- * @(#)tar.h 1.20 86/10/29    Public Domain. Created 25 August 1985 by John
- * Gilmore, ihnp4!hoptoad!gnu.
- *
- * Header block on tape.
- *
- * I'm going to use traditional DP naming conventions here. A "block" is a big
- * chunk of stuff that we do I/O on. A "record" is a piece of info that we
- * care about. Typically many "record"s fit into a "block".
- */
-#define RECORDSIZE    512
-#define NAMSIZ    100
-#define TUNMLEN    32
-#define TGNMLEN    32
-
-union record {
-    char charptr[RECORDSIZE];
-    struct header {
-	char name[NAMSIZ];
-	char mode[8];
-	char uid[8];
-	char gid[8];
-	char size[12];
-	char mtime[12];
-	char chksum[8];
-	char linkflag;
-	char linkname[NAMSIZ];
-	char magic[8];
-	char uname[TUNMLEN];
-	char gname[TGNMLEN];
-	char devmajor[8];
-	char devminor[8];
-    } header;
-};
-
-/* The magic field is filled with this if uname and gname are valid. */
-#define    TMAGIC        "ustar  "	/* 7 chars and a null */
-
-/*
- * file-function prototypes
- */
-static int ascmagic(request_rec *, unsigned char *, int);
-static int is_tar(unsigned char *, int);
-static int softmagic(request_rec *, unsigned char *, int);
-static void tryit(request_rec *, unsigned char *, int, int);
-static int zmagic(request_rec *, unsigned char *, int);
-
-static int getvalue(server_rec *, struct magic *, char **);
-static int hextoint(int);
-static char *getstr(server_rec *, char *, char *, int, int *);
-static int parse(server_rec *, pool *p, char *, int);
-
-static int match(request_rec *, unsigned char *, int);
-static int mget(request_rec *, union VALUETYPE *, unsigned char *,
-		struct magic *, int);
-static int mcheck(request_rec *, union VALUETYPE *, struct magic *);
-static void mprint(request_rec *, union VALUETYPE *, struct magic *);
-
-static int uncompress(request_rec *, int, 
-		      unsigned char **, int);
-static long from_oct(int, char *);
-static int fsmagic(request_rec *r, const char *fn);
-
-/*
- * includes for ASCII substring recognition formerly "names.h" in file
- * command
- *
- * Original notes: names and types used by ascmagic in file(1). These tokens are
- * here because they can appear anywhere in the first HOWMANY bytes, while
- * tokens in /etc/magic must appear at fixed offsets into the file. Don't
- * make HOWMANY too high unless you have a very fast CPU.
- */
-
-/* these types are used to index the table 'types': keep em in sync! */
-/* HTML inserted in first because this is a web server module now */
-#define L_HTML    0		/* HTML */
-#define L_C       1		/* first and foremost on UNIX */
-#define L_FORT    2		/* the oldest one */
-#define L_MAKE    3		/* Makefiles */
-#define L_PLI     4		/* PL/1 */
-#define L_MACH    5		/* some kinda assembler */
-#define L_ENG     6		/* English */
-#define L_PAS     7		/* Pascal */
-#define L_MAIL    8		/* Electronic mail */
-#define L_NEWS    9		/* Usenet Netnews */
-
-static char *types[] =
-{
-    "text/html",		/* HTML */
-    "text/plain",		/* "c program text", */
-    "text/plain",		/* "fortran program text", */
-    "text/plain",		/* "make commands text", */
-    "text/plain",		/* "pl/1 program text", */
-    "text/plain",		/* "assembler program text", */
-    "text/plain",		/* "English text", */
-    "text/plain",		/* "pascal program text", */
-    "message/rfc822",		/* "mail text", */
-    "message/news",		/* "news text", */
-    "application/binary",	/* "can't happen error on names.h/types", */
-    0
-};
-
-static struct names {
-    char *name;
-    short type;
-} names[] = {
-
-    /* These must be sorted by eye for optimal hit rate */
-    /* Add to this list only after substantial meditation */
-    {
-	"<html>", L_HTML
-    },
-    {
-	"<HTML>", L_HTML
-    },
-    {
-	"<head>", L_HTML
-    },
-    {
-	"<HEAD>", L_HTML
-    },
-    {
-	"<title>", L_HTML
-    },
-    {
-	"<TITLE>", L_HTML
-    },
-    {
-	"<h1>", L_HTML
-    },
-    {
-	"<H1>", L_HTML
-    },
-    {
-	"<!--", L_HTML
-    },
-    {
-	"<!DOCTYPE HTML", L_HTML
-    },
-    {
-	"/*", L_C
-    },				/* must precede "The", "the", etc. */
-    {
-	"#include", L_C
-    },
-    {
-	"char", L_C
-    },
-    {
-	"The", L_ENG
-    },
-    {
-	"the", L_ENG
-    },
-    {
-	"double", L_C
-    },
-    {
-	"extern", L_C
-    },
-    {
-	"float", L_C
-    },
-    {
-	"real", L_C
-    },
-    {
-	"struct", L_C
-    },
-    {
-	"union", L_C
-    },
-    {
-	"CFLAGS", L_MAKE
-    },
-    {
-	"LDFLAGS", L_MAKE
-    },
-    {
-	"all:", L_MAKE
-    },
-    {
-	".PRECIOUS", L_MAKE
-    },
-    {
-	".ascii", L_MACH
-    },
-    {
-	".asciiz", L_MACH
-    },
-    {
-	".byte", L_MACH
-    },
-    {
-	".even", L_MACH
-    },
-    {
-	".globl", L_MACH
-    },
-    {
-	"clr", L_MACH
-    },
-    {
-	"(input,", L_PAS
-    },
-    {
-	"dcl", L_PLI
-    },
-    {
-	"Received:", L_MAIL
-    },
-    {
-	">From", L_MAIL
-    },
-    {
-	"Return-Path:", L_MAIL
-    },
-    {
-	"Cc:", L_MAIL
-    },
-    {
-	"Newsgroups:", L_NEWS
-    },
-    {
-	"Path:", L_NEWS
-    },
-    {
-	"Organization:", L_NEWS
-    },
-    {
-	NULL, 0
-    }
-};
-
-#define NNAMES ((sizeof(names)/sizeof(struct names)) - 1)
-
-/*
- * Result String List (RSL)
- *
- * The file(1) command prints its output.  Instead, we store the various
- * "printed" strings in a list (allocating memory as we go) and concatenate
- * them at the end when we finally know how much space they'll need.
- */
-
-typedef struct magic_rsl_s {
-    char *str;			/* string, possibly a fragment */
-    struct magic_rsl_s *next;	/* pointer to next fragment */
-} magic_rsl;
-
-/*
- * Apache module configuration structures
- */
-
-/* per-server info */
-typedef struct {
-    char *magicfile;		/* where magic be found */
-    struct magic *magic;	/* head of magic config list */
-    struct magic *last;
-} magic_server_config_rec;
-
-/* per-request info */
-typedef struct {
-    magic_rsl *head;		/* result string list */
-    magic_rsl *tail;
-    unsigned suf_recursion;	/* recursion depth in suffix check */
-} magic_req_rec;
-
-/*
- * configuration functions - called by Apache API routines
- */
-
-module MODULE_VAR_EXPORT mime_magic_module;
-
-static void *create_magic_server_config(pool *p, server_rec *d)
-{
-    /* allocate the config - use pcalloc because it needs to be zeroed */
-    return ap_pcalloc(p, sizeof(magic_server_config_rec));
-}
-
-static void *merge_magic_server_config(pool *p, void *basev, void *addv)
-{
-    magic_server_config_rec *base = (magic_server_config_rec *) basev;
-    magic_server_config_rec *add = (magic_server_config_rec *) addv;
-    magic_server_config_rec *new = (magic_server_config_rec *)
-			    ap_palloc(p, sizeof(magic_server_config_rec));
-
-    new->magicfile = add->magicfile ? add->magicfile : base->magicfile;
-    new->magic = NULL;
-    new->last = NULL;
-    return new;
-}
-
-static const char *set_magicfile(cmd_parms *cmd, char *d, char *arg)
-{
-    magic_server_config_rec *conf = (magic_server_config_rec *)
-    ap_get_module_config(cmd->server->module_config,
-		      &mime_magic_module);
-
-    if (!conf) {
-	return MODNAME ": server structure not allocated";
-    }
-    conf->magicfile = arg;
-    return NULL;
-}
-
-/*
- * configuration file commands - exported to Apache API
- */
-
-static const command_rec mime_magic_cmds[] =
-{
-    {"MimeMagicFile", set_magicfile, NULL, RSRC_CONF, TAKE1,
-     "Path to MIME Magic file (in file(1) format)"},
-    {NULL}
-};
-
-/*
- * RSL (result string list) processing routines
- *
- * These collect strings that would have been printed in fragments by file(1)
- * into a list of magic_rsl structures with the strings. When complete,
- * they're concatenated together to become the MIME content and encoding
- * types.
- *
- * return value conventions for these functions: functions which return int:
- * failure = -1, other = result functions which return pointers: failure = 0,
- * other = result
- */
-
-/* allocate a per-request structure and put it in the request record */
-static magic_req_rec *magic_set_config(request_rec *r)
-{
-    magic_req_rec *req_dat = (magic_req_rec *) ap_palloc(r->pool,
-						      sizeof(magic_req_rec));
-
-    req_dat->head = req_dat->tail = (magic_rsl *) NULL;
-    ap_set_module_config(r->request_config, &mime_magic_module, req_dat);
-    return req_dat;
-}
-
-/* add a string to the result string list for this request */
-/* it is the responsibility of the caller to allocate "str" */
-static int magic_rsl_add(request_rec *r, char *str)
-{
-    magic_req_rec *req_dat = (magic_req_rec *)
-		    ap_get_module_config(r->request_config, &mime_magic_module);
-    magic_rsl *rsl;
-
-    /* make sure we have a list to put it in */
-    if (!req_dat) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": request config should not be NULL");
-	if (!(req_dat = magic_set_config(r))) {
-	    /* failure */
-	    return -1;
-	}
-    }
-
-    /* allocate the list entry */
-    rsl = (magic_rsl *) ap_palloc(r->pool, sizeof(magic_rsl));
-
-    /* fill it */
-    rsl->str = str;
-    rsl->next = (magic_rsl *) NULL;
-
-    /* append to the list */
-    if (req_dat->head && req_dat->tail) {
-	req_dat->tail->next = rsl;
-	req_dat->tail = rsl;
-    }
-    else {
-	req_dat->head = req_dat->tail = rsl;
-    }
-
-    /* success */
-    return 0;
-}
-
-/* RSL hook for puts-type functions */
-static int magic_rsl_puts(request_rec *r, char *str)
-{
-    return magic_rsl_add(r, str);
-}
-
-/* RSL hook for printf-type functions */
-static int magic_rsl_printf(request_rec *r, char *str,...)
-{
-    va_list ap;
-
-    char buf[MAXMIMESTRING];
-
-    /* assemble the string into the buffer */
-    va_start(ap, str);
-    ap_vsnprintf(buf, sizeof(buf), str, ap);
-    va_end(ap);
-
-    /* add the buffer to the list */
-    return magic_rsl_add(r, ap_pstrdup(r->pool, buf));
-}
-
-/* RSL hook for putchar-type functions */
-static int magic_rsl_putchar(request_rec *r, char c)
-{
-    char str[2];
-
-    /* high overhead for 1 char - just hope they don't do this much */
-    str[0] = c;
-    str[1] = '\0';
-    return magic_rsl_add(r, str);
-}
-
-/* allocate and copy a contiguous string from a result string list */
-static char *rsl_strdup(request_rec *r, int start_frag, int start_pos, int len)
-{
-    char *result;		/* return value */
-    int cur_frag,		/* current fragment number/counter */
-        cur_pos,		/* current position within fragment */
-        res_pos;		/* position in result string */
-    magic_rsl *frag;		/* list-traversal pointer */
-    magic_req_rec *req_dat = (magic_req_rec *)
-		    ap_get_module_config(r->request_config, &mime_magic_module);
-
-    /* allocate the result string */
-    result = (char *) ap_palloc(r->pool, len + 1);
-
-    /* loop through and collect the string */
-    res_pos = 0;
-    for (frag = req_dat->head, cur_frag = 0;
-	 frag->next;
-	 frag = frag->next, cur_frag++) {
-	/* loop to the first fragment */
-	if (cur_frag < start_frag)
-	    continue;
-
-	/* loop through and collect chars */
-	for (cur_pos = (cur_frag == start_frag) ? start_pos : 0;
-	     frag->str[cur_pos];
-	     cur_pos++) {
-	    if (cur_frag >= start_frag
-		&& cur_pos >= start_pos
-		&& res_pos <= len) {
-		result[res_pos++] = frag->str[cur_pos];
-		if (res_pos > len) {
-		    break;
-		}
-	    }
-	}
-    }
-
-    /* clean up and return */
-    result[res_pos] = 0;
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-	     MODNAME ": rsl_strdup() %d chars: %s", res_pos - 1, result);
-#endif
-    return result;
-}
-
-/* states for the state-machine algorithm in magic_rsl_to_request() */
-typedef enum {
-    rsl_leading_space, rsl_type, rsl_subtype, rsl_separator, rsl_encoding
-} rsl_states;
-
-/* process the RSL and set the MIME info in the request record */
-static int magic_rsl_to_request(request_rec *r)
-{
-    int cur_frag,		/* current fragment number/counter */
-        cur_pos,		/* current position within fragment */
-        type_frag,		/* content type starting point: fragment */
-        type_pos,		/* content type starting point: position */
-        type_len,		/* content type length */
-        encoding_frag,		/* content encoding starting point: fragment */
-        encoding_pos,		/* content encoding starting point: position */
-        encoding_len;		/* content encoding length */
-
-    magic_rsl *frag;		/* list-traversal pointer */
-    rsl_states state;
-
-    magic_req_rec *req_dat = (magic_req_rec *)
-		    ap_get_module_config(r->request_config, &mime_magic_module);
-
-    /* check if we have a result */
-    if (!req_dat || !req_dat->head) {
-	/* empty - no match, we defer to other Apache modules */
-	return DECLINED;
-    }
-
-    /* start searching for the type and encoding */
-    state = rsl_leading_space;
-    type_frag = type_pos = type_len = 0;
-    encoding_frag = encoding_pos = encoding_len = 0;
-    for (frag = req_dat->head, cur_frag = 0;
-	 frag && frag->next;
-	 frag = frag->next, cur_frag++) {
-	/* loop through the characters in the fragment */
-	for (cur_pos = 0; frag->str[cur_pos]; cur_pos++) {
-	    if (ap_isspace(frag->str[cur_pos])) {
-		/* process whitespace actions for each state */
-		if (state == rsl_leading_space) {
-		    /* eat whitespace in this state */
-		    continue;
-		}
-		else if (state == rsl_type) {
-		    /* whitespace: type has no slash! */
-		    return DECLINED;
-		}
-		else if (state == rsl_subtype) {
-		    /* whitespace: end of MIME type */
-		    state++;
-		    continue;
-		}
-		else if (state == rsl_separator) {
-		    /* eat whitespace in this state */
-		    continue;
-		}
-		else if (state == rsl_encoding) {
-		    /* whitespace: end of MIME encoding */
-		    /* we're done */
-		    frag = req_dat->tail;
-		    break;
-		}
-		else {
-		    /* should not be possible */
-		    /* abandon malfunctioning module */
-		    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-				MODNAME ": bad state %d (ws)", state);
-		    return DECLINED;
-		}
-		/* NOTREACHED */
-	    }
-	    else if (state == rsl_type &&
-		     frag->str[cur_pos] == '/') {
-		/* copy the char and go to rsl_subtype state */
-		type_len++;
-		state++;
-	    }
-	    else {
-		/* process non-space actions for each state */
-		if (state == rsl_leading_space) {
-		    /* non-space: begin MIME type */
-		    state++;
-		    type_frag = cur_frag;
-		    type_pos = cur_pos;
-		    type_len = 1;
-		    continue;
-		}
-		else if (state == rsl_type ||
-			 state == rsl_subtype) {
-		    /* non-space: adds to type */
-		    type_len++;
-		    continue;
-		}
-		else if (state == rsl_separator) {
-		    /* non-space: begin MIME encoding */
-		    state++;
-		    encoding_frag = cur_frag;
-		    encoding_pos = cur_pos;
-		    encoding_len = 1;
-		    continue;
-		}
-		else if (state == rsl_encoding) {
-		    /* non-space: adds to encoding */
-		    encoding_len++;
-		    continue;
-		}
-		else {
-		    /* should not be possible */
-		    /* abandon malfunctioning module */
-		    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-				MODNAME ": bad state %d (ns)", state);
-		    return DECLINED;
-		}
-		/* NOTREACHED */
-	    }
-	    /* NOTREACHED */
-	}
-    }
-
-    /* if we ended prior to state rsl_subtype, we had incomplete info */
-    if (state != rsl_subtype && state != rsl_separator &&
-	state != rsl_encoding) {
-	/* defer to other modules */
-	return DECLINED;
-    }
-
-    /* save the info in the request record */
-    if (state == rsl_subtype || state == rsl_encoding ||
-	state == rsl_encoding) {
-        char *tmp;
-	tmp = rsl_strdup(r, type_frag, type_pos, type_len);
-	/* XXX: this could be done at config time I'm sure... but I'm
-	 * confused by all this magic_rsl stuff. -djg */
-	ap_content_type_tolower(tmp);
-	r->content_type = tmp;
-    }
-    if (state == rsl_encoding) {
-        char *tmp;
-	tmp = rsl_strdup(r, encoding_frag,
-					 encoding_pos, encoding_len);
-	/* XXX: this could be done at config time I'm sure... but I'm
-	 * confused by all this magic_rsl stuff. -djg */
-	ap_str_tolower(tmp);
-	r->content_encoding = tmp;
-    }
-
-    /* detect memory allocation errors */
-    if (!r->content_type ||
-	(state == rsl_encoding && !r->content_encoding)) {
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /* success! */
-    return OK;
-}
-
-/*
- * magic_process - process input file r        Apache API request record
- * (formerly called "process" in file command, prefix added for clarity) Opens
- * the file and reads a fixed-size buffer to begin processing the contents.
- */
-static int magic_process(request_rec *r)
-{
-    int fd = 0;
-    unsigned char buf[HOWMANY + 1];	/* one extra for terminating '\0' */
-    int nbytes = 0;		/* number of bytes read from a datafile */
-    int result;
-
-    /*
-     * first try judging the file based on its filesystem status
-     */
-    switch ((result = fsmagic(r, r->filename))) {
-    case DONE:
-	magic_rsl_putchar(r, '\n');
-	return OK;
-    case OK:
-	break;
-    default:
-	/* fatal error, bail out */
-	return result;
-    }
-
-    if ((fd = ap_popenf(r->pool, r->filename, O_RDONLY, 0)) < 0) {
-	/* We can't open it, but we were able to stat it. */
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    MODNAME ": can't read `%s'", r->filename);
-	/* let some other handler decide what the problem is */
-	return DECLINED;
-    }
-
-    /*
-     * try looking at the first HOWMANY bytes
-     */
-    if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
-        (void) ap_pclosef(r->pool, fd);
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    MODNAME ": read failed: %s", r->filename);
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    if (nbytes == 0)
-	magic_rsl_puts(r, MIME_TEXT_UNKNOWN);
-    else {
-	buf[nbytes++] = '\0';	/* null-terminate it */
-	tryit(r, buf, nbytes, 1); 
-    }
-
-    (void) ap_pclosef(r->pool, fd);
-    (void) magic_rsl_putchar(r, '\n');
-
-    return OK;
-}
-
-
-static void tryit(request_rec *r, unsigned char *buf, int nb, int checkzmagic)
-{
-    /*
-     * Try compression stuff
-     */
-	if (checkzmagic == 1) {  
-			if (zmagic(r, buf, nb) == 1)
-			return;
-	}
-
-    /*
-     * try tests in /etc/magic (or surrogate magic file)
-     */
-    if (softmagic(r, buf, nb) == 1)
-	return;
-
-    /*
-     * try known keywords, check for ascii-ness too.
-     */
-    if (ascmagic(r, buf, nb) == 1)
-	return;
-
-    /*
-     * abandon hope, all ye who remain here
-     */
-    magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-}
-
-#define    EATAB {while (ap_isspace((unsigned char) *l))  ++l;}
-
-/*
- * apprentice - load configuration from the magic file r
- *  API request record
- */
-static int apprentice(server_rec *s, pool *p)
-{
-    FILE *f;
-    char line[BUFSIZ + 1];
-    int errs = 0;
-    int lineno;
-#if MIME_MAGIC_DEBUG
-    int rule = 0;
-    struct magic *m, *prevm;
-#endif
-    char *fname;
-
-    magic_server_config_rec *conf = (magic_server_config_rec *)
-		    ap_get_module_config(s->module_config, &mime_magic_module);
-
-    fname = ap_server_root_relative(p, conf->magicfile);
-    f = ap_pfopen(p, fname, "r");
-    if (f == NULL) {
-	ap_log_error(APLOG_MARK, APLOG_ERR, s,
-		    MODNAME ": can't read magic file %s", fname);
-	return -1;
-    }
-
-    /* set up the magic list (empty) */
-    conf->magic = conf->last = NULL;
-
-    /* parse it */
-    for (lineno = 1; fgets(line, sizeof(line), f) != NULL; lineno++) {
-	int ws_offset;
-
-	/* delete newline */
-	line[strcspn(line, "\n")] = '\0';
-
-	/* skip leading whitespace */
-	ws_offset = 0;
-	while (line[ws_offset] && ap_isspace(line[ws_offset])) {
-	    ws_offset++;
-	}
-
-	/* skip blank lines */
-	if (line[ws_offset] == 0) {
-	    continue;
-	}
-
-	/* comment, do not parse */
-	if (line[ws_offset] == '#')
-	    continue;
-
-#if MIME_MAGIC_DEBUG
-	/* if we get here, we're going to use it so count it */
-	rule++;
-#endif
-
-	/* parse it */
-	if (parse(s, p, line + ws_offset, lineno) != 0)
-	    ++errs;
-    }
-
-    (void) ap_pfclose(p, f);
-
-#if MIME_MAGIC_DEBUG
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-		MODNAME ": apprentice conf=%x file=%s m=%s m->next=%s last=%s",
-		conf,
-		conf->magicfile ? conf->magicfile : "NULL",
-		conf->magic ? "set" : "NULL",
-		(conf->magic && conf->magic->next) ? "set" : "NULL",
-		conf->last ? "set" : "NULL");
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-		MODNAME ": apprentice read %d lines, %d rules, %d errors",
-		lineno, rule, errs);
-#endif
-
-#if MIME_MAGIC_DEBUG
-    prevm = 0;
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-		MODNAME ": apprentice test");
-    for (m = conf->magic; m; m = m->next) {
-	if (ap_isprint((((unsigned long) m) >> 24) & 255) &&
-	    ap_isprint((((unsigned long) m) >> 16) & 255) &&
-	    ap_isprint((((unsigned long) m) >> 8) & 255) &&
-	    ap_isprint(((unsigned long) m) & 255)) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-			MODNAME ": apprentice: POINTER CLOBBERED! "
-			"m=\"%c%c%c%c\" line=%d",
-			(((unsigned long) m) >> 24) & 255,
-			(((unsigned long) m) >> 16) & 255,
-			(((unsigned long) m) >> 8) & 255,
-			((unsigned long) m) & 255,
-			prevm ? prevm->lineno : -1);
-	    break;
-	}
-	prevm = m;
-    }
-#endif
-
-    return (errs ? -1 : 0);
-}
-
-/*
- * extend the sign bit if the comparison is to be signed
- */
-static unsigned long signextend(server_rec *s, struct magic *m, unsigned long v)
-{
-    if (!(m->flag & UNSIGNED))
-	switch (m->type) {
-	    /*
-	     * Do not remove the casts below.  They are vital. When later
-	     * compared with the data, the sign extension must have happened.
-	     */
-	case BYTE:
-	    v = (char) v;
-	    break;
-	case SHORT:
-	case BESHORT:
-	case LESHORT:
-	    v = (short) v;
-	    break;
-	case DATE:
-	case BEDATE:
-	case LEDATE:
-	case LONG:
-	case BELONG:
-	case LELONG:
-	    v = (long) v;
-	    break;
-	case STRING:
-	    break;
-	default:
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, s,
-			MODNAME ": can't happen: m->type=%d", m->type);
-	    return -1;
-	}
-    return v;
-}
-
-/*
- * parse one line from magic file, put into magic[index++] if valid
- */
-static int parse(server_rec *serv, pool *p, char *l, int lineno)
-{
-    struct magic *m;
-    char *t, *s;
-    magic_server_config_rec *conf = (magic_server_config_rec *)
-		    ap_get_module_config(serv->module_config, &mime_magic_module);
-
-    /* allocate magic structure entry */
-    m = (struct magic *) ap_pcalloc(p, sizeof(struct magic));
-
-    /* append to linked list */
-    m->next = NULL;
-    if (!conf->magic || !conf->last) {
-	conf->magic = conf->last = m;
-    }
-    else {
-	conf->last->next = m;
-	conf->last = m;
-    }
-
-    /* set values in magic structure */
-    m->flag = 0;
-    m->cont_level = 0;
-    m->lineno = lineno;
-
-    while (*l == '>') {
-	++l;			/* step over */
-	m->cont_level++;
-    }
-
-    if (m->cont_level != 0 && *l == '(') {
-	++l;			/* step over */
-	m->flag |= INDIR;
-    }
-
-    /* get offset, then skip over it */
-    m->offset = (int) ap_strtol(l, &t, 0);
-    if (l == t) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-		    MODNAME ": offset %s invalid", l);
-    }
-    l = t;
-
-    if (m->flag & INDIR) {
-	m->in.type = LONG;
-	m->in.offset = 0;
-	/*
-	 * read [.lbs][+-]nnnnn)
-	 */
-	if (*l == '.') {
-	    switch (*++l) {
-	    case 'l':
-		m->in.type = LONG;
-		break;
-	    case 's':
-		m->in.type = SHORT;
-		break;
-	    case 'b':
-		m->in.type = BYTE;
-		break;
-	    default:
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-			MODNAME ": indirect offset type %c invalid", *l);
-		break;
-	    }
-	    l++;
-	}
-	s = l;
-	if (*l == '+' || *l == '-')
-	    l++;
-	if (ap_isdigit((unsigned char) *l)) {
-	    m->in.offset = ap_strtol(l, &t, 0);
-	    if (*s == '-')
-		m->in.offset = -m->in.offset;
-	}
-	else
-	    t = l;
-	if (*t++ != ')') {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-			MODNAME ": missing ')' in indirect offset");
-	}
-	l = t;
-    }
-
-
-    while (ap_isdigit((unsigned char) *l))
-	++l;
-    EATAB;
-
-#define NBYTE           4
-#define NSHORT          5
-#define NLONG           4
-#define NSTRING         6
-#define NDATE           4
-#define NBESHORT        7
-#define NBELONG         6
-#define NBEDATE         6
-#define NLESHORT        7
-#define NLELONG         6
-#define NLEDATE         6
-
-    if (*l == 'u') {
-	++l;
-	m->flag |= UNSIGNED;
-    }
-
-    /* get type, skip it */
-    if (strncmp(l, "byte", NBYTE) == 0) {
-	m->type = BYTE;
-	l += NBYTE;
-    }
-    else if (strncmp(l, "short", NSHORT) == 0) {
-	m->type = SHORT;
-	l += NSHORT;
-    }
-    else if (strncmp(l, "long", NLONG) == 0) {
-	m->type = LONG;
-	l += NLONG;
-    }
-    else if (strncmp(l, "string", NSTRING) == 0) {
-	m->type = STRING;
-	l += NSTRING;
-    }
-    else if (strncmp(l, "date", NDATE) == 0) {
-	m->type = DATE;
-	l += NDATE;
-    }
-    else if (strncmp(l, "beshort", NBESHORT) == 0) {
-	m->type = BESHORT;
-	l += NBESHORT;
-    }
-    else if (strncmp(l, "belong", NBELONG) == 0) {
-	m->type = BELONG;
-	l += NBELONG;
-    }
-    else if (strncmp(l, "bedate", NBEDATE) == 0) {
-	m->type = BEDATE;
-	l += NBEDATE;
-    }
-    else if (strncmp(l, "leshort", NLESHORT) == 0) {
-	m->type = LESHORT;
-	l += NLESHORT;
-    }
-    else if (strncmp(l, "lelong", NLELONG) == 0) {
-	m->type = LELONG;
-	l += NLELONG;
-    }
-    else if (strncmp(l, "ledate", NLEDATE) == 0) {
-	m->type = LEDATE;
-	l += NLEDATE;
-    }
-    else {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-		    MODNAME ": type %s invalid", l);
-	return -1;
-    }
-    /* New-style anding: "0 byte&0x80 =0x80 dynamically linked" */
-    if (*l == '&') {
-	++l;
-	m->mask = signextend(serv, m, ap_strtol(l, &l, 0));
-    }
-    else
-	m->mask = ~0L;
-    EATAB;
-
-    switch (*l) {
-    case '>':
-    case '<':
-	/* Old-style anding: "0 byte &0x80 dynamically linked" */
-    case '&':
-    case '^':
-    case '=':
-	m->reln = *l;
-	++l;
-	break;
-    case '!':
-	if (m->type != STRING) {
-	    m->reln = *l;
-	    ++l;
-	    break;
-	}
-	/* FALL THROUGH */
-    default:
-	if (*l == 'x' && ap_isspace((unsigned char) l[1])) {
-	    m->reln = *l;
-	    ++l;
-	    goto GetDesc;	/* Bill The Cat */
-	}
-	m->reln = '=';
-	break;
-    }
-    EATAB;
-
-    if (getvalue(serv, m, &l))
-	return -1;
-    /*
-     * now get last part - the description
-     */
-  GetDesc:
-    EATAB;
-    if (l[0] == '\b') {
-	++l;
-	m->nospflag = 1;
-    }
-    else if ((l[0] == '\\') && (l[1] == 'b')) {
-	++l;
-	++l;
-	m->nospflag = 1;
-    }
-    else
-	m->nospflag = 0;
-    strncpy(m->desc, l, sizeof(m->desc) - 1);
-    m->desc[sizeof(m->desc) - 1] = '\0';
-
-#if MIME_MAGIC_DEBUG
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, serv,
-		MODNAME ": parse line=%d m=%x next=%x cont=%d desc=%s",
-		lineno, m, m->next, m->cont_level, m->desc);
-#endif /* MIME_MAGIC_DEBUG */
-
-    return 0;
-}
-
-/*
- * Read a numeric value from a pointer, into the value union of a magic
- * pointer, according to the magic type.  Update the string pointer to point
- * just after the number read.  Return 0 for success, non-zero for failure.
- */
-static int getvalue(server_rec *s, struct magic *m, char **p)
-{
-    int slen;
-
-    if (m->type == STRING) {
-	*p = getstr(s, *p, m->value.s, sizeof(m->value.s), &slen);
-	m->vallen = slen;
-    }
-    else if (m->reln != 'x')
-	m->value.l = signextend(s, m, ap_strtol(*p, p, 0));
-    return 0;
-}
-
-/*
- * Convert a string containing C character escapes.  Stop at an unescaped
- * space or tab. Copy the converted version to "p", returning its length in
- * *slen. Return updated scan pointer as function result.
- */
-static char *getstr(server_rec *serv, char *s, char *p,
-		    int plen, int *slen)
-{
-    char *origs = s, *origp = p;
-    char *pmax = p + plen - 1;
-    int c;
-    int val;
-
-    while ((c = *s++) != '\0') {
-	if (ap_isspace((unsigned char) c))
-	    break;
-	if (p >= pmax) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-			MODNAME ": string too long: %s", origs);
-	    break;
-	}
-	if (c == '\\') {
-	    switch (c = *s++) {
-
-	    case '\0':
-		goto out;
-
-	    default:
-		*p++ = (char) c;
-		break;
-
-	    case 'n':
-		*p++ = '\n';
-		break;
-
-	    case 'r':
-		*p++ = '\r';
-		break;
-
-	    case 'b':
-		*p++ = '\b';
-		break;
-
-	    case 't':
-		*p++ = '\t';
-		break;
-
-	    case 'f':
-		*p++ = '\f';
-		break;
-
-	    case 'v':
-		*p++ = '\v';
-		break;
-
-		/* \ and up to 3 octal digits */
-	    case '0':
-	    case '1':
-	    case '2':
-	    case '3':
-	    case '4':
-	    case '5':
-	    case '6':
-	    case '7':
-		val = c - '0';
-		c = *s++;	/* try for 2 */
-		if (c >= '0' && c <= '7') {
-		    val = (val << 3) | (c - '0');
-		    c = *s++;	/* try for 3 */
-		    if (c >= '0' && c <= '7')
-			val = (val << 3) | (c - '0');
-		    else
-			--s;
-		}
-		else
-		    --s;
-		*p++ = (char) val;
-		break;
-
-		/* \x and up to 3 hex digits */
-	    case 'x':
-		val = 'x';	/* Default if no digits */
-		c = hextoint(*s++);	/* Get next char */
-		if (c >= 0) {
-		    val = c;
-		    c = hextoint(*s++);
-		    if (c >= 0) {
-			val = (val << 4) + c;
-			c = hextoint(*s++);
-			if (c >= 0) {
-			    val = (val << 4) + c;
-			}
-			else
-			    --s;
-		    }
-		    else
-			--s;
-		}
-		else
-		    --s;
-		*p++ = (char) val;
-		break;
-	    }
-	}
-	else
-	    *p++ = (char) c;
-    }
-  out:
-    *p = '\0';
-    *slen = p - origp;
-    return s;
-}
-
-
-/* Single hex char to int; -1 if not a hex char. */
-static int hextoint(int c)
-{
-    if (ap_isdigit((unsigned char) c))
-	return c - '0';
-    if ((c >= 'a') && (c <= 'f'))
-	return c + 10 - 'a';
-    if ((c >= 'A') && (c <= 'F'))
-	return c + 10 - 'A';
-    return -1;
-}
-
-
-/*
- * return DONE to indicate it's been handled
- * return OK to indicate it's a regular file still needing handling
- * other returns indicate a failure of some sort
- */
-static int fsmagic(request_rec *r, const char *fn)
-{
-    switch (r->finfo.st_mode & S_IFMT) {
-    case S_IFDIR:
-	magic_rsl_puts(r, DIR_MAGIC_TYPE);
-	return DONE;
-    case S_IFCHR:
-	/*
-	 * (void) magic_rsl_printf(r,"character special (%d/%d)",
-	 * major(sb->st_rdev), minor(sb->st_rdev));
-	 */
-	(void) magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-	return DONE;
-    case S_IFBLK:
-	/*
-	 * (void) magic_rsl_printf(r,"block special (%d/%d)",
-	 * major(sb->st_rdev), minor(sb->st_rdev));
-	 */
-	(void) magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-	return DONE;
-	/* TODO add code to handle V7 MUX and Blit MUX files */
-    case S_IFIFO:
-	/*
-	 * magic_rsl_puts(r,"fifo (named pipe)");
-	 */
-	(void) magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-	return DONE;
-    case S_IFLNK:
-	/* We used stat(), the only possible reason for this is that the
-	 * symlink is broken.
-	 */
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": broken symlink (%s)", fn);
-	return HTTP_INTERNAL_SERVER_ERROR;
-    case S_IFSOCK:
-	magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-	return DONE;
-    case S_IFREG:
-	break;
-    default:
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": invalid mode 0%o.", (unsigned int)r->finfo.st_mode);
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /*
-     * regular file, check next possibility
-     */
-    if (r->finfo.st_size == 0) {
-	magic_rsl_puts(r, MIME_TEXT_UNKNOWN);
-	return DONE;
-    }
-    return OK;
-}
-
-/*
- * softmagic - lookup one file in database (already read from /etc/magic by
- * apprentice.c). Passed the name and FILE * of one file to be typed.
- */
-		/* ARGSUSED1 *//* nbytes passed for regularity, maybe need later */
-static int softmagic(request_rec *r, unsigned char *buf, int nbytes)
-{
-    if (match(r, buf, nbytes))
-	return 1;
-
-    return 0;
-}
-
-/*
- * Go through the whole list, stopping if you find a match.  Process all the
- * continuations of that match before returning.
- *
- * We support multi-level continuations:
- *
- * At any time when processing a successful top-level match, there is a current
- * continuation level; it represents the level of the last successfully
- * matched continuation.
- *
- * Continuations above that level are skipped as, if we see one, it means that
- * the continuation that controls them - i.e, the lower-level continuation
- * preceding them - failed to match.
- *
- * Continuations below that level are processed as, if we see one, it means
- * we've finished processing or skipping higher-level continuations under the
- * control of a successful or unsuccessful lower-level continuation, and are
- * now seeing the next lower-level continuation and should process it.  The
- * current continuation level reverts to the level of the one we're seeing.
- *
- * Continuations at the current level are processed as, if we see one, there's
- * no lower-level continuation that may have failed.
- *
- * If a continuation matches, we bump the current continuation level so that
- * higher-level continuations are processed.
- */
-static int match(request_rec *r, unsigned char *s, int nbytes)
-{
-#if MIME_MAGIC_DEBUG
-    int rule_counter = 0;
-#endif
-    int cont_level = 0;
-    int need_separator = 0;
-    union VALUETYPE p;
-    magic_server_config_rec *conf = (magic_server_config_rec *)
-		ap_get_module_config(r->server->module_config, &mime_magic_module);
-    struct magic *m;
-
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		MODNAME ": match conf=%x file=%s m=%s m->next=%s last=%s",
-		conf,
-		conf->magicfile ? conf->magicfile : "NULL",
-		conf->magic ? "set" : "NULL",
-		(conf->magic && conf->magic->next) ? "set" : "NULL",
-		conf->last ? "set" : "NULL");
-#endif
-
-#if MIME_MAGIC_DEBUG
-    for (m = conf->magic; m; m = m->next) {
-	if (ap_isprint((((unsigned long) m) >> 24) & 255) &&
-	    ap_isprint((((unsigned long) m) >> 16) & 255) &&
-	    ap_isprint((((unsigned long) m) >> 8) & 255) &&
-	    ap_isprint(((unsigned long) m) & 255)) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			MODNAME ": match: POINTER CLOBBERED! "
-			"m=\"%c%c%c%c\"",
-			(((unsigned long) m) >> 24) & 255,
-			(((unsigned long) m) >> 16) & 255,
-			(((unsigned long) m) >> 8) & 255,
-			((unsigned long) m) & 255);
-	    break;
-	}
-    }
-#endif
-
-    for (m = conf->magic; m; m = m->next) {
-#if MIME_MAGIC_DEBUG
-	rule_counter++;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    MODNAME ": line=%d desc=%s", m->lineno, m->desc);
-#endif
-
-	/* check if main entry matches */
-	if (!mget(r, &p, s, m, nbytes) ||
-	    !mcheck(r, &p, m)) {
-	    struct magic *m_cont;
-
-	    /*
-	     * main entry didn't match, flush its continuations
-	     */
-	    if (!m->next || (m->next->cont_level == 0)) {
-		continue;
-	    }
-
-	    m_cont = m->next;
-	    while (m_cont && (m_cont->cont_level != 0)) {
-#if MIME_MAGIC_DEBUG
-		rule_counter++;
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			MODNAME ": line=%d mc=%x mc->next=%x cont=%d desc=%s",
-			    m_cont->lineno, m_cont,
-			    m_cont->next, m_cont->cont_level,
-			    m_cont->desc);
-#endif
-		/*
-		 * this trick allows us to keep *m in sync when the continue
-		 * advances the pointer
-		 */
-		m = m_cont;
-		m_cont = m_cont->next;
-	    }
-	    continue;
-	}
-
-	/* if we get here, the main entry rule was a match */
-	/* this will be the last run through the loop */
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    MODNAME ": rule matched, line=%d type=%d %s",
-		    m->lineno, m->type,
-		    (m->type == STRING) ? m->value.s : "");
-#endif
-
-	/* print the match */
-	mprint(r, &p, m);
-
-	/*
-	 * If we printed something, we'll need to print a blank before we
-	 * print something else.
-	 */
-	if (m->desc[0])
-	    need_separator = 1;
-	/* and any continuations that match */
-	cont_level++;
-	/*
-	 * while (m && m->next && m->next->cont_level != 0 && ( m = m->next
-	 * ))
-	 */
-	m = m->next;
-	while (m && (m->cont_level != 0)) {
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			MODNAME ": match line=%d cont=%d type=%d %s",
-			m->lineno, m->cont_level, m->type,
-			(m->type == STRING) ? m->value.s : "");
-#endif
-	    if (cont_level >= m->cont_level) {
-		if (cont_level > m->cont_level) {
-		    /*
-		     * We're at the end of the level "cont_level"
-		     * continuations.
-		     */
-		    cont_level = m->cont_level;
-		}
-		if (mget(r, &p, s, m, nbytes) &&
-		    mcheck(r, &p, m)) {
-		    /*
-		     * This continuation matched. Print its message, with a
-		     * blank before it if the previous item printed and this
-		     * item isn't empty.
-		     */
-		    /* space if previous printed */
-		    if (need_separator
-			&& (m->nospflag == 0)
-			&& (m->desc[0] != '\0')
-			) {
-			(void) magic_rsl_putchar(r, ' ');
-			need_separator = 0;
-		    }
-		    mprint(r, &p, m);
-		    if (m->desc[0])
-			need_separator = 1;
-
-		    /*
-		     * If we see any continuations at a higher level, process
-		     * them.
-		     */
-		    cont_level++;
-		}
-	    }
-
-	    /* move to next continuation record */
-	    m = m->next;
-	}
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    MODNAME ": matched after %d rules", rule_counter);
-#endif
-	return 1;		/* all through */
-    }
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		MODNAME ": failed after %d rules", rule_counter);
-#endif
-    return 0;			/* no match at all */
-}
-
-static void mprint(request_rec *r, union VALUETYPE *p, struct magic *m)
-{
-    char *pp;
-    unsigned long v;
-
-    switch (m->type) {
-    case BYTE:
-	v = p->b;
-	break;
-
-    case SHORT:
-    case BESHORT:
-    case LESHORT:
-	v = p->h;
-	break;
-
-    case LONG:
-    case BELONG:
-    case LELONG:
-	v = p->l;
-	break;
-
-    case STRING:
-	if (m->reln == '=') {
-	    (void) magic_rsl_printf(r, m->desc, m->value.s);
-	}
-	else {
-	    (void) magic_rsl_printf(r, m->desc, p->s);
-	}
-	return;
-
-    case DATE:
-    case BEDATE:
-    case LEDATE:
-	/* XXX: not multithread safe */
-	pp = ctime((time_t *) & p->l);
-	pp[strcspn(pp, "\n")] = '\0';
-	(void) magic_rsl_printf(r, m->desc, pp);
-	return;
-    default:
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": invalid m->type (%d) in mprint().",
-		    m->type);
-	return;
-    }
-
-    v = signextend(r->server, m, v) & m->mask;
-    (void) magic_rsl_printf(r, m->desc, (unsigned long) v);
-}
-
-/*
- * Convert the byte order of the data we are looking at
- */
-static int mconvert(request_rec *r, union VALUETYPE *p, struct magic *m)
-{
-    switch (m->type) {
-    case BYTE:
-    case SHORT:
-    case LONG:
-    case DATE:
-	return 1;
-    case STRING:
-	/* Null terminate and eat the return */
-	p->s[sizeof(p->s) - 1] = '\0';
-	p->s[strcspn(p->s, "\n")] = '\0';
-	return 1;
-    case BESHORT:
-	p->h = (short) ((p->hs[0] << 8) | (p->hs[1]));
-	return 1;
-    case BELONG:
-    case BEDATE:
-	p->l = (long)
-	    ((p->hl[0] << 24) | (p->hl[1] << 16) | (p->hl[2] << 8) | (p->hl[3]));
-	return 1;
-    case LESHORT:
-	p->h = (short) ((p->hs[1] << 8) | (p->hs[0]));
-	return 1;
-    case LELONG:
-    case LEDATE:
-	p->l = (long)
-	    ((p->hl[3] << 24) | (p->hl[2] << 16) | (p->hl[1] << 8) | (p->hl[0]));
-	return 1;
-    default:
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": invalid type %d in mconvert().", m->type);
-	return 0;
-    }
-}
-
-
-static int mget(request_rec *r, union VALUETYPE *p, unsigned char *s,
-		struct magic *m, int nbytes)
-{
-    long offset = m->offset;
-
-    if (offset + (long)sizeof(union VALUETYPE) > nbytes)
-	          return 0;
-
-    memcpy(p, s + offset, sizeof(union VALUETYPE));
-
-    if (!mconvert(r, p, m))
-	return 0;
-
-    if (m->flag & INDIR) {
-
-	switch (m->in.type) {
-	case BYTE:
-	    offset = p->b + m->in.offset;
-	    break;
-	case SHORT:
-	    offset = p->h + m->in.offset;
-	    break;
-	case LONG:
-	    offset = p->l + m->in.offset;
-	    break;
-	}
-
-	if (offset + (long)sizeof(union VALUETYPE) > nbytes)
-	              return 0;
-
-	memcpy(p, s + offset, sizeof(union VALUETYPE));
-
-	if (!mconvert(r, p, m))
-	    return 0;
-    }
-    return 1;
-}
-
-static int mcheck(request_rec *r, union VALUETYPE *p, struct magic *m)
-{
-    unsigned long l = m->value.l;
-    unsigned long v;
-    int matched;
-
-    if ((m->value.s[0] == 'x') && (m->value.s[1] == '\0')) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": BOINK");
-	return 1;
-    }
-
-    switch (m->type) {
-    case BYTE:
-	v = p->b;
-	break;
-
-    case SHORT:
-    case BESHORT:
-    case LESHORT:
-	v = p->h;
-	break;
-
-    case LONG:
-    case BELONG:
-    case LELONG:
-    case DATE:
-    case BEDATE:
-    case LEDATE:
-	v = p->l;
-	break;
-
-    case STRING:
-	l = 0;
-	/*
-	 * What we want here is: v = strncmp(m->value.s, p->s, m->vallen);
-	 * but ignoring any nulls.  bcmp doesn't give -/+/0 and isn't
-	 * universally available anyway.
-	 */
-	v = 0;
-	{
-	    unsigned char *a = (unsigned char *) m->value.s;
-	    unsigned char *b = (unsigned char *) p->s;
-	    int len = m->vallen;
-
-	    while (--len >= 0)
-		if ((v = *b++ - *a++) != 0)
-		    break;
-	}
-	break;
-    default:
-	/*  bogosity, pretend that it just wasn't a match */
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": invalid type %d in mcheck().", m->type);
-	return 0;
-    }
-
-    v = signextend(r->server, m, v) & m->mask;
-
-    switch (m->reln) {
-    case 'x':
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "%lu == *any* = 1", v);
-#endif
-	matched = 1;
-	break;
-
-    case '!':
-	matched = v != l;
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "%lu != %lu = %d", v, l, matched);
-#endif
-	break;
-
-    case '=':
-	matched = v == l;
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "%lu == %lu = %d", v, l, matched);
-#endif
-	break;
-
-    case '>':
-	if (m->flag & UNSIGNED) {
-	    matched = v > l;
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			"%lu > %lu = %d", v, l, matched);
-#endif
-	}
-	else {
-	    matched = (long) v > (long) l;
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			"%ld > %ld = %d", v, l, matched);
-#endif
-	}
-	break;
-
-    case '<':
-	if (m->flag & UNSIGNED) {
-	    matched = v < l;
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			"%lu < %lu = %d", v, l, matched);
-#endif
-	}
-	else {
-	    matched = (long) v < (long) l;
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			"%ld < %ld = %d", v, l, matched);
-#endif
-	}
-	break;
-
-    case '&':
-	matched = (v & l) == l;
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "((%lx & %lx) == %lx) = %d", v, l, l, matched);
-#endif
-	break;
-
-    case '^':
-	matched = (v & l) != l;
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "((%lx & %lx) != %lx) = %d", v, l, l, matched);
-#endif
-	break;
-
-    default:
-	/* bogosity, pretend it didn't match */
-	matched = 0;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": mcheck: can't happen: invalid relation %d.",
-		    m->reln);
-	break;
-    }
-
-    return matched;
-}
-
-/* an optimization over plain strcmp() */
-#define    STREQ(a, b)    (*(a) == *(b) && strcmp((a), (b)) == 0)
-
-static int ascmagic(request_rec *r, unsigned char *buf, int nbytes)
-{
-    int has_escapes = 0;
-    unsigned char *s;
-    char nbuf[HOWMANY + 1];	/* one extra for terminating '\0' */
-    char *token;
-    struct names *p;
-    int small_nbytes;
-
-    /* these are easy, do them first */
-
-    /*
-     * for troff, look for . + letter + letter or .\"; this must be done to
-     * disambiguate tar archives' ./file and other trash from real troff
-     * input.
-     */
-    if (*buf == '.') {
-	unsigned char *tp = buf + 1;
-
-	while (ap_isspace(*tp))
-	    ++tp;		/* skip leading whitespace */
-	if ((ap_isalnum(*tp) || *tp == '\\') &&
-	     (ap_isalnum(*(tp + 1)) || *tp == '"')) {
-	    magic_rsl_puts(r, "application/x-troff");
-	    return 1;
-	}
-    }
-    if ((*buf == 'c' || *buf == 'C') && ap_isspace(*(buf + 1))) {
-	/* Fortran */
-	magic_rsl_puts(r, "text/plain");
-	return 1;
-    }
-
-    /* look for tokens from names.h - this is expensive!, so we'll limit
-     * ourselves to only SMALL_HOWMANY bytes */
-    small_nbytes = (nbytes > SMALL_HOWMANY) ? SMALL_HOWMANY : nbytes;
-    /* make a copy of the buffer here because strtok() will destroy it */
-    s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
-    s[small_nbytes] = '\0';
-    has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
-    /* XXX: not multithread safe */
-    while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
-	s = NULL;		/* make strtok() keep on tokin' */
-	for (p = names; p < names + NNAMES; p++) {
-	    if (STREQ(p->name, token)) {
-		magic_rsl_puts(r, types[p->type]);
-		if (has_escapes)
-		    magic_rsl_puts(r, " (with escape sequences)");
-		return 1;
-	    }
-	}
-    }
-
-    switch (is_tar(buf, nbytes)) {
-    case 1:
-	/* V7 tar archive */
-	magic_rsl_puts(r, "application/x-tar");
-	return 1;
-    case 2:
-	/* POSIX tar archive */
-	magic_rsl_puts(r, "application/x-tar");
-	return 1;
-    }
-
-    /* all else fails, but it is ascii... */
-    if (has_escapes) {
-	/* text with escape sequences */
-	/* we leave this open for further differentiation later */
-	magic_rsl_puts(r, "text/plain");
-    }
-    else {
-	/* plain text */
-	magic_rsl_puts(r, "text/plain");
-    }
-    return 1;
-}
-
-
-/*
- * compress routines: zmagic() - returns 0 if not recognized, uncompresses
- * and prints information if recognized uncompress(s, method, old, n, newch)
- * - uncompress old into new, using method, return sizeof new
- */
-
-static struct {
-    char *magic;
-    int maglen;
-    char *argv[3];
-    int silent;
-    char *encoding;	/* MUST be lowercase */
-} compr[] = {
-
-    /* we use gzip here rather than uncompress because we have to pass
-     * it a full filename -- and uncompress only considers filenames
-     * ending with .Z
-     */
-    {
-	"\037\235", 2, {
-	    "gzip", "-dcq", NULL
-	}, 0, "x-compress"
-    },
-    {
-	"\037\213", 2, {
-	    "gzip", "-dcq", NULL
-	}, 1, "x-gzip"
-    },
-    /*
-     * XXX pcat does not work, cause I don't know how to make it read stdin,
-     * so we use gzip
-     */
-    {
-	"\037\036", 2, {
-	    "gzip", "-dcq", NULL
-	}, 0, "x-gzip"
-    },
-};
-
-static int ncompr = sizeof(compr) / sizeof(compr[0]);
-
-static int zmagic(request_rec *r, unsigned char *buf, int nbytes)
-{
-    unsigned char *newbuf;
-    int newsize;
-    int i;
-
-    for (i = 0; i < ncompr; i++) {
-	if (nbytes < compr[i].maglen)
-	    continue;
-	if (memcmp(buf, compr[i].magic, compr[i].maglen) == 0)
-	    break;
-    }
-
-    if (i == ncompr)
-	return 0;
-
-    if ((newsize = uncompress(r, i, &newbuf, nbytes)) > 0) {
-	tryit(r, newbuf, newsize, 0);
-
-	/* set encoding type in the request record */
-	r->content_encoding = compr[i].encoding;
-    }
-    return 1;
-}
-
-
-struct uncompress_parms {
-    request_rec *r;
-    int method;
-};
-
-static int uncompress_child(void *data, child_info *pinfo)
-{
-    struct uncompress_parms *parm = data;
-    char *new_argv[4];
-
-    new_argv[0] = compr[parm->method].argv[0];
-    new_argv[1] = compr[parm->method].argv[1];
-    new_argv[2] = parm->r->filename;
-    new_argv[3] = NULL;
-
-    if (compr[parm->method].silent) {
-	close(STDERR_FILENO);
-    }
-
-    execvp(compr[parm->method].argv[0], new_argv);
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, parm->r,
-		MODNAME ": could not execute `%s'.",
-		compr[parm->method].argv[0]);
-    return -1;
-}
-
-
-static int uncompress(request_rec *r, int method, 
-		      unsigned char **newch, int n)
-{
-    struct uncompress_parms parm;
-    BUFF *bout;
-    pool *sub_pool;
-
-    parm.r = r;
-    parm.method = method;
-
-    /* We make a sub_pool so that we can collect our child early, otherwise
-     * there are cases (i.e. generating directory indicies with mod_autoindex)
-     * where we would end up with LOTS of zombies.
-     */
-    sub_pool = ap_make_sub_pool(r->pool);
-
-    if (!ap_bspawn_child(sub_pool, uncompress_child, &parm, kill_always,
-			 NULL, &bout, NULL)) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    MODNAME ": couldn't spawn uncompress process: %s", r->uri);
-	return -1;
-    }
-
-    *newch = (unsigned char *) ap_palloc(r->pool, n);
-    if ((n = ap_bread(bout, *newch, n)) <= 0) {
-	ap_destroy_pool(sub_pool);
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-	    MODNAME ": read failed %s", r->filename);
-	return -1;
-    }
-    ap_destroy_pool(sub_pool);
-    return n;
-}
-
-/*
- * is_tar() -- figure out whether file is a tar archive.
- *
- * Stolen (by author of file utility) from the public domain tar program: Public
- * Domain version written 26 Aug 1985 John Gilmore (ihnp4!hoptoad!gnu).
- *
- * @(#)list.c 1.18 9/23/86 Public Domain - gnu $Id: mod_mime_magic.c,v 1.7
- * 1997/06/24 00:41:02 ikluft Exp ikluft $
- *
- * Comments changed and some code/comments reformatted for file command by Ian
- * Darwin.
- */
-
-#define    isodigit(c)    ( ((c) >= '0') && ((c) <= '7') )
-
-/*
- * Return 0 if the checksum is bad (i.e., probably not a tar archive), 1 for
- * old UNIX tar file, 2 for Unix Std (POSIX) tar file.
- */
-
-static int is_tar(unsigned char *buf, int nbytes)
-{
-    union record *header = (union record *) buf;
-    int i;
-    long sum, recsum;
-    char *p;
-
-    if (nbytes < sizeof(union record))
-	       return 0;
-
-    recsum = from_oct(8, header->header.chksum);
-
-    sum = 0;
-    p = header->charptr;
-    for (i = sizeof(union record); --i >= 0;) {
-	/*
-	 * We can't use unsigned char here because of old compilers, e.g. V7.
-	 */
-	sum += 0xFF & *p++;
-    }
-
-    /* Adjust checksum to count the "chksum" field as blanks. */
-    for (i = sizeof(header->header.chksum); --i >= 0;)
-	sum -= 0xFF & header->header.chksum[i];
-    sum += ' ' * sizeof header->header.chksum;
-
-    if (sum != recsum)
-	return 0;		/* Not a tar archive */
-
-    if (0 == strcmp(header->header.magic, TMAGIC))
-	return 2;		/* Unix Standard tar archive */
-
-    return 1;			/* Old fashioned tar archive */
-}
-
-
-/*
- * Quick and dirty octal conversion.
- *
- * Result is -1 if the field is invalid (all blank, or nonoctal).
- */
-static long from_oct(int digs, char *where)
-{
-    long value;
-
-    while (ap_isspace(*where)) {	/* Skip spaces */
-	where++;
-	if (--digs <= 0)
-	    return -1;		/* All blank field */
-    }
-    value = 0;
-    while (digs > 0 && isodigit(*where)) {	/* Scan til nonoctal */
-	value = (value << 3) | (*where++ - '0');
-	--digs;
-    }
-
-    if (digs > 0 && *where && !ap_isspace(*where))
-	return -1;		/* Ended on non-space/nul */
-
-    return value;
-}
-
-/*
- * Check for file-revision suffix
- *
- * This is for an obscure document control system used on an intranet.
- * The web representation of each file's revision has an @1, @2, etc
- * appended with the revision number.  This needs to be stripped off to
- * find the file suffix, which can be recognized by sending the name back
- * through a sub-request.  The base file name (without the @num suffix)
- * must exist because its type will be used as the result.
- */
-static int revision_suffix(request_rec *r)
-{
-    int suffix_pos, result;
-    char *sub_filename;
-    request_rec *sub;
-
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		MODNAME ": revision_suffix checking %s", r->filename);
-#endif /* MIME_MAGIC_DEBUG */
-
-    /* check for recognized revision suffix */
-    suffix_pos = strlen(r->filename) - 1;
-    if (!ap_isdigit(r->filename[suffix_pos])) {
-	return 0;
-    }
-    while (suffix_pos >= 0 && ap_isdigit(r->filename[suffix_pos]))
-	suffix_pos--;
-    if (suffix_pos < 0 || r->filename[suffix_pos] != '@') {
-	return 0;
-    }
-
-    /* perform sub-request for the file name without the suffix */
-    result = 0;
-    sub_filename = ap_pstrndup(r->pool, r->filename, suffix_pos);
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		MODNAME ": subrequest lookup for %s", sub_filename);
-#endif /* MIME_MAGIC_DEBUG */
-    sub = ap_sub_req_lookup_file(sub_filename, r);
-
-    /* extract content type/encoding/language from sub-request */
-    if (sub->content_type) {
-	r->content_type = ap_pstrdup(r->pool, sub->content_type);
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    MODNAME ": subrequest %s got %s",
-		    sub_filename, r->content_type);
-#endif /* MIME_MAGIC_DEBUG */
-	if (sub->content_encoding)
-	    r->content_encoding =
-		ap_pstrdup(r->pool, sub->content_encoding);
-	if (sub->content_language)
-	    r->content_language =
-		ap_pstrdup(r->pool, sub->content_language);
-	result = 1;
-    }
-
-    /* clean up */
-    ap_destroy_sub_req(sub);
-
-    return result;
-}
-
-/*
- * initialize the module
- */
-
-static void magic_init(server_rec *main_server, pool *p)
-{
-    int result;
-    magic_server_config_rec *conf;
-    magic_server_config_rec *main_conf;
-    server_rec *s;
-#if MIME_MAGIC_DEBUG
-    struct magic *m, *prevm;
-#endif /* MIME_MAGIC_DEBUG */
-
-    main_conf = ap_get_module_config(main_server->module_config, &mime_magic_module);
-    for (s = main_server; s; s = s->next) {
-	conf = ap_get_module_config(s->module_config, &mime_magic_module);
-	if (conf->magicfile == NULL && s != main_server) {
-	    /* inherits from the parent */
-	    *conf = *main_conf;
-	}
-	else if (conf->magicfile) {
-	    result = apprentice(s, p);
-	    if (result == -1)
-		return;
-#if MIME_MAGIC_DEBUG
-	    prevm = 0;
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-			MODNAME ": magic_init 1 test");
-	    for (m = conf->magic; m; m = m->next) {
-		if (ap_isprint((((unsigned long) m) >> 24) & 255) &&
-		    ap_isprint((((unsigned long) m) >> 16) & 255) &&
-		    ap_isprint((((unsigned long) m) >> 8) & 255) &&
-		    ap_isprint(((unsigned long) m) & 255)) {
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-				MODNAME ": magic_init 1: POINTER CLOBBERED! "
-				"m=\"%c%c%c%c\" line=%d",
-				(((unsigned long) m) >> 24) & 255,
-				(((unsigned long) m) >> 16) & 255,
-				(((unsigned long) m) >> 8) & 255,
-				((unsigned long) m) & 255,
-				prevm ? prevm->lineno : -1);
-		    break;
-		}
-		prevm = m;
-	    }
-#endif
-	}
-    }
-}
-
-/*
- * Find the Content-Type from any resource this module has available
- */
-
-static int magic_find_ct(request_rec *r)
-{
-    int result;
-    magic_server_config_rec *conf;
-
-    /* the file has to exist */
-    if (r->finfo.st_mode == 0 || !r->filename) {
-	return DECLINED;
-    }
-
-    /* was someone else already here? */
-    if (r->content_type) {
-	return DECLINED;
-    }
-
-    conf = ap_get_module_config(r->server->module_config, &mime_magic_module);
-    if (!conf || !conf->magic) {
-	return DECLINED;
-    }
-
-    /* initialize per-request info */
-    if (!magic_set_config(r)) {
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /* try excluding file-revision suffixes */
-    if (revision_suffix(r) != 1) {
-	/* process it based on the file contents */
-	if ((result = magic_process(r)) != OK) {
-	    return result;
-	}
-    }
-
-    /* if we have any results, put them in the request structure */
-    return magic_rsl_to_request(r);
-}
-
-/*
- * Apache API module interface
- */
-
-module MODULE_VAR_EXPORT mime_magic_module =
-{
-    STANDARD_MODULE_STUFF,
-    magic_init,			/* initializer */
-    NULL,			/* dir config creator */
-    NULL,			/* dir merger --- default is to override */
-    create_magic_server_config,	/* server config */
-    merge_magic_server_config,	/* merge server config */
-    mime_magic_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    magic_find_ct,		/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_negotiation.c b/usr.sbin/httpd/src/modules/standard/mod_negotiation.c
deleted file mode 100644
index 4e68d887d55..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_negotiation.c
+++ /dev/null
@@ -1,2835 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_negotiation.c: keeps track of MIME types the client is willing to
- * accept, and contains code to handle type arbitration.
- *
- * rst
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_protocol.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "util_script.h"
-
-/* Commands --- configuring document caching on a per (virtual?)
- * server basis... 
- */
-
-typedef struct {
-    array_header *language_priority;
-} neg_dir_config;
-
-module MODULE_VAR_EXPORT negotiation_module;
-
-static void *create_neg_dir_config(pool *p, char *dummy)
-{
-    neg_dir_config *new = (neg_dir_config *) ap_palloc(p, sizeof(neg_dir_config));
-
-    new->language_priority = ap_make_array(p, 4, sizeof(char *));
-    return new;
-}
-
-static void *merge_neg_dir_configs(pool *p, void *basev, void *addv)
-{
-    neg_dir_config *base = (neg_dir_config *) basev;
-    neg_dir_config *add = (neg_dir_config *) addv;
-    neg_dir_config *new = (neg_dir_config *) ap_palloc(p, sizeof(neg_dir_config));
-
-    /* give priority to the config in the subdirectory */
-    new->language_priority = ap_append_arrays(p, add->language_priority,
-                                           base->language_priority);
-    return new;
-}
-
-static const char *set_language_priority(cmd_parms *cmd, void *n, char *lang)
-{
-    array_header *arr = ((neg_dir_config *) n)->language_priority;
-    char **langp = (char **) ap_push_array(arr);
-
-    *langp = lang;
-    return NULL;
-}
-
-static const char *cache_negotiated_docs(cmd_parms *cmd, void *dummy,
-                                         char *dummy2)
-{
-    void *server_conf = cmd->server->module_config;
-
-    ap_set_module_config(server_conf, &negotiation_module, "Cache");
-    return NULL;
-}
-
-static int do_cache_negotiated_docs(server_rec *s)
-{
-    return (ap_get_module_config(s->module_config, &negotiation_module) != NULL);
-}
-
-static const command_rec negotiation_cmds[] =
-{
-    {"CacheNegotiatedDocs", cache_negotiated_docs, NULL, RSRC_CONF, NO_ARGS,
-     "no arguments (either present or absent)"},
-    {"LanguagePriority", set_language_priority, NULL, OR_FILEINFO, ITERATE,
-     "space-delimited list of MIME language abbreviations"},
-    {NULL}
-};
-
-/*
- * Record of available info on a media type specified by the client
- * (we also use 'em for encodings and languages)
- */
-
-typedef struct accept_rec {
-    char *name;                 /* MUST be lowercase */
-    float quality;
-    float level;
-    char *charset;              /* for content-type only */
-} accept_rec;
-
-/*
- * Record of available info on a particular variant
- *
- * Note that a few of these fields are updated by the actual negotiation
- * code.  These are:
- *
- * level_matched --- initialized to zero.  Set to the value of level
- *             if the client actually accepts this media type at that
- *             level (and *not* if it got in on a wildcard).  See level_cmp
- *             below.
- * mime_stars -- initialized to zero.  Set to the number of stars
- *               present in the best matching Accept header element.
- *               1 for star/star, 2 for type/star and 3 for
- *               type/subtype.
- *
- * definite -- initialized to 1.  Set to 0 if there is a match which
- *             makes the variant non-definite according to the rules
- *             in rfc2296.
- */
-
-typedef struct var_rec {
-    request_rec *sub_req;       /* May be NULL (is, for map files) */
-    char *mime_type;            /* MUST be lowercase */
-    char *file_name;
-    const char *content_encoding;
-    array_header *content_languages;   /* list of languages for this variant */
-    char *content_charset;
-    char *description;
-
-    /* The next five items give the quality values for the dimensions
-     * of negotiation for this variant. They are obtained from the
-     * appropriate header lines, except for source_quality, which
-     * is obtained from the variant itself (the 'qs' parameter value
-     * from the variant's mime-type). Apart from source_quality,
-     * these values are set when we find the quality for each variant
-     * (see best_match()). source_quality is set from the 'qs' parameter
-     * of the variant description or mime type: see set_mime_fields().
-     */
-    float lang_quality;         /* quality of this variant's language */
-    float encoding_quality;     /* ditto encoding */
-    float charset_quality;      /* ditto charset */
-    float mime_type_quality;    /* ditto media type */
-    float source_quality;       /* source quality for this variant */
-
-    /* Now some special values */
-    float level;                /* Auxiliary to content-type... */
-    float bytes;                /* content length, if known */
-    int lang_index;             /* pre HTTP/1.1 language priority stuff */
-    int is_pseudo_html;         /* text/html, *or* the INCLUDES_MAGIC_TYPEs */
-
-    /* Above are all written-once properties of the variant.  The
-     * three fields below are changed during negotiation:
-     */
-
-    float level_matched;
-    int mime_stars;
-    int definite;
-} var_rec;
-
-/* Something to carry around the state of negotiation (and to keep
- * all of this thread-safe)...
- */
-
-typedef struct {
-    pool *pool;
-    request_rec *r;
-    char *dir_name;
-    int accept_q;               /* 1 if an Accept item has a q= param */
-    float default_lang_quality; /* fiddle lang q for variants with no lang */
-
-    /* the array pointers below are NULL if the corresponding accept
-     * headers are not present
-     */
-    array_header *accepts;            /* accept_recs */
-    array_header *accept_encodings;   /* accept_recs */
-    array_header *accept_charsets;    /* accept_recs */
-    array_header *accept_langs;       /* accept_recs */
-
-    array_header *avail_vars;         /* available variants */
-
-    int count_multiviews_variants;    /* number of variants found on disk */
-
-    int is_transparent;       /* 1 if this resource is trans. negotiable */
-
-    int dont_fiddle_headers;  /* 1 if we may not fiddle with accept hdrs */
-    int ua_supports_trans;    /* 1 if ua supports trans negotiation */
-    int send_alternates;      /* 1 if we want to send an Alternates header */
-    int may_choose;           /* 1 if we may choose a variant for the client */
-    int use_rvsa;             /* 1 if we must use RVSA/1.0 negotiation algo */
-} negotiation_state;
-
-/* A few functions to manipulate var_recs.
- * Cleaning out the fields...
- */
-
-static void clean_var_rec(var_rec *mime_info)
-{
-    mime_info->sub_req = NULL;
-    mime_info->mime_type = "";
-    mime_info->file_name = "";
-    mime_info->content_encoding = NULL;
-    mime_info->content_languages = NULL;
-    mime_info->content_charset = "";
-    mime_info->description = "";
-
-    mime_info->is_pseudo_html = 0;
-    mime_info->level = 0.0f;
-    mime_info->level_matched = 0.0f;
-    mime_info->bytes = 0.0f;
-    mime_info->lang_index = -1;
-    mime_info->mime_stars = 0;
-    mime_info->definite = 1;
-
-    mime_info->charset_quality = 1.0f;
-    mime_info->encoding_quality = 1.0f;
-    mime_info->lang_quality = 1.0f;
-    mime_info->mime_type_quality = 1.0f;
-    mime_info->source_quality = 0.0f;
-}
-
-/* Initializing the relevant fields of a variant record from the
- * accept_info read out of its content-type, one way or another.
- */
-
-static void set_mime_fields(var_rec *var, accept_rec *mime_info)
-{
-    var->mime_type = mime_info->name;
-    var->source_quality = mime_info->quality;
-    var->level = mime_info->level;
-    var->content_charset = mime_info->charset;
-
-    var->is_pseudo_html = (!strcmp(var->mime_type, "text/html")
-                           || !strcmp(var->mime_type, INCLUDES_MAGIC_TYPE)
-                           || !strcmp(var->mime_type, INCLUDES_MAGIC_TYPE3));
-}
-
-/* Create a variant list validator in r using info from vlistr. */
-
-static void set_vlist_validator(request_rec *r, request_rec *vlistr)
-{
-    /* Calculating the variant list validator is similar to
-     * calculating an etag for the source of the variant list
-     * information, so we use ap_make_etag().  Note that this
-     * validator can be 'weak' in extreme case.
-     */
-
-    ap_update_mtime (vlistr, vlistr->finfo.st_mtime);
-    r->vlist_validator = ap_make_etag(vlistr, 0);
-
-    /* ap_set_etag will later take r->vlist_validator into account
-     * when creating the etag header
-     */
-}
-
-
-/*****************************************************************
- *
- * Parsing (lists of) media types and their parameters, as seen in
- * HTTPD header lines and elsewhere.
- */
-
-/*
- * Get a single mime type entry --- one media type and parameters;
- * enter the values we recognize into the argument accept_rec
- */
-
-static const char *get_entry(pool *p, accept_rec *result,
-                             const char *accept_line)
-{
-    result->quality = 1.0f;
-    result->level = 0.0f;
-    result->charset = "";
-
-    /*
-     * Note that this handles what I gather is the "old format",
-     *
-     *    Accept: text/html text/plain moo/zot
-     *
-     * without any compatibility kludges --- if the token after the
-     * MIME type begins with a semicolon, we know we're looking at parms,
-     * otherwise, we know we aren't.  (So why all the pissing and moaning
-     * in the CERN server code?  I must be missing something).
-     */
-
-    result->name = ap_get_token(p, &accept_line, 0);
-    ap_str_tolower(result->name);     /* You want case-insensitive,
-                                       * you'll *get* case-insensitive.
-                                       */
-
-    /* KLUDGE!!! Default HTML to level 2.0 unless the browser
-     * *explicitly* says something else.
-     */
-
-    if (!strcmp(result->name, "text/html") && (result->level == 0.0)) {
-        result->level = 2.0f;
-    }
-    else if (!strcmp(result->name, INCLUDES_MAGIC_TYPE)) {
-        result->level = 2.0f;
-    }
-    else if (!strcmp(result->name, INCLUDES_MAGIC_TYPE3)) {
-        result->level = 3.0f;
-    }
-
-    while (*accept_line == ';') {
-        /* Parameters ... */
-
-        char *parm;
-        char *cp;
-        char *end;
-
-        ++accept_line;
-        parm = ap_get_token(p, &accept_line, 1);
-
-        /* Look for 'var = value' --- and make sure the var is in lcase. */
-
-        for (cp = parm; (*cp && !ap_isspace(*cp) && *cp != '='); ++cp) {
-            *cp = ap_tolower(*cp);
-        }
-
-        if (!*cp) {
-            continue;           /* No '='; just ignore it. */
-        }
-
-        *cp++ = '\0';           /* Delimit var */
-        while (ap_isspace(*cp) || *cp == '=') {
-            ++cp;
-        }
-
-        if (*cp == '"') {
-            ++cp;
-            for (end = cp;
-                 (*end && *end != '\n' && *end != '\r' && *end != '\"');
-                 end++);
-        }
-        else {
-            for (end = cp; (*end && !ap_isspace(*end)); end++);
-        }
-        if (*end) {
-            *end = '\0';        /* strip ending quote or return */
-        }
-        ap_str_tolower(cp);
-
-        if (parm[0] == 'q'
-            && (parm[1] == '\0' || (parm[1] == 's' && parm[2] == '\0'))) {
-            result->quality = (float)atof(cp);
-        }
-        else if (parm[0] == 'l' && !strcmp(&parm[1], "evel")) {
-            result->level = (float)atof(cp);
-        }
-        else if (!strcmp(parm, "charset")) {
-            result->charset = cp;
-        }
-    }
-
-    if (*accept_line == ',') {
-        ++accept_line;
-    }
-
-    return accept_line;
-}
-
-/*****************************************************************
- *
- * Dealing with header lines ...
- *
- * Accept, Accept-Charset, Accept-Language and Accept-Encoding
- * are handled by do_header_line() - they all have the same
- * basic structure of a list of items of the format
- *    name; q=N; charset=TEXT
- *
- * where charset is only valid in Accept.
- */
-
-static array_header *do_header_line(pool *p, const char *accept_line)
-{
-    array_header *accept_recs;
-
-    if (!accept_line) {
-        return NULL;
-    }
-
-    accept_recs = ap_make_array(p, 40, sizeof(accept_rec));
-
-    while (*accept_line) {
-        accept_rec *new = (accept_rec *) ap_push_array(accept_recs);
-        accept_line = get_entry(p, new, accept_line);
-    }
-
-    return accept_recs;
-}
-
-/* Given the text of the Content-Languages: line from the var map file,
- * return an array containing the languages of this variant
- */
-
-static array_header *do_languages_line(pool *p, const char **lang_line)
-{
-    array_header *lang_recs = ap_make_array(p, 2, sizeof(char *));
-
-    if (!lang_line) {
-        return lang_recs;
-    }
-
-    while (**lang_line) {
-        char **new = (char **) ap_push_array(lang_recs);
-        *new = ap_get_token(p, lang_line, 0);
-        ap_str_tolower(*new);
-        if (**lang_line == ',' || **lang_line == ';') {
-            ++(*lang_line);
-        }
-    }
-
-    return lang_recs;
-}
-
-/*****************************************************************
- *
- * Handling header lines from clients...
- */
-
-static negotiation_state *parse_accept_headers(request_rec *r)
-{
-    negotiation_state *new =
-        (negotiation_state *) ap_pcalloc(r->pool, sizeof(negotiation_state));
-    accept_rec *elts;
-    table *hdrs = r->headers_in;
-    int i;
-
-    new->pool = r->pool;
-    new->r = r;
-    new->dir_name = ap_make_dirstr_parent(r->pool, r->filename);
-
-    new->accepts = do_header_line(r->pool, ap_table_get(hdrs, "Accept"));
-
-    /* calculate new->accept_q value */
-    if (new->accepts) {
-        elts = (accept_rec *) new->accepts->elts;
-
-        for (i = 0; i < new->accepts->nelts; ++i) {
-            if (elts[i].quality < 1.0) {
-                new->accept_q = 1;
-            }
-        }
-    }
-
-    new->accept_encodings =
-        do_header_line(r->pool, ap_table_get(hdrs, "Accept-Encoding"));
-    new->accept_langs =
-        do_header_line(r->pool, ap_table_get(hdrs, "Accept-Language"));
-    new->accept_charsets =
-        do_header_line(r->pool, ap_table_get(hdrs, "Accept-Charset"));
-
-    new->avail_vars = ap_make_array(r->pool, 40, sizeof(var_rec));
-
-    return new;
-}
-
-
-static void parse_negotiate_header(request_rec *r, negotiation_state *neg)
-{
-    const char *negotiate = ap_table_get(r->headers_in, "Negotiate");
-    char *tok;
-    
-    /* First, default to no TCN, no Alternates, and the original Apache
-     * negotiation algorithm with fiddles for broken browser configs.
-     *
-     * To save network bandwidth, we do not configure to send an
-     * Alternates header to the user agent by default.  User
-     * agents that want an Alternates header for agent-driven
-     * negotiation will have to request it by sending an
-     * appropriate Negotiate header.
-     */
-    neg->ua_supports_trans   = 0;
-    neg->send_alternates     = 0;
-    neg->may_choose          = 1;
-    neg->use_rvsa            = 0;
-    neg->dont_fiddle_headers = 0;
-
-    if (!negotiate)
-        return;
-
-    if (strcmp(negotiate, "trans") == 0) {
-        /* Lynx 2.7 and 2.8 send 'negotiate: trans' even though they
-         * do not support transparent content negotiation, so for Lynx we
-         * ignore the negotiate header when its contents are exactly "trans".
-         * If future versions of Lynx ever need to say 'negotiate: trans',
-         * they can send the equivalent 'negotiate: trans, trans' instead
-         * to avoid triggering the workaround below. 
-         */
-        const char *ua = ap_table_get(r->headers_in, "User-Agent");
-
-        if (ua && (strncmp(ua, "Lynx", 4) == 0))
-            return;
-    }
-
-    neg->may_choose = 0;  /* An empty Negotiate would require 300 response */
-
-    while ((tok = ap_get_list_item(neg->pool, &negotiate)) != NULL) {
-
-        if (strcmp(tok, "trans") == 0 ||
-            strcmp(tok, "vlist") == 0 ||
-            strcmp(tok, "guess-small") == 0 ||
-            ap_isdigit(tok[0]) ||
-            strcmp(tok, "*") == 0) {
-
-            /* The user agent supports transparent negotiation */
-            neg->ua_supports_trans = 1;
-
-            /* Send-alternates could be configurable, but note
-             * that it must be 1 if we have 'vlist' in the
-             * negotiate header.
-             */
-            neg->send_alternates = 1;
-
-            if (strcmp(tok, "1.0") == 0) {
-                /* we may use the RVSA/1.0 algorithm, configure for it */
-                neg->may_choose = 1;
-                neg->use_rvsa = 1;
-                neg->dont_fiddle_headers = 1;
-            }
-            else if (tok[0] == '*') {
-                /* we may use any variant selection algorithm, configure
-                 * to use the Apache algorithm
-                 */
-                neg->may_choose = 1;
-                
-                /* We disable header fiddles on the assumption that a
-                 * client sending Negotiate knows how to send correct
-                 * headers which don't need fiddling.
-                 */
-                neg->dont_fiddle_headers = 1; 
-            }
-        }
-    }
-
-#ifdef NEG_DEBUG
-    fprintf(stderr, "dont_fiddle_headers=%d use_rvsa=%d ua_supports_trans=%d "
-            "send_alternates=%d, may_choose=%d\n",
-            neg->dont_fiddle_headers, neg->use_rvsa,  
-            neg->ua_supports_trans, neg->send_alternates, neg->may_choose);
-#endif
-
-}
-
-/* Sometimes clients will give us no Accept info at all; this routine sets
- * up the standard default for that case, and also arranges for us to be
- * willing to run a CGI script if we find one.  (In fact, we set up to
- * dramatically prefer CGI scripts in cases where that's appropriate,
- * e.g., POST or when URI includes query args or extra path info).
- */
-static void maybe_add_default_accepts(negotiation_state *neg, 
-                                      int prefer_scripts)
-{
-    accept_rec *new_accept;
-
-    if (!neg->accepts) {
-        neg->accepts = ap_make_array(neg->pool, 4, sizeof(accept_rec));
-
-        new_accept = (accept_rec *) ap_push_array(neg->accepts);
-        
-        new_accept->name = "*/*";
-        new_accept->quality = 1.0f;
-        new_accept->level = 0.0f;
-    }    
-
-    new_accept = (accept_rec *) ap_push_array(neg->accepts);
-
-    new_accept->name = CGI_MAGIC_TYPE;
-    if (neg->use_rvsa) {
-        new_accept->quality = 0;
-    }
-    else {
-        new_accept->quality = prefer_scripts ? 2.0f : 0.001f;
-    }
-    new_accept->level = 0.0f;
-}
-
-/*****************************************************************
- *
- * Parsing type-map files, in Roy's meta/http format augmented with
- * #-comments.
- */
-
-/* Reading RFC822-style header lines, ignoring #-comments and
- * handling continuations.
- */
-
-enum header_state {
-    header_eof, header_seen, header_sep
-};
-
-static enum header_state get_header_line(char *buffer, int len, FILE *map)
-{
-    char *buf_end = buffer + len;
-    char *cp;
-    int c;
-
-    /* Get a noncommented line */
-
-    do {
-        if (fgets(buffer, MAX_STRING_LEN, map) == NULL) {
-            return header_eof;
-        }
-    } while (buffer[0] == '#');
-
-    /* If blank, just return it --- this ends information on this variant */
-
-    for (cp = buffer; ap_isspace(*cp); ++cp) {
-        continue;
-    }
-
-    if (*cp == '\0') {
-        return header_sep;
-    }
-
-    /* If non-blank, go looking for header lines, but note that we still
-     * have to treat comments specially...
-     */
-
-    cp += strlen(cp);
-
-    while ((c = getc(map)) != EOF) {
-        if (c == '#') {
-            /* Comment line */
-            while ((c = getc(map)) != EOF && c != '\n') {
-                continue;
-            }
-        }
-        else if (ap_isspace(c)) {
-            /* Leading whitespace.  POSSIBLE continuation line
-             * Also, possibly blank --- if so, we ungetc() the final newline
-             * so that we will pick up the blank line the next time 'round.
-             */
-
-            while (c != EOF && c != '\n' && ap_isspace(c)) {
-                c = getc(map);
-            }
-
-            ungetc(c, map);
-
-            if (c == '\n') {
-                return header_seen;     /* Blank line */
-            }
-
-            /* Continuation */
-
-            while (cp < buf_end - 2 && (c = getc(map)) != EOF && c != '\n') {
-                *cp++ = c;
-            }
-
-            *cp++ = '\n';
-            *cp = '\0';
-        }
-        else {
-
-            /* Line beginning with something other than whitespace */
-
-            ungetc(c, map);
-            return header_seen;
-        }
-    }
-
-    return header_seen;
-}
-
-/* Stripping out RFC822 comments */
-
-static void strip_paren_comments(char *hdr)
-{
-    /* Hmmm... is this correct?  In Roy's latest draft, (comments) can nest! */
-    /* Nope, it isn't correct.  Fails to handle backslash escape as well.    */
-
-    while (*hdr) {
-        if (*hdr == '"') {
-            hdr = strchr(hdr, '"');
-            if (hdr == NULL) {
-                return;
-            }
-            ++hdr;
-        }
-        else if (*hdr == '(') {
-            while (*hdr && *hdr != ')') {
-                *hdr++ = ' ';
-            }
-
-            if (*hdr) {
-                *hdr++ = ' ';
-            }
-        }
-        else {
-            ++hdr;
-        }
-    }
-}
-
-/* Getting to a header body from the header */
-
-static char *lcase_header_name_return_body(char *header, request_rec *r)
-{
-    char *cp = header;
-
-    for ( ; *cp && *cp != ':' ; ++cp) {
-        *cp = ap_tolower(*cp);
-    }
-
-    if (!*cp) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                      "Syntax error in type map --- no ':': %s", r->filename);
-        return NULL;
-    }
-
-    do {
-        ++cp;
-    } while (ap_isspace(*cp));
-
-    if (!*cp) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                      "Syntax error in type map --- no header body: %s",
-                      r->filename);
-        return NULL;
-    }
-
-    return cp;
-}
-
-static int read_type_map(negotiation_state *neg, request_rec *rr)
-{
-    request_rec *r = neg->r;
-    FILE *map;
-    char buffer[MAX_STRING_LEN];
-    enum header_state hstate;
-    struct var_rec mime_info;
-    int has_content;
-
-    /* We are not using multiviews */
-    neg->count_multiviews_variants = 0;
-
-    map = ap_pfopen(neg->pool, rr->filename, "r");
-    if (map == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "cannot access type map file: %s", rr->filename);
-        return HTTP_FORBIDDEN;
-    }
-
-    clean_var_rec(&mime_info);
-    has_content = 0;
-
-    do {
-        hstate = get_header_line(buffer, MAX_STRING_LEN, map);
-
-        if (hstate == header_seen) {
-            char *body1 = lcase_header_name_return_body(buffer, neg->r);
-            const char *body;
-
-            if (body1 == NULL) {
-                return SERVER_ERROR;
-            }
-
-            strip_paren_comments(body1);
-            body = body1;
-
-            if (!strncmp(buffer, "uri:", 4)) {
-                mime_info.file_name = ap_get_token(neg->pool, &body, 0);
-            }
-            else if (!strncmp(buffer, "content-type:", 13)) {
-                struct accept_rec accept_info;
-
-                get_entry(neg->pool, &accept_info, body);
-                set_mime_fields(&mime_info, &accept_info);
-                has_content = 1;
-            }
-            else if (!strncmp(buffer, "content-length:", 15)) {
-                mime_info.bytes = (float)atof(body);
-                has_content = 1;
-            }
-            else if (!strncmp(buffer, "content-language:", 17)) {
-                mime_info.content_languages = do_languages_line(neg->pool,
-                                                                &body);
-                has_content = 1;
-            }
-            else if (!strncmp(buffer, "content-encoding:", 17)) {
-                mime_info.content_encoding = ap_get_token(neg->pool, &body, 0);
-                has_content = 1;
-            }
-            else if (!strncmp(buffer, "description:", 12)) {
-                char *desc = ap_pstrdup(neg->pool, body);
-                char *cp;
-
-                for (cp = desc; *cp; ++cp) {
-                    if (*cp=='\n') *cp=' ';
-                }
-                if (cp>desc) *(cp-1)=0;
-                mime_info.description = desc;
-            }
-        }
-        else {
-            if (*mime_info.file_name && has_content) {
-                void *new_var = ap_push_array(neg->avail_vars);
-
-                memcpy(new_var, (void *) &mime_info, sizeof(var_rec));
-            }
-
-            clean_var_rec(&mime_info);
-            has_content = 0;
-        }
-    } while (hstate != header_eof);
-
-    ap_pfclose(neg->pool, map);
-
-    set_vlist_validator(r, rr);
-
-    return OK;
-}
-
-
-/* Sort function used by read_types_multi. */
-static int variantsortf(var_rec *a, var_rec *b) {
-
-    /* First key is the source quality, sort in descending order. */
-
-    /* XXX: note that we currently implement no method of setting the
-     * source quality for multiviews variants, so we are always comparing
-     * 1.0 to 1.0 for now
-     */
-    if (a->source_quality < b->source_quality)
-        return 1;
-    if (a->source_quality > b->source_quality)
-        return -1;
-
-    /* Second key is the variant name */
-    return strcmp(a->file_name, b->file_name);
-}
-
-/*****************************************************************
- *
- * Same as read_type_map, except we use a filtered directory listing
- * as the map...  
- */
-
-static int read_types_multi(negotiation_state *neg)
-{
-    request_rec *r = neg->r;
-
-    char *filp;
-    int prefix_len;
-    DIR *dirp;
-    struct DIR_TYPE *dir_entry;
-    struct var_rec mime_info;
-    struct accept_rec accept_info;
-    void *new_var;
-    struct { int any, all; } forbidden;
-
-    clean_var_rec(&mime_info);
-
-    if (!(filp = strrchr(r->filename, '/'))) {
-        return DECLINED;        /* Weird... */
-    }
-
-    if (strncmp(r->filename, "proxy:", 6) == 0) {
-        return DECLINED;
-    }
-
-    ++filp;
-    prefix_len = strlen(filp);
-
-    dirp = ap_popendir(neg->pool, neg->dir_name);
-
-    if (dirp == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                    "cannot read directory for multi: %s", neg->dir_name);
-        return HTTP_FORBIDDEN;
-    }
-
-    forbidden.any = 0;
-    forbidden.all = 1;
-
-    while ((dir_entry = readdir(dirp))) {
-        array_header *exception_list;
-        request_rec *sub_req;
-
-        /* Do we have a match? */
-        if (strncmp(dir_entry->d_name, filp, prefix_len)) {
-            continue;
-        }
-        if (dir_entry->d_name[prefix_len] != '.') {
-            continue;
-        }
-
-        /* Yep.  See if it's something which we have access to, and 
-         * which has a known type and encoding (as opposed to something
-         * which we'll be slapping default_type on later).
-         */
-
-        sub_req = ap_sub_req_lookup_file(dir_entry->d_name, r);
-
-        /* If it has a handler, we'll pretend it's a CGI script,
-         * since that's a good indication of the sort of thing it
-         * might be doing.
-         */
-        if (sub_req->handler && !sub_req->content_type) {
-            sub_req->content_type = CGI_MAGIC_TYPE;
-        }
-
-        /* HTTP_FORBIDDEN is returned, e.g., if the path length limit was exceeded */
-        /* HTTP_OK does NOT necessarily mean that the file is really readable! */
-        if (sub_req->status == HTTP_OK)
-            forbidden.all = 0;
-        else if (sub_req->status == HTTP_FORBIDDEN)
-            forbidden.any = 1;
-
-        /* 
-         * mod_mime will _always_ provide us the base name in the
-         * ap-mime-exception-list, if it processed anything.  If
-         * this list is empty, give up immediately, there was
-         * nothing interesting.  For example, looking at the files
-         * readme.txt and readme.foo, we will throw away .foo if
-         * it's an insignificant file (e.g. did not identify a 
-         * language, charset, encoding, content type or handler,)
-         */
-        exception_list = 
-            (array_header *) ap_table_get(sub_req->notes,
-                                          "ap-mime-exceptions-list");
-        if (!exception_list) {
-            ap_destroy_sub_req(sub_req);
-            continue;
-        }
-
-        /* Each unregonized bit better match our base name, in sequence.
-         * A test of index.html.foo will match index.foo or index.html.foo,
-         * but it will never transpose the segments and allow index.foo.html
-         * because that would introduce too much CPU consumption.  Better that
-         * we don't attempt a many-to-many match here.
-         */
-        {
-            int nexcept = exception_list->nelts;
-            char **cur_except = (char**)exception_list->elts;
-            char *segstart = filp, *segend, saveend;
-
-            while (*segstart && nexcept) {
-                if (!(segend = strchr(segstart, '.')))
-                    segend = strchr(segstart, '\0');
-                saveend = *segend;
-                *segend = '\0';
-
-                if (strcmp(segstart, *cur_except) == 0) {
-                    --nexcept;
-                    ++cur_except;
-                }
-
-                if (!saveend)
-                    break;
-
-                *segend = saveend;
-                segstart = segend + 1;
-            }
-
-            if (nexcept) {
-                /* Something you don't know is, something you don't know...
-                 */
-                ap_destroy_sub_req(sub_req);
-                continue;
-            }
-        }
-
-        /* 
-         * ###: be warned, the _default_ content type is already
-         * picked up here!  If we failed the subrequest, or don't 
-         * know what we are serving, then continue.
-         */
-        if (sub_req->status != HTTP_OK || (!sub_req->content_type)) {
-            ap_destroy_sub_req(sub_req);
-            continue;
-        }
-
-        /* If it's a map file, we use that instead of the map
-         * we're building...
-         */
-        if (((sub_req->content_type) &&
-             !strcmp(sub_req->content_type, MAP_FILE_MAGIC_TYPE)) ||
-            ((sub_req->handler) &&
-             !strcmp(sub_req->handler, "type-map"))) {
-
-            ap_pclosedir(neg->pool, dirp);
-            neg->avail_vars->nelts = 0;
-            if (sub_req->status != HTTP_OK) {
-                return sub_req->status;
-            }
-            return read_type_map(neg, sub_req);
-        }
-
-        /* Have reasonable variant --- gather notes. */
-
-        mime_info.sub_req = sub_req;
-        mime_info.file_name = ap_pstrdup(neg->pool, dir_entry->d_name);
-        if (sub_req->content_encoding) {
-            mime_info.content_encoding = sub_req->content_encoding;
-        }
-        if (sub_req->content_languages) {
-            mime_info.content_languages = sub_req->content_languages;
-        }
-
-        get_entry(neg->pool, &accept_info, sub_req->content_type);
-        set_mime_fields(&mime_info, &accept_info);
-
-        new_var = ap_push_array(neg->avail_vars);
-        memcpy(new_var, (void *) &mime_info, sizeof(var_rec));
-
-        neg->count_multiviews_variants++;
-
-        clean_var_rec(&mime_info);
-    }
-
-    ap_pclosedir(neg->pool, dirp);
-
-    /* If all variants we considered turn out to be forbidden, then return FORBIDDEN */
-    if (forbidden.any && forbidden.all)
-        return HTTP_FORBIDDEN;
-
-    set_vlist_validator(r, r);
-
-    /* Sort the variants into a canonical order.  The negotiation
-     * result sometimes depends on the order of the variants.  By
-     * sorting the variants into a canonical order, rather than using
-     * the order in which readdir() happens to return them, we ensure
-     * that the negotiation result will be consistent over filesystem
-     * backup/restores and over all mirror sites.
-     */
-       
-    qsort((void *) neg->avail_vars->elts, neg->avail_vars->nelts,
-          sizeof(var_rec), (int (*)(const void *, const void *)) variantsortf);
-
-    return OK;
-}
-
-
-/*****************************************************************
- * And now for the code you've been waiting for... actually
- * finding a match to the client's requirements.  
- */
-
-/* Matching MIME types ... the star/star and foo/star commenting conventions
- * are implemented here.  (You know what I mean by star/star, but just
- * try mentioning those three characters in a C comment).  Using strcmp()
- * is legit, because everything has already been smashed to lowercase.
- *
- * Note also that if we get an exact match on the media type, we update
- * level_matched for use in level_cmp below...
- * 
- * We also give a value for mime_stars, which is used later. It should
- * be 1 for star/star, 2 for type/star and 3 for type/subtype.
- */
-
-static int mime_match(accept_rec *accept_r, var_rec *avail)
-{
-    char *accept_type = accept_r->name;
-    char *avail_type = avail->mime_type;
-    int len = strlen(accept_type);
-
-    if (accept_type[0] == '*') {        /* Anything matches star/star */
-        if (avail->mime_stars < 1) {
-            avail->mime_stars = 1;
-        }
-        return 1;
-    }
-    else if ((accept_type[len - 1] == '*') &&
-             !strncmp(accept_type, avail_type, len - 2)) {
-        if (avail->mime_stars < 2) {
-            avail->mime_stars = 2;
-        }
-        return 1;
-    }
-    else if (!strcmp(accept_type, avail_type)
-             || (!strcmp(accept_type, "text/html")
-                 && (!strcmp(avail_type, INCLUDES_MAGIC_TYPE)
-                     || !strcmp(avail_type, INCLUDES_MAGIC_TYPE3)))) {
-        if (accept_r->level >= avail->level) {
-            avail->level_matched = avail->level;
-            avail->mime_stars = 3;
-            return 1;
-        }
-    }
-
-    return OK;
-}
-
-/* This code implements a piece of the tie-breaking algorithm between
- * variants of equal quality.  This piece is the treatment of variants
- * of the same base media type, but different levels.  What we want to
- * return is the variant at the highest level that the client explicitly
- * claimed to accept.
- *
- * If all the variants available are at a higher level than that, or if
- * the client didn't say anything specific about this media type at all
- * and these variants just got in on a wildcard, we prefer the lowest
- * level, on grounds that that's the one that the client is least likely
- * to choke on.
- *
- * (This is all motivated by treatment of levels in HTML --- we only
- * want to give level 3 to browsers that explicitly ask for it; browsers
- * that don't, including HTTP/0.9 browsers that only get the implicit
- * "Accept: * / *" [space added to avoid confusing cpp --- no, that
- * syntax doesn't really work] should get HTML2 if available).
- *
- * (Note that this code only comes into play when we are choosing among
- * variants of equal quality, where the draft standard gives us a fair
- * bit of leeway about what to do.  It ain't specified by the standard;
- * rather, it is a choice made by this server about what to do in cases
- * where the standard does not specify a unique course of action).
- */
-
-static int level_cmp(var_rec *var1, var_rec *var2)
-{
-    /* Levels are only comparable between matching media types */
-
-    if (var1->is_pseudo_html && !var2->is_pseudo_html) {
-        return 0;
-    }
-
-    if (!var1->is_pseudo_html && strcmp(var1->mime_type, var2->mime_type)) {
-        return 0;
-    }
-    /* The result of the above if statements is that, if we get to
-     * here, both variants have the same mime_type or both are
-     * pseudo-html.
-     */    
-
-    /* Take highest level that matched, if either did match. */
-
-    if (var1->level_matched > var2->level_matched) {
-        return 1;
-    }
-    if (var1->level_matched < var2->level_matched) {
-        return -1;
-    }
-
-    /* Neither matched.  Take lowest level, if there's a difference. */
-
-    if (var1->level < var2->level) {
-        return 1;
-    }
-    if (var1->level > var2->level) {
-        return -1;
-    }
-
-    /* Tied */
-
-    return 0;
-}
-
-/* Finding languages.  The main entry point is set_language_quality()
- * which is called for each variant. It sets two elements in the
- * variant record:
- *    language_quality  - the 'q' value of the 'best' matching language
- *                        from Accept-Language: header (HTTP/1.1)
- *    lang_index    -     Pre HTTP/1.1 language priority, using
- *                        position of language on the Accept-Language:
- *                        header, if present, else LanguagePriority
- *                        directive order.
- *
- * When we do the variant checking for best variant, we use language
- * quality first, and if a tie, language_index next (this only applies
- * when _not_ using the RVSA/1.0 algorithm). If using the RVSA/1.0
- * algorithm, lang_index is never used.
- *
- * set_language_quality() calls find_lang_index() and find_default_index()
- * to set lang_index.  
- */
-
-static int find_lang_index(array_header *accept_langs, char *lang)
-{
-    accept_rec *accs;
-    int i;
-
-    if (!lang || !accept_langs) {
-        return -1;
-    }
-
-    accs = (accept_rec *) accept_langs->elts;
-
-    for (i = 0; i < accept_langs->nelts; ++i) {
-        if (!strncmp(lang, accs[i].name, strlen(accs[i].name))) {
-            return i;
-        }
-    }
-
-    return -1;
-}
-
-/* This function returns the priority of a given language
- * according to LanguagePriority.  It is used in case of a tie
- * between several languages.
- */
-
-static int find_default_index(neg_dir_config *conf, char *lang)
-{
-    array_header *arr;
-    int nelts;
-    char **elts;
-    int i;
-
-    if (!lang) {
-        return -1;
-    }
-
-    arr = conf->language_priority;
-    nelts = arr->nelts;
-    elts = (char **) arr->elts;
-
-    for (i = 0; i < nelts; ++i) {
-        if (!strcasecmp(elts[i], lang)) {
-            return i;
-        }
-    }
-
-    return -1;
-}
-
-/* set_default_lang_quality() sets the quality we apply to variants
- * which have no language assigned to them. If none of the variants
- * have a language, we are not negotiating on language, so all are
- * acceptable, and we set the default q value to 1.0. However if
- * some of the variants have languages, we set this default to 0.001.
- * The value of this default will be applied to all variants with
- * no explicit language -- which will have the effect of making them
- * acceptable, but only if no variants with an explicit language
- * are acceptable. The default q value set here is assigned to variants
- * with no language type in set_language_quality().
- *
- * Note that if using the RVSA/1.0 algorithm, we don't use this
- * fiddle.  
- */
-
-static void set_default_lang_quality(negotiation_state *neg)
-{
-    var_rec *avail_recs = (var_rec *) neg->avail_vars->elts;
-    int j;
-
-    if (!neg->dont_fiddle_headers) {
-        for (j = 0; j < neg->avail_vars->nelts; ++j) {
-            var_rec *variant = &avail_recs[j];
-            if (variant->content_languages &&
-                variant->content_languages->nelts) {
-                neg->default_lang_quality = 0.001f;
-                return;
-            }
-        }
-    }
-
-    neg->default_lang_quality = 1.0f;
-}
-
-/* Set the language_quality value in the variant record. Also
- * assigns lang_index for back-compat. 
- *
- * To find the language_quality value, we look for the 'q' value
- * of the 'best' matching language on the Accept-Language
- * header. The 'best' match is the language on Accept-Language
- * header which matches the language of this variant either fully,
- * or as far as the prefix marker (-). If two or more languages
- * match, use the longest string from the Accept-Language header
- * (see HTTP/1.1 [14.4])
- *
- * When a variant has multiple languages, we find the 'best'
- * match for each variant language tag as above, then select the
- * one with the highest q value. Because both the accept-header
- * and variant can have multiple languages, we now have a hairy
- * loop-within-a-loop here.
- *
- * If the variant has no language and we have no Accept-Language
- * items, leave the quality at 1.0 and return.
- *
- * If the variant has no language, we use the default as set by
- * set_default_lang_quality() (1.0 if we are not negotiating on
- * language, 0.001 if we are).
- *
- * Following the setting of the language quality, we drop through to
- * set the old 'lang_index'. This is set based on either the order
- * of the languages on the Accept-Language header, or the
- * order on the LanguagePriority directive. This is only used
- * in the negotiation if the language qualities tie.
- */
-
-static void set_language_quality(negotiation_state *neg, var_rec *variant)
-{
-    char *firstlang;
-    int idx;
-
-    if (!variant->content_languages || !variant->content_languages->nelts) {
-        /* This variant has no content-language, so use the default
-         * quality factor for variants with no content-language
-         * (previously set by set_default_lang_quality()).
-         * Leave the factor alone (it remains at 1.0) when we may not fiddle
-         * with the headers.
-         */
-        if (!neg->dont_fiddle_headers) {
-            variant->lang_quality = neg->default_lang_quality;
-        }
-        if (!neg->accept_langs) {
-            return;             /* no accept-language header */
-        }
-
-    }
-    else {
-        /* Variant has one (or more) languages.  Look for the best
-         * match. We do this by going through each language on the
-         * variant description looking for a match on the
-         * Accept-Language header. The best match is the longest
-         * matching language on the header. The final result is the
-         * best q value from all the languages on the variant
-         * description.
-         */
-
-        if (!neg->accept_langs) {
-            /* no accept-language header makes the variant indefinite */
-            variant->definite = 0;
-        }
-        else {    /* There is an accept-language with 0 or more items */
-            accept_rec *accs = (accept_rec *) neg->accept_langs->elts;
-            accept_rec *best = NULL, *star = NULL;
-            accept_rec *bestthistag;
-            char *lang, *p;
-            float fiddle_q = 0.0f;
-            int any_match_on_star = 0;
-            int i, j, alen, longest_lang_range_len;
-
-            for (j = 0; j < variant->content_languages->nelts; ++j) {
-                p = NULL;
-                bestthistag = NULL;
-                longest_lang_range_len = 0;
-                alen = 0;
-                
-                /* lang is the variant's language-tag, which is the one
-                 * we are allowed to use the prefix of in HTTP/1.1
-                 */
-                lang = ((char **) (variant->content_languages->elts))[j];
-                
-                /* now find the best (i.e. longest) matching
-                 * Accept-Language header language. We put the best match
-                 * for this tag in bestthistag. We cannot update the
-                 * overall best (based on q value) because the best match
-                 * for this tag is the longest language item on the accept
-                 * header, not necessarily the highest q.
-                 */
-                for (i = 0; i < neg->accept_langs->nelts; ++i) {
-                    if (!strcmp(accs[i].name, "*")) {
-                        if (!star) {
-                            star = &accs[i];
-                        }
-                        continue;
-                    }
-                    /* Find language. We match if either the variant
-                     * language tag exactly matches the language range
-                     * from the accept header, or a prefix of the variant
-                     * language tag up to a '-' character matches the
-                     * whole of the language range in the Accept-Language
-                     * header.  Note that HTTP/1.x allows any number of
-                     * '-' characters in a tag or range, currently only
-                     * tags with zero or one '-' characters are defined
-                     * for general use (see rfc1766).
-                     *  
-                     * We only use language range in the Accept-Language
-                     * header the best match for the variant language tag
-                     * if it is longer than the previous best match.
-                     */
-                    
-                    alen = strlen(accs[i].name);
-                    
-                    if (((int)strlen(lang) >= alen) &&
-                        !strncmp(lang, accs[i].name, alen) &&
-                        ((lang[alen] == 0) || (lang[alen] == '-')) ) {
-                        
-                        if (alen > longest_lang_range_len) {
-                            longest_lang_range_len = alen;
-                            bestthistag = &accs[i];
-                        }
-                    }
-                    
-                    if (!bestthistag && !neg->dont_fiddle_headers) {
-                        /* The next bit is a fiddle. Some browsers might
-                         * be configured to send more specific language
-                         * ranges than desirable. For example, an
-                         * Accept-Language of en-US should never match
-                         * variants with languages en or en-GB. But US
-                         * English speakers might pick en-US as their
-                         * language choice.  So this fiddle checks if the
-                         * language range has a prefix, and if so, it
-                         * matches variants which match that prefix with a
-                         * priority of 0.001. So a request for en-US would
-                         * match variants of types en and en-GB, but at
-                         * much lower priority than matches of en-US
-                         * directly, or of any other language listed on
-                         * the Accept-Language header. Note that this
-                         * fiddle does not handle multi-level prefixes.
-                         */
-                        if ((p = strchr(accs[i].name, '-'))) {
-                            int plen = p - accs[i].name;
-
-                            if (!strncmp(lang, accs[i].name, plen)) {
-                                fiddle_q = 0.001f;
-                            }
-                        }
-                    }
-                }
-                /* Finished looking at Accept-Language headers, the best
-                 * (longest) match is in bestthistag, or NULL if no match
-                 */
-                if (!best ||
-                    (bestthistag && bestthistag->quality > best->quality)) {
-                    best = bestthistag;
-                }
-                
-                /* See if the tag matches on a * in the Accept-Language
-                 * header. If so, record this fact for later use 
-                 */
-                if (!bestthistag && star) {
-                    any_match_on_star = 1;
-                }
-            }
-            
-            /* If one of the language tags of the variant matched on *, we
-             * need to see if its q is better than that of any non-* match
-             * on any other tag of the variant.  If so the * match takes
-             * precedence and the overall match is not definite.
-             */
-            if ( any_match_on_star &&
-                ((best && star->quality > best->quality) ||
-                 (!best)) ) {
-                best = star;
-                variant->definite = 0;
-            }
-            
-            variant->lang_quality = best ? best->quality : fiddle_q;
-        }
-    }
-
-    /* Now set the old lang_index field. Since this is old 
-     * stuff anyway, don't bother with handling multiple languages
-     * per variant, just use the first one assigned to it 
-     */
-    idx = 0;
-    if (variant->content_languages && variant->content_languages->nelts) {
-        firstlang = ((char **) variant->content_languages->elts)[0];
-    }
-    else {
-        firstlang = "";
-    }
-    if (!neg->accept_langs) {   /* Client doesn't care */
-        idx = find_default_index((neg_dir_config *) ap_get_module_config(
-                                  neg->r->per_dir_config, &negotiation_module),
-                                 firstlang);
-    }
-    else {                      /* Client has Accept-Language */
-        idx = find_lang_index(neg->accept_langs, firstlang);
-    }
-    variant->lang_index = idx;
-
-    return;
-}
-
-/* Determining the content length --- if the map didn't tell us,
- * we have to do a stat() and remember for next time.
- *
- * Grump.  For Apache, even the first stat here may well be
- * redundant (for multiviews) with a stat() done by the sub_req
- * machinery.  At some point, that ought to be fixed.
- */
-
-static float find_content_length(negotiation_state *neg, var_rec *variant)
-{
-    struct stat statb;
-
-    if (variant->bytes == 0) {
-        char *fullname = ap_make_full_path(neg->pool, neg->dir_name,
-                                           variant->file_name);
-
-        if (stat(fullname, &statb) >= 0) {
-            /* Note, precision may be lost */
-            variant->bytes = (float) statb.st_size;
-        }
-    }
-
-    return variant->bytes;
-}
-
-/* For a given variant, find the best matching Accept: header
- * and assign the Accept: header's quality value to the
- * mime_type_quality field of the variant, for later use in
- * determining the best matching variant.
- */
-
-static void set_accept_quality(negotiation_state *neg, var_rec *variant)
-{
-    int i;
-    accept_rec *accept_recs;
-    float q = 0.0f;
-    int q_definite = 1;
-
-    /* if no Accept: header, leave quality alone (will
-     * remain at the default value of 1) 
-     *
-     * XXX: This if is currently never true because of the effect of
-     * maybe_add_default_accepts().
-     */
-    if (!neg->accepts) {
-        if (variant->mime_type && *variant->mime_type)
-            variant->definite = 0;
-        return;
-    }
-
-    accept_recs = (accept_rec *) neg->accepts->elts;
-
-    /*
-     * Go through each of the ranges on the Accept: header,
-     * looking for the 'best' match with this variant's
-     * content-type. We use the best match's quality
-     * value (from the Accept: header) for this variant's
-     * mime_type_quality field.
-     *
-     * The best match is determined like this:
-     *    type/type is better than type/ * is better than * / *
-     *    if match is type/type, use the level mime param if available
-     */
-    for (i = 0; i < neg->accepts->nelts; ++i) {
-
-        accept_rec *type = &accept_recs[i];
-        int prev_mime_stars;
-
-        prev_mime_stars = variant->mime_stars;
-
-        if (!mime_match(type, variant)) {
-            continue;           /* didn't match the content type at all */
-        }
-        else {
-            /* did match - see if there were less or more stars than
-             * in previous match
-             */
-            if (prev_mime_stars == variant->mime_stars) {
-                continue;       /* more stars => not as good a match */
-            }
-        }
-
-        /* If we are allowed to mess with the q-values
-         * and have no explicit q= parameters in the accept header,
-         * make wildcards very low, so we have a low chance
-         * of ending up with them if there's something better.
-         */
-
-        if (!neg->dont_fiddle_headers && !neg->accept_q &&
-            variant->mime_stars == 1) {
-            q = 0.01f;
-        }
-        else if (!neg->dont_fiddle_headers && !neg->accept_q &&
-                 variant->mime_stars == 2) {
-            q = 0.02f;
-        }
-        else {
-            q = type->quality;
-        }
-
-        q_definite = (variant->mime_stars == 3);
-    }
-    variant->mime_type_quality = q;
-    variant->definite = variant->definite && q_definite;
-
-}
-
-/* For a given variant, find the 'q' value of the charset given
- * on the Accept-Charset line. If no charsets are listed,
- * assume value of '1'.
- */
-static void set_charset_quality(negotiation_state *neg, var_rec *variant)
-{
-    int i;
-    accept_rec *accept_recs;
-    char *charset = variant->content_charset;
-    accept_rec *star = NULL;
-
-    /* if no Accept-Charset: header, leave quality alone (will
-     * remain at the default value of 1)
-     */
-    if (!neg->accept_charsets) {
-        if (charset && *charset)
-            variant->definite = 0;
-        return;
-    }
-
-    accept_recs = (accept_rec *) neg->accept_charsets->elts;
-
-    if (charset == NULL || !*charset) {
-        /* Charset of variant not known */
-
-        /* if not a text / * type, leave quality alone */
-        if (!(!strncmp(variant->mime_type, "text/", 5)
-              || !strcmp(variant->mime_type, INCLUDES_MAGIC_TYPE)
-              || !strcmp(variant->mime_type, INCLUDES_MAGIC_TYPE3) 
-              ))
-            return;
-
-        /* Don't go guessing if we are in strict header mode,
-         * e.g. when running the rvsa, as any guess won't be reflected
-         * in the variant list or content-location headers.
-         */
-        if (neg->dont_fiddle_headers)
-            return;
-
-        charset = "iso-8859-1"; /* The default charset for HTTP text types */
-    }
-
-    /*
-     * Go through each of the items on the Accept-Charset header,
-     * looking for a match with this variant's charset. If none
-     * match, charset is unacceptable, so set quality to 0.
-     */
-    for (i = 0; i < neg->accept_charsets->nelts; ++i) {
-
-        accept_rec *type = &accept_recs[i];
-
-        if (!strcmp(type->name, charset)) {
-            variant->charset_quality = type->quality;
-            return;
-        }
-        else if (strcmp(type->name, "*") == 0) {
-            star = type;
-        }
-    }
-    /* No explicit match */
-    if (star) {
-        variant->charset_quality = star->quality;
-        variant->definite = 0;
-        return;
-    }
-    /* If this variant is in charset iso-8859-1, the default is 1.0 */
-    if (strcmp(charset, "iso-8859-1") == 0) {
-        variant->charset_quality = 1.0f;
-    }
-    else {
-        variant->charset_quality = 0.0f;
-    }
-}
-
-
-/* is_identity_encoding is included for back-compat, but does anyone
- * use 7bit, 8bin or binary in their var files??
- */
-
-static int is_identity_encoding(const char *enc)
-{
-    return (!enc || !enc[0] || !strcmp(enc, "7bit") || !strcmp(enc, "8bit")
-            || !strcmp(enc, "binary"));
-}
-
-/*
- * set_encoding_quality determines whether the encoding for a particular
- * variant is acceptable for the user-agent.
- *
- * The rules for encoding are that if the user-agent does not supply
- * any Accept-Encoding header, then all encodings are allowed but a
- * variant with no encoding should be preferred.
- * If there is an empty Accept-Encoding header, then no encodings are 
- * acceptable. If there is a non-empty Accept-Encoding header, then
- * any of the listed encodings are acceptable, as well as no encoding
- * unless the "identity" encoding is specifically excluded.
- */
-static void set_encoding_quality(negotiation_state *neg, var_rec *variant)
-{
-    accept_rec *accept_recs;
-    const char *enc = variant->content_encoding;
-    accept_rec *star = NULL;
-    float value_if_not_found = 0.0f;
-    int i;
-
-    if (!neg->accept_encodings) {
-        /* We had no Accept-Encoding header, assume that all
-         * encodings are acceptable with a low quality,
-         * but we prefer no encoding if available.
-         */
-        if (!enc || is_identity_encoding(enc))
-            variant->encoding_quality = 1.0f;
-        else
-            variant->encoding_quality = 0.5f;
-
-        return;
-    }
-
-    if (!enc || is_identity_encoding(enc)) {
-        enc = "identity";
-        value_if_not_found = 0.0001f;
-    }
-
-    accept_recs = (accept_rec *) neg->accept_encodings->elts;
-
-    /* Go through each of the encodings on the Accept-Encoding: header,
-     * looking for a match with our encoding. x- prefixes are ignored.
-     */
-    if (enc[0] == 'x' && enc[1] == '-') {
-        enc += 2;
-    }
-    for (i = 0; i < neg->accept_encodings->nelts; ++i) {
-
-        char *name = accept_recs[i].name;
-
-        if (name[0] == 'x' && name[1] == '-') {
-            name += 2;
-        }
-
-        if (!strcmp(name, enc)) {
-            variant->encoding_quality = accept_recs[i].quality;
-            return;
-        }
-
-        if (strcmp(name, "*") == 0) {
-            star = &accept_recs[i];
-        }
-
-    }
-    /* No explicit match */
-    if (star) {
-        variant->encoding_quality = star->quality;
-        return;
-    }
-
-    /* Encoding not found on Accept-Encoding: header, so it is
-     * _not_ acceptable unless it is the identity (no encoding)
-     */
-    variant->encoding_quality = value_if_not_found;
-}
-
-/************************************************************* 
- * Possible results of the variant selection algorithm 
- */
-enum algorithm_results {
-    alg_choice = 1,              /* choose variant */
-    alg_list                     /* list variants */
-};
-
-/* Below is the 'best_match' function. It returns an int, which has
- * one of the two values alg_choice or alg_list, which give the result
- * of the variant selection algorithm.  alg_list means that no best
- * variant was found by the algorithm, alg_choice means that a best
- * variant was found and should be returned.  The list/choice
- * terminology comes from TCN (rfc2295), but is used in a more generic
- * way here.  The best variant is returned in *pbest. best_match has
- * two possible algorithms for determining the best variant: the
- * RVSA/1.0 algorithm (from RFC2296), and the standard Apache
- * algorithm. These are split out into separate functions
- * (is_variant_better_rvsa() and is_variant_better()).  Selection of
- * one is through the neg->use_rvsa flag.
- *
- * The call to best_match also creates full information, including
- * language, charset, etc quality for _every_ variant. This is needed
- * for generating a correct Vary header, and can be used for the
- * Alternates header, the human-readable list responses and 406 errors.
- */
-
-/* Firstly, the RVSA/1.0 (HTTP Remote Variant Selection Algorithm
- * v1.0) from rfc2296.  This is the algorithm that goes together with
- * transparent content negotiation (TCN).
- */
-static int is_variant_better_rvsa(negotiation_state *neg, var_rec *variant,
-                                  var_rec *best, float *p_bestq)
-{
-    float bestq = *p_bestq, q;
-
-    /* TCN does not cover negotiation on content-encoding.  For now,
-     * we ignore the encoding unless it was explicitly excluded.
-     */
-    if (variant->encoding_quality == 0.0f)
-        return 0;
-    
-    q = variant->mime_type_quality *
-        variant->source_quality *
-        variant->charset_quality *
-        variant->lang_quality;
-
-   /* RFC 2296 calls for the result to be rounded to 5 decimal places,
-    * but we don't do that because it serves no useful purpose other
-    * than to ensure that a remote algorithm operates on the same
-    * precision as ours.  That is silly, since what we obviously want
-    * is for the algorithm to operate on the best available precision
-    * regardless of who runs it.  Since the above calculation may
-    * result in significant variance at 1e-12, rounding would be bogus.
-    */
-
-#ifdef NEG_DEBUG
-    fprintf(stderr, "Variant: file=%s type=%s lang=%s sourceq=%1.3f "
-           "mimeq=%1.3f langq=%1.3f charq=%1.3f encq=%1.3f "
-           "q=%1.5f definite=%d\n",            
-            (variant->file_name ? variant->file_name : ""),
-            (variant->mime_type ? variant->mime_type : ""),
-            (variant->content_languages
-             ? ap_array_pstrcat(neg->pool, variant->content_languages, ',')
-             : ""),
-            variant->source_quality,
-            variant->mime_type_quality,
-            variant->lang_quality,
-            variant->charset_quality,
-            variant->encoding_quality,
-            q,
-            variant->definite);
-#endif
-
-    if (q <= 0.0f) {
-        return 0;
-    }
-    if (q > bestq) {
-        *p_bestq = q;
-        return 1;
-    }
-    if (q == bestq) {
-        /* If the best variant's encoding is of lesser quality than
-         * this variant, then we prefer this variant
-         */
-        if (variant->encoding_quality > best->encoding_quality) {
-            *p_bestq = q;
-            return 1;
-        }
-    }
-    return 0;
-}
-
-/* Negotiation algorithm as used by previous versions of Apache
- * (just about). 
- */
-
-static int is_variant_better(negotiation_state *neg, var_rec *variant,
-                             var_rec *best, float *p_bestq)
-{
-    float bestq = *p_bestq, q;
-    int levcmp;
-
-    /* For non-transparent negotiation, server can choose how
-     * to handle the negotiation. We'll use the following in
-     * order: content-type, language, content-type level, charset,
-     * content encoding, content length.
-     *
-     * For each check, we have three possible outcomes:
-     *   This variant is worse than current best: return 0
-     *   This variant is better than the current best:
-     *          assign this variant's q to *p_bestq, and return 1
-     *   This variant is just as desirable as the current best:
-     *          drop through to the next test.
-     *
-     * This code is written in this long-winded way to allow future
-     * customisation, either by the addition of additional
-     * checks, or to allow the order of the checks to be determined
-     * by configuration options (e.g. we might prefer to check
-     * language quality _before_ content type).
-     */
-
-    /* First though, eliminate this variant if it is not
-     * acceptable by type, charset, encoding or language.
-     */
-
-#ifdef NEG_DEBUG
-    fprintf(stderr, "Variant: file=%s type=%s lang=%s sourceq=%1.3f "
-           "mimeq=%1.3f langq=%1.3f langidx=%d charq=%1.3f encq=%1.3f \n",
-            (variant->file_name ? variant->file_name : ""),
-            (variant->mime_type ? variant->mime_type : ""),
-            (variant->content_languages
-             ? ap_array_pstrcat(neg->pool, variant->content_languages, ',')
-             : ""),
-            variant->source_quality,
-            variant->mime_type_quality,
-            variant->lang_quality,
-            variant->lang_index,
-            variant->charset_quality,
-            variant->encoding_quality);
-#endif
-
-    if (variant->encoding_quality == 0.0f ||
-        variant->lang_quality == 0.0f ||
-        variant->source_quality == 0.0f ||
-        variant->charset_quality == 0.0f ||
-        variant->mime_type_quality == 0.0f) {
-        return 0;               /* don't consider unacceptables */
-    }
-
-    q = variant->mime_type_quality * variant->source_quality;
-    if (q == 0.0 || q < bestq) {
-        return 0;
-    }
-    if (q > bestq || !best) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* language */
-    if (variant->lang_quality < best->lang_quality) {
-        return 0;
-    }
-    if (variant->lang_quality > best->lang_quality) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* if language qualities were equal, try the LanguagePriority stuff */
-    if (best->lang_index != -1 &&
-        (variant->lang_index == -1 || variant->lang_index > best->lang_index)) {
-        return 0;
-    }
-    if (variant->lang_index != -1 &&
-        (best->lang_index == -1 || variant->lang_index < best->lang_index)) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* content-type level (sometimes used with text/html, though we
-     * support it on other types too)
-     */
-    levcmp = level_cmp(variant, best);
-    if (levcmp == -1) {
-        return 0;
-    }
-    if (levcmp == 1) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* charset */
-    if (variant->charset_quality < best->charset_quality) {
-        return 0;
-    }
-    /* If the best variant's charset is ISO-8859-1 and this variant has
-     * the same charset quality, then we prefer this variant
-     */
-
-    if (variant->charset_quality > best->charset_quality ||
-        ((variant->content_charset != NULL &&
-          *variant->content_charset != '\0' &&
-          strcmp(variant->content_charset, "iso-8859-1") != 0) &&
-         (best->content_charset == NULL ||
-          *best->content_charset == '\0' ||
-          strcmp(best->content_charset, "iso-8859-1") == 0))) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* Prefer the highest value for encoding_quality.
-     */
-    if (variant->encoding_quality < best->encoding_quality) {
-       return 0;
-    }
-    if (variant->encoding_quality > best->encoding_quality) {
-       *p_bestq = q;
-       return 1;
-    }
-
-    /* content length if all else equal */
-    if (find_content_length(neg, variant) >= find_content_length(neg, best)) {
-        return 0;
-    }
-
-    /* ok, to get here means every thing turned out equal, except
-     * we have a shorter content length, so use this variant
-     */
-    *p_bestq = q;
-    return 1;
-}
-
-static int best_match(negotiation_state *neg, var_rec **pbest)
-{
-    int j;
-    var_rec *best = NULL;
-    float bestq = 0.0f;
-    enum algorithm_results algorithm_result;
-
-    var_rec *avail_recs = (var_rec *) neg->avail_vars->elts;
-
-    set_default_lang_quality(neg);
-
-    /*
-     * Find the 'best' variant 
-     */
-
-    for (j = 0; j < neg->avail_vars->nelts; ++j) {
-        var_rec *variant = &avail_recs[j];
-
-        /* Find all the relevant 'quality' values from the
-         * Accept... headers, and store in the variant.  This also
-         * prepares for sending an Alternates header etc so we need to
-         * do it even if we do not actually plan to find a best
-         * variant.  
-         */
-        set_accept_quality(neg, variant);
-        set_language_quality(neg, variant);
-        set_encoding_quality(neg, variant);
-        set_charset_quality(neg, variant);
-
-        /* Only do variant selection if we may actually choose a
-         * variant for the client 
-         */
-        if (neg->may_choose) {
-
-            /* Now find out if this variant is better than the current
-             * best, either using the RVSA/1.0 algorithm, or Apache's
-             * internal server-driven algorithm. Presumably other
-             * server-driven algorithms are possible, and could be
-             * implemented here.
-             */
-     
-            if (neg->use_rvsa) {
-                if (is_variant_better_rvsa(neg, variant, best, &bestq)) {
-                    best = variant;
-                }
-            }
-            else {
-                if (is_variant_better(neg, variant, best, &bestq)) {
-                    best = variant;
-                }
-            }
-        }
-    }
-
-    /* We now either have a best variant, or no best variant */
-
-    if (neg->use_rvsa)    {
-        /* calculate result for RVSA/1.0 algorithm:
-         * only a choice response if the best variant has q>0
-         * and is definite
-         */
-        algorithm_result = (best && best->definite) && (bestq > 0) ?
-                           alg_choice : alg_list;
-    }
-    else {
-        /* calculate result for Apache negotiation algorithm */
-        algorithm_result = bestq > 0 ? alg_choice : alg_list;        
-    }
-
-    /* Returning a choice response with a non-neighboring variant is a
-     * protocol security error in TCN (see rfc2295).  We do *not*
-     * verify here that the variant and URI are neighbors, even though
-     * we may return alg_choice.  We depend on the environment (the
-     * caller) to only declare the resource transparently negotiable if
-     * all variants are neighbors.
-     */
-    *pbest = best;
-    return algorithm_result;
-}
-
-/* Sets response headers for a negotiated response.
- * neg->is_transparent determines whether a transparently negotiated
- * response or a plain `server driven negotiation' response is
- * created.   Applicable headers are Alternates, Vary, and TCN.
- *
- * The Vary header we create is sometimes longer than is required for
- * the correct caching of negotiated results by HTTP/1.1 caches.  For
- * example if we have 3 variants x.html, x.ps.en and x.ps.nl, and if
- * the Accept: header assigns a 0 quality to .ps, then the results of
- * the two server-side negotiation algorithms we currently implement
- * will never depend on Accept-Language so we could return `Vary:
- * negotiate, accept' instead of the longer 'Vary: negotiate, accept,
- * accept-language' which the code below will return.  A routine for
- * computing the exact minimal Vary header would be a huge pain to code
- * and maintain though, especially because we need to take all possible
- * twiddles in the server-side negotiation algorithms into account.
- */
-static void set_neg_headers(request_rec *r, negotiation_state *neg,
-                            int alg_result)
-{
-    table *hdrs;
-    var_rec *avail_recs = (var_rec *) neg->avail_vars->elts;
-    const char *sample_type = NULL;
-    const char *sample_language = NULL;
-    const char *sample_encoding = NULL;
-    const char *sample_charset = NULL;
-    char *lang;
-    char *qstr;
-    char *lenstr;
-    long len;
-    array_header *arr;
-    int max_vlist_array = (neg->avail_vars->nelts * 21);
-    int first_variant = 1;
-    int vary_by_type = 0;
-    int vary_by_language = 0;
-    int vary_by_charset = 0;
-    int vary_by_encoding = 0;
-    int j;
-
-    /* In order to avoid O(n^2) memory copies in building Alternates,
-     * we preallocate a table with the maximum substrings possible,
-     * fill it with the variant list, and then concatenate the entire array.
-     * Note that if you change the number of substrings pushed, you also
-     * need to change the calculation of max_vlist_array above.
-     */
-    if (neg->send_alternates && neg->avail_vars->nelts)
-        arr = ap_make_array(r->pool, max_vlist_array, sizeof(char *));
-    else
-        arr = NULL;
-
-    /* Put headers into err_headers_out, since send_http_header()
-     * outputs both headers_out and err_headers_out.
-     */
-    hdrs = r->err_headers_out;
-
-    for (j = 0; j < neg->avail_vars->nelts; ++j) {
-        var_rec *variant = &avail_recs[j];
-
-        if (variant->content_languages && variant->content_languages->nelts) {
-            lang = ap_array_pstrcat(r->pool, variant->content_languages, ',');
-        }
-        else {
-            lang = NULL;
-        }
-
-        /* Calculate Vary by looking for any difference between variants */
-
-        if (first_variant) {
-            sample_type     = variant->mime_type;
-            sample_charset  = variant->content_charset;
-            sample_language = lang;
-            sample_encoding = variant->content_encoding;
-        }
-        else {
-            if (!vary_by_type &&
-                strcmp(sample_type ? sample_type : "", 
-                       variant->mime_type ? variant->mime_type : "")) {
-                vary_by_type = 1;
-            }
-            if (!vary_by_charset &&
-                strcmp(sample_charset ? sample_charset : "",
-                       variant->content_charset ?
-                       variant->content_charset : "")) {
-                vary_by_charset = 1;
-            }
-            if (!vary_by_language &&
-                strcmp(sample_language ? sample_language : "", 
-                       lang ? lang : "")) {
-                vary_by_language = 1;
-            }
-            if (!vary_by_encoding &&
-                strcmp(sample_encoding ? sample_encoding : "",
-                       variant->content_encoding ? 
-                       variant->content_encoding : "")) {
-                vary_by_encoding = 1;
-            }
-        }
-        first_variant = 0;
-
-        if (!neg->send_alternates)
-            continue;
-
-        /* Generate the string components for this Alternates entry */
-
-        *((const char **) ap_push_array(arr)) = "{\"";
-        *((const char **) ap_push_array(arr)) = variant->file_name;
-        *((const char **) ap_push_array(arr)) = "\" ";
-
-        qstr = (char *) ap_palloc(r->pool, 6);
-        ap_snprintf(qstr, 6, "%1.3f", variant->source_quality);
-
-        /* Strip trailing zeros (saves those valuable network bytes) */
-        if (qstr[4] == '0') {
-            qstr[4] = '\0';
-            if (qstr[3] == '0') {
-                qstr[3] = '\0';
-                if (qstr[2] == '0') {
-                    qstr[1] = '\0';
-                }
-            }
-        }
-        *((const char **) ap_push_array(arr)) = qstr;
-
-        if (variant->mime_type && *variant->mime_type) {
-            *((const char **) ap_push_array(arr)) = " {type ";
-            *((const char **) ap_push_array(arr)) = variant->mime_type;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-        if (variant->content_charset && *variant->content_charset) {
-            *((const char **) ap_push_array(arr)) = " {charset ";
-            *((const char **) ap_push_array(arr)) = variant->content_charset;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-        if (lang) {
-            *((const char **) ap_push_array(arr)) = " {language ";
-            *((const char **) ap_push_array(arr)) = lang;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-        if (variant->content_encoding && *variant->content_encoding) {
-            /* Strictly speaking, this is non-standard, but so is TCN */
-
-            *((const char **) ap_push_array(arr)) = " {encoding ";
-            *((const char **) ap_push_array(arr)) = variant->content_encoding;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-
-        /* Note that the Alternates specification (in rfc2295) does
-         * not require that we include {length x}, so we could omit it
-         * if determining the length is too expensive.  We currently
-         * always include it though.  22 bytes is enough for 2^64.
-         *
-         * If the variant is a CGI script, find_content_length would
-         * return the length of the script, not the output it
-         * produces, so we check for the presence of a handler and if
-         * there is one we don't add a length.
-         * 
-         * XXX: TODO: This check does not detect a CGI script if we
-         * get the variant from a type map.  This needs to be fixed
-         * (without breaking things if the type map specifies a
-         * content-length, which currently leads to the correct result).
-         */
-        if (!(variant->sub_req && variant->sub_req->handler)
-            && (len = (long)find_content_length(neg, variant)) != 0) {
-
-            lenstr = (char *) ap_palloc(r->pool, 22);
-            ap_snprintf(lenstr, 22, "%ld", len);
-            *((const char **) ap_push_array(arr)) = " {length ";
-            *((const char **) ap_push_array(arr)) = lenstr;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-      
-        *((const char **) ap_push_array(arr)) = "}";
-        *((const char **) ap_push_array(arr)) = ", "; /* trimmed below */
-    }
-
-    if (neg->send_alternates && neg->avail_vars->nelts) {
-        arr->nelts--;                                 /* remove last comma */
-        ap_table_mergen(hdrs, "Alternates",
-                        ap_array_pstrcat(r->pool, arr, '\0'));
-    } 
-
-    if (neg->is_transparent || vary_by_type || vary_by_language ||
-        vary_by_language || vary_by_charset || vary_by_encoding) {
-
-        ap_table_mergen(hdrs, "Vary", 2 + ap_pstrcat(r->pool,
-            neg->is_transparent ? ", negotiate"       : "",
-            vary_by_type        ? ", accept"          : "",
-            vary_by_language    ? ", accept-language" : "",
-            vary_by_charset     ? ", accept-charset"  : "",
-            vary_by_encoding    ? ", accept-encoding" : "", NULL));
-    }
-
-    if (neg->is_transparent) { /* Create TCN response header */
-        ap_table_setn(hdrs, "TCN",
-                      alg_result == alg_list ? "list" : "choice");
-    }
-}
-
-/**********************************************************************
- *
- * Return an HTML list of variants. This is output as part of the
- * choice response or 406 status body.
- */
-
-static char *make_variant_list(request_rec *r, negotiation_state *neg)
-{
-    array_header *arr;
-    int i;
-    int max_vlist_array = (neg->avail_vars->nelts * 15) + 2;
-
-    /* In order to avoid O(n^2) memory copies in building the list,
-     * we preallocate a table with the maximum substrings possible,
-     * fill it with the variant list, and then concatenate the entire array.
-     */
-    arr = ap_make_array(r->pool, max_vlist_array, sizeof(char *));
-
-    *((const char **) ap_push_array(arr)) = "Available variants:\n<ul>\n";
-
-    for (i = 0; i < neg->avail_vars->nelts; ++i) {
-        var_rec *variant = &((var_rec *) neg->avail_vars->elts)[i];
-        char *filename = variant->file_name ? variant->file_name : "";
-        array_header *languages = variant->content_languages;
-        char *description = variant->description ? variant->description : "";
-
-        /* The format isn't very neat, and it would be nice to make
-         * the tags human readable (eg replace 'language en' with 'English').
-         * Note that if you change the number of substrings pushed, you also
-         * need to change the calculation of max_vlist_array above.
-         */
-        *((const char **) ap_push_array(arr)) = "<li><a href=\"";
-        *((const char **) ap_push_array(arr)) = filename;
-        *((const char **) ap_push_array(arr)) = "\">";
-        *((const char **) ap_push_array(arr)) = filename;
-        *((const char **) ap_push_array(arr)) = "</a> ";
-        *((const char **) ap_push_array(arr)) = description;
-
-        if (variant->mime_type && *variant->mime_type) {
-            *((const char **) ap_push_array(arr)) = ", type ";
-            *((const char **) ap_push_array(arr)) = variant->mime_type;
-        }
-        if (languages && languages->nelts) {
-            *((const char **) ap_push_array(arr)) = ", language ";
-            *((const char **) ap_push_array(arr)) = ap_array_pstrcat(r->pool,
-                                                       languages, ',');
-        }
-        if (variant->content_charset && *variant->content_charset) {
-            *((const char **) ap_push_array(arr)) = ", charset ";
-            *((const char **) ap_push_array(arr)) = variant->content_charset;
-        }
-        if (variant->content_encoding) {
-            *((const char **) ap_push_array(arr)) = ", encoding ";
-            *((const char **) ap_push_array(arr)) = variant->content_encoding;
-        }
-        *((const char **) ap_push_array(arr)) = "\n";
-    }
-    *((const char **) ap_push_array(arr)) = "</ul>\n";
-
-    return ap_array_pstrcat(r->pool, arr, '\0');
-}
-
-static void store_variant_list(request_rec *r, negotiation_state *neg)
-{
-    if (r->main == NULL) {
-        ap_table_setn(r->notes, "variant-list", make_variant_list(r, neg));
-    }
-    else {
-        ap_table_setn(r->main->notes, "variant-list",
-                      make_variant_list(r->main, neg));
-    }
-}
-
-/* Called if we got a "Choice" response from the variant selection algorithm.
- * It checks the result of the chosen variant to see if it
- * is itself negotiated (if so, return error VARIANT_ALSO_VARIES).
- * Otherwise, add the appropriate headers to the current response.
- */
-
-static int setup_choice_response(request_rec *r, negotiation_state *neg,
-                                 var_rec *variant)
-{
-    request_rec *sub_req;
-    const char *sub_vary;
-
-    if (!variant->sub_req) {
-        int status;
-
-        sub_req = ap_sub_req_lookup_file(variant->file_name, r);
-        status = sub_req->status;
-
-        if (status != HTTP_OK && 
-            !ap_table_get(sub_req->err_headers_out, "TCN")) {
-            ap_destroy_sub_req(sub_req);
-            return status;
-        }
-        variant->sub_req = sub_req;
-    }
-    else {
-        sub_req = variant->sub_req;
-    }
-
-    /* The variant selection algorithm told us to return a "Choice"
-     * response. This is the normal variant response, with
-     * some extra headers. First, ensure that the chosen
-     * variant did or will not itself engage in transparent negotiation.
-     * If not, set the appropriate headers, and fall through to
-     * the normal variant handling 
-     */
-
-    /* This catches the error that a transparent type map selects a
-     * transparent multiviews resource as the best variant.
-     *
-     * XXX: We do not signal an error if a transparent type map
-     * selects a _non_transparent multiviews resource as the best
-     * variant, because we can generate a legal negotiation response
-     * in this case.  In this case, the vlist_validator of the
-     * nontransparent subrequest will be lost however.  This could
-     * lead to cases in which a change in the set of variants or the
-     * negotiation algorithm of the nontransparent resource is never
-     * propagated up to a HTTP/1.1 cache which interprets Vary.  To be
-     * completely on the safe side we should return VARIANT_ALSO_VARIES
-     * for this type of recursive negotiation too.
-     */
-    if (neg->is_transparent &&
-        ap_table_get(sub_req->err_headers_out, "TCN")) {
-        return VARIANT_ALSO_VARIES;
-    }
-
-    /* This catches the error that a transparent type map recursively
-     * selects, as the best variant, another type map which itself
-     * causes transparent negotiation to be done.
-     *
-     * XXX: Actually, we catch this error by catching all cases of
-     * type map recursion.  There are some borderline recursive type
-     * map arrangements which would not produce transparent
-     * negotiation protocol errors or lack of cache propagation
-     * problems, but such arrangements are very hard to detect at this
-     * point in the control flow, so we do not bother to single them
-     * out.
-     *
-     * Recursive type maps imply a recursive arrangement of negotiated
-     * resources which is visible to outside clients, and this is not
-     * supported by the transparent negotiation caching protocols, so
-     * if we are to have generic support for recursive type maps, we
-     * have to create some configuration setting which makes all type
-     * maps non-transparent when recursion is enabled.  Also, if we
-     * want recursive type map support which ensures propagation of
-     * type map changes into HTTP/1.1 caches that handle Vary, we
-     * would have to extend the current mechanism for generating
-     * variant list validators.
-     */
-    if (sub_req->handler && strcmp(sub_req->handler, "type-map") == 0) {
-        return VARIANT_ALSO_VARIES;
-    }
-
-    /* This adds an appropriate Variant-Vary header if the subrequest
-     * is a multiviews resource.
-     *
-     * XXX: TODO: Note that this does _not_ handle any Vary header
-     * returned by a CGI if sub_req is a CGI script, because we don't
-     * see that Vary header yet at this point in the control flow.
-     * This won't cause any cache consistency problems _unless_ the
-     * CGI script also returns a Cache-Control header marking the
-     * response as cachable.  This needs to be fixed, also there are
-     * problems if a CGI returns an Etag header which also need to be
-     * fixed.
-     */
-    if ((sub_vary = ap_table_get(sub_req->err_headers_out, "Vary")) != NULL) {
-        ap_table_setn(r->err_headers_out, "Variant-Vary", sub_vary);
-
-        /* Move the subreq Vary header into the main request to
-         * prevent having two Vary headers in the response, which
-         * would be legal but strange.
-         */
-        ap_table_setn(r->err_headers_out, "Vary", sub_vary);
-        ap_table_unset(sub_req->err_headers_out, "Vary");
-    }
-    
-    ap_table_setn(r->err_headers_out, "Content-Location",
-                  ap_pstrdup(r->pool, variant->file_name));
-
-    set_neg_headers(r, neg, alg_choice);         /* add Alternates and Vary */
-
-    /* Still to do by caller: add Expires */
-
-    return 0;
-}
-
-/****************************************************************
- *
- * Executive...
- */
-
-static int do_negotiation(request_rec *r, negotiation_state *neg, 
-                          var_rec **bestp, int prefer_scripts) 
-{
-    var_rec *avail_recs = (var_rec *) neg->avail_vars->elts;
-    int alg_result;              /* result of variant selection algorithm */
-    int res;
-    int j;
-
-    /* Decide if resource is transparently negotiable */
-
-    /* GET or HEAD? (HEAD has same method number as GET) */
-    if (r->method_number == M_GET) {
-
-        /* maybe this should be configurable, see also the comment
-         * about recursive type maps in setup_choice_response()
-         */
-        neg->is_transparent = 1;       
-
-        /* We can't be transparent if we are a map file in the middle
-         * of the request URI.
-         */
-        if (r->path_info && *r->path_info)
-            neg->is_transparent = 0;
-
-        for (j = 0; j < neg->avail_vars->nelts; ++j) {
-            var_rec *variant = &avail_recs[j];
-
-            /* We can't be transparent, because of internal
-             * assumptions in best_match(), if there is a
-             * non-neighboring variant.  We can have a non-neighboring
-             * variant when processing a type map.  
-             */
-            if (strchr(variant->file_name, '/'))
-                neg->is_transparent = 0;
-        }
-    }
-
-    if (neg->is_transparent)  {
-        parse_negotiate_header(r, neg);
-    }
-    else { /* configure negotiation on non-transparent resource */
-        neg->may_choose = 1;
-    }
-
-    maybe_add_default_accepts(neg, prefer_scripts);
-
-    alg_result = best_match(neg, bestp);
-
-    /* alg_result is one of
-     *   alg_choice: a best variant is chosen
-     *   alg_list: no best variant is chosen
-     */
-
-    if (alg_result == alg_list) {
-        /* send a list response or NOT_ACCEPTABLE error response  */
-
-        neg->send_alternates = 1; /* always include Alternates header */
-        set_neg_headers(r, neg, alg_result); 
-        store_variant_list(r, neg);
-
-        if (neg->is_transparent && neg->ua_supports_trans) {
-            /* XXX todo: expires? cachability? */
-            
-            /* Some HTTP/1.0 clients are known to choke when they get
-             * a 300 (multiple choices) response without a Location
-             * header.  However the 300 code response we are are about
-             * to generate will only reach 1.0 clients which support
-             * transparent negotiation, and they should be OK. The
-             * response should never reach older 1.0 clients, even if
-             * we have CacheNegotiatedDocs enabled, because no 1.0
-             * proxy cache (we know of) will cache and return 300
-             * responses (they certainly won't if they conform to the
-             * HTTP/1.0 specification).
-             */
-            return MULTIPLE_CHOICES;
-        }
-        
-        if (!*bestp) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                          "no acceptable variant: %s", r->filename);
-            return NOT_ACCEPTABLE;
-        }
-    }
-
-    /* Variant selection chose a variant */
-
-    /* XXX todo: merge the two cases in the if statement below */
-    if (neg->is_transparent) {
-
-        if ((res = setup_choice_response(r, neg, *bestp)) != 0) {
-            return res; /* return if error */
-        }
-    }
-    else {
-        set_neg_headers(r, neg, alg_result);
-    }
-
-    /* Make sure caching works - Vary should handle HTTP/1.1, but for
-     * HTTP/1.0, we can't allow caching at all.
-     */
-
-    /* XXX: Note that we only set r->no_cache to 1, which causes
-     * Expires: <now> to be added, when responding to a HTTP/1.0
-     * client.  If we return the response to a 1.1 client, we do not
-     * add Expires <now>, because doing so would degrade 1.1 cache
-     * performance by preventing re-use of the response without prior
-     * revalidation.  On the other hand, if the 1.1 client is a proxy
-     * which was itself contacted by a 1.0 client, or a proxy cache
-     * which can be contacted later by 1.0 clients, then we currently
-     * rely on this 1.1 proxy to add the Expires: <now> when it
-     * forwards the response.
-     *
-     * XXX: TODO: Find out if the 1.1 spec requires proxies and
-     * tunnels to add Expires: <now> when forwarding the response to
-     * 1.0 clients.  I (kh) recall it is rather vague on this point.
-     * Testing actual 1.1 proxy implementations would also be nice. If
-     * Expires: <now> is not added by proxies then we need to always
-     * include Expires: <now> ourselves to ensure correct caching, but
-     * this would degrade HTTP/1.1 cache efficiency unless we also add
-     * Cache-Control: max-age=N, which we currently don't.
-     *
-     * Roy: No, we are not going to screw over HTTP future just to
-     *      ensure that people who can't be bothered to upgrade their
-     *      clients will always receive perfect server-side negotiation.
-     *      Hell, those clients are sending bogus accept headers anyway.
-     *
-     *      Manual setting of cache-control/expires always overrides this
-     *      automated kluge, on purpose.
-     */
-    
-    if ((!do_cache_negotiated_docs(r->server)
-         && (r->proto_num < HTTP_VERSION(1,1)))        
-         && neg->count_multiviews_variants != 1) {
-        r->no_cache = 1;
-    }
-
-    return OK;
-}
-
-static int handle_map_file(request_rec *r)
-{
-    negotiation_state *neg = parse_accept_headers(r);
-    var_rec *best;
-    int res;
-
-    char *udir;
-
-    if ((res = read_type_map(neg, r))) {
-        return res;
-    }
-
-    res = do_negotiation(r, neg, &best, 0);
-    if (res != 0) return res;
-
-    if (r->path_info && *r->path_info) {
-        r->uri[ap_find_path_info(r->uri, r->path_info)] = '\0';
-    }
-    udir = ap_make_dirstr_parent(r->pool, r->uri);
-    udir = ap_escape_uri(r->pool, udir);
-    ap_internal_redirect(ap_pstrcat(r->pool, udir, best->file_name,
-                                    r->path_info, NULL), r);
-    return OK;
-}
-
-static int handle_multi(request_rec *r)
-{
-    negotiation_state *neg;
-    var_rec *best, *avail_recs;
-    request_rec *sub_req;
-    int res;
-    int j;
-
-    if (r->finfo.st_mode != 0 || !(ap_allow_options(r) & OPT_MULTI)) {
-        return DECLINED;
-    }
-
-    neg = parse_accept_headers(r);
-
-    if ((res = read_types_multi(neg))) {
-      return_from_multi:
-        /* free all allocated memory from subrequests */
-        avail_recs = (var_rec *) neg->avail_vars->elts;
-        for (j = 0; j < neg->avail_vars->nelts; ++j) {
-            var_rec *variant = &avail_recs[j];
-            if (variant->sub_req) {
-                ap_destroy_sub_req(variant->sub_req);
-            }
-        }
-        return res;
-    }
-    if (neg->avail_vars->nelts == 0) {
-        return DECLINED;
-    }
-
-    res = do_negotiation(r, neg, &best,
-                         (r->method_number != M_GET) || r->args ||
-                         (r->path_info && *r->path_info));
-    if (res != 0)
-        goto return_from_multi;
-
-    if (!(sub_req = best->sub_req)) {
-        /* We got this out of a map file, so we don't actually have
-         * a sub_req structure yet.  Get one now.
-         */
-
-        sub_req = ap_sub_req_lookup_file(best->file_name, r);
-        if (sub_req->status != HTTP_OK) {
-            res = sub_req->status;
-            ap_destroy_sub_req(sub_req);
-            goto return_from_multi;
-        }
-    }
-
-    /* BLECH --- don't multi-resolve non-ordinary files */
-
-    if (!S_ISREG(sub_req->finfo.st_mode)) {
-        res = NOT_FOUND;
-        goto return_from_multi;
-    }
-
-    /* Otherwise, use it. */
-
-    /* now do a "fast redirect" ... promote the sub_req into the main req */
-    /* We need to tell POOL_DEBUG that we're guaranteeing that sub_req->pool
-     * will exist as long as r->pool.  Otherwise we run into troubles because
-     * some values in this request will be allocated in r->pool, and others in
-     * sub_req->pool.
-     */
-    ap_pool_join(r->pool, sub_req->pool);
-    r->mtime = 0; /* reset etag info for subrequest */
-    /* XXX: uri/args/path_info are all retained from the original request.
-     *      It is entirely possible, but not common, for a handler to choke
-     *      on some expectation based on the uri (or more commonly, args) that 
-     *      the file subrequest was prepared to handle, but a lookup_uri would
-     *      have considered an error.  This leaves an improbable possibility 
-     *      that the user might fail a mod_dir request later, and the server 
-     *      may respond with a mod_autoindex response.  However, this has been
-     *      the behavior throughout much of the Apache 1.3 era with minimal
-     *      side effects, mostly caused by obscure configuration bugs.
-     *  r->uri = sub_req->uri;
-     *  r->args = sub_req->args;
-     *  r->path_info = sub_req->path_info;  
-     */
-    r->filename = sub_req->filename;
-    r->handler = sub_req->handler;
-    r->content_type = sub_req->content_type;
-    r->content_encoding = sub_req->content_encoding;
-    r->content_languages = sub_req->content_languages;
-    r->content_language = sub_req->content_language;
-    r->finfo = sub_req->finfo;
-    r->per_dir_config = sub_req->per_dir_config;
-    /* copy output headers from subrequest, but leave negotiation headers */
-    r->notes = ap_overlay_tables(r->pool, sub_req->notes, r->notes);
-    r->headers_out = ap_overlay_tables(r->pool, sub_req->headers_out,
-                                    r->headers_out);
-    r->err_headers_out = ap_overlay_tables(r->pool, sub_req->err_headers_out,
-                                        r->err_headers_out);
-    r->subprocess_env = ap_overlay_tables(r->pool, sub_req->subprocess_env,
-                                       r->subprocess_env);
-    avail_recs = (var_rec *) neg->avail_vars->elts;
-    for (j = 0; j < neg->avail_vars->nelts; ++j) {
-        var_rec *variant = &avail_recs[j];
-        if (variant != best && variant->sub_req) {
-            ap_destroy_sub_req(variant->sub_req);
-        }
-    }
-    return OK;
-}
-
-/********************************************************************** 
- * There is a problem with content-encoding, as some clients send and
- * expect an x- token (e.g. x-gzip) while others expect the plain token
- * (i.e. gzip). To try and deal with this as best as possible we do
- * the following: if the client sent an Accept-Encoding header and it
- * contains a plain token corresponding to the content encoding of the
- * response, then set content encoding using the plain token. Else if
- * the A-E header contains the x- token use the x- token in the C-E
- * header. Else don't do anything.
- *
- * Note that if no A-E header was sent, or it does not contain a token
- * compatible with the final content encoding, then the token in the
- * C-E header will be whatever was specified in the AddEncoding
- * directive.
- */
-static int fix_encoding(request_rec *r)
-{
-    const char *enc = r->content_encoding;
-    char *x_enc = NULL;
-    array_header *accept_encodings;
-    accept_rec *accept_recs;
-    int i;
-
-    if (!enc || !*enc) {
-        return DECLINED;
-    }
-
-    if (enc[0] == 'x' && enc[1] == '-') {
-        enc += 2;
-    }
-
-    if ((accept_encodings = do_header_line(r->pool,
-             ap_table_get(r->headers_in, "Accept-Encoding"))) == NULL) {
-        return DECLINED;
-    }
-
-    accept_recs = (accept_rec *) accept_encodings->elts;
-
-    for (i = 0; i < accept_encodings->nelts; ++i) {
-        char *name = accept_recs[i].name;
-
-        if (!strcmp(name, enc)) {
-            r->content_encoding = name;
-            return OK;
-        }
-
-        if (name[0] == 'x' && name[1] == '-' && !strcmp(name+2, enc)) {
-            x_enc = name;
-        }
-    }
-
-    if (x_enc) {
-        r->content_encoding = x_enc;
-        return OK;
-    }
-
-    return DECLINED;
-}
-
-static const handler_rec negotiation_handlers[] =
-{
-    {MAP_FILE_MAGIC_TYPE, handle_map_file},
-    {"type-map", handle_map_file},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT negotiation_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_neg_dir_config,      /* dir config creator */
-    merge_neg_dir_configs,      /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    negotiation_cmds,           /* command table */
-    negotiation_handlers,       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    handle_multi,               /* type_checker */
-    fix_encoding,               /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c b/usr.sbin/httpd/src/modules/standard/mod_rewrite.c
deleted file mode 100644
index 90a76cc59cd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c
+++ /dev/null
@@ -1,4396 +0,0 @@
-/*	$OpenBSD: mod_rewrite.c,v 1.28 2010/09/09 11:31:40 miod Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-
-/*                       _                            _ _
-**   _ __ ___   ___   __| |    _ __ _____      ___ __(_) |_ ___
-**  | '_ ` _ \ / _ \ / _` |   | '__/ _ \ \ /\ / / '__| | __/ _ \
-**  | | | | | | (_) | (_| |   | | |  __/\ V  V /| |  | | ||  __/
-**  |_| |_| |_|\___/ \__,_|___|_|  \___| \_/\_/ |_|  |_|\__\___|
-**                       |_____|
-**
-**  URL Rewriting Module
-**
-**  This module uses a rule-based rewriting engine (based on a
-**  regular-expression parser) to rewrite requested URLs on the fly.
-**
-**  It supports an unlimited number of additional rule conditions (which can
-**  operate on a lot of variables, even on HTTP headers) for granular
-**  matching and even external database lookups (either via plain text
-**  tables, DBM hash files or even external processes) for advanced URL
-**  substitution.
-**
-**  It operates on the full URLs (including the PATH_INFO part) both in
-**  per-server context (httpd.conf) and per-dir context (.htaccess) and even
-**  can generate QUERY_STRING parts on result.   The rewriting result finally
-**  can lead to internal subprocessing, external request redirection or even
-**  to internal proxy throughput.
-**
-**  This module was originally written in April 1996 and
-**  gifted exclusively to the The Apache Group in July 1997 by
-**
-**      Ralf S. Engelschall
-**      rse@engelschall.com
-**      www.engelschall.com
-*/
-
-
-#include "mod_rewrite.h"
-#include "http_main.h"
-#include "fdcache.h"
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |             static module configuration
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-/*
-**  Our interface to the Apache server kernel:
-**
-**  o  Runtime logic of a request is as following:
-**       while(request or subrequest)
-**           foreach(stage #0...#9)
-**               foreach(module) (**)
-**                   try to run hook
-**
-**  o  the order of modules at (**) is the inverted order as
-**     given in the "Configuration" file, i.e. the last module
-**     specified is the first one called for each hook!
-**     The core module is always the last!
-**
-**  o  there are two different types of result checking and
-**     continue processing:
-**     for hook #0,#1,#4,#5,#6,#8:
-**         hook run loop stops on first modules which gives
-**         back a result != DECLINED, i.e. it usually returns OK
-**         which says "OK, module has handled this _stage_" and for #1
-**         this have not to mean "Ok, the filename is now valid".
-**     for hook #2,#3,#7,#9:
-**         all hooks are run, independend of result
-**
-**  o  at the last stage, the core module always
-**       - says "BAD_REQUEST" if r->filename does not begin with "/"
-**       - prefix URL with document_root or replaced server_root
-**         with document_root and sets r->filename
-**       - always return a "OK" independed if the file really exists
-**         or not!
-*/
-
-    /* The section for the Configure script:
-     * MODULE-DEFINITION-START
-     * Name: rewrite_module
-     * ConfigStart
-    . ./helpers/find-dbm-lib
-    if [ "x$found_dbm" = "x1" ]; then
-        echo "      enabling DBM support for mod_rewrite"
-    else
-        echo "      disabling DBM support for mod_rewrite"
-        echo "      (perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)"
-        CFLAGS="$CFLAGS -DNO_DBM_REWRITEMAP"
-    fi
-     * ConfigEnd
-     * MODULE-DEFINITION-END
-     */
-
-    /* the table of commands we provide */
-static const command_rec command_table[] = {
-    { "RewriteEngine",   cmd_rewriteengine,   NULL, OR_FILEINFO, FLAG,
-      "On or Off to enable or disable (default) the whole rewriting engine" },
-    { "RewriteOptions",  cmd_rewriteoptions,  NULL, OR_FILEINFO, ITERATE,
-      "List of option strings to set" },
-    { "RewriteBase",     cmd_rewritebase,     NULL, OR_FILEINFO, TAKE1,
-      "the base URL of the per-directory context" },
-    { "RewriteCond",     cmd_rewritecond,     NULL, OR_FILEINFO, RAW_ARGS,
-      "an input string and a to be applied regexp-pattern" },
-    { "RewriteRule",     cmd_rewriterule,     NULL, OR_FILEINFO, RAW_ARGS,
-      "an URL-applied regexp-pattern and a substitution URL" },
-    { "RewriteMap",      cmd_rewritemap,      NULL, RSRC_CONF,   TAKE2,
-      "a mapname and a filename" },
-    { "RewriteLock",     cmd_rewritelock,     NULL, RSRC_CONF,   TAKE1,
-      "the filename of a lockfile used for inter-process synchronization"},
-    { "RewriteLog",      cmd_rewritelog,      NULL, RSRC_CONF,   TAKE1,
-      "the filename of the rewriting logfile" },
-    { "RewriteLogLevel", cmd_rewriteloglevel, NULL, RSRC_CONF,   TAKE1,
-      "the level of the rewriting logfile verbosity "
-      "(0=none, 1=std, .., 9=max)" },
-    { NULL }
-};
-
-    /* the table of content handlers we provide */
-static const handler_rec handler_table[] = {
-    { "redirect-handler", handler_redirect },
-    { NULL }
-};
-
-    /* the main config structure */
-module MODULE_VAR_EXPORT rewrite_module = {
-   STANDARD_MODULE_STUFF,
-   init_module,                 /* module initializer                  */
-   config_perdir_create,        /* create per-dir    config structures */
-   config_perdir_merge,         /* merge  per-dir    config structures */
-   config_server_create,        /* create per-server config structures */
-   config_server_merge,         /* merge  per-server config structures */
-   command_table,               /* table of config file commands       */
-   handler_table,               /* [#8] MIME-typed-dispatched handlers */
-   hook_uri2file,               /* [#1] URI to filename translation    */
-   NULL,                        /* [#4] validate user id from request  */
-   NULL,                        /* [#5] check if the user is ok _here_ */
-   NULL,                        /* [#3] check access by host address   */
-   hook_mimetype,               /* [#6] determine MIME type            */
-   hook_fixup,                  /* [#7] pre-run fixups                 */
-   NULL,                        /* [#9] log a transaction              */
-   NULL,                        /* [#2] header parser                  */
-   init_child,                  /* child_init                          */
-   NULL,                        /* child_exit                          */
-   NULL                         /* [#0] post read-request              */
-};
-
-    /* the cache */
-static cache *cachep;
-
-    /* whether proxy module is available or not */
-static int proxy_available;
-
-static char *lockname;
-static int lockfd = -1;
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |           configuration directive handling
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-/*
-**
-**  per-server configuration structure handling
-**
-*/
-
-static void *config_server_create(pool *p, server_rec *s)
-{
-    rewrite_server_conf *a;
-
-    a = (rewrite_server_conf *)ap_pcalloc(p, sizeof(rewrite_server_conf));
-
-    a->state           = ENGINE_DISABLED;
-    a->options         = OPTION_NONE;
-    a->rewritelogfile  = NULL;
-    a->rewritelogfp    = -1;
-    a->rewriteloglevel = 0;
-    a->rewritemaps     = ap_make_array(p, 2, sizeof(rewritemap_entry));
-    a->rewriteconds    = ap_make_array(p, 2, sizeof(rewritecond_entry));
-    a->rewriterules    = ap_make_array(p, 2, sizeof(rewriterule_entry));
-    a->server          = s;
-    a->redirect_limit  = 0; /* unset (use default) */
-
-    return (void *)a;
-}
-
-static void *config_server_merge(pool *p, void *basev, void *overridesv)
-{
-    rewrite_server_conf *a, *base, *overrides;
-
-    a         = (rewrite_server_conf *)ap_pcalloc(p, sizeof(rewrite_server_conf));
-    base      = (rewrite_server_conf *)basev;
-    overrides = (rewrite_server_conf *)overridesv;
-
-    a->state   = overrides->state;
-    a->options = overrides->options;
-    a->server  = overrides->server;
-    a->redirect_limit = overrides->redirect_limit
-                          ? overrides->redirect_limit
-                          : base->redirect_limit;
-
-    if (a->options & OPTION_INHERIT) {
-        /*
-         *  local directives override
-         *  and anything else is inherited
-         */
-        a->rewriteloglevel = overrides->rewriteloglevel != 0 
-                             ? overrides->rewriteloglevel
-                             : base->rewriteloglevel;
-        a->rewritelogfile  = overrides->rewritelogfile != NULL 
-                             ? overrides->rewritelogfile
-                             : base->rewritelogfile;
-        a->rewritelogfp    = overrides->rewritelogfp != -1 
-                             ? overrides->rewritelogfp 
-                             : base->rewritelogfp;
-        a->rewritemaps     = ap_append_arrays(p, overrides->rewritemaps,
-                                              base->rewritemaps);
-        a->rewriteconds    = ap_append_arrays(p, overrides->rewriteconds,
-                                              base->rewriteconds);
-        a->rewriterules    = ap_append_arrays(p, overrides->rewriterules,
-                                              base->rewriterules);
-    }
-    else {
-        /*
-         *  local directives override
-         *  and anything else gets defaults
-         */
-        a->rewriteloglevel = overrides->rewriteloglevel;
-        a->rewritelogfile  = overrides->rewritelogfile;
-        a->rewritelogfp    = overrides->rewritelogfp;
-        a->rewritemaps     = overrides->rewritemaps;
-        a->rewriteconds    = overrides->rewriteconds;
-        a->rewriterules    = overrides->rewriterules;
-    }
-
-    return (void *)a;
-}
-
-
-/*
-**
-**  per-directory configuration structure handling
-**
-*/
-
-static void *config_perdir_create(pool *p, char *path)
-{
-    rewrite_perdir_conf *a;
-
-    a = (rewrite_perdir_conf *)ap_pcalloc(p, sizeof(rewrite_perdir_conf));
-
-    a->state           = ENGINE_DISABLED;
-    a->options         = OPTION_NONE;
-    a->baseurl         = NULL;
-    a->rewriteconds    = ap_make_array(p, 2, sizeof(rewritecond_entry));
-    a->rewriterules    = ap_make_array(p, 2, sizeof(rewriterule_entry));
-    a->redirect_limit  = 0; /* unset (use server config) */
-
-    if (path == NULL) {
-        a->directory = NULL;
-    }
-    else {
-        /* make sure it has a trailing slash */
-        if (path[strlen(path)-1] == '/') {
-            a->directory = ap_pstrdup(p, path);
-        }
-        else {
-            a->directory = ap_pstrcat(p, path, "/", NULL);
-        }
-    }
-
-    return (void *)a;
-}
-
-static void *config_perdir_merge(pool *p, void *basev, void *overridesv)
-{
-    rewrite_perdir_conf *a, *base, *overrides;
-
-    a         = (rewrite_perdir_conf *)ap_pcalloc(p,
-                                                  sizeof(rewrite_perdir_conf));
-    base      = (rewrite_perdir_conf *)basev;
-    overrides = (rewrite_perdir_conf *)overridesv;
-
-    a->state     = overrides->state;
-    a->options   = overrides->options;
-    a->directory = overrides->directory;
-    a->baseurl   = overrides->baseurl;
-    a->redirect_limit = overrides->redirect_limit
-                          ? overrides->redirect_limit
-                          : base->redirect_limit;
-
-    if (a->options & OPTION_INHERIT) {
-        a->rewriteconds = ap_append_arrays(p, overrides->rewriteconds,
-                                           base->rewriteconds);
-        a->rewriterules = ap_append_arrays(p, overrides->rewriterules,
-                                           base->rewriterules);
-    }
-    else {
-        a->rewriteconds = overrides->rewriteconds;
-        a->rewriterules = overrides->rewriterules;
-    }
-
-    return (void *)a;
-}
-
-
-/*
-**
-**  the configuration commands
-**
-*/
-
-static const char *cmd_rewriteengine(cmd_parms *cmd,
-                                     rewrite_perdir_conf *dconf, int flag)
-{
-    rewrite_server_conf *sconf;
-
-    sconf = 
-        (rewrite_server_conf *)ap_get_module_config(cmd->server->module_config,
-                                                    &rewrite_module);
-
-    if (cmd->path == NULL) { /* is server command */
-        sconf->state = (flag ? ENGINE_ENABLED : ENGINE_DISABLED);
-    }
-    else                   /* is per-directory command */ {
-        dconf->state = (flag ? ENGINE_ENABLED : ENGINE_DISABLED);
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewriteoptions(cmd_parms *cmd,
-                                      void *in_dconf, const char *option)
-{
-    int options = 0, limit = 0;
-    char *w;
-
-    while (*option) {
-        w = ap_getword_conf(cmd->pool, &option);
-
-        if (!strcasecmp(w, "inherit")) {
-            options |= OPTION_INHERIT;
-        }
-        else if (!strncasecmp(w, "MaxRedirects=", 13)) {
-            limit = atoi(&w[13]);
-            if (limit <= 0) {
-                return "RewriteOptions: MaxRedirects takes a number greater "
-                       "than zero.";
-            }
-        }
-        else if (!strcasecmp(w, "MaxRedirects")) { /* be nice */
-            return "RewriteOptions: MaxRedirects has the format MaxRedirects"
-                   "=n.";
-        }
-        else {
-            return ap_pstrcat(cmd->pool, "RewriteOptions: unknown option '",
-                              w, "'", NULL);
-        }
-    }
-
-    /* put it into the appropriate config */
-    if (cmd->path == NULL) { /* is server command */
-        rewrite_server_conf *conf =
-            ap_get_module_config(cmd->server->module_config,
-                                 &rewrite_module);
-
-        conf->options |= options;
-        conf->redirect_limit = limit;
-    }
-    else {                  /* is per-directory command */
-        rewrite_perdir_conf *conf = in_dconf;
-
-        conf->options |= options;
-        conf->redirect_limit = limit;
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewritelog(cmd_parms *cmd, void *dconf, char *a1)
-{
-    rewrite_server_conf *sconf;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    sconf->rewritelogfile = a1;
-
-    return NULL;
-}
-
-static const char *cmd_rewriteloglevel(cmd_parms *cmd, void *dconf, char *a1)
-{
-    rewrite_server_conf *sconf;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    sconf->rewriteloglevel = atoi(a1);
-
-    return NULL;
-}
-
-static const char *cmd_rewritemap(cmd_parms *cmd, void *dconf, char *a1,
-                                  char *a2)
-{
-    rewrite_server_conf *sconf;
-    rewritemap_entry *new;
-    struct stat st;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    new = ap_push_array(sconf->rewritemaps);
-
-    new->name = a1;
-    new->func = NULL;
-    if (strncmp(a2, "txt:", 4) == 0) {
-        new->type      = MAPTYPE_TXT;
-        new->datafile  = a2+4;
-        new->checkfile = a2+4;
-    }
-    else if (strncmp(a2, "rnd:", 4) == 0) {
-        new->type      = MAPTYPE_RND;
-        new->datafile  = a2+4;
-        new->checkfile = a2+4;
-    }
-    else if (strncmp(a2, "dbm:", 4) == 0) {
-        new->type      = MAPTYPE_DBM;
-        new->datafile  = a2+4;
-        new->checkfile = ap_pstrcat(cmd->pool, a2+4, NDBM_FILE_SUFFIX, NULL);
-    }
-    else if (strncmp(a2, "prg:", 4) == 0) {
-        new->type = MAPTYPE_PRG;
-        new->datafile = a2+4;
-        new->checkfile = a2+4;
-    }
-    else if (strncmp(a2, "int:", 4) == 0) {
-        new->type      = MAPTYPE_INT;
-        new->datafile  = NULL;
-        new->checkfile = NULL;
-        if (strcmp(a2+4, "tolower") == 0) {
-            new->func = rewrite_mapfunc_tolower;
-        }
-        else if (strcmp(a2+4, "toupper") == 0) {
-            new->func = rewrite_mapfunc_toupper;
-        }
-        else if (strcmp(a2+4, "escape") == 0) {
-            new->func = rewrite_mapfunc_escape;
-        }
-        else if (strcmp(a2+4, "unescape") == 0) {
-            new->func = rewrite_mapfunc_unescape;
-        }
-        else if (sconf->state == ENGINE_ENABLED) {
-            return ap_pstrcat(cmd->pool, "RewriteMap: internal map not found:",
-                              a2+4, NULL);
-        }
-    }
-    else {
-        new->type      = MAPTYPE_TXT;
-        new->datafile  = a2;
-        new->checkfile = a2;
-    }
-    new->fpin  = -1;
-    new->fpout = -1;
-
-    /* yes, we do it twice. needed for restart awareness */
-    ap_server_strip_chroot(new->checkfile, 0);
-    ap_server_strip_chroot(new->datafile, 0);
-
-    if (new->checkfile && (sconf->state == ENGINE_ENABLED)
-        && (stat(new->checkfile, &st) == -1)) {
-        return ap_pstrcat(cmd->pool,
-                          "RewriteMap: map file or program not found:",
-                          new->checkfile, NULL);
-    }
-
-    ap_server_strip_chroot(new->checkfile, 1);
-    ap_server_strip_chroot(new->datafile, 1);
-
-    return NULL;
-}
-
-static const char *cmd_rewritelock(cmd_parms *cmd, void *dconf, char *a1)
-{
-    const char *error;
-
-    if ((error = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return error;
-
-    lockname = a1;
-
-    return NULL;
-}
-
-static const char *cmd_rewritebase(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *a1)
-{
-    if (cmd->path == NULL || dconf == NULL) {
-        return "RewriteBase: only valid in per-directory config files";
-    }
-    if (a1[0] == '\0') {
-        return "RewriteBase: empty URL not allowed";
-    }
-    if (a1[0] != '/') {
-        return "RewriteBase: argument is not a valid URL";
-    }
-
-    dconf->baseurl = a1;
-
-    return NULL;
-}
-
-static const char *cmd_rewritecond(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *str)
-{
-    rewrite_server_conf *sconf;
-    rewritecond_entry *new;
-    regex_t *regexp;
-    char *a1;
-    char *a2;
-    char *a3;
-    char *cp;
-    const char *err;
-    int rc;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    /*  make a new entry in the internal temporary rewrite rule list */
-    if (cmd->path == NULL) {   /* is server command */
-        new = ap_push_array(sconf->rewriteconds);
-    }
-    else {                     /* is per-directory command */
-        new = ap_push_array(dconf->rewriteconds);
-    }
-
-    /*  parse the argument line ourself */
-    if (parseargline(str, &a1, &a2, &a3)) {
-        return ap_pstrcat(cmd->pool, "RewriteCond: bad argument line '", str,
-                          "'\n", NULL);
-    }
-
-    /*  arg1: the input string */
-    new->input = ap_pstrdup(cmd->pool, a1);
-
-    /* arg3: optional flags field
-       (this have to be first parsed, because we need to
-        know if the regex should be compiled with ICASE!) */
-    new->flags = CONDFLAG_NONE;
-    if (a3 != NULL) {
-        if ((err = cmd_rewritecond_parseflagfield(cmd->pool, new,
-                                                  a3)) != NULL) {
-            return err;
-        }
-    }
-
-    /*  arg2: the pattern
-        try to compile the regexp to test if is ok */
-    cp = a2;
-    if (cp[0] == '!') {
-        new->flags |= CONDFLAG_NOTMATCH;
-        cp++;
-    }
-
-    /* now be careful: Under the POSIX regex library
-       we can compile the pattern for case-insensitive matching,
-       under the old V8 library we have to do it self via a hack */
-    if (new->flags & CONDFLAG_NOCASE) {
-        rc = ((regexp = ap_pregcomp(cmd->pool, cp, REG_EXTENDED|REG_ICASE))
-              == NULL);
-    }
-    else {
-        rc = ((regexp = ap_pregcomp(cmd->pool, cp, REG_EXTENDED)) == NULL);
-    }
-    if (rc) {
-        return ap_pstrcat(cmd->pool,
-                          "RewriteCond: cannot compile regular expression '",
-                          a2, "'\n", NULL);
-    }
-
-    new->pattern = ap_pstrdup(cmd->pool, cp);
-    new->regexp  = regexp;
-
-    return NULL;
-}
-
-static const char *cmd_rewritecond_parseflagfield(pool *p,
-                                                  rewritecond_entry *cfg,
-                                                  char *str)
-{
-    char *cp;
-    char *cp1;
-    char *cp2;
-    char *cp3;
-    char *key;
-    char *val;
-    const char *err;
-
-    if (str[0] != '[' || str[strlen(str)-1] != ']') {
-        return "RewriteCond: bad flag delimiters";
-    }
-
-    cp = str+1;
-    str[strlen(str)-1] = ','; /* for simpler parsing */
-    for ( ; *cp != '\0'; ) {
-        /* skip whitespaces */
-        for ( ; (*cp == ' ' || *cp == '\t') && *cp != '\0'; cp++)
-            ;
-        if (*cp == '\0') {
-            break;
-        }
-        cp1 = cp;
-        if ((cp2 = strchr(cp, ',')) != NULL) {
-            cp = cp2+1;
-            for ( ; (*(cp2-1) == ' ' || *(cp2-1) == '\t'); cp2--)
-                ;
-            *cp2 = '\0';
-            if ((cp3 = strchr(cp1, '=')) != NULL) {
-                *cp3 = '\0';
-                key = cp1;
-                val = cp3+1;
-            }
-            else {
-                key = cp1;
-                val = "";
-            }
-            if ((err = cmd_rewritecond_setflag(p, cfg, key, val)) != NULL) {
-                return err;
-            }
-        }
-        else {
-            break;
-        }
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewritecond_setflag(pool *p, rewritecond_entry *cfg,
-                                           char *key, char *val)
-{
-    if (   strcasecmp(key, "nocase") == 0
-        || strcasecmp(key, "NC") == 0    ) {
-        cfg->flags |= CONDFLAG_NOCASE;
-    }
-    else if (   strcasecmp(key, "ornext") == 0
-             || strcasecmp(key, "OR") == 0    ) {
-        cfg->flags |= CONDFLAG_ORNEXT;
-    }
-    else {
-        return ap_pstrcat(p, "RewriteCond: unknown flag '", key, "'\n", NULL);
-    }
-    return NULL;
-}
-
-static const char *cmd_rewriterule(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *str)
-{
-    rewrite_server_conf *sconf;
-    rewriterule_entry *new;
-    regex_t *regexp;
-    char *a1;
-    char *a2;
-    char *a3;
-    char *cp;
-    const char *err;
-    int mode;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    /*  make a new entry in the internal rewrite rule list */
-    if (cmd->path == NULL) {   /* is server command */
-        new = ap_push_array(sconf->rewriterules);
-    }
-    else {                     /* is per-directory command */
-        new = ap_push_array(dconf->rewriterules);
-    }
-
-    /*  parse the argument line ourself */
-    if (parseargline(str, &a1, &a2, &a3)) {
-        return ap_pstrcat(cmd->pool, "RewriteRule: bad argument line '", str,
-                          "'\n", NULL);
-    }
-
-    /* arg3: optional flags field */
-    new->forced_mimetype     = NULL;
-    new->forced_responsecode = HTTP_MOVED_TEMPORARILY;
-    new->flags  = RULEFLAG_NONE;
-    new->env[0] = NULL;
-    new->skip   = 0;
-    if (a3 != NULL) {
-        if ((err = cmd_rewriterule_parseflagfield(cmd->pool, new,
-                                                  a3)) != NULL) {
-            return err;
-        }
-    }
-
-    /*  arg1: the pattern
-     *  try to compile the regexp to test if is ok
-     */
-    cp = a1;
-    if (cp[0] == '!') {
-        new->flags |= RULEFLAG_NOTMATCH;
-        cp++;
-    }
-    mode = REG_EXTENDED;
-    if (new->flags & RULEFLAG_NOCASE) {
-        mode |= REG_ICASE;
-    }
-    if ((regexp = ap_pregcomp(cmd->pool, cp, mode)) == NULL) {
-        return ap_pstrcat(cmd->pool,
-                          "RewriteRule: cannot compile regular expression '",
-                          a1, "'\n", NULL);
-    }
-    new->pattern = ap_pstrdup(cmd->pool, cp);
-    new->regexp  = regexp;
-
-    /*  arg2: the output string
-     *  replace the $<N> by \<n> which is needed by the currently
-     *  used Regular Expression library
-     */
-    new->output = ap_pstrdup(cmd->pool, a2);
-
-    /* now, if the server or per-dir config holds an
-     * array of RewriteCond entries, we take it for us
-     * and clear the array
-     */
-    if (cmd->path == NULL) {  /* is server command */
-        new->rewriteconds   = sconf->rewriteconds;
-        sconf->rewriteconds = ap_make_array(cmd->pool, 2,
-                                            sizeof(rewritecond_entry));
-    }
-    else {                    /* is per-directory command */
-        new->rewriteconds   = dconf->rewriteconds;
-        dconf->rewriteconds = ap_make_array(cmd->pool, 2,
-                                            sizeof(rewritecond_entry));
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewriterule_parseflagfield(pool *p,
-                                                  rewriterule_entry *cfg,
-                                                  char *str)
-{
-    char *cp;
-    char *cp1;
-    char *cp2;
-    char *cp3;
-    char *key;
-    char *val;
-    const char *err;
-
-    if (str[0] != '[' || str[strlen(str)-1] != ']') {
-        return "RewriteRule: bad flag delimiters";
-    }
-
-    cp = str+1;
-    str[strlen(str)-1] = ','; /* for simpler parsing */
-    for ( ; *cp != '\0'; ) {
-        /* skip whitespaces */
-        for ( ; (*cp == ' ' || *cp == '\t') && *cp != '\0'; cp++)
-            ;
-        if (*cp == '\0') {
-            break;
-        }
-        cp1 = cp;
-        if ((cp2 = strchr(cp, ',')) != NULL) {
-            cp = cp2+1;
-            for ( ; (*(cp2-1) == ' ' || *(cp2-1) == '\t'); cp2--)
-                ;
-            *cp2 = '\0';
-            if ((cp3 = strchr(cp1, '=')) != NULL) {
-                *cp3 = '\0';
-                key = cp1;
-                val = cp3+1;
-            }
-            else {
-                key = cp1;
-                val = "";
-            }
-            if ((err = cmd_rewriterule_setflag(p, cfg, key, val)) != NULL) {
-                return err;
-            }
-        }
-        else {
-            break;
-        }
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewriterule_setflag(pool *p, rewriterule_entry *cfg,
-                                           char *key, char *val)
-{
-    int status = 0;
-    int i;
-
-    if (   strcasecmp(key, "redirect") == 0
-        || strcasecmp(key, "R") == 0       ) {
-        cfg->flags |= RULEFLAG_FORCEREDIRECT;
-        if (strlen(val) > 0) {
-            if (strcasecmp(val, "permanent") == 0) {
-                status = HTTP_MOVED_PERMANENTLY;
-            }
-            else if (strcasecmp(val, "temp") == 0) {
-                status = HTTP_MOVED_TEMPORARILY;
-            }
-            else if (strcasecmp(val, "seeother") == 0) {
-                status = HTTP_SEE_OTHER;
-            }
-            else if (ap_isdigit(*val)) {
-                status = atoi(val);
-            }
-            if (!ap_is_HTTP_REDIRECT(status)) {
-                return "RewriteRule: invalid HTTP response code "
-                       "for flag 'R'";
-            }
-            cfg->forced_responsecode = status;
-        }
-    }
-    else if (   strcasecmp(key, "noescape") == 0
-        || strcasecmp(key, "NE") == 0       ) {
-        cfg->flags |= RULEFLAG_NOESCAPE;
-    }
-    else if (   strcasecmp(key, "last") == 0
-             || strcasecmp(key, "L") == 0   ) {
-        cfg->flags |= RULEFLAG_LASTRULE;
-    }
-    else if (   strcasecmp(key, "next") == 0
-             || strcasecmp(key, "N") == 0   ) {
-        cfg->flags |= RULEFLAG_NEWROUND;
-    }
-    else if (   strcasecmp(key, "chain") == 0
-             || strcasecmp(key, "C") == 0    ) {
-        cfg->flags |= RULEFLAG_CHAIN;
-    }
-    else if (   strcasecmp(key, "type") == 0
-             || strcasecmp(key, "T") == 0   ) {
-        cfg->forced_mimetype = ap_pstrdup(p, val);
-        ap_str_tolower(cfg->forced_mimetype);
-    }
-    else if (   strcasecmp(key, "env") == 0
-             || strcasecmp(key, "E") == 0   ) {
-        for (i = 0; (cfg->env[i] != NULL) && (i < MAX_ENV_FLAGS); i++)
-            ;
-        if (i < MAX_ENV_FLAGS) {
-            cfg->env[i] = ap_pstrdup(p, val);
-            cfg->env[i+1] = NULL;
-        }
-        else {
-            return "RewriteRule: too many environment flags 'E'";
-        }
-    }
-    else if (   strcasecmp(key, "nosubreq") == 0
-             || strcasecmp(key, "NS") == 0      ) {
-        cfg->flags |= RULEFLAG_IGNOREONSUBREQ;
-    }
-    else if (   strcasecmp(key, "proxy") == 0
-             || strcasecmp(key, "P") == 0      ) {
-        cfg->flags |= RULEFLAG_PROXY;
-    }
-    else if (   strcasecmp(key, "passthrough") == 0
-             || strcasecmp(key, "PT") == 0      ) {
-        cfg->flags |= RULEFLAG_PASSTHROUGH;
-    }
-    else if (   strcasecmp(key, "skip") == 0
-             || strcasecmp(key, "S") == 0   ) {
-        cfg->skip = atoi(val);
-    }
-    else if (   strcasecmp(key, "forbidden") == 0
-             || strcasecmp(key, "F") == 0   ) {
-        cfg->flags |= RULEFLAG_FORBIDDEN;
-    }
-    else if (   strcasecmp(key, "gone") == 0
-             || strcasecmp(key, "G") == 0   ) {
-        cfg->flags |= RULEFLAG_GONE;
-    }
-    else if (   strcasecmp(key, "qsappend") == 0
-             || strcasecmp(key, "QSA") == 0   ) {
-        cfg->flags |= RULEFLAG_QSAPPEND;
-    }
-    else if (   strcasecmp(key, "nocase") == 0
-             || strcasecmp(key, "NC") == 0    ) {
-        cfg->flags |= RULEFLAG_NOCASE;
-    }
-    else {
-        return ap_pstrcat(p, "RewriteRule: unknown flag '", key, "'\n", NULL);
-    }
-    return NULL;
-}
-
-
-/*
-**
-**  Global Module Initialization
-**  [called from read_config() after all
-**  config commands were already called]
-**
-*/
-
-static void init_module(server_rec *s, pool *p)
-{
-    /* check if proxy module is available */
-    proxy_available = (ap_find_linked_module("mod_proxy.c") != NULL);
-
-    /* create the rewriting lockfile in the parent */
-    rewritelock_create(s, p);
-    ap_register_cleanup(p, (void *)s, rewritelock_remove, ap_null_cleanup);
-
-    /* step through the servers and
-     * - open each rewriting logfile
-     * - open the RewriteMap prg:xxx programs
-     */
-    for (; s; s = s->next) {
-        open_rewritelog(s, p);
-        run_rewritemap_programs(s, p);
-    }
-}
-
-
-/*
-**
-**  Per-Child Module Initialization
-**  [called after a child process is spawned]
-**
-*/
-
-static void init_child(server_rec *s, pool *p)
-{
-     /* open the rewriting lockfile */
-     rewritelock_open(s, p);
-
-     /* create the lookup cache */
-     cachep = init_cache(p);
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                     runtime hooks
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-/*
-**
-**  URI-to-filename hook
-**
-**  [used for the rewriting engine triggered by
-**  the per-server 'RewriteRule' directives]
-**
-*/
-
-static int hook_uri2file(request_rec *r)
-{
-    void *sconf;
-    rewrite_server_conf *conf;
-    const char *var;
-    const char *thisserver;
-    char *thisport;
-    const char *thisurl;
-    char buf[512];
-    char docroot[512];
-    const char *ccp;
-    unsigned int port;
-    int rulestatus;
-    int n;
-    int l;
-
-    /*
-     *  retrieve the config structures
-     */
-    sconf = r->server->module_config;
-    conf  = (rewrite_server_conf *)ap_get_module_config(sconf,
-                                                        &rewrite_module);
-
-    /*
-     *  only do something under runtime if the engine is really enabled,
-     *  else return immediately!
-     */
-    if (conf->state == ENGINE_DISABLED) {
-        return DECLINED;
-    }
-
-    /*
-     *  check for the ugly API case of a virtual host section where no
-     *  mod_rewrite directives exists. In this situation we became no chance
-     *  by the API to setup our default per-server config so we have to
-     *  on-the-fly assume we have the default config. But because the default
-     *  config has a disabled rewriting engine we are lucky because can
-     *  just stop operating now.
-     */
-    if (conf->server != r->server) {
-        return DECLINED;
-    }
-
-    /*
-     *  add the SCRIPT_URL variable to the env. this is a bit complicated
-     *  due to the fact that apache uses subrequests and internal redirects
-     */
-
-    if (r->main == NULL) {
-         var = ap_pstrcat(r->pool, "REDIRECT_", ENVVAR_SCRIPT_URL, NULL);
-         var = ap_table_get(r->subprocess_env, var);
-         if (var == NULL) {
-             ap_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, r->uri);
-         }
-         else {
-             ap_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, var);
-         }
-    }
-    else {
-         var = ap_table_get(r->main->subprocess_env, ENVVAR_SCRIPT_URL);
-         ap_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, var);
-    }
-
-    /*
-     *  create the SCRIPT_URI variable for the env
-     */
-
-    /* add the canonical URI of this URL */
-    thisserver = ap_get_server_name(r);
-    port = ap_get_server_port(r);
-    if (ap_is_default_port(port, r)) {
-        thisport = "";
-    }
-    else {
-        ap_snprintf(buf, sizeof(buf), ":%u", port);
-        thisport = buf;
-    }
-    thisurl = ap_table_get(r->subprocess_env, ENVVAR_SCRIPT_URL);
-
-    /* set the variable */
-    var = ap_pstrcat(r->pool, ap_http_method(r), "://", thisserver, thisport,
-                     thisurl, NULL);
-    ap_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URI, var);
-
-    /* if filename was not initially set,
-     * we start with the requested URI
-     */
-    if (r->filename == NULL) {
-        r->filename = ap_pstrdup(r->pool, r->uri);
-        rewritelog(r, 2, "init rewrite engine with requested uri %s",
-                   r->filename);
-    }
-
-    /*
-     *  now apply the rules ...
-     */
-    rulestatus = apply_rewrite_list(r, conf->rewriterules, NULL);
-    if (rulestatus) {
-        unsigned skip;
-
-        if (strlen(r->filename) > 6 &&
-            strncmp(r->filename, "proxy:", 6) == 0) {
-            /* it should be go on as an internal proxy request */
-
-            /* check if the proxy module is enabled, so
-             * we can actually use it!
-             */
-            if (!proxy_available) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                             "attempt to make remote request from mod_rewrite "
-                             "without proxy enabled: %s", r->filename);
-                return FORBIDDEN;
-            }
-
-            /* make sure the QUERY_STRING and
-             * PATH_INFO parts get incorporated
-             */
-            if (r->path_info != NULL) {
-                r->filename = ap_pstrcat(r->pool, r->filename,
-                                         r->path_info, NULL);
-            }
-            if (r->args != NULL &&
-                r->uri == r->unparsed_uri) {
-                /* see proxy_http:proxy_http_canon() */
-                r->filename = ap_pstrcat(r->pool, r->filename,
-                                         "?", r->args, NULL);
-            }
-
-            /* now make sure the request gets handled by the proxy handler */
-            r->proxyreq = PROXY_PASS;
-            r->handler  = "proxy-server";
-
-            rewritelog(r, 1, "go-ahead with proxy request %s [OK]",
-                       r->filename);
-            return OK;
-        }
-        else if ((skip = is_absolute_uri(r->filename)) > 0) {
-            /* it was finally rewritten to a remote URL */
-
-            if (rulestatus != ACTION_NOESCAPE) {
-                rewritelog(r, 1, "escaping %s for redirect", r->filename);
-                r->filename = escape_absolute_uri(r->pool, r->filename, skip);
-            }
-
-            /* append the QUERY_STRING part */
-            if (r->args) {
-                r->filename = ap_pstrcat(r->pool, r->filename, "?",
-                                         (rulestatus == ACTION_NOESCAPE)
-                                           ? r->args
-                                           : ap_escape_uri(r->pool, r->args),
-                                         NULL);
-            }
-
-            /* determine HTTP redirect response code */
-            if (ap_is_HTTP_REDIRECT(r->status)) {
-                n = r->status;
-                r->status = HTTP_OK; /* make Apache kernel happy */
-            }
-            else {
-                n = REDIRECT;
-            }
-
-            /* now do the redirection */
-            ap_table_setn(r->headers_out, "Location", r->filename);
-            rewritelog(r, 1, "redirect to %s [REDIRECT/%d]", r->filename, n);
-            return n;
-        }
-        else if (strlen(r->filename) > 10 &&
-                 strncmp(r->filename, "forbidden:", 10) == 0) {
-            /* This URLs is forced to be forbidden for the requester */
-            return FORBIDDEN;
-        }
-        else if (strlen(r->filename) > 5 &&
-                 strncmp(r->filename, "gone:", 5) == 0) {
-            /* This URLs is forced to be gone */
-            return HTTP_GONE;
-        }
-        else if (strlen(r->filename) > 12 &&
-                 strncmp(r->filename, "passthrough:", 12) == 0) {
-            /*
-             * Hack because of underpowered API: passing the current
-             * rewritten filename through to other URL-to-filename handlers
-             * just as it were the requested URL. This is to enable
-             * post-processing by mod_alias, etc.  which always act on
-             * r->uri! The difference here is: We do not try to
-             * add the document root
-             */
-            r->uri = ap_pstrdup(r->pool, r->filename+12);
-            return DECLINED;
-        }
-        else {
-            /* it was finally rewritten to a local path */
-
-            /* expand "/~user" prefix */
-            r->filename = expand_tildepaths(r, r->filename);
-            rewritelog(r, 2, "local path result: %s", r->filename);
-
-            /* the filename must be either an absolute local path or an
-             * absolute local URL.
-             */
-            if (   *r->filename != '/'
-                && !ap_os_is_path_absolute(r->filename)) {
-                return BAD_REQUEST;
-            }
-
-            /* if there is no valid prefix, we have
-             * to emulate the translator from the core and
-             * prefix the filename with document_root
-             *
-             * NOTICE:
-             * We cannot leave out the prefix_stat because
-             * - when we always prefix with document_root
-             *   then no absolute path can be created, e.g. via
-             *   emulating a ScriptAlias directive, etc.
-             * - when we always NOT prefix with document_root
-             *   then the files under document_root have to
-             *   be references directly and document_root
-             *   gets never used and will be a dummy parameter -
-             *   this is also bad
-             *
-             * BUT:
-             * Under real Unix systems this is no problem,
-             * because we only do stat() on the first directory
-             * and this gets cached by the kernel for along time!
-             */
-            n = prefix_stat(r->filename, r->pool);
-            if (n == 0) {
-                if ((ccp = ap_document_root(r)) != NULL) {
-                    l = ap_cpystrn(docroot, ccp, sizeof(docroot)) - docroot;
-
-                    /* always NOT have a trailing slash */
-                    if (docroot[l-1] == '/') {
-                        docroot[l-1] = '\0';
-                    }
-                    if (r->server->path
-                        && !strncmp(r->filename, r->server->path,
-                                    r->server->pathlen)) {
-                        r->filename = ap_pstrcat(r->pool, docroot,
-                                                 (r->filename +
-                                                  r->server->pathlen), NULL);
-                    }
-                    else {
-                        r->filename = ap_pstrcat(r->pool, docroot, 
-                                                 r->filename, NULL);
-                    }
-                    rewritelog(r, 2, "prefixed with document_root to %s",
-                               r->filename);
-                }
-            }
-
-            rewritelog(r, 1, "go-ahead with %s [OK]", r->filename);
-            return OK;
-        }
-    }
-    else {
-        rewritelog(r, 1, "pass through %s", r->filename);
-        return DECLINED;
-    }
-}
-
-
-/*
-**
-**  MIME-type hook
-**
-**  [used to support the forced-MIME-type feature]
-**
-*/
-
-static int hook_mimetype(request_rec *r)
-{
-    const char *t;
-
-    /* now check if we have to force a MIME-type */
-    t = ap_table_get(r->notes, REWRITE_FORCED_MIMETYPE_NOTEVAR);
-    if (t == NULL) {
-        return DECLINED;
-    }
-    else {
-        rewritelog(r, 1, "force filename %s to have MIME-type '%s'",
-                   r->filename, t);
-        r->content_type = t;
-        return OK;
-    }
-}
-
-
-/*
-**
-**  Fixup hook
-**
-**  [used for the rewriting engine triggered by
-**  the per-directory 'RewriteRule' directives]
-**
-*/
-
-static int hook_fixup(request_rec *r)
-{
-    rewrite_perdir_conf *dconf;
-    char *cp;
-    char *cp2;
-    const char *ccp;
-    char *prefix;
-    int l;
-    int rulestatus;
-    int n;
-    char *ofilename;
-
-    dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config,
-                                                        &rewrite_module);
-
-    /* if there is no per-dir config we return immediately */
-    if (dconf == NULL) {
-        return DECLINED;
-    }
-
-    /* we shouldn't do anything in subrequests */
-    if (r->main != NULL) {
-        return DECLINED;
-    }
-
-    /* if there are no real (i.e. no RewriteRule directives!)
-       per-dir config of us, we return also immediately */
-    if (dconf->directory == NULL) {
-        return DECLINED;
-    }
-
-    /*
-     *  only do something under runtime if the engine is really enabled,
-     *  for this directory, else return immediately!
-     */
-    if (dconf->state == ENGINE_DISABLED) {
-        return DECLINED;
-    }
-
-    /*
-     *  Do the Options check after engine check, so
-     *  the user is able to explicitely turn RewriteEngine Off.
-     */
-    if (!(ap_allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
-        /* FollowSymLinks is mandatory! */
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                     "Options FollowSymLinks or SymLinksIfOwnerMatch is off "
-                     "which implies that RewriteRule directive is forbidden: "
-                     "%s", r->filename);
-        return FORBIDDEN;
-    }
-
-    /*
-     *  remember the current filename before rewriting for later check
-     *  to prevent deadlooping because of internal redirects
-     *  on final URL/filename which can be equal to the inital one.
-     */
-    ofilename = r->filename;
-
-    /*
-     *  now apply the rules ...
-     */
-    rulestatus = apply_rewrite_list(r, dconf->rewriterules, dconf->directory);
-    if (rulestatus) {
-        unsigned skip;
-
-        if (strlen(r->filename) > 6 &&
-            strncmp(r->filename, "proxy:", 6) == 0) {
-            /* it should go on as an internal proxy request */
-
-            /* make sure the QUERY_STRING and
-             * PATH_INFO parts get incorporated
-             * (r->path_info was already appended by the
-             * rewriting engine because of the per-dir context!)
-             */
-            if (r->args != NULL) {
-                r->filename = ap_pstrcat(r->pool, r->filename,
-                                         "?", r->args, NULL);
-            }
-
-            /* now make sure the request gets handled by the proxy handler */
-            r->proxyreq = PROXY_PASS;
-            r->handler  = "proxy-server";
-
-            rewritelog(r, 1, "[per-dir %s] go-ahead with proxy request "
-                       "%s [OK]", dconf->directory, r->filename);
-            return OK;
-        }
-        else if ((skip = is_absolute_uri(r->filename)) > 0) {
-            /* it was finally rewritten to a remote URL */
-
-            /* because we are in a per-dir context
-             * first try to replace the directory with its base-URL
-             * if there is a base-URL available
-             */
-            if (dconf->baseurl != NULL) {
-                /* skip 'scheme://' */
-                cp = r->filename + skip;
-
-                if ((cp = strchr(cp, '/')) != NULL && *(++cp)) {
-                    rewritelog(r, 2,
-                               "[per-dir %s] trying to replace "
-                               "prefix %s with %s",
-                               dconf->directory, dconf->directory,
-                               dconf->baseurl);
-
-                    /* I think, that hack needs an explanation:
-                     * well, here is it:
-                     * mod_rewrite was written for unix systems, were
-                     * absolute file-system paths start with a slash.
-                     * URL-paths _also_ start with slashes, so they
-                     * can be easily compared with system paths.
-                     *
-                     * the following assumes, that the actual url-path
-                     * may be prefixed by the current directory path and
-                     * tries to replace the system path with the RewriteBase
-                     * URL.
-                     * That assumption is true if we use a RewriteRule like
-                     *
-                     * RewriteRule ^foo bar [R]
-                     *
-                     * (see apply_rewrite_rule function)
-                     * However on systems that don't have a / as system
-                     * root this will never match, so we skip the / after the
-                     * hostname and compare/substitute only the stuff after it.
-                     *
-                     * (note that cp was already increased to the right value)
-                     */
-                    cp2 = subst_prefix_path(r, cp, (*dconf->directory == '/')
-                                                   ? dconf->directory + 1
-                                                   : dconf->directory,
-                                            dconf->baseurl + 1);
-                    if (strcmp(cp2, cp) != 0) {
-                        *cp = '\0';
-                        r->filename = ap_pstrcat(r->pool, r->filename,
-                                                 cp2, NULL);
-                    }
-                }
-            }
-
-            /* now prepare the redirect... */
-            if (rulestatus != ACTION_NOESCAPE) {
-                rewritelog(r, 1, "[per-dir %s] escaping %s for redirect",
-                           dconf->directory, r->filename);
-                r->filename = escape_absolute_uri(r->pool, r->filename, skip);
-            }
-
-            /* append the QUERY_STRING part */
-            if (r->args) {
-                r->filename = ap_pstrcat(r->pool, r->filename, "?",
-                                         (rulestatus == ACTION_NOESCAPE)
-                                           ? r->args
-                                           : ap_escape_uri(r->pool, r->args),
-                                         NULL);
-            }
-
-            /* determine HTTP redirect response code */
-            if (ap_is_HTTP_REDIRECT(r->status)) {
-                n = r->status;
-                r->status = HTTP_OK; /* make Apache kernel happy */
-            }
-            else {
-                n = REDIRECT;
-            }
-
-            /* now do the redirection */
-            ap_table_setn(r->headers_out, "Location", r->filename);
-            rewritelog(r, 1, "[per-dir %s] redirect to %s [REDIRECT/%d]",
-                       dconf->directory, r->filename, n);
-            return n;
-        }
-        else if (strlen(r->filename) > 10 &&
-                 strncmp(r->filename, "forbidden:", 10) == 0) {
-            /* This URL is forced to be forbidden for the requester */
-            return FORBIDDEN;
-        }
-        else if (strlen(r->filename) > 5 &&
-                 strncmp(r->filename, "gone:", 5) == 0) {
-            /* This URL is forced to be gone */
-            return HTTP_GONE;
-        }
-        else {
-            /* it was finally rewritten to a local path */
-
-            /* if someone used the PASSTHROUGH flag in per-dir
-             * context we just ignore it. It is only useful
-             * in per-server context
-             */
-            if (strlen(r->filename) > 12 &&
-                strncmp(r->filename, "passthrough:", 12) == 0) {
-                r->filename = ap_pstrdup(r->pool, r->filename+12);
-            }
-
-            /* the filename must be either an absolute local path or an
-             * absolute local URL.
-             */
-            if (   *r->filename != '/'
-                && !ap_os_is_path_absolute(r->filename)) {
-                return BAD_REQUEST;
-            }
-
-            /* Check for deadlooping:
-             * At this point we KNOW that at least one rewriting
-             * rule was applied, but when the resulting URL is
-             * the same as the initial URL, we are not allowed to
-             * use the following internal redirection stuff because
-             * this would lead to a deadloop.
-             */
-            if (strcmp(r->filename, ofilename) == 0) {
-                rewritelog(r, 1, "[per-dir %s] initial URL equal rewritten "
-                           "URL: %s [IGNORING REWRITE]",
-                           dconf->directory, r->filename);
-                return OK;
-            }
-
-            /* if there is a valid base-URL then substitute
-             * the per-dir prefix with this base-URL if the
-             * current filename still is inside this per-dir
-             * context. If not then treat the result as a
-             * plain URL
-             */
-            if (dconf->baseurl != NULL) {
-                rewritelog(r, 2,
-                           "[per-dir %s] trying to replace prefix %s with %s",
-                           dconf->directory, dconf->directory, dconf->baseurl);
-                r->filename = subst_prefix_path(r, r->filename,
-                                                dconf->directory,
-                                                dconf->baseurl);
-            }
-            else {
-                /* if no explicit base-URL exists we assume
-                 * that the directory prefix is also a valid URL
-                 * for this webserver and only try to remove the
-                 * document_root if it is prefix
-                 */
-                if ((ccp = ap_document_root(r)) != NULL) {
-                    prefix = ap_pstrdup(r->pool, ccp);
-                    /* always NOT have a trailing slash */
-                    l = strlen(prefix);
-                    if (prefix[l-1] == '/') {
-                        prefix[l-1] = '\0';
-                        l--;
-                    }
-                    if (strncmp(r->filename, prefix, l) == 0) {
-                        rewritelog(r, 2,
-                                   "[per-dir %s] strip document_root "
-                                   "prefix: %s -> %s",
-                                   dconf->directory, r->filename,
-                                   r->filename+l);
-                        r->filename = ap_pstrdup(r->pool, r->filename+l);
-                    }
-                }
-            }
-
-            /* now initiate the internal redirect */
-            rewritelog(r, 1, "[per-dir %s] internal redirect with %s "
-                       "[INTERNAL REDIRECT]", dconf->directory, r->filename);
-            r->filename = ap_pstrcat(r->pool, "redirect:", r->filename, NULL);
-            r->handler = "redirect-handler";
-            return OK;
-        }
-    }
-    else {
-        rewritelog(r, 1, "[per-dir %s] pass through %s", 
-                   dconf->directory, r->filename);
-        return DECLINED;
-    }
-}
-
-
-/*
-**
-**  Content-Handlers
-**
-**  [used for redirect support]
-**
-*/
-
-static int handler_redirect(request_rec *r)
-{
-    /* just make sure that we are really meant! */
-    if (strncmp(r->filename, "redirect:", 9) != 0) {
-        return DECLINED;
-    }
-
-    if (is_redirect_limit_exceeded(r)) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-                      "mod_rewrite: maximum number of internal redirects "
-                      "reached. Assuming configuration error. Use "
-                      "'RewriteOptions MaxRedirects' to increase the limit "
-                      "if necessary.");
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /* now do the internal redirect */
-    ap_internal_redirect(ap_pstrcat(r->pool, r->filename+9,
-                                    r->args ? "?" : NULL, r->args, NULL), r);
-
-    /* and return gracefully */
-    return OK;
-}
-
-/*
- * check whether redirect limit is reached
- */
-static int is_redirect_limit_exceeded(request_rec *r)
-{
-    request_rec *top = r;
-    rewrite_request_conf *reqc;
-    rewrite_perdir_conf *dconf;
-
-    /* we store it in the top request */
-    while (top->main) {
-        top = top->main;
-    }
-    while (top->prev) {
-        top = top->prev;
-    }
-
-    /* fetch our config */
-    reqc = (rewrite_request_conf *) ap_get_module_config(top->request_config,
-                                                         &rewrite_module);
-
-    /* no config there? create one. */
-    if (!reqc) {
-        rewrite_server_conf *sconf;
-
-        reqc = ap_palloc(top->pool, sizeof(rewrite_request_conf));
-        sconf = ap_get_module_config(r->server->module_config, &rewrite_module);
-
-        reqc->redirects = 0;
-        reqc->redirect_limit = sconf->redirect_limit
-                                 ? sconf->redirect_limit
-                                 : REWRITE_REDIRECT_LIMIT;
-
-        /* associate it with this request */
-        ap_set_module_config(top->request_config, &rewrite_module, reqc);
-    }
-
-    /* allow to change the limit during redirects. */
-    dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config,
-                                                        &rewrite_module);
-
-    /* 0 == unset; take server conf ... */
-    if (dconf->redirect_limit) {
-        reqc->redirect_limit = dconf->redirect_limit;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                  "mod_rewrite's internal redirect status: %d/%d.",
-                  reqc->redirects, reqc->redirect_limit);
-
-    /* and now give the caller a hint */
-    return (reqc->redirects++ >= reqc->redirect_limit);
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                  the rewriting engine
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-/*
- *  Apply a complete rule set,
- *  i.e. a list of rewrite rules
- */
-static int apply_rewrite_list(request_rec *r, array_header *rewriterules,
-                              char *perdir)
-{
-    rewriterule_entry *entries;
-    rewriterule_entry *p;
-    int i;
-    int changed;
-    int rc;
-    int s;
-
-    /*
-     *  Iterate over all existing rules
-     */
-    entries = (rewriterule_entry *)rewriterules->elts;
-    changed = 0;
-    loop:
-    for (i = 0; i < rewriterules->nelts; i++) {
-        p = &entries[i];
-
-        /*
-         *  Ignore this rule on subrequests if we are explicitly
-         *  asked to do so or this is a proxy-throughput or a
-         *  forced redirect rule.
-         */
-        if (r->main != NULL &&
-            (p->flags & RULEFLAG_IGNOREONSUBREQ ||
-             p->flags & RULEFLAG_PROXY          ||
-             p->flags & RULEFLAG_FORCEREDIRECT    )) {
-            continue;
-        }
-
-        /*
-         *  Apply the current rule.
-         */
-        rc = apply_rewrite_rule(r, p, perdir);
-        if (rc) {
-            /*
-             *  Indicate a change if this was not a match-only rule.
-             */
-            if (rc != 2) {
-                changed = ((p->flags & RULEFLAG_NOESCAPE)
-                           ? ACTION_NOESCAPE : ACTION_NORMAL);
-            }
-
-            /*
-             *  Pass-Through Feature (`RewriteRule .. .. [PT]'):
-             *  Because the Apache 1.x API is very limited we
-             *  need this hack to pass the rewritten URL to other
-             *  modules like mod_alias, mod_userdir, etc.
-             */
-            if (p->flags & RULEFLAG_PASSTHROUGH) {
-                rewritelog(r, 2, "forcing '%s' to get passed through "
-                           "to next API URI-to-filename handler", r->filename);
-                r->filename = ap_pstrcat(r->pool, "passthrough:",
-                                         r->filename, NULL);
-                changed = ACTION_NORMAL;
-                break;
-            }
-
-            /*
-             *  Rule has the "forbidden" flag set which means that
-             *  we stop processing and indicate this to the caller.
-             */
-            if (p->flags & RULEFLAG_FORBIDDEN) {
-                rewritelog(r, 2, "forcing '%s' to be forbidden", r->filename);
-                r->filename = ap_pstrcat(r->pool, "forbidden:",
-                                         r->filename, NULL);
-                changed = ACTION_NORMAL;
-                break;
-            }
-
-            /*
-             *  Rule has the "gone" flag set which means that
-             *  we stop processing and indicate this to the caller.
-             */
-            if (p->flags & RULEFLAG_GONE) {
-                rewritelog(r, 2, "forcing '%s' to be gone", r->filename);
-                r->filename = ap_pstrcat(r->pool, "gone:", r->filename, NULL);
-                changed = ACTION_NORMAL;
-                break;
-            }
-
-            /*
-             *  Stop processing also on proxy pass-through and
-             *  last-rule and new-round flags.
-             */
-            if (p->flags & RULEFLAG_PROXY) {
-                break;
-            }
-            if (p->flags & RULEFLAG_LASTRULE) {
-                break;
-            }
-
-            /*
-             *  On "new-round" flag we just start from the top of
-             *  the rewriting ruleset again.
-             */
-            if (p->flags & RULEFLAG_NEWROUND) {
-                goto loop;
-            }
-
-            /*
-             *  If we are forced to skip N next rules, do it now.
-             */
-            if (p->skip > 0) {
-                s = p->skip;
-                while (   i < rewriterules->nelts
-                       && s > 0) {
-                    i++;
-                    p = &entries[i];
-                    s--;
-                }
-            }
-        }
-        else {
-            /*
-             *  If current rule is chained with next rule(s),
-             *  skip all this next rule(s)
-             */
-            while (   i < rewriterules->nelts
-                   && p->flags & RULEFLAG_CHAIN) {
-                i++;
-                p = &entries[i];
-            }
-        }
-    }
-    return changed;
-}
-
-/*
- *  Apply a single(!) rewrite rule
- */
-static int apply_rewrite_rule(request_rec *r, rewriterule_entry *p,
-                              char *perdir)
-{
-    char *uri;
-    char *output;
-    const char *vary;
-    char newuri[MAX_STRING_LEN];
-    regex_t *regexp;
-    regmatch_t regmatch[AP_MAX_REG_MATCH];
-    backrefinfo *briRR = NULL;
-    backrefinfo *briRC = NULL;
-    int prefixstrip;
-    int failed;
-    array_header *rewriteconds;
-    rewritecond_entry *conds;
-    rewritecond_entry *c;
-    int i;
-    int rc;
-
-    /*
-     *  Initialisation
-     */
-    uri     = r->filename;
-    regexp  = p->regexp;
-    output  = p->output;
-
-    /*
-     *  Add (perhaps splitted away) PATH_INFO postfix to URL to
-     *  make sure we really match against the complete URL.
-     */
-    if (perdir != NULL && r->path_info != NULL && r->path_info[0] != '\0') {
-        rewritelog(r, 3, "[per-dir %s] add path-info postfix: %s -> %s%s",
-                   perdir, uri, uri, r->path_info);
-        uri = ap_pstrcat(r->pool, uri, r->path_info, NULL);
-    }
-
-    /*
-     *  On per-directory context (.htaccess) strip the location
-     *  prefix from the URL to make sure patterns apply only to
-     *  the local part.  Additionally indicate this special
-     *  threatment in the logfile.
-     */
-    prefixstrip = 0;
-    if (perdir != NULL) {
-        if (   strlen(uri) >= strlen(perdir)
-            && strncmp(uri, perdir, strlen(perdir)) == 0) {
-            rewritelog(r, 3, "[per-dir %s] strip per-dir prefix: %s -> %s",
-                       perdir, uri, uri+strlen(perdir));
-            uri = uri+strlen(perdir);
-            prefixstrip = 1;
-        }
-    }
-
-    /*
-     *  Try to match the URI against the RewriteRule pattern
-     *  and exit immeddiately if it didn't apply.
-     */
-    if (perdir == NULL) {
-        rewritelog(r, 3, "applying pattern '%s' to uri '%s'",
-                   p->pattern, uri);
-    }
-    else {
-        rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'",
-                   perdir, p->pattern, uri);
-    }
-    rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0);
-    if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
-           (!rc &&  (p->flags & RULEFLAG_NOTMATCH))   ) ) {
-        return 0;
-    }
-
-    /*
-     *  Else create the RewriteRule `regsubinfo' structure which
-     *  holds the substitution information.
-     */
-    briRR = (backrefinfo *)ap_palloc(r->pool, sizeof(backrefinfo));
-    if (!rc && (p->flags & RULEFLAG_NOTMATCH)) {
-        /*  empty info on negative patterns  */
-        briRR->source = "";
-        briRR->nsub   = 0;
-    }
-    else {
-        briRR->source = ap_pstrdup(r->pool, uri);
-        briRR->nsub   = regexp->re_nsub;
-        memcpy((void *)(briRR->regmatch), (void *)(regmatch),
-               sizeof(regmatch));
-    }
-
-    /*
-     *  Initiallally create the RewriteCond backrefinfo with
-     *  empty backrefinfo, i.e. not subst parts
-     *  (this one is adjusted inside apply_rewrite_cond() later!!)
-     */
-    briRC = (backrefinfo *)ap_pcalloc(r->pool, sizeof(backrefinfo));
-    briRC->source = "";
-    briRC->nsub   = 0;
-
-    /*
-     *  Ok, we already know the pattern has matched, but we now
-     *  additionally have to check for all existing preconditions
-     *  (RewriteCond) which have to be also true. We do this at
-     *  this very late stage to avoid unnecessary checks which
-     *  would slow down the rewriting engine!!
-     */
-    rewriteconds = p->rewriteconds;
-    conds = (rewritecond_entry *)rewriteconds->elts;
-    failed = 0;
-    for (i = 0; i < rewriteconds->nelts; i++) {
-        c = &conds[i];
-        rc = apply_rewrite_cond(r, c, perdir, briRR, briRC);
-        if (c->flags & CONDFLAG_ORNEXT) {
-            /*
-             *  The "OR" case
-             */
-            if (rc == 0) {
-                /*  One condition is false, but another can be
-                 *  still true, so we have to continue...
-                 */
-                ap_table_unset(r->notes, VARY_KEY_THIS);
-                continue;
-            }
-            else {
-                /*  One true condition is enough in "or" case, so
-                 *  skip the other conditions which are "ornext"
-                 *  chained
-                 */
-                while (   i < rewriteconds->nelts
-                       && c->flags & CONDFLAG_ORNEXT) {
-                    i++;
-                    c = &conds[i];
-                }
-                continue;
-            }
-        }
-        else {
-            /*
-             *  The "AND" case, i.e. no "or" flag,
-             *  so a single failure means total failure.
-             */
-            if (rc == 0) {
-                failed = 1;
-                break;
-            }
-        }
-        vary = ap_table_get(r->notes, VARY_KEY_THIS);
-        if (vary != NULL) {
-            ap_table_merge(r->notes, VARY_KEY, vary);
-            ap_table_unset(r->notes, VARY_KEY_THIS);
-        }
-    }
-    /*  if any condition fails the complete rule fails  */
-    if (failed) {
-        ap_table_unset(r->notes, VARY_KEY);
-        ap_table_unset(r->notes, VARY_KEY_THIS);
-        return 0;
-    }
-
-    /*
-     * Regardless of what we do next, we've found a match.  Check to see
-     * if any of the request header fields were involved, and add them
-     * to the Vary field of the response.
-     */
-    if ((vary = ap_table_get(r->notes, VARY_KEY)) != NULL) {
-        ap_table_merge(r->headers_out, "Vary", vary);
-        ap_table_unset(r->notes, VARY_KEY);
-    }
-
-    /*
-     *  If this is a pure matching rule (`RewriteRule <pat> -')
-     *  we stop processing and return immediately. The only thing
-     *  we have not to forget are the environment variables
-     *  (`RewriteRule <pat> - [E=...]')
-     */
-    if (strcmp(output, "-") == 0) {
-	do_expand_env(r, p->env, briRR, briRC);
-        if (p->forced_mimetype != NULL) {
-            if (perdir == NULL) {
-                /* In the per-server context we can force the MIME-type
-                 * the correct way by notifying our MIME-type hook handler
-                 * to do the job when the MIME-type API stage is reached.
-                 */
-                rewritelog(r, 2, "remember %s to have MIME-type '%s'",
-                           r->filename, p->forced_mimetype);
-                ap_table_setn(r->notes, REWRITE_FORCED_MIMETYPE_NOTEVAR,
-                              p->forced_mimetype);
-            }
-            else {
-                /* In per-directory context we operate in the Fixup API hook
-                 * which is after the MIME-type hook, so our MIME-type handler
-                 * has no chance to set r->content_type. And because we are
-                 * in the situation where no substitution takes place no
-                 * sub-request will happen (which could solve the
-                 * restriction). As a workaround we do it ourself now
-                 * immediately although this is not strictly API-conforming.
-                 * But it's the only chance we have...
-                 */
-                rewritelog(r, 1, "[per-dir %s] force %s to have MIME-type "
-                           "'%s'", perdir, r->filename, p->forced_mimetype);
-                r->content_type = p->forced_mimetype;
-            }
-        }
-        return 2;
-    }
-
-    /*
-     *  Ok, now we finally know all patterns have matched and
-     *  that there is something to replace, so we create the
-     *  substitution URL string in `newuri'.
-     */
-    do_expand(r, output, newuri, sizeof(newuri), briRR, briRC);
-    if (perdir == NULL) {
-        rewritelog(r, 2, "rewrite %s -> %s", uri, newuri);
-    }
-    else {
-        rewritelog(r, 2, "[per-dir %s] rewrite %s -> %s", perdir, uri, newuri);
-    }
-
-    /*
-     *  Additionally do expansion for the environment variable
-     *  strings (`RewriteRule .. .. [E=<string>]').
-     */
-    do_expand_env(r, p->env, briRR, briRC);
-
-    /*
-     *  Now replace API's knowledge of the current URI:
-     *  Replace r->filename with the new URI string and split out
-     *  an on-the-fly generated QUERY_STRING part into r->args
-     */
-    r->filename = ap_pstrdup(r->pool, newuri);
-    splitout_queryargs(r, p->flags & RULEFLAG_QSAPPEND);
-
-    /*
-     *  Add the previously stripped per-directory location
-     *  prefix if the new URI is not a new one for this
-     *  location, i.e. if it's not an absolute URL (!) path nor
-     *  a fully qualified URL scheme.
-     */
-    if (prefixstrip && *r->filename != '/'
-	&& !is_absolute_uri(r->filename)) {
-        rewritelog(r, 3, "[per-dir %s] add per-dir prefix: %s -> %s%s",
-                   perdir, r->filename, perdir, r->filename);
-        r->filename = ap_pstrcat(r->pool, perdir, r->filename, NULL);
-    }
-
-    /*
-     *  If this rule is forced for proxy throughput
-     *  (`RewriteRule ... ... [P]') then emulate mod_proxy's
-     *  URL-to-filename handler to be sure mod_proxy is triggered
-     *  for this URL later in the Apache API. But make sure it is
-     *  a fully-qualified URL. (If not it is qualified with
-     *  ourself).
-     */
-    if (p->flags & RULEFLAG_PROXY) {
-        fully_qualify_uri(r);
-        if (perdir == NULL) {
-            rewritelog(r, 2, "forcing proxy-throughput with %s", r->filename);
-        }
-        else {
-            rewritelog(r, 2, "[per-dir %s] forcing proxy-throughput with %s",
-                       perdir, r->filename);
-        }
-        r->filename = ap_pstrcat(r->pool, "proxy:", r->filename, NULL);
-        return 1;
-    }
-
-    /*
-     *  If this rule is explicitly forced for HTTP redirection
-     *  (`RewriteRule .. .. [R]') then force an external HTTP
-     *  redirect. But make sure it is a fully-qualified URL. (If
-     *  not it is qualified with ourself).
-     */
-    if (p->flags & RULEFLAG_FORCEREDIRECT) {
-        fully_qualify_uri(r);
-        if (perdir == NULL) {
-            rewritelog(r, 2,
-                       "explicitly forcing redirect with %s", r->filename);
-        }
-        else {
-            rewritelog(r, 2,
-                       "[per-dir %s] explicitly forcing redirect with %s",
-                       perdir, r->filename);
-        }
-        r->status = p->forced_responsecode;
-        return 1;
-    }
-
-    /*
-     *  Special Rewriting Feature: Self-Reduction
-     *  We reduce the URL by stripping a possible
-     *  http[s]://<ourhost>[:<port>] prefix, i.e. a prefix which
-     *  corresponds to ourself. This is to simplify rewrite maps
-     *  and to avoid recursion, etc. When this prefix is not a
-     *  coincidence then the user has to use [R] explicitly (see
-     *  above).
-     */
-    reduce_uri(r);
-
-    /*
-     *  If this rule is still implicitly forced for HTTP
-     *  redirection (`RewriteRule .. <scheme>://...') then
-     *  directly force an external HTTP redirect.
-     */
-    if (is_absolute_uri(r->filename)) {
-        if (perdir == NULL) {
-            rewritelog(r, 2,
-                       "implicitly forcing redirect (rc=%d) with %s",
-                       p->forced_responsecode, r->filename);
-        }
-        else {
-            rewritelog(r, 2, "[per-dir %s] implicitly forcing redirect "
-                       "(rc=%d) with %s", perdir, p->forced_responsecode,
-                       r->filename);
-        }
-        r->status = p->forced_responsecode;
-        return 1;
-    }
-
-    /*
-     *  Finally we had to remember if a MIME-type should be
-     *  forced for this URL (`RewriteRule .. .. [T=<type>]')
-     *  Later in the API processing phase this is forced by our
-     *  MIME API-hook function. This time its no problem even for
-     *  the per-directory context (where the MIME-type hook was
-     *  already processed) because a sub-request happens ;-)
-     */
-    if (p->forced_mimetype != NULL) {
-        ap_table_setn(r->notes, REWRITE_FORCED_MIMETYPE_NOTEVAR,
-                      p->forced_mimetype);
-        if (perdir == NULL) {
-            rewritelog(r, 2, "remember %s to have MIME-type '%s'",
-                       r->filename, p->forced_mimetype);
-        }
-        else {
-            rewritelog(r, 2,
-                       "[per-dir %s] remember %s to have MIME-type '%s'",
-                       perdir, r->filename, p->forced_mimetype);
-        }
-    }
-
-    /*
-     *  Puuhhhhhhhh... WHAT COMPLICATED STUFF ;_)
-     *  But now we're done for this particular rule.
-     */
-    return 1;
-}
-
-static int apply_rewrite_cond(request_rec *r, rewritecond_entry *p,
-                              char *perdir, backrefinfo *briRR,
-                              backrefinfo *briRC)
-{
-    char input[MAX_STRING_LEN];
-    struct stat sb;
-    request_rec *rsub;
-    regmatch_t regmatch[AP_MAX_REG_MATCH];
-    int rc;
-
-    /*
-     *   Construct the string we match against
-     */
-
-    do_expand(r, p->input, input, sizeof(input), briRR, briRC);
-
-    /*
-     *   Apply the patterns
-     */
-
-    rc = 0;
-    if (strcmp(p->pattern, "-f") == 0) {
-        if (stat(input, &sb) == 0) {
-            if (S_ISREG(sb.st_mode)) {
-                rc = 1;
-            }
-        }
-    }
-    else if (strcmp(p->pattern, "-s") == 0) {
-        if (stat(input, &sb) == 0) {
-            if (S_ISREG(sb.st_mode) && sb.st_size > 0) {
-                rc = 1;
-            }
-        }
-    }
-    else if (strcmp(p->pattern, "-l") == 0) {
-        if (lstat(input, &sb) == 0) {
-            if (S_ISLNK(sb.st_mode)) {
-                rc = 1;
-            }
-        }
-    }
-    else if (strcmp(p->pattern, "-d") == 0) {
-        if (stat(input, &sb) == 0) {
-            if (S_ISDIR(sb.st_mode)) {
-                rc = 1;
-            }
-        }
-    }
-    else if (strcmp(p->pattern, "-U") == 0) {
-        /* avoid infinite subrequest recursion */
-        if (strlen(input) > 0 && subreq_ok(r)) {
-
-            /* run a URI-based subrequest */
-            rsub = ap_sub_req_lookup_uri(input, r);
-
-            /* URI exists for any result up to 3xx, redirects allowed */
-            if (rsub->status < 400)
-                rc = 1;
-
-            /* log it */
-            rewritelog(r, 5, "RewriteCond URI (-U) check: "
-                       "path=%s -> status=%d", input, rsub->status);
-
-            /* cleanup by destroying the subrequest */
-            ap_destroy_sub_req(rsub);
-        }
-    }
-    else if (strcmp(p->pattern, "-F") == 0) {
-        /* avoid infinite subrequest recursion */
-        if (strlen(input) > 0 && subreq_ok(r)) {
-
-            /* process a file-based subrequest:
-             * this differs from -U in that no path translation is done.
-             */
-            rsub = ap_sub_req_lookup_file(input, r);
-
-            /* file exists for any result up to 2xx, no redirects */
-            if (rsub->status < 300 &&
-                /* double-check that file exists since default result is 200 */
-                stat(rsub->filename, &sb) == 0) {
-                rc = 1;
-            }
-
-            /* log it */
-            rewritelog(r, 5, "RewriteCond file (-F) check: path=%s "
-                       "-> file=%s status=%d", input, rsub->filename, 
-                       rsub->status);
-
-            /* cleanup by destroying the subrequest */
-            ap_destroy_sub_req(rsub);
-        }
-    }
-    else if (strlen(p->pattern) > 1 && *(p->pattern) == '>') {
-        rc = (compare_lexicography(input, p->pattern+1) == 1 ? 1 : 0);
-    }
-    else if (strlen(p->pattern) > 1 && *(p->pattern) == '<') {
-        rc = (compare_lexicography(input, p->pattern+1) == -1 ? 1 : 0);
-    }
-    else if (strlen(p->pattern) > 1 && *(p->pattern) == '=') {
-        if (strcmp(p->pattern+1, "\"\"") == 0) {
-            rc = (*input == '\0');
-        }
-        else {
-            rc = (strcmp(input, p->pattern+1) == 0 ? 1 : 0);
-        }
-    }
-    else {
-        /* it is really a regexp pattern, so apply it */
-        rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0);
-
-        /* if it isn't a negated pattern and really matched
-           we update the passed-through regex subst info structure */
-        if (rc && !(p->flags & CONDFLAG_NOTMATCH)) {
-            briRC->source = ap_pstrdup(r->pool, input);
-            briRC->nsub   = p->regexp->re_nsub;
-            memcpy((void *)(briRC->regmatch), (void *)(regmatch),
-                   sizeof(regmatch));
-        }
-    }
-
-    /* if this is a non-matching regexp, just negate the result */
-    if (p->flags & CONDFLAG_NOTMATCH) {
-        rc = !rc;
-    }
-
-    rewritelog(r, 4, "RewriteCond: input='%s' pattern='%s%s' => %s",
-               input, (p->flags & CONDFLAG_NOTMATCH ? "!" : ""),
-               p->pattern, rc ? "matched" : "not-matched");
-
-    /* end just return the result */
-    return rc;
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |              URL transformation functions
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-/*
-**
-**  perform all the expansions on the input string
-**  leaving the result in the supplied buffer
-**
-*/
-
-static void do_expand(request_rec *r, char *input, char *buffer, int nbuf,
-		       backrefinfo *briRR, backrefinfo *briRC)
-{
-    char *inp, *outp;
-    size_t span, space;
-
-    /*
-     * for security reasons this expansion must be perfomed in a
-     * single pass, otherwise an attacker can arrange for the result
-     * of an earlier expansion to include expansion specifiers that
-     * are interpreted by a later expansion, producing results that
-     * were not intended by the administrator.
-     */
-
-    inp = input;
-    outp = buffer;
-    space = nbuf - 1; /* room for '\0' */
-
-    for (;;) {
-	span = strcspn(inp, "\\$%");
-	if (span > space) {
-	    span = space;
-	}
-	memcpy(outp, inp, span);
-	inp += span;
-	outp += span;
-	space -= span;
-	if (space == 0 || *inp == '\0') {
-	    break;
-	}
-	/* now we have a '\', '$', or '%' */
-        if (inp[0] == '\\') {
-            if (inp[1] != '\0') {
-                inp++;
-                goto skip;
-            }
-        }
-	else if (inp[1] == '{') {
-	    char *endp;
-	    endp = find_closing_bracket(inp+2, '{', '}');
-	    if (endp == NULL) {
-		goto skip;
-	    }
-	    /*
-	     * These lookups may be recursive in a very convoluted
-	     * fashion -- see the LA-U and LA-F variable expansion
-	     * prefixes -- so we copy lookup keys to a separate buffer
-	     * rather than adding zero bytes in order to use them in
-	     * place.
-	     */
-	    if (inp[0] == '$') {
-		/* ${...} map lookup expansion */
-		/*
-		 * To make rewrite maps useful the lookup key and
-		 * default values must be expanded, so we make
-		 * recursive calls to do the work. For security
-		 * reasons we must never expand a string that includes
-		 * verbatim data from the network. The recursion here
-		 * isn't a problem because the result of expansion is
-		 * only passed to lookup_map() so it cannot be
-		 * re-expanded, only re-looked-up. Another way of
-		 * looking at it is that the recursion is entirely
-		 * driven by the syntax of the nested curly brackets.
-		 */
-		char *map, *key, *dflt, *result;
-		char xkey[MAX_STRING_LEN];
-		char xdflt[MAX_STRING_LEN];
-		key = find_char_in_brackets(inp+2, ':', '{', '}');
-		if (key == NULL) {
-		    goto skip;
-                }
-		map  = ap_pstrndup(r->pool, inp+2, key-inp-2);
-		dflt = find_char_in_brackets(key+1, '|', '{', '}');
-		if (dflt == NULL) {
-		    key  = ap_pstrndup(r->pool, key+1, endp-key-1);
-		    dflt = "";
-		}
-                else {
-		    key  = ap_pstrndup(r->pool, key+1, dflt-key-1);
-		    dflt = ap_pstrndup(r->pool, dflt+1, endp-dflt-1);
-		}
-		do_expand(r, key,  xkey,  sizeof(xkey),  briRR, briRC);
-		result = lookup_map(r, map, xkey);
-		if (result) {
-		    span = ap_cpystrn(outp, result, space) - outp;
-		} else {
-		    do_expand(r, dflt, xdflt, sizeof(xdflt), briRR, briRC);
-		    span = ap_cpystrn(outp, xdflt, space) - outp;
-		}
-	    }
-	    else if (inp[0] == '%') {
-		/* %{...} variable lookup expansion */
-		char *var;
-		var  = ap_pstrndup(r->pool, inp+2, endp-inp-2);
-		span = ap_cpystrn(outp, lookup_variable(r, var), space) - outp;
-	    }
-	    else {
-		span = 0;
-	    }
-	    inp = endp+1;
-	    outp += span;
-	    space -= span;
-	    continue;
-	}
-	else if (ap_isdigit(inp[1])) {
-	    int n = inp[1] - '0';
-	    backrefinfo *bri = NULL;
-	    if (inp[0] == '$') {
-		/* $N RewriteRule regexp backref expansion */
-		bri = briRR;
-	    }
-	    else if (inp[0] == '%') {
-		/* %N RewriteCond regexp backref expansion */
-		bri = briRC;
-	    }
-	    /* see ap_pregsub() in src/main/util.c */
-            if (bri && n < AP_MAX_REG_MATCH &&
-		bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
-		span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
-		if (span > space) {
-		    span = space;
-		}
-		memcpy(outp, bri->source + bri->regmatch[n].rm_so, span);
-		outp += span;
-		space -= span;
-	    }
-	    inp += 2;
-	    continue;
-	}
-    skip:
-	*outp++ = *inp++;
-	space--;
-    }
-    *outp++ = '\0';
-}
-
-
-/*
-**
-**  perform all the expansions on the environment variables
-**
-*/
-
-static void do_expand_env(request_rec *r, char *env[],
-			  backrefinfo *briRR, backrefinfo *briRC)
-{
-    int i;
-    char buf[MAX_STRING_LEN];
-
-    for (i = 0; env[i] != NULL; i++) {
-	do_expand(r, env[i], buf, sizeof(buf), briRR, briRC);
-	add_env_variable(r, buf);
-    }
-}
-
-
-/*
-**
-**  split out a QUERY_STRING part from
-**  the current URI string
-**
-*/
-
-static void splitout_queryargs(request_rec *r, int qsappend)
-{
-    char *q;
-    char *olduri;
-
-    /* don't touch, unless it's an http or mailto URL.
-     * See RFC 1738 and RFC 2368.
-     */
-    if (   is_absolute_uri(r->filename)
-        && strncasecmp(r->filename, "http", 4)
-        && strncasecmp(r->filename, "mailto", 6)) {
-        r->args = NULL; /* forget the query that's still flying around */
-        return;
-    }
-
-    q = strchr(r->filename, '?');
-    if (q != NULL) {
-        olduri = ap_pstrdup(r->pool, r->filename);
-        *q++ = '\0';
-        if (qsappend) {
-            r->args = ap_pstrcat(r->pool, q, "&", r->args, NULL);
-        }
-        else {
-            r->args = ap_pstrdup(r->pool, q);
-        }
-        if (strlen(r->args) == 0) {
-            r->args = NULL;
-            rewritelog(r, 3, "split uri=%s -> uri=%s, args=<none>", olduri,
-                       r->filename);
-        }
-        else {
-            if (r->args[strlen(r->args)-1] == '&') {
-                r->args[strlen(r->args)-1] = '\0';
-            }
-            rewritelog(r, 3, "split uri=%s -> uri=%s, args=%s", olduri,
-                       r->filename, r->args);
-        }
-    }
-
-    return;
-}
-
-
-/*
-**
-**  strip 'http[s]://ourhost/' from URI
-**
-*/
-
-static void reduce_uri(request_rec *r)
-{
-    char *cp;
-    unsigned short port;
-    char *portp;
-    char *hostp;
-    char *url;
-    char c;
-    char host[LONG_STRING_LEN];
-    char buf[MAX_STRING_LEN];
-    char *olduri;
-    int l;
-
-    cp = ap_http_method(r);
-    l  = strlen(cp);
-    if (   (int)strlen(r->filename) > l+3 
-        && strncasecmp(r->filename, cp, l) == 0
-        && r->filename[l]   == ':'
-        && r->filename[l+1] == '/'
-        && r->filename[l+2] == '/'             ) {
-        /* there was really a rewrite to a remote path */
-
-        olduri = ap_pstrdup(r->pool, r->filename); /* save for logging */
-
-        /* cut the hostname and port out of the URI */
-        ap_cpystrn(buf, r->filename+(l+3), sizeof(buf));
-        hostp = buf;
-        for (cp = hostp; *cp != '\0' && *cp != '/' && *cp != ':'; cp++)
-            ;
-        if (*cp == ':') {
-            /* set host */
-            *cp++ = '\0';
-            ap_cpystrn(host, hostp, sizeof(host));
-            /* set port */
-            portp = cp;
-            for (; *cp != '\0' && *cp != '/'; cp++)
-                ;
-            c = *cp;
-            *cp = '\0';
-            port = atoi(portp);
-            *cp = c;
-            /* set remaining url */
-            url = cp;
-        }
-        else if (*cp == '/') {
-            /* set host */
-            *cp = '\0';
-            ap_cpystrn(host, hostp, sizeof(host));
-            *cp = '/';
-            /* set port */
-            port = ap_default_port(r);
-            /* set remaining url */
-            url = cp;
-        }
-        else {
-            /* set host */
-            ap_cpystrn(host, hostp, sizeof(host));
-            /* set port */
-            port = ap_default_port(r);
-            /* set remaining url */
-            url = "/";
-        }
-
-        /* now check whether we could reduce it to a local path... */
-        if (ap_matches_request_vhost(r, host, port)) {
-            /* this is our host, so only the URL remains */
-            r->filename = ap_pstrdup(r->pool, url);
-            rewritelog(r, 3, "reduce %s -> %s", olduri, r->filename);
-        }
-    }
-    return;
-}
-
-
-/*
-**
-**  add 'http[s]://ourhost[:ourport]/' to URI
-**  if URI is still not fully qualified
-**
-*/
-
-static void fully_qualify_uri(request_rec *r)
-{
-    char buf[32];
-    const char *thisserver;
-    char *thisport;
-    int port;
-
-    if (!is_absolute_uri(r->filename)) {
-
-        thisserver = ap_get_server_name(r);
-        port = ap_get_server_port(r);
-        if (ap_is_default_port(port,r)) {
-            thisport = "";
-        }
-        else {
-            ap_snprintf(buf, sizeof(buf), ":%u", port);
-            thisport = buf;
-        }
-
-        if (r->filename[0] == '/') {
-            r->filename = ap_psprintf(r->pool, "%s://%s%s%s",
-                                      ap_http_method(r), thisserver,
-                                      thisport, r->filename);
-        }
-        else {
-            r->filename = ap_psprintf(r->pool, "%s://%s%s/%s",
-                                      ap_http_method(r), thisserver,
-                                      thisport, r->filename);
-        }
-    }
-    return;
-}
-
-
-/* return number of chars of the scheme (incl. '://')
- * if the URI is absolute (includes a scheme etc.)
- * otherwise 0.
- *
- * NOTE: If you add new schemes here, please have a
- *       look at escape_absolute_uri and splitout_queryargs.
- *       Not every scheme takes query strings and some schemes
- *       may be handled in a special way.
- *
- * XXX: we should consider a scheme registry, perhaps with
- *      appropriate escape callbacks to allow other modules
- *      to extend mod_rewrite at runtime.
- */
-static unsigned is_absolute_uri(char *uri)
-{
-    /* fast exit */
-    if (*uri == '/' || strlen(uri) <= 5) {
-        return 0;
-    }
-
-    switch (*uri++) {
-    case 'f':
-    case 'F':
-        if (!strncasecmp(uri, "tp://", 5)) {        /* ftp://    */
-            return 6;
-        }
-        break;
-
-    case 'g':
-    case 'G':
-        if (!strncasecmp(uri, "opher://", 8)) {     /* gopher:// */
-            return 9;
-        }
-        break;
-
-    case 'h':
-    case 'H':
-        if (!strncasecmp(uri, "ttp://", 6)) {       /* http://   */
-            return 7;
-        }
-        else if (!strncasecmp(uri, "ttps://", 7)) { /* https://  */
-            return 8;
-        }
-        break;
-
-    case 'l':
-    case 'L':
-        if (!strncasecmp(uri, "dap://", 6)) {       /* ldap://   */
-            return 7;
-        }
-        break;
-
-    case 'm':
-    case 'M':
-        if (!strncasecmp(uri, "ailto:", 6)) {       /* mailto:   */
-            return 7;
-        }
-        break;
-
-    case 'n':
-    case 'N':
-        if (!strncasecmp(uri, "ews:", 4)) {         /* news:     */
-            return 5;
-        }
-        else if (!strncasecmp(uri, "ntp://", 6)) {  /* nntp://   */
-            return 7;
-        }
-        break;
-    }
-
-    return 0;
-}
-
-
-/* escape absolute uri, which may or may not be path oriented.
- * So let's handle them differently.
- */
-static char *escape_absolute_uri(ap_pool *p, char *uri, unsigned scheme)
-{
-    char *cp;
-
-    /* be safe.
-     * NULL should indicate elsewhere, that something's wrong
-     */
-    if (!scheme || strlen(uri) < scheme) {
-        return NULL;
-    }
-
-    cp = uri + scheme;
-
-    /* scheme with authority part? */
-    if (cp[-1] == '/') {
-        /* skip host part */
-        while (*cp && *cp != '/') {
-            ++cp;
-        }
-
-        /* nothing after the hostpart. ready! */
-        if (!*cp || !*++cp) {
-            return ap_pstrdup(p, uri);
-        }
-
-        /* remember the hostname stuff */
-        scheme = cp - uri;
-
-        /* special thing for ldap.
-         * The parts are separated by question marks. From RFC 2255:
-         *     ldapurl = scheme "://" [hostport] ["/"
-         *               [dn ["?" [attributes] ["?" [scope]
-         *               ["?" [filter] ["?" extensions]]]]]]
-         */
-        if (!strncasecmp(uri, "ldap", 4)) {
-            char *token[5];
-            int c = 0;
-
-            token[0] = cp = ap_pstrdup(p, cp);
-            while (*cp && c < 4) {
-                if (*cp == '?') {
-                    token[++c] = cp + 1;
-                    *cp = '\0';
-                }
-                ++cp;
-            }
-
-            return ap_pstrcat(p, ap_pstrndup(p, uri, scheme),
-                                         ap_escape_uri(p, token[0]),
-                              (c >= 1) ? "?" : NULL,
-                              (c >= 1) ? ap_escape_uri(p, token[1]) : NULL,
-                              (c >= 2) ? "?" : NULL,
-                              (c >= 2) ? ap_escape_uri(p, token[2]) : NULL,
-                              (c >= 3) ? "?" : NULL,
-                              (c >= 3) ? ap_escape_uri(p, token[3]) : NULL,
-                              (c >= 4) ? "?" : NULL,
-                              (c >= 4) ? ap_escape_uri(p, token[4]) : NULL,
-                              NULL);
-        }
-    }
-
-    /* Nothing special here. Apply normal escaping. */
-    return ap_pstrcat(p, ap_pstrndup(p, uri, scheme),
-                      ap_escape_uri(p, cp), NULL);
-}
-
-/*
-**
-**  Expand tilde-paths (/~user) through
-**  Unix /etc/passwd database information
-**
-*/
-static char *expand_tildepaths(request_rec *r, char *uri)
-{
-    char user[LONG_STRING_LEN];
-    struct passwd *pw;
-    char *newuri;
-    int i, j;
-
-    newuri = uri;
-    if (uri != NULL && strlen(uri) > 2 && uri[0] == '/' && uri[1] == '~') {
-        /* cut out the username */
-        for (j = 0, i = 2; j < sizeof(user)-1
-               && uri[i] != '\0'
-               && uri[i] != '/'  ; ) {
-            user[j++] = uri[i++];
-        }
-        user[j] = '\0';
-
-        /* lookup username in systems passwd file */
-        if ((pw = getpwnam(user)) != NULL) {
-            /* ok, user was found, so expand the ~user string */
-            if (uri[i] != '\0') {
-                /* ~user/anything...  has to be expanded */
-                if (pw->pw_dir[strlen(pw->pw_dir)-1] == '/') {
-                    pw->pw_dir[strlen(pw->pw_dir)-1] = '\0';
-                }
-                newuri = ap_pstrcat(r->pool, pw->pw_dir, uri+i, NULL);
-            }
-            else {
-                /* only ~user has to be expanded */
-                newuri = ap_pstrdup(r->pool, pw->pw_dir);
-            }
-        }
-    }
-    return newuri;
-}
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |              DBM hashfile support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-static char *lookup_map(request_rec *r, char *name, char *key)
-{
-    void *sconf;
-    rewrite_server_conf *conf;
-    array_header *rewritemaps;
-    rewritemap_entry *entries;
-    rewritemap_entry *s;
-    char *value;
-    struct stat st;
-    int i;
-
-    /* get map configuration */
-    sconf = r->server->module_config;
-    conf  = (rewrite_server_conf *)ap_get_module_config(sconf, 
-                                                        &rewrite_module);
-    rewritemaps = conf->rewritemaps;
-
-    entries = (rewritemap_entry *)rewritemaps->elts;
-    for (i = 0; i < rewritemaps->nelts; i++) {
-        s = &entries[i];
-        if (strcmp(s->name, name) == 0) {
-            if (s->type == MAPTYPE_TXT) {
-                if (stat(s->checkfile, &st) == -1) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                                 "mod_rewrite: can't access text RewriteMap "
-                                 "file %s", s->checkfile);
-                    rewritelog(r, 1, "can't open RewriteMap file, "
-                               "see error log");
-                    return NULL;
-                }
-                value = get_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key);
-                if (value == NULL) {
-                    rewritelog(r, 6, "cache lookup FAILED, forcing new "
-                               "map lookup");
-                    if ((value =
-                         lookup_map_txtfile(r, s->datafile, key)) != NULL) {
-                        rewritelog(r, 5, "map lookup OK: map=%s key=%s[txt] "
-                                   "-> val=%s", s->name, key, value);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, value);
-                        return value;
-                    }
-                    else {
-                        rewritelog(r, 5, "map lookup FAILED: map=%s[txt] "
-                                   "key=%s", s->name, key);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, "");
-                        return NULL;
-                    }
-                }
-                else {
-                    rewritelog(r, 5, "cache lookup OK: map=%s[txt] key=%s "
-                               "-> val=%s", s->name, key, value);
-                    return value[0] != '\0' ? value : NULL;
-                }
-            }
-            else if (s->type == MAPTYPE_DBM) {
-                if (stat(s->checkfile, &st) == -1) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                                 "mod_rewrite: can't access DBM RewriteMap "
-                                 "file %s", s->checkfile);
-                    rewritelog(r, 1, "can't open DBM RewriteMap file, "
-                               "see error log");
-                    return NULL;
-                }
-                value = get_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key);
-                if (value == NULL) {
-                    rewritelog(r, 6,
-                               "cache lookup FAILED, forcing new map lookup");
-                    if ((value =
-                         lookup_map_dbmfile(r, s->datafile, key)) != NULL) {
-                        rewritelog(r, 5, "map lookup OK: map=%s[dbm] key=%s "
-                                   "-> val=%s", s->name, key, value);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, value);
-                        return value;
-                    }
-                    else {
-                        rewritelog(r, 5, "map lookup FAILED: map=%s[dbm] "
-                                   "key=%s", s->name, key);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, "");
-                        return NULL;
-                    }
-                }
-                else {
-                    rewritelog(r, 5, "cache lookup OK: map=%s[dbm] key=%s "
-                               "-> val=%s", s->name, key, value);
-                    return value[0] != '\0' ? value : NULL;
-                }
-            }
-            else if (s->type == MAPTYPE_PRG) {
-                if ((value =
-                     lookup_map_program(r, s->fpin, s->fpout, key)) != NULL) {
-                    rewritelog(r, 5, "map lookup OK: map=%s key=%s -> val=%s",
-                               s->name, key, value);
-                    return value;
-                }
-                else {
-                    rewritelog(r, 5, "map lookup FAILED: map=%s key=%s",
-                               s->name, key);
-                }
-            }
-            else if (s->type == MAPTYPE_INT) {
-                if ((value = lookup_map_internal(r, s->func, key)) != NULL) {
-                    rewritelog(r, 5, "map lookup OK: map=%s key=%s -> val=%s",
-                               s->name, key, value);
-                    return value;
-                }
-                else {
-                    rewritelog(r, 5, "map lookup FAILED: map=%s key=%s",
-                               s->name, key);
-                }
-            }
-            else if (s->type == MAPTYPE_RND) {
-                if (stat(s->checkfile, &st) == -1) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                                 "mod_rewrite: can't access text RewriteMap "
-                                 "file %s", s->checkfile);
-                    rewritelog(r, 1, "can't open RewriteMap file, "
-                               "see error log");
-                    return NULL;
-                }
-                value = get_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key);
-                if (value == NULL) {
-                    rewritelog(r, 6, "cache lookup FAILED, forcing new "
-                               "map lookup");
-                    if ((value =
-                         lookup_map_txtfile(r, s->datafile, key)) != NULL) {
-                        rewritelog(r, 5, "map lookup OK: map=%s key=%s[txt] "
-                                   "-> val=%s", s->name, key, value);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, value);
-                    }
-                    else {
-                        rewritelog(r, 5, "map lookup FAILED: map=%s[txt] "
-                                   "key=%s", s->name, key);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, "");
-                        return NULL;
-                    }
-                }
-                else {
-                    rewritelog(r, 5, "cache lookup OK: map=%s[txt] key=%s "
-                               "-> val=%s", s->name, key, value);
-                }
-                if (value[0] != '\0') {
-                   value = select_random_value_part(r, value);
-                   rewritelog(r, 5, "randomly choosen the subvalue `%s'", value);
-                }
-                else {
-                    value = NULL;
-                }
-                return value;
-            }
-        }
-    }
-    return NULL;
-}
-
-static char *lookup_map_txtfile(request_rec *r, char *file, char *key)
-{
-    FILE *fp = NULL;
-    char line[1024];
-    char *value = NULL;
-    char *cpT;
-    size_t skip;
-    char *curkey;
-    char *curval;
-
-    if ((fp = ap_pfopen(r->pool, file, "r")) == NULL) {
-       return NULL;
-    }
-
-    while (fgets(line, sizeof(line), fp) != NULL) {
-        if (line[0] == '#')
-            continue; /* ignore comments */
-        cpT = line;
-        curkey = cpT;
-        skip = strcspn(cpT," \t\r\n");
-        if (skip == 0)
-            continue; /* ignore lines that start with a space, tab, CR, or LF */
-        cpT += skip;
-        *cpT = '\0';
-        if (strcmp(curkey, key) != 0)
-            continue; /* key does not match... */
-            
-        /* found a matching key; now extract and return the value */
-        ++cpT;
-        skip = strspn(cpT, " \t\r\n");
-        cpT += skip;
-        curval = cpT;
-        skip = strcspn(cpT, " \t\r\n");
-        if (skip == 0)
-            continue; /* no value... */
-        cpT += skip;
-        *cpT = '\0';
-        value = ap_pstrdup(r->pool, curval);
-        break;
-    }
-    ap_pfclose(r->pool, fp);
-    return value;
-}
-
-static char *lookup_map_dbmfile(request_rec *r, char *file, char *key)
-{
-    DBM *dbmfp = NULL;
-    datum dbmkey;
-    datum dbmval;
-    char *value = NULL;
-    char buf[MAX_STRING_LEN];
-    size_t len;
-
-    dbmkey.dptr  = key;
-    dbmkey.dsize = strlen(key);
-    if ((dbmfp = dbm_open(file, O_RDONLY, 0666)) != NULL) {
-        dbmval = dbm_fetch(dbmfp, dbmkey);
-        if (dbmval.dptr != NULL) {
-            len = dbmval.dsize < sizeof(buf)-1 ? 
-                  dbmval.dsize : sizeof(buf)-1;
-            memcpy(buf, dbmval.dptr, len);
-            buf[len] = '\0';
-            value = ap_pstrdup(r->pool, buf);
-        }
-        dbm_close(dbmfp);
-    }
-    return value;
-}
-
-static char *lookup_map_program(request_rec *r, int fpin, int fpout, char *key)
-{
-    char buf[LONG_STRING_LEN];
-    char c;
-    int i;
-    struct iovec iov[2];
-
-    /* when `RewriteEngine off' was used in the per-server
-     * context then the rewritemap-programs were not spawned.
-     * In this case using such a map (usually in per-dir context)
-     * is useless because it is not available.
-     */
-    if (fpin == -1 || fpout == -1) {
-        return NULL;
-    }
-
-    /* take the lock */
-    rewritelock_alloc(r);
-
-    /* write out the request key */
-    iov[0].iov_base = key;
-    iov[0].iov_len = strlen(key);
-    iov[1].iov_base = "\n";
-    iov[1].iov_len = 1;
-    writev(fpin, iov, 2);
-
-    /* read in the response value */
-    i = 0;
-    while (read(fpout, &c, 1) == 1 && (i < LONG_STRING_LEN-1)) {
-        if (c == '\n') {
-            break;
-        }
-        buf[i++] = c;
-    }
-    buf[i] = '\0';
-
-    /* give the lock back */
-    rewritelock_free(r);
-
-    if (strcasecmp(buf, "NULL") == 0) {
-        return NULL;
-    }
-    else {
-        return ap_pstrdup(r->pool, buf);
-    }
-}
-
-static char *lookup_map_internal(request_rec *r,
-                                 char *(*func)(request_rec *, char *),
-                                 char *key)
-{
-    /* currently we just let the function convert
-       the key to a corresponding value */
-    return func(r, key);
-}
-
-static char *rewrite_mapfunc_toupper(request_rec *r, char *key)
-{
-    char *value, *cp;
-
-    for (cp = value = ap_pstrdup(r->pool, key); cp != NULL && *cp != '\0';
-         cp++) {
-        *cp = ap_toupper(*cp);
-    }
-    return value;
-}
-
-static char *rewrite_mapfunc_tolower(request_rec *r, char *key)
-{
-    char *value, *cp;
-
-    for (cp = value = ap_pstrdup(r->pool, key); cp != NULL && *cp != '\0';
-         cp++) {
-        *cp = ap_tolower(*cp);
-    }
-    return value;
-}
-
-static char *rewrite_mapfunc_escape(request_rec *r, char *key)
-{
-    char *value;
-
-    value = ap_escape_uri(r->pool, key);
-    return value;
-}
-
-static char *rewrite_mapfunc_unescape(request_rec *r, char *key)
-{
-    char *value;
-
-    value = ap_pstrdup(r->pool, key);
-    ap_unescape_url(value);
-    return value;
-}
-
-static int rewrite_rand(int l, int h)
-{
-    return arc4random_uniform(1 + h - l) + l;
-}
-
-static char *select_random_value_part(request_rec *r, char *value)
-{
-    char *buf;
-    int n, i, k;
-
-    /*  count number of distinct values  */
-    for (n = 1, i = 0; value[i] != '\0'; i++) {
-        if (value[i] == '|') {
-            n++;
-        }
-    }
-
-    /*  when only one value we have no option to choose  */
-    if (n == 1) {
-        return value;
-    }
-
-    /*  else randomly select one  */
-    k = rewrite_rand(1, n);
-
-    /*  and grep it out  */
-    for (n = 1, i = 0; value[i] != '\0'; i++) {
-        if (n == k) {
-            break;
-        }
-        if (value[i] == '|') {
-            n++;
-        }
-    }
-    buf = ap_pstrdup(r->pool, &value[i]);
-    for (i = 0; buf[i] != '\0' && buf[i] != '|'; i++)
-        ;
-    buf[i] = '\0';
-    return buf;
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |              rewriting logfile support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-static void open_rewritelog(server_rec *s, pool *p)
-{
-    rewrite_server_conf *conf;
-    char *fname;
-    piped_log *pl;
-    int    rewritelog_flags = ( O_WRONLY|O_APPEND|O_CREAT );
-    mode_t rewritelog_mode  = ( S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH );
-
-    conf = ap_get_module_config(s->module_config, &rewrite_module);
-
-    if (conf->rewritelogfile == NULL) {
-        return;
-    }
-    if (*(conf->rewritelogfile) == '\0') {
-        return;
-    }
-    if (conf->rewritelogfp > 0) {
-        return; /* virtual log shared w/ main server */
-    }
-
-    fname = ap_server_root_relative(p, conf->rewritelogfile);
-
-    if (*conf->rewritelogfile == '|') {
-        if ((pl = ap_open_piped_log(p, conf->rewritelogfile+1)) == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s, 
-                         "mod_rewrite: could not open reliable pipe "
-                         "to RewriteLog filter %s", conf->rewritelogfile+1);
-            exit(1);
-        }
-        conf->rewritelogfp = ap_piped_log_write_fd(pl);
-    }
-    else if (*conf->rewritelogfile != '\0') {
-	if (ap_server_chroot_desired()) {
-		conf->rewritelogfp = fdcache_open(fname, rewritelog_flags,
-		    rewritelog_mode);
-	} else {
-		conf->rewritelogfp = ap_popenf_ex(p, fname, rewritelog_flags,
-		    rewritelog_mode, 1);
-	}
-        if (conf->rewritelogfp < 0) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s, 
-
-                         "mod_rewrite: could not open RewriteLog "
-                         "file %s", fname);
-            exit(1);
-        }
-    }
-    return;
-}
-
-static void rewritelog(request_rec *r, int level, const char *text, ...)
-{
-    rewrite_server_conf *conf;
-    conn_rec *conn;
-    char *str1;
-    char str2[512];
-    char str3[1024];
-    char type[20];
-    char redir[20];
-    va_list ap;
-    int i;
-    request_rec *req;
-    char *ruser;
-    const char *rhost;
-
-    va_start(ap, text);
-    conf = ap_get_module_config(r->server->module_config, &rewrite_module);
-    conn = r->connection;
-
-    if (conf->rewritelogfp < 0) {
-        return;
-    }
-    if (conf->rewritelogfile == NULL) {
-        return;
-    }
-    if (*(conf->rewritelogfile) == '\0') {
-        return;
-    }
-
-    if (level > conf->rewriteloglevel) {
-        return;
-    }
-
-    if (conn->user == NULL) {
-        ruser = "-";
-    }
-    else if (strlen(conn->user) != 0) {
-        ruser = conn->user;
-    }
-    else {
-        ruser = "\"\"";
-    }
-
-    rhost = ap_get_remote_host(conn, r->server->module_config, 
-                               REMOTE_NOLOOKUP);
-    if (rhost == NULL) {
-        rhost = "UNKNOWN-HOST";
-    }
-
-    str1 = ap_pstrcat(r->pool, rhost, " ",
-                      (conn->remote_logname != NULL ?
-                      conn->remote_logname : "-"), " ",
-                      ruser, NULL);
-    ap_vsnprintf(str2, sizeof(str2), text, ap);
-
-    if (r->main == NULL) {
-        strlcpy(type, "initial", sizeof(type));
-    }
-    else {
-        strlcpy(type, "subreq", sizeof(type));
-    }
-
-    for (i = 0, req = r; req->prev != NULL; req = req->prev) {
-        i++;
-    }
-    if (i == 0) {
-        redir[0] = '\0';
-    }
-    else {
-        ap_snprintf(redir, sizeof(redir), "/redir#%d", i);
-    }
-
-    ap_snprintf(str3, sizeof(str3),
-                "%s %s [%s/sid#%lx][rid#%lx/%s%s] (%d) %s\n", str1,
-                current_logtime(r), ap_get_server_name(r),
-                (unsigned long)(r->server), (unsigned long)r,
-                type, redir, level, str2);
-
-    fd_lock(r, conf->rewritelogfp);
-    write(conf->rewritelogfp, str3, strlen(str3));
-    fd_unlock(r, conf->rewritelogfp);
-
-    va_end(ap);
-    return;
-}
-
-static char *current_logtime(request_rec *r)
-{
-    int timz;
-    struct tm *t;
-    char tstr[80];
-    char sign;
-
-    t = ap_get_gmtoff(&timz);
-    sign = (timz < 0 ? '-' : '+');
-    if (timz < 0) {
-        timz = -timz;
-    }
-
-    strftime(tstr, 80, "[%d/%b/%Y:%H:%M:%S ", t);
-    ap_snprintf(tstr + strlen(tstr), 80-strlen(tstr), "%c%.2d%.2d]",
-                sign, timz/60, timz%60);
-    return ap_pstrdup(r->pool, tstr);
-}
-
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |              rewriting lockfile support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-#define REWRITELOCK_MODE ( S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH )
-
-static void rewritelock_create(server_rec *s, pool *p)
-{
-    /* only operate if a lockfile is used */
-    if (lockname == NULL || *(lockname) == '\0') {
-        return;
-    }
-
-    /* fixup the path, especially for rewritelock_remove() */
-    lockname = ap_server_root_relative(p, lockname);
-
-    /* create the lockfile */
-    unlink(lockname);
-    if ((lockfd = ap_popenf_ex(p, lockname, O_WRONLY|O_CREAT,
-                                         REWRITELOCK_MODE, 1)) < 0) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "mod_rewrite: Parent could not create RewriteLock "
-                     "file %s", lockname);
-        exit(1);
-    }
-    /* make sure the childs have access to this file */
-    if (geteuid() == 0 /* is superuser */)
-        chown(lockname, ap_user_id, -1 /* no gid change */);
-
-
-    return;
-}
-
-static void rewritelock_open(server_rec *s, pool *p)
-{
-    /* only operate if a lockfile is used */
-    if (lockname == NULL || *(lockname) == '\0') {
-        return;
-    }
-
-    /* open the lockfile (once per child) to get a unique fd */
-    if ((lockfd = ap_popenf_ex(p, lockname, O_WRONLY,
-                                         REWRITELOCK_MODE, 1)) < 0) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "mod_rewrite: Child could not open RewriteLock "
-                     "file %s", lockname);
-        exit(1);
-    }
-    return;
-}
-
-static void rewritelock_remove(void *data)
-{
-    /* only operate if a lockfile is used */
-    if (lockname == NULL || *(lockname) == '\0') {
-        return;
-    }
-
-    /* remove the lockfile */
-    unlink(lockname);
-    lockname = NULL;
-    lockfd = -1;
-
-}
-
-static void rewritelock_alloc(request_rec *r)
-{
-    if (lockfd != -1) {
-        fd_lock(r, lockfd);
-    }
-    return;
-}
-
-static void rewritelock_free(request_rec *r)
-{
-    if (lockfd != -1) {
-        fd_unlock(r, lockfd);
-    }
-    return;
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                  program map support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-static void run_rewritemap_programs(server_rec *s, pool *p)
-{
-    rewrite_server_conf *conf;
-    FILE *fpin;
-    FILE *fpout;
-    FILE *fperr;
-    array_header *rewritemaps;
-    rewritemap_entry *entries;
-    rewritemap_entry *map;
-    int i;
-    int rc;
-
-    conf = ap_get_module_config(s->module_config, &rewrite_module);
-
-    /*  If the engine isn't turned on,
-     *  don't even try to do anything.
-     */
-    if (conf->state == ENGINE_DISABLED) {
-        return;
-    }
-
-    rewritemaps = conf->rewritemaps;
-    entries = (rewritemap_entry *)rewritemaps->elts;
-    for (i = 0; i < rewritemaps->nelts; i++) {
-        map = &entries[i];
-        if (map->type != MAPTYPE_PRG) {
-            continue;
-        }
-        if (map->datafile == NULL
-            || *(map->datafile) == '\0'
-            || map->fpin  != -1
-            || map->fpout != -1        ) {
-            continue;
-        }
-        fpin  = NULL;
-        fpout = NULL;
-        rc = ap_spawn_child(p, rewritemap_program_child,
-                            (void *)map->datafile, kill_after_timeout,
-                            &fpin, &fpout, &fperr);
-        if (rc == 0 || fpin == NULL || fpout == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "mod_rewrite: could not fork child for "
-                         "RewriteMap process");
-            exit(1);
-        }
-        map->fpin  = fileno(fpin);
-        map->fpout = fileno(fpout);
-        map->fperr = fileno(fperr);
-    }
-    return;
-}
-
-/* child process code */
-static int rewritemap_program_child(void *cmd, child_info *pinfo)
-{
-    int child_pid = 1;
-
-    /*
-     * Prepare for exec
-     */
-    ap_cleanup_for_exec();
-    signal(SIGHUP, SIG_IGN);
-
-    /*
-     * Exec() the child program
-     */
-    /* Standard Unix */
-    execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, (char *)NULL);
-    return(child_pid);
-}
-
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |             environment variable support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-static char *lookup_variable(request_rec *r, char *var)
-{
-    const char *result;
-    char resultbuf[LONG_STRING_LEN];
-    time_t tc;
-    struct tm *tm;
-    request_rec *rsub;
-    struct passwd *pw;
-    struct group *gr;
-    struct stat finfo;
-
-    result = NULL;
-
-    /* HTTP headers */
-    if (strcasecmp(var, "HTTP_USER_AGENT") == 0) {
-        result = lookup_header(r, "User-Agent");
-    }
-    else if (strcasecmp(var, "HTTP_REFERER") == 0) {
-        result = lookup_header(r, "Referer");
-    }
-    else if (strcasecmp(var, "HTTP_COOKIE") == 0) {
-        result = lookup_header(r, "Cookie");
-    }
-    else if (strcasecmp(var, "HTTP_FORWARDED") == 0) {
-        result = lookup_header(r, "Forwarded");
-    }
-    else if (strcasecmp(var, "HTTP_HOST") == 0) {
-        result = lookup_header(r, "Host");
-    }
-    else if (strcasecmp(var, "HTTP_PROXY_CONNECTION") == 0) {
-        result = lookup_header(r, "Proxy-Connection");
-    }
-    else if (strcasecmp(var, "HTTP_ACCEPT") == 0) {
-        result = lookup_header(r, "Accept");
-    }
-    /* all other headers from which we are still not know about */
-    else if (strlen(var) > 5 && strncasecmp(var, "HTTP:", 5) == 0) {
-        result = lookup_header(r, var+5);
-    }
-
-    /* connection stuff */
-    else if (strcasecmp(var, "REMOTE_ADDR") == 0) {
-        result = r->connection->remote_ip;
-    }
-    else if (strcasecmp(var, "REMOTE_HOST") == 0) {
-        result = (char *)ap_get_remote_host(r->connection,
-                                         r->per_dir_config, REMOTE_NAME);
-    }
-    else if (strcasecmp(var, "REMOTE_USER") == 0) {
-        result = r->connection->user;
-    }
-    else if (strcasecmp(var, "REMOTE_IDENT") == 0) {
-        result = (char *)ap_get_remote_logname(r);
-    }
-
-    /* request stuff */
-    else if (strcasecmp(var, "THE_REQUEST") == 0) { /* non-standard */
-        result = r->the_request;
-    }
-    else if (strcasecmp(var, "REQUEST_METHOD") == 0) {
-        result = r->method;
-    }
-    else if (strcasecmp(var, "REQUEST_URI") == 0) { /* non-standard */
-        result = r->uri;
-    }
-    else if (strcasecmp(var, "SCRIPT_FILENAME") == 0 ||
-             strcasecmp(var, "REQUEST_FILENAME") == 0  ) {
-        result = r->filename;
-    }
-    else if (strcasecmp(var, "PATH_INFO") == 0) {
-        result = r->path_info;
-    }
-    else if (strcasecmp(var, "QUERY_STRING") == 0) {
-        result = r->args;
-    }
-    else if (strcasecmp(var, "AUTH_TYPE") == 0) {
-        result = r->connection->ap_auth_type;
-    }
-    else if (strcasecmp(var, "IS_SUBREQ") == 0) { /* non-standard */
-        result = (r->main != NULL ? "true" : "false");
-    }
-
-    /* internal server stuff */
-    else if (strcasecmp(var, "DOCUMENT_ROOT") == 0) {
-        result = ap_document_root(r);
-    }
-    else if (strcasecmp(var, "SERVER_ADMIN") == 0) {
-        result = r->server->server_admin;
-    }
-    else if (strcasecmp(var, "SERVER_NAME") == 0) {
-        result = ap_get_server_name(r);
-    }
-    else if (strcasecmp(var, "SERVER_ADDR") == 0) { /* non-standard */
-        result = r->connection->local_ip;
-    }
-    else if (strcasecmp(var, "SERVER_PORT") == 0) {
-        ap_snprintf(resultbuf, sizeof(resultbuf), "%u", ap_get_server_port(r));
-        result = resultbuf;
-    }
-    else if (strcasecmp(var, "SERVER_PROTOCOL") == 0) {
-        result = r->protocol;
-    }
-    else if (strcasecmp(var, "SERVER_SOFTWARE") == 0) {
-        result = ap_get_server_version();
-    }
-    else if (strcasecmp(var, "API_VERSION") == 0) { /* non-standard */
-        ap_snprintf(resultbuf, sizeof(resultbuf), "%d:%d",
-                    MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
-        result = resultbuf;
-    }
-
-    /* underlaying Unix system stuff */
-    else if (strcasecmp(var, "TIME_YEAR") == 0) {
-        tc = time(NULL);
-        tm = localtime(&tc);
-        ap_snprintf(resultbuf, sizeof(resultbuf), "%02d%02d",
-                    (tm->tm_year / 100) + 19, tm->tm_year % 100);
-        result = resultbuf;
-    }
-#define MKTIMESTR(format, tmfield) \
-    tc = time(NULL); \
-    tm = localtime(&tc); \
-    ap_snprintf(resultbuf, sizeof(resultbuf), format, tm->tmfield); \
-    result = resultbuf;
-    else if (strcasecmp(var, "TIME_MON") == 0) {
-        MKTIMESTR("%02d", tm_mon+1)
-    }
-    else if (strcasecmp(var, "TIME_DAY") == 0) {
-        MKTIMESTR("%02d", tm_mday)
-    }
-    else if (strcasecmp(var, "TIME_HOUR") == 0) {
-        MKTIMESTR("%02d", tm_hour)
-    }
-    else if (strcasecmp(var, "TIME_MIN") == 0) {
-        MKTIMESTR("%02d", tm_min)
-    }
-    else if (strcasecmp(var, "TIME_SEC") == 0) {
-        MKTIMESTR("%02d", tm_sec)
-    }
-    else if (strcasecmp(var, "TIME_WDAY") == 0) {
-        MKTIMESTR("%d", tm_wday)
-    }
-    else if (strcasecmp(var, "TIME") == 0) {
-        tc = time(NULL);
-        tm = localtime(&tc);
-        ap_snprintf(resultbuf, sizeof(resultbuf),
-                    "%02d%02d%02d%02d%02d%02d%02d", (tm->tm_year / 100) + 19,
-                    (tm->tm_year % 100), tm->tm_mon+1, tm->tm_mday,
-                    tm->tm_hour, tm->tm_min, tm->tm_sec);
-        result = resultbuf;
-        rewritelog(r, 1, "RESULT='%s'", result);
-    }
-
-    /* all other env-variables from the parent Apache process */
-    else if (strlen(var) > 4 && strncasecmp(var, "ENV:", 4) == 0) {
-        /* first try the internal Apache notes structure */
-        result = ap_table_get(r->notes, var+4);
-        /* second try the internal Apache env structure  */
-        if (result == NULL) {
-            result = ap_table_get(r->subprocess_env, var+4);
-        }
-        /* third try the external OS env */
-        if (result == NULL) {
-            result = getenv(var+4);
-        }
-    }
-
-#define LOOKAHEAD(subrecfunc) \
-        if ( \
-          /* filename is safe to use */ \
-          r->filename != NULL \
-              /* - and we're either not in a subrequest */ \
-              && ( r->main == NULL \
-                  /* - or in a subrequest where paths are non-NULL... */ \
-                    || ( r->main->uri != NULL && r->uri != NULL \
-                        /*   ...and sub and main paths differ */ \
-                        && strcmp(r->main->uri, r->uri) != 0))) { \
-            /* process a file-based subrequest */ \
-            rsub = subrecfunc(r->filename, r); \
-            /* now recursively lookup the variable in the sub_req */ \
-            result = lookup_variable(rsub, var+5); \
-            /* copy it up to our scope before we destroy sub_req's pool */ \
-            result = ap_pstrdup(r->pool, result); \
-            /* cleanup by destroying the subrequest */ \
-            ap_destroy_sub_req(rsub); \
-            /* log it */ \
-            rewritelog(r, 5, "lookahead: path=%s var=%s -> val=%s", \
-                       r->filename, var+5, result); \
-            /* return ourself to prevent re-pstrdup */ \
-            return (char *)result; \
-        }
-
-    /* look-ahead for parameter through URI-based sub-request */
-    else if (strlen(var) > 5 && strncasecmp(var, "LA-U:", 5) == 0) {
-        LOOKAHEAD(ap_sub_req_lookup_uri)
-    }
-    /* look-ahead for parameter through file-based sub-request */
-    else if (strlen(var) > 5 && strncasecmp(var, "LA-F:", 5) == 0) {
-        LOOKAHEAD(ap_sub_req_lookup_file)
-    }
-
-
-    /* file stuff */
-    else if (strcasecmp(var, "SCRIPT_USER") == 0) {
-        result = "<unknown>";
-        if (r->finfo.st_mode != 0) {
-            if ((pw = getpwuid(r->finfo.st_uid)) != NULL) {
-                result = pw->pw_name;
-            }
-        }
-        else {
-            if (stat(r->filename, &finfo) == 0) {
-                if ((pw = getpwuid(finfo.st_uid)) != NULL) {
-                    result = pw->pw_name;
-                }
-            }
-        }
-    }
-    else if (strcasecmp(var, "SCRIPT_GROUP") == 0) {
-        result = "<unknown>";
-        if (r->finfo.st_mode != 0) {
-            if ((gr = getgrgid(r->finfo.st_gid)) != NULL) {
-                result = gr->gr_name;
-            }
-        }
-        else {
-            if (stat(r->filename, &finfo) == 0) {
-                if ((gr = getgrgid(finfo.st_gid)) != NULL) {
-                    result = gr->gr_name;
-                }
-            }
-        }
-    }
-
-    else {
-        ap_hook_use("ap::mod_rewrite::lookup_variable",
-                    AP_HOOK_SIG3(ptr,ptr,ptr), 
-                    AP_HOOK_DECLINE(NULL),
-                    &result, r, var);
-    }
-
-    if (result == NULL) {
-        return ap_pstrdup(r->pool, "");
-    }
-    else {
-        return ap_pstrdup(r->pool, result);
-    }
-}
-
-static char *lookup_header(request_rec *r, const char *name)
-{
-    array_header *hdrs_arr;
-    table_entry *hdrs;
-    int i;
-
-    hdrs_arr = ap_table_elts(r->headers_in);
-    hdrs = (table_entry *)hdrs_arr->elts;
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-        if (hdrs[i].key == NULL) {
-            continue;
-        }
-        if (strcasecmp(hdrs[i].key, name) == 0) {
-            ap_table_merge(r->notes, VARY_KEY_THIS, name);
-            return hdrs[i].val;
-        }
-    }
-    return NULL;
-}
-
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                    caching support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-static cache *init_cache(pool *p)
-{
-    cache *c;
-
-    c = (cache *)ap_palloc(p, sizeof(cache));
-    c->pool = ap_make_sub_pool(p);
-    c->lists = ap_make_array(c->pool, 2, sizeof(cachelist));
-    return c;
-}
-
-static void set_cache_string(cache *c, char *res, int mode, time_t t,
-                             char *key, char *value)
-{
-    cacheentry ce;
-
-    ce.time  = t;
-    ce.key   = key;
-    ce.value = value;
-    store_cache_string(c, res, &ce);
-    return;
-}
-
-static char *get_cache_string(cache *c, char *res, int mode,
-                              time_t t, char *key)
-{
-    cacheentry *ce;
-
-    ce = retrieve_cache_string(c, res, key);
-    if (ce == NULL) {
-        return NULL;
-    }
-    if (mode & CACHEMODE_TS) {
-        if (t != ce->time) {
-            return NULL;
-        }
-    }
-    else if (mode & CACHEMODE_TTL) {
-        if (t > ce->time) {
-            return NULL;
-        }
-    }
-    return ap_pstrdup(c->pool, ce->value);
-}
-
-static int cache_tlb_hash(char *key)
-{
-    unsigned long n;
-    char *p;
-
-    n = 0;
-    for (p = key; *p != '\0'; p++) {
-        n = ((n << 5) + n) ^ (unsigned long)(*p++);
-    }
-
-    return (int)(n % CACHE_TLB_ROWS);
-}
-
-static cacheentry *cache_tlb_lookup(cachetlbentry *tlb, cacheentry *elt,
-                                    char *key)
-{
-    int ix = cache_tlb_hash(key);
-    int i;
-    int j;
-
-    for (i=0; i < CACHE_TLB_COLS; ++i) {
-        j = tlb[ix].t[i];
-        if (j < 0)
-            return NULL;
-        if (strcmp(elt[j].key, key) == 0)
-            return &elt[j];
-    }
-    return NULL;
-}
-
-static void cache_tlb_replace(cachetlbentry *tlb, cacheentry *elt,
-                              cacheentry *e)
-{
-    int ix = cache_tlb_hash(e->key);
-    int i;
-
-    tlb = &tlb[ix];
-
-    for (i=1; i < CACHE_TLB_COLS; ++i)
-        tlb->t[i] = tlb->t[i-1];
-
-    tlb->t[0] = e - elt;
-}
-
-static void store_cache_string(cache *c, char *res, cacheentry *ce)
-{
-    int i;
-    int j;
-    cachelist *l;
-    cacheentry *e;
-    cachetlbentry *t;
-    int found_list;
-
-    found_list = 0;
-    /* first try to edit an existing entry */
-    for (i = 0; i < c->lists->nelts; i++) {
-        l = &(((cachelist *)c->lists->elts)[i]);
-        if (strcmp(l->resource, res) == 0) {
-            found_list = 1;
-
-            e = cache_tlb_lookup((cachetlbentry *)l->tlb->elts,
-                                 (cacheentry *)l->entries->elts, ce->key);
-            if (e != NULL) {
-                e->time  = ce->time;
-                e->value = ap_pstrdup(c->pool, ce->value);
-                return;
-            }
-
-            for (j = 0; j < l->entries->nelts; j++) {
-                e = &(((cacheentry *)l->entries->elts)[j]);
-                if (strcmp(e->key, ce->key) == 0) {
-                    e->time  = ce->time;
-                    e->value = ap_pstrdup(c->pool, ce->value);
-                  cache_tlb_replace((cachetlbentry *)l->tlb->elts,
-                                    (cacheentry *)l->entries->elts, e);
-                    return;
-                }
-            }
-        }
-    }
-
-    /* create a needed new list */
-    if (!found_list) {
-        l = ap_push_array(c->lists);
-        l->resource = ap_pstrdup(c->pool, res);
-        l->entries  = ap_make_array(c->pool, 2, sizeof(cacheentry));
-        l->tlb      = ap_make_array(c->pool, CACHE_TLB_ROWS,
-                                    sizeof(cachetlbentry));
-        for (i=0; i<CACHE_TLB_ROWS; ++i) {
-            t = &((cachetlbentry *)l->tlb->elts)[i];
-                for (j=0; j<CACHE_TLB_COLS; ++j)
-                    t->t[j] = -1;
-        }
-    }
-
-    /* create the new entry */
-    for (i = 0; i < c->lists->nelts; i++) {
-        l = &(((cachelist *)c->lists->elts)[i]);
-        if (strcmp(l->resource, res) == 0) {
-            e = ap_push_array(l->entries);
-            e->time  = ce->time;
-            e->key   = ap_pstrdup(c->pool, ce->key);
-            e->value = ap_pstrdup(c->pool, ce->value);
-            cache_tlb_replace((cachetlbentry *)l->tlb->elts,
-                              (cacheentry *)l->entries->elts, e);
-            return;
-        }
-    }
-
-    /* not reached, but when it is no problem... */
-    return;
-}
-
-static cacheentry *retrieve_cache_string(cache *c, char *res, char *key)
-{
-    int i;
-    int j;
-    cachelist *l;
-    cacheentry *e;
-
-    for (i = 0; i < c->lists->nelts; i++) {
-        l = &(((cachelist *)c->lists->elts)[i]);
-        if (strcmp(l->resource, res) == 0) {
-
-            e = cache_tlb_lookup((cachetlbentry *)l->tlb->elts,
-                                 (cacheentry *)l->entries->elts, key);
-            if (e != NULL)
-                return e;
-
-            for (j = 0; j < l->entries->nelts; j++) {
-                e = &(((cacheentry *)l->entries->elts)[j]);
-                if (strcmp(e->key, key) == 0) {
-                    return e;
-                }
-            }
-        }
-    }
-    return NULL;
-}
-
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                    misc functions
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-static char *subst_prefix_path(request_rec *r, char *input, char *match,
-                               char *subst)
-{
-    char matchbuf[LONG_STRING_LEN];
-    char substbuf[LONG_STRING_LEN];
-    char *output;
-    int l;
-
-    output = input;
-
-    /* first create a match string which always has a trailing slash */
-    l = ap_cpystrn(matchbuf, match, sizeof(matchbuf) - 1) - matchbuf;
-    if (!l || matchbuf[l-1] != '/') {
-       matchbuf[l] = '/';
-       matchbuf[l+1] = '\0';
-       l++;
-    }
-    /* now compare the prefix */
-    if (strncmp(input, matchbuf, l) == 0) {
-        rewritelog(r, 5, "strip matching prefix: %s -> %s", output, output+l);
-        output = ap_pstrdup(r->pool, output+l);
-
-        /* and now add the base-URL as replacement prefix */
-        l = ap_cpystrn(substbuf, subst, sizeof(substbuf) - 1) - substbuf;
-        if (!l || substbuf[l-1] != '/') {
-           substbuf[l] = '/';
-           substbuf[l+1] = '\0';
-           l++;
-        }
-        if (output[0] == '/') {
-            rewritelog(r, 4, "add subst prefix: %s -> %s%s",
-                       output, substbuf, output+1);
-            output = ap_pstrcat(r->pool, substbuf, output+1, NULL);
-        }
-        else {
-            rewritelog(r, 4, "add subst prefix: %s -> %s%s",
-                       output, substbuf, output);
-            output = ap_pstrcat(r->pool, substbuf, output, NULL);
-        }
-    }
-    return output;
-}
-
-
-/*
-**
-**  own command line parser which don't have the '\\' problem
-**
-*/
-
-static int parseargline(char *str, char **a1, char **a2, char **a3)
-{
-    char *cp;
-    int isquoted;
-
-#define SKIP_WHITESPACE(cp) \
-    for ( ; *cp == ' ' || *cp == '\t'; ) { \
-        cp++; \
-    };
-
-#define CHECK_QUOTATION(cp,isquoted) \
-    isquoted = 0; \
-    if (*cp == '"') { \
-        isquoted = 1; \
-        cp++; \
-    }
-
-#define DETERMINE_NEXTSTRING(cp,isquoted) \
-    for ( ; *cp != '\0'; cp++) { \
-        if (   (isquoted    && (*cp     == ' ' || *cp     == '\t')) \
-            || (*cp == '\\' && (*(cp+1) == ' ' || *(cp+1) == '\t'))) { \
-            cp++; \
-            continue; \
-        } \
-        if (   (!isquoted && (*cp == ' ' || *cp == '\t')) \
-            || (isquoted  && *cp == '"')                  ) { \
-            break; \
-        } \
-    }
-
-    cp = str;
-    SKIP_WHITESPACE(cp);
-
-    /*  determine first argument */
-    CHECK_QUOTATION(cp, isquoted);
-    *a1 = cp;
-    DETERMINE_NEXTSTRING(cp, isquoted);
-    if (*cp == '\0') {
-        return 1;
-    }
-    *cp++ = '\0';
-
-    SKIP_WHITESPACE(cp);
-
-    /*  determine second argument */
-    CHECK_QUOTATION(cp, isquoted);
-    *a2 = cp;
-    DETERMINE_NEXTSTRING(cp, isquoted);
-    if (*cp == '\0') {
-        *cp++ = '\0';
-        *a3 = NULL;
-        return 0;
-    }
-    *cp++ = '\0';
-
-    SKIP_WHITESPACE(cp);
-
-    /* again check if there are only two arguments */
-    if (*cp == '\0') {
-        *cp++ = '\0';
-        *a3 = NULL;
-        return 0;
-    }
-
-    /*  determine second argument */
-    CHECK_QUOTATION(cp, isquoted);
-    *a3 = cp;
-    DETERMINE_NEXTSTRING(cp, isquoted);
-    *cp++ = '\0';
-
-    return 0;
-}
-
-
-static void add_env_variable(request_rec *r, char *s)
-{
-    char var[MAX_STRING_LEN];
-    char val[MAX_STRING_LEN];
-    char *cp;
-    int n;
-
-    if ((cp = strchr(s, ':')) != NULL) {
-        n = ((cp-s) > MAX_STRING_LEN-1 ? MAX_STRING_LEN-1 : (cp-s));
-        memcpy(var, s, n);
-        var[n] = '\0';
-        ap_cpystrn(val, cp+1, sizeof(val));
-        ap_table_set(r->subprocess_env, var, val);
-        rewritelog(r, 5, "setting env variable '%s' to '%s'", var, val);
-    }
-}
-
-
-/*
-**
-**  check that a subrequest won't cause infinite recursion
-**
-*/
-
-static int subreq_ok(request_rec *r)
-{
-    /*
-     * either not in a subrequest, or in a subrequest
-     * and URIs aren't NULL and sub/main URIs differ
-     */
-    return (r->main == NULL ||
-	    (r->main->uri != NULL && r->uri != NULL &&
-	     strcmp(r->main->uri, r->uri) != 0));
-}
-
-
-/*
-**
-**  stat() for only the prefix of a path
-**
-*/
-
-static int prefix_stat(const char *path, ap_pool *pool)
-{
-    const char *curpath = path;
-    char *root;
-    char *slash;
-    char *statpath;
-    struct stat sb;
-
-    if (!ap_os_is_path_absolute(curpath)) {
-        return 0;
-    }
-
-    /* need to be a bit tricky here.
-     * Actually we're looking for the first path segment ...
-     */
-    if (*curpath != '/') {
-        /* be safe: +1 = '\0'; +1 = possible additional '\0'
-         * from ap_make_dirstr_prefix
-         */
-        root = ap_palloc(pool, strlen(curpath) + 2);
-        slash = ap_make_dirstr_prefix(root, curpath, 1);
-        curpath += strlen(root);
-    }
-    else {
-            root = "/";
-            ++curpath;
-    }
-
-    /* let's recognize slashes only, the mod_rewrite semantics are opaque
-     * enough.
-     */
-    if ((slash = strchr(curpath, '/')) != NULL) {
-        statpath = ap_pstrcat(pool, root,
-                              ap_pstrndup(pool, curpath, slash - curpath),
-                              NULL);
-    }
-    else {
-        statpath = ap_pstrcat(pool, root, curpath, NULL);
-    }
-
-    if (stat(statpath, &sb) == 0) {
-        return 1;
-    }
-
-    return 0;
-}
-
-
-/*
-**
-**  File locking
-**
-*/
-
-#ifdef USE_FCNTL
-static struct flock   lock_it;
-static struct flock unlock_it;
-#endif
-
-static void fd_lock(request_rec *r, int fd)
-{
-    int rc;
-
-#ifdef USE_FCNTL
-    lock_it.l_whence = SEEK_SET; /* from current point */
-    lock_it.l_start  = 0;        /* -"- */
-    lock_it.l_len    = 0;        /* until end of file */
-    lock_it.l_type   = F_WRLCK;  /* set exclusive/write lock */
-    lock_it.l_pid    = 0;        /* pid not actually interesting */
-
-    while (   ((rc = fcntl(fd, F_SETLKW, &lock_it)) < 0)
-              && (errno == EINTR)                               ) {
-        continue;
-    }
-#endif
-#ifdef USE_FLOCK
-    while (   ((rc = flock(fd, LOCK_EX)) < 0)
-              && (errno == EINTR)               ) {
-        continue;
-    }
-#endif
-#ifdef USE_LOCKING
-    /* Lock the first byte, always, assume we want to append
-       and seek to the end afterwards */
-    lseek(fd, 0, SEEK_SET);
-    rc = _locking(fd, _LK_LOCK, 1);
-    lseek(fd, 0, SEEK_END);
-#endif
-
-    if (rc < 0) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                     "mod_rewrite: failed to lock file descriptor");
-        exit(1);
-    }
-    return;
-}
-
-static void fd_unlock(request_rec *r, int fd)
-{
-    int rc;
-
-#ifdef USE_FCNTL
-    unlock_it.l_whence = SEEK_SET; /* from current point */
-    unlock_it.l_start  = 0;        /* -"- */
-    unlock_it.l_len    = 0;        /* until end of file */
-    unlock_it.l_type   = F_UNLCK;  /* unlock */
-    unlock_it.l_pid    = 0;        /* pid not actually interesting */
-
-    rc = fcntl(fd, F_SETLKW, &unlock_it);
-#endif
-#ifdef USE_FLOCK
-    rc = flock(fd, LOCK_UN);
-#endif
-#ifdef USE_LOCKING
-    lseek(fd, 0, SEEK_SET);
-    rc = _locking(fd, _LK_UNLCK, 1);
-    lseek(fd, 0, SEEK_END);
-#endif
-
-    if (rc < 0) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                     "mod_rewrite: failed to unlock file descriptor");
-        exit(1);
-    }
-}
-
-/*
-**
-**  Lexicographic Compare
-**
-*/
-
-static int compare_lexicography(char *cpNum1, char *cpNum2)
-{
-    int i;
-    int n1, n2;
-
-    n1 = strlen(cpNum1);
-    n2 = strlen(cpNum2);
-    if (n1 > n2) {
-        return 1;
-    }
-    if (n1 < n2) {
-        return -1;
-    }
-    for (i = 0; i < n1; i++) {
-        if (cpNum1[i] > cpNum2[i]) {
-            return 1;
-        }
-        if (cpNum1[i] < cpNum2[i]) {
-            return -1;
-        }
-    }
-    return 0;
-}
-
-/*
-**
-**  Bracketed expression handling
-**  s points after the opening bracket
-**
-*/
-
-static char *find_closing_bracket(char *s, int left, int right)
-{
-    int depth;
-
-    for (depth = 1; *s; ++s) {
-	if (*s == right && --depth == 0) {
-	    return s;
-	}
-	else if (*s == left) {
-	    ++depth;
-	}
-    }
-    return NULL;
-}
-
-static char *find_char_in_brackets(char *s, int c, int left, int right)
-{
-    int depth;
-
-    for (depth = 1; *s; ++s) {
-	if (*s == c && depth == 1) {
-	    return s;
-	}
-	else if (*s == right && --depth == 0) {
-	    return NULL;
-	}
-	else if (*s == left) {
-	    ++depth;
-	}
-    }
-    return NULL;
-}
-
-/*EOF*/
diff --git a/usr.sbin/httpd/src/modules/standard/mod_rewrite.h b/usr.sbin/httpd/src/modules/standard/mod_rewrite.h
deleted file mode 100644
index 7d13aa7a2c5..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_rewrite.h
+++ /dev/null
@@ -1,496 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-
-#ifndef _MOD_REWRITE_H
-#define _MOD_REWRITE_H 1
-
-/*
-**                       _                            _ _
-**   _ __ ___   ___   __| |    _ __ _____      ___ __(_) |_ ___
-**  | '_ ` _ \ / _ \ / _` |   | '__/ _ \ \ /\ / / '__| | __/ _ \
-**  | | | | | | (_) | (_| |   | | |  __/\ V  V /| |  | | ||  __/
-**  |_| |_| |_|\___/ \__,_|___|_|  \___| \_/\_/ |_|  |_|\__\___|
-**                       |_____|
-**
-**  URL Rewriting Module
-**
-**  This module uses a rule-based rewriting engine (based on a
-**  regular-expression parser) to rewrite requested URLs on the fly.
-**
-**  It supports an unlimited number of additional rule conditions (which can
-**  operate on a lot of variables, even on HTTP headers) for granular
-**  matching and even external database lookups (either via plain text
-**  tables, DBM hash files or even external processes) for advanced URL
-**  substitution.
-**
-**  It operates on the full URLs (including the PATH_INFO part) both in
-**  per-server context (httpd.conf) and per-dir context (.htaccess) and even
-**  can generate QUERY_STRING parts on result.   The rewriting result finally
-**  can lead to internal subprocessing, external request redirection or even
-**  to internal proxy throughput.
-**
-**  This module was originally written in April 1996 and
-**  gifted exclusively to the The Apache Group in July 1997 by
-**
-**      Ralf S. Engelschall
-**      rse@engelschall.com
-**      www.engelschall.com
-*/
-
-
-    /* Include from the underlaying Unix system ... */
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <time.h>
-#include <signal.h>
-#include <errno.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-    /* Include from the Apache server ... */
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_vhost.h"
-
-    /*
-     * The key in the r->notes table wherein we store our accumulated
-     * Vary values, and the one used for per-condition checks in a chain.
-     */
-#define VARY_KEY "rewrite-Vary"
-#define VARY_KEY_THIS "rewrite-Vary-this"
-
-    /* The NDBM support:
-     * We support only NDBM files.
-     * But we have to stat the file for the mtime,
-     * so we also need to know the file extension
-     */
-#include <ndbm.h>
-#if defined(DBM_SUFFIX)
-#define NDBM_FILE_SUFFIX DBM_SUFFIX
-#elif (defined(DB_LOCK) && defined(DB_SHMEM))
-#define NDBM_FILE_SUFFIX ".db"
-#else
-#define NDBM_FILE_SUFFIX ".pag"
-#endif
-
-
-    /* The locking support:
-     * Try to determine whether we should use fcntl() or flock().
-     * Would be better ap_config.h could provide this... :-(
-     * Small monkey business to ensure that fcntl is preferred,
-     * unless we specified USE_FLOCK_SERIALIZED_ACCEPT during compile.
-     */
-#define USE_FLOCK 1
-#include <sys/file.h>
-#if !defined(USE_FCNTL) && !defined(USE_FLOCK)
-#define USE_FLOCK 1
-#include <sys/file.h>
-#ifndef LOCK_UN
-#undef USE_FLOCK
-#define USE_FCNTL 1
-#include <fcntl.h>
-#endif
-#endif
-
-
-/*
-**
-**  Some defines
-**
-*/
-
-#define ENVVAR_SCRIPT_URL "SCRIPT_URL"
-#define ENVVAR_SCRIPT_URI "SCRIPT_URI"
-
-#ifndef SUPPORT_DBM_REWRITEMAP
-#define SUPPORT_DBM_REWRITEMAP 0
-#endif
-
-#define REWRITE_FORCED_MIMETYPE_NOTEVAR "rewrite-forced-mimetype"
-
-#define CONDFLAG_NONE               1<<0
-#define CONDFLAG_NOCASE             1<<1
-#define CONDFLAG_NOTMATCH           1<<2
-#define CONDFLAG_ORNEXT             1<<3
-
-#define RULEFLAG_NONE               1<<0
-#define RULEFLAG_FORCEREDIRECT      1<<1
-#define RULEFLAG_LASTRULE           1<<2
-#define RULEFLAG_NEWROUND           1<<3
-#define RULEFLAG_CHAIN              1<<4
-#define RULEFLAG_IGNOREONSUBREQ     1<<5
-#define RULEFLAG_NOTMATCH           1<<6
-#define RULEFLAG_PROXY              1<<7
-#define RULEFLAG_PASSTHROUGH        1<<8
-#define RULEFLAG_FORBIDDEN          1<<9
-#define RULEFLAG_GONE               1<<10
-#define RULEFLAG_QSAPPEND           1<<11
-#define RULEFLAG_NOCASE             1<<12
-#define RULEFLAG_NOESCAPE           1<<13
-
-#define ACTION_NORMAL               1<<0
-#define ACTION_NOESCAPE             1<<1
-
-#define MAPTYPE_TXT                 1<<0
-#define MAPTYPE_DBM                 1<<1
-#define MAPTYPE_PRG                 1<<2
-#define MAPTYPE_INT                 1<<3
-#define MAPTYPE_RND                 1<<4
-
-#define ENGINE_DISABLED             1<<0
-#define ENGINE_ENABLED              1<<1
-
-#define OPTION_NONE                 1<<0
-#define OPTION_INHERIT              1<<1
-
-#define CACHEMODE_TS                1<<0
-#define CACHEMODE_TTL               1<<1
-
-#define CACHE_TLB_ROWS 1024
-#define CACHE_TLB_COLS 4
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE  !FALSE
-#endif
-
-#ifndef NO
-#define NO    FALSE
-#define YES   TRUE
-#endif
-
-#ifndef RAND_MAX
-#define RAND_MAX 32767
-#endif
-
-#ifndef LONG_STRING_LEN
-#define LONG_STRING_LEN 2048
-#endif
-
-#define MAX_ENV_FLAGS 15
-
-/* default maximum number of internal redirects */
-#define REWRITE_REDIRECT_LIMIT 10
-
-/*
-**
-**  our private data structures we handle with
-**
-*/
-
-    /* the list structures for holding the mapfile information
-     * and the rewrite rules
-     */
-typedef struct {
-    char *name;                    /* the name of the map */
-    char *datafile;                /* filename for map data files */
-    char *checkfile;               /* filename to check for map existence */
-    int   type;                    /* the type of the map */
-    int   fpin;                    /* in  file pointer for program maps */
-    int   fpout;                   /* out file pointer for program maps */
-    int   fperr;                   /* err file pointer for program maps */
-    char *(*func)(request_rec *,   /* function pointer for internal maps */
-                  char *);
-} rewritemap_entry;
-
-typedef struct {
-    char    *input;                /* Input string of RewriteCond */
-    char    *pattern;              /* the RegExp pattern string */
-    regex_t *regexp;
-    int      flags;                /* Flags which control the match */
-} rewritecond_entry;
-
-typedef struct {
-    array_header *rewriteconds;    /* the corresponding RewriteCond entries */
-    char    *pattern;              /* the RegExp pattern string */
-    regex_t *regexp;               /* the RegExp pattern compilation */
-    char    *output;               /* the Substitution string */
-    int      flags;                /* Flags which control the substitution */
-    char    *forced_mimetype;      /* forced MIME type of substitution */
-    int      forced_responsecode;  /* forced HTTP redirect response status */
-    char    *env[MAX_ENV_FLAGS+1]; /* added environment variables */
-    int      skip;                 /* number of next rules to skip */
-} rewriterule_entry;
-
-
-    /* the per-server or per-virtual-server configuration
-     * statically generated once on startup for every server
-     */
-typedef struct {
-    int           state;           /* the RewriteEngine state */
-    int           options;         /* the RewriteOption state */
-    char         *rewritelogfile;  /* the RewriteLog filename */
-    int           rewritelogfp;    /* the RewriteLog open filepointer */
-    int           rewriteloglevel; /* the RewriteLog level of verbosity */
-    array_header *rewritemaps;     /* the RewriteMap entries */
-    array_header *rewriteconds;    /* the RewriteCond entries (temporary) */
-    array_header *rewriterules;    /* the RewriteRule entries */
-    server_rec   *server;          /* the corresponding server indicator */
-    int          redirect_limit;   /* maximum number of internal redirects */
-} rewrite_server_conf;
-
-
-    /* the per-directory configuration
-     * generated on-the-fly by Apache server for current request
-     */
-typedef struct {
-    int           state;           /* the RewriteEngine state */
-    int           options;         /* the RewriteOption state */
-    array_header *rewriteconds;    /* the RewriteCond entries (temporary) */
-    array_header *rewriterules;    /* the RewriteRule entries */
-    char         *directory;       /* the directory where it applies */
-    char         *baseurl;         /* the base-URL  where it applies */
-    int          redirect_limit;   /* maximum number of internal redirects */
-} rewrite_perdir_conf;
-
-    /* the per-request configuration
-     */
-typedef struct {
-    int           redirects;       /* current number of redirects */
-    int           redirect_limit;  /* maximum number of redirects */
-} rewrite_request_conf;
-
-
-    /* the cache structures,
-     * a 4-way hash table with LRU functionality
-     */
-typedef struct cacheentry {
-    time_t time;
-    char  *key;
-    char  *value;
-} cacheentry;
-
-typedef struct tlbentry {
-    int t[CACHE_TLB_COLS];
-} cachetlbentry;
-
-typedef struct cachelist {
-    char         *resource;
-    array_header *entries;
-    array_header *tlb;
-} cachelist;
-
-typedef struct cache {
-    pool         *pool;
-    array_header *lists;
-} cache;
-
-
-    /* the regex structure for the
-     * substitution of backreferences
-     */
-typedef struct backrefinfo {
-    char *source;
-    int nsub;
-    regmatch_t regmatch[AP_MAX_REG_MATCH];
-} backrefinfo;
-
-
-/*
-**
-**  forward declarations
-**
-*/
-
-    /* config structure handling */
-static void *config_server_create(pool *p, server_rec *s);
-static void *config_server_merge (pool *p, void *basev, void *overridesv);
-static void *config_perdir_create(pool *p, char *path);
-static void *config_perdir_merge (pool *p, void *basev, void *overridesv);
-
-    /* config directive handling */
-static const char *cmd_rewriteengine(cmd_parms *cmd,
-                                     rewrite_perdir_conf *dconf, int flag);
-static const char *cmd_rewriteoptions(cmd_parms *cmd,
-                                      void *in_dconf,
-                                      const char *option);
-static const char *cmd_rewritelog     (cmd_parms *cmd, void *dconf, char *a1);
-static const char *cmd_rewriteloglevel(cmd_parms *cmd, void *dconf, char *a1);
-static const char *cmd_rewritemap     (cmd_parms *cmd, void *dconf, char *a1,
-                                       char *a2);
-static const char *cmd_rewritelock(cmd_parms *cmd, void *dconf, char *a1);
-static const char *cmd_rewritebase(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *a1);
-static const char *cmd_rewritecond(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *str);
-static const char *cmd_rewritecond_parseflagfield(pool *p,
-                                                  rewritecond_entry *new,
-                                                  char *str);
-static const char *cmd_rewritecond_setflag(pool *p, rewritecond_entry *cfg,
-                                           char *key, char *val);
-static const char *cmd_rewriterule(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *str);
-static const char *cmd_rewriterule_parseflagfield(pool *p,
-                                                  rewriterule_entry *new,
-                                                  char *str);
-static const char *cmd_rewriterule_setflag(pool *p, rewriterule_entry *cfg,
-                                           char *key, char *val);
-
-    /* initialisation */
-static void init_module(server_rec *s, pool *p);
-static void init_child(server_rec *s, pool *p);
-
-    /* runtime hooks */
-static int hook_uri2file   (request_rec *r);
-static int hook_mimetype   (request_rec *r);
-static int hook_fixup      (request_rec *r);
-static int handler_redirect(request_rec *r);
-
-    /* rewriting engine */
-static int apply_rewrite_list(request_rec *r, array_header *rewriterules,
-                              char *perdir);
-static int apply_rewrite_rule(request_rec *r, rewriterule_entry *p,
-                              char *perdir);
-static int apply_rewrite_cond(request_rec *r, rewritecond_entry *p,
-                              char *perdir, backrefinfo *briRR,
-                              backrefinfo *briRC);
-
-static void do_expand(request_rec *r, char *input, char *buffer, int nbuf,
-		       backrefinfo *briRR, backrefinfo *briRC);
-static void do_expand_env(request_rec *r, char *env[],
-			  backrefinfo *briRR, backrefinfo *briRC);
-
-    /* URI transformation function */
-static void  splitout_queryargs(request_rec *r, int qsappend);
-static void  fully_qualify_uri(request_rec *r);
-static void  reduce_uri(request_rec *r);
-static unsigned is_absolute_uri(char *uri);
-static char *escape_absolute_uri(ap_pool *p, char *uri, unsigned scheme);
-static char *expand_tildepaths(request_rec *r, char *uri);
-
-    /* rewrite map support functions */
-static char *lookup_map(request_rec *r, char *name, char *key);
-static char *lookup_map_txtfile(request_rec *r, char *file, char *key);
-static char *lookup_map_dbmfile(request_rec *r, char *file, char *key);
-static char *lookup_map_program(request_rec *r, int fpin,
-                                int fpout, char *key);
-static char *lookup_map_internal(request_rec *r,
-                                 char *(*func)(request_rec *r, char *key),
-                                 char *key);
-static char *rewrite_mapfunc_toupper(request_rec *r, char *key);
-static char *rewrite_mapfunc_tolower(request_rec *r, char *key);
-static char *rewrite_mapfunc_escape(request_rec *r, char *key);
-static char *rewrite_mapfunc_unescape(request_rec *r, char *key);
-static char *select_random_value_part(request_rec *r, char *value);
-static void  rewrite_rand_init(void);
-static int   rewrite_rand(int l, int h);
-
-    /* rewriting logfile support */
-static void  open_rewritelog(server_rec *s, pool *p);
-static void  rewritelog(request_rec *r, int level, const char *text, ...)
-                        __attribute__((format(printf,3,4)));
-static char *current_logtime(request_rec *r);
-
-    /* rewriting lockfile support */
-static void rewritelock_create(server_rec *s, pool *p);
-static void rewritelock_open(server_rec *s, pool *p);
-static void rewritelock_remove(void *data);
-static void rewritelock_alloc(request_rec *r);
-static void rewritelock_free(request_rec *r);
-
-    /* program map support */
-static void  run_rewritemap_programs(server_rec *s, pool *p);
-static int   rewritemap_program_child(void *cmd, child_info *pinfo);
-
-    /* env variable support */
-static char *lookup_variable(request_rec *r, char *var);
-static char *lookup_header(request_rec *r, const char *name);
-
-    /* caching functions */
-static cache *init_cache(pool *p);
-static char  *get_cache_string(cache *c, char *res, int mode, time_t mtime,
-                               char *key);
-static void   set_cache_string(cache *c, char *res, int mode, time_t mtime,
-                               char *key, char *value);
-static cacheentry *retrieve_cache_string(cache *c, char *res, char *key);
-static void   store_cache_string(cache *c, char *res, cacheentry *ce);
-
-    /* misc functions */
-static char  *subst_prefix_path(request_rec *r, char *input, char *match,
-                                char *subst);
-static int    parseargline(char *str, char **a1, char **a2, char **a3);
-static int    prefix_stat(const char *path, ap_pool *pool);
-static void   add_env_variable(request_rec *r, char *s);
-static int    subreq_ok(request_rec *r);
-static int    is_redirect_limit_exceeded(request_rec *r);
-
-    /* File locking */
-static void fd_lock(request_rec *r, int fd);
-static void fd_unlock(request_rec *r, int fd);
-
-    /* Lexicographic Comparison */
-static int compare_lexicography(char *cpNum1, char *cpNum2);
-
-    /* Bracketed expression handling */
-static char *find_closing_bracket(char *s, int left, int right);
-static char *find_char_in_brackets(char *s, int c, int left, int right);
-
-    /* Find end of bracketed expression */
-static char *find_closing_bracket(char *s, int left, int right);
-
-#endif /* _MOD_REWRITE_H */
-
-/*EOF*/
diff --git a/usr.sbin/httpd/src/modules/standard/mod_setenvif.c b/usr.sbin/httpd/src/modules/standard/mod_setenvif.c
deleted file mode 100644
index 43941c67928..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_setenvif.c
+++ /dev/null
@@ -1,483 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_setenvif.c
- * Set environment variables based on matching request headers or
- * attributes against regex strings
- * 
- * Paul Sutton <paul@ukweb.com> 27 Oct 1996
- * Based on mod_browser by Alexei Kosut <akosut@organic.com>
- */
-
-/*
- * Used to set environment variables based on the incoming request headers,
- * or some selected other attributes of the request (e.g., the remote host
- * name).
- *
- * Usage:
- *
- *   SetEnvIf name regex var ...
- *
- * where name is either a HTTP request header name, or one of the
- * special values (see below). The 'value' of the header (or the
- * value of the special value from below) are compared against the
- * regex argument. If this is a simple string, a simple sub-string
- * match is performed. Otherwise, a request expression match is
- * done. If the value matches the string or regular expression, the
- * environment variables listed as var ... are set. Each var can 
- * be in one of three formats: var, which sets the named variable
- * (the value value "1"); var=value, which sets the variable to
- * the given value; or !var, which unsets the variable is it has
- * been previously set.
- *
- * Normally the strings are compared with regard to case. To ignore
- * case, use the directive SetEnvIfNoCase instead.
- *
- * Special values for 'name' are:
- *
- *   server_addr       IP address of interface on which request arrived
- *                     (analogous to SERVER_ADDR set in ap_add_common_vars())
- *   remote_host        Remote host name (if available)
- *   remote_addr        Remote IP address
- *   remote_user        Remote authenticated user (if any)
- *   request_method     Request method (GET, POST, etc)
- *   request_uri        Requested URI
- *
- * Examples:
- *
- * To set the environment variable LOCALHOST if the client is the local
- * machine:
- *
- *    SetEnvIf remote_addr 127.0.0.1 LOCALHOST
- *
- * To set LOCAL if the client is the local host, or within our company's
- * domain (192.168.10):
- *
- *    SetEnvIf remote_addr 192.168.10. LOCAL
- *    SetEnvIf remote_addr 127.0.0.1   LOCALHOST
- *
- * This could be written as:
- *
- *    SetEnvIf remote_addr (127.0.0.1|192.168.10.) LOCAL
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-
-enum special {
-    SPECIAL_NOT,
-    SPECIAL_REMOTE_ADDR,
-    SPECIAL_REMOTE_HOST,
-    SPECIAL_REMOTE_USER,
-    SPECIAL_REQUEST_URI,
-    SPECIAL_REQUEST_METHOD,
-    SPECIAL_REQUEST_PROTOCOL,
-    SPECIAL_SERVER_ADDR
-};
-typedef struct {
-    char *name;                 /* header name */
-    char *regex;                /* regex to match against */
-    regex_t *preg;              /* compiled regex */
-    table *features;            /* env vars to set (or unset) */
-    ENUM_BITFIELD(              /* is it a "special" header ? */
-	enum special,
-	special_type,4);
-    unsigned icase : 1;		/* ignoring case? */
-} sei_entry;
-
-typedef struct {
-    array_header *conditionals;
-} sei_cfg_rec;
-
-module MODULE_VAR_EXPORT setenvif_module;
-
-/*
- * These routines, the create- and merge-config functions, are called
- * for both the server-wide and the per-directory contexts.  This is
- * because the different definitions are used at different times; the
- * server-wide ones are used in the post-read-request phase, and the
- * per-directory ones are used during the header-parse phase (after
- * the URI has been mapped to a file and we have anything from the
- * .htaccess file and <Directory> and <Files> containers).
- */
-static void *create_setenvif_config(pool *p)
-{
-    sei_cfg_rec *new = (sei_cfg_rec *) ap_palloc(p, sizeof(sei_cfg_rec));
-
-    new->conditionals = ap_make_array(p, 20, sizeof(sei_entry));
-    return (void *) new;
-}
-
-static void *create_setenvif_config_svr(pool *p, server_rec *dummy)
-{
-    return create_setenvif_config(p);
-}
-
-static void *create_setenvif_config_dir(pool *p, char *dummy)
-{
-    return create_setenvif_config(p);
-}
-
-static void *merge_setenvif_config(pool *p, void *basev, void *overridesv)
-{
-    sei_cfg_rec *a = ap_pcalloc(p, sizeof(sei_cfg_rec));
-    sei_cfg_rec *base = basev, *overrides = overridesv;
-
-    a->conditionals = ap_append_arrays(p, base->conditionals,
-				       overrides->conditionals);
-    return a;
-}
-
-/*
- * any non-NULL magic constant will do... used to indicate if REG_ICASE should
- * be used
- */
-#define ICASE_MAGIC	((void *)(&setenvif_module))
-#define SEI_MAGIC_HEIRLOOM "setenvif-phase-flag"
-
-static const char *add_setenvif_core(cmd_parms *cmd, void *mconfig,
-				     char *fname, const char *args)
-{
-    char *regex;
-    const char *feature;
-    sei_cfg_rec *sconf;
-    sei_entry *new;
-    sei_entry *entries;
-    char *var;
-    int i;
-    int beenhere = 0;
-    unsigned icase;
-    int perdir;
-
-    /*
-     * Determine from our context into which record to put the entry.
-     * cmd->path == NULL means we're in server-wide context; otherwise,
-     * we're dealing with a per-directory setting.
-     */
-    perdir = (cmd->path != NULL);
-    sconf = perdir
-	? (sei_cfg_rec *) mconfig
-	: (sei_cfg_rec *) ap_get_module_config(cmd->server->module_config,
-					       &setenvif_module);
-    entries = (sei_entry *) sconf->conditionals->elts;
-    /* get regex */
-    regex = ap_getword_conf(cmd->pool, &args);
-    if (!*regex) {
-        return ap_pstrcat(cmd->pool, "Missing regular expression for ",
-			  cmd->cmd->name, NULL);
-    }
-
-    /*
-     * If we've already got a sei_entry with the same name we want to
-     * just copy the name pointer... so that later on we can compare
-     * two header names just by comparing the pointers.
-     */
-
-    for (i = 0; i < sconf->conditionals->nelts; ++i) {
-        new = &entries[i];
-	if (!strcasecmp(new->name, fname)) {
-	    fname = new->name;
-	    break;
-	}
-    }
-
-    /* if the last entry has an identical headername and regex then
-     * merge with it
-     */
-    i = sconf->conditionals->nelts - 1;
-    icase = cmd->info == ICASE_MAGIC;
-    if (i < 0
-	|| entries[i].name != fname
-	|| entries[i].icase != icase
-	|| strcmp(entries[i].regex, regex)) {
-
-	/* no match, create a new entry */
-
-	new = ap_push_array(sconf->conditionals);
-	new->name = fname;
-	new->regex = regex;
-	new->icase = icase;
-	new->preg = ap_pregcomp(cmd->pool, regex,
-				(REG_EXTENDED | REG_NOSUB
-				 | (icase ? REG_ICASE : 0)));
-	if (new->preg == NULL) {
-	    return ap_pstrcat(cmd->pool, cmd->cmd->name,
-			      " regex could not be compiled.", NULL);
-	}
-	new->features = ap_make_table(cmd->pool, 2);
-
-	if (!strcasecmp(fname, "remote_addr")) {
-	    new->special_type = SPECIAL_REMOTE_ADDR;
-	}
-	else if (!strcasecmp(fname, "remote_host")) {
-	    new->special_type = SPECIAL_REMOTE_HOST;
-	}
-	else if (!strcasecmp(fname, "remote_user")) {
-	    new->special_type = SPECIAL_REMOTE_USER;
-	}
-	else if (!strcasecmp(fname, "request_uri")) {
-	    new->special_type = SPECIAL_REQUEST_URI;
-	}
-	else if (!strcasecmp(fname, "request_method")) {
-	    new->special_type = SPECIAL_REQUEST_METHOD;
-	}
-	else if (!strcasecmp(fname, "request_protocol")) {
-	    new->special_type = SPECIAL_REQUEST_PROTOCOL;
-	}
-        else if (!strcasecmp(fname, "server_addr")) {
-            new->special_type = SPECIAL_SERVER_ADDR;
-        }
-	else {
-	    new->special_type = SPECIAL_NOT;
-	}
-    }
-    else {
-	new = &entries[i];
-    }
-
-    for ( ; ; ) {
-	feature = ap_getword_conf(cmd->pool, &args);
-	if (!*feature) {
-	    break;
-	}
-        beenhere++;
-
-        var = ap_getword(cmd->pool, &feature, '=');
-        if (*feature) {
-            ap_table_setn(new->features, var, feature);
-        }
-        else if (*var == '!') {
-            ap_table_setn(new->features, var + 1, "!");
-        }
-        else {
-            ap_table_setn(new->features, var, "1");
-        }
-    }
-
-    if (!beenhere) {
-        return ap_pstrcat(cmd->pool, "Missing envariable expression for ",
-			  cmd->cmd->name, NULL);
-    }
-
-    return NULL;
-}
-
-static const char *add_setenvif(cmd_parms *cmd, void *mconfig,
-				const char *args)
-{
-    char *fname;
-
-    /* get header name */
-    fname = ap_getword_conf(cmd->pool, &args);
-    if (!*fname) {
-        return ap_pstrcat(cmd->pool, "Missing header-field name for ",
-			  cmd->cmd->name, NULL);
-    }
-    return add_setenvif_core(cmd, mconfig, fname, args);
-}
-
-/*
- * This routine handles the BrowserMatch* directives.  It simply turns around
- * and feeds them, with the appropriate embellishments, to the general-purpose
- * command handler.
- */
-static const char *add_browser(cmd_parms *cmd, void *mconfig, const char *args)
-{
-    return add_setenvif_core(cmd, mconfig, "User-Agent", args);
-}
-
-static const command_rec setenvif_module_cmds[] =
-{
-    { "SetEnvIf", add_setenvif, NULL,
-      OR_FILEINFO, RAW_ARGS, "A header-name, regex and a list of variables." },
-    { "SetEnvIfNoCase", add_setenvif, ICASE_MAGIC,
-      OR_FILEINFO, RAW_ARGS, "a header-name, regex and a list of variables." },
-    { "BrowserMatch", add_browser, NULL,
-      OR_FILEINFO, RAW_ARGS, "A browser regex and a list of variables." },
-    { "BrowserMatchNoCase", add_browser, ICASE_MAGIC,
-      OR_FILEINFO, RAW_ARGS, "A browser regex and a list of variables." },
-    { NULL },
-};
-
-/*
- * This routine gets called at two different points in request processing:
- * once before the URI has been translated (during the post-read-request
- * phase) and once after (during the header-parse phase).  We use different
- * config records for the two different calls to reduce overhead (by not
- * re-doing the server-wide settings during directory processing), and
- * signal which call it is by having the earlier one pass a flag to the
- * later one.
- */
-static int match_headers(request_rec *r)
-{
-    sei_cfg_rec *sconf;
-    sei_entry *entries;
-    table_entry *elts;
-    const char *val;
-    int i, j;
-    int perdir;
-    char *last_name;
-
-    perdir = (ap_table_get(r->notes, SEI_MAGIC_HEIRLOOM) != NULL);
-    if (! perdir) {
-	ap_table_set(r->notes, SEI_MAGIC_HEIRLOOM, "post-read done");
-	sconf  = (sei_cfg_rec *) ap_get_module_config(r->server->module_config,
-						      &setenvif_module);
-    }
-    else {
-	sconf = (sei_cfg_rec *) ap_get_module_config(r->per_dir_config,
-						     &setenvif_module);
-    }
-    entries = (sei_entry *) sconf->conditionals->elts;
-    last_name = NULL;
-    val = NULL;
-    for (i = 0; i < sconf->conditionals->nelts; ++i) {
-        sei_entry *b = &entries[i];
-
-	/* Optimize the case where a bunch of directives in a row use the
-	 * same header.  Remember we don't need to strcmp the two header
-	 * names because we made sure the pointers were equal during
-	 * configuration.
-	 */
-	if (b->name != last_name) {
-	    last_name = b->name;
-	    switch (b->special_type) {
-	    case SPECIAL_REMOTE_ADDR:
-		val = r->connection->remote_ip;
-                break;
-            case SPECIAL_SERVER_ADDR:
-                val = r->connection->local_ip;
-                break;
-	    case SPECIAL_REMOTE_HOST:
-		val =  ap_get_remote_host(r->connection, r->per_dir_config,
-					  REMOTE_NAME);
-		break;
-	    case SPECIAL_REMOTE_USER:
-		val = r->connection->user;
-		break;
-	    case SPECIAL_REQUEST_URI:
-		val = r->uri;
-		break;
-	    case SPECIAL_REQUEST_METHOD:
-		val = r->method;
-		break;
-	    case SPECIAL_REQUEST_PROTOCOL:
-		val = r->protocol;
-		break;
-	    case SPECIAL_NOT:
-		val = ap_table_get(r->headers_in, b->name);
-		if (val == NULL) {
-		    val = ap_table_get(r->subprocess_env, b->name);
-		}
-		break;
-	    }
-        }
-
-	/*
-	 * A NULL value indicates that the header field or special entity
-	 * wasn't present or is undefined.  Represent that as an empty string
-	 * so that REs like "^$" will work and allow envariable setting
-	 * based on missing or empty field.
-	 */
-        if (val == NULL) {
-            val = "";
-        }
-
-        if (!ap_regexec(b->preg, val, 0, NULL, 0)) {
-	    array_header *arr = ap_table_elts(b->features);
-            elts = (table_entry *) arr->elts;
-
-            for (j = 0; j < arr->nelts; ++j) {
-                if (!strcmp(elts[j].val, "!")) {
-                    ap_table_unset(r->subprocess_env, elts[j].key);
-                }
-                else {
-                    ap_table_setn(r->subprocess_env, elts[j].key, elts[j].val);
-                }
-            }
-        }
-    }
-
-    return DECLINED;
-}
-
-module MODULE_VAR_EXPORT setenvif_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_setenvif_config_dir, /* dir config creater */
-    merge_setenvif_config,      /* dir merger --- default is to override */
-    create_setenvif_config_svr, /* server config */
-    merge_setenvif_config,      /* merge server configs */
-    setenvif_module_cmds,       /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    match_headers,              /* input header parse */
-    NULL,                       /* child (process) initialization */
-    NULL,                       /* child (process) rundown */
-    match_headers               /* post_read_request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_so.c b/usr.sbin/httpd/src/modules/standard/mod_so.c
deleted file mode 100644
index 737ff46e6d1..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_so.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/*	$OpenBSD: mod_so.c,v 1.15 2007/03/01 20:48:34 david Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* 
- * This module is used to load Apache modules at runtime. This means that the
- * server functionality can be extended without recompiling and even without
- * taking the server down at all. Only a HUP or USR1 signal needs to be send
- * to the server to reload the dynamically loaded modules.
- *
- * To use, you'll first need to build your module as a shared library, then
- * update your configuration (httpd.conf) to get the Apache core to load the
- * module at start-up.
- *
- * The easiest way to build a module as a shared library is to use the
- * `SharedModule' command in the Configuration file, instead of `AddModule'.
- * You should also change the file extension from `.o' to `.so'. So, for
- * example, to build the status module as a shared library edit Configuration
- * and change
- *   AddModule    modules/standard/mod_status.o
- * to
- *   SharedModule modules/standard/mod_status.so
- *
- * Run Configure and make. Now Apache's httpd binary will _not_ include
- * mod_status. Instead a shared object called mod_status.so will be build, in
- * the modules/standard directory. You can build most of the modules as shared
- * libraries like this.
- *
- * To use the shared module, move the .so file(s) into an appropriate
- * directory. You might like to create a directory called "modules" under you
- * server root for this (e.g. /usr/local/httpd/modules). 
- *
- * Then edit your conf/httpd.conf file, and add LoadModule lines. For
- * example
- *   LoadModule  status_module   modules/mod_status.so
- *
- * The first argument is the module's structure name (look at the end of the
- * module source to find this). The second option is the path to the module
- * file, relative to the server root.  Put these directives right at the top
- * of your httpd.conf file.
- *
- * Now you can start Apache. A message will be logged at "debug" level to your
- * error_log to confirm that the module(s) are loaded (use "LogLevel debug"
- * directive to get these log messages).
- *
- * If you edit the LoadModule directives while the server is live you can get
- * Apache to re-load the modules by sending it a HUP or USR1 signal as normal.
- * You can use this to dynamically change the capability of your server
- * without bringing it down.
- *
- * Because currently there is only limited built-in support in the Configure
- * script for creating the shared library files (`.so'), please consult your
- * vendors cc(1), ld(1) and dlopen(3) manpages to find out the appropriate
- * compiler and linker flags and insert them manually into the Configuration
- * file under CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT.
- *
- * If you still have problems figuring out the flags both try the paper
- *     http://developer.netscape.com/library/documentation/enterprise
- *                                          /unix/svrplug.htm#1013807
- * or install a Perl 5 interpreter on your platform and then run the command
- *
- *     $ perl -V:usedl -V:ccdlflags -V:cccdlflags -V:lddlflags
- *
- * This gives you what type of dynamic loading Perl 5 uses on your platform
- * and which compiler and linker flags Perl 5 uses to create the shared object
- * files.
- *
- * Another location where you can find useful hints is the `ltconfig' script
- * of the GNU libtool 1.2 package. Search for your platform name inside the
- * various "case" constructs.
- *
- */
-
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-
-module MODULE_VAR_EXPORT so_module;
-
-
-/*
- * Server configuration to keep track of actually
- * loaded modules and the corresponding module name.
- */
-
-typedef struct moduleinfo {
-    char *name;
-    module *modp;
-} moduleinfo;
-
-typedef struct so_server_conf {
-    array_header *loaded_modules;
-} so_server_conf;
-
-static void *so_sconf_create(pool *p, server_rec *s)
-{
-    so_server_conf *soc;
-
-    soc = (so_server_conf *)ap_pcalloc(p, sizeof(so_server_conf));
-    soc->loaded_modules = ap_make_array(p, DYNAMIC_MODULE_LIMIT, 
-                                     sizeof(moduleinfo));
-    ap_os_dso_init();
-
-    return (void *)soc;
-}
-
-/*
- * This is the cleanup for a loaded shared object. It unloads the module.
- * This is called as a cleanup function from the core.
- */
-
-static void unload_module(moduleinfo *modi)
-{
-    /* only unload if module information is still existing */
-    if (modi->modp == NULL)
-        return;
-
-    /* remove the module pointer from the core structure */
-    ap_remove_loaded_module(modi->modp);
-
-    /* unload the module space itself */
-    ap_os_dso_unload((ap_os_dso_handle_t)modi->modp->dynamic_load_handle);
-
-    /* destroy the module information */
-    modi->modp = NULL;
-    modi->name = NULL;
-}
-
-/* 
- * This is the cleanup routine for files loaded by
- * load_file(). Unfortunately we don't keep a record of the filename
- * that was loaded, so we can't report the unload for debug purposes
- * or include the filename in error message.
- */
-
-static void unload_file(void *handle)
-{
-    ap_os_dso_unload((ap_os_dso_handle_t)handle);
-}
-
-/* 
- * This is called for the directive LoadModule and actually loads
- * a shared object file into the address space of the server process.
- */
-
-static const char *load_module(cmd_parms *cmd, void *dummy, 
-                               char *modname, char *filename)
-{
-    ap_os_dso_handle_t modhandle;
-    module *modp;
-    const char *szModuleFile=ap_server_root_relative(cmd->pool, filename);
-    so_server_conf *sconf;
-    moduleinfo *modi;
-    moduleinfo *modie;
-    int i;
-
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-    
-    /* 
-     * check for already existing module
-     * If it already exists, we have nothing to do 
-     */
-    sconf = (so_server_conf *)ap_get_module_config(cmd->server->module_config, 
-	                                        &so_module);
-    modie = (moduleinfo *)sconf->loaded_modules->elts;
-    for (i = 0; i < sconf->loaded_modules->nelts; i++) {
-        modi = &modie[i];
-        if (modi->name != NULL && strcmp(modi->name, modname) == 0) {
-            ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, cmd->server,
-                          "module %s is already loaded, skipping", modname);
-            return NULL;
-        }
-    }
-    modi = ap_push_array(sconf->loaded_modules);
-    modi->name = modname;
-
-    /*
-     * Load the file into the Apache address space
-     */
-    ap_server_strip_chroot(szModuleFile, 0);
-    if (!(modhandle = ap_os_dso_load(szModuleFile))) {
-	const char *my_error = ap_os_dso_error();
-	return ap_pstrcat (cmd->pool, "Cannot load ", szModuleFile,
-			" into server: ", 
-			my_error ? my_error : "(reason unknown)",
-			NULL);
-    }
-    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL,
-		"loaded module %s", modname);
-
-    /*
-     * Retrieve the pointer to the module structure through the module name:
-     * First with the hidden variant (prefix `AP_') and then with the plain
-     * symbol name.
-     */
-    if (!(modp = (module *)(ap_os_dso_sym(modhandle, modname)))) {
-	return ap_pstrcat(cmd->pool, "Can't locate API module structure `", modname,
-		       "' in file ", szModuleFile, ": ", ap_os_dso_error(), NULL);
-    }
-    modi->modp = modp;
-    modp->dynamic_load_handle = (void *)modhandle;
-
-    /* 
-     * Make sure the found module structure is really a module structure
-     * 
-     */
-    if (   modp->magic != MODULE_MAGIC_COOKIE_AP13 
-        && modp->magic != MODULE_MAGIC_COOKIE_EAPI) {
-        return ap_pstrcat(cmd->pool, "API module structure `", modname,
-                          "' in file ", szModuleFile, " is garbled -"
-                          " perhaps this is not an Apache module DSO?", NULL);
-    }
-    if (modp->magic == MODULE_MAGIC_COOKIE_AP13) {
-        ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, NULL,
-                     "Loaded DSO %s uses plain Apache 1.3 API, "
-                     "this module might crash under EAPI! "
-                     "(please recompile it with -DEAPI)", filename);
-    }
-
-    /* 
-     * Add this module to the Apache core structures
-     */
-    ap_add_loaded_module(modp);
-
-    /* 
-     * Register a cleanup in the config pool (normally pconf). When
-     * we do a restart (or shutdown) this cleanup will cause the
-     * shared object to be unloaded.
-     */
-    ap_register_cleanup(cmd->pool, modi, 
-		     (void (*)(void*))unload_module, ap_null_cleanup);
-
-    /* 
-     * Finally we need to run the configuration process for the module
-     */
-    ap_single_module_configure(cmd->pool, cmd->server, modp);
-
-    return NULL;
-}
-
-/* 
- * This implements the LoadFile directive and loads an arbitrary
- * shared object file into the address space of the server process.
- */
-
-static const char *load_file(cmd_parms *cmd, void *dummy, char *filename)
-{
-    ap_os_dso_handle_t handle;
-    char *file;
-
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-    
-    file = ap_server_root_relative(cmd->pool, filename);
-    
-    if (!(handle = ap_os_dso_load(file))) {
-	const char *my_error = ap_os_dso_error();
-	return ap_pstrcat (cmd->pool, "Cannot load ", filename, 
-			" into server:", 
-			my_error ? my_error : "(reason unknown)",
-			NULL);
-    }
-    
-    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL,
-		"loaded file %s", filename);
-
-    ap_register_cleanup(cmd->pool, (void *)handle, unload_file, ap_null_cleanup);
-
-    return NULL;
-}
-
-static const command_rec so_cmds[] = {
-    { "LoadModule", load_module, NULL, RSRC_CONF, TAKE2,
-      "a module name and the name of a shared object file to load it from"},
-    { "LoadFile", load_file, NULL, RSRC_CONF, ITERATE,
-      "shared object file or library to load into the server at runtime"},
-    { NULL }
-};
-
-module MODULE_VAR_EXPORT so_module = {
-   STANDARD_MODULE_STUFF,
-   NULL,			/* initializer */
-   NULL,			/* create per-dir config */
-   NULL,			/* merge per-dir config */
-   so_sconf_create,		/* server config */
-   NULL,			/* merge server config */
-   so_cmds,			/* command table */
-   NULL,			/* handlers */
-   NULL,			/* filename translation */
-   NULL,			/* check_user_id */
-   NULL,			/* check auth */
-   NULL,			/* check access */
-   NULL,			/* type_checker */
-   NULL,			/* fixer_upper */
-   NULL,			/* logger */
-   NULL,			/* header parser */
-   NULL,			/* child_init */
-   NULL,			/* child_exit */
-   NULL				/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_speling.c b/usr.sbin/httpd/src/modules/standard/mod_speling.c
deleted file mode 100644
index b44c2c32566..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_speling.c
+++ /dev/null
@@ -1,561 +0,0 @@
-#define WANT_BASENAME_MATCH
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-#include "http_core.h"
-#include "http_config.h"
-#include "http_log.h"
-
-/* mod_speling.c - by Alexei Kosut <akosut@organic.com> June, 1996
- *
- * This module is transparent, and simple. It attempts to correct
- * misspellings of URLs that users might have entered, namely by checking
- * capitalizations. If it finds a match, it sends a redirect.
- *
- * 08-Aug-1997 <Martin.Kraemer@Mch.SNI.De>
- * o Upgraded module interface to apache_1.3a2-dev API (more NULL's in
- *   speling_module).
- * o Integrated tcsh's "spelling correction" routine which allows one
- *   misspelling (character insertion/omission/typo/transposition).
- *   Rewrote it to ignore case as well. This ought to catch the majority
- *   of misspelled requests.
- * o Commented out the second pass where files' suffixes are stripped.
- *   Given the better hit rate of the first pass, this rather ugly
- *   (request index.html, receive index.db ?!?!) solution can be
- *   omitted.
- * o wrote a "kind of" html page for mod_speling
- *
- * Activate it with "CheckSpelling On"
- */
-
-MODULE_VAR_EXPORT module speling_module;
-
-typedef struct {
-    int enabled;
-} spconfig;
-
-/*
- * Create a configuration specific to this module for a server or directory
- * location, and fill it with the default settings.
- *
- * The API says that in the absence of a merge function, the record for the
- * closest ancestor is used exclusively.  That's what we want, so we don't
- * bother to have such a function.
- */
-
-static void *mkconfig(pool *p)
-{
-    spconfig *cfg = ap_pcalloc(p, sizeof(spconfig));
-
-    cfg->enabled = 0;
-    return cfg;
-}
-
-/*
- * Respond to a callback to create configuration record for a server or
- * vhost environment.
- */
-static void *create_mconfig_for_server(pool *p, server_rec *s)
-{
-    return mkconfig(p);
-}
-
-/*
- * Respond to a callback to create a config record for a specific directory.
- */
-static void *create_mconfig_for_directory(pool *p, char *dir)
-{
-    return mkconfig(p);
-}
-
-/*
- * Handler for the CheckSpelling directive, which is FLAG.
- */
-static const char *set_speling(cmd_parms *cmd, void *mconfig, int arg)
-{
-    spconfig *cfg = (spconfig *) mconfig;
-
-    cfg->enabled = arg;
-    return NULL;
-}
-
-/*
- * Define the directives specific to this module.  This structure is referenced
- * later by the 'module' structure.
- */
-static const command_rec speling_cmds[] =
-{
-    { "CheckSpelling", set_speling, NULL, OR_OPTIONS, FLAG,
-      "whether or not to fix miscapitalized/misspelled requests" },
-    { NULL }
-};
-
-typedef enum {
-    SP_IDENTICAL = 0,
-    SP_MISCAPITALIZED = 1,
-    SP_TRANSPOSITION = 2,
-    SP_MISSINGCHAR = 3,
-    SP_EXTRACHAR = 4,
-    SP_SIMPLETYPO = 5,
-    SP_VERYDIFFERENT = 6
-} sp_reason;
-
-static const char *sp_reason_str[] =
-{
-    "identical",
-    "miscapitalized",
-    "transposed characters",
-    "character missing",
-    "extra character",
-    "mistyped character",
-    "common basename",
-};
-
-typedef struct {
-    const char *name;
-    sp_reason quality;
-} misspelled_file;
-
-/*
- * spdist() is taken from Kernighan & Pike,
- *  _The_UNIX_Programming_Environment_
- * and adapted somewhat to correspond better to psychological reality.
- * (Note the changes to the return values)
- *
- * According to Pollock and Zamora, CACM April 1984 (V. 27, No. 4),
- * page 363, the correct order for this is:
- * OMISSION = TRANSPOSITION > INSERTION > SUBSTITUTION
- * thus, it was exactly backwards in the old version. -- PWP
- *
- * This routine was taken out of tcsh's spelling correction code
- * (tcsh-6.07.04) and re-converted to apache data types ("char" type
- * instead of tcsh's NLS'ed "Char"). Plus it now ignores the case
- * during comparisons, so is a "approximate strcasecmp()".
- * NOTE that is still allows only _one_ real "typo",
- * it does NOT try to correct multiple errors.
- */
-
-static sp_reason spdist(const char *s, const char *t)
-{
-    for (; ap_tolower(*s) == ap_tolower(*t); t++, s++) {
-        if (*t == '\0') {
-            return SP_MISCAPITALIZED;   /* exact match (sans case) */
-	}
-    }
-    if (*s) {
-        if (*t) {
-            if (s[1] && t[1] && ap_tolower(*s) == ap_tolower(t[1])
-		&& ap_tolower(*t) == ap_tolower(s[1])
-		&& strcasecmp(s + 2, t + 2) == 0) {
-                return SP_TRANSPOSITION;        /* transposition */
-	    }
-            if (strcasecmp(s + 1, t + 1) == 0) {
-                return SP_SIMPLETYPO;   /* 1 char mismatch */
-	    }
-        }
-        if (strcasecmp(s + 1, t) == 0) {
-            return SP_EXTRACHAR;        /* extra character */
-	}
-    }
-    if (*t && strcasecmp(s, t + 1) == 0) {
-        return SP_MISSINGCHAR;  /* missing character */
-    }
-    return SP_VERYDIFFERENT;    /* distance too large to fix. */
-}
-
-static int sort_by_quality(const void *left, const void *rite)
-{
-    return (int) (((misspelled_file *) left)->quality)
-        - (int) (((misspelled_file *) rite)->quality);
-}
-
-static int check_speling(request_rec *r)
-{
-    spconfig *cfg;
-    char *good, *bad, *postgood, *url;
-    int filoc, dotloc, urlen, pglen;
-    DIR *dirp;
-    struct DIR_TYPE *dir_entry;
-    array_header *candidates = NULL;
-
-    cfg = ap_get_module_config(r->per_dir_config, &speling_module);
-    if (!cfg->enabled) {
-        return DECLINED;
-    }
-
-    /* We only want to worry about GETs */
-    if (r->method_number != M_GET) {
-        return DECLINED;
-    }
-
-    /* We've already got a file of some kind or another */
-    if (r->proxyreq != NOT_PROXY || (r->finfo.st_mode != 0)) {
-        return DECLINED;
-    }
-
-    /* This is a sub request - don't mess with it */
-    if (r->main) {
-        return DECLINED;
-    }
-
-    /*
-     * The request should end up looking like this:
-     * r->uri: /correct-url/mispelling/more
-     * r->filename: /correct-file/mispelling r->path_info: /more
-     *
-     * So we do this in steps. First break r->filename into two pieces
-     */
-
-    filoc = ap_rind(r->filename, '/');
-    /*
-     * Don't do anything if the request doesn't contain a slash, or
-     * requests "/" 
-     */
-    if (filoc == -1 || strcmp(r->uri, "/") == 0) {
-        return DECLINED;
-    }
-
-    /* good = /correct-file */
-    good = ap_pstrndup(r->pool, r->filename, filoc);
-    /* bad = mispelling */
-    bad = ap_pstrdup(r->pool, r->filename + filoc + 1);
-    /* postgood = mispelling/more */
-    postgood = ap_pstrcat(r->pool, bad, r->path_info, NULL);
-
-    urlen = strlen(r->uri);
-    pglen = strlen(postgood);
-
-    /* Check to see if the URL pieces add up */
-    if (strcmp(postgood, r->uri + (urlen - pglen))) {
-        return DECLINED;
-    }
-
-    /* url = /correct-url */
-    url = ap_pstrndup(r->pool, r->uri, (urlen - pglen));
-
-    /* Now open the directory and do ourselves a check... */
-    dirp = ap_popendir(r->pool, good);
-    if (dirp == NULL) {          /* Oops, not a directory... */
-        return DECLINED;
-    }
-
-    candidates = ap_make_array(r->pool, 2, sizeof(misspelled_file));
-
-    dotloc = ap_ind(bad, '.');
-    if (dotloc == -1) {
-        dotloc = strlen(bad);
-    }
-
-    while ((dir_entry = readdir(dirp)) != NULL) {
-        sp_reason q;
-
-        /*
-         * If we end up with a "fixed" URL which is identical to the
-         * requested one, we must have found a broken symlink or some such.
-         * Do _not_ try to redirect this, it causes a loop!
-         */
-        if (strcmp(bad, dir_entry->d_name) == 0) {
-            ap_pclosedir(r->pool, dirp);
-            return OK;
-        }
-        /*
-         * miscapitalization errors are checked first (like, e.g., lower case
-         * file, upper case request)
-         */
-        else if (strcasecmp(bad, dir_entry->d_name) == 0) {
-            misspelled_file *sp_new;
-
-	    sp_new = (misspelled_file *) ap_push_array(candidates);
-            sp_new->name = ap_pstrdup(r->pool, dir_entry->d_name);
-            sp_new->quality = SP_MISCAPITALIZED;
-        }
-        /*
-         * simple typing errors are checked next (like, e.g.,
-         * missing/extra/transposed char)
-         */
-        else if ((q = spdist(bad, dir_entry->d_name)) != SP_VERYDIFFERENT) {
-            misspelled_file *sp_new;
-
-	    sp_new = (misspelled_file *) ap_push_array(candidates);
-            sp_new->name = ap_pstrdup(r->pool, dir_entry->d_name);
-            sp_new->quality = q;
-        }
-        /*
-	 * The spdist() should have found the majority of the misspelled
-	 * requests.  It is of questionable use to continue looking for
-	 * files with the same base name, but potentially of totally wrong
-	 * type (index.html <-> index.db).
-	 * I would propose to not set the WANT_BASENAME_MATCH define.
-         *      08-Aug-1997 <Martin.Kraemer@Mch.SNI.De>
-         *
-         * However, Alexei replied giving some reasons to add it anyway:
-         * > Oh, by the way, I remembered why having the
-         * > extension-stripping-and-matching stuff is a good idea:
-         * >
-         * > If you're using MultiViews, and have a file named foobar.html,
-	 * > which you refer to as "foobar", and someone tried to access
-	 * > "Foobar", mod_speling won't find it, because it won't find
-	 * > anything matching that spelling. With the extension-munging,
-	 * > it would locate "foobar.html". Not perfect, but I ran into
-	 * > that problem when I first wrote the module.
-	 */
-        else {
-#ifdef WANT_BASENAME_MATCH
-            /*
-             * Okay... we didn't find anything. Now we take out the hard-core
-             * power tools. There are several cases here. Someone might have
-             * entered a wrong extension (.htm instead of .html or vice
-             * versa) or the document could be negotiated. At any rate, now
-             * we just compare stuff before the first dot. If it matches, we
-             * figure we got us a match. This can result in wrong things if
-             * there are files of different content types but the same prefix
-             * (e.g. foo.gif and foo.html) This code will pick the first one
-             * it finds. Better than a Not Found, though.
-             */
-            int entloc = ap_ind(dir_entry->d_name, '.');
-            if (entloc == -1) {
-                entloc = strlen(dir_entry->d_name);
-	    }
-
-            if ((dotloc == entloc)
-                && !strncasecmp(bad, dir_entry->d_name, dotloc)) {
-                misspelled_file *sp_new;
-
-		sp_new = (misspelled_file *) ap_push_array(candidates);
-                sp_new->name = ap_pstrdup(r->pool, dir_entry->d_name);
-                sp_new->quality = SP_VERYDIFFERENT;
-            }
-#endif
-        }
-    }
-    ap_pclosedir(r->pool, dirp);
-
-    if (candidates->nelts != 0) {
-        /* Wow... we found us a mispelling. Construct a fixed url */
-        char *nuri;
-	const char *ref;
-        misspelled_file *variant = (misspelled_file *) candidates->elts;
-        int i;
-
-        ref = ap_table_get(r->headers_in, "Referer");
-
-        qsort((void *) candidates->elts, candidates->nelts,
-              sizeof(misspelled_file), sort_by_quality);
-
-        /*
-         * Conditions for immediate redirection: 
-         *     a) the first candidate was not found by stripping the suffix 
-         * AND b) there exists only one candidate OR the best match is not
-	 *        ambiguous
-         * then return a redirection right away.
-         */
-        if (variant[0].quality != SP_VERYDIFFERENT
-	    && (candidates->nelts == 1
-		|| variant[0].quality != variant[1].quality)) {
-
-            nuri = ap_escape_uri(r->pool, ap_pstrcat(r->pool, url,
-						     variant[0].name,
-						     r->path_info, NULL));
-	    if (r->parsed_uri.query)
-		nuri = ap_pstrcat(r->pool, nuri, "?", r->parsed_uri.query, NULL);
-
-            ap_table_setn(r->headers_out, "Location",
-			  ap_construct_url(r->pool, nuri, r));
-
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_INFO, r,
-			 ref ? "Fixed spelling: %s to %s from %s"
-			     : "Fixed spelling: %s to %s",
-			 r->uri, nuri, ref);
-
-            return HTTP_MOVED_PERMANENTLY;
-        }
-        /*
-         * Otherwise, a "[300] Multiple Choices" list with the variants is
-         * returned.
-         */
-        else {
-            pool *p;
-            table *notes;
-	    pool *sub_pool;
-	    array_header *t;
-	    array_header *v;
-
-
-            if (r->main == NULL) {
-                p = r->pool;
-                notes = r->notes;
-            }
-            else {
-                p = r->main->pool;
-                notes = r->main->notes;
-            }
-
-	    sub_pool = ap_make_sub_pool(p);
-	    t = ap_make_array(sub_pool, candidates->nelts * 8 + 8,
-			      sizeof(char *));
-	    v = ap_make_array(sub_pool, candidates->nelts * 5,
-			      sizeof(char *));
-
-            /* Generate the response text. */
-
-	    *(const char **)ap_push_array(t) =
-			  "The document name you requested (<code>";
-	    *(const char **)ap_push_array(t) = ap_escape_html(sub_pool, r->uri);
-	    *(const char **)ap_push_array(t) =
-			   "</code>) could not be found on this server.\n"
-			   "However, we found documents with names similar "
-			   "to the one you requested.<p>"
-			   "Available documents:\n<ul>\n";
-
-            for (i = 0; i < candidates->nelts; ++i) {
-		char *vuri;
-		const char *reason;
-
-		reason = sp_reason_str[(int) (variant[i].quality)];
-                /* The format isn't very neat... */
-		vuri = ap_pstrcat(sub_pool, url, variant[i].name, r->path_info,
-				  (r->parsed_uri.query != NULL) ? "?" : "",
-				  (r->parsed_uri.query != NULL)
-				      ? r->parsed_uri.query : "",
-				  NULL);
-		*(const char **)ap_push_array(v) = "\"";
-		*(const char **)ap_push_array(v) = ap_escape_uri(sub_pool, vuri);
-		*(const char **)ap_push_array(v) = "\";\"";
-		*(const char **)ap_push_array(v) = reason;
-		*(const char **)ap_push_array(v) = "\"";
-
-		*(const char **)ap_push_array(t) = "<li><a href=\"";
-		*(const char **)ap_push_array(t) = ap_escape_uri(sub_pool, vuri);
-		*(const char **)ap_push_array(t) = "\">";
-		*(const char **)ap_push_array(t) = ap_escape_html(sub_pool, vuri);
-		*(const char **)ap_push_array(t) = "</a> (";
-		*(const char **)ap_push_array(t) = reason;
-		*(const char **)ap_push_array(t) = ")\n";
-
-                /*
-                 * when we have printed the "close matches" and there are
-                 * more "distant matches" (matched by stripping the suffix),
-                 * then we insert an additional separator text to suggest
-                 * that the user LOOK CLOSELY whether these are really the
-                 * files she wanted.
-                 */
-                if (i > 0 && i < candidates->nelts - 1
-                    && variant[i].quality != SP_VERYDIFFERENT
-                    && variant[i + 1].quality == SP_VERYDIFFERENT) {
-		    *(const char **)ap_push_array(t) = 
-				   "</ul>\nFurthermore, the following related "
-				   "documents were found:\n<ul>\n";
-                }
-            }
-	    *(const char **)ap_push_array(t) = "</ul>\n";
-
-            /* If we know there was a referring page, add a note: */
-            if (ref != NULL) {
-                *(const char **)ap_push_array(t) =
-			       "Please consider informing the owner of the "
-			       "<a href=\"";
-		*(const char **)ap_push_array(t) = ap_escape_uri(sub_pool, ref);
-                *(const char **)ap_push_array(t) = "\">referring page</a> "
-			       "about the broken link.\n";
-	    }
-
-
-            /* Pass our table to http_protocol.c (see mod_negotiation): */
-            ap_table_setn(notes, "variant-list", ap_array_pstrcat(p, t, 0));
-
-	    ap_table_mergen(r->subprocess_env, "VARIANTS",
-			    ap_array_pstrcat(p, v, ','));
-	  
-	    ap_destroy_pool(sub_pool);
-
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_INFO, r,
-			 ref ? "Spelling fix: %s: %d candidates from %s"
-			     : "Spelling fix: %s: %d candidates",
-			 r->uri, candidates->nelts, ref);
-
-            return HTTP_MULTIPLE_CHOICES;
-        }
-    }
-
-    return OK;
-}
-
-module MODULE_VAR_EXPORT speling_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_mconfig_for_directory,  /* create per-dir config */
-    NULL,                       /* merge per-dir config */
-    create_mconfig_for_server,  /* server config */
-    NULL,                       /* merge server config */
-    speling_cmds,               /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    check_speling,              /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_status.c b/usr.sbin/httpd/src/modules/standard/mod_status.c
deleted file mode 100644
index 6f1a897934f..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_status.c
+++ /dev/null
@@ -1,736 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* Status Module.  Display lots of internal data about how Apache is
- * performing and the state of all children processes.
- *
- * To enable this, add the following lines into any config file:
- *
- * <Location /server-status>
- * SetHandler server-status
- * </Location>
- *
- * You may want to protect this location by password or domain so no one
- * else can look at it.  Then you can access the statistics with a URL like:
- *
- * http://your_server_name/server-status
- *
- * /server-status - Returns page using tables
- * /server-status?notable - Returns page for browsers without table support
- * /server-status?refresh - Returns page with 1 second refresh
- * /server-status?refresh=6 - Returns page with refresh every 6 seconds
- * /server-status?auto - Returns page with data for automatic parsing
- *
- * Mark Cox, mark@ukweb.com, November 1995
- *
- * 12.11.95 Initial version for www.telescope.org
- * 13.3.96  Updated to remove rprintf's [Mark]
- * 18.3.96  Added CPU usage, process information, and tidied [Ben Laurie]
- * 18.3.96  Make extra Scoreboard variables #definable
- * 25.3.96  Make short report have full precision [Ben Laurie suggested]
- * 25.3.96  Show uptime better [Mark/Ben Laurie]
- * 29.3.96  Better HTML and explanation [Mark/Rob Hartill suggested]
- * 09.4.96  Added message for non-STATUS compiled version
- * 18.4.96  Added per child and per slot counters [Jim Jagielski]
- * 01.5.96  Table format, cleanup, even more spiffy data [Chuck Murcko/Jim J.]
- * 18.5.96  Adapted to use new rprintf() routine, incidentally fixing a missing
- *          piece in short reports [Ben Laurie]
- * 21.5.96  Additional Status codes (DNS and LOGGING only enabled if
- *          extended STATUS is enabled) [George Burgyan/Jim J.]
- * 10.8.98  Allow for extended status info at runtime (no more STATUS)
- *          [Jim J.]
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_conf_globals.h"	/* for ap_extended_status */
-#include "http_main.h"
-#include "util_script.h"
-#include <time.h>
-#include "scoreboard.h"
-#include "http_log.h"
-
-#define STATUS_MAXLINE		64
-
-#define KBYTE			1024
-#define	MBYTE			1048576L
-#define	GBYTE			1073741824L
-
-#ifndef DEFAULT_TIME_FORMAT 
-#define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
-#endif
-
-module MODULE_VAR_EXPORT status_module;
-
-/*
- *command-related code. This is here to prevent use of ExtendedStatus
- * without status_module included.
- */
-static const char *set_extended_status(cmd_parms *cmd, void *dummy, int arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-    ap_extended_status = arg;
-    return NULL;
-}
-
-static const command_rec status_module_cmds[] =
-{
-    { "ExtendedStatus", set_extended_status, NULL, RSRC_CONF, FLAG,
-      "\"On\" to enable extended status information, \"Off\" to disable" },
-    {NULL}
-};
-
-/* Format the number of bytes nicely */
-static void format_byte_out(request_rec *r, unsigned long bytes)
-{
-    if (bytes < (5 * KBYTE))
-	ap_rprintf(r, "%d B", (int) bytes);
-    else if (bytes < (MBYTE / 2))
-	ap_rprintf(r, "%.1f kB", (float) bytes / KBYTE);
-    else if (bytes < (GBYTE / 2))
-	ap_rprintf(r, "%.1f MB", (float) bytes / MBYTE);
-    else
-	ap_rprintf(r, "%.1f GB", (float) bytes / GBYTE);
-}
-
-static void format_kbyte_out(request_rec *r, unsigned long kbytes)
-{
-    if (kbytes < KBYTE)
-	ap_rprintf(r, "%d kB", (int) kbytes);
-    else if (kbytes < MBYTE)
-	ap_rprintf(r, "%.1f MB", (float) kbytes / KBYTE);
-    else
-	ap_rprintf(r, "%.1f GB", (float) kbytes / MBYTE);
-}
-
-static void show_time(request_rec *r, time_t tsecs)
-{
-    long days, hrs, mins, secs;
-
-    secs = tsecs % 60;
-    tsecs /= 60;
-    mins = tsecs % 60;
-    tsecs /= 60;
-    hrs = tsecs % 24;
-    days = tsecs / 24;
-    if (days)
-	ap_rprintf(r, " %ld day%s", days, days == 1 ? "" : "s");
-    if (hrs)
-	ap_rprintf(r, " %ld hour%s", hrs, hrs == 1 ? "" : "s");
-    if (mins)
-	ap_rprintf(r, " %ld minute%s", mins, mins == 1 ? "" : "s");
-    if (secs)
-	ap_rprintf(r, " %ld second%s", secs, secs == 1 ? "" : "s");
-}
-
-/* Main handler for x-httpd-status requests */
-
-/* ID values for command table */
-
-#define STAT_OPT_END		-1
-#define STAT_OPT_REFRESH	0
-#define STAT_OPT_NOTABLE	1
-#define STAT_OPT_AUTO		2
-
-struct stat_opt {
-    int id;
-    const char *form_data_str;
-    const char *hdr_out_str;
-};
-
-static const struct stat_opt status_options[] =	/* see #defines above */
-{
-    {STAT_OPT_REFRESH, "refresh", "Refresh"},
-    {STAT_OPT_NOTABLE, "notable", NULL},
-    {STAT_OPT_AUTO, "auto", NULL},
-    {STAT_OPT_END, NULL, NULL}
-};
-
-static char status_flags[SERVER_NUM_STATUS];
-
-static int status_handler(request_rec *r)
-{
-    char *loc;
-    time_t nowtime = time(NULL);
-    time_t up_time;
-    int i, res;
-    int ready = 0;
-    int busy = 0;
-    unsigned long count = 0;
-    unsigned long lres, my_lres;
-    unsigned long long bytes, my_bytes, conn_bytes;
-    unsigned short conn_lres;
-    unsigned long bcount = 0;
-    unsigned long kbcount = 0;
-    long req_time;
-    float tick = sysconf(_SC_CLK_TCK);
-    int short_report = 0;
-    int no_table_report = 0;
-    short_score score_record;
-    parent_score ps_record;
-    char stat_buffer[HARD_SERVER_LIMIT];
-    int pid_buffer[HARD_SERVER_LIMIT];
-    clock_t tu, ts, tcu, tcs;
-    server_rec *vhost;
-
-    tu = ts = tcu = tcs = 0;
-
-    if (!ap_exists_scoreboard_image()) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "Server status unavailable in inetd mode");
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-    r->allowed = (1 << M_GET);
-    if (r->method_number != M_GET)
-	return DECLINED;
-
-    r->content_type = "text/html; charset=ISO-8859-1";
-
-    /*
-     * Simple table-driven form data set parser that lets you alter the header
-     */
-
-    if (r->args) {
-	i = 0;
-	while (status_options[i].id != STAT_OPT_END) {
-	    if ((loc = strstr(r->args, status_options[i].form_data_str)) != NULL) {
-		switch (status_options[i].id) {
-                case STAT_OPT_REFRESH: {
-                    long refreshtime = 0;
-                    if (*(loc + strlen(status_options[i].form_data_str)) == '=')
-                        refreshtime = atol(loc + strlen(status_options[i].form_data_str)+1);
-                    ap_table_set(r->headers_out,
-                                 status_options[i].hdr_out_str,
-                                 ap_psprintf(r->pool,"%ld",(refreshtime<1)?10:refreshtime));
-                    break;
-                }
-		case STAT_OPT_NOTABLE:
-		    no_table_report = 1;
-		    break;
-		case STAT_OPT_AUTO:
-		    r->content_type = "text/plain; charset=ISO-8859-1";
-		    short_report = 1;
-		    break;
-		}
-	    }
-	    i++;
-	}
-    }
-
-    ap_send_http_header(r);
-
-    if (r->header_only)
-	return 0;
-
-    for (i = 0; i < HARD_SERVER_LIMIT; ++i) {
-	score_record = ap_scoreboard_image->servers[i];
-	ps_record = ap_scoreboard_image->parent[i];
-	res = score_record.status;
-	stat_buffer[i] = status_flags[res];
-	pid_buffer[i] = (int) ps_record.pid;
-	if (res == SERVER_READY)
-	    ready++;
-	else if (res != SERVER_DEAD)
-	    busy++;
-	if (ap_extended_status) {
-	    lres = score_record.access_count;
-	    bytes = score_record.bytes_served;
-	    if (lres != 0 || (res != SERVER_READY && res != SERVER_DEAD)) {
-		tu += score_record.times.tms_utime;
-		ts += score_record.times.tms_stime;
-		tcu += score_record.times.tms_cutime;
-		tcs += score_record.times.tms_cstime;
-		count += lres;
-		bcount += bytes;
-		if (bcount >= KBYTE) {
-		    kbcount += (bcount >> 10);
-		    bcount = bcount & 0x3ff;
-		}
-	    }
-	}
-    }
-
-    up_time = nowtime - ap_restart_time;
-
-    ap_hard_timeout("send status info", r);
-
-    if (!short_report) {
-	ap_rputs(DOCTYPE_HTML_3_2
-		 "<HTML><HEAD>\n<TITLE>Apache Status</TITLE>\n</HEAD><BODY>\n",
-		 r);
-	ap_rputs("<H1>Apache Server Status for ", r);
-	ap_rvputs(r, ap_get_server_name(r), "</H1>\n\n", NULL);
-	ap_rvputs(r, "Server Version: ",
-	  ap_get_server_version(), "<br>\n", NULL);
-	ap_rvputs(r, "Current Time: ",
-	  ap_ht_time(r->pool, nowtime, DEFAULT_TIME_FORMAT, 0), "<br>\n", NULL);
-	ap_rvputs(r, "Restart Time: ",
-	  ap_ht_time(r->pool, ap_restart_time, DEFAULT_TIME_FORMAT, 0), 
-	  "<br>\n", NULL);
-	ap_rprintf(r, "Parent Server Generation: %d <br>\n", (int) ap_my_generation);
-	ap_rputs("Server uptime: ", r);
-	show_time(r, up_time);
-	ap_rputs("<br>\n", r);
-    }
-
-    if (ap_extended_status) {
-	if (short_report) {
-	    ap_rprintf(r, "Total Accesses: %lu\nTotal kBytes: %lu\n",
-		count, kbcount);
-
-	    /* Allow for OS/2 not having CPU stats */
-	    if (ts || tu || tcu || tcs)
-		ap_rprintf(r, "CPULoad: %g\n",
-		    (tu + ts + tcu + tcs) / tick / up_time * 100.);
-
-	    ap_rprintf(r, "Uptime: %ld\n", (long) (up_time));
-	    if (up_time > 0)
-		ap_rprintf(r, "ReqPerSec: %g\n",
-		    (float) count / (float) up_time);
-
-	    if (up_time > 0)
-		ap_rprintf(r, "BytesPerSec: %g\n",
-		    KBYTE * (float) kbcount / (float) up_time);
-
-	    if (count > 0)
-		ap_rprintf(r, "BytesPerReq: %g\n",
-		    KBYTE * (float) kbcount / (float) count);
-	}
-	else {			/* !short_report */
-	    ap_rprintf(r, "Total accesses: %lu - Total Traffic: ", count);
-	    format_kbyte_out(r, kbcount);
-
-	    /* Allow for OS/2 not having CPU stats */
-	    ap_rputs("<br>\n", r);
-	    ap_rprintf(r, "CPU Usage: u%g s%g cu%g cs%g",
-		    tu / tick, ts / tick, tcu / tick, tcs / tick);
-
-	    if (ts || tu || tcu || tcs)
-		ap_rprintf(r, " - %.3g%% CPU load",
-		    (tu + ts + tcu + tcs) / tick / up_time * 100.);
-
-	    ap_rputs("<br>\n", r);
-
-	    if (up_time > 0)
-		ap_rprintf(r, "%.3g requests/sec - ",
-			(float) count / (float) up_time);
-
-	    if (up_time > 0) {
-		format_byte_out(r, (unsigned long) (KBYTE * (float) kbcount 
-                                                          / (float) up_time));
-		ap_rputs("/second - ", r);
-	    }
-
-	    if (count > 0) {
-		format_byte_out(r, (unsigned long) (KBYTE * (float) kbcount 
-                                                          / (float) count));
-		ap_rputs("/request", r);
-	    }
-
-	    ap_rputs("<br>\n", r);
-	}				/* short_report */
-    }					/* ap_extended_status */
-
-    if (!short_report)
-	ap_rprintf(r, "\n%d requests currently being processed, %d idle servers\n"
-		,busy, ready);
-    else
-	ap_rprintf(r, "BusyServers: %d\nIdleServers: %d\n", busy, ready);
-
-    /* send the scoreboard 'table' out */
-
-    if (!short_report)
-	ap_rputs("<PRE>", r);
-    else
-	ap_rputs("Scoreboard: ", r);
-
-    for (i = 0; i < HARD_SERVER_LIMIT; ++i) {
-	ap_rputc(stat_buffer[i], r);
-	if ((i % STATUS_MAXLINE == (STATUS_MAXLINE - 1)) && !short_report)
-	    ap_rputs("\n", r);
-    }
-
-    if (short_report)
-	ap_rputs("\n", r);
-    else {
-	ap_rputs("</PRE>\n", r);
-	ap_rputs("Scoreboard Key: <br>\n", r);
-	ap_rputs("\"<B><code>_</code></B>\" Waiting for Connection, \n", r);
-	ap_rputs("\"<B><code>S</code></B>\" Starting up, \n", r);
-	ap_rputs("\"<B><code>R</code></B>\" Reading Request,<BR>\n", r);
-	ap_rputs("\"<B><code>W</code></B>\" Sending Reply, \n", r);
-	ap_rputs("\"<B><code>K</code></B>\" Keepalive (read), \n", r);
-	ap_rputs("\"<B><code>D</code></B>\" DNS Lookup,<BR>\n", r);
-	ap_rputs("\"<B><code>L</code></B>\" Logging, \n", r);
-	ap_rputs("\"<B><code>G</code></B>\" Gracefully finishing, \n", r);
-	ap_rputs("\"<B><code>.</code></B>\" Open slot with no current process<P>\n", r);
-	ap_rputs("<P>\n", r);
-	if (!ap_extended_status) {
-	    int j = 0;
-	    ap_rputs("PID Key: <br>\n", r);
-	    ap_rputs("<PRE>\n", r);
-	    for (i = 0; i < HARD_SERVER_LIMIT; ++i) {
-		if (stat_buffer[i] != '.') {
-		    ap_rprintf(r, "   %d in state: %c ", pid_buffer[i],
-		     stat_buffer[i]);
-		    if (++j >= 3) {
-		    	ap_rputs("\n", r);
-			j = 0;
-		    } else
-		    	ap_rputs(",", r);
-		}
-	    }
-	    ap_rputs("\n", r);
-	    ap_rputs("</PRE>\n", r);
-	}
-    }
-
-    if (ap_extended_status) {
-	if (!short_report) {
-	    if (no_table_report)
-		ap_rputs("<p><hr><h2>Server Details</h2>\n\n", r);
-	    else
-#ifndef NO_PRETTYPRINT
-		ap_rputs("<p>\n\n<table bgcolor=\"#ffffff\" border=\"0\">"
-			"<tr bgcolor=000000>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>Srv</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>PID</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>Acc</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>M</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>CPU</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>SS</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>Req</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>Conn</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>Child</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>Slot</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>Host</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>VHost</b></font></td>"
-			"<td><font face=\"Arial,Helvetica\" color=\"#ffffff\"><b>Request</b></td>"
-			"</tr>\n", r);      
-#else /* NO_PRETTYPRINT */
-		ap_rputs("<p>\n\n<table border=0><tr><th>Srv<th>PID<th>Acc<th>M<th>CPU\n<th>SS<th>Req<th>Conn<th>Child<th>Slot<th>Client<th>VHost<th>Request</tr>\n\n", r);
-#endif /* NO_PRETTYPRINT */
-	}
-
-	for (i = 0; i < HARD_SERVER_LIMIT; ++i) {
-	    score_record = ap_scoreboard_image->servers[i];
-	    ps_record = ap_scoreboard_image->parent[i];
-	    vhost = score_record.vhostrec;
-	    if (ps_record.generation != ap_my_generation) {
-		vhost = NULL;
-	    }
-
-	    if (score_record.start_time.tv_sec == 0L &&
-		score_record.start_time.tv_usec == 0L)
-		req_time = 0L;
-	    else
-		req_time =
-		    ((score_record.stop_time.tv_sec - score_record.start_time.tv_sec) * 1000) +
-		    ((score_record.stop_time.tv_usec - score_record.start_time.tv_usec) / 1000);
-	    if (req_time < 0L)
-		req_time = 0L;
-
-	    lres = score_record.access_count;
-	    my_lres = score_record.my_access_count;
-	    conn_lres = score_record.conn_count;
-	    bytes = score_record.bytes_served;
-	    my_bytes = score_record.my_bytes_served;
-	    conn_bytes = score_record.conn_bytes;
-	    if (lres != 0 || (score_record.status != SERVER_READY
-			      && score_record.status != SERVER_DEAD)) {
-		if (!short_report) {
-		    if (no_table_report) {
-			if (score_record.status == SERVER_DEAD)
-			    ap_rprintf(r,
-				"<b>Server %d-%d</b> (-): %d|%lu|%lu [",
-				i, (int) ps_record.generation, (int) conn_lres,
-				my_lres, lres);
-			else
-			    ap_rprintf(r,
-				"<b>Server %d-%d</b> (%d): %d|%lu|%lu [",
-				i, (int) ps_record.generation,
-				(int) ps_record.pid,
-				(int) conn_lres, my_lres, lres);
-
-			switch (score_record.status) {
-			case SERVER_READY:
-			    ap_rputs("Ready", r);
-			    break;
-			case SERVER_STARTING:
-			    ap_rputs("Starting", r);
-			    break;
-			case SERVER_BUSY_READ:
-			    ap_rputs("<b>Read</b>", r);
-			    break;
-			case SERVER_BUSY_WRITE:
-			    ap_rputs("<b>Write</b>", r);
-			    break;
-			case SERVER_BUSY_KEEPALIVE:
-			    ap_rputs("<b>Keepalive</b>", r);
-			    break;
-			case SERVER_BUSY_LOG:
-			    ap_rputs("<b>Logging</b>", r);
-			    break;
-			case SERVER_BUSY_DNS:
-			    ap_rputs("<b>DNS lookup</b>", r);
-			    break;
-			case SERVER_DEAD:
-			    ap_rputs("Dead", r);
-			    break;
-			case SERVER_GRACEFUL:
-			    ap_rputs("Graceful", r);
-			    break;
-			default:
-			    ap_rputs("?STATE?", r);
-			    break;
-			}
-
-			ap_rprintf(r, "] u%g s%g cu%g cs%g\n %.0f %ld (",
-			    score_record.times.tms_utime / tick,
-			    score_record.times.tms_stime / tick,
-			    score_record.times.tms_cutime / tick,
-			    score_record.times.tms_cstime / tick,
-			    difftime(nowtime, ps_record.last_rtime),
-			    (long) req_time);
-			format_byte_out(r, conn_bytes);
-			ap_rputs("|", r);
-			format_byte_out(r, my_bytes);
-			ap_rputs("|", r);
-			format_byte_out(r, bytes);
-			ap_rputs(")\n", r);
-			ap_rprintf(r, " <i>%s {%s}</i> <b>[%s]</b><br>\n\n",
-			    ap_escape_html(r->pool, score_record.client),
-                                   ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)),
-			    vhost ? ap_escape_html(r->pool, 
-				vhost->server_hostname) : "(unavailable)");
-		    }
-		    else {		/* !no_table_report */
-#ifndef NO_PRETTYPRINT
-			ap_rprintf(r,"<tr bgcolor=\"#ffffff\">");
-#else
-			ap_rprintf(r,"<tr>");
-#endif
-			if (score_record.status == SERVER_DEAD)
-			    ap_rprintf(r,
-				"<td><b>%d-%d</b><td>-<td>%d/%lu/%lu",
-				i, (int) ps_record.generation,
-				(int) conn_lres, my_lres, lres);
-			else
-			    ap_rprintf(r,
-				"<td><b>%d-%d</b><td>%d<td>%d/%lu/%lu",
-				i, (int) ps_record.generation,
-				(int) ps_record.pid, (int) conn_lres,
-				my_lres, lres);
-
-			switch (score_record.status) {
-			case SERVER_READY:
-			    ap_rputs("<td>_", r);
-			    break;
-			case SERVER_STARTING:
-			    ap_rputs("<td><b>S</b>", r);
-			    break;
-			case SERVER_BUSY_READ:
-			    ap_rputs("<td><b>R</b>", r);
-			    break;
-			case SERVER_BUSY_WRITE:
-			    ap_rputs("<td><b>W</b>", r);
-			    break;
-			case SERVER_BUSY_KEEPALIVE:
-			    ap_rputs("<td><b>K</b>", r);
-			    break;
-			case SERVER_BUSY_LOG:
-			    ap_rputs("<td><b>L</b>", r);
-			    break;
-			case SERVER_BUSY_DNS:
-			    ap_rputs("<td><b>D</b>", r);
-			    break;
-			case SERVER_DEAD:
-			    ap_rputs("<td>.", r);
-			    break;
-			case SERVER_GRACEFUL:
-			    ap_rputs("<td>G", r);
-			    break;
-			default:
-			    ap_rputs("<td>?", r);
-			    break;
-			}
-			ap_rprintf(r, "\n<td>%.2f<td>%.0f<td>%ld",
-			    (score_record.times.tms_utime +
-			     score_record.times.tms_stime +
-			     score_record.times.tms_cutime +
-			     score_record.times.tms_cstime) / tick,
-			    difftime(nowtime, ps_record.last_rtime),
-			    (long) req_time);
-			ap_rprintf(r, "<td>%-1.1f<td>%-2.2f<td>%-2.2f\n",
-			   (float) conn_bytes / KBYTE, (float) my_bytes / MBYTE,
-			    (float) bytes / MBYTE);
-			if (score_record.status == SERVER_BUSY_READ)
-			    ap_rprintf(r,
-			     "<td>?<td nowrap>?<td nowrap>..reading.. </tr>\n\n");
-			else
-#ifndef NO_PRETTYPRINT
-			    ap_rprintf(r,
-			     "<td nowrap><font face=\"Arial,Helvetica\" size=\"-1\">%s</font>"
-			     "<td nowrap><font face=\"Arial,Helvetica\" size=\"-1\">%s</font>"
-			     "<td nowrap><font face=\"Arial,Helvetica\" size=\"-1\">%s</font>"
-			     "</tr>\n\n",
-			     score_record.client,
-			     vhost ? vhost->server_hostname : "(unavailable)",
-			     ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)));
-#else
-			    ap_rprintf(r,
-			     "<td>%s<td nowrap>%s<td nowrap>%s</tr>\n\n",
-			     ap_escape_html(r->pool, score_record.client),
-			     vhost ? ap_escape_html(r->pool, 
-				vhost->server_hostname) : "(unavailable)",
-			     ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)));
-#endif
-		    }		/* no_table_report */
-		}			/* !short_report */
-	    }			/* if (<active child>) */
-	}				/* for () */
-
-	if (!(short_report || no_table_report)) {
-	    ap_rputs("</table>\n \
-<hr> \
-<table>\n \
-<tr><th>Srv<td>Child Server number - generation\n \
-<tr><th>PID<td>OS process ID\n \
-<tr><th>Acc<td>Number of accesses this connection / this child / this slot\n \
-<tr><th>M<td>Mode of operation\n \
-<tr><th>CPU<td>CPU usage, number of seconds\n \
-<tr><th>SS<td>Seconds since beginning of most recent request\n \
-<tr><th>Req<td>Milliseconds required to process most recent request\n \
-<tr><th>Conn<td>Kilobytes transferred this connection\n \
-<tr><th>Child<td>Megabytes transferred this child\n \
-<tr><th>Slot<td>Total megabytes transferred this slot\n \
-</table>\n", r);
-	}
-
-    ap_hook_use("ap::mod_status::display",
-                AP_HOOK_SIG4(void,ptr,int,int), AP_HOOK_ALL,
-                r, no_table_report, short_report);
-
-    } else {
-
-	if (!short_report) {
-	    ap_rputs("<hr>To obtain a full report with current status information ", r);
-	    ap_rputs("you need to use the <code>ExtendedStatus On</code> directive. \n", r);
-	}
-
-    }
-
-    if (!short_report) {
-	ap_rputs(ap_psignature("<HR>\n",r), r);
-	ap_rputs("</BODY></HTML>\n", r);
-    }
-
-    ap_kill_timeout(r);
-    return 0;
-}
-
-
-static void status_init(server_rec *s, pool *p)
-{
-    status_flags[SERVER_DEAD] = '.';	/* We don't want to assume these are in */
-    status_flags[SERVER_READY] = '_';	/* any particular order in scoreboard.h */
-    status_flags[SERVER_STARTING] = 'S';
-    status_flags[SERVER_BUSY_READ] = 'R';
-    status_flags[SERVER_BUSY_WRITE] = 'W';
-    status_flags[SERVER_BUSY_KEEPALIVE] = 'K';
-    status_flags[SERVER_BUSY_LOG] = 'L';
-    status_flags[SERVER_BUSY_DNS] = 'D';
-    status_flags[SERVER_GRACEFUL] = 'G';
-}
-
-static const handler_rec status_handlers[] =
-{
-    {STATUS_MAGIC_TYPE, status_handler},
-    {"server-status", status_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT status_module =
-{
-    STANDARD_MODULE_STUFF,
-    status_init,		/* initializer */
-    NULL,			/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    status_module_cmds,		/* command table */
-    status_handlers,		/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_unique_id.c b/usr.sbin/httpd/src/modules/standard/mod_unique_id.c
deleted file mode 100644
index 044cb5012dd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_unique_id.c
+++ /dev/null
@@ -1,448 +0,0 @@
-/*	$OpenBSD: mod_unique_id.c,v 1.12 2009/06/21 00:38:22 martynas Exp $	*/
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_unique_id.c: generate a unique identifier for each request
- *
- * Original author: Dean Gaudet <dgaudet@arctic.org>
- * UUencoding modified by: Alvaro Martinez Echevarria <alvaro@lander.es>
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "multithread.h"
-
-typedef struct {
-    unsigned int stamp;
-    union {
-      uint32_t     in;
-#ifdef SHORT_UNIQUE_ID
-      uint32_t     in6;
-#else
-      struct in6_addr in6;
-#endif
-    } addr;
-    unsigned int pid;
-    unsigned short counter;
-} unique_id_rec;
-
-/* Comments:
- *
- * We want an identifier which is unique across all hits, everywhere.
- * "everywhere" includes multiple httpd instances on the same machine, or on
- * multiple machines.  Essentially "everywhere" should include all possible
- * httpds across all servers at a particular "site".  We make some assumptions
- * that if the site has a cluster of machines then their time is relatively
- * synchronized.  We also assume that the first address returned by a
- * gethostbyname (gethostname()) is unique across all the machines at the
- * "site".
- *
- * We also further assume that pids fit in 32-bits.  If something uses more
- * than 32-bits, the fix is trivial, but it requires the unrolled uuencoding
- * loop to be extended.
- *
- * Together, the in_addr and pid are assumed to absolutely uniquely identify
- * this one child from all other currently running children on all servers
- * (including this physical server if it is running multiple httpds) from each
- * other.
- *
- * The stamp and counter are used to distinguish all hits for a particular
- * (in_addr,pid) pair.  The stamp is updated using r->request_time,
- * saving cpu cycles.  The counter is never reset, and is used to permit up to
- * 64k requests in a single second by a single child.
- *
- * The 112-bits of unique_id_rec are encoded using the alphabet
- * [A-Za-z0-9@-], resulting in 19 bytes of printable characters.  That is then
- * stuffed into the environment variable UNIQUE_ID so that it is available to
- * other modules.  The alphabet choice differs from normal base64 encoding
- * [A-Za-z0-9+/] because + and / are special characters in URLs and we want to
- * make it easy to use UNIQUE_ID in URLs.
- *
- * Note that UNIQUE_ID should be considered an opaque token by other
- * applications.  No attempt should be made to dissect its internal components.
- * It is an abstraction that may change in the future as the needs of this
- * module change.
- *
- * It is highly desirable that identifiers exist for "eternity".  But future
- * needs (such as much faster webservers, moving to 64-bit pids, or moving to a
- * multithreaded server) may dictate a need to change the contents of
- * unique_id_rec.  Such a future implementation should ensure that the first
- * field is still a time_t stamp.  By doing that, it is possible for a site to
- * have a "flag second" in which they stop all of their old-format servers,
- * wait one entire second, and then start all of their new-servers.  This
- * procedure will ensure that the new space of identifiers is completely unique
- * from the old space.  (Since the first four unencoded bytes always differ.)
- */
-/*
- * Sun Jun  7 05:43:49 CEST 1998 -- Alvaro
- * More comments:
- * 1) The UUencoding prodecure is now done in a general way, avoiding
- * the problems with sizes and paddings that can arise depending on
- * the architecture. Now the offsets and sizes of the elements of the
- * unique_id_rec structure are calculated in unique_id_global_init;
- * and then used to duplicate the structure without the paddings that
- * might exist. The multithreaded server fix should be now very easy:
- * just add a new "tid" field to the unique_id_rec structure, and
- * increase by one UNIQUE_ID_REC_MAX.
- * 2) unique_id_rec.stamp has been changed from "time_t" to
- * "unsigned int", because its size is 64bits on some platforms
- * (linux/alpha), and this caused problems with htonl/ntohl. Well,
- * this shouldn't be a problem till year 2106.
- */
-
-static struct sockaddr_storage global_addr;
-
-
-/* Even when not MULTITHREAD, this will return a single structure, since
- * APACHE_TLS should be defined as empty on single-threaded platforms.
- */
-static unique_id_rec* get_cur_unique_id(int parent)
-{
-    static APACHE_TLS unique_id_rec spcid;
-    return &spcid;
-}
-
-
-/*
- * Number of elements in the structure unique_id_rec.
- */
-#define UNIQUE_ID_REC_MAX 4
-
-static unsigned short unique_id_rec_offset[UNIQUE_ID_REC_MAX],
-                      unique_id_rec_size[UNIQUE_ID_REC_MAX],
-                      unique_id_rec_total_size,
-                      unique_id_rec_size_uu;
-
-static void unique_id_global_init(server_rec *s, pool *p)
-{
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 256
-#endif
-    char str[MAXHOSTNAMELEN + 1];
-    struct addrinfo hints, *res, *res0;
-    int error;
-    struct timeval tv;
-    unique_id_rec *cur_unique_id = get_cur_unique_id(1);
-
-    /*
-     * Calculate the sizes and offsets in cur_unique_id.
-     */
-    unique_id_rec_offset[0] = XtOffsetOf(unique_id_rec, stamp);
-    unique_id_rec_size[0] = sizeof(cur_unique_id->stamp);
-    unique_id_rec_offset[1] = XtOffsetOf(unique_id_rec, addr);
-    unique_id_rec_size[1] = sizeof(cur_unique_id->addr);
-    unique_id_rec_offset[2] = XtOffsetOf(unique_id_rec, pid);
-    unique_id_rec_size[2] = sizeof(cur_unique_id->pid);
-    unique_id_rec_offset[3] = XtOffsetOf(unique_id_rec, counter);
-    unique_id_rec_size[3] = sizeof(cur_unique_id->counter);
-    unique_id_rec_total_size = unique_id_rec_size[0] + unique_id_rec_size[1]
-                             + unique_id_rec_size[2] + unique_id_rec_size[3];
-
-    /*
-     * Calculate the size of the structure when encoded.
-     */
-    unique_id_rec_size_uu = (unique_id_rec_total_size*8+5)/6;
-
-    /*
-     * Now get the global in_addr.  Note that it is not sufficient to use one
-     * of the addresses from the main_server, since those aren't as likely to
-     * be unique as the physical address of the machine
-     */
-    if (gethostname(str, sizeof(str) - 1) != 0) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, s,
-		     "gethostname: mod_unique_id requires the "
-		     "hostname of the server");
-        exit(1);
-    }
-    str[sizeof(str) - 1] = '\0';
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    error = getaddrinfo(str, NULL, &hints, &res0);
-    if (error) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, s,
-                     "mod_unique_id: getaddrinfo failed for \"%s\" (%s)", str,
-		     gai_strerror(error));
-        exit(1);
-    }
-
-    error = 1;
-    for (res = res0; res; res = res->ai_next) {
-	switch (res->ai_family) {
-	case AF_INET:
-	case AF_INET6:
-	    memcpy(&global_addr, res->ai_addr, res->ai_addrlen);
-	    error = 0;
-	    break;
-	}
-    }
-    freeaddrinfo(res0);
-    if (error) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, s,
-                    "mod_unique_id: no known AF found for \"%s\"", str);
-        exit(1);
-    }
-
-    getnameinfo((struct sockaddr *)&global_addr,
-	global_addr.ss_len,
-	str, sizeof(str), NULL, 0, NI_NUMERICHOST);
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, s,
-                 "mod_unique_id: using ip addr %s", str);
-
-    /*
-     * If the server is pummelled with restart requests we could possibly end
-     * up in a situation where we're starting again during the same second
-     * that has been used in previous identifiers.  Avoid that situation.
-     * 
-     * In truth, for this to actually happen not only would it have to restart
-     * in the same second, but it would have to somehow get the same pids as
-     * one of the other servers that was running in that second. Which would
-     * mean a 64k wraparound on pids ... not very likely at all.
-     * 
-     * But protecting against it is relatively cheap.  We just sleep into the
-     * next second.
-     */
-    if (gettimeofday(&tv, NULL) == -1) {
-        sleep(1);
-    }
-    else if (tv.tv_usec) {
-        tv.tv_sec = 0;
-        tv.tv_usec = 1000000 - tv.tv_usec;
-        select(0, NULL, NULL, NULL, &tv);
-    }
-}
-
-static void unique_id_child_init(server_rec *s, pool *p)
-{
-    pid_t pid;
-    struct timeval tv;
-    unique_id_rec *cur_unique_id = get_cur_unique_id(1);
-
-    /*
-     * Note that we use the pid because it's possible that on the same
-     * physical machine there are multiple servers (i.e. using Listen). But
-     * it's guaranteed that none of them will share the same pids between
-     * children.
-     */
-    pid = getpid();
-    cur_unique_id->pid = pid;
-
-    /*
-     * Test our assumption that the pid is 32-bits.  It's possible that
-     * 64-bit machines will declare pid_t to be 64 bits but only use 32
-     * of them.  It would have been really nice to test this during
-     * global_init ... but oh well.
-     */
-    if ((pid_t)cur_unique_id->pid != pid) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_CRIT, s,
-		     "oh no! pids are greater than 32-bits!  I'm broken!");
-    }
-
-    memset(&cur_unique_id->addr, 0, sizeof(cur_unique_id->addr));
-    switch (global_addr.ss_family) {
-    case AF_INET:
-      cur_unique_id->addr.in =
-          ((struct sockaddr_in *)&global_addr)->sin_addr.s_addr;
-      break;
-    case AF_INET6:
-#ifdef SHORT_UNIQUE_ID
-      cur_unique_id->addr.in6 =
-          ((struct sockaddr_in6 *)&global_addr)->sin6_addr.s6_addr32[3];
-#else
-      cur_unique_id->addr.in6 =
-          ((struct sockaddr_in6 *)&global_addr)->sin6_addr;
-#endif
-      break;
-    }
-
-    /*
-     * If we use 0 as the initial counter we have a little less protection
-     * against restart problems, and a little less protection against a clock
-     * going backwards in time.
-     */
-    if (gettimeofday(&tv, NULL) == -1) {
-        cur_unique_id->counter = 0;
-    }
-    else {
-	/* Some systems have very low variance on the low end of their
-	 * system counter, defend against that.
-	 */
-        cur_unique_id->counter = tv.tv_usec / 10;
-    }
-
-    /*
-     * We must always use network ordering for these bytes, so that
-     * identifiers are comparable between machines of different byte
-     * orderings.  Note in_addr is already in network order.
-     */
-    cur_unique_id->pid = htonl(cur_unique_id->pid);
-    cur_unique_id->counter = htons(cur_unique_id->counter);
-}
-
-/* NOTE: This is *NOT* the same encoding used by base64encode ... the last two
- * characters should be + and /.  But those two characters have very special
- * meanings in URLs, and we want to make it easy to use identifiers in
- * URLs.  So we replace them with @ and -.
- */
-static const char uuencoder[64] = {
-    'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
-    'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
-    'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
-    'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
-    '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '@', '-',
-};
-
-static int gen_unique_id(request_rec *r)
-{
-    char *str;
-    /*
-     * Buffer padded with two final bytes, used to copy the unique_id_red
-     * structure without the internal paddings that it could have.
-     */
-    struct {
-	unique_id_rec foo;
-	unsigned char pad[2];
-    } paddedbuf;
-    unsigned char *x,*y;
-    unsigned short counter;
-    const char *e;
-    int i,j,k;
-    unique_id_rec *cur_unique_id = get_cur_unique_id(0);
-
-    /* copy the unique_id if this is an internal redirect (we're never
-     * actually called for sub requests, so we don't need to test for
-     * them) */
-    if (r->prev
-	&& (e = ap_table_get(r->subprocess_env, "REDIRECT_UNIQUE_ID"))) {
-	ap_table_setn(r->subprocess_env, "UNIQUE_ID", e);
-	return DECLINED;
-    }
-
-    cur_unique_id->stamp = htonl((unsigned int)r->request_time);
-
-    /* we'll use a temporal buffer to avoid uuencoding the possible internal
-     * paddings of the original structure
-     */
-    x = (unsigned char *) &paddedbuf;
-    y = (unsigned char *) cur_unique_id;
-    k = 0;
-    for (i = 0; i < UNIQUE_ID_REC_MAX; i++) {
-        y = ((unsigned char *) cur_unique_id) + unique_id_rec_offset[i];
-        for (j = 0; j < unique_id_rec_size[i]; j++, k++) {
-            x[k] = y[j];
-        }
-    }
-    /*
-     * We reset two more bytes just in case padding is needed for
-     * the uuencoding.
-     */
-    x[k++] = '\0';
-    x[k++] = '\0';
-    
-    /* alloc str and do the uuencoding */
-    str = (char *)ap_palloc(r->pool, unique_id_rec_size_uu + 1);
-    k = 0;
-    for (i = 0; i < unique_id_rec_total_size; i += 3) {
-        y = x + i;
-        str[k++] = uuencoder[y[0] >> 2];
-        str[k++] = uuencoder[((y[0] & 0x03) << 4) | ((y[1] & 0xf0) >> 4)];
-        if (k == unique_id_rec_size_uu) {
-	    break;
-	}
-        str[k++] = uuencoder[((y[1] & 0x0f) << 2) | ((y[2] & 0xc0) >> 6)];
-        if (k == unique_id_rec_size_uu) {
-	    break;
-	}
-        str[k++] = uuencoder[y[2] & 0x3f];
-    }
-    str[k++] = '\0';
-
-    /* set the environment variable */
-    ap_table_setn(r->subprocess_env, "UNIQUE_ID", str);
-
-    /* and increment the identifier for the next call */
-    counter = ntohs(cur_unique_id->counter) + 1;
-    cur_unique_id->counter = htons(counter);
-
-    return DECLINED;
-}
-
-module MODULE_VAR_EXPORT unique_id_module = {
-    STANDARD_MODULE_STUFF,
-    unique_id_global_init,      /* initializer */
-    NULL,                       /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server configs */
-    NULL,                       /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    unique_id_child_init,       /* child_init */
-    NULL,                       /* child_exit */
-    gen_unique_id               /* post_read_request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_userdir.c b/usr.sbin/httpd/src/modules/standard/mod_userdir.c
deleted file mode 100644
index 100da1446a3..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_userdir.c
+++ /dev/null
@@ -1,381 +0,0 @@
-/*	$OpenBSD: mod_userdir.c,v 1.12 2004/12/02 19:42:48 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_userdir... implement the UserDir command.  Broken away from the
- * Alias stuff for a couple of good and not-so-good reasons:
- *
- * 1) It shows a real minimal working example of how to do something like
- *    this.
- * 2) I know people who are actually interested in changing this *particular*
- *    aspect of server functionality without changing the rest of it.  That's
- *    what this whole modular arrangement is supposed to be good at...
- *
- * Modified by Alexei Kosut to support the following constructs
- * (server running at www.foo.com, request for /~bar/one/two.html)
- *
- * UserDir public_html      -> ~bar/public_html/one/two.html
- * UserDir /usr/web         -> /usr/web/bar/one/two.html
- * UserDir /home/ * /www     -> /home/bar/www/one/two.html
- *  NOTE: theses ^ ^ space only added allow it to work in a comment, ignore
- * UserDir http://x/users   -> (302) http://x/users/bar/one/two.html
- * UserDir http://x/ * /y     -> (302) http://x/bar/y/one/two.html
- *  NOTE: here also ^ ^
- *
- * In addition, you can use multiple entries, to specify alternate
- * user directories (a la Directory Index). For example:
- *
- * UserDir public_html /usr/web http://www.xyz.com/users
- *
- * Modified by Ken Coar to provide for the following:
- *
- * UserDir disable[d] username ...
- * UserDir enable[d] username ...
- *
- * If "disabled" has no other arguments, *all* ~<username> references are
- * disabled, except those explicitly turned on with the "enabled" keyword.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_main.h"
-
-module userdir_module;
-
-typedef struct userdir_config {
-    int globally_disabled;
-    char *userdir;
-    table *enabled_users;
-    table *disabled_users;
-} userdir_config;
-
-/*
- * Server config for this module: global disablement flag, a list of usernames
- * ineligible for UserDir access, a list of those immune to global (but not
- * explicit) disablement, and the replacement string for all others.
- */
-
-static void *create_userdir_config(pool *p, server_rec *s)
-{
-    userdir_config *newcfg;
-
-    newcfg = (userdir_config *) ap_pcalloc(p, sizeof(userdir_config));
-    newcfg->globally_disabled = 0;
-    newcfg->userdir = DEFAULT_USER_DIR;
-    newcfg->enabled_users = ap_make_table(p, 4);
-    newcfg->disabled_users = ap_make_table(p, 4);
-    return (void *) newcfg;
-}
-
-#define O_DEFAULT 0
-#define O_ENABLE 1
-#define O_DISABLE 2
-
-static const char *set_user_dir(cmd_parms *cmd, void *dummy, char *arg)
-{
-    userdir_config *s_cfg;
-    char *username;
-    const char *usernames = arg;
-    char *kw = ap_getword_conf(cmd->pool, &usernames);
-    table *usertable;
-
-    s_cfg = (userdir_config *) ap_get_module_config(cmd->server->module_config,
-                                                    &userdir_module);
-    /*
-     * Let's do the comparisons once.
-     */
-    if ((!strcasecmp(kw, "disable")) || (!strcasecmp(kw, "disabled"))) {
-        /*
-         * If there are no usernames specified, this is a global disable - we
-         * need do no more at this point than record the fact.
-         */
-        if (strlen(usernames) == 0) {
-            s_cfg->globally_disabled = 1;
-            return NULL;
-        }
-        usertable = s_cfg->disabled_users;
-    }
-    else if ((!strcasecmp(kw, "enable")) || (!strcasecmp(kw, "enabled"))) {
-        /*
-         * The "disable" keyword can stand alone or take a list of names, but
-         * the "enable" keyword requires the list.  Whinge if it doesn't have
-         * it.
-         */
-        if (strlen(usernames) == 0) {
-            return "UserDir \"enable\" keyword requires a list of usernames";
-        }
-        usertable = s_cfg->enabled_users;
-    }
-    else {
-        /*
-         * If the first (only?) value isn't one of our keywords, look at each
-         * config 'word' for validity and copy the entire arg to the userdir 
-         * if all paths are valid.
-         */
-        const char *userdirs = arg;
-        while (*userdirs) {
-            char *thisdir = ap_getword_conf(cmd->pool, &userdirs);
-            if (!ap_os_is_path_absolute(thisdir) && !strchr(thisdir, ':')) {
-                if (strchr(thisdir, '*')) {
-                     return "UserDir cannot specify '*' substitution within "
-                            "a relative path";
-                }
-            }
-        }
-        s_cfg->userdir = ap_pstrdup(cmd->pool, arg);
-        ap_server_strip_chroot(s_cfg->userdir, 1);
-        return NULL;
-    }
-    /*
-     * Now we just take each word in turn from the command line and add it to
-     * the appropriate table.
-     */
-    while (*usernames) {
-        username = ap_getword_conf(cmd->pool, &usernames);
-        ap_table_setn(usertable, username, kw);
-    }
-    return NULL;
-}
-
-static const command_rec userdir_cmds[] =
-{
-    {"UserDir", set_user_dir, NULL, RSRC_CONF, RAW_ARGS,
-     "the public subdirectory in users' home directories, or "
-     "'disabled', or 'disabled username username...', or "
-     "'enabled username username...'"},
-    {NULL}
-};
-
-static int translate_userdir(request_rec *r)
-{
-    void *server_conf = r->server->module_config;
-    const userdir_config *s_cfg =
-    (userdir_config *) ap_get_module_config(server_conf, &userdir_module);
-    char *name = r->uri;
-    const char *userdirs = s_cfg->userdir;
-    const char *w, *dname;
-    char *redirect;
-    struct stat statbuf;
-
-    /*
-     * If the URI doesn't match our basic pattern, we've nothing to do with
-     * it.
-     */
-    if ((s_cfg->userdir == NULL)
-        || (name[0] != '/')
-        || (name[1] != '~')) {
-        return DECLINED;
-    }
-
-    dname = name + 2;
-    w = ap_getword(r->pool, &dname, '/');
-
-    /*
-     * The 'dname' funny business involves backing it up to capture the '/'
-     * delimiting the "/~user" part from the rest of the URL, in case there
-     * was one (the case where there wasn't being just "GET /~user HTTP/1.0",
-     * for which we don't want to tack on a '/' onto the filename).
-     */
-
-    if (dname[-1] == '/') {
-        --dname;
-    }
-
-    /*
-     * If there's no username, it's not for us.  Ignore . and .. as well.
-     */
-    if ((w[0] == '\0')
-        || ((w[1] == '.')
-            && ((w[2] == '\0')
-                || ((w[2] == '.') && (w[3] == '\0'))))) {
-        return DECLINED;
-    }
-    /*
-     * Nor if there's an username but it's in the disabled list.
-     */
-    if (ap_table_get(s_cfg->disabled_users, w) != NULL) {
-        return DECLINED;
-    }
-    /*
-     * If there's a global interdiction on UserDirs, check to see if this
-     * name is one of the Blessed.
-     */
-    if (s_cfg->globally_disabled
-        && (ap_table_get(s_cfg->enabled_users, w) == NULL)) {
-        return DECLINED;
-    }
-
-    /*
-     * Special cases all checked, onward to normal substitution processing.
-     */
-
-    while (*userdirs) {
-        const char *userdir = ap_getword_conf(r->pool, &userdirs);
-        char *filename = NULL;
-        int is_absolute = ap_os_is_path_absolute(userdir);
-
-        if (strchr(userdir, '*')) {
-            /* token '*' embedded:
-             */
-            char *x = ap_getword(r->pool, &userdir, '*');
-            if (is_absolute) {
-                /* token '*' within absolute path
-                 * serves [UserDir arg-pre*][user][UserDir arg-post*]
-                 * /somepath/ * /somedir + /~smith -> /somepath/smith/somedir
-                 */
-                filename = ap_pstrcat(r->pool, x, w, userdir, NULL);
-            }
-            else if (strchr(x, ':')) {
-                /* token '*' within a redirect path
-                 * serves [UserDir arg-pre*][user][UserDir arg-post*]
-                 * http://server/user/ * + /~smith/foo ->
-                 *   http://server/user/smith/foo
-                 */
-                redirect = ap_pstrcat(r->pool, x, w, userdir, dname, NULL);
-                ap_table_setn(r->headers_out, "Location", redirect);
-                return REDIRECT;
-            }
-            else {
-                /* Not a redirect, not an absolute path, '*' token:
-                 * serves [homedir]/[UserDir arg]
-                 * something/ * /public_html
-                 * Shouldn't happen, we trap for this in set_user_dir
-                 */
-                return DECLINED;
-            }
-        }
-        else if (is_absolute) {
-            /* An absolute path, no * token:
-             * serves [UserDir arg]/[user]
-             * /home + /~smith -> /home/smith
-             */
-            if (userdir[strlen(userdir) - 1] == '/')
-                filename = ap_pstrcat(r->pool, userdir, w, NULL);
-            else
-                filename = ap_pstrcat(r->pool, userdir, "/", w, NULL);
-        }
-        else if (strchr(userdir, ':')) {
-            /* A redirect, not an absolute path, no * token:
-             * serves [UserDir arg]/[user][dname]
-             * http://server/ + /~smith/foo -> http://server/smith/foo
-             */
-            if (userdir[strlen(userdir) - 1] == '/') {
-                redirect = ap_pstrcat(r->pool, userdir, w, dname, NULL);
-            }
-            else {
-                redirect = ap_pstrcat(r->pool, userdir, "/", w, dname, NULL);
-            }
-            ap_table_setn(r->headers_out, "Location", redirect);
-            return REDIRECT;
-        }
-        else {
-            /* Not a redirect, not an absolute path, no * token:
-             * serves [homedir]/[UserDir arg]
-             * e.g. /~smith -> /home/smith/public_html
-             */
-            struct passwd *pw;
-            if ((pw = getpwnam(w))) {
-                filename = ap_pstrcat(r->pool, pw->pw_dir, "/",
-                                      userdir, NULL);
-            }
-        }
-
-        /*
-         * Now see if it exists, or we're at the last entry. If we are at the
-         * last entry, then use the filename generated (if there is one)
-         * anyway, in the hope that some handler might handle it. This can be
-         * used, for example, to run a CGI script for the user.
-         */
-        if (filename && (!*userdirs || stat(filename, &statbuf) != -1)) {
-            r->filename = ap_pstrcat(r->pool, filename, dname, NULL);
-	    /* when statbuf contains info on r->filename we can save a syscall
-	     * by copying it to r->finfo
-	     */
-	    if (*userdirs && dname[0] == 0) {
-		r->finfo = statbuf;
-            }
-            return OK;
-        }
-    }
-
-    return DECLINED;
-}
-
-module userdir_module = {
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    NULL,                       /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    create_userdir_config,      /* server config */
-    NULL,                       /* merge server config */
-    userdir_cmds,               /* command table */
-    NULL,                       /* handlers */
-    translate_userdir,          /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_usertrack.c b/usr.sbin/httpd/src/modules/standard/mod_usertrack.c
deleted file mode 100644
index 7dd6f193bba..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_usertrack.c
+++ /dev/null
@@ -1,577 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* User Tracking Module (Was mod_cookies.c)
- *
- * *** IMPORTANT NOTE: This module is not designed to generate 
- * *** cryptographically secure cookies.  This means you should not 
- * *** use cookies generated by this module for authentication purposes
- *
- * This Apache module is designed to track users paths through a site.
- * It uses the client-side state ("Cookie") protocol developed by Netscape.
- * It is known to work on most browsers.
- *
- * Each time a page is requested we look to see if the browser is sending
- * us a Cookie: header that we previously generated.
- *
- * If we don't find one then the user hasn't been to this site since
- * starting their browser or their browser doesn't support cookies.  So
- * we generate a unique Cookie for the transaction and send it back to
- * the browser (via a "Set-Cookie" header)
- * Future requests from the same browser should keep the same Cookie line.
- *
- * By matching up all the requests with the same cookie you can
- * work out exactly what path a user took through your site.  To log
- * the cookie use the " %{Cookie}n " directive in a custom access log;
- *
- * Example 1 : If you currently use the standard Log file format (CLF)
- * and use the command "TransferLog somefilename", add the line
- *       LogFormat "%h %l %u %t \"%r\" %s %b %{Cookie}n"
- * to your config file.
- *
- * Example 2 : If you used to use the old "CookieLog" directive, you
- * can emulate it by adding the following command to your config file
- *       CustomLog filename "%{Cookie}n \"%r\" %t"
- *
- * Mark Cox, mjc@apache.org, 6 July 95
- *
- * This file replaces mod_cookies.c
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include <sys/time.h>
-
-module MODULE_VAR_EXPORT usertrack_module;
-
-typedef struct {
-    int always;
-    time_t expires;
-} cookie_log_state;
-
-typedef enum {
-    CT_UNSET,
-    CT_NETSCAPE,
-    CT_COOKIE,
-    CT_COOKIE2
-} cookie_type_e;
-
-typedef enum {
-    CF_NORMAL,
-    CF_COMPACT
-} cookie_format_e;
-
-typedef struct {
-    int enabled;
-    cookie_type_e style;
-    cookie_format_e format;
-    char *cookie_name;
-    char *cookie_domain;
-    char *prefix_string;
-    char *regexp_string;  /* used to compile regexp; save for debugging */
-    regex_t *regexp;  /* used to find usertrack cookie in cookie header */
-} cookie_dir_rec;
-
-/* Define this to allow post-2000 cookies. Cookies use two-digit dates,
- * so it might be dicey. (Netscape does it correctly, but others may not)
- */
-#define MILLENIAL_COOKIES
-
-/* Default name of the cookie
- */
-#define COOKIE_NAME "Apache"
-
-
-/* Make cookie id: Try to make something unique based on 
- * pid, time, and hostid, plus the user-configurable prefix.
- *
- */
-static char * make_cookie_id(char * buffer, int bufsize, request_rec *r,
-                             cookie_format_e cformat)
-{
-    struct timeval tv;
-    struct timezone tz = {0, 0};
-    char hbuf[NI_MAXHOST];
-    const char *rname;
-    cookie_dir_rec *dcfg;
-
-    long reqtime = (long) r->request_time;
-    long clocktime;
-
-    getnameinfo((struct sockaddr *)&r->connection->remote_addr,
-        r->connection->remote_addr.ss_len,
-        hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST);
-
-    rname = ap_get_remote_host(r->connection, r->per_dir_config,
-					   REMOTE_NAME);
-    dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
-
-    gettimeofday(&tv, &tz);
-
-    reqtime = (long) tv.tv_sec;
-    if (cformat == CF_COMPACT)
-	clocktime = (long) (tv.tv_usec % 65535);
-    else
-	clocktime = (long) (tv.tv_usec / 1000);
-
-    if (cformat == CF_COMPACT)
-	ap_snprintf(buffer, bufsize, "%s%s%x%lx%lx", 
-		    dcfg->prefix_string, hbuf, (int) getpid(),
-                    reqtime, clocktime);
-    else
-	ap_snprintf(buffer, bufsize, "%s%s.%d%ld%ld", 
-		    dcfg->prefix_string, rname, (int) getpid(),
-                    reqtime, clocktime);
-
-    return buffer;
-}
-
-
-
-static void make_cookie(request_rec *r)
-{
-    cookie_log_state *cls = ap_get_module_config(r->server->module_config,
-						 &usertrack_module);
-
-    /* 1024 == hardcoded constant */
-    char cookiebuf[1024];
-    char *new_cookie;
-    cookie_dir_rec *dcfg;
-
-    dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
-
-    make_cookie_id(cookiebuf, sizeof(cookiebuf), r, dcfg->format);
-
-    if (cls->expires) {
-        struct tm *tms;
-        time_t when;
-
-        when = cls->expires;
-        if ((dcfg->style == CT_UNSET) || (dcfg->style == CT_NETSCAPE)) {
-            when += r->request_time;
-
-#ifndef MILLENIAL_COOKIES
-        /*
-         * Only two-digit date string, so we can't trust "00" or more.
-         * Therefore, we knock it all back to just before midnight on
-         * 1/1/2000 (which is 946684799)
-         */
-
-        if (when > 946684799)
-            when = 946684799;
-#endif
-        }
-        tms = gmtime(&when);
-
-        /* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
-        new_cookie = ap_psprintf(r->pool, "%s=%s; path=/",
-                                 dcfg->cookie_name, cookiebuf);
-        if ((dcfg->style == CT_UNSET) || (dcfg->style == CT_NETSCAPE)) {
-            new_cookie = ap_psprintf(r->pool, "%s; "
-                                     "expires=%s, %.2d-%s-%.2d "
-                                     "%.2d:%.2d:%.2d GMT",
-                                     new_cookie,
-                                     ap_day_snames[tms->tm_wday],
-                                     tms->tm_mday,
-                                     ap_month_snames[tms->tm_mon],
-                                     tms->tm_year % 100,
-                                     tms->tm_hour, tms->tm_min, tms->tm_sec);
-        }
-        else {
-            new_cookie = ap_psprintf(r->pool, "%s; max-age=%d",
-                                     new_cookie, (int) when);
-        }
-    }
-    else {
-	new_cookie = ap_psprintf(r->pool, "%s=%s; path=/",
-				 dcfg->cookie_name, cookiebuf);
-    }
-    if (dcfg->cookie_domain != NULL) {
-        new_cookie = ap_psprintf(r->pool, "%s; domain=%s",
-                                 new_cookie, dcfg->cookie_domain);
-    }
-    if (dcfg->style == CT_COOKIE2) {
-        new_cookie = ap_pstrcat(r->pool, new_cookie, "; version=1", NULL);
-    }
-
-    ap_table_setn(r->headers_out,
-                  (dcfg->style == CT_COOKIE2 ? "Set-Cookie2" : "Set-Cookie"),
-                  new_cookie);
-    ap_table_setn(r->notes, "cookie", ap_pstrdup(r->pool, cookiebuf));   /* log first time */
-    return;
-}
-
-/*
- * dcfg->regexp is "^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)",
- * which has three subexpressions, $0..$2
- */
-#define NUM_SUBS 3
-
-static void set_and_comp_regexp(cookie_dir_rec *dcfg, 
-                                pool *p,
-                                const char *cookie_name) 
-{
-    /*
-     * The goal is to end up with this regexp, 
-     * ^cookie_name=([^;]+)|;[\t]+cookie_name=([^;]+) 
-     * with cookie_name obviously substituted either
-     * with the real cookie name set by the user in httpd.conf,
-     * or with the default COOKIE_NAME.
-     */
-    dcfg->regexp_string = ap_pstrcat(p, "^", cookie_name,
-                                     "=([^;]+)|;[ \t]+", cookie_name,
-                                     "=([^;]+)", NULL);
-    dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, REG_EXTENDED);
-}
-
-static int spot_cookie(request_rec *r)
-{
-    cookie_dir_rec *dcfg = ap_get_module_config(r->per_dir_config,
-						&usertrack_module);
-    const char *cookie_header;
-    regmatch_t regm[NUM_SUBS];
-
-    if (!dcfg->enabled) {
-        return DECLINED;
-    }
-
-    if ((cookie_header = ap_table_get(r->headers_in,
-                                      (dcfg->style == CT_COOKIE2
-                                       ? "Cookie2"
-                                       : "Cookie")))) {
-	if (!ap_regexec(dcfg->regexp, cookie_header, NUM_SUBS, regm, 0)) {
-	    char *cookieval = NULL;
-	    /* Our regexp,
-	     * ^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)
-	     * only allows for $1 or $2 to be available. ($0 is always
-	     * filled with the entire matched expression, not just
-	     * the part in parentheses.) So just check for either one
-	     * and assign to cookieval if present. */
-	    if (regm[1].rm_so != -1) {
-		cookieval = ap_pregsub(r->pool, "$1", cookie_header, 
-                                       NUM_SUBS, regm);
-	    }
-	    if (regm[2].rm_so != -1) {
-		cookieval = ap_pregsub(r->pool, "$2", cookie_header, 
-                                       NUM_SUBS, regm);
-	    }
-	    /* Set the cookie in a note, for logging */
-	    ap_table_setn(r->notes, "cookie", cookieval);
-
-	    return DECLINED;    /* There's already a cookie, no new one */
-	}
-    }
-    make_cookie(r);
-    return OK;                  /* We set our cookie */
-}
-
-static void *make_cookie_log_state(pool *p, server_rec *s)
-{
-    cookie_log_state *cls =
-    (cookie_log_state *) ap_palloc(p, sizeof(cookie_log_state));
-
-    cls->expires = 0;
-
-    return (void *) cls;
-}
-
-static void *make_cookie_dir(pool *p, char *d)
-{
-    cookie_dir_rec *dcfg;
-
-    dcfg = (cookie_dir_rec *) ap_pcalloc(p, sizeof(cookie_dir_rec));
-    dcfg->cookie_name = COOKIE_NAME;
-    dcfg->cookie_domain = NULL;
-    dcfg->prefix_string = "";
-    dcfg->style = CT_UNSET;
-    dcfg->format = CF_NORMAL;
-    dcfg->enabled = 0;
-    /*
-     * In case the user does not use the CookieName directive,
-     * we need to compile the regexp for the default cookie name.
-     */
-    set_and_comp_regexp(dcfg, p, COOKIE_NAME);
-    return dcfg;
-}
-
-static const char *set_cookie_enable(cmd_parms *cmd, void *mconfig, int arg)
-{
-    cookie_dir_rec *dcfg = mconfig;
-
-    dcfg->enabled = arg;
-    return NULL;
-}
-
-static const char *set_cookie_exp(cmd_parms *parms, void *dummy,
-                                  const char *arg)
-{
-    cookie_log_state *cls;
-    time_t factor, modifier = 0;
-    time_t num = 0;
-    char *word;
-
-    cls  = ap_get_module_config(parms->server->module_config,
-                                &usertrack_module);
-    /* The simple case first - all numbers (we assume) */
-    if (ap_isdigit(arg[0]) && ap_isdigit(arg[strlen(arg) - 1])) {
-        cls->expires = atol(arg);
-        return NULL;
-    }
-
-    /*
-     * The harder case - stolen from mod_expires 
-     *
-     * CookieExpires "[plus] {<num> <type>}*"
-     */
-
-    word = ap_getword_conf(parms->pool, &arg);
-    if (!strncasecmp(word, "plus", 1)) {
-        word = ap_getword_conf(parms->pool, &arg);
-    };
-
-    /* {<num> <type>}* */
-    while (word[0]) {
-        /* <num> */
-	if (ap_isdigit(word[0]))
-            num = atoi(word);
-        else
-            return "bad expires code, numeric value expected.";
-
-        /* <type> */
-        word = ap_getword_conf(parms->pool, &arg);
-        if (!word[0])
-            return "bad expires code, missing <type>";
-
-        factor = 0;
-        if (!strncasecmp(word, "years", 1))
-            factor = 60 * 60 * 24 * 365;
-        else if (!strncasecmp(word, "months", 2))
-            factor = 60 * 60 * 24 * 30;
-        else if (!strncasecmp(word, "weeks", 1))
-            factor = 60 * 60 * 24 * 7;
-        else if (!strncasecmp(word, "days", 1))
-            factor = 60 * 60 * 24;
-        else if (!strncasecmp(word, "hours", 1))
-            factor = 60 * 60;
-        else if (!strncasecmp(word, "minutes", 2))
-            factor = 60;
-        else if (!strncasecmp(word, "seconds", 1))
-            factor = 1;
-        else
-            return "bad expires code, unrecognized type";
-
-        modifier = modifier + factor * num;
-
-        /* next <num> */
-        word = ap_getword_conf(parms->pool, &arg);
-    }
-
-    cls->expires = modifier;
-
-    return NULL;
-}
-
-static const char *set_cookie_name(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;
-
-    dcfg->cookie_name = ap_pstrdup(cmd->pool, name);
-
-    set_and_comp_regexp(dcfg, cmd->pool, name);
-
-    if (dcfg->regexp == NULL) {
-	return "Regular expression could not be compiled.";
-    }
-    if (dcfg->regexp->re_nsub + 1 != NUM_SUBS) {
-        return ap_pstrcat(cmd->pool, "Invalid cookie name \"",
-                           name, "\"", NULL);
-    }
-
-    return NULL;
-}
-
-/*
- * Set the value for the 'Domain=' attribute.
- */
-static const char *set_cookie_domain(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg;
-
-    dcfg = (cookie_dir_rec *) mconfig;
-
-    /*
-     * Apply the restrictions on cookie domain attributes.
-     */
-    if (strlen(name) == 0) {
-        return "CookieDomain values may not be null";
-    }
-    if (name[0] != '.') {
-        return "CookieDomain values must begin with a dot";
-    }
-    if (strchr(&name[1], '.') == NULL) {
-        return "CookieDomain values must contain at least one embedded dot";
-    }
-
-    dcfg->cookie_domain = ap_pstrdup(cmd->pool, name);
-    return NULL;
-}
-
-/*
- * Make a note of the cookie style we should use.
- */
-static const char *set_cookie_style(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg;
-
-    dcfg = (cookie_dir_rec *) mconfig;
-
-    if (strcasecmp(name, "Netscape") == 0) {
-        dcfg->style = CT_NETSCAPE;
-    }
-    else if ((strcasecmp(name, "Cookie") == 0)
-             || (strcasecmp(name, "RFC2109") == 0)) {
-        dcfg->style = CT_COOKIE;
-    }
-    else if ((strcasecmp(name, "Cookie2") == 0)
-             || (strcasecmp(name, "RFC2965") == 0)) {
-        dcfg->style = CT_COOKIE2;
-    }
-    else {
-        return ap_psprintf(cmd->pool, "Invalid %s keyword: '%s'",
-                           cmd->cmd->name, name);
-    }
-
-    return NULL;
-}
-
-/*
- * Make a note of the cookie format we should use.
- */
-static const char *set_cookie_format(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg;
-
-    dcfg = (cookie_dir_rec *) mconfig;
-
-    if (strcasecmp(name, "Normal") == 0) {
-        dcfg->format = CF_NORMAL;
-    }
-    else if (strcasecmp(name, "Compact") == 0) {
-        dcfg->format = CF_COMPACT;
-    }
-    else {
-        return ap_psprintf(cmd->pool, "Invalid %s keyword: '%s'",
-                           cmd->cmd->name, name);
-    }
-
-    return NULL;
-}
-
-static const char *set_cookie_prefix(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;
-
-    dcfg->prefix_string = ap_pstrdup(cmd->pool, name);
-
-    return NULL;
-}
-
-
-static const command_rec cookie_log_cmds[] = {
-    {"CookieExpires", set_cookie_exp, NULL, OR_FILEINFO, TAKE1,
-     "an expiry date code"},
-    {"CookieTracking", set_cookie_enable, NULL, OR_FILEINFO, FLAG,
-     "whether or not to enable cookies"},
-    {"CookieName", set_cookie_name, NULL, OR_FILEINFO, TAKE1,
-     "name of the tracking cookie"},
-    {"CookieDomain", set_cookie_domain, NULL, OR_FILEINFO, TAKE1,
-     "domain to which this cookie applies"},
-    {"CookieStyle", set_cookie_style, NULL, OR_FILEINFO, TAKE1,
-     "'Netscape', 'Cookie' (RFC2109), or 'Cookie2' (RFC2965)"},
-    {"CookieFormat", set_cookie_format, NULL, OR_FILEINFO, TAKE1,
-     "'Normal' or 'Compact'"},
-    {"CookiePrefix", set_cookie_prefix, NULL, OR_FILEINFO, TAKE1,
-     "String prepended to cookie"},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT usertrack_module = {
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    make_cookie_dir,            /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    make_cookie_log_state,      /* server config */
-    NULL,                       /* merge server configs */
-    cookie_log_cmds,            /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    spot_cookie,                /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
-
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_vhost_alias.c b/usr.sbin/httpd/src/modules/standard/mod_vhost_alias.c
deleted file mode 100644
index f40e4e4d2cd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_vhost_alias.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*	$OpenBSD: mod_vhost_alias.c,v 1.8 2003/08/21 13:11:37 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_vhost_alias.c: support for dynamically configured mass virtual hosting
- * 
- * Copyright (c) 1998-1999 Demon Internet Ltd.
- *
- * This software was submitted by Demon Internet to the Apache Group
- * in May 1999. Future revisions and derivatives of this source code
- * must acknowledge Demon Internet as the original contributor of
- * this module. All other licensing and usage conditions are those
- * of the Apache Group.
- *
- * Originally written by Tony Finch <fanf@demon.net> <dot@dotat.at>.
- *
- * Implementation ideas were taken from mod_alias.c. The overall
- * concept is derived from the OVERRIDE_DOC_ROOT/OVERRIDE_CGIDIR
- * patch to Apache 1.3b3 and a similar feature in Demon's thttpd,
- * both written by James Grinter <jrg@blodwen.demon.co.uk>.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_main.h"
-
-
-module MODULE_VAR_EXPORT vhost_alias_module;
-
-
-/*
- * basic configuration things
- * we abbreviate "mod_vhost_alias" to "mva" for shorter names
- */
-
-typedef enum {
-    VHOST_ALIAS_UNSET, VHOST_ALIAS_NONE, VHOST_ALIAS_NAME, VHOST_ALIAS_IP
-} mva_mode_e;
-
-/*
- * Per-server module config record.
- */
-typedef struct mva_sconf_t {
-    char *doc_root;
-    char *cgi_root;
-    mva_mode_e doc_root_mode;
-    mva_mode_e cgi_root_mode;
-} mva_sconf_t;
-
-static void *mva_create_server_config(pool *p, server_rec *s)
-{
-    mva_sconf_t *conf;
-
-    conf = (mva_sconf_t *) ap_pcalloc(p, sizeof(mva_sconf_t));
-    conf->doc_root = NULL;
-    conf->cgi_root = NULL;
-    conf->doc_root_mode = VHOST_ALIAS_UNSET;
-    conf->cgi_root_mode = VHOST_ALIAS_UNSET;
-    return conf;
-}
-
-static void *mva_merge_server_config(pool *p, void *parentv, void *childv)
-{
-    mva_sconf_t *parent = (mva_sconf_t *) parentv;
-    mva_sconf_t *child = (mva_sconf_t *) childv;
-    mva_sconf_t *conf;
-
-    conf = (mva_sconf_t *) ap_pcalloc(p, sizeof(*conf));
-    if (child->doc_root_mode == VHOST_ALIAS_UNSET) {
-	conf->doc_root_mode = parent->doc_root_mode;
-	conf->doc_root = parent->doc_root;
-    }
-    else {
-	conf->doc_root_mode = child->doc_root_mode;
-	conf->doc_root = child->doc_root;
-    }
-    if (child->cgi_root_mode == VHOST_ALIAS_UNSET) {
-	conf->cgi_root_mode = parent->cgi_root_mode;
-	conf->cgi_root = parent->cgi_root;
-    }
-    else {
-	conf->cgi_root_mode = child->cgi_root_mode;
-	conf->cgi_root = child->cgi_root;
-    }
-    return conf;
-}
-
-
-/*
- * These are just here to tell us what vhost_alias_set should do.
- * We don't put anything into them; we just use the cell addresses.
- */
-static int vhost_alias_set_doc_root_ip,
-    vhost_alias_set_cgi_root_ip,
-    vhost_alias_set_doc_root_name,
-    vhost_alias_set_cgi_root_name;
-
-static const char *vhost_alias_set(cmd_parms *cmd, void *dummy, char *map)
-{
-    mva_sconf_t *conf;
-    mva_mode_e mode, *pmode;
-    char **pmap;
-    char *p;
-  
-    conf = (mva_sconf_t *) ap_get_module_config(cmd->server->module_config,
-						&vhost_alias_module);
-    /* there ought to be a better way of doing this */
-    if (&vhost_alias_set_doc_root_ip == cmd->info) {
-	mode = VHOST_ALIAS_IP;
-	pmap = &conf->doc_root;
-	pmode = &conf->doc_root_mode;
-    }
-    else if (&vhost_alias_set_cgi_root_ip == cmd->info) {
-	mode = VHOST_ALIAS_IP;
-	pmap = &conf->cgi_root;
-	pmode = &conf->cgi_root_mode;
-    }
-    else if (&vhost_alias_set_doc_root_name == cmd->info) {
-	mode = VHOST_ALIAS_NAME;
-	pmap = &conf->doc_root;
-	pmode = &conf->doc_root_mode;
-    }
-    else if (&vhost_alias_set_cgi_root_name == cmd->info) {
-	mode = VHOST_ALIAS_NAME;
-	pmap = &conf->cgi_root;
-	pmode = &conf->cgi_root_mode;
-    }
-    else {
-	return "INTERNAL ERROR: unknown command info";
-    }
-
-    ap_server_strip_chroot(map, 1);
-
-    if (!(ap_os_is_path_absolute(map))) {
-	if (strcasecmp(map, "none")) {
-	    return "format string must be an absolute file path or 'none'";
-	}
-	*pmap = NULL;
-	*pmode = VHOST_ALIAS_NONE;
-	return NULL;
-    }
-
-    /* sanity check */
-    p = map;
-    while (*p != '\0') {
-	if (*p++ != '%') {
-	    continue;
-	}
-	/* we just found a '%' */
-	if (*p == 'p' || *p == '%') {
-	    ++p;
-	    continue;
-	}
-	/* optional dash */
-	if (*p == '-') {
-	    ++p;
-	}
-	/* digit N */
-	if (ap_isdigit(*p)) {
-	    ++p;
-	}
-	else {
-	    return "syntax error in format string";
-	}
-	/* optional plus */
-	if (*p == '+') {
-	    ++p;
-	}
-	/* do we end here? */
-	if (*p != '.') {
-	    continue;
-	}
-	++p;
-	/* optional dash */
-	if (*p == '-') {
-	    ++p;
-	}
-	/* digit M */
-	if (ap_isdigit(*p)) {
-	    ++p;
-	}
-	else {
-	    return "syntax error in format string";
-	}
-	/* optional plus */
-	if (*p == '+') {
-	    ++p;
-	}
-    }
-    *pmap = map;
-    *pmode = mode;
-    return NULL;
-}
-
-static const command_rec mva_commands[] =
-{
-    {"VirtualScriptAlias", vhost_alias_set, &vhost_alias_set_cgi_root_name,
-     RSRC_CONF, TAKE1, "how to create a ScriptAlias based on the host"},
-    {"VirtualDocumentRoot", vhost_alias_set, &vhost_alias_set_doc_root_name,
-     RSRC_CONF, TAKE1, "how to create the DocumentRoot based on the host"},
-    {"VirtualScriptAliasIP", vhost_alias_set, &vhost_alias_set_cgi_root_ip,
-     RSRC_CONF, TAKE1, "how to create a ScriptAlias based on the host"},
-    {"VirtualDocumentRootIP", vhost_alias_set, &vhost_alias_set_doc_root_ip,
-     RSRC_CONF, TAKE1, "how to create the DocumentRoot based on the host"},
-    { NULL }
-};
-
-
-/*
- * This really wants to be a nested function
- * but C is too feeble to support them.
- */
-static ap_inline void vhost_alias_checkspace(request_rec *r, char *buf,
-					     char **pdest, int size)
-{
-    /* XXX: what if size > HUGE_STRING_LEN? */
-    if (*pdest + size > buf + HUGE_STRING_LEN) {
-	**pdest = '\0';
-	if (r->filename) {
-	    r->filename = ap_pstrcat(r->pool, r->filename, buf, NULL);
-	}
-	else {
-	    r->filename = ap_pstrdup(r->pool, buf);
-	}
-	*pdest = buf;
-    }
-}
-
-static void vhost_alias_interpolate(request_rec *r, const char *name,
-				    const char *map, const char *uri)
-{
-    /* 0..9 9..0 */
-    enum { MAXDOTS = 19 };
-    const char *dots[MAXDOTS+1];
-    int ndots;
-
-    char buf[HUGE_STRING_LEN];
-    char *dest, last;
-
-    int N, M, Np, Mp, Nd, Md;
-    const char *start, *end;
-
-    const char *p;
-
-    ndots = 0;
-    dots[ndots++] = name-1; /* slightly naughty */
-    for (p = name; *p; ++p){
-	if (*p == '.' && ndots < MAXDOTS) {
-	    dots[ndots++] = p;
-	}
-    }
-    dots[ndots] = p;
-
-    r->filename = NULL;
-  
-    dest = buf;
-    last = '\0';
-    while (*map) {
-	if (*map != '%') {
-	    /* normal characters */
-	    vhost_alias_checkspace(r, buf, &dest, 1);
-	    last = *dest++ = *map++;
-	    continue;
-	}
-	/* we are in a format specifier */
-	++map;
-	/* can't be a slash */
-	last = '\0';
-	/* %% -> % */
-	if (*map == '%') {
-	    ++map;
-	    vhost_alias_checkspace(r, buf, &dest, 1);
-	    *dest++ = '%';
-	    continue;
-	}
-	/* port number */
-	if (*map == 'p') {
-	    ++map;
-	    /* no. of decimal digits in a short plus one */
-	    vhost_alias_checkspace(r, buf, &dest, 7);
-	    dest += ap_snprintf(dest, 7, "%d", ap_get_server_port(r));
-	    continue;
-	}
-	/* deal with %-N+.-M+ -- syntax is already checked */
-	N = M = 0;   /* value */
-	Np = Mp = 0; /* is there a plus? */
-	Nd = Md = 0; /* is there a dash? */
-	if (*map == '-') ++map, Nd = 1;
-	N = *map++ - '0';
-	if (*map == '+') ++map, Np = 1;
-	if (*map == '.') {
-	    ++map;
-	    if (*map == '-') {
-		++map, Md = 1;
-	    }
-	    M = *map++ - '0';
-	    if (*map == '+') {
-		++map, Mp = 1;
-	    }
-	}
-	/* note that N and M are one-based indices, not zero-based */
-	start = dots[0]+1; /* ptr to the first character */
-	end = dots[ndots]; /* ptr to the character after the last one */
-	if (N != 0) {
-	    if (N > ndots) {
-		start = "_";
-		end = start+1;
-	    }
-	    else if (!Nd) {
-		start = dots[N-1]+1;
-		if (!Np) {
-		    end = dots[N];
-		}
-	    }
-	    else {
-		if (!Np) {
-		    start = dots[ndots-N]+1;
-		}
-		end = dots[ndots-N+1];
-	    }
-	}
-	if (M != 0) {
-	    if (M > end - start) {
-		start = "_";
-		end = start+1;
-	    }
-	    else if (!Md) {
-		start = start+M-1;
-		if (!Mp) {
-		    end = start+1;
-		}
-	    }
-	    else {
-		if (!Mp) {
-		    start = end-M;
-		}
-		end = end-M+1;
-	    }
-	}
-	vhost_alias_checkspace(r, buf, &dest, end - start);
-	for (p = start; p < end; ++p) {
-	    *dest++ = ap_tolower(*p);
-	}
-    }
-    *dest = '\0';
-    /* no double slashes */
-    if (last == '/') {
-	++uri;
-    }
-    if (r->filename) {
-	r->filename = ap_pstrcat(r->pool, r->filename, buf, uri, NULL);
-    }
-    else {
-	r->filename = ap_pstrcat(r->pool, buf, uri, NULL);
-    }
-}
-
-static int mva_translate(request_rec *r)
-{
-    mva_sconf_t *conf;
-    const char *name, *map, *uri;
-    mva_mode_e mode;
-    const char *cgi;
-  
-    conf = (mva_sconf_t *) ap_get_module_config(r->server->module_config,
-					      &vhost_alias_module);
-    cgi = NULL;
-    if (conf->cgi_root) {
-	cgi = strstr(r->uri, "cgi-bin/");
-	if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
-	    cgi = NULL;
-	}
-    }
-    if (cgi) {
-	mode = conf->cgi_root_mode;
-	map = conf->cgi_root;
-	uri = cgi + strlen("cgi-bin");
-    }
-    else if (r->uri[0] == '/') {
-	mode = conf->doc_root_mode;
-	map = conf->doc_root;
-	uri = r->uri;
-    }
-    else {
-	return DECLINED;
-    }
-  
-    if (mode == VHOST_ALIAS_NAME) {
-	name = ap_get_server_name(r);
-    }
-    else if (mode == VHOST_ALIAS_IP) {
-	name = r->connection->local_ip;
-    }
-    else {
-	return DECLINED;
-    }
-
-    vhost_alias_interpolate(r, name, map, uri);
-
-    if (cgi) {
-	/* see is_scriptaliased() in mod_cgi */
-	r->handler = "cgi-script";
-	ap_table_setn(r->notes, "alias-forced-type", r->handler);
-    }
-
-    return OK;
-}
-
-
-module MODULE_VAR_EXPORT vhost_alias_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    NULL,			/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    mva_create_server_config,	/* server config */
-    mva_merge_server_config,	/* merge server configs */
-    mva_commands,		/* command table */
-    NULL,			/* handlers */
-    mva_translate,		/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/os/unix/Makefile.tmpl b/usr.sbin/httpd/src/os/unix/Makefile.tmpl
deleted file mode 100644
index a9e1205ec0d..00000000000
--- a/usr.sbin/httpd/src/os/unix/Makefile.tmpl
+++ /dev/null
@@ -1,47 +0,0 @@
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-
-OBJS=	os.o os-inline.o
-
-LIB=	libos.a
-
-all:	$(LIB)
-
-$(LIB): $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-clean:
-	rm -f $(OBJS) $(LIB)
-
-distclean: clean
-	-rm -f Makefile
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-$(OBJS): Makefile
-
-# DO NOT REMOVE
-os-aix-dso.o: os-aix-dso.c
-os-inline.o: os-inline.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h
-os.o: os.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h os.h
diff --git a/usr.sbin/httpd/src/os/unix/os-inline.c b/usr.sbin/httpd/src/os/unix/os-inline.c
deleted file mode 100644
index fbbbd3f0999..00000000000
--- a/usr.sbin/httpd/src/os/unix/os-inline.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/* $OpenBSD: os-inline.c,v 1.3 2005/03/28 22:41:51 niallo Exp $ */
-
-/*
- * This file contains functions which can be inlined if the compiler
- * has an "inline" modifier. Because of this, this file is both a
- * header file and a compilable module.
- *
- * Only inlineable functions should be defined in here. They must all
- * include the INLINE modifier. 
- *
- * If the compiler supports inline, this file will be #included as a
- * header file from os.h to create all the inline function
- * definitions. INLINE will be defined to whatever is required on
- * function definitions to make them inline declarations.
- *
- * If the compiler does not support inline, this file will be compiled
- * as a normal C file into libos.a (along with os.c). In this case
- * INLINE will _not_ be set so we can use this to test if we are
- * compiling this source file.  
- */
-
-#ifndef INLINE
-#define INLINE
-
-/* Anything required only when compiling */
-#include "ap_config.h"
-
-#endif
-
-INLINE int
-ap_os_is_path_absolute(const char *file)
-{
-	return file[0] == '/';
-}
diff --git a/usr.sbin/httpd/src/os/unix/os.c b/usr.sbin/httpd/src/os/unix/os.c
deleted file mode 100644
index bb8dc1cd4e3..00000000000
--- a/usr.sbin/httpd/src/os/unix/os.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/* $OpenBSD: os.c,v 1.11 2005/03/28 22:41:51 niallo Exp $ */
-
-/*
- * This file will include OS specific functions which are not inlineable.
- * Any inlineable functions should be defined in os-inline.c instead.
- */
-
-#include "ap_config.h"
-#include "os.h"
-
-
-/* some linkers complain unless there's at least one function in each
- * .o file... and extra prototype is for gcc -Wmissing-prototypes
- */
-extern void ap_is_not_here(void);
-
-void
-ap_is_not_here(void)
-{
-}
-
-/*
- *  Abstraction layer for loading
- *  Apache modules under run-time via 
- *  dynamic shared object (DSO) mechanism
- */
-
-void
-ap_os_dso_init(void)
-{
-}
-
-void
-*ap_os_dso_load(const char *path)
-{
-	return dlopen(path, RTLD_NOW | RTLD_GLOBAL);
-}
-
-void
-ap_os_dso_unload(void *handle)
-{
-	dlclose(handle);
-	return;
-}
-
-void
-*ap_os_dso_sym(void *handle, const char *symname)
-{
-	return dlsym(handle, symname);
-}
-
-const char *
-ap_os_dso_error(void)
-{
-	return dlerror();
-}
diff --git a/usr.sbin/httpd/src/os/unix/os.h b/usr.sbin/httpd/src/os/unix/os.h
deleted file mode 100644
index 0b16017f12b..00000000000
--- a/usr.sbin/httpd/src/os/unix/os.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/* $OpenBSD: os.h,v 1.9 2005/03/28 14:01:14 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_OS_H
-#define APACHE_OS_H
-
-#include "ap_config.h"
-
-#ifndef PLATFORM
-#define PLATFORM "Unix"
-#endif
-
-/*
- * This file in included in all Apache source code. It contains definitions
- * of facilities available on _this_ operating system (HAVE_* macros),
- * and prototypes of OS specific functions defined in os.c or os-inline.c
- */
-
-#if !defined(INLINE) && defined(USE_GNU_INLINE)
-/* Compiler supports inline, so include the inlineable functions as
- * part of the header
- */
-#define INLINE extern ap_inline
-
-INLINE int ap_os_is_path_absolute(const char *file);
-
-#include "os-inline.c"
-
-#else
-
-/* Compiler does not support inline, so prototype the inlineable functions
- * as normal
- */
-extern int ap_os_is_path_absolute(const char *file);
-#endif
-
-/* Other ap_os_ routines not used by this platform */
-
-#define ap_os_is_filename_valid(f)          (1)
-#define ap_os_kill(pid, sig)                kill(pid, sig)
-
-/*
- *  Abstraction layer for loading
- *  Apache modules under run-time via 
- *  dynamic shared object (DSO) mechanism
- */
-
-#include <dlfcn.h>
-
-/* probably on an older system that doesn't support RTLD_NOW or RTLD_LAZY.
- * The below define is a lie since we are really doing RTLD_LAZY since the
- * system doesn't support RTLD_NOW.
- */
-#ifndef RTLD_NOW
-#define RTLD_NOW 1
-#endif
-
-#ifndef RTLD_GLOBAL
-#define RTLD_GLOBAL 0
-#endif
-
-#define     ap_os_dso_handle_t  void *
-void        ap_os_dso_init(void);
-void *      ap_os_dso_load(const char *);
-void        ap_os_dso_unload(void *);
-void *      ap_os_dso_sym(void *, const char *);
-const char *ap_os_dso_error(void);
-
-#endif	/* !APACHE_OS_H */
diff --git a/usr.sbin/httpd/src/support/.indent.pro b/usr.sbin/httpd/src/support/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/support/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/support/Makefile.tmpl b/usr.sbin/httpd/src/support/Makefile.tmpl
deleted file mode 100644
index d145b1db795..00000000000
--- a/usr.sbin/httpd/src/support/Makefile.tmpl
+++ /dev/null
@@ -1,76 +0,0 @@
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) -DUSE_SETUSERCONTEXT
-LIBS=-lm -lap -los $(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS) -L$(OSDIR) -L$(SRCDIR)/ap
-
-TARGETS=htpasswd htdigest rotatelogs logresolve apxs checkgid
-
-OBJS=htpasswd.o htdigest.o rotatelogs.o logresolve.o checkgid.o
-
-.c.o: 
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-all: $(TARGETS)
-
-htpasswd: htpasswd.o
-	$(CC) $(CFLAGS) -o htpasswd $(LDFLAGS) htpasswd.o $(LIBS)
-
-htdigest: htdigest.o
-	$(CC) $(CFLAGS) -o htdigest $(LDFLAGS) htdigest.o $(LIBS)
-
-rotatelogs: rotatelogs.o
-	$(CC) $(CFLAGS) -o rotatelogs $(LDFLAGS) rotatelogs.o $(LIBS)
-
-logresolve: logresolve.o
-	$(CC) $(CFLAGS) -o logresolve $(LDFLAGS) logresolve.o $(LIBS)
-
-checkgid: checkgid.o
-	$(CC) $(CFLAGS) -o checkgid $(LDFLAGS) checkgid.o $(LIBS)
-
-apxs: apxs.pl Makefile
-	sed <apxs.pl >apxs \
-	    -e 's%@TARGET@%$(TARGET)%g' \
-	    -e 's%@CC@%$(CC)%g' \
-	    -e 's%@CFLAGS@%$(CFLAGS)%g' \
-	    -e 's%@CFLAGS_SHLIB@%$(CFLAGS_SHLIB)%g' \
-	    -e 's%@LD_SHLIB@%$(LD_SHLIB)%g' \
-	    -e 's%@LDFLAGS_MOD_SHLIB@%$(LDFLAGS_MOD_SHLIB)%g' \
-	    -e 's%@LIBS_SHLIB@%$(LIBS_SHLIB)%g' && chmod a+x apxs
-
-suexec: suexec.o
-	$(CC) $(CFLAGS) -o suexec $(LDFLAGS) suexec.o $(LIBS)
-
-clean:
-	rm -f $(TARGETS) *.o
-
-distclean: clean
-	-rm -f Makefile
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-#Dependencies
-
-$(OBJS): Makefile
-
-# DO NOT REMOVE
-htdigest.o: htdigest.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_md5.h
-htpasswd.o: htpasswd.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h
-logresolve.o: logresolve.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h
-rotatelogs.o: rotatelogs.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h
-suexec.o: suexec.c $(INCDIR)/ap_config.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h suexec.h
diff --git a/usr.sbin/httpd/src/support/README b/usr.sbin/httpd/src/support/README
deleted file mode 100644
index eb93fff03a4..00000000000
--- a/usr.sbin/httpd/src/support/README
+++ /dev/null
@@ -1,72 +0,0 @@
-Support files:
-
-ab
-	ABuse your server with this benchmarker. Rudimentary
-	command line testing tool.
-
-	To compile with SSL support; specify the compile
-	time flag 'USE_SSL'. E.g. during configure do:
-	
-	CFLAGS="-I/usr/local/ssl/include -DUSE_SSL " \
-		LIBS="-L/usr/local/ssl/lib -lssl -lcrypt" 
-		./configure ...
-
-	SSL support is even more rudimentary and experimental
-	than ab itself :-).
-
-apachectl
-	Apache run-time Control script. To facilitate the
-	administrator and/or your rc.d scripts to control the 
-	functioning of the Apache httpd daemon.
-
-apxs
-	APache eXtenSion tool. Eases building and installing
-	DSO style modules.
-
-dbmmanage
-	Create and update user authentication files in the faster
-	DBM format used by mod_auth_db.
-
-htdigest
-	Create and update user authentication files used in
-	DIGEST authentification. See mod_auth_digest.
-
-htpasswd 
-	Create and update user authentication files used in
-	BASIC authentification. I.e. the htpasswd files.
-	See mod_auth.
-
-httpd.8
-	General apache man page.
-
-log_server_status
-	This script is designed to be run at a frequent interval by something
-	like cron.  It connects to the server and downloads the status
-	information.  It reformats the information to a single line and logs
-	it to a file. 
-
-logresolve
-	resolve hostnames for IP-addresses in Apache logfiles
-
-phf_abuse_log.cgi
-	This script can be used to detect people trying to abuse an ancient
-	and long plugged security hole which existed in a CGI script distributed
-	with Apache 1.0.3 and earlier versions.
-
-rotatelogs
-	rotate Apache logs without having to kill the server.
-
-split-logfile
-	This script will take a combined virtual hosts access
-	log file and break its contents into separate files.
-
-suexec
-	Switch User For Exec. Used internally by apache, 
-        see  the  document  `Apache  suEXEC  Support'
-	under http://www.apache.org/docs/suexec.html .
-
-SHA1
-	This directory includes some utilities to allow Apache 1.3.6 to 
-	recognize passwords in SHA1 format, as used by Netscape web 
-	servers. It is not installed by default.
-
diff --git a/usr.sbin/httpd/src/support/SHA1/README.sha1 b/usr.sbin/httpd/src/support/SHA1/README.sha1
deleted file mode 100644
index 3998e1fdd91..00000000000
--- a/usr.sbin/httpd/src/support/SHA1/README.sha1
+++ /dev/null
@@ -1,34 +0,0 @@
-This directory includes some utilities to allow Apache 1.3.6 to 
-recognize passwords in SHA1 format, as used by Netscape web servers.  
-
-From Netscape's admin interface, export the password database to an 
-ldif file and then use convert.pl in this distribution to generate 
-apache style password files.  
-
-Note: SHA1 support is useful for migration purposes, but is less
-      secure than Apache's password format, since Apache's (MD5)
-      password format uses a random eight character salt to generate
-      one of many possible hashes for the same password.  Netscape
-      uses plain SHA1 without a salt, so the same password
-      will always generate the same hash, making it easier
-      to break since the search space is smaller.
-
-This code was contributed by Clinton Wong <clintdw@netcom.com>.
-
-README.sha1 
-	this file
-
-convert-sha1.pl 
-	takes an ldif dump from Netscape's web server on
-        standard in, outputs apache htpasswd format on standard out.
-
-        Usage: convert.pl < ldif > passwords
-
-htpasswd-sha1.pl
-	perl script to generate entries in apache htpasswd format.
-
-       	Usage: htpasswd-sha1.pl some_user some_password
-
-ldif-sha1.example
-	sample ldif dump with one sha1 password and one crypt password.
-
diff --git a/usr.sbin/httpd/src/support/SHA1/convert-sha1.pl b/usr.sbin/httpd/src/support/SHA1/convert-sha1.pl
deleted file mode 100644
index 35228022a08..00000000000
--- a/usr.sbin/httpd/src/support/SHA1/convert-sha1.pl
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/perl -w
-use strict;
-
-# This is public domain code.  Do whatever you want with it.
-# It was originally included in Clinton Wong's Apache 1.3.6 SHA1/ldif
-# patch distribution as sample code for converting accounts from
-# ldif format (as used by Netscape web servers) to Apache password format.
-
-my $uid='';
-my $passwd='';
-
-while (my $line = <>) {
-  chomp $line;
-  if ( $line =~ /uid:\s*(.+)/) { $uid = $1 }
-  if ( $line =~ /userpassword:\s*(\{\w+\}.+)/) {
-    $passwd = $1;
-    $passwd =~ s/^\{crypt\}//i;  # Apache stores crypt without a magic string
-  }
-
-  if (length($line)==0) {
-
-    if (length $uid and length $passwd) {
-      print $uid, ':', $passwd, "\n";
-    } # output if we have something to print
-
-    $uid = '';
-    $passwd = '';
-
-  } # if newline
-} # while something to read
-
-# handle last entry if there isn't a newline before EOF
-    if (length $uid and length $passwd) {
-  print $uid, ':', $passwd, "\n";
-}
-
diff --git a/usr.sbin/httpd/src/support/SHA1/htpasswd-sha1.pl b/usr.sbin/httpd/src/support/SHA1/htpasswd-sha1.pl
deleted file mode 100644
index ad624d1101f..00000000000
--- a/usr.sbin/httpd/src/support/SHA1/htpasswd-sha1.pl
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/perl -w
-use strict;
-#
-# Utility which takes a username and password
-# on the command line and generates a username
-# sha1-encrytped password on the stdout.
-# 
-# Typical useage:
-# 	./htpasswd-sha1.pl dirkx MySecret >> sha1-passwd
-#
-# This is public domain code.  Do whatever you want with it.
-# It was originally included in Clinton Wong's Apache 1.3.6 SHA1/ldif
-# patch distribution as sample code for generating entries for
-# Apache password files using SHA1.
-
-use MIME::Base64;  # http://www.cpan.org/modules/by-module/MIME/
-use Digest::SHA1;  # http://www.cpan.org/modules/by-module/MD5/
-
-if ($#ARGV!=1) { die "Usage $0: user password\n" }
-
-print $ARGV[0], ':{SHA}', encode_base64( Digest::SHA1::sha1($ARGV[1]) );
-
diff --git a/usr.sbin/httpd/src/support/SHA1/ldif-sha1.example b/usr.sbin/httpd/src/support/SHA1/ldif-sha1.example
deleted file mode 100644
index b8fe917eaf3..00000000000
--- a/usr.sbin/httpd/src/support/SHA1/ldif-sha1.example
+++ /dev/null
@@ -1,19 +0,0 @@
-dn: cn=someuser
-cn: someuser
-sn: someuser
-objectclass: top
-objectclass: person
-objectclass: organizationalPerson
-objectclass: inetOrgPerson
-uid: someuser
-userpassword: {SHA}GvF+c3IdvgxAARuC7Uuxp9vjzik=
-
-dn: cn=anotheruser
-cn: anotheruser
-sn: anotheruser
-objectclass: top
-objectclass: person
-objectclass: organizationalPerson
-objectclass: inetOrgPerson
-uid: anotheruser
-userpassword: {crypt}eFnp.4sz5XnH6
diff --git a/usr.sbin/httpd/src/support/apachectl b/usr.sbin/httpd/src/support/apachectl
deleted file mode 100644
index bb36fea20ab..00000000000
--- a/usr.sbin/httpd/src/support/apachectl
+++ /dev/null
@@ -1,253 +0,0 @@
-#!/bin/sh
-#
-# Apache control script designed to allow an easy command line interface
-# to controlling Apache.  Written by Marc Slemko, 1997/08/23
-# 
-# The exit codes returned are:
-#	0 - operation completed successfully
-#	1 - 
-#	2 - usage error
-#	3 - httpd could not be started
-#	4 - httpd could not be stopped
-#	5 - httpd could not be started during a restart
-#	6 - httpd could not be restarted during a restart
-#	7 - httpd could not be restarted during a graceful restart
-#	8 - configuration syntax error
-#
-# When multiple arguments are given, only the error from the _last_
-# one is reported.  Run "apachectl help" for usage info
-#
-#
-# |||||||||||||||||||| START CONFIGURATION SECTION  ||||||||||||||||||||
-# --------------------                              --------------------
-# 
-# the path to your PID file
-PIDFILE=/usr/local/apache/logs/httpd.pid
-#
-# the path to your httpd binary, including options if necessary
-HTTPD='/usr/local/apache/src/httpd'
-#
-# a command that outputs a formatted text version of the HTML at the
-# url given on the command line.  Designed for lynx, however other
-# programs may work.  
-LYNX="lynx -dump"
-#
-# the URL to your server's mod_status status page.  If you do not
-# have one, then status and fullstatus will not work.
-STATUSURL="http://localhost/server-status"
-#
-# --------------------                              --------------------
-# ||||||||||||||||||||   END CONFIGURATION SECTION  ||||||||||||||||||||
-
-ERROR=0
-ARGV="$@"
-if [ "x$ARGV" = "x" ] ; then 
-    ARGS="help"
-fi
-
-RCFLAGS=""
-. /etc/rc.conf
-if [ "X${httpd_flags}" != X"NO"  ]; then
-	RCFLAGS="${httpd_flags}"
-fi
-
-for ARG in $@ $ARGS
-do
-    # check for pidfile
-    if [ -f $PIDFILE ] ; then
-	PID=`cat $PIDFILE`
-	if [ "x$PID" != "x" ] && kill -0 $PID 2>/dev/null ; then
-	    STATUS="httpd (pid $PID) running"
-	    RUNNING=1
-	else
-	    STATUS="httpd (pid $PID?) not running"
-	    RUNNING=0
-	fi
-    else
-	STATUS="httpd (no pid file) not running"
-	RUNNING=0
-    fi
-
-    case $ARG in
-    start)
-	if [ $RUNNING -eq 1 ]; then
-	    echo "$0 $ARG: httpd (pid $PID) already running"
-	    continue
-	fi
-	if $HTTPD $RCFLAGS ; then
-	    echo "$0 $ARG: httpd started"
-	else
-	    echo "$0 $ARG: httpd could not be started"
-	    ERROR=3
-	fi
-	;;
-    startssl|sslstart|start-SSL)
-	if [ $RUNNING -eq 1 ]; then
-	    echo "$0 $ARG: httpd (pid $PID) already running"
-	    continue
-	fi
-	if $HTTPD $RCFLAGS -DSSL; then
-	    echo "$0 $ARG: httpd started"
-	else
-	    echo "$0 $ARG: httpd could not be started"
-	    ERROR=3
-	fi
-	;;
-    stop)
-	if [ $RUNNING -eq 0 ]; then
-	    echo "$0 $ARG: $STATUS"
-	    continue
-	fi
-	if kill $PID ; then
-	    echo "$0 $ARG: httpd stopped"
-	else
-	    echo "$0 $ARG: httpd could not be stopped"
-	    ERROR=4
-	fi
-	;;
-    restart)
-	if [ $RUNNING -eq 0 ]; then
-	    echo "$0 $ARG: httpd not running, trying to start"
-	    if $HTTPD $RCFLAGS; then
-		echo "$0 $ARG: httpd started"
-	    else
-		echo "$0 $ARG: httpd could not be started"
-		ERROR=5
-	    fi
-	else
-	    if $HTTPD $RCFLAGS -t >/dev/null 2>&1; then
-		if kill -HUP $PID ; then
-		    echo "$0 $ARG: httpd restarted"
-		else
-		    echo "$0 $ARG: httpd could not be restarted"
-		    ERROR=6
-		fi
-	    else
-		echo "$0 $ARG: configuration broken, ignoring restart"
-		echo "$0 $ARG: (run 'apachectl configtest' for details)"
-		ERROR=6
-	    fi
-	fi
-	;;
-    graceful)
-	if [ $RUNNING -eq 0 ]; then
-	    echo "$0 $ARG: httpd not running, trying to start"
-	    if $HTTPD $RCFLAGS; then
-		echo "$0 $ARG: httpd started"
-	    else
-		echo "$0 $ARG: httpd could not be started"
-		ERROR=5
-	    fi
-	else
-	    if $HTTPD $RCFLAGS -t >/dev/null 2>&1; then
-		if kill -USR1 $PID ; then
-		    echo "$0 $ARG: httpd gracefully restarted"
-		else
-		    echo "$0 $ARG: httpd could not be restarted"
-		    ERROR=7
-		fi
-	    else
-		echo "$0 $ARG: configuration broken, ignoring restart"
-		echo "$0 $ARG: (run 'apachectl configtest' for details)"
-		ERROR=7
-	    fi
-	fi
-	;;
-    status)
-	$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
-	;;
-    fullstatus)
-	$LYNX $STATUSURL
-	;;
-    configtest)
-	if $HTTPD $RCFLAGS -t; then
-	    :
-	else
-	    ERROR=8
-	fi
-	;;
-    *)
-	BNAME=`basename $0`
-	echo "usage: $BNAME [ start | startssl | stop | restart | graceful | "
-	echo "                   status | fullstatus | configtest | help ]"
-	cat <<EOF
-
-start      - start httpd
-startssl   - start httpd with SSL enabled
-stop       - stop httpd
-restart    - restart httpd if running by sending a SIGHUP or start if 
-             not running
-graceful   - do a graceful restart by sending a SIGUSR1 or start if not running
-status     - dump a short status screen; requires lynx and mod_status enabled
-fullstatus - dump a full status screen; requires lynx and mod_status enabled
-configtest - do a configuration syntax test
-help       - this screen
-
-EOF
-	ERROR=2
-    ;;
-
-    esac
-
-done
-
-exit $ERROR
-
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-# 
diff --git a/usr.sbin/httpd/src/support/apachectl.8 b/usr.sbin/httpd/src/support/apachectl.8
deleted file mode 100644
index 3982af777af..00000000000
--- a/usr.sbin/httpd/src/support/apachectl.8
+++ /dev/null
@@ -1,185 +0,0 @@
-.\"	$OpenBSD: apachectl.8,v 1.10 2010/09/03 11:22:36 jmc Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" <http://www.apache.org/>.
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: September 3 2010 $
-.Dt APACHECTL 8
-.Os
-.Sh NAME
-.Nm apachectl
-.Nd Apache HTTP server control interface
-.Sh SYNOPSIS
-.Nm
-.Ar command
-.Op Ar ...
-.Sh DESCRIPTION
-.Nm
-is a front end to the Apache HyperText Transfer Protocol (HTTP) server.
-It is designed to help the administrator control the
-functioning of the Apache
-.Xr httpd 8
-daemon.
-.Pp
-.Ar command
-can be any one or more of the following options:
-.Bl -tag -width "configtestXX"
-.It Ic configtest
-Run a configuration file syntax test.
-It parses the configuration files and either reports
-.Dq Syntax OK
-or detailed information about the particular syntax error.
-.It Ic fullstatus
-Display a full status report from
-.Dq mod_status .
-For this to work, you need to have mod_status enabled on your server
-and a text-based browser such as
-.Xr lynx 1
-available on your system.
-The URL used to access the status report can be set by editing the
-.Dv STATUSURL
-variable in the
-.Nm
-script.
-.It Ic graceful
-Gracefully restart
-.Xr httpd 8
-by sending it a
-.Dv SIGUSR1 .
-If the daemon is not running, it is started.
-This differs from a normal restart
-in that currently open connections are not aborted.
-A side effect is that old log files will not be closed immediately.
-This means that if used in a log rotation script,
-a substantial delay may be necessary to ensure that
-the old log files are closed before processing them.
-This command automatically checks the configuration files via
-.Ic configtest
-before initiating the restart to make sure httpd doesn't die.
-.It Ic help
-Display a short help message.
-.It Ic restart
-Restart
-.Xr httpd 8
-by sending it a
-.Dv SIGHUP .
-If the daemon is not running, it is started.
-This command automatically checks the configuration files via
-.Ic configtest
-before initiating the restart to make sure
-.Xr httpd 8
-doesn't die.
-If httpd runs chrooted
-(default in
-.Ox )
-and 3rd party modules are loaded,
-restart may fail due to path inconsistency.
-Completely stop and start the daemon instead.
-.It Ic start
-Start
-.Xr httpd 8 .
-If the daemon is already running,
-a warning is given and no action is taken.
-.It Ic startssl
-Start
-.Xr httpd 8
-with SSL enabled;
-see
-.Xr ssl 8
-for more information.
-If the daemon is already running,
-a warning is given and no action is taken.
-.It Ic status
-Display a brief status report.
-Similar to the
-.Ic fullstatus
-option,
-except that the list of requests currently being served is omitted.
-.It Ic stop
-Stop
-.Xr httpd 8 .
-.El
-.Sh EXIT STATUS
-The exit codes returned are:
-.Pp
-.Bl -tag -width "XXX" -offset indent -compact
-.It 0
-operation completed successfully
-.It 2
-usage error
-.It 3
-httpd could not be started
-.It 4
-httpd could not be stopped
-.It 5
-httpd could not be started during a restart
-.It 6
-httpd could not be restarted during a restart
-.It 7
-httpd could not be restarted during a graceful restart
-.It 8
-configuration syntax error
-.El
-.Pp
-When multiple arguments are given,
-only the error from the last one is reported.
-.Sh SEE ALSO
-.Xr httpd 8 ,
-.Xr ssl 8
-.Pp
-Full documentation for httpd can be found at
-.Pa /usr/share/doc/html/httpd/ .
diff --git a/usr.sbin/httpd/src/support/apxs.8 b/usr.sbin/httpd/src/support/apxs.8
deleted file mode 100644
index 6d44192dfdb..00000000000
--- a/usr.sbin/httpd/src/support/apxs.8
+++ /dev/null
@@ -1,433 +0,0 @@
-.\"	$OpenBSD: apxs.8,v 1.15 2007/05/31 19:20:24 jmc Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" <http://www.apache.org/>.
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: May 31 2007 $
-.Dt APXS 8
-.Os
-.Sh NAME
-.Nm apxs
-.Nd APache eXtenSion tool
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Fl c
-.Xo
-.Oo Fl D
-.Ar variable Ns Oo = Ns Ar value Oc Oc
-.Xc
-.Op Fl I Ar incdir
-.Op Fl L Ar libdir
-.Op Fl l Ar libname
-.No \ \&\ \& Op Fl o Ar dsofile
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Op Fl Wc , Ns Ar compiler-flags
-.No \ \&\ \& Op Fl Wl , Ns Ar linker-flags
-.Ar file ...
-.Ek
-.Nm
-.Fl e
-.Op Fl Aa
-.Op Fl n Ar name
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Ar dsofile ...
-.Nm
-.Fl g
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Fl n Ar name
-.Nm
-.Fl i
-.Op Fl Aa
-.Op Fl n Ar name
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Ar dsofile ...
-.Nm
-.Fl q
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Ar query ...
-.Sh DESCRIPTION
-.Nm
-is a tool for building and installing extension modules for the
-Apache HyperText Transfer Protocol (HTTP) server,
-.Xr httpd 8 .
-This is achieved by building a
-Dynamic Shared Object (DSO)
-from one or more source or object files
-which can then be loaded into httpd at runtime via the
-.Ic LoadModule
-directive from
-.Ic mod_so .
-To use this extension mechanism,
-your platform has to support the DSO feature
-and the httpd binary has to be built with the
-.Ic mod_so
-module.
-The
-.Nm
-tool automatically complains if this is not the case.
-Check by manually running the following command:
-.Pp
-.Dl $ httpd -l
-.Pp
-The module
-.Ic mod_so
-should be part of the displayed list.
-If these requirements are fulfilled,
-httpd's functionality can be extended by
-installing modules with the DSO mechanism,
-with the help of the
-.Nm
-tool:
-.Bd -literal -offset indent
-# apxs -i -a -c mod_foo.c
-cc -O2 -pipe -DDEV_RANDOM=/dev/arandom -DMOD_SSL=208116 -DEAPI -DUSE_EXPAT -I../lib/expat-lite -DUSE_SETUSERCONTEXT -fPIC -DSHARED_MODULE -I/usr/lib/apache/include  -c mod_foo.c
-[activating module `foo' in /var/www/conf/httpd.conf]
-cp mod_foo.so /usr/lib/apache/modules/mod_foo.so
-chmod 755 /usr/lib/apache/modules/mod_foo.so
-cp /var/www/conf/httpd.conf /var/www/conf/httpd.conf.bak
-cp /var/www/conf/httpd.conf.new /var/www/conf/httpd.conf
-rm /var/www/conf/httpd.conf.new
-# apachectl restart
-/usr/sbin/apachectl restart: httpd not running, trying to start
-/usr/sbin/apachectl restart: httpd started
-.Ed
-.Pp
-The argument
-.Ar file
-can be any C source file (.c),
-an object file (.o),
-or even a library archive (.a).
-The
-.Nm
-tool automatically recognizes these extensions and automatically uses the C
-source files for compilation,
-whereas it just uses the object and archive files for the linking phase.
-But when using such pre-compiled objects,
-make sure they are compiled for Position Independent Code (PIC)
-to be able to use them for a DSO.
-For instance, with
-.Xr cc 1
-just use
-.Fl fpic .
-For other
-C compilers, please consult their manual pages or watch for the flags
-.Nm
-uses to compile the object files.
-.Pp
-For more details about DSO support in Apache,
-first read the background information about DSO in
-.Pa htdocs/manual/dso.html ,
-then read the documentation of
-.Ic mod_so .
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl A
-Same as the
-.Fl a
-option but the created
-.Ic LoadModule
-directive is prefixed with a hash sign (#),
-i.e. the module is just prepared for later activation but initially disabled.
-.It Fl a
-This activates the module by automatically adding a corresponding
-.Ic LoadModule
-line to Apache's httpd.conf configuration file,
-or by enabling it if it already exists.
-.It Fl c
-Compile.
-This option first compiles the C source files (.c) of
-.Ar file ...\&
-into corresponding object files (.o) and then builds a DSO in
-.Ar dsofile
-by linking these object files plus the remaining object files (.o and .a) of
-.Ar file ...
-If no
-.Fl o
-option is specified,
-the output file is guessed from the first filename in
-.Ar file ...\&
-and thus usually defaults to
-.No mod_ Ns Ar name Ns \&.so
-.It Xo
-.Fl D
-.Ar variable Ns Op = Ns Ar value
-.Xc
-This option is directly passed through to the compilation command(s).
-Use this to add your own defines to the build process.
-.It Fl e
-Edit.
-This option can be used with the
-.Fl a
-and
-.Fl A
-options to edit the
-configuration file,
-.Pa /var/www/conf/httpd.conf ,
-without attempting to install the module.
-.It Fl g
-Template generation.
-This option generates a subdirectory
-.Ar name
-(see the
-.Fl n
-option)
-and two files:
-a sample module source file named
-.No mod_ Ns Ar name Ns \&.c ,
-which can be used as a template for creating your own modules or
-as a quick start for playing with the
-.Nm
-mechanism,
-and a corresponding
-.Pa Makefile
-for even easier building and installing of this module.
-.It Fl I Ar incdir
-This option is directly passed through to the compilation command(s).
-Use this to add your own include directories to search to the build process.
-.It Fl i
-Install.
-This option installs one or more DSOs into the server's
-.Ar libexec
-directory.
-.It Fl L Ar libdir
-This option is directly passed through to the linker command.
-Use this to add your own library directories to search to the build process.
-.It Fl l Ar libname
-This option is directly passed through to the linker command.
-Use this to add your own libraries to search to the build process.
-.It Fl n Ar name
-This explicitly sets the module name for the
-.Fl i
-(install)
-and
-.Fl g
-(template generation) option.
-Use this to explicitly specify the module name.
-For option
-.Fl g
-this is required;
-for option
-.Fl i ,
-.Nm
-tries to determine the name from the source or (as a fallback) at least
-by guessing it from the filename.
-.It Fl o Ar dsofile
-Explicitly specifies the filename of the created DSO file.
-If not specified and the name cannot be guessed from the
-.Ar file ...\&
-list,
-the fallback name
-.Ar mod_unknown.so
-is used.
-.It Fl q
-Query.
-This option performs a query for
-.Nm apxs Ns 's
-knowledge about certain settings.
-The
-.Ar query
-parameters can be one or more of the following variable names:
-.Bd -literal -offset indent
-CC              TARGET
-CFLAGS          SBINDIR
-CFLAGS_SHLIB    INCLUDEDIR
-LD_SHLIB        LIBEXECDIR
-LDFLAGS_SHLIB   SYSCONFDIR
-LIBS_SHLIB      PREFIX
-.Ed
-.Pp
-Use this for manually determining settings.
-For instance,
-use the following inside your own Makefiles if you need manual access
-to Apache's C header files:
-.Pp
-.Dl INC=-I`apxs -q INCLUDEDIR`
-.It Fl S Ar variable Ns = Ns Ar value
-This option changes the
-.Nm
-settings described above.
-.It Fl Wc , Ns Ar compiler-flags
-This option passes
-.Ar compiler-flags
-as additional flags to the compiler command.
-Use this to add local compiler-specific options.
-This option may be specified multiple times
-in order to pass multiple flags.
-.It Fl Wl , Ns Ar linker-flags
-This option passes
-.Ar linker-flags
-as additional flags to the linker command.
-Use this to add local linker-specific options.
-This option may be specified multiple times
-in order to pass multiple flags.
-.El
-.Sh EXAMPLES
-Assume you have a module named
-.Dq mod_foo.c
-available which should extend httpd's functionality.
-To accomplish this,
-first compile the C source into a DSO
-suitable for loading into httpd at runtime via the following command:
-.Bd -literal -offset indent
-# apxs -c mod_foo.c
-cc -O2 -pipe -DDEV_RANDOM=/dev/arandom -DMOD_SSL=208116 -DEAPI -DUSE_EXPAT -I../lib/expat-lite -DUSE_SETUSERCONTEXT -fPIC -DSHARED_MODULE -I/usr/lib/apache/include  -c mod_foo.c
-cc -shared -fPIC -DSHARED_MODULE -o mod_foo.so mod_foo.o
-.Ed
-.Pp
-Then a
-.Ic LoadModule
-directive has to be added to httpd's configuration file to load the DSO.
-To simplify this step,
-.Nm
-provides an automatic way to install the DSO in the
-.Dq libexec
-directory and update the httpd.conf file accordingly.
-This can be achieved by running the following:
-.Bd -literal -offset indent
-$ apxs -i -a mod_foo.so
-[activating module `foo' in /var/www/conf/httpd.conf]
-cp mod_foo.so /usr/lib/apache/modules/mod_foo.so
-chmod 755 /usr/lib/apache/modules/mod_foo.so
-cp /var/www/conf/httpd.conf /var/www/conf/httpd.conf.bak
-cp /var/www/conf/httpd.conf.new /var/www/conf/httpd.conf
-rm /var/www/conf/httpd.conf.new
-.Ed
-.Pp
-This way a line such as the following
-is added to the configuration file:
-.Pp
-.Dl LoadModule foo_module /usr/lib/apache/modules/mod_foo.so
-.Pp
-If you want the module added to the configuration file
-without it being enabled,
-use the
-.Fl A
-option instead:
-.Pp
-.Dl $ apxs -i -A mod_foo.so
-.Pp
-For a quick test of the
-.Nm
-mechanism,
-create a sample module template plus a corresponding
-.Ar Makefile
-via:
-.Bd -literal -offset indent
-# apxs -g -n foo
-Creating [DIR]  foo
-Creating [FILE] foo/Makefile
-Creating [FILE] foo/mod_foo.c
-.Ed
-.Pp
-The sample module can then be immediately compiled into a DSO
-and loaded into the httpd server:
-.Bd -literal -offset indent
-$ cd foo
-$ make all reload
-apxs -c    mod_foo.c
-cc -O2 -pipe -DDEV_RANDOM=/dev/arandom -DMOD_SSL=208116 -DEAPI -DUSE_EXPAT -I../lib/expat-lite -DUSE_SETUSERCONTEXT -fPIC -DSHARED_MODULE -I/usr/lib/apache/include  -c mod_foo.c
-cc -shared -fPIC -DSHARED_MODULE -o mod_foo.so mod_foo.o
-apxs -i -a -n 'foo' mod_foo.so
-[activating module `foo' in /var/www/conf/httpd.conf]
-cp mod_foo.so /usr/lib/apache/modules/mod_foo.so
-chmod 755 /usr/lib/apache/modules/mod_foo.so
-cp /var/www/conf/httpd.conf /var/www/conf/httpd.conf.bak
-cp /var/www/conf/httpd.conf.new /var/www/conf/httpd.conf
-rm /var/www/conf/httpd.conf.new
-apachectl restart
-/usr/sbin/apachectl restart: httpd not running, trying to start
-/usr/sbin/apachectl restart: httpd started
-.Ed
-.Pp
-.Nm
-can even be used to compile complex modules
-outside the httpd source tree,
-like PHP3,
-because
-.Nm
-automatically recognizes C source files and object files.
-.Bd -literal -offset indent
-$ cd php3
-$ ./configure --with-shared-apache=../apache-1.3
-$ apxs -c -o libphp3.so mod_php3.c libmodphp3-so.a
-gcc -fpic -DSHARED_MODULE -I/tmp/apache/include  -c mod_php3.c
-ld -Bshareable -o libphp3.so mod_php3.o libmodphp3-so.a
-.Ed
-.Pp
-Only C source files are compiled,
-while remaining object files are used for the linking phase.
-.Sh SEE ALSO
-.Xr cc 1 ,
-.Xr apachectl 8 ,
-.Xr httpd 8
diff --git a/usr.sbin/httpd/src/support/apxs.pl b/usr.sbin/httpd/src/support/apxs.pl
deleted file mode 100644
index 6bafb0a24d5..00000000000
--- a/usr.sbin/httpd/src/support/apxs.pl
+++ /dev/null
@@ -1,805 +0,0 @@
-#!/usr/local/bin/perl
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-##
-
-##
-##  apxs -- APache eXtenSion tool
-##  Written by Ralf S. Engelschall <rse@apache.org>
-##
-
-require 5.003;
-use strict;
-package apxs;
-
-##
-##  Configuration
-##
-
-my $CFG_TARGET        = q(@TARGET@);            # substituted via Makefile.tmpl 
-my $CFG_CC            = q(@CC@);                # substituted via Makefile.tmpl
-my $CFG_CFLAGS        = q(@CFLAGS@);            # substituted via Makefile.tmpl
-my $CFG_CFLAGS_SHLIB  = q(@CFLAGS_SHLIB@);      # substituted via Makefile.tmpl
-my $CFG_LD_SHLIB      = q(@LD_SHLIB@);          # substituted via Makefile.tmpl
-my $CFG_LDFLAGS_SHLIB = q(@LDFLAGS_MOD_SHLIB@); # substituted via Makefile.tmpl 
-my $CFG_LIBS_SHLIB    = q(@LIBS_SHLIB@);        # substituted via Makefile.tmpl 
-my $CFG_PREFIX        = q(@prefix@);            # substituted via APACI install
-my $CFG_SBINDIR       = q(@sbindir@);           # substituted via APACI install
-my $CFG_INCLUDEDIR    = q(@includedir@);        # substituted via APACI install
-my $CFG_LIBEXECDIR    = q(@libexecdir@);        # substituted via APACI install
-my $CFG_SYSCONFDIR    = q(@sysconfdir@);        # substituted via APACI install
-
-##
-##  Cleanup the above stuff
-##
-$CFG_CFLAGS =~ s|^\s+||;
-$CFG_CFLAGS =~ s|\s+$||;
-$CFG_CFLAGS =~ s|\s+`.+apaci`||;
-
-##
-##  parse argument line
-##
-
-#   defaults for parameters
-my $opt_n = '';
-my $opt_g = '';
-my $opt_c = 0;
-my $opt_o = '';
-my @opt_D = ();
-my @opt_I = ();
-my @opt_L = ();
-my @opt_l = ();
-my @opt_W = ();
-my @opt_S = ();
-my $opt_e = 0;
-my $opt_i = 0;
-my $opt_a = 0;
-my $opt_A = 0;
-my $opt_q = 0;
-
-#   default for DSO file extension 
-my $dso_ext = "so";
-if ($^O eq "cygwin") {
-    $dso_ext = "dll";
-}
-
-#   this subroutine is derived from Perl's getopts.pl with the enhancement of
-#   the "+" metacharater at the format string to allow a list to be build by
-#   subsequent occurance of the same option.
-sub Getopts {
-    my ($argumentative, @ARGV) = @_;
-    my (@args, $first, $rest, $pos);
-    my ($errs) = 0;
-    local ($_);
-
-    @args = split( / */, $argumentative);
-    while(@ARGV && ($_ = $ARGV[0]) =~ /^-(.)(.*)/) {
-        ($first, $rest) = ($1,$2);
-        if ($_ =~ m|^--$|) {
-            shift(@ARGV);
-            last;
-        }
-        $pos = index($argumentative,$first);
-        if ($pos >= $[) {
-            if ($args[$pos+1] eq ':') {
-                shift(@ARGV);
-                if ($rest eq '') {
-                    unless (@ARGV) {
-                        print STDERR "apxs:Error: Incomplete option: $first (needs an argument)\n";
-                        ++$errs;
-                    }
-                    $rest = shift(@ARGV);
-                }
-                eval "\$opt_$first = \$rest;";
-            }
-            elsif ($args[$pos+1] eq '+') {
-                shift(@ARGV);
-                if ($rest eq '') {
-                    unless (@ARGV) {
-                        print STDERR "apxs:Error: Incomplete option: $first (needs an argument)\n";
-                        ++$errs;
-                    }
-                    $rest = shift(@ARGV);
-                }
-                eval "push(\@opt_$first, \$rest);";
-            }
-            else {
-                eval "\$opt_$first = 1";
-                if ($rest eq '') {
-                    shift(@ARGV);
-                }
-                else {
-                    $ARGV[0] = "-$rest";
-                }
-            }
-        }
-        else {
-            print STDERR "apxs:Error: Unknown option: $first\n";
-            ++$errs;
-            if ($rest ne '') {
-                $ARGV[0] = "-$rest";
-            }
-            else {
-                shift(@ARGV);
-            }
-        }
-    }
-    return ($errs == 0, @ARGV);
-}
-
-sub usage {
-    print STDERR "Usage: apxs -c [-D variable[=value]] [-I incdir] [-L libdir] [-l libname]\n";
-    print STDERR "               [-o dsofile] [-S variable=value] [-Wc,compiler-flags]\n";
-    print STDERR "               [-Wl,linker-flags] file ...\n";
-    print STDERR "       apxs -e [-Aa] [-n name] [-S variable=value] dsofile ...\n";
-    print STDERR "       apxs -g [-S variable=value] -n name\n";
-    print STDERR "       apxs -i [-Aa] [-n name] [-S variable=value] dsofile ...\n";
-    print STDERR "       apxs -q [-S variable=value] query ...\n";
-    exit(1);
-}
-
-#   option handling
-my $rc;
-($rc, @ARGV) = &Getopts("qn:gco:I+D+L+l+W+S+eiaA", @ARGV);
-&usage if ($rc == 0);
-&usage if ($#ARGV == -1 and not $opt_g);
-&usage if (not $opt_q and not ($opt_g and $opt_n) and not $opt_i and not $opt_c and not $opt_e);
-
-#   argument handling
-my @args = @ARGV;
-my $name = 'unknown';
-$name = $opt_n if ($opt_n ne '');
-
-#   overriding of configuration variables
-if (@opt_S) {
-    my ($opt_S);
-    foreach $opt_S (@opt_S) {
-        if ($opt_S =~ m/^([^=]+)=(.*)$/) {
-            my ($var, $val) = ($1, $2);
-            my $oldval = eval "\$CFG_$var";
-            unless ($var and $oldval) {
-                print STDERR "apxs:Error: no config variable $var\n";
-                &usage;
-            }
-	    $val=~s/"/\\"/g;
-            eval "\$CFG_${var}=\"${val}\"";
-        } else {
-            print STDERR "apxs:Error: malformatted -S option\n";
-            &usage;
-        }       
-    }
-}
-
-##
-##  Initial DSO support check
-##
-if ($^O ne "MSWin32") {
-if (not -x "$CFG_SBINDIR/$CFG_TARGET") {
-    print STDERR "apxs:Error: $CFG_SBINDIR/$CFG_TARGET not found or not executable\n";
-    exit(1);
-}
-if (not grep(/mod_so/, `$CFG_SBINDIR/$CFG_TARGET -l`)) {
-    print STDERR "apxs:Error: Sorry, no DSO support for Apache available\n";
-    print STDERR "apxs:Error: under your platform. Make sure the Apache\n";
-    print STDERR "apxs:Error: module mod_so is compiled into your server\n";
-    print STDERR "apxs:Error: binary `$CFG_SBINDIR/$CFG_TARGET'.\n";
-    exit(1);
-}
-}
-
-##
-##  Operation
-##
-
-#   helper function for executing a list of
-#   system command with return code checks
-sub execute_cmds {
-    my (@cmds) = @_;
-    my ($cmd, $rc);
-
-    foreach $cmd (@cmds) {
-        print STDERR "$cmd\n";
-        $rc = system("$cmd");
-        if ($rc != 0) {
-            printf(STDERR "apxs:Break: Command failed with rc=%d\n", $rc >> 8);
-            exit(1);
-        }
-    }
-}
-
-if ($opt_g) {
-    ##
-    ##  SAMPLE MODULE SOURCE GENERATION
-    ##
-
-    if (-d $name) {
-        print STDERR "apxs:Error: Directory `$name' already exists. Remove it first\n";
-        exit(1);
-    }
-
-    my $data = join('', <DATA>);
-    $data =~ s|%NAME%|$name|sg;
-    $data =~ s|%TARGET%|$CFG_TARGET|sg;
-    $data =~ s|%DSO_EXT%|$dso_ext|sg;
-
-    my ($mkf, $src) = ($data =~ m|^(.+)-=#=-\n(.+)|s);
-
-    print STDERR "Creating [DIR]  $name\n";
-    system("mkdir $name");
-    print STDERR "Creating [FILE] $name/Makefile\n";
-    open(FP, ">${name}/Makefile") || die;
-    print FP $mkf;
-    close(FP);
-    print STDERR "Creating [FILE] $name/mod_$name.c\n";
-    open(FP, ">${name}/mod_${name}.c") || die;
-    print FP $src;
-    close(FP);
-
-    exit(0);
-}
-
-if ($opt_q) {
-    ##
-    ##  QUERY INFORMATION 
-    ##
-
-    my $result = '';
-    my $arg;
-    foreach $arg (@args) {
-        my $ok = 0;
-        my $name;
-        foreach $name (qw(
-            TARGET CC CFLAGS CFLAGS_SHLIB LD_SHLIB LDFLAGS_SHLIB LIBS_SHLIB
-            PREFIX SBINDIR INCLUDEDIR LIBEXECDIR SYSCONFDIR
-        )) {
-            if ($arg eq $name or $arg eq lc($name)) {
-                my $val = eval "\$CFG_$name";
-                $result .= "${val}##";
-                $ok = 1;
-            }
-        }
-        if (not $ok) {
-            printf(STDERR "apxs:Error: Invalid query string `%s'\n", $arg);
-            exit(1);
-        }
-    }
-    $result =~ s|##$||;
-    $result =~ s|##| |g;
-    print $result;
-}
-
-if ($opt_c) {
-    ##
-    ##  DSO COMPILATION
-    ##
-
-    #   split files into sources and objects
-    my @srcs = ();
-    my @objs = ();
-    my $f;
-    foreach $f (@args) {
-        if ($f =~ m|\.c$|) {
-            push(@srcs, $f);
-        }
-        else {
-            push(@objs, $f);
-        }
-    }
-
-    #   determine output file
-    my $dso_file;
-    if ($opt_o eq '') {
-        if ($#srcs > -1) {
-            $dso_file = $srcs[0];
-            $dso_file =~ s|\.[^.]+$|.$dso_ext|;
-        }
-        elsif ($#objs > -1) {
-            $dso_file = $objs[0];
-            $dso_file =~ s|\.[^.]+$|.$dso_ext|;
-        }
-        else {
-            $dso_file = "mod_unknown.$dso_ext";
-        }
-    }
-    else {
-        $dso_file = $opt_o;
-    }
-
-    #   create compilation commands
-    my @cmds = ();
-    my $opt = '';
-    my ($opt_Wc, $opt_I, $opt_D);
-    foreach $opt_Wc (@opt_W) {
-        $opt .= "$1 " if ($opt_Wc =~ m|^\s*c,(.*)$|);
-    }
-    foreach $opt_I (@opt_I) {
-        $opt_I = '"' . $opt_I . '"' if ($opt_I =~ m|\s|);
-        $opt .= "-I$opt_I ";
-    }
-    foreach $opt_D (@opt_D) {
-        $opt .= "-D$opt_D ";
-    }
-    my $cflags = "$CFG_CFLAGS $CFG_CFLAGS_SHLIB";
-    if ($^O eq "MSWin32") {
-        my $d = $dso_file;
-        $d =~ s|\.so$||;
-        $d = '"' . $d . '"' if ($d =~ m|\s|);
-        $opt .= "-Fd$d ";
-    }
-    my $s;
-    foreach $s (@srcs) {
-        my $o = $s;
-        $s = '"' . $s . '"' if ($s =~ m|\s|);
-        if ($^O ne "MSWin32") {
-            $o =~ s|\.c$|.o|;
-            $o =~ s|^.*/||;
-            $o = '"' . $o . '"' if ($o =~ m|\s|);
-            push(@cmds, "$CFG_CC $cflags -I$CFG_INCLUDEDIR $opt -c $s");
-        } else {
-            $o =~ s|\.c$|.obj|;
-            $o =~ s|^.*/||;
-            $o = '"' . $o . '"' if ($o =~ m|\s|);
-            push(@cmds, "$CFG_CC $cflags -I\"$CFG_INCLUDEDIR\" $opt -c $s -Fo$o");
-        }
-        unshift(@objs, $o);
-    }
-
-    #   create link command
-    my $cmd;
-    if ($^O ne "MSWin32") {
-        $cmd = "$CFG_LD_SHLIB $CFG_LDFLAGS_SHLIB -o $dso_file";
-    } else {
-        $cmd = "$CFG_LD_SHLIB $CFG_LDFLAGS_SHLIB -out:\"$dso_file\"";
-    }
-    my $o;
-    foreach $o (@objs) {
-        $cmd .= " $o";
-    }
-    $opt = '';
-    my ($opt_Wl, $opt_L, $opt_l);
-    foreach $opt_Wl (@opt_W) {
-        if ($CFG_LD_SHLIB !~ m/gcc$/) {
-            $opt .= " $1" if ($opt_Wl =~ m|^\s*l,(.*)$|);
-        } else {
-            $opt .= " -W$opt_Wl";
-        }
-    }
-    foreach $opt_L (@opt_L) {
-        if ($^O ne "MSWin32") {
-            $opt .= " -L$opt_L";
-        } else {
-            $opt .= " -libpath:\"$opt_L\"";
-        }
-    }
-    foreach $opt_l (@opt_l) {
-        if ($^O ne "MSWin32") {
-            $opt .= " -l$opt_l";
-        } else {
-            $opt .= " $opt_l";
-        }
-    }
-    $cmd .= $opt;
-    $cmd .= " $CFG_LIBS_SHLIB";
-    push(@cmds, $cmd);
-
-    #   execute the commands
-    &execute_cmds(@cmds);
-
-    #   allow one-step compilation and installation
-    if ($opt_i or $opt_e) {
-        @args = ($dso_file);
-    }
-}
-
-if ($opt_i or $opt_e) {
-    ##
-    ##  DSO INSTALLATION
-    ##
-
-    #   determine installation commands
-    #   and corresponding LoadModule/AddModule directives
-    my @lmd = ();
-    my @amd = ();
-    my @cmds = ();
-    my $f;
-    foreach $f (@args) {
-        if ($f !~ m|\.$dso_ext$|) {
-            print STDERR "apxs:Error: file $f is not a DSO\n";
-            exit(1);
-        }
-        my $t = $f;
-        if ($^O ne "MSWin32") {
-            $t =~ s|^.+/([^/]+)$|$1|;
-            if ($opt_i) {
-                push(@cmds, "cp $f $CFG_LIBEXECDIR/$t");
-                push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t");
-            }
-        }
-	else {
-            $t =~ s|^.+[/\\]([^/\\]+)$|$1|;
-            if ($opt_i) {
-                push(@cmds, "copy \"$f\" \"$CFG_LIBEXECDIR/$t\"");
-            }
-        }
-        
-        #   determine module symbolname and filename
-        my $filename = '';
-        if ($name eq 'unknown') {
-            $name = '';
-            my $base = $f;
-            $base =~ s|\.[^.]+$||;
-            if (-f "$base.c") {
-                open(FP, "<$base.c");
-                my $content = join('', <FP>);
-                close(FP);
-                if ($content =~ m|.*module\s+(?:MODULE_VAR_EXPORT\s+)?([a-zA-Z0-9_]+)_module\s*=\s*.*|s) {
-                    $name = "$1";
-                    $filename = "$base.c";
-                    $filename =~ s|^.+/||;
-                    $filename =~ s|^.+\\|| if ($^O eq "MSWin32");
-                }
-            }
-            if ($name eq '') {
-                if ($base =~ m|.*mod_([a-zA-Z0-9_]+)\..+|) {
-                    $name = "$1";
-                    $filename = $base;
-                    $filename =~ s|^.+/||;
-                    $filename =~ s|^.+\\|| if ($^O eq "MSWin32");
-                }
-            }
-            if ($name eq '') {
-                print STDERR "apxs:Error: Sorry, cannot determine bootstrap symbol name.\n";
-                print STDERR "apxs:Error: Please specify one with option `-n'.\n";
-                exit(1);
-            }
-        }
-        if ($filename eq '') {
-            $filename = "mod_${name}.c";
-        }
-        my $dir = $CFG_LIBEXECDIR;
-        $dir =~ s|^$CFG_PREFIX/?||;
-        $dir =~ s|(.)$|$1/|;
-        push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t"));
-        push(@amd, sprintf("AddModule %s", $filename));
-    }
-
-    #   activate module via LoadModule/AddModule directive
-    if ($opt_a or $opt_A) {
-        my $cfgbase = "$CFG_SYSCONFDIR/$CFG_TARGET";
-        if (not -f "$cfgbase.conf") {
-            print STDERR "apxs:Error: Config file $cfgbase.conf not found\n";
-            exit(1);
-        }
-
-        open(FP, "<$cfgbase.conf") || die;
-        my $content = join('', <FP>);
-        close(FP);
-
-        if ($content !~ m|\n#?\s*LoadModule\s+|) {
-            print STDERR "apxs:Error: Activation failed for custom $cfgbase.conf file.\n";
-            print STDERR "apxs:Error: At least one `LoadModule' directive already has to exist.\n";
-            exit(1);
-        }
-
-        my $lmd;
-        my $c = '';
-        $c = '#' if ($opt_A);
-        foreach $lmd (@lmd) {
-            my $what = $opt_A ? "preparing" : "activating";
-            if ($content !~ m|\n#?\s*$lmd|) {
-                # check for open <containers>, so that the new LoadModule
-                # directive always appears *outside* of an <container>.
-
-                my $before = ($content =~ m|^(.*\n)#?\s*LoadModule\s+[^\n]+\n|s)[0];
-
-                # the '()=' trick forces list context and the scalar
-                # assignment counts the number of list members (aka number
-                # of matches) then
-                my $cntopen = () = ($before =~ m|^\s*<[^/].*$|mg);
-                my $cntclose = () = ($before =~ m|^\s*</.*$|mg);
-
-                if ($cntopen == $cntclose) {
-                    # fine. Last LoadModule is contextless.
-                    $content =~ s|^(.*\n#?\s*LoadModule\s+[^\n]+\n)|$1$c$lmd\n|s;
-                }
-                elsif ($cntopen < $cntclose) {
-                    print STDERR 'Configuration file is not valid. There are '
-                                 . "sections closed before opened.\n";
-                    exit(1);
-                }
-                else {
-                    # put our cmd after the section containing the last
-                    # LoadModule.
-                    my $found =
-                    $content =~ s!\A (               # string and capture start
-                                  (?:(?:
-                                    ^\s*             # start of conf line with a
-                                    (?:[^<]|<[^/])   # directive which does not
-                                                     # start with '</'
-
-                                    .*(?:$)\n        # rest of the line.
-                                                     # the '$' is in parentheses
-                                                     # to avoid misinterpreting
-                                                     # the string "$\" as
-                                                     # perl variable.
-
-                                    )*               # catch as much as possible
-                                                     # of such lines. (including
-                                                     # zero)
-
-                                    ^\s*</.*(?:$)\n? # after the above, we
-                                                     # expect a config line with
-                                                     # a closing container (</)
-
-                                  ) {$cntopen}       # the whole pattern (bunch
-                                                     # of lines that end up with
-                                                     # a closing directive) must
-                                                     # be repeated $cntopen
-                                                     # times. That's it.
-                                                     # Simple, eh? ;-)
-
-                                  )                  # capture end
-                                 !$1$c$lmd\n!mx;
-
-                    unless ($found) {
-                        print STDERR 'Configuration file is not valid. There '
-                                     . "are sections opened and not closed.\n";
-                        exit(1);
-                    }
-                }
-            } else {
-                # replace already existing LoadModule line
-                $content =~ s|^(.*\n)#?\s*$lmd[^\n]*\n|$1$c$lmd\n|s;
-            }
-            $lmd =~ m|LoadModule\s+(.+?)_module.*|;
-            print STDERR "[$what module `$1' in $cfgbase.conf]\n";
-        }
-        my $amd;
-        foreach $amd (@amd) {
-            if ($content !~ m|\n#?\s*$amd|) {
-                # check for open <containers> etc. see above for explanations.
-
-                my $before = ($content =~ m|^(.*\n)#?\s*AddModule\s+[^\n]+\n|s)[0];
-                my $cntopen = () = ($before =~ m|^\s*<[^/].*$|mg);
-                my $cntclose = () = ($before =~ m|^\s*</.*$|mg);
-
-                if ($cntopen == $cntclose) {
-                    $content =~ s|^(.*\n#?\s*AddModule\s+[^\n]+\n)|$1$c$amd\n|s;
-                }
-                elsif ($cntopen < $cntclose) {
-                    # cannot happen here, but who knows ...
-                    print STDERR 'Configuration file is not valid. There are '
-                                 . "sections closed before opened.\n";
-                    exit(1);
-                }
-                else {
-                    unless ($content =~ s!\A((?:(?:^\s*(?:[^<]|<[^/]).*(?:$)\n)*
-                                          ^\s*</.*(?:$)\n?){$cntopen})
-                                         !$1$c$amd\n!mx) {
-                        # cannot happen here, anyway.
-                        print STDERR 'Configuration file is not valid. There '
-                                     . "are sections opened and not closed.\n";
-                        exit(1);
-                    }
-                }
-            } else {
-                # replace already existing AddModule line
-                $content =~ s|^(.*\n)#?\s*$amd[^\n]*\n|$1$c$amd\n|s;
-            }
-        }
-        if (@lmd or @amd) {
-            if (open(FP, ">$cfgbase.conf.new")) {
-                print FP $content;
-                close(FP);
-                if ($^O ne "MSWin32") {
-                    push(@cmds, "cp $cfgbase.conf $cfgbase.conf.bak");
-                    push(@cmds, "cp $cfgbase.conf.new $cfgbase.conf");
-                    push(@cmds, "rm $cfgbase.conf.new");
-                } else {
-                    $cfgbase =~ s|/|\\|g;
-                    push(@cmds, "copy \"$cfgbase.conf\" \"$cfgbase.conf.bak\"");
-                    push(@cmds, "copy \"$cfgbase.conf.new\" \"$cfgbase.conf\"");
-                    push(@cmds, "del \"$cfgbase.conf.new\"");
-                }
-            } else {
-                print STDERR "apxs:Error: unable to open configuration file\n";
-            }
-        }
-    }
-
-    #   execute the commands
-    &execute_cmds(@cmds);
-}
-
-##EOF##
-__DATA__
-##
-##  Makefile -- Build procedure for sample %NAME% Apache module
-##  Autogenerated via ``apxs -n %NAME% -g''.
-##
-
-#   the used tools
-APXS=apxs
-APACHECTL=apachectl
-
-#   additional user defines, includes and libraries
-#DEF=-Dmy_define=my_value
-#INC=-Imy/include/dir
-#LIB=-Lmy/lib/dir -lmylib
-
-#   the default target
-all: mod_%NAME%.%DSO_EXT%
-
-#   compile the DSO file
-mod_%NAME%.%DSO_EXT%: mod_%NAME%.c
-	$(APXS) -c $(DEF) $(INC) $(LIB) mod_%NAME%.c
-
-#   install the DSO file into the Apache installation
-#   and activate it in the Apache configuration
-install: all
-	$(APXS) -i -a -n '%NAME%' mod_%NAME%.%DSO_EXT%
-
-#   cleanup
-clean:
-	-rm -f mod_%NAME%.o mod_%NAME%.%DSO_EXT%
-
-#   simple test
-test: reload
-	lynx -mime_header http://localhost/%NAME%
-
-#   reload the module by installing and restarting Apache
-reload: install restart
-
-#   the general Apache start/restart/stop procedures
-start:
-	$(APACHECTL) start
-restart:
-	$(APACHECTL) restart
-stop:
-	$(APACHECTL) stop
-
--=#=-
-/* 
-**  mod_%NAME%.c -- Apache sample %NAME% module
-**  [Autogenerated via ``apxs -n %NAME% -g'']
-**
-**  To play with this sample module, first compile it into a
-**  DSO file and install it into Apache's libexec directory 
-**  by running:
-**
-**    $ apxs -c -i mod_%NAME%.c
-**
-**  Then activate it in Apache's %TARGET%.conf file, for instance
-**  for the URL /%NAME%, as follows:
-**
-**    #   %TARGET%.conf
-**    LoadModule %NAME%_module libexec/mod_%NAME%.%DSO_EXT%
-**    <Location /%NAME%>
-**    SetHandler %NAME%
-**    </Location>
-**
-**  Then after restarting Apache via
-**
-**    $ apachectl restart
-**
-**  you immediately can request the URL /%NAME and watch for the
-**  output of this module. This can be achieved for instance via:
-**
-**    $ lynx -mime_header http://localhost/%NAME% 
-**
-**  The output should be similar to the following one:
-**
-**    HTTP/1.1 200 OK
-**    Date: Tue, 31 Mar 1998 14:42:22 GMT
-**    Server: Apache/1.3.4 (Unix)
-**    Connection: close
-**    Content-Type: text/html
-**  
-**    The sample page from mod_%NAME%.c
-*/ 
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_protocol.h"
-#include "ap_config.h"
-
-/* The sample content handler */
-static int %NAME%_handler(request_rec *r)
-{
-    r->content_type = "text/html";      
-    ap_send_http_header(r);
-    if (!r->header_only)
-        ap_rputs("The sample page from mod_%NAME%.c\n", r);
-    return OK;
-}
-
-/* Dispatch list of content handlers */
-static const handler_rec %NAME%_handlers[] = { 
-    { "%NAME%", %NAME%_handler }, 
-    { NULL, NULL }
-};
-
-/* Dispatch list for API hooks */
-module MODULE_VAR_EXPORT %NAME%_module = {
-    STANDARD_MODULE_STUFF, 
-    NULL,                  /* module initializer                  */
-    NULL,                  /* create per-dir    config structures */
-    NULL,                  /* merge  per-dir    config structures */
-    NULL,                  /* create per-server config structures */
-    NULL,                  /* merge  per-server config structures */
-    NULL,                  /* table of config file commands       */
-    %NAME%_handlers,       /* [#8] MIME-typed-dispatched handlers */
-    NULL,                  /* [#1] URI to filename translation    */
-    NULL,                  /* [#4] validate user id from request  */
-    NULL,                  /* [#5] check if the user is ok _here_ */
-    NULL,                  /* [#3] check access by host address   */
-    NULL,                  /* [#6] determine MIME type            */
-    NULL,                  /* [#7] pre-run fixups                 */
-    NULL,                  /* [#9] log a transaction              */
-    NULL,                  /* [#2] header parser                  */
-    NULL,                  /* child_init                          */
-    NULL,                  /* child_exit                          */
-    NULL                   /* [#0] post read-request              */
-#ifdef EAPI
-   ,NULL,                  /* EAPI: add_module                    */
-    NULL,                  /* EAPI: remove_module                 */
-    NULL,                  /* EAPI: rewrite_command               */
-    NULL                   /* EAPI: new_connection                */
-#endif
-};
-
diff --git a/usr.sbin/httpd/src/support/checkgid.c b/usr.sbin/httpd/src/support/checkgid.c
deleted file mode 100644
index 7ed596562db..00000000000
--- a/usr.sbin/httpd/src/support/checkgid.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*	$OpenBSD: checkgid.c,v 1.4 2008/05/23 12:12:01 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-/*
- * Given one or more group identifers on the command line (e.g.,
- * "httpd" or "#-1"), figure out whether they'll be valid for
- * the server to use at run-time.
- *
- * If a groupname isn't found, or we can't setgid() to it, return
- * -1.  If all groups are valid, return 0.
- *
- * This may need to be run as the superuser for the setgid() to
- * succeed; running it as any other user may result in a false
- * negative.
- */
-
-#include <stdio.h>
-
-#include "httpd.h"
-#include "http_conf_globals.h"
-
-int
-main(int argc, char *argv[])
-{
-	int i;
-	int result;
-	gid_t gid;
-	struct group *grent;
-	struct group fake_grent;
-
-	/*
-	* Assume success. :-)
-	*/
-	result = 0;
-	for (i = 1; i < argc; ++i) {
-		char *arg;
-		arg = argv[i];
-
-		/*
-		 * If it's from a 'Group #-1' statement, get the numeric value
-		 * and skip the group lookup stuff.
-		 */
-		if (*arg == '#') {
-			gid = atoi(&arg[1]);
-			fake_grent.gr_gid = gid;
-			grent = &fake_grent;
-		} else
-			grent = getgrnam(arg);
-
-		/*
-		 * A NULL return means no such group was found, so we're done
-		 * with this one.
-		 */
-		if (grent == NULL) {
-			fprintf(stderr, "%s: group '%s' not found\n", argv[0],
-			    arg);
-			result = -1;
-		} else {
-			int check;
-
-			/*
-			 * See if we can switch to the numeric GID we have. If
-			 * so, all well and good; if not, well..
-			 */
-			gid = grent->gr_gid;
-			check = setgid(gid);
-			if (check != 0) {
-				fprintf(stderr, "%s: invalid group '%s'\n",
-				    argv[0], arg);
-				perror(argv[0]);
-				result = -1;
-			}
-		}
-	}
-	/* Worst-case return value. */
-	return result;
-}
diff --git a/usr.sbin/httpd/src/support/dbmmanage b/usr.sbin/httpd/src/support/dbmmanage
deleted file mode 100644
index 2ca1250714d..00000000000
--- a/usr.sbin/httpd/src/support/dbmmanage
+++ /dev/null
@@ -1,356 +0,0 @@
-#!/usr/local/bin/perl
-
-# ====================================================================
-# The Apache Software License, Version 1.1
-#
-# Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-# reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# 3. The end-user documentation included with the redistribution,
-#    if any, must include the following acknowledgment:
-#       "This product includes software developed by the
-#        Apache Software Foundation (http://www.apache.org/)."
-#    Alternately, this acknowledgment may appear in the software itself,
-#    if and wherever such third-party acknowledgments normally appear.
-#
-# 4. The names "Apache" and "Apache Software Foundation" must
-#    not be used to endorse or promote products derived from this
-#    software without prior written permission. For written
-#    permission, please contact apache@apache.org.
-#
-# 5. Products derived from this software may not be called "Apache",
-#    nor may "Apache" appear in their name, without prior written
-#    permission of the Apache Software Foundation.
-#
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-# ====================================================================
-# ====================================================================
-#
-# This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Software Foundation.  For more
-# information on the Apache Software Foundation, please see
-# <http://www.apache.org/>.
-#
-# Portions of this software are based upon public domain software
-# originally written at the National Center for Supercomputing Applications,
-# University of Illinois, Urbana-Champaign.
-#
-
-#for more functionality see the HTTPD::UserAdmin module:
-# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
-#
-# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>
-
-package dbmmanage;
-#                               -ldb    -lndbm    -lgdbm    -lsdbm
-BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) }
-use strict;
-use Fcntl;
-use AnyDBM_File ();
-
-sub usage {
-    my $cmds = join "|", sort keys %dbmc::;
-    die <<SYNTAX;
-Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
-
-    where enc is  -d for crypt encryption (default except on Win32, Netware)
-                  -m for MD5 encryption (default on Win32, Netware)
-                  -s for SHA1 encryption
-                  -p for plaintext
-
-    command is one of: $cmds
-
-    pw of . for update command retains the old password
-    pw of - (or blank) for update command prompts for the password
-
-    groups or comment of . (or blank) for update command retains old values
-    groups or comment of - for update command clears the existing value
-    groups or comment of - for add and adduser commands is the empty value
-SYNTAX
-}
-
-sub need_sha1_crypt {
-    if (!eval ('require "Digest/SHA1.pm";')) {
-        print STDERR <<SHAERR;
-dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
-available from CPAN:
- 
-    http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
- 
-Please install Digest::SHA1 and try again, or use a different crypt option:
-
-SHAERR
-        usage();
-    }
-}
-
-sub need_md5_crypt {
-    if (!eval ('require "Crypt/PasswdMD5.pm";')) {
-        print STDERR <<MD5ERR;
-dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN
- 
-    http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz
- 
-Please install Crypt::PasswdMD5 and try again, or use a different crypt option:
-
-MD5ERR
-        usage();
-    }
-}
-
-# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
-# four bytes of iteration count and four bytes of salt).  Otherwise, just use
-# the traditional two-byte salt.
-# see the man page on your system to decide if you have a newer crypt() lib.
-# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
-# The new style crypt() allows up to 20 characters of the password to be
-# significant rather than only 8.
-#
-my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?
-my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
-
-# Some platforms just can't crypt() for Apache
-#
-my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
-my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
-
-my $crypt_method = "crypt";
-
-if ($crypt_not_supported) {
-    $crypt_method = "md5";
-}
-
-# Some platforms won't jump through our favorite hoops
-#
-my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
-my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
-
-if ($crypt_not_supported) {
-    $crypt_method = "md5";
-}
-
-if (@ARGV[0] eq "-d") {
-    shift @ARGV;
-    if ($crypt_not_supported) {
-        print STDERR 
-              "Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
-    }
-    $crypt_method = "crypt";
-}
-
-if (@ARGV[0] eq "-m") {
-    shift @ARGV;
-    $crypt_method = "md5";
-}
-
-if (@ARGV[0] eq "-p") {
-    shift @ARGV;
-    if (!$crypt_not_supported) {
-        print STDERR 
-              "Warning: Apache/$^O does not support plaintext passwords!\n\n";
-    }
-    $crypt_method = "plain";
-}
-
-if (@ARGV[0] eq "-s") {
-    shift @ARGV;
-    need_sha1_crypt();
-    $crypt_method = "sha1";
-}
-
-if ($crypt_method eq "md5") {
-    need_md5_crypt();
-}
-
-my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
-
-usage() unless $file and $command and defined &{$dbmc::{$command}};
-
-# remove extension if any
-my $chop = join '|', qw{db.? pag dir};
-$file =~ s/\.($chop)$//;
-
-my $is_update = $command eq "update";
-my %DB = ();
-my @range = ();
-my($mode, $flags) = $command =~ 
-    /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);
-
-tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!";
-dbmc->$command();
-untie %DB;
-
-
-my $x;
-sub genseed {
-    my $psf;
-    if ($not_unix) {
-	srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
-    }
-    else {
-        for (qw(xlwwa -le)) { 
-	    `ps $_ 2>/dev/null`;
-            $psf = $_, last unless $?;
-        }
-        srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
-    }
-    @range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
-    $x = int scalar @range;
-}
-
-sub randchar { 
-    join '', map $range[rand $x], 1..shift||1;
-}
-
-sub saltpw_crypt {
-    genseed() unless @range; 
-    return $newstyle_salt ? 
-	join '', "_", randchar, "a..", randchar(4) :
-        randchar(2);
-}
-
-sub cryptpw_crypt {
-    my ($pw, $salt) = @_;
-    $salt = saltpw_crypt unless $salt;
-    crypt $pw, $salt;
-}
-
-sub saltpw_md5 {
-    genseed() unless @range; 
-    randchar(8);
-}
-
-sub cryptpw_md5 {
-    my($pw, $salt) = @_;
-    $salt = saltpw_md5 unless $salt;
-    Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
-}
-
-sub cryptpw_sha1 {
-    my($pw, $salt) = @_;
-    '{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
-}
-
-sub cryptpw {
-    if ($crypt_method eq "md5") {
-        return cryptpw_md5(@_);
-    } elsif ($crypt_method eq "sha1") {
-        return cryptpw_sha1(@_);
-    } elsif ($crypt_method eq "crypt") {
-        return cryptpw_crypt(@_);
-    }
-    @_[0]; # otherwise return plaintext
-}
-
-sub getpass {
-    my $prompt = shift || "Enter password:";
-
-    unless($not_unix) { 
-	open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
-	system "stty -echo;";
-    }
-
-    my($c,$pwd);
-    print STDERR $prompt;
-    while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
-	$pwd .= $c;
-    }
-
-    system "stty echo" unless $not_unix;
-    print STDERR "\n";
-    die "Can't use empty password!\n" unless length $pwd;
-    return $pwd;
-}
-
-sub dbmc::update {
-    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
-    $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
-    $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
-    $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
-    if (!$crypted_pwd || $crypted_pwd eq '-') {
-        dbmc->adduser;
-    }
-    else {
-        dbmc->add;
-    }
-}
-
-sub dbmc::add {
-    die "Can't use empty password!\n" unless $crypted_pwd;
-    unless($is_update) {
-	die "Sorry, user `$key' already exists!\n" if $DB{$key};
-    }
-    $groups = '' if $groups eq '-';
-    $comment = '' if $comment eq '-';
-    $groups .= ":" . $comment if $comment;
-    $crypted_pwd .= ":" . $groups if $groups;
-    $DB{$key} = $crypted_pwd;
-    my $action = $is_update ? "updated" : "added";
-    print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
-}
-
-sub dbmc::adduser {
-    my $value = getpass "New password:";
-    die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
-    $crypted_pwd = cryptpw $value;
-    dbmc->add;
-}
-
-sub dbmc::delete {
-    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
-    delete $DB{$key}, print "`$key' deleted\n";
-}
-
-sub dbmc::view {
-    print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
-}
-
-sub dbmc::check {
-    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
-    my $chkpass = (split /:/, $DB{$key}, 3)[0];
-    my $testpass = getpass();
-    if (substr($chkpass, 0, 6) eq '$apr1$') {
-        need_md5_crypt;
-        $crypt_method = "md5";
-    } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
-        need_sha1_crypt;
-        $crypt_method = "sha1";
-    } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
-        $crypt_method = "crypt";
-    } else {
-        $crypt_method = "plain";
-    }
-    print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass 
-                           ? " password ok\n" : " password mismatch\n");
-}
-
-sub dbmc::import {
-    while(defined($_ = <STDIN>) and chomp) {
-	($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
-	dbmc->add;
-    }
-}
-
diff --git a/usr.sbin/httpd/src/support/dbmmanage.1 b/usr.sbin/httpd/src/support/dbmmanage.1
deleted file mode 100644
index 4ed4d947adc..00000000000
--- a/usr.sbin/httpd/src/support/dbmmanage.1
+++ /dev/null
@@ -1,198 +0,0 @@
-.\"	$OpenBSD: dbmmanage.1,v 1.11 2008/06/07 01:59:36 jdixon Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" <http://www.apache.org/>.
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: June 7 2008 $
-.Dt DBMMANAGE 1
-.Os
-.Sh NAME
-.Nm dbmmanage
-.Nd create and update user authentication files in DBM format
-.Sh SYNOPSIS
-.Nm
-.Ar filename
-.Op Ar command
-.Op Ar username Op Ar encpassword
-.Sh DESCRIPTION
-.Nm
-is used to create and update the DBM format files used to store
-usernames and passwords for basic authentication of HTTP users.
-Resources available from the
-.Xr httpd 8
-Apache web server can be restricted to just the users listed
-in the files created by
-.Nm .
-This program can only be used when the usernames are stored in a DBM file.
-To use a flat-file database see
-.Xr htpasswd 1 .
-.Pp
-This manual page only lists the command line arguments.
-For details of the directives necessary to configure user authentication in
-.Xr httpd 8 ,
-see
-the Apache manual, which can be found in
-.Pa /usr/share/doc/html/httpd/ .
-.Pp
-The options are as follows:
-.Bl -tag -width "encpasswordXX"
-.It Ar command
-This selects the operation to perform:
-.Bl -tag -width "adduserXX"
-.It Ic add
-Add an entry for
-.Ar username
-to
-.Ar filename
-using the encrypted password
-.Ar encpassword .
-.It Ic adduser
-Ask for a password and then add an entry for
-.Ar username
-to
-.Ar filename .
-.It Ic check
-Ask for a password and then check if
-.Ar username
-is in
-.Ar filename
-and if its password matches the specified one.
-.It Ic delete
-Delete the
-.Ar username
-entry from
-.Ar filename .
-.It Ic import
-Read username:password entries (one per line) from stdin and add them to
-.Ar filename .
-The password already has to be encrypted.
-.It Ic update
-Same as the
-.Ic adduser
-command, except that it makes sure
-.Ar username
-already exists in
-.Ar filename .
-.It Ic view
-Just display the complete contents of the DBM file.
-.El
-.It Ar encpassword
-The password to be encrypted.
-.It Ar filename
-The filename of the DBM format file.
-Usually without the extension .db, .pag, or .dir.
-.It Ar username
-The user for which the update operation is performed.
-.El
-.Sh SEE ALSO
-.Xr htdigest 1 ,
-.Xr htpasswd 1 ,
-.Xr httpd 8
-.Sh BUGS
-One should be aware that there are a number of different DBM file
-formats in existence, and with all likelihood, libraries for more than
-one format may exist on your system.
-The three primary examples are NDBM, the GNU project's GDBM,
-and Berkeley DB 2.
-Unfortunately, all these libraries use different file formats,
-and you must make sure that the file format used by
-.Ar filename
-is the same format that
-.Nm
-expects to see.
-.Nm
-currently has no way of determining what type of DBM file it is
-looking at.
-If used against the wrong format,
-.Nm
-will simply return nothing, or may create a different DBM file with a
-different name, or at worst, it may corrupt the DBM file if you were
-attempting to write to it.
-.Pp
-.Nm
-has a list of DBM format preferences, defined by the
-.Dq @AnyDBM::ISA
-array near the beginning of the program.
-Since we prefer the Berkeley DB 2 file format, the order in which
-.Nm
-will look for system libraries is Berkeley DB 2, then NDBM, and then GDBM.
-The first library found will be the library
-.Nm
-will attempt to use for all DBM file transactions.
-This ordering is slightly different than the standard
-.Dq @AnyDBM::ISA
-ordering in
-.Xr perl 1 ,
-as well as the ordering used by the simple
-.Fn dbmopen
-call in perl,
-so if you use any other utilities to manage your DBM files,
-they must also follow this preference ordering.
-Similar care must be taken if using programs in other languages,
-like C,
-to access these files.
-.Pp
-.Xr httpd 8 Ns 's
-.Pa mod_auth_db.c
-module corresponds to the Berkeley DB 2 library, while
-.Pa mod_auth_dbm.c
-corresponds to the NDBM library.
-Also, one can usually use the
-.Xr file 1
-program supplied with most
-.Ux
-systems to see what format a DBM file is in.
diff --git a/usr.sbin/httpd/src/support/htdigest.1 b/usr.sbin/httpd/src/support/htdigest.1
deleted file mode 100644
index cd2b519d258..00000000000
--- a/usr.sbin/httpd/src/support/htdigest.1
+++ /dev/null
@@ -1,120 +0,0 @@
-.\"	$OpenBSD: htdigest.1,v 1.10 2008/06/07 01:59:36 jdixon Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" <http://www.apache.org/>.
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: June 7 2008 $
-.Dt HTDIGEST 1
-.Os
-.Sh NAME
-.Nm htdigest
-.Nd create and update user authentication files
-.Sh SYNOPSIS
-.Nm
-.Op Fl c
-.Ar passwordfile
-.Ar realm
-.Ar username
-.Sh DESCRIPTION
-.Nm
-is used to create and update the flat-files used to store
-usernames, realms, and passwords for digest authentication of HTTP users.
-Resources available from the
-.Xr httpd 8
-Apache web server can be restricted to just the users listed
-in the files created by
-.Nm .
-.Pp
-This manual page only lists the command line arguments.
-For details of the directives necessary to
-configure digest authentication in
-.Xr httpd 8 ,
-see the Apache manual, which can be found at
-.Pa /usr/share/doc/html/httpd/ .
-.Pp
-The options are as follows:
-.Bl -tag -width "passwordfileXX"
-.It Fl c
-Create the
-.Ar passwordfile .
-If
-.Ar passwordfile
-already exists,
-it is deleted first.
-.It Ar passwordfile
-Name of the file to contain the username, realm, and password.
-If
-.Fl c
-is specified,
-this file is created if it does not already exist,
-or deleted and recreated if it does exist.
-.It Ar realm
-The realm name to which the username belongs.
-.It Ar username
-The username to create or update in
-.Ar passwordfile .
-If
-.Ar username
-does not exist in this file,
-an entry is added.
-If it does exist,
-the password is changed.
-.El
-.Sh SEE ALSO
-.Xr dbmmanage 1 ,
-.Xr htpasswd 1 ,
-.Xr httpd 8
diff --git a/usr.sbin/httpd/src/support/htdigest.c b/usr.sbin/httpd/src/support/htdigest.c
deleted file mode 100644
index 9fc243a8309..00000000000
--- a/usr.sbin/httpd/src/support/htdigest.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/*	$OpenBSD: htdigest.c,v 1.13 2012/03/04 04:05:15 fgsch Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-/******************************************************************************
- ******************************************************************************
- * NOTE! This program is not safe as a setuid executable!  Do not make it
- * setuid!
- ******************************************************************************
- *****************************************************************************/
-/*
- * htdigest.c: simple program for manipulating digest passwd file for Apache
- *
- * by Alexei Kosut, based on htpasswd.c, by Rob McCool
- */
-
-#include <sys/types.h>
-#include <sys/signal.h>
-
-#include "ap_config.h"
-#include "ap.h"
-#include "ap_md5.h"
-
-#define LF 10
-#define CR 13
-
-#define MAX_STRING_LEN 256
-
-#define INTR_MSG "\nInterrupted.\n"
-
-static char tn[MAX_STRING_LEN];
-
-static void
-getword(char *word, char *line, char stop)
-{
-	int x = 0, y;
-
-	for (x = 0; ((line[x]) && (line[x] != stop)); x++)
-		word[x] = line[x];
-
-	word[x] = '\0';
-	if (line[x])
-		++x;
-	y = 0;
-
-	while ((line[y++] = line[x++]));
-}
-
-static int
-get_line(char *s, int n, FILE *f)
-{
-	int i = 0;
-
-	while (1) {
-		s[i] = (char) fgetc(f);
-
-		if (s[i] == CR)
-			s[i] = fgetc(f);
-
-		if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) {
-			s[i] = '\0';
-			return (feof(f) ? 1 : 0);
-		}
-		++i;
-	}
-}
-
-static void
-putline(FILE *f, char *l)
-{
-	int x;
-
-	for (x = 0; l[x]; x++)
-		fputc(l[x], f);
-	fputc('\n', f);
-}
-
-
-static void
-add_password(char *user, char *realm, FILE *f)
-{
-	char *pw;
-	AP_MD5_CTX context;
-	unsigned char digest[16];
-	char string[MAX_STRING_LEN];
-	char pwin[MAX_STRING_LEN];
-	char pwv[MAX_STRING_LEN];
-	unsigned int i;
-
-	if (ap_getpass("New password: ", pwin, sizeof(pwin)) != 0) {
-		fprintf(stderr, "password too long");
-		exit(5);
-	}
-	ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
-	if (strcmp(pwin, pwv) != 0) {
-		fprintf(stderr, "They don't match, sorry.\n");
-		if (tn[0] != '\0')
-			unlink(tn);
-
-		exit(1);
-	}
-	pw = pwin;
-	fprintf(f, "%s:%s:", user, realm);
-
-	/* Do MD5 stuff */
-	snprintf(string, sizeof(string), "%s:%s:%s", user, realm, pw);
-
-	ap_MD5Init(&context);
-	ap_MD5Update(&context, (unsigned char *) string, strlen(string));
-	ap_MD5Final(digest, &context);
-
-	for (i = 0; i < 16; i++)
-		fprintf(f, "%02x", digest[i]);
-
-	fprintf(f, "\n");
-}
-
-static void
-usage(void)
-{
-	fprintf(stderr, "Usage: htdigest [-c] passwordfile realm username\n");
-	fprintf(stderr, "The -c flag creates a new file.\n");
-	exit(1);
-}
-
-static void
-interrupted(void)
-{
-	write(STDERR_FILENO, INTR_MSG, sizeof(INTR_MSG) - 1);
-	if (tn[0] != '\0')
-		unlink(tn);
-	_exit(1);
-}
-
-
-
-int main(int argc, char *argv[])
-{
-    FILE *tfp, *f;
-    char user[MAX_STRING_LEN];
-    char realm[MAX_STRING_LEN];
-    char line[MAX_STRING_LEN];
-    char l[MAX_STRING_LEN];
-    char w[MAX_STRING_LEN];
-    char x[MAX_STRING_LEN];
-    char command[MAX_STRING_LEN];
-    int found;
-    int tfd;
-
-    signal(SIGINT, (void (*)(int)) interrupted);
-    if (argc == 5) {
-	if (strcmp(argv[1], "-c"))
-	    usage();
-	if (!(tfp = fopen(argv[2], "w"))) {
-	    fprintf(stderr, "Could not open passwd file %s for writing.\n",
-		    argv[2]);
-	    perror("fopen");
-	    exit(1);
-	}
-	printf("Adding password for %s in realm %s.\n", argv[4], argv[3]);
-	add_password(argv[4], argv[3], tfp);
-	fclose(tfp);
-	exit(0);
-    }
-    else if (argc != 4)
-	usage();
-
-    strlcpy(tn, "/tmp/htdigest-XXXXXXXXXX", sizeof(tn));
-    tfd = mkstemp(tn);
-    if (tfd == -1 || (tfp = fdopen(tfd, "w")) == NULL) {
-	fprintf(stderr, "Could not create temp file.\n");
-	exit(1);
-    }
-
-    if (!(f = fopen(argv[1], "r"))) {
-	fprintf(stderr,
-		"Could not open passwd file %s for reading.\n", argv[1]);
-	fprintf(stderr, "Use -c option to create new one.\n");
-	exit(1);
-    }
-    ap_cpystrn(user, argv[3], sizeof(user));
-    ap_cpystrn(realm, argv[2], sizeof(realm));
-
-    found = 0;
-    while (!(get_line(line, MAX_STRING_LEN, f))) {
-	if (found || (line[0] == '#') || (!line[0])) {
-	    putline(tfp, line);
-	    continue;
-	}
-	strlcpy(l, line, sizeof(l));
-	getword(w, l, ':');
-	getword(x, l, ':');
-	if (strcmp(user, w) || strcmp(realm, x)) {
-	    putline(tfp, line);
-	    continue;
-	}
-	else {
-	    printf("Changing password for user %s in realm %s\n", user, realm);
-	    add_password(user, realm, tfp);
-	    found = 1;
-	}
-    }
-    if (!found) {
-	printf("Adding user %s in realm %s\n", user, realm);
-	add_password(user, realm, tfp);
-    }   
-    fclose(f);
-    fclose(tfp);
-    snprintf(command, sizeof(command), "cp %s %s", tn, argv[1]);
-    system(command);
-    unlink(tn);
-    return 0;
-}
diff --git a/usr.sbin/httpd/src/support/htpasswd.1 b/usr.sbin/httpd/src/support/htpasswd.1
deleted file mode 100644
index 663de03d237..00000000000
--- a/usr.sbin/httpd/src/support/htpasswd.1
+++ /dev/null
@@ -1,292 +0,0 @@
-.\"	$OpenBSD: htpasswd.1,v 1.17 2010/09/03 11:22:36 jmc Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" <http://www.apache.org/>.
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: September 3 2010 $
-.Dt HTPASSWD 1
-.Os
-.Sh NAME
-.Nm htpasswd
-.Nd create and update user authentication files
-.Sh SYNOPSIS
-.Nm
-.Op Fl c
-.Oo
-.Fl d | l | m | p | s
-.Oc
-.Ar passwordfile
-.Ar username
-.Nm
-.Fl b
-.Op Fl c
-.Oo
-.Fl d | l | m | p | s
-.Oc
-.Ar passwordfile
-.Ar username
-.Ar password
-.Nm
-.Fl n
-.Oo
-.Fl d | l | m | p | s
-.Oc
-.Ar username
-.Nm
-.Fl bn
-.Oo
-.Fl d | l | m | p | s
-.Oc
-.Ar username
-.Ar password
-.Sh DESCRIPTION
-.Nm
-is used to create and update the flat-files used to store
-usernames and password for basic authentication of HTTP users.
-If
-.Nm
-cannot access a file, such as not being able to write to the output
-file or not being able to read the file in order to update it,
-it returns an error status and makes no changes.
-.Pp
-Resources available from the
-.Xr httpd 8
-Apache web server can be restricted to just the users listed
-in the files created by
-.Nm .
-This program can only manage usernames and passwords
-stored in a flat-file.
-It can encrypt and display password information
-for use in other types of data stores, though.
-To use a DBM database see
-.Xr dbmmanage 1 .
-.Pp
-.Nm
-encrypts passwords using either a version of MD5 modified for Apache,
-the system's
-.Xr crypt 3
-routine
-(the default),
-or SHA encryption.
-Files managed by
-.Nm
-may contain all types of passwords e.g.\&
-some user records may have MD5-encrypted passwords
-while others in the same file have passwords encrypted with
-.Xr crypt 3 .
-.Pp
-This manual page only lists the command line arguments.
-For details of the directives necessary to configure user authentication in
-.Xr httpd 8 ,
-see
-the Apache manual, which can be found in
-.Pa /usr/share/doc/html/httpd/ .
-.Pp
-The options are as follows:
-.Bl -tag -width "passwordfileXX"
-.It Fl b
-Use batch mode
-i.e. get the password from the command line rather than prompting for it.
-.Bf -symbolic
-This option should not be used,
-since the password is clearly visible on the command line.
-.Ef
-.It Fl c
-Create the
-.Ar passwordfile .
-If
-.Ar passwordfile
-already exists,
-it is rewritten and truncated.
-This option cannot be combined with the
-.Fl n
-option.
-.It Fl d
-Use DES-based
-.Xr crypt 3
-encryption for passwords.
-.It Fl l
-Use Blowfish-based
-.Xr crypt 3
-encryption for passwords.
-This is the default.
-.It Fl m
-Use Apache's modified MD5 algorithm for passwords.
-Passwords encrypted with this algorithm are transportable to any platform
-(Windows, Unix, BeOS, et cetera)
-running Apache 1.3.9 or later.
-.It Fl n
-Display the results on standard output rather than updating a file.
-This is useful for generating password records acceptable to Apache
-for inclusion in non-text data stores.
-This option changes the syntax of the command line,
-since the
-.Ar passwdfile
-argument
-(usually the first one)
-is omitted.
-It cannot be combined with the
-.Fl c
-option.
-.It Fl p
-Use plaintext passwords.
-Although
-.Nm
-supports the creation of plaintext passwords,
-.Xr httpd 8
-will not accept plaintext passwords on
-.Ox .
-.It Fl s
-Use SHA encryption for passwords.
-Facilitates migration from/to Netscape servers using the
-LDAP Directory Interchange Format (LDIF).
-.It Ar password
-The plaintext password to be encrypted and stored in the file.
-Only used with the
-.Fl b
-flag.
-.It Ar passwordfile
-Name of the file to contain the username and password.
-If
-.Fl c
-is given, this file is created if it does not already exist,
-or rewritten and truncated if it does exist.
-.It Ar username
-The
-.Ar username
-to create or update in
-.Ar passwordfile .
-If
-.Ar username
-does not exist in this file,
-an entry is added.
-If it does exist,
-the password is changed.
-.El
-.Pp
-Web password files such as those managed by
-.Nm
-should
-.Em not
-be within the Web server's URI space \(em that is,
-although the password files
-.Em must
-be contained within
-.Dq ServerRoot ,
-they should not be located in
-.Dq DocumentRoot .
-.Sh EXIT STATUS
-The exit codes returned are:
-.Pp
-.Bl -tag -width "XXX" -offset indent -compact
-.It 0
-operation completed successfully
-.It 1
-problem accessing files
-.It 2
-syntax problem with the command line
-.It 3
-the password was entered interactively
-and the verification entry didn't match
-.It 4
-the operation was interrupted
-.It 5
-a value is too long
-(username, filename, password, or final computed record)
-.It 6
-the username contains illegal characters
-(see the
-.Sx CAVEATS
-section, below)
-.El
-.Sh EXAMPLES
-Add or modify the password for user
-.Dq jsmith .
-The user is prompted for the password.
-If the file does not exist,
-.Nm
-will do nothing except return an error:
-.Pp
-.Dl # htpasswd /var/www/conf/.htpasswd-users jsmith
-.Pp
-Create a new file and store a record in it for user
-.Dq jane ,
-using the MD5 algorithm.
-The user is prompted for the password.
-If the file exists and cannot be read, or cannot be written,
-it is not altered and
-.Nm
-will display a message and return an error status:
-.Pp
-.Dl # htpasswd -cm /var/www/conf/.htpasswd jane
-.Sh SEE ALSO
-.Xr dbmmanage 1 ,
-.Xr htdigest 1 ,
-.Xr crypt 3 ,
-.Xr httpd 8
-.Pp
-The scripts in
-.Pa support/SHA1/
-which come with the distribution.
-.Sh CAVEATS
-The MD5 algorithm used by
-.Nm
-is specific to Apache software:
-passwords encrypted using it will not be usable with other Web servers.
-.Pp
-Usernames are limited to 255 bytes and may not include the character
-.Sq :\& .
diff --git a/usr.sbin/httpd/src/support/htpasswd.c b/usr.sbin/httpd/src/support/htpasswd.c
deleted file mode 100644
index 6d0ca084f17..00000000000
--- a/usr.sbin/httpd/src/support/htpasswd.c
+++ /dev/null
@@ -1,567 +0,0 @@
-/*	$OpenBSD: htpasswd.c,v 1.19 2012/03/04 04:05:15 fgsch Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/******************************************************************************
- ******************************************************************************
- * NOTE! This program is not safe as a setuid executable!  Do not make it
- * setuid!
- ******************************************************************************
- *****************************************************************************/
-/*
- * htpasswd.c: simple program for manipulating password file for
- * the Apache HTTP server
- * 
- * Originally by Rob McCool
- *
- * Exit values:
- *  0: Success
- *  1: Failure; file access/permission problem
- *  2: Failure; command line syntax problem (usage message issued)
- *  3: Failure; password verification failure
- *  4: Failure; operation interrupted (such as with CTRL/C)
- *  5: Failure; buffer would overflow (username, filename, or computed
- *     record too long)
- *  6: Failure; username contains illegal or reserved characters
- */
-
-#include "ap_config.h"
-#include <sys/types.h>
-#include <signal.h>
-#include <errno.h>
-#include "ap.h"
-#include "ap_md5.h"
-#include "ap_sha1.h"
-
-#define LF 10
-#define CR 13
-
-#define MAX_STRING_LEN 256
-#define ALG_PLAIN 0
-#define ALG_CRYPT 1
-#define ALG_APMD5 2
-#define ALG_APSHA 3 
-#define ALG_APBLF 4
-
-#define INTR_MSG "\nInterrupted.\n"
-
-#define ERR_FILEPERM 1
-#define ERR_SYNTAX 2
-#define ERR_PWMISMATCH 3
-#define ERR_INTERRUPTED 4
-#define ERR_OVERFLOW 5
-#define ERR_BADUSER 6
-
-/*
- * This needs to be declared statically so the signal handler can
- * access it.
- */
-static char tempfilename[MAX_STRING_LEN];
-/*
- * If our platform knows about the tmpnam() external buffer size, create
- * a buffer to pass in.  This is needed in a threaded environment, or
- * one that thinks it is (like HP-UX).
- */
-#ifdef L_tmpnam
-static char tname_buf[L_tmpnam];
-#else
-static char *tname_buf = NULL;
-#endif
-
-/*
- * Get a line of input from the user, not including any terminating
- * newline.
- */
-static int
-get_line(char *s, int n, FILE *f)
-{
-	int i = 0;
-
-	while (1) {
-		s[i] = (char) fgetc(f);
-
-		if (s[i] == CR)
-			s[i] = fgetc(f);
-
-		if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) {
-			s[i] = '\0';
-			return (feof(f) ? 1 : 0);
-		}
-		++i;
-	}
-}
-
-static void
-putline(FILE *f, char *l)
-{
-	int x;
-
-	for (x = 0; l[x]; x++)
-		fputc(l[x], f);
-
-	fputc('\n', f);
-}
-
-/*
- * Make a password record from the given information.  A zero return
- * indicates success; failure means that the output buffer contains an
- * error message instead.
- */
-static int
-mkrecord(char *user, char *record, size_t rlen, char *passwd, int alg)
-{
-	char *pw;
-	char cpw[120];
-	char pwin[MAX_STRING_LEN];
-	char pwv[MAX_STRING_LEN];
-	char salt[33];
-
-	if (passwd != NULL)
-		pw = passwd;
-	else {
-		if (ap_getpass("New password: ", pwin, sizeof(pwin)) != 0) {
-			ap_snprintf(record, (rlen - 1), "password too long "
-			    "(>%lu)", (unsigned long)(sizeof(pwin) - 1));
-			return ERR_OVERFLOW;
-		}
-		ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
-		if (strcmp(pwin, pwv) != 0) {
-			ap_cpystrn(record, "password verification error",
-			    (rlen - 1));
-			return ERR_PWMISMATCH;
-		}
-		pw = pwin;
-		memset(pwv, '\0', sizeof(pwin));
-	}
-	switch (alg) {
-	case ALG_APSHA:
-		/* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */
-		ap_sha1_base64(pw, strlen(pw), cpw);
-		break;
-	case ALG_APMD5: 
-		ap_to64(&salt[0], arc4random(), 8);
-		salt[8] = '\0';
-
-		ap_MD5Encode((const unsigned char *)pw,
-		    (const unsigned char *)salt, cpw, sizeof(cpw));
-		break;
-	case ALG_PLAIN:
-		/* XXX this len limitation is not in sync with any HTTPd len. */
-		ap_cpystrn(cpw ,pw, sizeof(cpw));
-		break;
-	case ALG_CRYPT:
-		ap_to64(&salt[0], arc4random(), 8);
-		salt[8] = '\0';
-
-		ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
-		break;
-	case ALG_APBLF:
-	default:
-		strlcpy(salt, bcrypt_gensalt(6), sizeof(salt));
-		strlcpy(cpw, (char *)crypt(pw, salt), sizeof(cpw));
-		break;
-	}
-	memset(pw, '\0', strlen(pw));
-
-	/*
-	 * Check to see if the buffer is large enough to hold the username,
-	 * hash, and delimiters.
-	 */
-	if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) {
-		ap_cpystrn(record, "resultant record too long", (rlen - 1));
-		return ERR_OVERFLOW;
-	}
-	snprintf(record, rlen, "%s:%s", user, cpw);
-	return 0;
-}
-
-static int
-usage(void)
-{
-	fprintf(stderr, "Usage:\thtpasswd [-c] [-d | -l | -m | -p | -s ] "
-	    "passwordfile username\n");
-	fprintf(stderr, "\thtpasswd -b [-c] [-d | -l | -m | -p | -s] "
-	    "passwordfile username password\n");
-	fprintf(stderr, "\thtpasswd -n [-d | -l | -m | -p | -s] username\n");
-	fprintf(stderr, "\thtpasswd -bn [-d | -l | -m | -p | -s] username "
-	    "password\n");
-	return ERR_SYNTAX;
-}
-
-static void
-interrupted(void)
-{
-	write(STDERR_FILENO, INTR_MSG, sizeof(INTR_MSG) - 1);
-	if (tempfilename[0] != '\0')
-		unlink(tempfilename);
-
-	_exit(ERR_INTERRUPTED);
-}
-
-/*
- * Check to see if the specified file can be opened for the given
- * access.
- */
-static int
-accessible(char *fname, char *mode)
-{
-	FILE *s;
-
-	s = fopen(fname, mode);
-	if (s == NULL)
-		return 0;
-
-	fclose(s);
-	return 1;
-}
-
-/* Return true if a file is readable. */
-static int
-readable(char *fname)
-{
-	return accessible(fname, "r");
-}
-
-/* Return true if the specified file can be opened for write access. */
-static int
-writable(char *fname)
-{
-	return accessible(fname, "a");
-}
-
-/* Return true if the named file exists, regardless of permissions. */
-static int
-exists(char *fname)
-{
-	struct stat sbuf;
-	int check;
-
-	check = stat(fname, &sbuf);
-	return ((check == -1) && (errno == ENOENT)) ? 0 : 1;
-}
-
-/*
- * Copy from the current position of one file to the current position
- * of another.
- */
-static void
-copy_file(FILE *target, FILE *source)
-{
-	static char line[MAX_STRING_LEN];
-
-	while (fgets(line, sizeof(line), source) != NULL)
-		fputs(line, target);
-}
-
-/*
- * Let's do it.  We end up doing a lot of file opening and closing,
- * but what do we care?  This application isn't run constantly.
- */
-int
-main(int argc, char *argv[])
-{
-	FILE *ftemp = NULL;
-	FILE *fpw = NULL;
-	char user[MAX_STRING_LEN];
-	char password[MAX_STRING_LEN];
-	char record[MAX_STRING_LEN];
-	char line[MAX_STRING_LEN];
-	char pwfilename[MAX_STRING_LEN];
-	char *arg;
-	int found = 0;
-	int alg = ALG_APBLF;
-	int newfile = 0;
-	int nofile = 0;
-	int noninteractive = 0;
-	int i;
-	int args_left = 2;
-	int tfd;
-	int ch;
-
-	signal(SIGINT, (void (*)(int)) interrupted);
-
-	/*
-	 * Preliminary check to make sure they provided at least
-	 * three arguments, we'll do better argument checking as 
-	 * we parse the command line.
-	 */
-	if (argc < 3)
-		return usage();
-
-	/*
-	* Go through the argument list and pick out any options.  They
-	* have to precede any other arguments.
-	*/
-	while ((ch = getopt(argc, argv, "bcdlnmsp")) != -1) {
-		switch (ch) {
-		case 'b':
-			noninteractive++;
-			args_left++;
-			break;
-		case 'c':
-			newfile++;
-			break;
-		case 'd':
-			alg = ALG_CRYPT;
-			break;
-		case 'l':
-			alg = ALG_APBLF;
-			break;
-		case 'n':
-			nofile++;
-			args_left--;
-			break;
-		case 'm':
-			alg = ALG_APMD5;
-			break;
-		case 's':
-			alg = ALG_APSHA;
-			break;
-		case 'p':
-			alg = ALG_PLAIN;
-			break;
-		default:
-			usage();
-		}
-	}
-	argc -= optind;
-	argv += optind;
-
-	i = argc - args_left;
-
-	/*
-	 * Make sure we still have exactly the right number of arguments left
-	 * (the filename, the username, and possibly the password if -b was
-	 * specified).
-	 */
-	if (argc != args_left)
-		return usage();
-
-	if (newfile && nofile) {
-		fprintf(stderr, "%s: -c and -n options conflict\n", argv[0]);
-		return ERR_SYNTAX;
-	}
-	if (nofile)
-		i--;
-	else {
-		if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
-			fprintf(stderr, "%s: filename too long\n", argv[0]);
-			return ERR_OVERFLOW;
-		}
-		strlcpy(pwfilename, argv[i], sizeof(pwfilename));
-		if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
-			fprintf(stderr, "%s: username too long (>%lu)\n",
-			    argv[0], (unsigned long)(sizeof(user) - 1));
-			return ERR_OVERFLOW;
-		}
-	}
-	strlcpy(user, argv[i + 1], sizeof(user));
-	if ((arg = strchr(user, ':')) != NULL) {
-		fprintf(stderr, "%s: username contains illegal character '%c'"
-		    "\n", argv[0], *arg);
-		return ERR_BADUSER;
-	}
-	if (noninteractive) {
-		if (strlen(argv[i + 2]) > (sizeof(password) - 1)) {
-			fprintf(stderr, "%s: password too long (>%lu)\n",
-			    argv[0], (unsigned long)(sizeof(password) - 1));
-			return ERR_OVERFLOW;
-		}
-		strlcpy(password, argv[i + 2], sizeof(password));
-	}
-
-	if (alg == ALG_PLAIN) {
-		fprintf(stderr,"Warning: storing passwords as plain text might "
-		    "just not work on this platform.\n");
-	}
-	if (!nofile) {
-		/*
-		 * Only do the file checks if we're supposed to frob it.
-		 *
-		 * Verify that the file exists if -c was omitted.  We give a
-		 * special message if it doesn't.
-		 */
-		if ((!newfile) && (!exists(pwfilename))) {
-			fprintf(stderr, "%s: cannot modify file %s; use '-c' "
-			    "to create it\n", argv[0], pwfilename);
-			perror("fopen");
-			exit(ERR_FILEPERM);
-		}
-		/*
-		 * Verify that we can read the existing file in the case of an
-		 * update to it (rather than creation of a new one).
-		 */
-		if ((! newfile) && (! readable(pwfilename))) {
-			fprintf(stderr, "%s: cannot open file %s for read "
-			    "access\n", argv[0], pwfilename);
-			perror("fopen");
-			exit(ERR_FILEPERM);
-		}
-		/*
-		 * Now check to see if we can preserve an existing file in case
-		 * of password verification errors on a -c operation.
-		 */
-		if (newfile && exists(pwfilename) && (! readable(pwfilename))) {
-			fprintf(stderr, "%s: cannot open file %s for read "
-			    "access\n%s: existing auth data would be lost on "
-			    "password mismatch", argv[0], pwfilename, argv[0]);
-			perror("fopen");
-			exit(ERR_FILEPERM);
-		}
-		/* Now verify that the file is writable! */
-		if (! writable(pwfilename)) {
-			fprintf(stderr, "%s: cannot open file %s for write "
-			    "access\n",	argv[0], pwfilename);
-			perror("fopen");
-			exit(ERR_FILEPERM);
-		}
-	}
-
-	/*
-	 * All the file access checks (if any) have been made.  Time to go to
-	 * work; try to create the record for the username in question.  If
-	 * that fails, there's no need to waste any time on file manipulations.
-	 * Any error message text is returned in the record buffer, since
-	 * the mkrecord() routine doesn't have access to argv[].
-	 */
-	i = mkrecord(user, record, sizeof(record) - 1,
-	    noninteractive ? password : NULL, alg);
-	if (i != 0) {
-		fprintf(stderr, "%s: %s\n", argv[0], record);
-		exit(i);
-	}
-	if (nofile) {
-		printf("%s\n", record);
-		exit(0);
-	}
-
-	/*
-	 * We can access the files the right way, and we have a record
-	 * to add or update.  Let's do it..
-	 */
-	errno = 0;
-	strlcpy(tempfilename, "/tmp/htpasswd-XXXXXXXXXX", sizeof(tempfilename));
-	tfd = mkstemp(tempfilename);
-	if (tfd == -1 || (ftemp = fdopen(tfd, "w+")) == NULL) {
-		fprintf(stderr, "%s: unable to create temporary file '%s'\n",
-		    argv[0], tempfilename);
-		perror("open");
-		exit(ERR_FILEPERM);
-	}
-	/*
-	 * If we're not creating a new file, copy records from the existing
-	 * one to the temporary file until we find the specified user.
-	 */
-	if (! newfile) {
-		char scratch[MAX_STRING_LEN];
-
-		fpw = fopen(pwfilename, "r");
-		while (! (get_line(line, sizeof(line), fpw))) {
-			char *colon;
-
-			if ((line[0] == '#') || (line[0] == '\0')) {
-				putline(ftemp, line);
-				continue;
-			}
-			strlcpy(scratch, line, sizeof(scratch));
-			/* See if this is our user. */
-			colon = strchr(scratch, ':');
-			if (colon != NULL)
-				*colon = '\0';
-
-			if (strcmp(user, scratch) != 0) {
-				putline(ftemp, line);
-				continue;
-			}
-			found++;
-			break;
-		}
-	}
-	if (found)
-		fprintf(stderr, "Updating ");
-	else
-		fprintf(stderr, "Adding ");
-	fprintf(stderr, "password for user %s\n", user);
-	/*
-	 * Now add the user record we created.
-	 */
-	putline(ftemp, record);
-	/*
-	 * If we're updating an existing file, there may be additional
-	 * records beyond the one we're updating, so copy them.
-	 */
-	if (! newfile) {
-		copy_file(ftemp, fpw);
-		fclose(fpw);
-	}
-	/*
-	 * The temporary file now contains the information that should be
-	 * in the actual password file.  Close the open files, re-open them
-	 * in the appropriate mode, and copy them file to the real one.
-	 */
-	fclose(ftemp);
-	fpw = fopen(pwfilename, "w+");
-	ftemp = fopen(tempfilename, "r");
-	copy_file(fpw, ftemp);
-	fclose(fpw);
-	fclose(ftemp);
-	unlink(tempfilename);
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/support/httpd.exp b/usr.sbin/httpd/src/support/httpd.exp
deleted file mode 100644
index 50ea5a5b7ce..00000000000
--- a/usr.sbin/httpd/src/support/httpd.exp
+++ /dev/null
@@ -1,491 +0,0 @@
-#! .
-ap_MD5Encode
-ap_MD5Final
-ap_MD5Init
-ap_MD5Update
-ap_SHA1Final
-ap_SHA1Init
-ap_SHA1Update_binary
-ap_SHA1Update
-ap_add_cgi_vars
-ap_add_common_vars
-ap_add_file_conf
-ap_add_module
-ap_add_named_module
-ap_add_per_dir_conf
-ap_add_per_url_conf
-ap_add_version_component
-ap_allow_options
-ap_allow_overrides
-ap_append_arrays
-ap_array_cat
-ap_array_pstrcat
-ap_auth_name
-ap_auth_type
-ap_base64encode
-ap_base64encode_binary
-ap_base64encode_len
-ap_base64decode
-ap_base64decode_binary
-ap_base64decode_len
-ap_basic_http_header
-ap_bclose
-ap_bcreate
-ap_bfilbuf
-ap_bfileno
-ap_bflsbuf
-ap_bflush
-ap_bgetopt
-ap_bgets
-ap_bhalfduplex
-ap_bind_address
-ap_block_alarms
-ap_blookc
-ap_bnonblock
-ap_bonerror
-ap_bprintf
-ap_bpushfd
-ap_bputs
-ap_bread
-ap_bsetflag
-ap_bsetopt
-ap_bskiplf
-ap_bspawn_child
-ap_bvputs
-ap_bwrite
-ap_bytes_in_free_blocks
-ap_bytes_in_pool
-ap_call_exec
-ap_can_exec
-ap_cfg_closefile
-ap_cfg_getc
-ap_cfg_getline
-ap_chdir_file
-ap_check_access
-ap_check_auth
-ap_check_cmd_context
-ap_check_user_id
-ap_checkmask
-ap_child_exit_modules
-ap_child_init_modules
-ap_child_terminate
-ap_cleanup_for_exec
-ap_clear_module_list
-ap_clear_pool
-ap_clear_table
-ap_close_piped_log
-ap_configtestonly
-ap_construct_server
-ap_construct_url
-ap_content_type_tolower
-ap_copy_array
-ap_copy_array_hdr
-ap_copy_table
-ap_core_reorder_directories
-ap_coredump_dir
-ap_count_dirs
-ap_cpystrn
-ap_create_environment
-ap_create_per_dir_config
-ap_create_request_config
-ap_custom_response
-ap_daemons_limit
-ap_daemons_max_free
-ap_daemons_min_free
-ap_daemons_to_start
-ap_day_snames
-ap_default_port_for_request
-ap_default_port_for_scheme
-ap_default_type
-ap_destroy_pool
-ap_destroy_sub_req
-ap_die
-ap_discard_request_body
-ap_document_root
-ap_dummy_mutex
-ap_each_byterange
-ap_error_log2stderr
-ap_escape_html
-ap_escape_logitem
-ap_escape_path_segment
-ap_escape_quotes
-ap_escape_shell_cmd
-ap_excess_requests_per_child
-ap_exists_config_define
-ap_exists_scoreboard_image
-ap_extended_status
-ap_field_noparam
-ap_finalize_request_protocol
-ap_finalize_sub_req_protocol
-ap_find_command
-ap_find_command_in_modules
-ap_find_last_token
-ap_find_linked_module
-ap_find_list_item
-ap_find_module_name
-ap_find_path_info
-ap_find_token
-ap_find_types
-ap_fini_vhost_config
-ap_fnmatch
-ap_force_library_loading
-ap_get_basic_auth_pw
-ap_get_chunk_size
-ap_get_client_block
-ap_get_gmtoff
-ap_get_list_item
-ap_get_local_host
-ap_get_remote_host
-ap_get_remote_logname
-ap_get_server_built
-ap_get_server_name
-ap_get_server_port
-ap_get_server_version
-ap_get_time
-ap_get_token
-ap_get_virthost_addr
-ap_getline
-ap_getparents
-ap_getword
-ap_getword_conf
-ap_getword_conf_nc
-ap_getword_nc
-ap_getword_nulls
-ap_getword_nulls_nc
-ap_getword_white
-ap_getword_white_nc
-ap_gm_timestr_822
-ap_gname2id
-ap_group_id
-ap_handle_command
-ap_hard_timeout
-ap_header_parse
-ap_ht_time
-ap_ind
-ap_index_of_response
-ap_init_alloc
-ap_init_modules
-ap_init_vhost_config
-ap_init_virtual_host
-ap_internal_redirect
-ap_internal_redirect_handler
-ap_invoke_handler
-ap_is_directory
-ap_is_fnmatch
-ap_is_initial_req
-ap_is_matchexp
-ap_is_rdirectory
-ap_is_url
-ap_keepalive_timeout
-ap_kill_cleanup
-ap_kill_cleanups_for_fd
-ap_kill_cleanups_for_socket
-ap_kill_timeout
-ap_limit_section
-ap_listenbacklog
-ap_listeners
-ap_lock_fname
-ap_log_assert
-ap_log_error
-ap_log_error_old
-ap_log_pid
-ap_log_printf
-ap_log_reason
-ap_log_rerror
-ap_log_transaction
-ap_log_unixerr
-ap_make_array
-ap_make_dirstr
-ap_make_dirstr_parent
-ap_make_dirstr_prefix
-ap_make_etag
-ap_make_full_path
-ap_make_sub_pool
-ap_make_table
-ap_matches_request_vhost
-ap_max_requests_per_child
-ap_max_cpu_per_child
-ap_max_data_per_child
-ap_max_nofile_per_child
-ap_max_rss_per_child
-ap_max_stack_per_child
-ap_md5
-ap_md5contextTo64
-ap_md5digest
-ap_meets_conditions
-ap_merge_per_dir_configs
-ap_method_number_of
-ap_month_snames
-ap_my_generation
-ap_no2slash
-ap_note_auth_failure
-ap_note_basic_auth_failure
-ap_note_cleanups_for_fd
-ap_note_cleanups_for_file
-ap_note_cleanups_for_socket
-ap_note_digest_auth_failure
-ap_note_subprocess
-ap_null_cleanup
-ap_open_logs
-ap_open_piped_log
-ap_os_escape_path
-ap_os_is_path_absolute
-ap_overlay_tables
-ap_overlap_tables
-ap_palloc
-ap_parseHTTPdate
-ap_parse_hostinfo_components
-ap_parse_htaccess
-ap_parse_uri
-ap_parse_uri_components
-ap_parse_vhost_addrs
-ap_pbase64decode
-ap_pbase64encode
-ap_pcalloc
-ap_pcfg_open_custom
-ap_pcfg_openfile
-ap_pclosedir
-ap_pclosef
-ap_pclosesocket
-ap_pduphostent
-ap_pfclose
-ap_pfdopen
-ap_pfopen
-ap_pgethostbyname
-ap_pid_fname
-ap_popendir
-ap_popenf
-ap_popenf_ex
-ap_pregcomp
-ap_pregfree
-ap_pregsub
-ap_prelinked_modules
-ap_preloaded_modules
-ap_process_request
-ap_process_resource_config
-ap_psignature
-ap_psocket
-ap_psocket_ex
-ap_psprintf
-ap_pstrcat
-ap_pstrdup
-ap_pstrndup
-ap_push_array
-ap_pvsprintf
-ap_rationalize_mtime
-ap_read_config
-ap_read_request
-ap_regerror
-ap_regexec
-ap_register_cleanup
-ap_register_other_child
-ap_remove_module
-ap_remove_spaces
-ap_requires
-ap_reset_timeout
-ap_response_code_string
-ap_restart_time
-ap_rfc1413
-ap_rfc1413_timeout
-ap_rflush
-ap_rind
-ap_rprintf
-ap_rputc
-ap_rputs
-ap_run_cleanup
-ap_run_fixups
-ap_run_post_read_request
-ap_run_sub_req
-ap_rvputs
-ap_rwrite
-ap_satisfies
-ap_scan_script_header_err
-ap_scan_script_header_err_buff
-ap_scan_script_header_err_strs
-ap_scoreboard_fname
-ap_scoreboard_image
-ap_send_error_response
-ap_send_fb
-ap_send_fb_length
-ap_send_fd
-ap_send_fd_length
-ap_send_header_field
-ap_send_http_header
-ap_send_http_options
-ap_send_http_trace
-ap_send_mmap
-ap_send_size
-ap_server_argv0
-ap_server_config_defines
-ap_server_confname
-ap_server_post_read_config
-ap_server_pre_read_config
-ap_server_root
-ap_server_root_relative
-ap_set_byterange
-ap_set_callback_and_alarm
-ap_set_config_vectors
-ap_set_content_length
-ap_set_etag
-ap_set_file_slot
-ap_set_flag_slot
-ap_set_keepalive
-ap_set_last_modified
-ap_set_name_virtual_host
-ap_set_string_slot
-ap_set_string_slot_lower
-ap_set_sub_req_protocol
-ap_setup_client_block
-ap_setup_prelinked_modules
-ap_sha1_base64
-ap_should_client_block
-ap_show_directives
-ap_show_modules
-ap_signal
-ap_single_module_configure
-ap_size_list_item
-ap_slack
-ap_snprintf
-ap_soft_timeout
-ap_some_auth_required
-ap_spawn_child
-ap_srm_command_loop
-ap_standalone
-ap_start_restart
-ap_start_shutdown
-ap_str_tolower
-ap_strcasecmp_match
-ap_strcasestr
-ap_strcmp_match
-ap_stripprefix
-ap_strtol
-ap_sub_req_lookup_file
-ap_sub_req_lookup_uri
-ap_sub_req_method_uri
-ap_suexec_enabled
-ap_sys_siglist
-ap_table_add
-ap_table_addn
-ap_table_do
-ap_table_get
-ap_table_merge
-ap_table_mergen
-ap_table_set
-ap_table_setn
-ap_table_unset
-ap_threads_per_child
-ap_tm2sec
-ap_to64
-ap_translate_name
-ap_uname2id
-ap_unblock_alarms
-ap_unescape_url
-ap_unparse_uri_components
-ap_unregister_other_child
-ap_update_child_status
-ap_update_mtime
-ap_update_vhost_from_headers
-ap_update_vhost_given_ip
-ap_user_id
-ap_user_name
-ap_util_init
-ap_util_uri_init
-ap_uudecode
-ap_uuencode
-ap_validate_password
-ap_vbprintf
-ap_vformatter
-ap_vrprintf
-ap_vsnprintf
-core_module
-top_module
-XML_DefaultCurrent
-XML_ErrorString
-XML_ExternalEntityParserCreate
-XML_GetBase
-XML_GetBuffer
-XML_GetCurrentByteCount
-XML_GetCurrentByteIndex
-XML_GetCurrentColumnNumber
-XML_GetCurrentLineNumber
-XML_GetErrorCode
-XML_GetSpecifiedAttributeCount
-XML_Parse
-XML_ParseBuffer
-XML_ParserCreate
-XML_ParserCreateNS
-XML_ParserFree
-XML_SetBase
-XML_SetCdataSectionHandler
-XML_SetCharacterDataHandler
-XML_SetCommentHandler
-XML_SetDefaultHandler
-XML_SetDefaultHandlerExpand
-XML_SetElementHandler
-XML_SetEncoding
-XML_SetExternalEntityRefHandler
-XML_SetExternalEntityRefHandlerArg
-XML_SetNamespaceDeclHandler
-XML_SetNotStandaloneHandler
-XML_SetNotationDeclHandler
-XML_SetProcessingInstructionHandler
-XML_SetUnknownEncodingHandler
-XML_SetUnparsedEntityDeclHandler
-XML_SetUserData
-XML_UseParserAsHandlerArg
-ap_add_config_define
-ap_make_shared_sub_pool
-ap_global_ctx
-ap_ctx_new
-ap_ctx_get
-ap_ctx_set
-ap_hook_init
-ap_hook_kill
-ap_hook_configure
-ap_hook_register_I
-ap_hook_unregister_I
-ap_hook_status
-ap_hook_use
-ap_hook_call
-ap_mm_useable
-ap_MM_create
-ap_MM_permission
-ap_MM_destroy
-ap_MM_lock
-ap_MM_unlock
-ap_MM_malloc
-ap_MM_realloc
-ap_MM_free
-ap_MM_calloc
-ap_MM_strdup
-ap_MM_sizeof
-ap_MM_maxsize
-ap_MM_available
-ap_MM_error
-ap_mm_create
-ap_mm_permission
-ap_mm_destroy
-ap_mm_lock
-ap_mm_unlock
-ap_mm_malloc
-ap_mm_realloc
-ap_mm_free
-ap_mm_calloc
-ap_mm_strdup
-ap_mm_sizeof
-ap_mm_maxsize
-ap_mm_available
-ap_mm_error
-ap_mm_display_info
-ap_mm_core_create
-ap_mm_core_permission
-ap_mm_core_delete
-ap_mm_core_size
-ap_mm_core_lock
-ap_mm_core_unlock
-ap_mm_core_maxsegsize
-ap_mm_core_align2page
-ap_mm_core_align2word
-ap_mm_lib_error_set
-ap_mm_lib_error_get
-ap_mm_lib_version
diff --git a/usr.sbin/httpd/src/support/log_server_status b/usr.sbin/httpd/src/support/log_server_status
deleted file mode 100644
index 573e3aa2911..00000000000
--- a/usr.sbin/httpd/src/support/log_server_status
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/usr/local/bin/perl
-
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-
-
-# Log Server Status
-# Mark J Cox, UK Web Ltd 1996, mark@ukweb.com
-#
-# This script is designed to be run at a frequent interval by something
-# like cron.  It connects to the server and downloads the status
-# information.  It reformats the information to a single line and logs
-# it to a file.  Make sure the directory $wherelog is writable by the
-# user who runs this script.
-#
-require 'sys/socket.ph';
-
-$wherelog = "/var/log/graph/";  # Logs will be like "/var/log/graph/19960312"
-$server = "localhost";          # Name of server, could be "www.foo.com"
-$port = "80";                   # Port on server
-$request = "/status/?auto";     # Request to send
-
-sub tcp_connect
-{
-	local($host,$port) =@_;
-        $sockaddr='S n a4 x8';
-        chop($hostname=`hostname`);
-        $port=(getservbyname($port, 'tcp'))[2]  unless $port =~ /^\d+$/;
-        $me=pack($sockaddr,&AF_INET,0,(gethostbyname($hostname))[4]);
-        $them=pack($sockaddr,&AF_INET,$port,(gethostbyname($host))[4]);
-        socket(S,&PF_INET,&SOCK_STREAM,(getprotobyname('tcp'))[2]) || 
-		die "socket: $!";
-        bind(S,$me) || return "bind: $!";
-        connect(S,$them) || return "connect: $!";
-        select(S); 
-	$| = 1; 
-	select(stdout);
-	return "";
-}
-
-### Main
-
-{
-        $year=`date +%y`;
-	chomp($year);
-	$year += ($year < 70) ? 2000 : 1900;
-	$date = $year . `date +%m%d:%H%M%S`;
-	chomp($date);
-	($day,$time)=split(/:/,$date);
-	$res=&tcp_connect($server,$port);
-	open(OUT,">>$wherelog$day");
-	if ($res) {
-		print OUT "$time:-1:-1:-1:-1:$res\n";
-		exit 1;
-	}
-	print S "GET $request\n";
-	while (<S>) {
-		$requests=$1 if ( m|^BusyServers:\ (\S+)|);
-		$idle=$1 if ( m|^IdleServers:\ (\S+)|);
-		$number=$1 if ( m|sses:\ (\S+)|);
-		$cpu=$1 if (m|^CPULoad:\ (\S+)|);
-	}
-	print OUT "$time:$requests:$idle:$number:$cpu\n";
-}
-
-
diff --git a/usr.sbin/httpd/src/support/logresolve.8 b/usr.sbin/httpd/src/support/logresolve.8
deleted file mode 100644
index c82b971925a..00000000000
--- a/usr.sbin/httpd/src/support/logresolve.8
+++ /dev/null
@@ -1,100 +0,0 @@
-.\"	$OpenBSD: logresolve.8,v 1.10 2007/05/31 19:20:24 jmc Exp $
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" <http://www.apache.org/>.
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: May 31 2007 $
-.Dt LOGRESOLVE 8
-.Os
-.Sh NAME
-.Nm logresolve
-.Nd resolve hostnames for IP addresses in Apache logfiles
-.Sh SYNOPSIS
-.Nm logresolve
-.Op Fl c
-.Op Fl s Ar filename
-\*(Lt
-.Ar access_log
-\*(Gt
-.Ar access_log.new
-.Sh DESCRIPTION
-.Nm
-is a post-processing program to resolve IP addresses in
-.Xr httpd 8 Ns 's
-access logfiles.
-To minimize impact on the nameserver,
-.Nm
-has its very own internal hash-table cache.
-This means that each IP number will only be looked up the first time it
-is found in the log file.
-.Pp
-The following options are supported:
-.Bl -tag -width "-s filenameXX"
-.It Fl c
-This causes
-.Nm
-to apply some DNS checks:
-after finding the hostname from the IP address, it looks up the IP
-addresses for the hostname and checks that one of them matches the
-original address.
-.It Fl s Ar filename
-Specifies the
-.Ar filename
-to record statistics.
-.El
-.Sh SEE ALSO
-.Xr httpd 8 ,
-.Xr rotatelogs 8
diff --git a/usr.sbin/httpd/src/support/logresolve.c b/usr.sbin/httpd/src/support/logresolve.c
deleted file mode 100644
index 09da8474dae..00000000000
--- a/usr.sbin/httpd/src/support/logresolve.c
+++ /dev/null
@@ -1,357 +0,0 @@
-/*	$OpenBSD: logresolve.c,v 1.16 2012/03/04 04:05:15 fgsch Exp $	*/
-
-/*
- * logresolve 1.1
- *
- * Tom Rathborne - tomr@aceldama.com - http://www.aceldama.com/~tomr/
- * UUNET Canada, April 16, 1995
- *
- * Rewritten by David Robinson. (drtr@ast.cam.ac.uk)
- *
- * usage: logresolve [-c] [-s filename] < access_log > access_log.new
- *
- * Arguments:
- *    -s filename     name of a file to record statistics
- *    -c              check the DNS for a matching A record for the host.
- *
- * Notes:
- *
- * To generate meaningful statistics from an HTTPD log file, it's good
- * to have the domain name of each machine that accessed your site, but
- * doing this on the fly can slow HTTPD down.
- *
- * Compiling NCSA HTTPD with the -DMINIMAL_DNS flag turns IP#->hostname
- * resolution off. Before running your stats program, just run your log
- * file through this program (logresolve) and all of your IP numbers will
- * be resolved into hostnames (where possible).
- *
- * logresolve takes an HTTPD access log (in the COMMON log file format,
- * or any other format that has the IP number/domain name as the first
- * field for that matter), and outputs the same file with all of the
- * domain names looked up. Where no domain name can be found, the IP
- * number is left in.
- *
- * To minimize impact on your nameserver, logresolve has its very own
- * internal hash-table cache. This means that each IP number will only
- * be looked up the first time it is found in the log file.
- *
- * The -c option causes logresolve to apply the same check as httpd
- * compiled with -DMAXIMUM_DNS; after finding the hostname from the IP
- * address, it looks up the IP addresses for the hostname and checks
- * that one of these matches the original address.
- */
-
-#include "ap_config.h"
-#include <sys/types.h>
-
-#include <ctype.h>
-
-#include <arpa/inet.h>
-
-static void cgethost(struct sockaddr *sa, char *string, int check);
-static int get_line(char *s, int n);
-static void stats(FILE *output);
-static void usage(void);
-
-
-/* maximum line length */
-#define MAXLINE 1024
-
-/* maximum length of a domain name */
-#ifndef MAXDNAME
-#define MAXDNAME 256
-#endif
-
-/* number of buckets in cache hash table */
-#define BUCKETS 256
-
-/*
- * struct nsrec - record of nameservice for cache linked list
- * 
- * ipnum - IP number hostname - hostname noname - nonzero if IP number has no
- * hostname, i.e. hostname=IP number
- */
-struct nsrec {
-	struct sockaddr_storage	 addr;
-	char			*hostname;
-	int			 noname;
-	struct nsrec		*next;
-} *nscache[BUCKETS];
-
-/* statistics - obvious */
-
-#if !defined(h_errno)
-extern int h_errno; /* some machines don't have this in their headers */
-#endif
-
-/* largest value for h_errno */
-#define MAX_ERR (NO_ADDRESS)
-#define UNKNOWN_ERR (MAX_ERR+1)
-#define NO_REVERSE  (MAX_ERR+2)
-
-static int cachehits = 0;
-static int cachesize = 0;
-static int entries = 0;
-static int resolves = 0;
-static int withname = 0;
-static int errors[MAX_ERR + 3];
-
-/*
- * cgethost - gets hostname by IP address, caching, and adding unresolvable
- * IP numbers with their IP number as hostname, setting noname flag
- */
-static void
-cgethost(struct sockaddr *sa, char *string, int check)
-{
-	uint32_t hashval;
-	struct sockaddr_in *sin;
-	struct sockaddr_in6 *sin6;
-	struct nsrec **current, *new;
-	char *name;
-	char hostnamebuf[MAXHOSTNAMELEN];
-
-	switch (sa->sa_family) {
-	case AF_INET:
-		hashval = ((struct sockaddr_in *)sa)->sin_addr.s_addr;
-		break;
-	case AF_INET6:
-		hashval = *(uint32_t *)&(
-		    (struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[12];
-		break;
-	default:
-		hashval = 0;
-		break;
-	}
-
-	current = &nscache[((hashval + (hashval >> 8) +
-	    (hashval >> 16) + (hashval >> 24)) % BUCKETS)];
-
-	while (*current) {
-		if (sa->sa_len == (*current)->addr.ss_len
-		    && memcmp(sa, &(*current)->addr, sa->sa_len) == 0)
-			break;
-
-		current = &(*current)->next;
-	}
-
-	if (*current == NULL) {
-		cachesize++;
-		new = (struct nsrec *)malloc(sizeof(struct nsrec));
-		if (new == NULL) {
-			perror("malloc");
-			fprintf(stderr, "Insufficient memory\n");
-			exit(1);
-		}
-		*current = new;
-		new->next = NULL;
-
-		memcpy(&new->addr, sa, sa->sa_len);
-
-		new->noname = getnameinfo(sa, sa->sa_len, hostnamebuf,
-		    sizeof(hostnamebuf), NULL, 0, 0);
-		name = strdup(hostnamebuf);
-		if (check) {
-			struct addrinfo hints, *res;
-			int error;
-			memset(&hints, 0, sizeof(hints));
-			hints.ai_family = PF_UNSPEC;
-			error = getaddrinfo(hostnamebuf, NULL, &hints, &res);
-			if (!error) {
-				while (res) {
-					if (sa->sa_len == res->ai_addrlen
-					    && memcmp(sa, res->ai_addr,
-					    sa->sa_len) == 0)
-						break;
-
-					res = res->ai_next;
-				}
-				if (!res)
-					error++;
-			}
-			if (error) {
-				getnameinfo(sa,	sa->sa_len, hostnamebuf,
-				    sizeof(hostnamebuf), NULL, 0,
-				    NI_NUMERICHOST);
-				fprintf(stderr, "Bad host: %s != %s\n", name,
-				    hostnamebuf);
-				new->noname = NO_REVERSE;
-				free(name);
-				name = strdup(hostnamebuf);
-			}
-		}
-		new->hostname = name;
-		if (new->hostname == NULL) {
-			perror("strdup");
-			fprintf(stderr, "Insufficient memory\n");
-			exit(1);
-		}
-	}
-	else
-		cachehits++;
-
-	/* size of string == MAXDNAME +1 */
-	strncpy(string, (*current)->hostname, MAXDNAME);
-	string[MAXDNAME] = '\0';
-}
-
-/* prints various statistics to output */
-static void
-stats(FILE *output)
-{
-	int i;
-	char *ipstring;
-	struct nsrec *current;
-	char *errstring[MAX_ERR + 3];
-	char hostnamebuf[MAXHOSTNAMELEN];
-
-	for (i = 0; i < MAX_ERR + 3; i++)
-		errstring[i] = "Unknown error";
-	errstring[HOST_NOT_FOUND] = "Host not found";
-	errstring[TRY_AGAIN] = "Try again";
-	errstring[NO_RECOVERY] = "Non recoverable error";
-	errstring[NO_DATA] = "No data record";
-	errstring[NO_ADDRESS] = "No address";
-	errstring[NO_REVERSE] = "No reverse entry";
-
-	fprintf(output, "logresolve Statistics:\n");
-
-	fprintf(output, "Entries: %d\n", entries);
-	fprintf(output, "    With name   : %d\n", withname);
-	fprintf(output, "    Resolves    : %d\n", resolves);
-	if (errors[HOST_NOT_FOUND])
-		fprintf(output, "    - Not found : %d\n",
-		    errors[HOST_NOT_FOUND]);
-	if (errors[TRY_AGAIN])
-		fprintf(output, "    - Try again : %d\n", errors[TRY_AGAIN]);
-	if (errors[NO_DATA])
-		fprintf(output, "    - No data   : %d\n", errors[NO_DATA]);
-	if (errors[NO_ADDRESS])
-		fprintf(output, "    - No address: %d\n", errors[NO_ADDRESS]);
-	if (errors[NO_REVERSE])
-		fprintf(output, "    - No reverse: %d\n", errors[NO_REVERSE]);
-	fprintf(output, "Cache hits      : %d\n", cachehits);
-	fprintf(output, "Cache size      : %d\n", cachesize);
-	fprintf(output, "Cache buckets   :     IP number * hostname\n");
-
-	for (i = 0; i < BUCKETS; i++)
-		for (current = nscache[i]; current != NULL;
-		    current = current->next) {
-			getnameinfo((struct sockaddr *)&current->addr,
-			    current->addr.ss_len, hostnamebuf,
-			    sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
-			ipstring = hostnamebuf;
-			if (current->noname == 0)
-				fprintf(output, "  %3d  %15s - %s\n", i,
-				    ipstring, current->hostname);
-			else {
-				if (current->noname > MAX_ERR + 2)
-					fprintf(output, "  %3d  %15s : Unknown "
-					    "error\n", i, ipstring);
-				else
-					fprintf(output, "  %3d  %15s : %s\n",
-					    i, ipstring,
-				errstring[current->noname]);
-			}
-		}
-}
-
-
-/*gets a line from stdin */
-static int
-get_line(char *s, int n)
-{
-	if (!fgets(s, n, stdin))
-		return (0);
-	s[strcspn(s, "\n")] = '\0';
-	return (1);
-}
-
-static void
-usage(void)
-{
-	fprintf(stderr, "usage: logresolve [-c] [-s filename] < access_log "
-	    "> access_log.new\n");
-	exit(1);
-}
-
-int main
-(int argc, char *argv[])
-{
-	char *bar, hoststring[MAXDNAME + 1], line[MAXLINE], *statfile;
-	int i, check;
-	struct addrinfo hints, *res;
-	int error;
-	int ch;
-
-	check = 0;
-	statfile = NULL;
-	while ((ch = getopt(argc, argv, "s:c")) != -1) {
-		switch (ch) {
-		case 'c':
-			check = 1;
-			break;
-		case 's':
-			statfile = optarg;
-			break;
-		default:
-			usage();
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-	if (argc > 0)
-		usage();
-
-	for (i = 0; i < BUCKETS; i++)
-		nscache[i] = NULL;
-	for (i = 0; i < MAX_ERR + 2; i++)
-		errors[i] = 0;
-
-	while (get_line(line, MAXLINE)) {
-		if (line[0] == '\0')
-			continue;
-		entries++;
-		if (!isdigit((int)line[0])) {	/* short cut */
-			puts(line);
-			withname++;
-			continue;
-		}
-		bar = strchr(line, ' ');
-		if (bar != NULL)
-			*bar = '\0';
-		memset(&hints, 0, sizeof(hints));
-		hints.ai_family = PF_UNSPEC;
-		error = getaddrinfo(line, NULL, &hints, &res);
-		if (error) {
-			if (bar != NULL)
-			*bar = ' ';
-			puts(line);
-			withname++;
-			continue;
-		}
-
-		resolves++;
-
-		cgethost(res->ai_addr, hoststring, check);
-		if (bar != NULL)
-			printf("%s %s\n", hoststring, bar + 1);
-		else
-			puts(hoststring);
-		freeaddrinfo(res);
-	}
-
-	if (statfile != NULL) {
-		FILE *fp;
-		fp = fopen(statfile, "w");
-		if (fp == NULL) {
-			fprintf(stderr, "logresolve: could not open statistics "
-			    "file '%s'\n", statfile);
-			exit(1);
-		}
-		stats(fp);
-		fclose(fp);
-	}
-
-	return (0);
-}
diff --git a/usr.sbin/httpd/src/support/logresolve.pl b/usr.sbin/httpd/src/support/logresolve.pl
deleted file mode 100644
index 53d0736aee6..00000000000
--- a/usr.sbin/httpd/src/support/logresolve.pl
+++ /dev/null
@@ -1,267 +0,0 @@
-#!/usr/local/bin/perl
-
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-
-# logresolve.pl
-#
-# v 1.2 by robh @ imdb.com
-# 
-# usage: logresolve.pl <infile >outfile
-#
-# input = Apache/NCSA/.. logfile with IP numbers at start of lines
-# output = same logfile with IP addresses resolved to hostnames where
-#  name lookups succeeded.
-#
-# this differs from the C based 'logresolve' in that this script
-# spawns a number ($CHILDREN) of subprocesses to resolve addresses
-# concurrently and sets a short timeout ($TIMEOUT) for each lookup in
-# order to keep things moving quickly.
-#
-# the parent process handles caching of IP->hostnames using a Perl hash
-# it also avoids sending the same IP to multiple child processes to be
-# resolved multiple times concurrently.
-#
-# Depending on the settings of $CHILDREN and $TIMEOUT you should see
-# significant reductions in the overall time taken to resolve your
-# logfiles. With $CHILDREN=40 and $TIMEOUT=5 I've seen 200,000 - 300,000
-# logfile lines processed per hour compared to ~45,000 per hour
-# with 'logresolve'.
-#
-# I haven't yet seen any noticable reduction in the percentage of IPs
-# that fail to get resolved. Your mileage will no doubt vary. 5s is long
-# enough to wait IMO.
-#
-# Known to work with FreeBSD 2.2
-# Known to have problems with Solaris
-#
-# 980417 - use 'sockaddr_un' for bind/connect to make the script work
-#  with linux. Fix from Luuk de Boer <luuk_de_boer@pi.net>
-
-require 5.004;
-
-$|=1;
-
-use FileHandle;
-use Socket;
-
-use strict;
-no strict 'refs';
-
-use vars qw($PROTOCOL);
-$PROTOCOL = 0;
-
-my $CHILDREN = 40;
-my $TIMEOUT  = 5;
-
-my $filename;
-my %hash = ();
-my $parent = $$;
-
-my @children = ();
-for (my $child = 1; $child <=$CHILDREN; $child++) {
-	my $f = fork();	
-	if (!$f) {
-		$filename = "./.socket.$parent.$child";
-		if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";}
-		&child($child);
-		exit(0);
-	}
-	push(@children, $f);
-}
-
-&parent;
-&cleanup;
-
-## remove all temporary files before shutting down
-sub cleanup {
-	 # die kiddies, die
-	kill(15, @children);
-	for (my $child = 1; $child <=$CHILDREN; $child++) {
-		if (-e "./.socket.$parent.$child") {
-			unlink("./.socket.$parent.$child")
-				|| warn ".socket.$parent.$child $!";
-		}
-	}
-}
-	
-sub parent {
-	# Trap some possible signals to trigger temp file cleanup
-	$SIG{'KILL'} = $SIG{'INT'} = $SIG{'PIPE'} = \&cleanup;
-
-	my %CHILDSOCK;
-	my $filename;
- 
-	 ## fork child processes. Each child will create a socket connection
-	 ## to this parent and use an unique temp filename to do so.
-	for (my $child = 1; $child <=$CHILDREN; $child++) {
-		$CHILDSOCK{$child}= FileHandle->new;
-
-		if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) {
-			warn "parent socket to child failed $!";
-		}
-		$filename = "./.socket.$parent.$child";
-		my $response;
-		do {
-			$response = connect($CHILDSOCK{$child}, sockaddr_un($filename));
-			if ($response != 1) {
-				sleep(1);
-			}                       
-		} while ($response != 1);
-		$CHILDSOCK{$child}->autoflush;
-	}
-	## All child processes should now be ready or at worst warming up 
-
-	my (@buffer, $child, $ip, $rest, $hostname, $response);
-	 ## read the logfile lines from STDIN
-	while(<STDIN>) {
-		@buffer = ();	# empty the logfile line buffer array.
-		$child = 1;		# children are numbered 1..N, start with #1
-
-		# while we have a child to talk to and data to give it..
-		do {
-			push(@buffer, $_);					# buffer the line
-			($ip, $rest) = split(/ /, $_, 2);	# separate IP form rest
-
-			unless ($hash{$ip}) {				# resolve if unseen IP
-				$CHILDSOCK{$child}->print("$ip\n"); # pass IP to next child
-				$hash{$ip} = $ip;				# don't look it up again.
-				$child++;
-			}
-		} while (($child < ($CHILDREN-1)) and ($_ = <STDIN>));
-
-		 ## now poll each child for a response
-		while (--$child > 0) { 
-			$response = $CHILDSOCK{$child}->getline;
-			chomp($response);
-			 # child sends us back both the IP and HOSTNAME, no need for us
-			 # to remember what child received any given IP, and no worries
-			 # what order we talk to the children
-			($ip, $hostname) = split(/\|/, $response, 2);
-			$hash{$ip} = $hostname;
-		}
-
-		 # resolve all the logfiles lines held in the log buffer array..
-		for (my $line = 0; $line <=$#buffer; $line++) {
-			 # get next buffered line
-			($ip, $rest) = split(/ /, $buffer[$line], 2);
-			 # separate IP from rest and replace with cached hostname
-			printf STDOUT ("%s %s", $hash{$ip}, $rest);
-		}
-	}
-}
-
-########################################
-
-sub child {
-	 # arg = numeric ID - how the parent refers to me
-	my $me = shift;
-
-	 # add trap for alarm signals.
-	$SIG{'ALRM'} = sub { die "alarmed"; };
-
-	 # create a socket to communicate with parent
-	socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL)
-		|| die "Error with Socket: !$\n";
-	$filename = "./.socket.$parent.$me";
-	bind(INBOUND, sockaddr_un($filename))
-		|| die "Error Binding $filename: $!\n";
-	listen(INBOUND, 5) || die "Error Listening: $!\n";
-
-	my ($ip, $send_back);
-	my $talk = FileHandle->new;
-
-	 # accept a connection from the parent process. We only ever have
-	 # have one connection where we exchange 1 line of info with the
-	 # parent.. 1 line in (IP address), 1 line out (IP + hostname).
-	accept($talk, INBOUND) || die "Error Accepting: $!\n";
-	 # disable I/O buffering just in case
-	$talk->autoflush;
-	 # while the parent keeps sending data, we keep responding..
-	while(($ip = $talk->getline)) {
-		chomp($ip);
-		 # resolve the IP if time permits and send back what we found..
-		$send_back = sprintf("%s|%s", $ip, &nslookup($ip));
-		$talk->print($send_back."\n");
-	}
-}
-
-# perform a time restricted hostname lookup.
-sub nslookup {
-	 # get the IP as an arg
-	my $ip = shift;
-	my $hostname = undef;
-
-	 # do the hostname lookup inside an eval. The eval will use the
-	 # already configured SIGnal handler and drop out of the {} block
-	 # regardless of whether the alarm occured or not.
-	eval {
-		alarm($TIMEOUT);
-		$hostname = gethostbyaddr(gethostbyname($ip), AF_INET);
-		alarm(0);
-	};
-	if ($@ =~ /alarm/) {
-		 # useful for debugging perhaps..
-		# print "alarming, isn't it? ($ip)";
-	}
-
-	 # return the hostname or the IP address itself if there is no hostname
-	$hostname ne "" ? $hostname : $ip;
-}
-
-
diff --git a/usr.sbin/httpd/src/support/mkcert.sh b/usr.sbin/httpd/src/support/mkcert.sh
deleted file mode 100644
index a9d3c8599f5..00000000000
--- a/usr.sbin/httpd/src/support/mkcert.sh
+++ /dev/null
@@ -1,855 +0,0 @@
-#!/bin/sh
-##
-##  mkcert.sh -- SSL Certificate Generation Utility
-##  Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved. 
-##
-
-#   parameters
-make="$1"
-mflags="$2"
-openssl="$3"
-support="$4"
-type="$5"
-algo="$6"
-crt="$7"
-key="$8"
-view="$9"
-
-#   we can operate only inside the Apache 1.3 source
-#   tree and only when mod_ssl+OpenSSL is actually configured.
-if [ ! -f "../README.configure" ]; then
-    echo "mkcert.sh:Error: Cannot operate outside the Apache 1.3 source tree." 1>&2
-    echo "mkcert.sh:Hint:  You have to stay inside apache_1.3.x/src." 1>&2
-    exit 1
-fi
-if [ ".$openssl" = . ]; then
-    echo "mkcert.sh:Error: mod_ssl/OpenSSL has to be configured before using this utility." 1>&2
-    echo "mkcert.sh:Hint:  Configure mod_ssl with --enable-module=ssl in APACI, first." 1>&2
-    exit 1
-fi
-
-#   configuration
-#   WE ARE CALLED FROM THE PARENT DIR!
-sslcrtdir="../conf/ssl.crt"
-sslcsrdir="../conf/ssl.csr"
-sslkeydir="../conf/ssl.key"
-sslprmdir="../conf/ssl.prm"
-
-#   some optional terminal sequences
-case $TERM in
-    xterm|xterm*|vt220|vt220*)
-        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
-        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
-        ;;
-    vt100|vt100*)
-        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
-        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
-        ;;
-    default)
-        T_MD=''
-        T_ME=''
-        ;;
-esac
-
-#   display header
-echo "${T_MD}SSL Certificate Generation Utility${T_ME} (mkcert.sh)"
-echo "Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved."
-
-#   on request view certificates only
-if [ ".$view" != . ]; then
-    if [ -f "$sslcrtdir/ca.crt" -a -f "$sslkeydir/ca.key" ]; then
-        echo ""
-        echo "${T_MD}CA X.509 Certificate${T_ME} [ca.crt]"
-        echo "______________________________________________________________________"
-        $openssl x509 -noout -text -in $sslcrtdir/ca.crt
-        echo ""
-        if [ ".`$openssl x509 -noout -text -in $sslcrtdir/ca.crt | grep 'Signature Algorithm' | grep -i RSA`" != . ]; then
-            echo "${T_MD}CA RSA Private Key${T_ME} [ca.key]"
-            echo "______________________________________________________________________"
-            $openssl rsa -noout -text -in $sslkeydir/ca.key
-        else
-            echo "${T_MD}CA DSA Private Key${T_ME} [ca.key]"
-            echo "______________________________________________________________________"
-            $openssl dsa -noout -text -in $sslkeydir/ca.key
-        fi
-    fi
-    if [ -f "$sslcrtdir/server.crt" -a -f "$sslkeydir/server.key" ]; then
-        echo ""
-        echo "${T_MD}Server X.509 Certificate${T_ME} [server.crt]"
-        echo "______________________________________________________________________"
-        $openssl x509 -noout -text -in $sslcrtdir/server.crt
-        echo ""
-        if [ ".`$openssl x509 -noout -text -in $sslcrtdir/server.crt | grep 'Signature Algorithm' | grep -i RSA`" != . ]; then
-            echo "${T_MD}Server RSA Private Key${T_ME} [server.key]"
-            echo "______________________________________________________________________"
-            $openssl rsa -noout -text -in $sslkeydir/server.key
-        else
-            echo "${T_MD}Server DSA Private Key${T_ME} [server.key]"
-            echo "______________________________________________________________________"
-            $openssl dsa -noout -text -in $sslkeydir/server.key
-        fi
-    fi
-    exit 0
-fi
-
-#   find some random files
-#   (do not use /dev/random here, because this device 
-#   doesn't work as expected on all platforms)
-randfiles=''
-for file in /var/log/messages /var/adm/messages /var/log/system.log /var/wtmp \
-            /kernel /kernel/genunix /vmunix /vmlinuz /mach \
-            /etc/hosts /etc/group /etc/resolv.conf /bin/ls; do
-    if [ -r $file ]; then
-        if [ ".$randfiles" = . ]; then
-            randfiles="$file"
-        else
-            randfiles="${randfiles}:$file"
-        fi
-    fi
-done
-
-#   initialize random file
-if [ -f $HOME/.rnd ]; then
-    RANDFILE="$HOME/.rnd"
-else
-    RANDFILE=".mkcert.rnd"
-    (ps; date) >$RANDFILE
-fi
-export RANDFILE
-
-#   canonicalize parameters
-case "x$type" in
-    x ) type=test ;;
-esac
-case "x$algo" in
-    xRSA|xrsa ) 
-        algo=RSA
-        ;;
-    xDSA|xdsa ) 
-        algo=DSA 
-        ;;
-    x ) 
-        algo=choose
-        ;;
-    * ) echo "Unknown algorithm \'$algo' (use RSA or DSA!)" 1>&2
-        exit 1
-        ;;
-esac
-
-#   processing
-case $type in
-
-    dummy)
-        echo ""
-        echo "${T_MD}Generating self-signed Snake Oil certificate [DUMMY]${T_ME}"
-        echo "______________________________________________________________________"
-        echo ""
-        if [ ".$algo" = .choose ]; then
-            algo=RSA
-        fi
-        if [ ".$algo" = .RSA ]; then
-            cp $sslcrtdir/snakeoil-rsa.crt $sslcrtdir/server.crt
-            (umask 077; cp $sslkeydir/snakeoil-rsa.key $sslkeydir/server.key)
-        else
-            cp $sslcrtdir/snakeoil-dsa.crt $sslcrtdir/server.crt
-            (umask 077; cp $sslkeydir/snakeoil-dsa.key $sslkeydir/server.key)
-        fi
-        echo "${T_MD}RESULT: Server Certification Files${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/server.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file which you configure"
-        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
-        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/server.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file which you configure"
-        echo "   with the 'SSLCertificateFile' directive (automatically done"
-        echo "   when you install via APACI)."
-        echo ""
-        echo "WARNING: Do not use this for real-life/production systems"
-        echo ""
-        ;;
-
-    test)
-        echo ""
-        echo "${T_MD}Generating test certificate signed by Snake Oil CA [TEST]${T_ME}"
-        echo "WARNING: Do not use this for real-life/production systems"
-        if [ ".$algo" = .choose ]; then
-            echo "______________________________________________________________________"
-            echo ""
-            echo "${T_MD}STEP 0: Decide the signature algorithm used for certificate${T_ME}"
-            echo "The generated X.509 CA certificate can contain either"
-            echo "RSA or DSA based ingredients. Select the one you want to use."
-            def1=R def2=r def=RSA
-            prompt="Signature Algorithm ((R)SA or (D)SA) [$def1]:"
-            while [ 1 ]; do
-                echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-                read algo
-                if [ ".$algo" = ".$def1" -o ".$algo" = ".$def2" -o ".$algo" = . ]; then
-                    algo=$def
-                    break
-                elif [ ".$algo" = ".R" -o ".$algo" = ".r" ]; then
-                    algo=RSA
-                    break
-                elif [ ".$algo" = ".D" -o ".$algo" = ".d" ]; then
-                    algo=DSA
-                    break
-                else
-                    echo "mkcert.sh:Warning: Invalid selection" 1>&2
-                fi
-            done
-        fi
-        if [ ".$algo" = ".DSA" ]; then
-            echo ""
-            echo "${T_MD}WARNING!${T_ME} You're generating a DSA based certificate/key pair."
-            echo "         This implies that RSA based ciphers won't be available later,"
-            echo "         which for your web server currently still means that mostly all"
-            echo "         popular web browsers cannot connect to it. At least not until"
-            echo "         you also generate an additional RSA based certificate/key pair"
-            echo "         and configure them in parallel."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 1: Generating $algo private key (1024 bit) [server.key]${T_ME}"
-        if [ ".$algo" = .RSA ]; then
-            if [ ".$randfiles" != . ]; then
-                $openssl genrsa -rand $randfiles -out $sslkeydir/server.key 1024
-            else
-                $openssl genrsa -out $sslkeydir/server.key 1024
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate RSA private key" 1>&2
-                exit 1
-            fi
-        else
-            echo "Generating DSA private key via SnakeOil CA DSA parameters"
-            if [ ".$randfiles" != . ]; then
-                (umask 077
-                 $openssl gendsa -rand $randfiles \
-                                 -out $sslkeydir/server.key \
-                                 $sslprmdir/snakeoil-ca-dsa.prm)
-            else
-                (umask 077
-                 $openssl gendsa -out $sslkeydir/server.key \
-                                 $sslprmdir/snakeoil-ca-dsa.prm)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate DSA private key" 1>&2
-                exit 1
-            fi
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 2: Generating X.509 certificate signing request [server.csr]${T_ME}"
-        cat >.mkcert.cfg <<EOT
-[ req ]
-default_bits                    = 1024
-distinguished_name              = req_DN
-[ req_DN ]
-countryName                     = "1. Country Name             (2 letter code)"
-countryName_default             = XY
-countryName_min                 = 2
-countryName_max                 = 2
-stateOrProvinceName             = "2. State or Province Name   (full name)    "
-stateOrProvinceName_default     = Snake Desert
-localityName                    = "3. Locality Name            (eg, city)     "
-localityName_default            = Snake Town
-0.organizationName              = "4. Organization Name        (eg, company)  "
-0.organizationName_default      = Snake Oil, Ltd
-organizationalUnitName          = "5. Organizational Unit Name (eg, section)  "
-organizationalUnitName_default  = Webserver Team
-commonName                      = "6. Common Name              (eg, FQDN)     "
-commonName_max                  = 64
-commonName_default              = www.snakeoil.dom
-emailAddress                    = "7. Email Address            (eg, name@FQDN)"
-emailAddress_max                = 40
-emailAddress_default            = www@snakeoil.dom
-EOT
-        $openssl req -config .mkcert.cfg \
-                     -new \
-                     -key $sslkeydir/server.key \
-                     -out $sslcsrdir/server.csr
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to generate certificate signing request" 1>&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        prompt="8. Certificate Validity     (days)          [365]:"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-        read days
-        if [ ".$days" = . ]; then
-            days=365
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]${T_ME}"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=Certificate Version (1 or 3) [3]:"
-        read certversion
-        extfile=""
-        if [ ".$certversion" = .3 -o ".$certversion" = . ]; then
-            extfile="-extfile .mkcert.cfg"
-            cat >.mkcert.cfg <<EOT
-extensions = x509v3
-[ x509v3 ]
-subjectAltName   = email:copy
-nsComment        = "mod_ssl generated test server certificate"
-nsCertType       = server
-EOT
-        fi
-        if [ ! -f .mkcert.serial ]; then
-            echo '01' >.mkcert.serial
-        fi
-        if [ ".$algo" = .RSA ]; then
-            $openssl x509 $extfile \
-                          -days $days \
-                          -CAserial .mkcert.serial \
-                          -CA $sslcrtdir/snakeoil-ca-rsa.crt \
-                          -CAkey $sslkeydir/snakeoil-ca-rsa.key \
-                          -in $sslcsrdir/server.csr -req \
-                          -out $sslcrtdir/server.crt
-        else
-            $openssl x509 $extfile \
-                          -days $days \
-                          -CAserial .mkcert.serial \
-                          -CA $sslcrtdir/snakeoil-ca-dsa.crt \
-                          -CAkey $sslkeydir/snakeoil-ca-dsa.key \
-                          -in $sslcsrdir/server.csr -req \
-                          -out $sslcrtdir/server.crt
-        fi
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to generate X.509 certificate" 1>&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        echo "Verify: matching certificate & key modulus"
-        modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/server.crt | sed -e 's;.*Modulus=;;'`
-        if [ ".$algo" = .RSA ]; then
-            modkey=`$openssl rsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Modulus=;;'`
-        else
-            modkey=`$openssl dsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Key=;;'`
-        fi
-        if [ ".$modcrt" != ".$modkey" ]; then
-            echo "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "Verify: matching certificate signature"
-        if [ ".$algo" = .RSA ]; then
-            $openssl verify -CAfile $sslcrtdir/snakeoil-ca-rsa.crt $sslcrtdir/server.crt
-        else
-            $openssl verify -CAfile $sslcrtdir/snakeoil-ca-dsa.crt $sslcrtdir/server.crt
-        fi
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 4: Enrypting $algo private key with a pass phrase for security [server.key]${T_ME}"
-        echo "The contents of the server.key file (the generated private key) has to be"
-        echo "kept secret. So we strongly recommend you to encrypt the server.key file"
-        echo "with a Triple-DES cipher and a Pass Phrase."
-        while [ 1 ]; do
-            echo dummy | awk '{ printf("Encrypt the private key now? [Y/n]: "); }'
-            read rc
-            if [ ".$rc" = .n -o  ".$rc" = .N ]; then
-                rc="n"
-                break
-            fi
-            if [ ".$rc" = .y -o  ".$rc" = .Y -o ".$rc" = . ]; then
-                rc="y"
-                break
-            fi
-        done
-        if [ ".$rc" = .y ]; then
-            if [ ".$algo" = .RSA ]; then
-                (umask 077
-                 $openssl rsa -des3 \
-                              -in  $sslkeydir/server.key \
-                              -out $sslkeydir/server.key.crypt)
-            else
-                (umask 077
-                 $openssl dsa -des3 \
-                              -in  $sslkeydir/server.key \
-                              -out $sslkeydir/server.key.crypt)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to encrypt $algo private key" 1>&2
-                exit 1
-            fi
-            (umask 077; cp $sslkeydir/server.key.crypt $sslkeydir/server.key)
-            rm -f $sslkeydir/server.key.crypt
-            echo "Fine, you're using an encrypted $algo private key."
-        else
-            echo "Warning, you're using an unencrypted $algo private key."
-            echo "Please notice this fact and do this on your own risk."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}RESULT: Server Certification Files${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/server.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file which you configure"
-        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
-        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/server.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file which you configure"
-        echo "   with the 'SSLCertificateFile' directive (automatically done"
-        echo "   when you install via APACI)."
-        echo ""
-        echo "o  ${T_MD}conf/ssl.csr/server.csr${T_ME}"
-        echo "   The PEM-encoded X.509 certificate signing request file which" 
-        echo "   you can send to an official Certificate Authority (CA) in order"
-        echo "   to request a real server certificate (signed by this CA instead"
-        echo "   of our demonstration-only Snake Oil CA) which later can replace"
-        echo "   the conf/ssl.crt/server.crt file."
-        echo ""
-        echo "WARNING: Do not use this for real-life/production systems"
-        echo ""
-        ;;
-
-    custom)
-        echo ""
-        echo "${T_MD}Generating custom certificate signed by own CA [CUSTOM]${T_ME}"
-        if [ ".$algo" = .choose ]; then
-            echo "______________________________________________________________________"
-            echo ""
-            echo "${T_MD}STEP 0: Decide the signature algorithm used for certificates${T_ME}"
-            echo "The generated X.509 certificates can contain either"
-            echo "RSA or DSA based ingredients. Select the one you want to use."
-            def1=R def2=r def=RSA
-            prompt="Signature Algorithm ((R)SA or (D)SA) [$def1]:"
-            while [ 1 ]; do
-                echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-                read algo
-                if [ ".$algo" = ".$def1" -o ".$algo" = ".$def2" -o ".$algo" = . ]; then
-                    algo=$def
-                    break
-                elif [ ".$algo" = ".R" -o ".$algo" = ".r" ]; then
-                    algo=RSA
-                    break
-                elif [ ".$algo" = ".D" -o ".$algo" = ".d" ]; then
-                    algo=DSA
-                    break
-                else
-                    echo "mkcert.sh:Warning: Invalid selection" 1>&2
-                fi
-            done
-        fi
-        if [ ".$algo" = ".DSA" ]; then
-            echo ""
-            echo "${T_MD}WARNING!${T_ME} You're generating DSA based certificate/key pairs."
-            echo "         This implies that RSA based ciphers won't be available later,"
-            echo "         which for your web server currently still means that mostly all"
-            echo "         popular web browsers cannot connect to it. At least not until"
-            echo "         you also generate an additional RSA based certificate/key pair"
-            echo "         and configure them in parallel."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 1: Generating $algo private key for CA (1024 bit) [ca.key]${T_ME}"
-        if [ ".$algo" = .RSA ]; then
-            if [ ".$randfiles" != . ]; then
-                $openssl genrsa -rand $randfiles -out $sslkeydir/ca.key 1024
-            else
-                $openssl genrsa -out $sslkeydir/ca.key 1024
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate RSA private key" 1>&2
-                exit 1
-            fi
-        else
-            if [ ".$randfiles" != . ]; then
-                $openssl dsaparam -rand $randfiles -out $sslprmdir/ca.prm 1024
-                echo "Generating DSA private key:"
-                (umask 077
-                 $openssl gendsa -rand $randfiles -out $sslkeydir/ca.key $sslprmdir/ca.prm)
-            else
-                $openssl dsaparam -out $sslprmdir/ca.prm 1024
-                echo "Generating DSA private key:"
-                (umask 077
-                 $openssl gendsa -out $sslkeydir/ca.key $sslprmdir/ca.prm)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate DSA private key" 1>&2
-                exit 1
-            fi
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA [ca.csr]${T_ME}"
-        cat >.mkcert.cfg <<EOT
-[ req ]
-default_bits                    = 1024
-distinguished_name              = req_DN
-[ req_DN ]
-countryName                     = "1. Country Name             (2 letter code)"
-countryName_default             = XY
-countryName_min                 = 2
-countryName_max                 = 2
-stateOrProvinceName             = "2. State or Province Name   (full name)    "
-stateOrProvinceName_default     = Snake Desert
-localityName                    = "3. Locality Name            (eg, city)     "
-localityName_default            = Snake Town
-0.organizationName              = "4. Organization Name        (eg, company)  "
-0.organizationName_default      = Snake Oil, Ltd
-organizationalUnitName          = "5. Organizational Unit Name (eg, section)  "
-organizationalUnitName_default  = Certificate Authority
-commonName                      = "6. Common Name              (eg, CA name)  "
-commonName_max                  = 64
-commonName_default              = Snake Oil CA
-emailAddress                    = "7. Email Address            (eg, name@FQDN)"
-emailAddress_max                = 40
-emailAddress_default            = ca@snakeoil.dom
-EOT
-        $openssl req -config .mkcert.cfg \
-                     -new \
-                     -key $sslkeydir/ca.key \
-                     -out $sslcsrdir/ca.csr
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to generate certificate signing request" 1>&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        prompt="8. Certificate Validity     (days)          [365]:"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-        read days
-        if [ ".$days" = . ]; then
-            days=365
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]${T_ME}"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=Certificate Version (1 or 3) [3]:"
-        read certversion
-        extfile=""
-        if [ ".$certversion" = .3 -o ".$certversion" = . ]; then
-            extfile="-extfile .mkcert.cfg"
-            cat >.mkcert.cfg <<EOT
-extensions = x509v3
-[ x509v3 ]
-subjectAltName   = email:copy
-basicConstraints = CA:true,pathlen:0
-nsComment        = "mod_ssl generated custom CA certificate"
-nsCertType       = sslCA
-EOT
-        fi
-        $openssl x509 $extfile \
-                      -days $days \
-                      -signkey $sslkeydir/ca.key \
-                      -in      $sslcsrdir/ca.csr -req \
-                      -out     $sslcrtdir/ca.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to generate self-signed CA certificate" 1>&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        echo "Verify: matching certificate & key modulus"
-        modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/ca.crt | sed -e 's;.*Modulus=;;'`
-        if [ ".$algo" = .RSA ]; then
-            modkey=`$openssl rsa -noout -modulus -in $sslkeydir/ca.key | sed -e 's;.*Modulus=;;'`
-        else
-            modkey=`$openssl dsa -noout -modulus -in $sslkeydir/ca.key | sed -e 's;.*Key=;;'`
-        fi
-        if [ ".$modcrt" != ".$modkey" ]; then
-            echo "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "Verify: matching certificate signature"
-        $openssl verify $sslcrtdir/ca.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 4: Generating $algo private key for SERVER (1024 bit) [server.key]${T_ME}"
-        if [ ".$algo" = .RSA ]; then
-            if [ ".$randfiles" != . ]; then
-                $openssl genrsa -rand $randfiles -out $sslkeydir/server.key 1024
-            else
-                $openssl genrsa -out $sslkeydir/server.key 1024
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate RSA private key" 1>&2
-                exit 1
-            fi
-        else
-            if [ ".$randfiles" != . ]; then
-                (umask 077
-                 $openssl gendsa -rand $randfiles \
-                                 -out $sslkeydir/server.key $sslprmdir/ca.prm)
-            else
-                (umask 077
-                 $openssl gendsa -out $sslkeydir/server.key $sslprmdir/ca.prm)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate DSA private key" 1>&2
-                exit 1
-            fi
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]${T_ME}"
-        cat >.mkcert.cfg <<EOT
-[ req ]
-default_bits                    = 1024
-distinguished_name              = req_DN
-[ req_DN ]
-countryName                     = "1. Country Name             (2 letter code)"
-countryName_default             = XY
-countryName_min                 = 2
-countryName_max                 = 2
-stateOrProvinceName             = "2. State or Province Name   (full name)    "
-stateOrProvinceName_default     = Snake Desert
-localityName                    = "3. Locality Name            (eg, city)     "
-localityName_default            = Snake Town
-0.organizationName              = "4. Organization Name        (eg, company)  "
-0.organizationName_default      = Snake Oil, Ltd
-organizationalUnitName          = "5. Organizational Unit Name (eg, section)  "
-organizationalUnitName_default  = Webserver Team
-commonName                      = "6. Common Name              (eg, FQDN)     "
-commonName_max                  = 64
-commonName_default              = www.snakeoil.dom
-emailAddress                    = "7. Email Address            (eg, name@fqdn)"
-emailAddress_max                = 40
-emailAddress_default            = www@snakeoil.dom
-EOT
-        $openssl req -config .mkcert.cfg \
-                     -new \
-                     -key $sslkeydir/server.key \
-                     -out $sslcsrdir/server.csr
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to generate certificate signing request" 1>&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        prompt="8. Certificate Validity     (days)          [365]:"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-        read days
-        if [ ".$days" = . ]; then
-            days=365
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 6: Generating X.509 certificate signed by own CA [server.crt]${T_ME}"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=Certificate Version (1 or 3) [3]:"
-        read certversion
-        extfile=""
-        if [ ".$certversion" = .3 -o ".$certversion" = . ]; then
-            extfile="-extfile .mkcert.cfg"
-            cat >.mkcert.cfg <<EOT
-extensions = x509v3
-[ x509v3 ]
-subjectAltName   = email:copy
-nsComment        = "mod_ssl generated custom server certificate"
-nsCertType       = server
-EOT
-        fi
-        if [ ! -f .mkcert.serial ]; then
-            echo '01' >.mkcert.serial
-        fi
-        $openssl x509 $extfile \
-                      -days $days \
-                      -CAserial .mkcert.serial \
-                      -CA    $sslcrtdir/ca.crt \
-                      -CAkey $sslkeydir/ca.key \
-                      -in    $sslcsrdir/server.csr -req \
-                      -out   $sslcrtdir/server.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to generate X.509 certificate" 1>&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        echo "Verify: matching certificate & key modulus"
-        modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/server.crt | sed -e 's;.*Modulus=;;'`
-        if [ ".$algo" = .RSA ]; then
-            modkey=`$openssl rsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Modulus=;;'`
-        else
-            modkey=`$openssl dsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Key=;;'`
-        fi
-        if [ ".$modcrt" != ".$modkey" ]; then
-            echo "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "Verify: matching certificate signature"
-        $openssl verify -CAfile $sslcrtdir/ca.crt $sslcrtdir/server.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 7: Enrypting $algo private key of CA with a pass phrase for security [ca.key]${T_ME}"
-        echo "The contents of the ca.key file (the generated private key) has to be"
-        echo "kept secret. So we strongly recommend you to encrypt the server.key file"
-        echo "with a Triple-DES cipher and a Pass Phrase."
-        while [ 1 ]; do
-            echo dummy | awk '{ printf("Encrypt the private key now? [Y/n]: "); }'
-            read rc
-            if [ ".$rc" = .n -o  ".$rc" = .N ]; then
-                rc="n"
-                break
-            fi
-            if [ ".$rc" = .y -o  ".$rc" = .Y -o ".$rc" = . ]; then
-                rc="y"
-                break
-            fi
-        done
-        if [ ".$rc" = .y ]; then
-            if [ ".$algo" = .RSA ]; then
-                (umask 077
-                 $openssl rsa -des3 \
-                              -in  $sslkeydir/ca.key \
-                              -out $sslkeydir/ca.key.crypt)
-            else
-                (umask 077
-                 $openssl dsa -des3 \
-                              -in  $sslkeydir/ca.key \
-                              -out $sslkeydir/ca.key.crypt)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to encrypt $algo private key" 1>&2
-                exit 1
-            fi
-            (umask 077; cp $sslkeydir/ca.key.crypt $sslkeydir/ca.key)
-            rm -f $sslkeydir/ca.key.crypt
-            echo "Fine, you're using an encrypted private key."
-        else
-            echo "Warning, you're using an unencrypted private key."
-            echo "Please notice this fact and do this on your own risk."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 8: Enrypting $algo private key of SERVER with a pass phrase for security [server.key]${T_ME}"
-        echo "The contents of the server.key file (the generated private key) has to be"
-        echo "kept secret. So we strongly recommend you to encrypt the server.key file"
-        echo "with a Triple-DES cipher and a Pass Phrase."
-        while [ 1 ]; do
-            echo dummy | awk '{ printf("Encrypt the private key now? [Y/n]: "); }'
-            read rc
-            if [ ".$rc" = .n -o  ".$rc" = .N ]; then
-                rc="n"
-                break
-            fi
-            if [ ".$rc" = .y -o  ".$rc" = .Y -o ".$rc" = . ]; then
-                rc="y"
-                break
-            fi
-        done
-        if [ ".$rc" = .y ]; then
-            if [ ".$algo" = .RSA ]; then
-                (umask 077
-                 $openssl rsa -des3 \
-                              -in  $sslkeydir/server.key \
-                              -out $sslkeydir/server.key.crypt)
-            else
-                (umask 077
-                 $openssl dsa -des3 \
-                              -in  $sslkeydir/server.key \
-                              -out $sslkeydir/server.key.crypt)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to encrypt $algo private key" 1>&2
-                exit 1
-            fi
-            (umask 077; cp $sslkeydir/server.key.crypt $sslkeydir/server.key)
-            rm -f $sslkeydir/server.key.crypt
-            echo "Fine, you're using an encrypted $algo private key."
-        else
-            echo "Warning, you're using an unencrypted $algo private key."
-            echo "Please notice this fact and do this on your own risk."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}RESULT: CA and Server Certification Files${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/ca.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file of the CA which you can"
-        echo "   use to sign other servers or clients. ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/ca.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file of the CA which you use to"
-        echo "   sign other servers or clients. When you sign clients with it (for"
-        echo "   SSL client authentication) you can configure this file with the"
-        echo "   'SSLCACertificateFile' directive."
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/server.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file of the server which you configure"
-        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
-        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/server.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file of the server which you configure"
-        echo "   with the 'SSLCertificateFile' directive (automatically done"
-        echo "   when you install via APACI)."
-        echo ""
-        echo "o  ${T_MD}conf/ssl.csr/server.csr${T_ME}"
-        echo "   The PEM-encoded X.509 certificate signing request of the server file which" 
-        echo "   you can send to an official Certificate Authority (CA) in order"
-        echo "   to request a real server certificate (signed by this CA instead"
-        echo "   of our own CA) which later can replace the conf/ssl.crt/server.crt"
-        echo "   file."
-        echo ""
-        echo "Congratulations that you establish your server with real certificates."
-        echo ""
-        ;;
-
-    existing)
-        echo ""
-        echo "${T_MD}Using existing custom certificate [EXISTING]${T_ME}"
-        echo "______________________________________________________________________"
-        echo ""
-        if [ ".$crt" = . ]; then
-            echo "mkcert.sh: No certificate file given" 1>&2
-            exit 1
-        fi
-        if [ ! -f "$crt" ]; then
-            echo "mkcert.sh: Cannot find certificate file: $crt" 1>&2
-            exit 1
-        fi
-        if [ ".$key" != . ]; then
-            if [ ! -f "$key" ]; then
-                echo "mkcert.sh: Cannot find private key file: $key" 1>&2
-                exit 1
-            fi
-            cp $crt $sslcrtdir/server.crt
-            (umask 077; cp $key $sslkeydir/server.key)
-        else
-            key=$crt
-            umask 077
-            touch $sslkeydir/server.key
-            sed -e '/-----BEGIN CERTIFICATE/,/-----END CERTIFICATE/p' -e '/.*/d' \
-                <$crt >$sslcrtdir/server.crt
-            sed -e '/-----BEGIN ... PRIVATE KEY/,/-----END ... PRIVATE KEY/p' -e '/.*/d' \
-                <$key >$sslkeydir/server.key
-        fi
-        $openssl x509 -noout -in $sslcrtdir/server.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to check certificate contents: $crt" 1>&2
-            exit 1
-        fi
-        if [ ".`grep 'PRIVATE KEY' $sslkeydir/server.key | grep RSA`" != . ]; then
-            algo=RSA
-        else
-            algo=DSA
-        fi
-        echo "${T_MD}RESULT: Server Certification Files${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/server.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file which you configure"
-        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
-        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/server.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file which you configure"
-        echo "   with the 'SSLCertificateFile' directive (automatically done"
-        echo "   when you install via APACI)."
-        echo ""
-        echo "Congratulations that you establish your server with real certificates."
-        echo ""
-        ;;
-
-esac
-
-##EOF##
diff --git a/usr.sbin/httpd/src/support/phf_abuse_log.cgi b/usr.sbin/httpd/src/support/phf_abuse_log.cgi
deleted file mode 100644
index 9ce2749c571..00000000000
--- a/usr.sbin/httpd/src/support/phf_abuse_log.cgi
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/usr/local/bin/perl
-
-# This script can be used to detect people trying to abuse the security hole which
-# existed in A CGI script direstributed with Apache 1.0.3 and earlier versions.
-# You can redirect them to here using the "<Location /cgi-bin/phf*>" suggestion in
-# httpd.conf.  
-#
-# The format logged to is "[date] remote_addr remote_host [date] referrer user_agent".
-
-$LOG = "/var/log/phf_log";
-
-require "ctime.pl";
-$when = &ctime(time);
-$when =~ s/\n//go;
-$ENV{HTTP_USER_AGENT} .= " via $ENV{HTTP_VIA}" if($ENV{HTTP_VIA});
-
-open(LOG, ">>$LOG") || die "boo hoo, phf_log $!";
-print LOG "[$when] $ENV{REMOTE_ADDR} $ENV{REMOTE_HOST} $ENV{$HTTP_REFERER} $ENV{HTTP_USER_AGENT}\n";
-close(LOG);
-
-print "Content-type: text/html\r\n\r\n<BLINK>Smile, you're on Candid Camera.</BLINK>\n";
diff --git a/usr.sbin/httpd/src/support/rotatelogs.8 b/usr.sbin/httpd/src/support/rotatelogs.8
deleted file mode 100644
index 99531d5bedd..00000000000
--- a/usr.sbin/httpd/src/support/rotatelogs.8
+++ /dev/null
@@ -1,113 +0,0 @@
-.\"	$OpenBSD: rotatelogs.8,v 1.9 2007/05/31 19:20:24 jmc Exp $
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" <http://www.apache.org/>.
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: May 31 2007 $
-.Dt ROTATELOGS 8
-.Os
-.Sh NAME
-.Nm rotatelogs
-.Nd rotate Apache logs without having to kill the server
-.Sh SYNOPSIS
-.Nm rotatelogs
-.Ar logfile rotationtime Op Ar offset
-.Sh DESCRIPTION
-.Nm
-is a simple program for use in conjunction with
-.Xr httpd 8 Ns 's
-piped logfile feature which can be used like this:
-.Bd -literal -offset indent
-TransferLog "| rotatelogs /path/to/logs/access_log 86400"
-.Ed
-.Pp
-This creates the files
-.Pa /path/to/logs/access_log.nnnn
-where
-.Em nnnn
-is the system time at which the log nominally starts (this time will
-always be a multiple of the rotation time, so you can synchronize
-.Xr cron 8
-scripts with it).
-At the end of each rotation time (here, after 24 hours), a new log is
-started.
-.Pp
-The arguments are as follows:
-.Bl -tag -width rotationtime
-.It Ar logfile
-The path plus basename of the logfile.
-If
-.Ar logfile
-includes any percent characters
-.Pq Sq % ,
-it is treated as a format string for
-.Xr strftime 3 .
-Otherwise, the suffix
-.Em .nnnn
-is automatically added and is the time at which the logfile was created.
-.It Ar rotationtime
-The rotation time in seconds.
-.It Ar offset
-The number of minutes offset from UTC.
-If omitted, zero is assumed and UTC is used.
-For example, to use local time in the zone UTC \-5 hours, specify a
-value of \-300 for this argument.
-.El
-.Sh SEE ALSO
-.Xr strftime 3 ,
-.Xr cron 8 ,
-.Xr httpd 8 ,
-.Xr logresolve 8
diff --git a/usr.sbin/httpd/src/support/rotatelogs.c b/usr.sbin/httpd/src/support/rotatelogs.c
deleted file mode 100644
index 023f822aa7c..00000000000
--- a/usr.sbin/httpd/src/support/rotatelogs.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/*	$OpenBSD: rotatelogs.c,v 1.10 2008/10/06 20:50:18 mbalmer Exp $ */
-
-/*
- * Simple program to rotate Apache logs without having to kill the server.
- *
- * Contributed by Ben Laurie <ben@algroup.co.uk>
- *
- * 12 Mar 1996
- */
-
-#include <time.h>
-#include <errno.h>
-#include <fcntl.h>
-
-#include "ap_config.h"
-
-#define BUFSIZE        65536
-#define ERRMSGSZ       82
-#ifndef MAX_PATH
-#define MAX_PATH       1024
-#endif
-
-int
-main(int argc, char *argv[])
-{
-	char buf[BUFSIZE], buf2[MAX_PATH], errbuf[ERRMSGSZ];
-	time_t tLogEnd = 0, tRotation;
-	int nLogFD = -1, nLogFDprev = -1, nMessCount = 0, nRead, nWrite;
-	int utc_offset = 0;
-	int use_strftime = 0;
-	time_t now;
-	char *szLogRoot;
-
-	if (argc < 3) {
-		fprintf(stderr, "usage: %s logfile rotationtime [offset]\n\n",
-		    argv[0]);
-		fprintf(stderr, "Add this:\n\nTransferLog \"|%s /some/where "
-		    "86400\"\n\n", argv[0]);
-		fprintf(stderr,
-		    "to httpd.conf. The generated name will be /some/where.nnnn"
-		    " where nnnn is the\nsystem time at which the log nominally"
-		    " starts (N.B. this time will always be a\nmultiple of the "
-		    "rotation time, so you can synchronize cron scripts with "
-		    "it).\nAt the end of each rotation time a new log is "
-		    "started.\n");
-		exit(1);
-	}
-
-	szLogRoot = argv[1];
-	if (argc >= 4)
-		utc_offset = atoi(argv[3]) * 60;
-
-	tRotation = atoi(argv[2]);
-	if (tRotation <= 0) {
-		fprintf(stderr, "Rotation time must be > 0\n");
-		exit(6);
-	}
-
-	use_strftime = (strstr(szLogRoot, "%") != NULL);
-	for (;;) {
-		nRead = read(0, buf, sizeof buf);
-		now = time(NULL) + utc_offset;
-		if (nRead == 0)
-			exit(3);
-		if (nRead < 0)
-			if (errno != EINTR)
-				exit(4);
-		if (nLogFD >= 0 && (now >= tLogEnd || nRead < 0)) {
-			nLogFDprev = nLogFD;
-			nLogFD = -1;
-		}
-		if (nLogFD < 0) {
-			time_t tLogStart = (now / tRotation) * tRotation;
-			if (use_strftime) {
-				struct tm *tm_now;
-				tm_now = gmtime(&tLogStart);
-				strftime(buf2, sizeof(buf2), szLogRoot, tm_now);
-			} else
-				snprintf(buf2, sizeof(buf2), "%s.%010d",
-				    szLogRoot, (int)tLogStart);
-
-			tLogEnd = tLogStart + tRotation;
-			do {
-				nLogFD = open(buf2, O_WRONLY | O_CREAT |
-				    O_APPEND, 0666);
-				if (nLogFD < 0 && nLogFDprev == -1) {
-					fprintf(stderr, "rotatelogs: can't "
-					    "open %s for writing: %s\n", buf2,
-					    strerror(errno));
-					sleep(2);
-				}
-			} while (nLogFD < 0 && nLogFDprev == -1);
-			if (nLogFD < 0) {
-				/*
-				 * Uh-oh. Failed to open the new log file. Try
-				 * to clear the previous log file, note the
-				 * lost log entries, and keep on truckin'.
-				 */
-				nLogFD = nLogFDprev;
-				snprintf(errbuf, sizeof(errbuf),
-				    "Resetting log file due to error opening "
-				    "new log file. %10d messages lost.\n",
-				    nMessCount); 
-				nWrite = strlen(errbuf);
-				ftruncate(nLogFD, 0);
-				write(nLogFD, errbuf, nWrite);
-			} else
-				close(nLogFDprev);
-			nMessCount = 0;
-		}
-		do {
-			nWrite = write(nLogFD, buf, nRead);
-		} while (nWrite < 0 && errno == EINTR);
-		if (nWrite != nRead) {
-			nMessCount++;
-			snprintf(errbuf, sizeof(errbuf),
-			    "Error writing to log file. "
-			    "%10d messages lost.\n", nMessCount);
-			nWrite = strlen(errbuf);
-			ftruncate(nLogFD, 0);
-			write (nLogFD, errbuf, nWrite);
-		} else
-			nMessCount++; 
-	}
-
-	/* We never get here, but suppress the compile warning */
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/support/split-logfile b/usr.sbin/httpd/src/support/split-logfile
deleted file mode 100644
index 93b918e7f37..00000000000
--- a/usr.sbin/httpd/src/support/split-logfile
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/usr/local/bin/perl
-#
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-##
-
-#
-# This script will take a combined Web server access
-# log file and break its contents into separate files.
-# It assumes that the first field of each line is the
-# virtual host identity (put there by "%v"), and that
-# the logfiles should be named that+".log" in the current
-# directory.
-#
-# The combined log file is read from stdin. Records read
-# will be appended to any existing log files.
-#
-%is_open = ();
-
-while ($log_line = <STDIN>) {
-    #
-    # Get the first token from the log record; it's the
-    # identity of the virtual host to which the record
-    # applies.
-    #
-    ($vhost) = split (/\s/, $log_line);
-    #
-    # Normalize the virtual host name to all lowercase.
-    # If it's blank, the request was handled by the default
-    # server, so supply a default name.  This shouldn't
-    # happen, but caution rocks.
-    #
-    $vhost = lc ($vhost) or "access";
-    #
-    # if the vhost contains a "/" or "\", it is illegal so just use 
-    # the default log to avoid any security issues due if it is interprted
-    # as a directory separator.
-    if ($vhost =~ m#[/\\]#) { $vhost = "access" }
-    #
-    # If the log file for this virtual host isn't opened
-    # yet, do it now.
-    #
-    if (! $is_open{$vhost}) {
-        open $vhost, ">>${vhost}.log"
-            or die ("Can't open ${vhost}.log");
-        $is_open{$vhost} = 1;
-    }
-    #
-    # Strip off the first token (which may be null in the
-    # case of the default server), and write the edited
-    # record to the current log file.
-    #
-    $log_line =~ s/^\S*\s+//;
-    printf $vhost "%s", $log_line;
-}
-exit 0;
diff --git a/usr.sbin/httpd/src/support/suexec.8 b/usr.sbin/httpd/src/support/suexec.8
deleted file mode 100644
index 770ca9f05fe..00000000000
--- a/usr.sbin/httpd/src/support/suexec.8
+++ /dev/null
@@ -1,111 +0,0 @@
-.\"	$OpenBSD: suexec.8,v 1.14 2008/06/07 01:59:36 jdixon Exp $
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" <http://www.apache.org/>.
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: June 7 2008 $
-.Dt SUEXEC 8
-.Os
-.Sh NAME
-.Nm suexec
-.Nd switch user for Apache CGI execution
-.Sh SYNOPSIS
-.Nm suexec
-.Fl V
-.Sh DESCRIPTION
-.Nm
-is the
-.Dq wrapper
-support program for the
-.Em suexec
-behaviour for the Apache
-.Xr httpd 8
-server.
-It is run from within the server automatically to switch the user when
-an external program has to be run under a different user.
-.Pp
-The options are as follows:
-.Bl -tag -width indent
-.It Fl V
-Display the list of compile-time settings used when
-.Nm
-was built.
-No other action is taken.
-.El
-.Pp
-Because this program is only used internally by
-.Xr httpd 8 ,
-there are no other ways to directly invoke
-.Nm .
-.Pp
-In order to work correctly,
-the
-.Nm
-binary should be owned by
-.Dq root
-and have the SETUID execution bit set.
-.Ox
-currently does not install
-.Nm
-with the SETUID bit set,
-so a change of file mode is necessary to enable it:
-.Pp
-.Dl # chmod u+s /usr/sbin/suexec
-.Sh SEE ALSO
-.Xr httpd 8
-.Pp
-Apache suEXEC Support:
-.Pa /usr/share/doc/html/httpd/suexec.html
diff --git a/usr.sbin/httpd/src/support/suexec.c b/usr.sbin/httpd/src/support/suexec.c
deleted file mode 100644
index 63a7919f371..00000000000
--- a/usr.sbin/httpd/src/support/suexec.c
+++ /dev/null
@@ -1,576 +0,0 @@
-/*	$OpenBSD: suexec.c,v 1.13 2008/05/23 12:12:01 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * suexec.c -- "Wrapper" support program for suEXEC behaviour for Apache
- *
- ***********************************************************************
- *
- * NOTE! : DO NOT edit this code!!!  Unless you know what you are doing,
- *         editing this code might open up your system in unexpected 
- *         ways to would-be crackers.  Every precaution has been taken 
- *         to make this code as safe as possible; alter it at your own
- *         risk.
- *
- ***********************************************************************
- *
- *
- * Error messages in the suexec logfile are prefixed with severity values
- * similar to those used by the main server:
- *
- *  Sev     Meaning
- * emerg:  Failure of some basic system function
- * alert:  Bug in the way Apache is communicating with suexec
- * crit:   Basic information is missing, invalid, or incorrect
- * error:  Script permission/configuration error
- * warn:   
- * notice: Some issue of which the sysadmin/webmaster ought to be aware
- * info:   Normal activity message
- * debug:  Self-explanatory
- */
-
-#include "ap_config.h"
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <stdarg.h>
-
-#if defined(USE_SETUSERCONTEXT)
-#include <login_cap.h>
-#endif
-
-#include "suexec.h"
-
-#if defined(PATH_MAX)
-#define AP_MAXPATH PATH_MAX
-#elif defined(MAXPATHLEN)
-#define AP_MAXPATH MAXPATHLEN
-#else
-#define AP_MAXPATH 8192
-#endif
-
-#define AP_ENVBUF 256
-
-extern char **environ;
-static FILE *log = NULL;
-
-char *safe_env_lst[] =
-{
-	/* variable name starts with */
-	"HTTP_",
-#ifdef MOD_SSL
-	"HTTPS=",
-	"HTTPS_",
-	"SSL_",
-#endif
-
-	/* variable name is */
-	"AUTH_TYPE=",
-	"CONTENT_LENGTH=",
-	"CONTENT_TYPE=",
-	"DATE_GMT=",
-	"DATE_LOCAL=",
-	"DOCUMENT_NAME=",
-	"DOCUMENT_PATH_INFO=",
-	"DOCUMENT_ROOT=",
-	"DOCUMENT_URI=",
-	"FILEPATH_INFO=",
-	"GATEWAY_INTERFACE=",
-	"LAST_MODIFIED=",
-	"PATH_INFO=",
-	"PATH_TRANSLATED=",
-	"QUERY_STRING=",
-	"QUERY_STRING_UNESCAPED=",
-	"REMOTE_ADDR=",
-	"REMOTE_HOST=",
-	"REMOTE_IDENT=",
-	"REMOTE_PORT=",
-	"REMOTE_USER=",
-	"REDIRECT_QUERY_STRING=",
-	"REDIRECT_STATUS=",
-	"REDIRECT_URL=",
-	"REQUEST_METHOD=",
-	"REQUEST_URI=",
-	"SCRIPT_FILENAME=",
-	"SCRIPT_NAME=",
-	"SCRIPT_URI=",
-	"SCRIPT_URL=",
-	"SERVER_ADMIN=",
-	"SERVER_NAME=",
-	"SERVER_ADDR=",
-	"SERVER_PORT=",
-	"SERVER_PROTOCOL=",
-	"SERVER_SOFTWARE=",
-	"UNIQUE_ID=",
-	"USER_NAME=",
-	"TZ=",
-	NULL
-};
-
-
-static void
-err_output(const char *fmt, va_list ap)
-{
-#ifdef LOG_EXEC
-	time_t timevar;
-	struct tm *lt;
-
-	if (!log) {
-		if ((log = fopen(LOG_EXEC, "a")) == NULL) {
-			fprintf(stderr, "failed to open log file\n");
-			perror("fopen");
-			exit(1);
-		}
-	}
-
-	time(&timevar);
-	lt = localtime(&timevar);
-
-	fprintf(log, "[%d-%.2d-%.2d %.2d:%.2d:%.2d]: ",
-	lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday,
-	lt->tm_hour, lt->tm_min, lt->tm_sec);
-
-	vfprintf(log, fmt, ap);
-
-	fflush(log);
-#endif /* LOG_EXEC */
-	return;
-}
-
-static void
-log_err(const char *fmt,...)
-{
-#ifdef LOG_EXEC
-	va_list ap;
-
-	va_start(ap, fmt);
-	err_output(fmt, ap);
-	va_end(ap);
-#endif /* LOG_EXEC */
-	return;
-}
-
-static void
-clean_env(void)
-{
-	char pathbuf[512];
-	char **cleanenv;
-	char **ep;
-	int cidx = 0;
-	int idx;
-
-	/*
-	 *While cleaning the environment, the environment should be clean.
-	 * (e.g. malloc() may get the name of a file for writing debugging info.
-	 * Bad news if MALLOC_DEBUG_FILE is set to /etc/passwd.  Sprintf()
-	 * may be susceptible to bad locale settings....)
-	 * (from Apache 1.3 PR 2790)
-	 */
-	char **envp = environ;
-	char *empty_ptr = NULL;
-
-	environ = &empty_ptr; /* VERY safe environment */
-
-	if ((cleanenv = (char **)calloc(AP_ENVBUF, sizeof(char *))) == NULL) {
-		log_err("emerg: failed to malloc memory for environment\n");
-		exit(120);
-	}
-
-	snprintf(pathbuf, sizeof(pathbuf), "PATH=%s", SAFE_PATH);
-	cleanenv[cidx] = strdup(pathbuf);
-	cidx++;
-
-	for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
-		for (idx = 0; safe_env_lst[idx]; idx++) {
-			if (!strncmp(*ep, safe_env_lst[idx],
-			    strlen(safe_env_lst[idx]))) {
-				cleanenv[cidx] = *ep;
-				cidx++;
-				break;
-			}
-		}
-	}
-
-	cleanenv[cidx] = NULL;
-
-	environ = cleanenv;
-}
-
-int
-main(int argc, char *argv[])
-{
-	int userdir = 0;	/* ~userdir flag             */
-	uid_t uid;		/* user information          */
-	gid_t gid;		/* target group placeholder  */
-	char *target_uname;	/* target user name          */
-	char *target_gname;	/* target group name         */
-	char *target_homedir;	/* target home directory     */
-	char *actual_uname;	/* actual user name          */
-	char *actual_gname;	/* actual group name         */
-	char *prog;		/* name of this program      */
-	char *cmd;		/* command to be executed    */
-	char cwd[AP_MAXPATH];	/* current working directory */
-	char dwd[AP_MAXPATH];	/* docroot working directory */
-	struct passwd *pw;	/* password entry holder     */
-	struct group *gr;	/* group entry holder        */
-	struct stat dir_info;	/* directory info holder     */
-	struct stat prg_info;	/* program info holder       */
-
-	/* Start with a "clean" environment */
-	clean_env();
-
-	prog = argv[0];
-	/*
-	 * Check existence/validity of the UID of the user
-	 * running this program.  Error out if invalid.
-	 */
-	uid = getuid();
-	if ((pw = getpwuid(uid)) == NULL) {
-		log_err("crit: invalid uid: (%u)\n", uid);
-		exit(102);
-	}
-	/*
-	 * See if this is a 'how were you compiled' request, and
-	 * comply if so.
-	 */
-	if ((argc > 1) && (! strcmp(argv[1], "-V")) && ((uid == 0)
-	    || (! strcmp(HTTPD_USER, pw->pw_name)))) {
-#ifdef DOC_ROOT
-		fprintf(stderr, " -D DOC_ROOT=\"%s\"\n", DOC_ROOT);
-#endif
-#ifdef GID_MIN
-		fprintf(stderr, " -D GID_MIN=%d\n", GID_MIN);
-#endif
-#ifdef HTTPD_USER
-		fprintf(stderr, " -D HTTPD_USER=\"%s\"\n", HTTPD_USER);
-#endif
-#ifdef LOG_EXEC
-		fprintf(stderr, " -D LOG_EXEC=\"%s\"\n", LOG_EXEC);
-#endif
-#ifdef SAFE_PATH
-		fprintf(stderr, " -D SAFE_PATH=\"%s\"\n", SAFE_PATH);
-#endif
-#ifdef SUEXEC_UMASK
-		fprintf(stderr, " -D SUEXEC_UMASK=%03o\n", SUEXEC_UMASK);
-#endif
-#ifdef UID_MIN
-		fprintf(stderr, " -D UID_MIN=%d\n", UID_MIN);
-#endif
-#ifdef USERDIR_SUFFIX
-		fprintf(stderr, " -D USERDIR_SUFFIX=\"%s\"\n", USERDIR_SUFFIX);
-#endif
-		exit(0);
-	}
-	/*
-	 * If there are a proper number of arguments, set
-	 * all of them to variables.  Otherwise, error out.
-	 */
-	if (argc < 4) {
-		log_err("alert: too few arguments\n");
-		exit(101);
-	}
-	target_uname = argv[1];
-	target_gname = argv[2];
-	cmd = argv[3];
-
-	/*
-	 * Check to see if the user running this program
-	 * is the user allowed to do so as defined in
-	 * suexec.h.  If not the allowed user, error out.
-	 */
-	if (strcmp(HTTPD_USER, pw->pw_name)) {
-		log_err("crit: calling user mismatch (%s instead of %s)\n",
-		    pw->pw_name, HTTPD_USER);
-		exit(103);
-	}
-
-	/*
-	 * Check for a leading '/' (absolute path) in the command to be
-	 * executed, or attempts to back up out of the current directory,
-	 * to protect against attacks.  If any are
-	 * found, error out.  Naughty naughty crackers.
-	 */
-	if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3))
-	    || (strstr(cmd, "/../") != NULL)) {
-		log_err("error: invalid command (%s)\n", cmd);
-		exit(104);
-	}
-
-	/*
-	 * Check to see if this is a ~userdir request.  If
-	 * so, set the flag, and remove the '~' from the
-	 * target username.
-	 */
-	if (!strncmp("~", target_uname, 1)) {
-		target_uname++;
-		userdir = 1;
-	}
-
-	/* Error out if the target username is invalid.	*/
-	if ((pw = getpwnam(target_uname)) == NULL) {
-		log_err("crit: invalid target user name: (%s)\n", target_uname);
-		exit(105);
-	}
-
-	/* Error out if the target group name is invalid. */
-	if (strspn(target_gname, "1234567890") != strlen(target_gname)) {
-		if ((gr = getgrnam(target_gname)) == NULL) {
-			log_err("crit: invalid target group name: (%s)\n",
-			    target_gname);
-			exit(106);
-		}
-		gid = gr->gr_gid;
-		actual_gname = strdup(gr->gr_name);
-	} else {
-		gid = atoi(target_gname);
-		actual_gname = strdup(target_gname);
-	}
-
-
-	/* Save these for later since initgroups will hose the struct */
-	uid = pw->pw_uid;
-	actual_uname = strdup(pw->pw_name);
-	target_homedir = strdup(pw->pw_dir);
-
-	/*
-	 * Log the transaction here to be sure we have an open log 
-	 * before we setuid().
-	 */
-	log_err("info: (target/actual) uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
-	    target_uname, actual_uname,	target_gname, actual_gname, cmd);
-
-	/*
-	 * Error out if attempt is made to execute as root or as
-	 * a UID less than UID_MIN.  Tsk tsk.
-	 */
-	if ((uid == 0) || (uid < UID_MIN)) {
-		log_err("crit: cannot run as forbidden uid (%u/%s)\n", uid,
-		    cmd);
-		exit(107);
-	}
-
-	/*
-	 * Error out if attempt is made to execute as root group
-	 * or as a GID less than GID_MIN.  Tsk tsk.
-	 */
-	if ((gid == 0) || (gid < GID_MIN)) {
-		log_err("crit: cannot run as forbidden gid (%u/%s)\n", gid,
-		    cmd);
-		exit(108);
-	}
-
-#if defined(USE_SETUSERCONTEXT)
-	if (setusercontext(NULL, pw, uid,
-	    LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH)) != 0) {
-		log_err("emerg: failed to setusercontext (%u: %s)\n", uid, cmd);
-		exit(110);
-	}
-#else
-	/*
-	 * Change UID/GID here so that the following tests work over NFS.
-	 *
-	 * Initialize the group access list for the target user,
-	 * and setgid() to the target group. If unsuccessful, error out.
-	 */
-	if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) {
-		log_err("emerg: failed to setgid (%u: %s)\n", gid, cmd);
-		exit(109);
-	}
-
-	/* setuid() to the target user.  Error out on fail. */
-	if ((setuid(uid)) != 0) {
-		log_err("emerg: failed to setuid (%u: %s)\n", uid, cmd);
-		exit(110);
-	}
-#endif
-
-	/*
-	 * Get the current working directory, as well as the proper
-	 * document root (dependant upon whether or not it is a
-	 * ~userdir request).  Error out if we cannot get either one,
-	 * or if the current working directory is not in the docroot.
-	 * Use chdir()s and getcwd()s to avoid problems with symlinked
-	 * directories.  Yuck.
-	 */
-	if (getcwd(cwd, AP_MAXPATH) == NULL) {
-		log_err("emerg: cannot get current working directory\n");
-		exit(111);
-	}
-
-	if (userdir) {
-		if (((chdir(target_homedir)) != 0) ||
-		    ((chdir(USERDIR_SUFFIX)) != 0) ||
-		    ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
-		    ((chdir(cwd)) != 0)) {
-			log_err("emerg: cannot get docroot information (%s)\n",
-			    target_homedir);
-			exit(112);
-		}
-	} else {
-		if (((chdir(DOC_ROOT)) != 0) ||
-		    ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
-		    ((chdir(cwd)) != 0)) {
-			log_err("emerg: cannot get docroot information (%s)\n",
-			    DOC_ROOT);
-			exit(113);
-		}
-	}
-
-	if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
-		log_err("error: command not in docroot (%s/%s)\n", cwd, cmd);
-		exit(114);
-	}
-
-	/* Stat the cwd and verify it is a directory, or error out. */
-	if (((lstat(cwd, &dir_info)) != 0) || !(S_ISDIR(dir_info.st_mode))) {
-		log_err("error: cannot stat directory: (%s)\n", cwd);
-		exit(115);
-	}
-
-	/* Error out if cwd is writable by others. */
-	if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) {
-		log_err("error: directory is writable by others: (%s)\n", cwd);
-		exit(116);
-	}
-
-	/* Error out if we cannot stat the program. */
-	if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
-		log_err("error: cannot stat program: (%s)\n", cmd);
-		exit(117);
-	}
-
-	/* Error out if the program is writable by others. */
-	if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) {
-		log_err("error: file is writable by others: (%s/%s)\n", cwd,
-		    cmd);
-		exit(118);
-	}
-
-	/* Error out if the file is setuid or setgid. */
-	if ((prg_info.st_mode & S_ISUID) || (prg_info.st_mode & S_ISGID)) {
-		log_err("error: file is either setuid or setgid: (%s/%s)\n",
-		    cwd, cmd);
-		exit(119);
-	}
-
-	/*
-	 * Error out if the target name/group is different from
-	 * the name/group of the cwd or the program.
-	 */
-	if ((uid != dir_info.st_uid) ||
-	    (gid != dir_info.st_gid) ||
-	    (uid != prg_info.st_uid) ||
-	    (gid != prg_info.st_gid)) {
-		log_err("error: target uid/gid (%u/%u) mismatch "
-		    "with directory (%u/%u) or program (%u/%u)\n",
-		    uid, gid,
-		    dir_info.st_uid, dir_info.st_gid,
-		    prg_info.st_uid, prg_info.st_gid);
-		exit(120);
-	}
-	/*
-	 * Error out if the program is not executable for the user.
-	 * Otherwise, she won't find any error in the logs except for
-	 * "[error] Premature end of script headers: ..."
-	 */
-	if (!(prg_info.st_mode & S_IXUSR)) {
-		log_err("error: file has no execute permission: (%s/%s)\n",
-		    cwd, cmd);
-		exit(121);
-	}
-
-#ifdef SUEXEC_UMASK
-	/* umask() uses inverse logic; bits are CLEAR for allowed access. */
-	if ((~SUEXEC_UMASK) & 0022)
-		log_err("notice: SUEXEC_UMASK of %03o allows "
-		    "write permission to group and/or other\n", SUEXEC_UMASK);
-	umask(SUEXEC_UMASK);
-#endif /* SUEXEC_UMASK */
-
-	/* 
-	 * Be sure to close the log file so the CGI can't
-	 * mess with it.  If the exec fails, it will be reopened 
-	 * automatically when log_err is called.  Note that the log
-	 * might not actually be open if LOG_EXEC isn't defined.
-	 * However, the "log" cell isn't ifdef'd so let's be defensive
-	 * and assume someone might have done something with it
-	 * outside an ifdef'd LOG_EXEC block.
-	 */
-	if (log != NULL) {
-		fclose(log);
-		log = NULL;
-	}
-
-	/* Execute the command, replacing our image with its own. */
-	execv(cmd, &argv[3]);
-
-	/*
-	 * (I can't help myself...sorry.)
-	 *
-	 * Uh oh.  Still here.  Where's the kaboom?  There was supposed to be an
-	 * EARTH-shattering kaboom!
-	 *
-	 * Oh well, log the failure and error out.
-	 */
-	log_err("emerg: (%d)%s: exec failed (%s)\n", errno, strerror(errno),
-	    cmd);
-	exit(255);
-}
diff --git a/usr.sbin/httpd/src/support/suexec.h b/usr.sbin/httpd/src/support/suexec.h
deleted file mode 100644
index 8647309944d..00000000000
--- a/usr.sbin/httpd/src/support/suexec.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*	$OpenBSD: suexec.h,v 1.8 2008/05/23 12:12:01 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * suexec.h -- user-definable variables for the suexec wrapper code.
- *             (See README.configure on how to customize these variables.)
- */
-
-
-#ifndef _SUEXEC_H
-#define _SUEXEC_H
-
-/*
- * HTTPD_USER -- Define as the username under which Apache normally
- *               runs.  This is the only user allowed to execute
- *               this program.
- */
-#ifndef HTTPD_USER
-#define HTTPD_USER "www"
-#endif
-
-/*
- * UID_MIN -- Define this as the lowest UID allowed to be a target user
- *            for suEXEC.  For most systems, 500 or 100 is common.
- */
-#ifndef UID_MIN
-#define UID_MIN 100
-#endif
-
-/*
- * GID_MIN -- Define this as the lowest GID allowed to be a target group
- *            for suEXEC.  For most systems, 100 is common.
- */
-#ifndef GID_MIN
-#define GID_MIN 100
-#endif
-
-/*
- * USERDIR_SUFFIX -- Define to be the subdirectory under users' 
- *                   home directories where suEXEC access should
- *                   be allowed.  All executables under this directory
- *                   will be executable by suEXEC as the user so 
- *                   they should be "safe" programs.  If you are 
- *                   using a "simple" UserDir directive (ie. one 
- *                   without a "*" in it) this should be set to 
- *                   the same value.  suEXEC will not work properly
- *                   in cases where the UserDir directive points to 
- *                   a location that is not the same as the user's
- *                   home directory as referenced in the passwd file.
- *
- *                   If you have VirtualHosts with a different
- *                   UserDir for each, you will need to define them to
- *                   all reside in one parent directory; then name that
- *                   parent directory here.  IF THIS IS NOT DEFINED
- *                   PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
- *                   See the suEXEC documentation for more detailed
- *                   information.
- */
-#ifndef USERDIR_SUFFIX
-#define USERDIR_SUFFIX "public_html"
-#endif
-
-/*
- * LOG_EXEC -- Define this as a filename if you want all suEXEC
- *             transactions and errors logged for auditing and
- *             debugging purposes.
- */
-#ifndef LOG_EXEC
-#define LOG_EXEC "/usr/local/apache/logs/cgi.log"	/* Need me? */
-#endif
-
-/*
- * DOC_ROOT -- Define as the DocumentRoot set for Apache.  This
- *             will be the only hierarchy (aside from UserDirs)
- *             that can be used for suEXEC behavior.
- */
-#ifndef DOC_ROOT
-#define DOC_ROOT "/usr/local/apache/htdocs"
-#endif
-
-/*
- * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
- *
- */
-#ifndef SAFE_PATH
-#define SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
-#endif
-
-#endif /* _SUEXEC_H */
author	henning <henning@openbsd.org>	2014-04-22 14:47:23 +0000
committer	henning <henning@openbsd.org>	2014-04-22 14:47:23 +0000
commit	d98f7e048a396e24ae64ddd378bc54773464aaaa (patch)
tree	f51a6e7ca8ee49dc43679c82497118fddcd7dff3
parent	Finally remove KERBEROS5? from the Makefile infrastructure. (diff)
download	wireguard-openbsd-d98f7e048a396e24ae64ddd378bc54773464aaaa.tar.xz wireguard-openbsd-d98f7e048a396e24ae64ddd378bc54773464aaaa.zip